Windows 10: Onlinebanking und angebliche "Fehlüberweisung"

Librarios · 16.05.2016, 08:15

Guten Morgen,

leider haben wir uns nun einen vermeintlichen Trojaner eingefangen.
Wenn wir uns ins Onlinebanking einloggen, kommt der Hinweis auf eine vermeintliche Fehlüberweisung, die von und zurücküberwiesen werden soll

Nun habe ich schon rechechiert, scheinbar gibt es mehrere Trojaner, die soetwas verursachen...Wie kann ich denn diesen löschen? Scheint ja hartnäckig zu sein...
Habe bereits einen Scan mit Kaspersky gemacht, aber der findet nix

Vielen Dank für Hilfe!

Code:

ATTFilter

Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:14-05-2016
durchgeführt von VanessaundUwe (Administrator) auf ANUKET (16-05-2016 09:03:15)
Gestartet von C:\Users\VanessaundUwe\Downloads
Geladene Profile: UpdatusUser & VanessaundUwe (Verfügbare Profile: UpdatusUser & VanessaundUwe)
Platform: Windows 10 Home Version 1511 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: Edge)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\avp.exe
() C:\Windows\System32\FspService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\avpui.exe
(VideoLAN) C:\VLC\vlc.exe
(Spotify Ltd) C:\Users\VanessaundUwe\AppData\Roaming\Spotify\Spotify.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Spotify Ltd) C:\Users\VanessaundUwe\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe
(Spotify Ltd) C:\Users\VanessaundUwe\AppData\Roaming\Spotify\Spotify.exe
() C:\ProgramData\ampere-61\ampere-38.exe
(Spotify Ltd) C:\Users\VanessaundUwe\AppData\Roaming\Spotify\SpotifyCrashService.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Wistron) C:\Program Files (x86)\Launch Manager\HotkeyApp.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE
(Wistron Corp.) C:\Program Files (x86)\Launch Manager\OSD.exe
(Spotify Ltd) C:\Users\VanessaundUwe\AppData\Roaming\Spotify\Spotify.exe
(Wistron Corp.) C:\Program Files (x86)\Launch Manager\WButton.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Spotify Ltd) C:\Users\VanessaundUwe\AppData\Roaming\Spotify\Spotify.exe
(Wistron Corp.) C:\Program Files (x86)\Launch Manager\WisLMSvc.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE


==================== Registry (Nicht auf der Ausnahmeliste) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [fspuip] => C:\Program Files\FSP\fspuip.exe [6319440 2015-05-29] (Sentelic Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12681320 2011-08-26] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2277480 2011-08-16] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508240 2015-08-05] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HotkeyApp] => C:\Program Files (x86)\Launch Manager\HotkeyApp.exe [207400 2011-08-06] (Wistron)
HKLM-x32\...\Run: [LMgrVolOSD] => C:\Program Files (x86)\Launch Manager\OSD.exe [348960 2011-08-06] (Wistron Corp.)
HKLM-x32\...\Run: [Wbutton] => C:\Program Files (x86)\Launch Manager\Wbutton.exe [447016 2011-08-13] (Wistron Corp.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [TrojanScanner] => C:\Program Files (x86)\Trojan Remover\Trjscan.exe [3753016 2016-05-12] (Simply Super Software)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2663113073-2047370837-3390539344-1000\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-2663113073-2047370837-3390539344-1000\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [517632 2015-10-30] (Microsoft Corporation)
HKU\S-1-5-21-2663113073-2047370837-3390539344-1001\...\Run: [Spotify Web Helper] => C:\Users\VanessaundUwe\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1525360 2016-04-27] (Spotify Ltd)
HKU\S-1-5-21-2663113073-2047370837-3390539344-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8698584 2016-04-15] (Piriform Ltd)
HKU\S-1-5-21-2663113073-2047370837-3390539344-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4471536 2015-05-21] (Disc Soft Ltd)
HKU\S-1-5-21-2663113073-2047370837-3390539344-1001\...\Run: [Spotify] => C:\Users\VanessaundUwe\AppData\Roaming\Spotify\Spotify.exe [6890608 2016-04-27] (Spotify Ltd)
HKU\S-1-5-21-2663113073-2047370837-3390539344-1001\...\Run: [HP OfficeJet 3830 series (NET)] => C:\Program Files\HP\HP OfficeJet 3830 series\Bin\ScanToPCActivationApp.exe [3651080 2015-03-09] (Hewlett-Packard Development Company, LP)
HKU\S-1-5-21-2663113073-2047370837-3390539344-1001\...\Run: [ampere-1] => C:\ProgramData\ampere-61\ampere-38.exe [695952 2016-05-16] ()
HKU\S-1-5-21-2663113073-2047370837-3390539344-1001\...\RunOnce: [Uninstall C:\Users\VanessaundUwe\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\VanessaundUwe\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64"
HKU\S-1-5-21-2663113073-2047370837-3390539344-1001\...\RunOnce: [Uninstall C:\Users\VanessaundUwe\AppData\Local\Microsoft\OneDrive\17.3.5892.0626] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\VanessaundUwe\AppData\Local\Microsoft\OneDrive\17.3.5892.0626"
HKU\S-1-5-21-2663113073-2047370837-3390539344-1001\...\RunOnce: [Uninstall C:\Users\VanessaundUwe\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\VanessaundUwe\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64"
HKU\S-1-5-21-2663113073-2047370837-3390539344-1001\...\RunOnce: [Uninstall C:\Users\VanessaundUwe\AppData\Local\Microsoft\OneDrive\17.3.6281.1202] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\VanessaundUwe\AppData\Local\Microsoft\OneDrive\17.3.6281.1202"
HKU\S-1-5-21-2663113073-2047370837-3390539344-1001\...\RunOnce: [Uninstall C:\Users\VanessaundUwe\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\VanessaundUwe\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64"
HKU\S-1-5-21-2663113073-2047370837-3390539344-1001\...\RunOnce: [Uninstall C:\Users\VanessaundUwe\AppData\Local\Microsoft\OneDrive\17.3.6301.0127] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\VanessaundUwe\AppData\Local\Microsoft\OneDrive\17.3.6301.0127"
HKU\S-1-5-21-2663113073-2047370837-3390539344-1001\...\Winlogon: [Shell] C:\ProgramData\tdmop-52\tdmop-5.exe -0,explorer.exe <==== ACHTUNG
HKU\S-1-5-21-2663113073-2047370837-3390539344-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [31744 2015-10-30] (Microsoft Corporation)
AppInit_DLLs: C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [176904 2015-07-23] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [155280 2015-07-23] (NVIDIA Corporation)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-04-25] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-04-25] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-04-25] (Google)
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} =>  Keine Datei
Startup: C:\Users\VanessaundUwe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk [2016-05-04]
ShortcutTarget: An OneNote senden.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\VanessaundUwe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\melting-05.lnk [2016-05-15]
ShortcutTarget: melting-05.lnk -> C:\Users\VanessaundUwe\AppData\Roaming\melting-28\melting-57.exe (SkinSharp Inc.)

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Hosts: Es ist mehr als ein Eintrag in der Hosts Datei zu finden. Siehe Hosts-Bereich in Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{8f5df9ee-db20-4d5f-824a-44184399e846}: [DhcpNameServer] 192.168.178.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.avira.net/#web/result?source=art&q=
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.avira.net/#web/result?source=art&q=
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.avira.net/#web/result?source=art&q=
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.avira.net/#web/result?source=art&q=
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://search.avira.net/#web/result?source=art&q=
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://search.avira.net/#web/result?source=art&q=
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://search.avira.net/#web/result?source=art&q=
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://search.avira.net/#web/result?source=art&q=
HKU\S-1-5-21-2663113073-2047370837-3390539344-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/
HKU\S-1-5-21-2663113073-2047370837-3390539344-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.avira.net/#web/result?source=art&q=
HKU\S-1-5-21-2663113073-2047370837-3390539344-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://search.avira.net/#web/result?source=art&q=
HKU\S-1-5-21-2663113073-2047370837-3390539344-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://search.avira.net/#web/result?source=art&q=
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope Wert fehlt
SearchScopes: HKU\S-1-5-21-2663113073-2047370837-3390539344-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2015-10-06] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\URLREDIR.DLL [2015-10-06] (Microsoft Corporation)
BHO: Kaspersky Protection plugin -> {C66D064F-82FE-4E1A-B06A-B2490BA48B18} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\x64\IEExt\ie_plugin.dll [2015-12-08] (AO Kaspersky Lab)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2015-10-06] (Microsoft Corporation)
BHO: Kein Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> Keine Datei
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2015-10-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-23] (Oracle Corporation)
BHO-x32: Kaspersky Protection plugin -> {C66D064F-82FE-4E1A-B06A-B2490BA48B18} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\IEExt\ie_plugin.dll [2015-12-08] (AO Kaspersky Lab)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2015-10-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-23] (Oracle Corporation)
Toolbar: HKLM - Kaspersky Protection toolbar - {3507FA00-ADA2-4A02-99B9-51AD26CA9120} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\x64\IEExt\ie_plugin.dll [2015-12-08] (AO Kaspersky Lab)
Toolbar: HKLM-x32 - Kaspersky Protection toolbar - {3507FA00-ADA2-4A02-99B9-51AD26CA9120} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\IEExt\ie_plugin.dll [2015-12-08] (AO Kaspersky Lab)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2015-10-06] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2015-10-06] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2015-10-06] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2015-10-06] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\VanessaundUwe\AppData\Roaming\Mozilla\Firefox\Profiles\1llto6n5.default-1405673245214
FF Homepage: hxxp://www.google.de
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_21_0_0_242.dll [2016-05-12] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-08-06] (Adobe Systems)
FF Plugin: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll [2013-12-03] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_242.dll [2016-05-12] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-23] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-23] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-10-06] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2015-10-06] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-14] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-14] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2011-10-17] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2011-10-17] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.1 -> C:\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-05-03] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-08-06] (Adobe Systems)
FF Plugin-x32: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll [2013-12-03] (Adobe Systems)
FF Plugin HKU\S-1-5-21-2663113073-2047370837-3390539344-1001: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [Keine Datei]
FF Extension: Ebay Toolbar - C:\Users\VanessaundUwe\AppData\Roaming\Mozilla\Firefox\Profiles\1llto6n5.default-1405673245214\extensions\FFEbayShoppingToolbar@wangtom.com [2015-07-22]
FF Extension: Kaspersky Protection - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\FFExt\light_plugin_firefox [2016-04-28]
FF Extension: Avira Browser Safety - C:\Users\VanessaundUwe\AppData\Roaming\Mozilla\Firefox\Profiles\1llto6n5.default-1405673245214\Extensions\abs@avira.com [2016-05-13]
FF Extension: ADB Helper - C:\Users\VanessaundUwe\AppData\Roaming\Mozilla\Firefox\Profiles\1llto6n5.default-1405673245214\Extensions\adbhelper@mozilla.org [2016-02-06]
FF Extension: Pin It button - C:\Users\VanessaundUwe\AppData\Roaming\Mozilla\Firefox\Profiles\1llto6n5.default-1405673245214\Extensions\jid1-YcMV6ngYmQRA2w@jetpack.xpi [2016-01-07]
FF Extension: OmniSidebar - C:\Users\VanessaundUwe\AppData\Roaming\Mozilla\Firefox\Profiles\1llto6n5.default-1405673245214\Extensions\osb@quicksaver.xpi [2016-03-01]
FF Extension: Avira SafeSearch - C:\Users\VanessaundUwe\AppData\Roaming\Mozilla\Firefox\Profiles\1llto6n5.default-1405673245214\Extensions\safesearch@avira.com.xpi [2016-02-25]
FF Extension: eBay for Firefox - C:\Users\VanessaundUwe\AppData\Roaming\Mozilla\Firefox\Profiles\1llto6n5.default-1405673245214\Extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}.xpi [2016-05-03]
FF Extension: ColorZilla - C:\Users\VanessaundUwe\AppData\Roaming\Mozilla\Firefox\Profiles\1llto6n5.default-1405673245214\Extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326} [2015-09-05]
FF Extension: Video DownloadHelper - C:\Users\VanessaundUwe\AppData\Roaming\Mozilla\Firefox\Profiles\1llto6n5.default-1405673245214\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2016-05-09]
FF Extension: web_clipper - C:\Users\VanessaundUwe\AppData\Roaming\Mozilla\Firefox\Profiles\1llto6n5.default-1405673245214\Extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}.xpi [2016-04-27]
FF HKLM-x32\...\Firefox\Extensions: [light_plugin_D772DC8D6FAF43A29B25C4EBAA5AD1DE@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\FFExt\light_plugin_firefox

Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [eahebamiopdhefndnmappcihfajigkka] - hxxps://chrome.google.com/webstore/detail/eahebamiopdhefndnmappcihfajigkka
CHR HKLM-x32\...\Chrome\Extension: [eahebamiopdhefndnmappcihfajigkka] - hxxps://chrome.google.com/webstore/detail/eahebamiopdhefndnmappcihfajigkka

==================== Dienste (Nicht auf der Ausnahmeliste) ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2021592 2016-04-05] (Adobe Systems, Incorporated)
R2 AVP16.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\avp.exe [194000 2015-12-08] (Kaspersky Lab ZAO)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2776664 2015-08-16] (Microsoft Corporation)
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1272560 2015-05-21] (Disc Soft Ltd)
R2 FspSvc; C:\Windows\System32\FspService.exe [2178896 2015-05-29] ()
R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [754784 2016-01-08] (DEVGURU Co., LTD.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [Datei ist nicht signiert]
S3 vssbrigde64; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\x64\vssbridge64.exe [144640 2015-07-09] (AO Kaspersky Lab)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
R3 WisLMSvc; C:\Program Files (x86)\Launch Manager\WisLMSvc.exe [118560 2011-08-06] (Wistron Corp.)

===================== Treiber (Nicht auf der Ausnahmeliste) ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S3 btmaux; C:\Windows\System32\DRIVERS\btmaux.sys [51712 2011-03-08] (Intel Corporation) [Datei ist nicht signiert]
S3 btmhsf; C:\Windows\System32\DRIVERS\btmhsf.sys [274944 2011-03-08] (Intel Corporation) [Datei ist nicht signiert]
R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [389816 2015-07-06] (Kaspersky Lab ZAO)
R3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30264 2015-05-30] (Disc Soft Ltd)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2016-05-11] ()
R3 fspad_win764; C:\Windows\system32\DRIVERS\fspad_win764.sys [209232 2015-05-29] (Sentelic Corporation)
S3 iBtFltCoex; C:\Windows\System32\DRIVERS\iBtFltCoex.sys [59904 2011-03-23] (Intel Corporation) [Datei ist nicht signiert]
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [478392 2015-06-22] (Kaspersky Lab ZAO)
R0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [53432 2015-06-06] (Kaspersky Lab ZAO)
R1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [70512 2015-06-27] (Kaspersky Lab ZAO)
R2 kldisk; C:\Windows\system32\DRIVERS\kldisk.sys [77728 2016-04-28] (AO Kaspersky Lab)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [30328 2015-06-24] (Kaspersky Lab)
R3 klflt; C:\Windows\system32\DRIVERS\klflt.sys [181640 2015-12-08] (AO Kaspersky Lab)
R1 klhk; C:\Windows\system32\DRIVERS\klhk.sys [227512 2015-12-08] (AO Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [927640 2016-04-28] (AO Kaspersky Lab)
R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [39608 2015-06-11] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [41656 2015-06-06] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [41656 2015-06-07] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [41352 2015-12-08] (AO Kaspersky Lab)
R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [87944 2015-12-08] (Kaspersky Lab ZAO)
R1 Klwtp; C:\Windows\system32\DRIVERS\klwtp.sys [102584 2015-06-16] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [187056 2015-06-23] (Kaspersky Lab ZAO)
R3 ptun0901; C:\Windows\System32\drivers\ptun0901.sys [27136 2014-08-08] (The OpenVPN Project)
R3 RTSUER; C:\Windows\system32\Drivers\RtsUer.sys [402960 2015-05-14] (Realsil Semiconductor Corporation)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-06-21] (Anchorfree Inc.)
S3 tapoas; C:\Windows\System32\DRIVERS\tapoas.sys [30720 2012-07-15] (The OpenVPN Project)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
R2 WiseFS; C:\Windows\WiseFs64.sys [12328 2014-12-19] (WiseCleaner.com) [Datei ist nicht signiert]
U3 idsvc; kein ImagePath
U4 klkbdflt2; \SystemRoot\system32\DRIVERS\klkbdflt2.sys [X]
U3 wpcsvc; kein ImagePath

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-05-16 09:03 - 2016-05-16 09:04 - 00027325 _____ C:\Users\VanessaundUwe\Downloads\FRST.txt
2016-05-16 09:01 - 2016-05-16 09:02 - 02382336 _____ (Farbar) C:\Users\VanessaundUwe\Downloads\FRST64.exe
2016-05-16 08:19 - 2016-05-16 08:19 - 00000000 ____D C:\ProgramData\ampere-61
2016-05-15 21:37 - 2016-05-15 21:37 - 00000000 ____D C:\Users\VanessaundUwe\AppData\Roaming\melting-28
2016-05-15 21:34 - 2016-05-15 21:34 - 00000000 ____D C:\ProgramData\tdmop-52
2016-05-15 20:24 - 2016-05-15 20:24 - 00000000 ____D C:\Users\VanessaundUwe\AppData\Roaming\jitter-73
2016-05-14 21:27 - 2016-05-15 20:25 - 00000000 ____D C:\Users\VanessaundUwe\AppData\Roaming\tempco-19
2016-05-14 10:37 - 2016-05-14 10:37 - 00000000 ___HD C:\OneDriveTemp
2016-05-12 09:38 - 2016-05-12 09:38 - 00005012 _____ C:\Users\VanessaundUwe\Documents\cc_20160512_093824.reg
2016-05-12 08:52 - 2016-05-12 08:52 - 00003008 _____ C:\EsgInstallerResumeAction
2016-05-12 08:25 - 2016-05-12 08:27 - 00000000 ____D C:\Program Files (x86)\Trojan Remover
2016-05-12 08:25 - 2016-05-12 08:25 - 00001216 _____ C:\Users\Public\Desktop\Trojan Remover.lnk
2016-05-12 08:25 - 2016-05-12 08:25 - 00000000 ____D C:\Users\VanessaundUwe\Documents\Simply Super Software
2016-05-12 08:25 - 2016-05-12 08:25 - 00000000 ____D C:\Users\VanessaundUwe\AppData\Roaming\Simply Super Software
2016-05-12 08:25 - 2016-05-12 08:25 - 00000000 ____D C:\ProgramData\Simply Super Software
2016-05-12 08:25 - 2016-05-12 08:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover
2016-05-12 07:58 - 2016-05-12 08:28 - 00000000 ____D C:\ProgramData\lvecl-80
2016-05-11 17:37 - 2016-05-11 17:37 - 00000000 ____D C:\Users\VanessaundUwe\AppData\Roaming\Enigma Software Group
2016-05-11 17:37 - 2016-05-11 17:37 - 00000000 _____ C:\autoexec.bat
2016-05-11 17:36 - 2016-05-12 08:53 - 00000000 ____D C:\Program Files\Enigma Software Group
2016-05-11 17:36 - 2016-05-11 17:36 - 00022704 _____ C:\WINDOWS\system32\Drivers\EsgScanner.sys
2016-05-11 17:36 - 2016-05-11 17:36 - 00000000 ____D C:\sh4ldr
2016-05-11 13:10 - 2016-04-23 06:28 - 16984576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-05-11 13:10 - 2016-04-23 06:26 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosStorage.dll
2016-05-11 13:10 - 2016-04-23 06:25 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll
2016-05-11 13:10 - 2016-04-23 06:22 - 00460800 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2016-05-11 13:10 - 2016-04-23 06:19 - 01056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2016-05-11 13:10 - 2016-04-23 06:19 - 00853504 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2016-05-11 13:10 - 2016-04-23 06:18 - 00349696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2016-05-11 13:10 - 2016-04-23 06:16 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2016-05-11 13:10 - 2016-04-23 06:13 - 07200256 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2016-05-11 13:10 - 2016-04-23 06:07 - 05205504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2016-05-11 13:09 - 2016-04-23 07:09 - 22561256 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-05-11 13:09 - 2016-04-23 07:09 - 21123320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-05-11 13:09 - 2016-04-23 07:08 - 06605504 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2016-05-11 13:09 - 2016-04-23 06:31 - 13018112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-05-11 13:09 - 2016-04-23 06:30 - 22379008 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-05-11 13:09 - 2016-04-23 06:23 - 11545088 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-05-11 13:09 - 2016-04-23 06:22 - 09918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-05-11 13:09 - 2016-04-23 06:20 - 19344384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-05-11 13:09 - 2016-04-23 06:20 - 18676224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-05-11 13:09 - 2016-04-23 06:19 - 07977472 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2016-05-11 13:09 - 2016-04-23 06:19 - 00970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2016-05-11 13:09 - 2016-04-23 06:19 - 00440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
2016-05-11 13:09 - 2016-04-23 06:18 - 24604672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-05-11 13:09 - 2016-04-23 06:18 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2016-05-11 13:09 - 2016-04-23 06:18 - 00939520 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2016-05-11 13:09 - 2016-04-23 06:18 - 00870400 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2016-05-11 13:09 - 2016-04-23 06:15 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2016-05-11 13:09 - 2016-04-23 06:15 - 00784896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
2016-05-11 13:09 - 2016-04-23 06:15 - 00348672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll
2016-05-11 13:09 - 2016-04-23 06:14 - 13383168 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-05-11 13:09 - 2016-04-23 06:14 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2016-05-11 13:09 - 2016-04-23 06:13 - 06295552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2016-05-11 13:09 - 2016-04-23 06:06 - 06974464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-05-11 13:09 - 2016-04-23 06:02 - 07832576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-05-11 13:08 - 2016-04-30 08:42 - 01387520 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-05-11 13:08 - 2016-04-30 08:31 - 03591168 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-05-11 13:08 - 2016-04-23 08:12 - 01401024 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-05-11 13:08 - 2016-04-23 08:12 - 01184960 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-05-11 13:08 - 2016-04-23 08:12 - 00713920 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2016-05-11 13:08 - 2016-04-23 08:12 - 00514752 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-05-11 13:08 - 2016-04-23 08:12 - 00294592 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-05-11 13:08 - 2016-04-23 08:12 - 00190144 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2016-05-11 13:08 - 2016-04-23 08:12 - 00046784 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2016-05-11 13:08 - 2016-04-23 07:28 - 01557768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2016-05-11 13:08 - 2016-04-23 07:28 - 01542816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2016-05-11 13:08 - 2016-04-23 07:24 - 07474528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-05-11 13:08 - 2016-04-23 07:24 - 01997328 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2016-05-11 13:08 - 2016-04-23 07:24 - 01819208 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-05-11 13:08 - 2016-04-23 07:24 - 00754664 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2016-05-11 13:08 - 2016-04-23 07:12 - 00925064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2016-05-11 13:08 - 2016-04-23 07:12 - 00451928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll
2016-05-11 13:08 - 2016-04-23 07:12 - 00413536 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifitask.exe
2016-05-11 13:08 - 2016-04-23 07:11 - 01092464 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2016-05-11 13:08 - 2016-04-23 07:11 - 00498960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2016-05-11 13:08 - 2016-04-23 07:10 - 03673424 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-05-11 13:08 - 2016-04-23 07:10 - 02919832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-05-11 13:08 - 2016-04-23 07:09 - 05240960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2016-05-11 13:08 - 2016-04-23 07:09 - 04074160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2016-05-11 13:08 - 2016-04-23 07:09 - 00303216 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe
2016-05-11 13:08 - 2016-04-23 07:09 - 00255168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe
2016-05-11 13:08 - 2016-04-23 07:08 - 04515256 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2016-05-11 13:08 - 2016-04-23 07:01 - 01996640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-05-11 13:08 - 2016-04-23 07:01 - 00650304 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2016-05-11 13:08 - 2016-04-23 07:01 - 00577368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-05-11 13:08 - 2016-04-23 07:01 - 00522176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2016-05-11 13:08 - 2016-04-23 07:00 - 01372304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2016-05-11 13:08 - 2016-04-23 06:39 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsCSP.dll
2016-05-11 13:08 - 2016-04-23 06:32 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapsupdatetask.dll
2016-05-11 13:08 - 2016-04-23 06:31 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll
2016-05-11 13:08 - 2016-04-23 06:30 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2016-05-11 13:08 - 2016-04-23 06:29 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll
2016-05-11 13:08 - 2016-04-23 06:26 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2016-05-11 13:08 - 2016-04-23 06:24 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2016-05-11 13:08 - 2016-04-23 06:21 - 00314880 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
2016-05-11 13:08 - 2016-04-23 06:20 - 00606720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2016-05-11 13:08 - 2016-04-23 06:18 - 00804352 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2016-05-11 13:08 - 2016-04-23 06:18 - 00605184 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2016-05-11 13:08 - 2016-04-23 06:18 - 00585728 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2016-05-11 13:08 - 2016-04-23 06:18 - 00471552 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2016-05-11 13:08 - 2016-04-23 06:17 - 01213440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2016-05-11 13:08 - 2016-04-23 06:17 - 00529920 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2016-05-11 13:08 - 2016-04-23 06:16 - 01319424 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2016-05-11 13:08 - 2016-04-23 06:16 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2016-05-11 13:08 - 2016-04-23 06:15 - 01073152 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2016-05-11 13:08 - 2016-04-23 06:15 - 00865792 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2016-05-11 13:08 - 2016-04-23 06:15 - 00673280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2016-05-11 13:08 - 2016-04-23 06:14 - 00870912 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2016-05-11 13:08 - 2016-04-23 06:14 - 00821760 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2016-05-11 13:08 - 2016-04-23 06:14 - 00647680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2016-05-11 13:08 - 2016-04-23 06:14 - 00354304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
2016-05-11 13:08 - 2016-04-23 06:13 - 00705536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2016-05-11 13:08 - 2016-04-23 06:13 - 00489984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2016-05-11 13:08 - 2016-04-23 06:13 - 00434688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2016-05-11 13:08 - 2016-04-23 06:10 - 12125696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-05-11 13:08 - 2016-04-23 06:10 - 00639488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2016-05-11 13:08 - 2016-04-23 06:09 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-05-11 13:08 - 2016-04-23 06:09 - 02582016 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2016-05-11 13:08 - 2016-04-23 06:08 - 05324288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2016-05-11 13:08 - 2016-04-23 06:08 - 02061824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2016-05-11 13:08 - 2016-04-23 06:07 - 02598912 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2016-05-11 13:08 - 2016-04-23 06:07 - 01500160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-05-11 13:08 - 2016-04-23 06:05 - 05502976 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2016-05-11 13:08 - 2016-04-23 06:05 - 02166784 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-05-11 13:08 - 2016-04-23 06:05 - 02066432 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2016-05-11 13:08 - 2016-04-23 06:05 - 01946112 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2016-05-11 13:08 - 2016-04-23 06:05 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2016-05-11 13:08 - 2016-04-23 06:05 - 00613376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
2016-05-11 13:08 - 2016-04-23 06:04 - 04759040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2016-05-11 13:08 - 2016-04-23 06:04 - 01731072 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-05-11 13:08 - 2016-04-23 06:03 - 05660160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-05-11 13:08 - 2016-04-23 06:03 - 04894208 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-05-11 13:08 - 2016-04-23 06:03 - 02280960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-05-11 13:08 - 2016-04-23 06:03 - 02000896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2016-05-11 13:08 - 2016-04-23 06:03 - 00754176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2016-05-11 13:08 - 2016-04-23 06:02 - 02444288 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2016-05-11 13:08 - 2016-04-23 06:00 - 01390080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-05-11 13:08 - 2016-04-23 06:00 - 00984576 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2016-05-11 13:07 - 2016-05-06 06:53 - 00095072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdport.sys
2016-05-11 13:07 - 2016-05-06 06:05 - 00241664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll
2016-05-11 13:07 - 2016-05-06 06:03 - 00649216 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2016-05-11 13:07 - 2016-05-06 05:53 - 00351232 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnr.dll
2016-05-11 13:07 - 2016-05-06 05:49 - 00289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnrSvc.dll
2016-05-11 13:07 - 2016-05-06 05:44 - 00582656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngccredprov.dll
2016-05-11 13:07 - 2016-05-06 05:43 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll
2016-05-11 13:07 - 2016-05-06 05:23 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcpopkeysrv.dll
2016-05-11 13:07 - 2016-04-23 08:12 - 00092352 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-05-11 13:07 - 2016-04-23 07:26 - 00707608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2016-05-11 13:07 - 2016-04-23 07:24 - 00638816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2016-05-11 13:07 - 2016-04-23 07:24 - 00335712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
2016-05-11 13:07 - 2016-04-23 07:24 - 00099680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2016-05-11 13:07 - 2016-04-23 07:22 - 01161120 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2016-05-11 13:07 - 2016-04-23 07:18 - 00026408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2016-05-11 13:07 - 2016-04-23 07:13 - 00502104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2016-05-11 13:07 - 2016-04-23 07:13 - 00306832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanapi.dll
2016-05-11 13:07 - 2016-04-23 07:13 - 00084832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2016-05-11 13:07 - 2016-04-23 07:11 - 00696672 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2016-05-11 13:07 - 2016-04-23 07:11 - 00390496 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll
2016-05-11 13:07 - 2016-04-23 07:11 - 00131424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ufxsynopsys.sys
2016-05-11 13:07 - 2016-04-23 07:11 - 00115040 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2016-05-11 13:07 - 2016-04-23 07:10 - 00330072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2016-05-11 13:07 - 2016-04-23 07:09 - 00569744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll
2016-05-11 13:07 - 2016-04-23 07:09 - 00565600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2016-05-11 13:07 - 2016-04-23 07:09 - 00465760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2016-05-11 13:07 - 2016-04-23 07:08 - 00725776 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll
2016-05-11 13:07 - 2016-04-23 07:07 - 01848072 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2016-05-11 13:07 - 2016-04-23 07:07 - 01536088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2016-05-11 13:07 - 2016-04-23 07:07 - 00204048 _____ (Microsoft Corporation) C:\WINDOWS\system32\rsaenh.dll
2016-05-11 13:07 - 2016-04-23 07:07 - 00183904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rsaenh.dll
2016-05-11 13:07 - 2016-04-23 07:06 - 00291360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininit.exe
2016-05-11 13:07 - 2016-04-23 07:02 - 00188256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2016-05-11 13:07 - 2016-04-23 07:01 - 00619296 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10level9.dll
2016-05-11 13:07 - 2016-04-23 07:01 - 00513368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10level9.dll
2016-05-11 13:07 - 2016-04-23 07:01 - 00393568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2016-05-11 13:07 - 2016-04-23 07:01 - 00217440 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2016-05-11 13:07 - 2016-04-23 07:00 - 01776768 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2016-05-11 13:07 - 2016-04-23 07:00 - 01594920 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2016-05-11 13:07 - 2016-04-23 07:00 - 01522152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2016-05-11 13:07 - 2016-04-23 07:00 - 01399224 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2016-05-11 13:07 - 2016-04-23 07:00 - 01337240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2016-05-11 13:07 - 2016-04-23 07:00 - 00550656 _____ (Microsoft Corporation) C:\WINDOWS\system32\directmanipulation.dll
2016-05-11 13:07 - 2016-04-23 07:00 - 00453472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\directmanipulation.dll
2016-05-11 13:07 - 2016-04-23 07:00 - 00058208 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwminit.dll
2016-05-11 13:07 - 2016-04-23 06:56 - 00534872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2016-05-11 13:07 - 2016-04-23 06:35 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosHostClient.dll
2016-05-11 13:07 - 2016-04-23 06:34 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbser.sys
2016-05-11 13:07 - 2016-04-23 06:34 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\hmkd.dll
2016-05-11 13:07 - 2016-04-23 06:34 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2016-05-11 13:07 - 2016-04-23 06:33 - 00089600 _____ (Microsoft Corporation) C:\WINDOWS\system32\NFCProvisioningPlugin.dll
2016-05-11 13:07 - 2016-04-23 06:33 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshbth.dll
2016-05-11 13:07 - 2016-04-23 06:33 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmCx.sys
2016-05-11 13:07 - 2016-04-23 06:33 - 00038400 _____ (Microsoft Corporation) C:\WINDOWS\system32\ByteCodeGenerator.exe
2016-05-11 13:07 - 2016-04-23 06:32 - 00134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wificonnapi.dll
2016-05-11 13:07 - 2016-04-23 06:32 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseDesktopAppMgmtCSP.dll
2016-05-11 13:07 - 2016-04-23 06:30 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosHostClient.dll
2016-05-11 13:07 - 2016-04-23 06:29 - 00192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
2016-05-11 13:07 - 2016-04-23 06:29 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll
2016-05-11 13:07 - 2016-04-23 06:29 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\filecrypt.sys
2016-05-11 13:07 - 2016-04-23 06:29 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe
2016-05-11 13:07 - 2016-04-23 06:29 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hmkd.dll
2016-05-11 13:07 - 2016-04-23 06:29 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ByteCodeGenerator.exe
2016-05-11 13:07 - 2016-04-23 06:29 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2016-05-11 13:07 - 2016-04-23 06:28 - 00130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudDomainJoinDataModelServer.dll
2016-05-11 13:07 - 2016-04-23 06:28 - 00127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEDataLayerHelpers.dll
2016-05-11 13:07 - 2016-04-23 06:28 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll
2016-05-11 13:07 - 2016-04-23 06:28 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2016-05-11 13:07 - 2016-04-23 06:28 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshbth.dll
2016-05-11 13:07 - 2016-04-23 06:27 - 00155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidclass.sys
2016-05-11 13:07 - 2016-04-23 06:27 - 00039424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wfdprov.dll
2016-05-11 13:07 - 2016-04-23 06:26 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdbusenum.dll
2016-05-11 13:07 - 2016-04-23 06:25 - 00630784 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll
2016-05-11 13:07 - 2016-04-23 06:25 - 00617984 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2016-05-11 13:07 - 2016-04-23 06:25 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2016-05-11 13:07 - 2016-04-23 06:25 - 00207360 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2016-05-11 13:07 - 2016-04-23 06:24 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-05-11 13:07 - 2016-04-23 06:24 - 00292864 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2016-05-11 13:07 - 2016-04-23 06:24 - 00287232 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll
2016-05-11 13:07 - 2016-04-23 06:24 - 00181248 _____ (Microsoft Corporation) C:\WINDOWS\system32\shacct.dll
2016-05-11 13:07 - 2016-04-23 06:24 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\SubscriptionMgr.dll
2016-05-11 13:07 - 2016-04-23 06:24 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEDataLayerHelpers.dll
2016-05-11 13:07 - 2016-04-23 06:23 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2016-05-11 13:07 - 2016-04-23 06:23 - 00279040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ListSvc.dll
2016-05-11 13:07 - 2016-04-23 06:23 - 00179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\BrowserSettingSync.dll
2016-05-11 13:07 - 2016-04-23 06:23 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BluetoothApis.dll
2016-05-11 13:07 - 2016-04-23 06:22 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll
2016-05-11 13:07 - 2016-04-23 06:21 - 00479232 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2016-05-11 13:07 - 2016-04-23 06:20 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2016-05-11 13:07 - 2016-04-23 06:20 - 00484352 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataSenseHandlers.dll
2016-05-11 13:07 - 2016-04-23 06:20 - 00356864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2016-05-11 13:07 - 2016-04-23 06:20 - 00307200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2016-05-11 13:07 - 2016-04-23 06:20 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shacct.dll
2016-05-11 13:07 - 2016-04-23 06:19 - 00395264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlansec.dll
2016-05-11 13:07 - 2016-04-23 06:19 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BrowserSettingSync.dll
2016-05-11 13:07 - 2016-04-23 06:18 - 00988672 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2016-05-11 13:07 - 2016-04-23 06:18 - 00515072 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2016-05-11 13:07 - 2016-04-23 06:18 - 00436736 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2016-05-11 13:07 - 2016-04-23 06:18 - 00219648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2016-05-11 13:07 - 2016-04-23 06:17 - 00388608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2016-05-11 13:07 - 2016-04-23 06:17 - 00337920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanmsm.dll
2016-05-11 13:07 - 2016-04-23 06:15 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2016-05-11 13:07 - 2016-04-23 06:14 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2016-05-11 13:07 - 2016-04-23 06:14 - 00342528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2016-05-11 13:07 - 2016-04-23 06:12 - 00667648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2016-05-11 13:07 - 2016-04-23 06:07 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2016-05-11 13:07 - 2016-04-23 06:05 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2016-05-11 13:07 - 2016-04-23 06:05 - 00103936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2016-05-11 13:07 - 2016-04-23 06:03 - 02193408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2016-05-11 13:07 - 2016-04-23 06:03 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll
2016-05-11 13:07 - 2016-04-23 06:01 - 04775424 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2016-05-11 13:07 - 2016-04-23 05:45 - 00461824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2016-05-11 13:07 - 2016-04-23 04:10 - 00215040 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2016-05-11 13:07 - 2016-04-23 04:10 - 00002186 _____ C:\WINDOWS\system32\AppxProvisioning.xml
2016-05-11 13:07 - 2016-04-19 00:30 - 00002186 _____ C:\WINDOWS\SysWOW64\AppxProvisioning.xml
2016-05-10 00:01 - 2016-05-16 09:03 - 00000000 ____D C:\FRST
2016-05-09 23:57 - 2016-05-09 23:57 - 00049729 _____ C:\Users\VanessaundUwe\Desktop\JRT.txt
2016-05-09 23:41 - 2016-05-09 23:41 - 00008862 _____ C:\Users\VanessaundUwe\Desktop\AdwCleaner[C1].txt
2016-05-09 22:54 - 2016-05-09 22:55 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-05-09 22:54 - 2016-05-09 22:54 - 00001179 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2016-05-09 22:54 - 2016-05-09 22:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2016-05-09 22:54 - 2016-05-09 22:54 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-05-09 22:54 - 2016-05-09 22:54 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2016-05-09 22:54 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-05-09 22:54 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-05-09 22:54 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-05-07 18:11 - 2016-05-09 11:23 - 00000000 ____D C:\Users\VanessaundUwe\AppData\Roaming\taper-46
2016-05-07 10:44 - 2016-05-07 10:44 - 00000000 ____D C:\Users\VanessaundUwe\AppData\Roaming\dvdcss
2016-05-06 17:29 - 2016-05-09 10:43 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-05-03 13:33 - 2016-05-03 13:33 - 00007698 _____ C:\Users\VanessaundUwe\Documents\cc_20160503_133300.reg
2016-04-28 09:48 - 2016-04-28 09:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Anti-Virus
2016-04-28 09:47 - 2013-05-06 08:13 - 00110176 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\klfphc.dll
2016-04-28 09:46 - 2016-05-16 08:33 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2016-04-28 09:46 - 2016-04-28 10:01 - 00927640 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klif.sys
2016-04-28 09:46 - 2016-04-28 09:46 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab
2016-04-28 09:46 - 2015-12-08 21:34 - 00227512 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klhk.sys
2016-04-28 09:46 - 2015-12-08 21:34 - 00181640 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klflt.sys
2016-04-27 08:03 - 2016-04-27 13:13 - 00000000 ____D C:\Users\VanessaundUwe\AppData\Roaming\floating-38
2016-04-25 17:30 - 2016-04-26 11:11 - 00000000 ____D C:\Users\VanessaundUwe\AppData\Roaming\circle-9
2016-04-24 12:32 - 2016-04-24 12:36 - 00000000 ____D C:\Users\VanessaundUwe\Desktop\Fotos bearbeitet
2016-04-22 22:27 - 2016-04-23 10:14 - 00000000 ____D C:\Users\VanessaundUwe\AppData\Roaming\pfmea-6
2016-04-20 23:23 - 2016-04-20 23:23 - 00051038 _____ C:\Users\VanessaundUwe\Documents\cc_20160420_232306.reg
2016-04-17 21:39 - 2016-04-18 10:48 - 00000000 ____D C:\Users\VanessaundUwe\AppData\Roaming\median-50

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-05-16 08:38 - 2012-05-19 17:55 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-05-16 08:38 - 2012-05-18 21:32 - 00001132 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-05-16 08:29 - 2016-01-12 00:55 - 00004170 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{988C203C-45F5-47BA-B287-812777036600}
2016-05-16 08:26 - 2015-10-06 17:46 - 00000000 ____D C:\Users\VanessaundUwe\Documents\Outlook-Dateien
2016-05-16 08:26 - 2014-07-24 12:50 - 00000000 ____D C:\Users\VanessaundUwe\AppData\Roaming\Spotify
2016-05-16 08:26 - 2014-07-09 12:42 - 00000000 ____D C:\Users\VanessaundUwe\AppData\Local\Adobe
2016-05-16 08:20 - 2014-07-24 12:52 - 00000000 ____D C:\Users\VanessaundUwe\AppData\Local\Spotify
2016-05-16 08:17 - 2015-12-22 17:00 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-05-16 08:17 - 2015-12-22 16:27 - 00000000 ____D C:\ProgramData\NVIDIA
2016-05-15 21:46 - 2016-03-22 23:08 - 01012065 _____ C:\Users\VanessaundUwe\Downloads\Kultur ab Januar 2015.xlsx
2016-05-15 21:46 - 2015-12-03 19:13 - 00000000 ____D C:\Users\VanessaundUwe\Downloads\2016
2016-05-15 21:09 - 2015-10-30 09:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-05-15 20:24 - 2015-12-22 16:33 - 00000000 ____D C:\Users\UpdatusUser
2016-05-15 20:24 - 2015-10-06 17:37 - 00000000 ___RD C:\Users\VanessaundUwe\OneDrive
2016-05-15 20:21 - 2015-12-22 16:33 - 00000000 ____D C:\Users\VanessaundUwe
2016-05-14 21:24 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-05-13 23:59 - 2012-06-17 14:32 - 00000000 ____D C:\Users\VanessaundUwe\AppData\Roaming\vlc
2016-05-13 17:19 - 2015-10-30 09:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-05-13 12:55 - 2016-01-14 15:43 - 00003972 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2016-05-13 12:55 - 2015-11-04 12:37 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-05-13 10:16 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\rescache
2016-05-12 19:59 - 2011-10-27 22:02 - 00000000 ____D C:\ProgramData\Temp
2016-05-12 08:52 - 2015-10-30 08:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2016-05-11 21:57 - 2015-10-30 09:26 - 00829944 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-05-11 21:57 - 2015-10-30 09:26 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-05-11 20:24 - 2015-10-30 09:21 - 00000000 ____D C:\WINDOWS\INF
2016-05-11 17:11 - 2015-12-22 19:03 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-05-11 15:01 - 2015-10-30 20:44 - 00000000 ____D C:\Program Files\Windows Journal
2016-05-11 15:01 - 2015-10-30 09:24 - 00015703 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
2016-05-11 15:01 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-05-11 15:01 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-05-11 15:01 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\Provisioning
2016-05-11 15:01 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-05-11 15:00 - 2015-10-06 16:05 - 00000000 ____D C:\Users\VanessaundUwe\AppData\Local\JDownloader 2.0
2016-05-11 14:32 - 2013-08-15 19:38 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-05-11 14:16 - 2011-10-27 23:06 - 139319312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-05-11 12:33 - 2016-02-02 19:15 - 00003988 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore1d12f5fdf08843e
2016-05-11 12:33 - 2015-12-05 15:21 - 00001128 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d12f5fdf08843e.job
2016-05-11 12:33 - 2012-05-18 21:32 - 00004190 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-05-10 07:58 - 2016-01-18 19:53 - 00000000 ____D C:\Program Files\KMSpico
2016-05-09 23:46 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\Globalization
2016-05-09 22:45 - 2014-07-18 10:33 - 00000000 ____D C:\AdwCleaner
2016-05-09 10:43 - 2012-05-19 17:22 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-05-07 10:43 - 2015-09-04 18:23 - 00000867 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-05-03 13:33 - 2014-08-08 08:13 - 00000000 ____D C:\ProgramData\Package Cache
2016-05-03 13:31 - 2015-12-22 20:53 - 00000000 ____D C:\Users\VanessaundUwe\AppData\Roaming\uTorrent
2016-05-03 12:42 - 2015-12-22 19:03 - 00000000 ____D C:\Users\VanessaundUwe\AppData\Local\Packages
2016-04-30 15:51 - 2015-07-25 13:09 - 00000000 ____D C:\Users\VanessaundUwe\Downloads\Books
2016-04-28 14:21 - 2013-01-24 18:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2016-04-28 12:55 - 2015-12-22 16:31 - 02086168 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-04-28 12:55 - 2015-10-30 20:35 - 00889404 _____ C:\WINDOWS\system32\perfh007.dat
2016-04-28 12:55 - 2015-10-30 20:35 - 00197452 _____ C:\WINDOWS\system32\perfc007.dat
2016-04-28 10:15 - 2012-10-24 13:15 - 00000000 ____D C:\Program Files (x86)\Avira
2016-04-28 10:01 - 2015-06-06 08:51 - 00077728 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\kldisk.sys
2016-04-28 09:48 - 2015-10-30 08:28 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2016-04-28 09:47 - 2015-10-30 09:24 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2016-04-28 09:46 - 2009-07-14 05:20 - 00000000 ____D C:\Users\Default.migrated
2016-04-28 09:42 - 2012-10-24 13:20 - 00000000 ____D C:\Users\VanessaundUwe\AppData\Roaming\Avira
2016-04-28 09:42 - 2012-10-24 13:15 - 00000000 ____D C:\ProgramData\Avira
2016-04-26 11:02 - 2015-12-22 19:12 - 00002451 _____ C:\Users\VanessaundUwe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-04-25 17:44 - 2014-11-01 17:41 - 00000000 ____D C:\Users\VanessaundUwe\Downloads\Noch schauen
2016-04-23 17:11 - 2015-12-22 19:42 - 00000000 ____D C:\Users\VanessaundUwe\AppData\Local\Comms
2016-04-22 09:57 - 2010-11-21 05:27 - 00453288 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2016-04-20 10:55 - 2014-12-02 13:40 - 00000000 ____D C:\Users\VanessaundUwe\Downloads\Zeitschriften 2015

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2013-11-23 21:03 - 2013-11-23 21:09 - 0000132 _____ () C:\Users\VanessaundUwe\AppData\Roaming\Adobe CS6-GIF-Format - Voreinstellungen
2013-11-28 18:53 - 2014-03-25 16:16 - 0000132 _____ () C:\Users\VanessaundUwe\AppData\Roaming\Adobe CS6-PNG-Format - Voreinstellungen
2012-06-28 17:26 - 2013-05-09 15:16 - 0009216 _____ () C:\Users\VanessaundUwe\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-07-10 18:45 - 2013-07-10 18:45 - 0000893 _____ () C:\Users\VanessaundUwe\AppData\Local\recently-used.xbel
2012-05-19 10:07 - 2012-05-19 10:07 - 0017408 _____ () C:\Users\VanessaundUwe\AppData\Local\WebpageIcons.db
2013-02-05 20:42 - 2013-03-29 14:28 - 0000032 _____ () C:\ProgramData\aceg.ini
2016-01-12 00:45 - 2016-01-12 00:45 - 0000057 _____ () C:\ProgramData\Ament.ini

Einige Dateien in TEMP:
====================
C:\Users\VanessaundUwe\AppData\Local\Temp\libeay32.dll
C:\Users\VanessaundUwe\AppData\Local\Temp\msvcr120.dll
C:\Users\VanessaundUwe\AppData\Local\Temp\proxy_vole1240164018422986414.dll
C:\Users\VanessaundUwe\AppData\Local\Temp\proxy_vole4915313268689617003.dll
C:\Users\VanessaundUwe\AppData\Local\Temp\proxy_vole5037268272556858600.dll
C:\Users\VanessaundUwe\AppData\Local\Temp\proxy_vole5466512398401284336.dll
C:\Users\VanessaundUwe\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert


LastRegBack: 2016-05-14 14:42

==================== Ende von FRST.txt ============================

Code:

ATTFilter

Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:14-05-2016
durchgeführt von VanessaundUwe (2016-05-16 09:06:42)
Gestartet von C:\Users\VanessaundUwe\Downloads
Windows 10 Home Version 1511 (X64) (2015-12-22 17:01:42)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-2663113073-2047370837-3390539344-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2663113073-2047370837-3390539344-503 - Limited - Disabled)
Gast (S-1-5-21-2663113073-2047370837-3390539344-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2663113073-2047370837-3390539344-1003 - Limited - Enabled)
UpdatusUser (S-1-5-21-2663113073-2047370837-3390539344-1000 - Limited - Enabled) => C:\Users\UpdatusUser
VanessaundUwe (S-1-5-21-2663113073-2047370837-3390539344-1001 - Administrator - Enabled) => C:\Users\VanessaundUwe

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Kaspersky Anti-Virus (Enabled - Up to date) {86367591-4BE4-AE08-2FD9-7FCB8259CD98}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Kaspersky Anti-Virus (Enabled - Up to date) {3D579475-6DDE-A186-1569-44B9F9DE8725}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Anti-Virus (Disabled) {BE0DF4B4-018B-AF50-0486-D6FE7C8A8AE3}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

µTorrent (HKU\S-1-5-21-2663113073-2047370837-3390539344-1001\...\uTorrent) (Version: 3.4.6.42094 - BitTorrent Inc.)
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.016.20039 - Adobe Systems Incorporated)
Adobe Digital Editions 2.0 (HKLM-x32\...\Adobe Digital Editions 2.0) (Version: 2.0 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.242 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
calibre (HKLM-x32\...\{49FA2A5C-8FC3-4BD0-A244-CA01A9250E55}) (Version: 2.50.1 - Kovid Goyal)
CCleaner (HKLM\...\CCleaner) (Version: 5.17 - Piriform)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.0.0.0054 - Disc Soft Ltd)
ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 17.1.18829 - Landesfinanzdirektion Thüringen)
FileZilla Client 3.10.3 (HKLM-x32\...\FileZilla Client) (Version: 3.10.3 - Tim Kosse)
Finger Sensing Pad Driver (HKLM\...\{E86906FF-C63D-4EAF-ACE7-5F8D55FBEA9A}) (Version: 9.4.9.5 - Sentelic)
FormatFactory 3.3.5.0 (HKLM-x32\...\FormatFactory) (Version: 3.3.5.0 - Format Factory)
Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Google Drive (HKLM-x32\...\{D7269C20-B3CE-4CD0-8E88-3D307D3BD41A}) (Version: 1.29.2074.1528 - Google, Inc.)
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
HP Dropbox Plugin (HKLM-x32\...\{45B18FC7-3ECE-4F2B-99A8-370886AB8238}) (Version: 36.0.31.53050 - Hewlett-Packard Co.)
HP Google Drive Plugin (HKLM-x32\...\{1502BB1F-7870-4DC9-9178-65CFE00D070C}) (Version: 36.0.31.53050 - Hewlett-Packard Co.)
HP OfficeJet 3830 series - Grundlegende Software für das Gerät (HKLM\...\{DCCF150E-E0CA-4C1E-BD81-207DB6BE2A86}) (Version: 36.0.72.54013 - Hewlett-Packard Co.)
HP OfficeJet 3830 series Hilfe (HKLM-x32\...\{99C52AB4-FBA3-4C12-9AC3-B19A3421EB96}) (Version: 35.0.0 - Hewlett Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.9572 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
Intel PROSet Wireless (x32 Version:  - ) Hidden
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2538 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{006B5C65-3938-4246-B182-994A7E415EDE}) (Version: 1.1.0.0537 - Intel Corporation)
Intel(R) WiDi (HKLM-x32\...\{E1B934BB-6AFA-429F-98E4-76F9CBC72BF6}) (Version: 2.2.14.0 - Intel Corporation)
Intel(R) Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version:  - )
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.32 - Irfan Skiljan)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kaspersky Anti-Virus (HKLM-x32\...\InstallWIX_{77E7AE5C-181C-4CAF-ADBF-946F11C1CE26}) (Version: 16.0.0.614 - Kaspersky Lab)
Kaspersky Anti-Virus (x32 Version: 16.0.0.614 - Kaspersky Lab) Hidden
LameXP v4.07 (HKLM-x32\...\{FBD7A67D-D700-4043-B54F-DD106D00F308}) (Version: 4.07 Final-1 [Build #1286] - LoRd_MuldeR <mulder2@gmx.de>)
Launch Manager (HKLM-x32\...\{D0846526-66DD-4DC9-A02C-98F9A2806812}) (Version: 1.5.1.4 - Wistron Corp.)
Lumia UEFI Blue Driver (HKLM-x32\...\{D6EEB835-5BBF-4F6B-8382-1681148D7771}) (Version: 1.1.8.1448 - Nokia)
Malwarebytes Anti-Malware Version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft Office Professional Plus 2016 - de-de (HKLM\...\ProPlusRetail - de-de) (Version: 16.0.4266.1003 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft_VC100_CRT_x86 (HKLM-x32\...\{6FDDB201-2CA0-42BD-973F-7B2C4A61EA3F}) (Version: 1.0.0 - Microsoft)
Mozilla Firefox 46.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 46.0.1 (x86 de)) (Version: 46.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 46.0.1.5966 - Mozilla)
NVIDIA 3D Vision Driver 285.64 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 285.64 - NVIDIA Corporation)
NVIDIA Graphics Driver 285.64 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 285.64 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}) (Version: 9.10.0513 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.4266.1003 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.4266.1003 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.4266.1003 - Microsoft Corporation) Hidden
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Pošta Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6449 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Reader Driver (HKLM-x32\...\{62BBB2F0-E220-4821-A564-730807D2C34D}) (Version: 6.1.7600.10010 - Realtek Semiconductor Corp.)
Remote Control Input Device Registry Key (HKLM-x32\...\{91EB0B20-08B0-4905-88FB-020952B9979F}) (Version: 1.1.0.0.081231 - Chicony)
Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.16011.2 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (x32 Version: 3.2.16011.2 - Samsung Electronics Co., Ltd.) Hidden
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.59.0 - Samsung Electronics Co., Ltd.)
Shape Collage (HKLM-x32\...\ShapeCollage) (Version:  - Shape Collage Inc.)
Smart Switch (HKLM-x32\...\InstallShield_{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}) (Version: 4.1.16021.15 - Samsung Electronics Co., Ltd.)
Smart Switch (x32 Version: 4.1.16021.15 - Samsung Electronics Co., Ltd.) Hidden
Spelling Dictionaries Support For Adobe Reader X (HKLM-x32\...\{AC76BA86-7AD7-5464-3428-A00000000004}) (Version: 10.0.0 - Adobe Systems Incorporated)
Spotify (HKU\S-1-5-21-2663113073-2047370837-3390539344-1001\...\Spotify) (Version: 1.0.28.87.g8f9312a4 - Spotify AB)
SpyHunter 4 (HKLM-x32\...\SpyHunter) (Version: 4.22.8.4668 - Enigma Software Group, LLC)
Studie zur Verbesserung von HP OfficeJet 3830 series (HKLM\...\{0BE77456-9F9E-41FA-8914-01940B20AEA8}) (Version: 36.0.72.54013 - Hewlett-Packard Co.)
TI USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5C677DD3-45D9-4B10-8591-5F8CEA76BAE0}) (Version: 1.12.16 - Texas Instruments Inc.)
TI USB3 Host Driver (x32 Version: 1.12.16 - Texas Instruments Inc.) Hidden
Trojan Remover 6.9.3 (HKLM-x32\...\Trojan Remover_is1) (Version: 6.9.3 - Simply Super Software)
Turbo Lister 2 (HKLM-x32\...\{8927E07C-97F7-4A54-88FB-D976F50DD46E}) (Version: 2.00.0000 - eBay Inc.)
Versandhelfer (HKLM-x32\...\dpdhl.versandhelfer.medionlap.CDA82DC3FEDD13302C6424313D9A2999F162D21A.1) (Version: 0.9.511 - Deutsche Post AG)
Versandhelfer (x32 Version: 0.9.511 - Deutsche Post AG) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
WinRAR 4.20 (32-Bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
WinUsb CoInstallers (HKLM-x32\...\{B7D4B08A-9D89-4369-B51C-92CF8C03D2F8}) (Version: 1.1.8.1406 - Nokia)
WinUSB Compatible ID Drivers (HKLM-x32\...\{316ED84C-ACDA-4F1F-8E64-52B7AFF8677D}) (Version: 1.1.9.1439 - Nokia)
WinUSB Drivers ext (HKLM-x32\...\{238EAE31-4E9E-43CF-B244-C4879279E6AF}) (Version: 1.1.12.1439 - Nokia)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

CustomCLSID: HKU\S-1-5-21-2663113073-2047370837-3390539344-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\VanessaundUwe\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\FileCoAuth.exe (Microsoft Corporation)

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {0D316AB7-1416-48C9-BE2F-98E44E0638A5} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-05-12] (Adobe Systems Incorporated)
Task: {13548292-62B5-46FE-901A-32171AC7C7CA} - System32\Tasks\HPCustParticipation HP OfficeJet 3830 series => C:\Program Files\HP\HP OfficeJet 3830 series\Bin\HPCustPartic.exe [2015-03-09] (Hewlett-Packard Development Company, LP)
Task: {13C04E78-85A3-4EAB-8EC1-4D75A697776D} - System32\Tasks\{415ED4F3-D631-4EE6-AB81-303998C830FB} => pcalua.exe -a C:\Users\VanessaundUwe\Downloads\ADE_2.0_Installer.exe -d C:\Users\VanessaundUwe\Downloads
Task: {23932692-5781-482C-BE4E-010CF5CF399C} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe
Task: {2AC15BB3-B017-4473-8AB5-D55A0448EA14} - System32\Tasks\AdobeAAMUpdater-1.0-Anuket-VanessaundUwe => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2015-08-05] (Adobe Systems Incorporated)
Task: {3A8D8438-08A6-4DFB-B760-90737F10D2A6} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {51696F76-C61C-45B2-A66E-EB797979E925} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-05-11] (Microsoft Corporation)
Task: {727E0394-47CD-4326-9878-51DCE9BDA933} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
Task: {732A1CB4-491C-4447-908E-45DBBF6AF445} - \AmiUpdXp -> Keine Datei <==== ACHTUNG
Task: {819CC8D0-B527-433F-9E94-83F3FED315E3} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe
Task: {86C11EBC-5923-4224-8C9C-AEAC67C4A609} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {8A26074E-D9A2-46A1-926B-2CD6439E0EB7} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {8B83154D-73CF-4435-ABEB-96C6214BD09D} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe
Task: {8EFFED3C-9DA9-401D-AD9C-61FD3A63F98A} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe
Task: {8F0E5EFB-D820-4DEA-A1D5-8B6237FEBF7B} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {9CBBE4A7-E823-45D3-AEAB-E20865E1F264} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe
Task: {9D3DB79D-C891-41AE-B24E-32BE9900DA22} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe
Task: {9F32AA2E-358A-4EC1-B044-761AA6BFFB94} - System32\Tasks\AutoPico Daily Restart => C:\Program
Task: {A2A7F146-C77A-4233-8C31-D192AF2D5591} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe
Task: {AAB08C40-22FD-4126-84F4-86755786F394} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-04-15] (Piriform Ltd)
Task: {B16E35C8-ECC6-4B42-AA66-B1B9248E5478} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Keine Datei <==== ACHTUNG
Task: {B2851EE3-BFA4-47A4-AFC2-114F3C194922} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-02] (Google Inc.)
Task: {B9CC01BC-768A-4946-AFDB-F6A551A40F00} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-02] (Google Inc.)
Task: {B9DF69B4-AE35-4B57-9B92-FFE592D550FE} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe
Task: {BC1A3F70-620E-4779-85B3-7ECE889A1DDB} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-04-22] (Adobe Systems Incorporated)
Task: {BCCF0E08-B171-4189-9247-F3E434294369} - \Microsoft\Windows\Setup\gwx\runappraiser -> Keine Datei <==== ACHTUNG
Task: {C08B53D2-E793-49B9-B320-3C1C4EFAE8CA} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {C3FD7451-62AC-4654-AF99-DAA95E98F41B} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Keine Datei <==== ACHTUNG
Task: {C6A099CD-5D34-4EDB-B614-CAF872E4E2F5} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {C7BA2836-6C8C-47F8-9A90-E43904B236AA} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe
Task: {CAAAE44E-0401-4EDF-B01F-CC3DBA876ADE} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe
Task: {CCE0DFF5-D617-41DC-9762-FE8A6F2848C1} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Keine Datei <==== ACHTUNG
Task: {CF10B885-BB90-4854-A23B-696EE3A726D9} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2015-10-06] (Microsoft Corporation)
Task: {CFC89B44-7826-4C50-B7A1-ECFE371E3767} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe
Task: {D5395A54-7A70-4614-94AA-D0CA988038E3} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {E09D943B-BA56-45AA-B5DB-C91C66EB995D} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe
Task: {E146F8D9-BEFB-4450-B673-D136F6ECDACE} - System32\Tasks\GoogleUpdateTaskMachineCore1d12f5fdf08843e => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-02] (Google Inc.)
Task: {E3EB8754-FFD1-4D73-942B-F8C7ACAB2F34} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe
Task: {F1774640-2B6A-43C5-9603-E8FA3AA41FA4} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe
Task: {F4F6A6FD-9D1A-44F0-8C26-8B298597FF54} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Keine Datei <==== ACHTUNG
Task: {F9245C66-BE0E-48CA-B1BD-81FCF68BE46F} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2015-10-06] (Microsoft Corporation)
Task: {FB4F02EA-7AD0-46E6-9D4D-76E82CC953A5} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1cf8c54ebfada4.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1cfec34e7a76bd3.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d0002672f1337.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d04241b9fd81d9.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d092e5d4782a0f.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d0c00ad2e94d9a.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d0e5527337fb41.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d0ef9ff94fb37b.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d12f5fdf08843e.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Verknüpfungen =============================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2015-10-30 09:18 - 2015-10-30 09:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2015-12-22 16:27 - 2015-07-23 03:10 - 00116552 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-10-06 17:21 - 2015-08-16 00:21 - 00162880 _____ () C:\Program Files\Common Files\Microsoft Shared\ClickToRun\ApiClient.dll
2015-05-29 08:29 - 2015-05-29 08:29 - 02178896 _____ () C:\Windows\System32\FspService.exe
2016-04-13 12:42 - 2016-03-29 12:20 - 02656952 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-04-13 12:42 - 2016-03-29 12:20 - 02656952 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2015-03-29 12:25 - 2015-03-29 12:25 - 00043480 _____ () C:\FileZilla\fzshellext_64.dll
2016-04-26 11:02 - 2016-04-26 11:02 - 00959176 _____ () C:\Users\VanessaundUwe\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64\ClientTelemetry.dll
2015-12-22 16:12 - 2015-12-22 16:12 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-05-11 13:07 - 2016-04-23 06:25 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-05-11 13:08 - 2016-04-23 06:02 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-05-11 13:08 - 2016-04-23 05:58 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-05-11 13:08 - 2016-04-23 05:58 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-05-11 13:09 - 2016-04-23 06:01 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-06-01 22:00 - 2015-06-01 22:00 - 00102912 _____ () C:\Windows\System32\IccLibDll_x64.dll
2016-05-16 08:19 - 2016-05-16 08:19 - 00695952 ____N () C:\ProgramData\ampere-61\ampere-38.exe
2016-04-15 20:07 - 2016-04-15 20:07 - 00061440 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll
2016-04-19 17:31 - 2016-04-19 17:31 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2015-07-08 23:18 - 2015-07-08 23:18 - 00794920 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\kpcengine.2.3.dll
2015-04-13 15:57 - 2015-04-13 15:57 - 00143296 _____ () C:\vlc\libvlc.dll
2015-04-13 16:00 - 2015-04-13 16:00 - 02631616 _____ () C:\vlc\libvlccore.dll
2015-03-19 15:49 - 2016-04-27 09:53 - 47503472 _____ () C:\Users\VanessaundUwe\AppData\Roaming\Spotify\libcef.dll
2015-03-19 15:49 - 2016-04-27 09:53 - 01584240 _____ () C:\Users\VanessaundUwe\AppData\Roaming\Spotify\libglesv2.dll
2015-03-19 15:49 - 2016-04-27 09:53 - 00082032 _____ () C:\Users\VanessaundUwe\AppData\Roaming\Spotify\libegl.dll
2016-04-19 17:31 - 2016-04-19 17:31 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-04-19 17:31 - 2016-04-19 17:31 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2015-10-06 17:24 - 2015-10-06 17:25 - 01754296 _____ () C:\Program Files (x86)\Microsoft Office\Root\Office16\tmpod.dll
2015-10-06 17:24 - 2015-10-06 17:25 - 01065536 _____ () C:\Program Files (x86)\Microsoft Office\Root\Office16\ADDINS\UmOutlookAddin.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)

AlternateDataStreams: C:\ProgramData\Temp:56E2E879 [118]
AlternateDataStreams: C:\ProgramData\Temp:CB0AACC9 [144]

==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)


==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)

HKU\S-1-5-21-2663113073-2047370837-3390539344-1001\Software\Classes\.exe:  =>  <===== ACHTUNG

==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)


==================== Hosts Inhalt: ==========================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2009-07-14 04:34 - 2013-11-23 20:35 - 00001374 ____N C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1       activate.adobe.com
127.0.0.1       practivate.adobe.com
127.0.0.1       3dns-3.adobe.com
127.0.0.1       adobe-dns-2.adobe.com
127.0.0.1       adobe-dns-3.adobe.com
127.0.0.1       ereg.wip3.adobe.com
127.0.0.1       activate-sea.adobe.com
127.0.0.1       wip3.adobe.com
127.0.0.1       wwis-dubc1-vip60.adobe.com
127.0.0.1       activate-sjc0.adobe.com
127.0.0.1       ereg.adobe.com
127.0.0.1       activate.wip3.adobe.com
127.0.0.1       3dns-2.adobe.com
127.0.0.1       adobe-dns.adobe.com

==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-2663113073-2047370837-3390539344-1000\Control Panel\Desktop\\Wallpaper -> 
HKU\S-1-5-21-2663113073-2047370837-3390539344-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\VanessaundUwe\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: BTMTrayAgent => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
MSCONFIG\startupreg: Spotify => "C:\Users\VanessaundUwe\AppData\Roaming\Spotify\Spotify.exe" -autostart -minimized

==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808
FirewallRules: [{C0374123-E3D0-4A2A-AF23-FD7B330516D2}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{832DE091-A393-41A0-9069-16CED42A908F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{A893F5F5-55BC-49CD-8F78-FF71C30B7FDB}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{904775F6-6930-4E0C-BDAE-6404EED389C3}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{14A2FFDB-C0F0-447C-B3F5-5A8B2F8C5967}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{2AD5F8A5-7AF9-4A1C-A165-0776151658BB}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{8B056BF6-7F65-40EA-A595-381BCC2961AE}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{10B4D7B3-35E5-4BCB-9AF0-570C332970A6}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{08F98417-32F4-4506-9A75-46379350B106}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [UDP Query User{1C533923-8746-4213-AA9F-E8CB87B8FB54}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{E981DB15-4E39-4BAD-987F-C4227C2BA066}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{25AF93FC-F6D1-4242-A385-DB3EC143D466}C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe
FirewallRules: [TCP Query User{224F2EAB-9D65-48F8-B527-63AF3C0AAD06}C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe
FirewallRules: [{4B89F019-378D-4CB6-AF92-2CB1E1BF3207}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{9ECFE6F4-A7AD-4296-B3E7-254C8E0CB697}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{23F69F7A-AFE4-41CC-AED3-FFDD201F5CAB}] => (Allow) LPort=1900
FirewallRules: [{53E576F4-684D-46C6-9AD8-E62974FB99FE}] => (Allow) LPort=2869
FirewallRules: [{04B2E412-4BC1-4D51-B629-6AB6A2708D43}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [UDP Query User{295DE74C-4A72-4955-8559-CA6D38EA6457}C:\vlc\vlc.exe] => (Allow) C:\vlc\vlc.exe
FirewallRules: [TCP Query User{1903870F-8668-4200-9D1B-3C30D813485A}C:\vlc\vlc.exe] => (Allow) C:\vlc\vlc.exe
FirewallRules: [UDP Query User{9F5C1EC9-68F2-424D-99B3-B7D370048090}C:\users\vanessaunduwe\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\vanessaunduwe\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{AB4F2111-5868-48FB-BFB3-49AA9B1B7B16}C:\users\vanessaunduwe\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\vanessaunduwe\appdata\roaming\spotify\spotify.exe
FirewallRules: [{99AE0AFB-72CD-4AB1-BFD7-28DB3E88CBF4}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3507\Agent.exe
FirewallRules: [{42F4F9E3-49D0-4D69-85C9-3DD660CA0258}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3507\Agent.exe
FirewallRules: [UDP Query User{8ED785C4-8B67-48AB-9E1F-E9FB0E017845}C:\users\vanessaunduwe\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\vanessaunduwe\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{5C89C82A-ED44-4302-AADE-600262D3F135}C:\users\vanessaunduwe\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\vanessaunduwe\appdata\roaming\spotify\spotify.exe
FirewallRules: [{3B3BA98C-6E3A-4CE5-9464-40DCE9710926}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{882E49E9-1721-48A8-B10B-EDD92CB1198A}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{D72B193E-DAA6-4947-B0DD-79B43E88826F}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{60633C33-6005-4E69-8984-5F2785A192B6}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
FirewallRules: [{E20DBD12-083A-4C7B-B048-62F51DC45532}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
FirewallRules: [{4C65B3D6-E289-4DC8-A7A1-E03D336E0E43}] => (Allow) C:\Users\VanessaundUwe\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{0263B9A6-98AB-4676-AF80-27916C59B382}] => (Allow) C:\Users\VanessaundUwe\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{8CC1AA41-6D1F-4258-8042-0969C72B17C3}] => (Allow) C:\Users\VanessaundUwe\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{A71B376F-DC00-4E8A-9BC6-8093C38BBFF6}] => (Allow) C:\Users\VanessaundUwe\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{EAE79E6F-A72E-4A3A-8155-B528862C291D}] => (Allow) C:\Users\VanessaundUwe\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{C326D4F1-8F94-4F87-8F5B-9317EE17B4E5}] => (Allow) C:\Users\VanessaundUwe\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{EC80BE6C-A741-45B4-A4A5-1879FEB76882}] => (Allow) C:\Program Files\HP\HP OfficeJet 3830 series\bin\FaxApplications.exe
FirewallRules: [{AE9EFAA9-1162-46C4-817D-9EEFF821368E}] => (Allow) C:\Program Files\HP\HP OfficeJet 3830 series\bin\DigitalWizards.exe
FirewallRules: [{73783793-F380-43CB-A272-15E66D1134DE}] => (Allow) C:\Program Files\HP\HP OfficeJet 3830 series\bin\SendAFax.exe
FirewallRules: [{8FB56B48-9C7F-47F5-B214-5EE0DF650E21}] => (Allow) C:\Program Files\HP\HP OfficeJet 3830 series\bin\FaxPrinterUtility.exe
FirewallRules: [{BB8FBFC3-E065-48F3-81DF-BFF4C15594D0}] => (Allow) C:\Program Files\HP\HP OfficeJet 3830 series\Bin\DeviceSetup.exe
FirewallRules: [{3DB49462-9751-401C-A35E-DF3ADE4EE293}] => (Allow) LPort=5357
FirewallRules: [{C7D4D1AD-7D2C-46FA-840D-077F4D87041D}] => (Allow) C:\Program Files\HP\HP OfficeJet 3830 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{4EC315F3-0EA3-4114-86CB-20666CF4E12D}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe
FirewallRules: [{A695BB64-DB01-4FD7-9369-1730B175811C}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe
FirewallRules: [{F56797FF-754A-4E09-87D9-98712FF563A4}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{8B2C23A9-0B2F-4DD6-B977-95B3CBC2F30F}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe

==================== Wiederherstellungspunkte =========================

07-05-2016 13:25:51 Geplanter Prüfpunkt
09-05-2016 23:52:40 JRT Pre-Junkware Removal
15-05-2016 21:05:53 Windows Update

==================== Fehlerhafte Geräte im Gerätemanager =============


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (05/16/2016 08:27:59 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: microsoftedgecp.exe, Version: 11.0.10586.20, Zeitstempel: 0x56540c35
Name des fehlerhaften Moduls: iertutil.dll, Version: 11.0.10586.306, Zeitstempel: 0x571af338
Ausnahmecode: 0x80000003
Fehleroffset: 0x0000000000007040
ID des fehlerhaften Prozesses: 0x2460
Startzeit der fehlerhaften Anwendung: 0xmicrosoftedgecp.exe0
Pfad der fehlerhaften Anwendung: microsoftedgecp.exe1
Pfad des fehlerhaften Moduls: microsoftedgecp.exe2
Berichtskennung: microsoftedgecp.exe3
Vollständiger Name des fehlerhaften Pakets: microsoftedgecp.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: microsoftedgecp.exe5

Error: (05/16/2016 08:17:43 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: devmonsrv.exe, Version: 1.1.0.51, Zeitstempel: 0x4d6e5bd3
Name des fehlerhaften Moduls: devmonsrv.exe, Version: 1.1.0.51, Zeitstempel: 0x4d6e5bd3
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00043c86
ID des fehlerhaften Prozesses: 0x5f4
Startzeit der fehlerhaften Anwendung: 0xdevmonsrv.exe0
Pfad der fehlerhaften Anwendung: devmonsrv.exe1
Pfad des fehlerhaften Moduls: devmonsrv.exe2
Berichtskennung: devmonsrv.exe3
Vollständiger Name des fehlerhaften Pakets: devmonsrv.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: devmonsrv.exe5

Error: (05/16/2016 08:17:43 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: obexsrv.exe, Version: 1.1.0.51, Zeitstempel: 0x4d6e5ab8
Name des fehlerhaften Moduls: obexsrv.exe, Version: 1.1.0.51, Zeitstempel: 0x4d6e5ab8
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0005225c
ID des fehlerhaften Prozesses: 0x934
Startzeit der fehlerhaften Anwendung: 0xobexsrv.exe0
Pfad der fehlerhaften Anwendung: obexsrv.exe1
Pfad des fehlerhaften Moduls: obexsrv.exe2
Berichtskennung: obexsrv.exe3
Vollständiger Name des fehlerhaften Pakets: obexsrv.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: obexsrv.exe5

Error: (05/15/2016 09:46:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: devmonsrv.exe, Version: 1.1.0.51, Zeitstempel: 0x4d6e5bd3
Name des fehlerhaften Moduls: devmonsrv.exe, Version: 1.1.0.51, Zeitstempel: 0x4d6e5bd3
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00043c86
ID des fehlerhaften Prozesses: 0xca4
Startzeit der fehlerhaften Anwendung: 0xdevmonsrv.exe0
Pfad der fehlerhaften Anwendung: devmonsrv.exe1
Pfad des fehlerhaften Moduls: devmonsrv.exe2
Berichtskennung: devmonsrv.exe3
Vollständiger Name des fehlerhaften Pakets: devmonsrv.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: devmonsrv.exe5

Error: (05/15/2016 09:41:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: AcroRd32.exe, Version: 15.16.20039.54196, Zeitstempel: 0x5728a6b1
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000008
Fehleroffset: 0x70db8c7a
ID des fehlerhaften Prozesses: 0x1f40
Startzeit der fehlerhaften Anwendung: 0xAcroRd32.exe0
Pfad der fehlerhaften Anwendung: AcroRd32.exe1
Pfad des fehlerhaften Moduls: AcroRd32.exe2
Berichtskennung: AcroRd32.exe3
Vollständiger Name des fehlerhaften Pakets: AcroRd32.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: AcroRd32.exe5

Error: (05/15/2016 09:07:43 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.

System Error:
Zugriff verweigert
.

Error: (05/15/2016 08:20:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: devmonsrv.exe, Version: 1.1.0.51, Zeitstempel: 0x4d6e5bd3
Name des fehlerhaften Moduls: devmonsrv.exe, Version: 1.1.0.51, Zeitstempel: 0x4d6e5bd3
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00043c86
ID des fehlerhaften Prozesses: 0x8e8
Startzeit der fehlerhaften Anwendung: 0xdevmonsrv.exe0
Pfad der fehlerhaften Anwendung: devmonsrv.exe1
Pfad des fehlerhaften Moduls: devmonsrv.exe2
Berichtskennung: devmonsrv.exe3
Vollständiger Name des fehlerhaften Pakets: devmonsrv.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: devmonsrv.exe5

Error: (05/15/2016 08:20:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: obexsrv.exe, Version: 1.1.0.51, Zeitstempel: 0x4d6e5ab8
Name des fehlerhaften Moduls: obexsrv.exe, Version: 1.1.0.51, Zeitstempel: 0x4d6e5ab8
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0005225c
ID des fehlerhaften Prozesses: 0x9cc
Startzeit der fehlerhaften Anwendung: 0xobexsrv.exe0
Pfad der fehlerhaften Anwendung: obexsrv.exe1
Pfad des fehlerhaften Moduls: obexsrv.exe2
Berichtskennung: obexsrv.exe3
Vollständiger Name des fehlerhaften Pakets: obexsrv.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: obexsrv.exe5

Error: (05/14/2016 02:30:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: AutoPico.exe, Version: 5.4.0.0, Zeitstempel: 0x52157dfb
Name des fehlerhaften Moduls: clr.dll, Version: 4.6.1080.0, Zeitstempel: 0x570c4ace
Ausnahmecode: 0xc00000fd
Fehleroffset: 0x00000000000073e3
ID des fehlerhaften Prozesses: 0x1c44
Startzeit der fehlerhaften Anwendung: 0xAutoPico.exe0
Pfad der fehlerhaften Anwendung: AutoPico.exe1
Pfad des fehlerhaften Moduls: AutoPico.exe2
Berichtskennung: AutoPico.exe3
Vollständiger Name des fehlerhaften Pakets: AutoPico.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: AutoPico.exe5

Error: (05/14/2016 02:30:01 PM) (Source: Software Protection Platform Service) (EventID: 1017) (User: )
Description: Fehler bei der Installation des Kaufnachweises. 0x80070057
Teil-Pkey=?
ACID=?
Genauer Fehler[?]


Systemfehler:
=============
Error: (05/16/2016 08:24:06 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde nicht richtig gestartet.

Error: (05/16/2016 08:21:56 AM) (Source: DCOM) (EventID: 10016) (User: ANUKET)
Description: ComputerstandardLokalAktivierung{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}AnuketVanessaundUweS-1-5-21-2663113073-2047370837-3390539344-1001LocalHost (unter Verwendung von LRPC)Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742

Error: (05/16/2016 08:21:55 AM) (Source: DCOM) (EventID: 10016) (User: ANUKET)
Description: ComputerstandardLokalAktivierung{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}AnuketVanessaundUweS-1-5-21-2663113073-2047370837-3390539344-1001LocalHost (unter Verwendung von LRPC)Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742

Error: (05/16/2016 08:18:00 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Bluetooth OBEX Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (05/16/2016 08:18:00 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Bluetooth OBEX Service erreicht.

Error: (05/16/2016 08:17:59 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Bluetooth Device Monitor" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (05/16/2016 08:17:59 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Bluetooth Device Monitor erreicht.

Error: (05/16/2016 08:17:30 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "NetTcpActivator" ist vom Dienst "NetTcpPortSharing" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1058

Error: (05/16/2016 08:16:56 AM) (Source: i8042prt) (EventID: 41) (User: )
Description: Beim Aktivieren der Maus für die Informationsübertragung ist ein Fehler aufgetreten. Das Gerät wurde zurückgesetzt, um es wieder funktionstüchtig zu machen.

Error: (05/16/2016 08:16:53 AM) (Source: i8042prt) (EventID: 41) (User: )
Description: Beim Aktivieren der Maus für die Informationsübertragung ist ein Fehler aufgetreten. Das Gerät wurde zurückgesetzt, um es wieder funktionstüchtig zu machen.


CodeIntegrity:
===================================
  Date: 2016-05-16 08:24:55.146
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-05-12 08:37:29.691
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\VanessaundUwe\AppData\Local\Temp\trutil.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-05-12 08:37:29.638
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\VanessaundUwe\AppData\Local\Temp\trutil.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-05-12 08:37:26.378
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\VanessaundUwe\AppData\Local\Temp\trutil.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-05-12 08:37:26.341
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\VanessaundUwe\AppData\Local\Temp\trutil.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-05-12 08:37:15.054
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\VanessaundUwe\AppData\Local\Temp\trutil.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-05-12 07:06:31.931
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-05-11 15:07:30.556
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-05-11 15:00:11.596
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-05-11 15:00:07.685
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Speicherinformationen =========================== 

Prozessor: Intel(R) Core(TM) i3-2350M CPU @ 2.30GHz
Prozentuale Nutzung des RAM: 52%
Installierter physikalischer RAM: 4001.87 MB
Verfügbarer physikalischer RAM: 1912.75 MB
Summe virtueller Speicher: 8097.87 MB
Verfügbarer virtueller Speicher: 5262.34 MB

==================== Laufwerke ================================

Drive c: (Boot) (Fixed) (Total:394.66 GB) (Free:77.91 GB) NTFS
Drive d: (Recover) (Fixed) (Total:70 GB) (Free:40.5 GB) NTFS

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 0DA1342C)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=394.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=70 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=1 GB) - (Type=12)

==================== Ende von Addition.txt ============================

M-K-D-B · 17.05.2016, 09:37

Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen.

Bitte beachte folgende Hinweise:

Falls wir Hinweise auf illegal erworbene Software finden, werden wir den Support unterbrechen bis jegliche Art von illegaler Software vom Rechner entfernt wurde.
Lies dir die Anleitungen sorgfältig durch. Solltest du Probleme haben, stoppe mit deiner Bearbeitung und beschreibe mir dein Problem so gut es geht.
Solltest du mir nicht innerhalb von 3 Tagen antworten, gehe ich davon aus, dass du keine Hilfe mehr benötigst. Dann lösche ich dein Thema aus meinem Abo. Solltest du einmal länger abwesend sein, so gib mir bitte Bescheid!
Während der Bereinigung bitte nichts installieren oder deinstallieren, außer ich bitte dich darum!
Bitte beachten: Download bei filepony.de: So ladet Ihr unsere Tools richtig!
Alle zu verwendenen Programme sind auf dem Desktop abzuspeichern und von dort als Administrator zu starten!

Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab und poste alle Logdateien in CODE-Tags:

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert deinem Helfer massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke aauf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

Danke für deine Mitarbeit!

Zukünftig bitte beachten:

Zitat:

Gestartet von C:\Users\VanessaundUwe\Downloads

Leider hast du unsere Anleitung nicht richtig befolgt:
Bitte alle Tools direkt auf den Desktop downloaden bzw. dorthin verschieben und vom Desktop starten, da unsere Anleitungen daraufhin ausgelegt sind.
Zudem lassen sich dann am Ende der Bereinigung alle verwendeten Tools sehr einfach entfernen.
Alle Tools bis zum Ende der Bereinigung auf dem Desktop lassen, evtl. benötigen wir manche öfter.

Zur ersten Analyse bitte FRST und TDSS-Killer ausführen:

Schritt 1

Starte die FRST.exe erneut. Setze einen Haken vor Addition.txt und drücke auf Untersuchen.
FRST erstellt wieder zwei Logdateien (FRST.txt und Addition.txt).
Poste mir beide Logdateien mit deiner nächsten Antwort.

Schritt 2
Downloade dir bitte

TDSSKiller.exe und speichere diese Datei auf dem Desktop

Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
Drücke Start Scan
Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt

Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

Bitte poste mit deiner nächsten Antwort

die Logdatei von TDSS-Killer,
die beiden neuen Logdateien von FRST.

Librarios · 17.05.2016, 13:06

Hallo Matthias,

vielen Dank für die Antwort. Ich habe nun die Anweisungen befolgt (sorry für das vorherige Überlesen...). Hier also die Logfiles von FRST:

FRST:

Code:

ATTFilter

Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:14-05-2016
durchgeführt von VanessaundUwe (Administrator) auf ANUKET (17-05-2016 13:40:53)
Gestartet von C:\Users\VanessaundUwe\Desktop
Geladene Profile: UpdatusUser & VanessaundUwe (Verfügbare Profile: UpdatusUser & VanessaundUwe)
Platform: Windows 10 Home Version 1511 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: Edge)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\avp.exe
() C:\Windows\System32\FspService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\avpui.exe
(VideoLAN) C:\VLC\vlc.exe
(Spotify Ltd) C:\Users\VanessaundUwe\AppData\Roaming\Spotify\Spotify.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Spotify Ltd) C:\Users\VanessaundUwe\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe
() C:\Users\VanessaundUwe\AppData\Local\Temp\532B.tmp
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Wistron) C:\Program Files (x86)\Launch Manager\HotkeyApp.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE
(Wistron Corp.) C:\Program Files (x86)\Launch Manager\OSD.exe
(Wistron Corp.) C:\Program Files (x86)\Launch Manager\WButton.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Wistron Corp.) C:\Program Files (x86)\Launch Manager\WisLMSvc.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.325.12390.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
konnte nicht auf den Prozess zugreifen -> devmonsrv.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
konnte nicht auf den Prozess zugreifen -> devmonsrv.exe
konnte nicht auf den Prozess zugreifen -> devmonsrv.exe


==================== Registry (Nicht auf der Ausnahmeliste) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [fspuip] => C:\Program Files\FSP\fspuip.exe [6319440 2015-05-29] (Sentelic Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12681320 2011-08-26] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2277480 2011-08-16] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508240 2015-08-05] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HotkeyApp] => C:\Program Files (x86)\Launch Manager\HotkeyApp.exe [207400 2011-08-06] (Wistron)
HKLM-x32\...\Run: [LMgrVolOSD] => C:\Program Files (x86)\Launch Manager\OSD.exe [348960 2011-08-06] (Wistron Corp.)
HKLM-x32\...\Run: [Wbutton] => C:\Program Files (x86)\Launch Manager\Wbutton.exe [447016 2011-08-13] (Wistron Corp.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [TrojanScanner] => C:\Program Files (x86)\Trojan Remover\Trjscan.exe [3753016 2016-05-12] (Simply Super Software)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2663113073-2047370837-3390539344-1000\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-2663113073-2047370837-3390539344-1000\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [517632 2015-10-30] (Microsoft Corporation)
HKU\S-1-5-21-2663113073-2047370837-3390539344-1001\...\Run: [Spotify Web Helper] => C:\Users\VanessaundUwe\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1525360 2016-04-27] (Spotify Ltd)
HKU\S-1-5-21-2663113073-2047370837-3390539344-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8698584 2016-04-15] (Piriform Ltd)
HKU\S-1-5-21-2663113073-2047370837-3390539344-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4471536 2015-05-21] (Disc Soft Ltd)
HKU\S-1-5-21-2663113073-2047370837-3390539344-1001\...\Run: [Spotify] => C:\Users\VanessaundUwe\AppData\Roaming\Spotify\Spotify.exe [6890608 2016-04-27] (Spotify Ltd)
HKU\S-1-5-21-2663113073-2047370837-3390539344-1001\...\Run: [HP OfficeJet 3830 series (NET)] => C:\Program Files\HP\HP OfficeJet 3830 series\Bin\ScanToPCActivationApp.exe [3651080 2015-03-09] (Hewlett-Packard Development Company, LP)
HKU\S-1-5-21-2663113073-2047370837-3390539344-1001\...\Run: [class-2] => C:\ProgramData\class-3\class-47.exe [610960 2016-05-17] ()
HKU\S-1-5-21-2663113073-2047370837-3390539344-1001\...\RunOnce: [Uninstall C:\Users\VanessaundUwe\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\VanessaundUwe\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64"
HKU\S-1-5-21-2663113073-2047370837-3390539344-1001\...\RunOnce: [Uninstall C:\Users\VanessaundUwe\AppData\Local\Microsoft\OneDrive\17.3.5892.0626] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\VanessaundUwe\AppData\Local\Microsoft\OneDrive\17.3.5892.0626"
HKU\S-1-5-21-2663113073-2047370837-3390539344-1001\...\RunOnce: [Uninstall C:\Users\VanessaundUwe\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\VanessaundUwe\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64"
HKU\S-1-5-21-2663113073-2047370837-3390539344-1001\...\RunOnce: [Uninstall C:\Users\VanessaundUwe\AppData\Local\Microsoft\OneDrive\17.3.6281.1202] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\VanessaundUwe\AppData\Local\Microsoft\OneDrive\17.3.6281.1202"
HKU\S-1-5-21-2663113073-2047370837-3390539344-1001\...\RunOnce: [Uninstall C:\Users\VanessaundUwe\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\VanessaundUwe\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64"
HKU\S-1-5-21-2663113073-2047370837-3390539344-1001\...\RunOnce: [Uninstall C:\Users\VanessaundUwe\AppData\Local\Microsoft\OneDrive\17.3.6301.0127] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\VanessaundUwe\AppData\Local\Microsoft\OneDrive\17.3.6301.0127"
HKU\S-1-5-21-2663113073-2047370837-3390539344-1001\...\RunOnce: [bionics-5] => C:\Users\VanessaundUwe\AppData\Roaming\bionics-3\bionics-53.exe [767488 2016-05-17] ()
HKU\S-1-5-21-2663113073-2047370837-3390539344-1001\...\Winlogon: [Shell] C:\ProgramData\alkene-1\alkene-0.exe -b,explorer.exe <==== ACHTUNG
HKU\S-1-5-21-2663113073-2047370837-3390539344-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [31744 2015-10-30] (Microsoft Corporation)
AppInit_DLLs: C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [176904 2015-07-23] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [155280 2015-07-23] (NVIDIA Corporation)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-04-25] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-04-25] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-04-25] (Google)
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} =>  Keine Datei
Startup: C:\Users\VanessaundUwe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk [2016-05-04]
ShortcutTarget: An OneNote senden.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\VanessaundUwe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\scsi2-69.lnk [2016-05-17]
ShortcutTarget: scsi2-69.lnk -> C:\Users\VanessaundUwe\AppData\Roaming\scsi2-5\scsi2-3.exe (ReGet Software)

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Hosts: Es ist mehr als ein Eintrag in der Hosts Datei zu finden. Siehe Hosts-Bereich in Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{8f5df9ee-db20-4d5f-824a-44184399e846}: [DhcpNameServer] 192.168.178.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.avira.net/#web/result?source=art&q=
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.avira.net/#web/result?source=art&q=
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.avira.net/#web/result?source=art&q=
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.avira.net/#web/result?source=art&q=
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://search.avira.net/#web/result?source=art&q=
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://search.avira.net/#web/result?source=art&q=
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://search.avira.net/#web/result?source=art&q=
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://search.avira.net/#web/result?source=art&q=
HKU\S-1-5-21-2663113073-2047370837-3390539344-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/
HKU\S-1-5-21-2663113073-2047370837-3390539344-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.avira.net/#web/result?source=art&q=
HKU\S-1-5-21-2663113073-2047370837-3390539344-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://search.avira.net/#web/result?source=art&q=
HKU\S-1-5-21-2663113073-2047370837-3390539344-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://search.avira.net/#web/result?source=art&q=
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope Wert fehlt
SearchScopes: HKU\S-1-5-21-2663113073-2047370837-3390539344-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2015-10-06] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\URLREDIR.DLL [2015-10-06] (Microsoft Corporation)
BHO: Kaspersky Protection plugin -> {C66D064F-82FE-4E1A-B06A-B2490BA48B18} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\x64\IEExt\ie_plugin.dll [2015-12-08] (AO Kaspersky Lab)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2015-10-06] (Microsoft Corporation)
BHO: Kein Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> Keine Datei
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2015-10-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-23] (Oracle Corporation)
BHO-x32: Kaspersky Protection plugin -> {C66D064F-82FE-4E1A-B06A-B2490BA48B18} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\IEExt\ie_plugin.dll [2015-12-08] (AO Kaspersky Lab)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2015-10-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-23] (Oracle Corporation)
Toolbar: HKLM - Kaspersky Protection toolbar - {3507FA00-ADA2-4A02-99B9-51AD26CA9120} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\x64\IEExt\ie_plugin.dll [2015-12-08] (AO Kaspersky Lab)
Toolbar: HKLM-x32 - Kaspersky Protection toolbar - {3507FA00-ADA2-4A02-99B9-51AD26CA9120} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\IEExt\ie_plugin.dll [2015-12-08] (AO Kaspersky Lab)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2015-10-06] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2015-10-06] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2015-10-06] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2015-10-06] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\VanessaundUwe\AppData\Roaming\Mozilla\Firefox\Profiles\1llto6n5.default-1405673245214
FF Homepage: hxxp://www.google.de
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_21_0_0_242.dll [2016-05-12] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-08-06] (Adobe Systems)
FF Plugin: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll [2013-12-03] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_242.dll [2016-05-12] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-23] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-23] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-10-06] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2015-10-06] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-14] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-14] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2011-10-17] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2011-10-17] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.1 -> C:\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-05-03] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-08-06] (Adobe Systems)
FF Plugin-x32: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll [2013-12-03] (Adobe Systems)
FF Plugin HKU\S-1-5-21-2663113073-2047370837-3390539344-1001: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [Keine Datei]
FF Extension: Ebay Toolbar - C:\Users\VanessaundUwe\AppData\Roaming\Mozilla\Firefox\Profiles\1llto6n5.default-1405673245214\extensions\FFEbayShoppingToolbar@wangtom.com [2015-07-22]
FF Extension: Kaspersky Protection - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\FFExt\light_plugin_firefox [2016-04-28]
FF Extension: Avira Browser Safety - C:\Users\VanessaundUwe\AppData\Roaming\Mozilla\Firefox\Profiles\1llto6n5.default-1405673245214\Extensions\abs@avira.com [2016-05-13]
FF Extension: ADB Helper - C:\Users\VanessaundUwe\AppData\Roaming\Mozilla\Firefox\Profiles\1llto6n5.default-1405673245214\Extensions\adbhelper@mozilla.org [2016-02-06]
FF Extension: Pin It button - C:\Users\VanessaundUwe\AppData\Roaming\Mozilla\Firefox\Profiles\1llto6n5.default-1405673245214\Extensions\jid1-YcMV6ngYmQRA2w@jetpack.xpi [2016-01-07]
FF Extension: OmniSidebar - C:\Users\VanessaundUwe\AppData\Roaming\Mozilla\Firefox\Profiles\1llto6n5.default-1405673245214\Extensions\osb@quicksaver.xpi [2016-03-01]
FF Extension: Avira SafeSearch - C:\Users\VanessaundUwe\AppData\Roaming\Mozilla\Firefox\Profiles\1llto6n5.default-1405673245214\Extensions\safesearch@avira.com.xpi [2016-02-25]
FF Extension: eBay for Firefox - C:\Users\VanessaundUwe\AppData\Roaming\Mozilla\Firefox\Profiles\1llto6n5.default-1405673245214\Extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}.xpi [2016-05-03]
FF Extension: ColorZilla - C:\Users\VanessaundUwe\AppData\Roaming\Mozilla\Firefox\Profiles\1llto6n5.default-1405673245214\Extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326} [2015-09-05]
FF Extension: Video DownloadHelper - C:\Users\VanessaundUwe\AppData\Roaming\Mozilla\Firefox\Profiles\1llto6n5.default-1405673245214\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2016-05-09]
FF Extension: web_clipper - C:\Users\VanessaundUwe\AppData\Roaming\Mozilla\Firefox\Profiles\1llto6n5.default-1405673245214\Extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}.xpi [2016-04-27]
FF HKLM-x32\...\Firefox\Extensions: [light_plugin_D772DC8D6FAF43A29B25C4EBAA5AD1DE@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\FFExt\light_plugin_firefox

Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [eahebamiopdhefndnmappcihfajigkka] - hxxps://chrome.google.com/webstore/detail/eahebamiopdhefndnmappcihfajigkka
CHR HKLM-x32\...\Chrome\Extension: [eahebamiopdhefndnmappcihfajigkka] - hxxps://chrome.google.com/webstore/detail/eahebamiopdhefndnmappcihfajigkka

==================== Dienste (Nicht auf der Ausnahmeliste) ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2021592 2016-04-05] (Adobe Systems, Incorporated)
R2 AVP16.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\avp.exe [194000 2015-12-08] (Kaspersky Lab ZAO)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2776664 2015-08-16] (Microsoft Corporation)
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1272560 2015-05-21] (Disc Soft Ltd)
R2 FspSvc; C:\Windows\System32\FspService.exe [2178896 2015-05-29] ()
R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [754784 2016-01-08] (DEVGURU Co., LTD.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [Datei ist nicht signiert]
S3 vssbrigde64; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\x64\vssbridge64.exe [144640 2015-07-09] (AO Kaspersky Lab)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
R3 WisLMSvc; C:\Program Files (x86)\Launch Manager\WisLMSvc.exe [118560 2011-08-06] (Wistron Corp.)

===================== Treiber (Nicht auf der Ausnahmeliste) ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S3 btmaux; C:\Windows\System32\DRIVERS\btmaux.sys [51712 2011-03-08] (Intel Corporation) [Datei ist nicht signiert]
S3 btmhsf; C:\Windows\System32\DRIVERS\btmhsf.sys [274944 2011-03-08] (Intel Corporation) [Datei ist nicht signiert]
R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [389816 2015-07-06] (Kaspersky Lab ZAO)
R3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30264 2015-05-30] (Disc Soft Ltd)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2016-05-11] ()
R3 fspad_win764; C:\Windows\system32\DRIVERS\fspad_win764.sys [209232 2015-05-29] (Sentelic Corporation)
S3 iBtFltCoex; C:\Windows\System32\DRIVERS\iBtFltCoex.sys [59904 2011-03-23] (Intel Corporation) [Datei ist nicht signiert]
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [478392 2015-06-22] (Kaspersky Lab ZAO)
R0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [53432 2015-06-06] (Kaspersky Lab ZAO)
R1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [70512 2015-06-27] (Kaspersky Lab ZAO)
R2 kldisk; C:\Windows\system32\DRIVERS\kldisk.sys [77728 2016-04-28] (AO Kaspersky Lab)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [30328 2015-06-24] (Kaspersky Lab)
R3 klflt; C:\Windows\system32\DRIVERS\klflt.sys [181640 2015-12-08] (AO Kaspersky Lab)
R1 klhk; C:\Windows\system32\DRIVERS\klhk.sys [227512 2015-12-08] (AO Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [927640 2016-04-28] (AO Kaspersky Lab)
R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [39608 2015-06-11] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [41656 2015-06-06] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [41656 2015-06-07] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [41352 2015-12-08] (AO Kaspersky Lab)
R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [87944 2015-12-08] (Kaspersky Lab ZAO)
R1 Klwtp; C:\Windows\system32\DRIVERS\klwtp.sys [102584 2015-06-16] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [187056 2015-06-23] (Kaspersky Lab ZAO)
R3 ptun0901; C:\Windows\System32\drivers\ptun0901.sys [27136 2014-08-08] (The OpenVPN Project)
R3 RTSUER; C:\Windows\system32\Drivers\RtsUer.sys [402960 2015-05-14] (Realsil Semiconductor Corporation)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-06-21] (Anchorfree Inc.)
S3 tapoas; C:\Windows\System32\DRIVERS\tapoas.sys [30720 2012-07-15] (The OpenVPN Project)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
R2 WiseFS; C:\Windows\WiseFs64.sys [12328 2014-12-19] (WiseCleaner.com) [Datei ist nicht signiert]
U3 idsvc; kein ImagePath
U4 klkbdflt2; \SystemRoot\system32\DRIVERS\klkbdflt2.sys [X]
U3 wpcsvc; kein ImagePath

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-05-17 13:40 - 2016-05-17 13:42 - 00027851 _____ C:\Users\VanessaundUwe\Desktop\FRST.txt
2016-05-17 13:38 - 2016-05-17 13:40 - 21043711 _____ C:\Users\VanessaundUwe\Downloads\Clean Eating - June 2016.pdf
2016-05-17 13:20 - 2016-05-17 13:20 - 00000000 ____D C:\Users\VanessaundUwe\AppData\Roaming\bionics-3
2016-05-17 13:17 - 2016-05-17 13:17 - 00000000 ____D C:\ProgramData\class-3
2016-05-17 09:31 - 2016-05-17 09:31 - 00000000 ____D C:\Users\VanessaundUwe\AppData\Roaming\scsi2-5
2016-05-17 09:29 - 2016-05-17 09:29 - 00000000 ____D C:\ProgramData\alkene-1
2016-05-17 07:48 - 2016-05-17 08:07 - 89593854 _____ C:\Users\VanessaundUwe\Downloads\Vegetarian Times - June 2016.pdf
2016-05-16 09:30 - 2016-05-16 09:30 - 00062472 _____ C:\Users\VanessaundUwe\Downloads\beitrittserklaerung_2014.pdf
2016-05-16 09:06 - 2016-05-16 09:09 - 00049165 _____ C:\Users\VanessaundUwe\Downloads\Addition.txt
2016-05-16 09:03 - 2016-05-16 09:09 - 00067693 _____ C:\Users\VanessaundUwe\Downloads\FRST.txt
2016-05-16 09:01 - 2016-05-16 09:02 - 02382336 _____ (Farbar) C:\Users\VanessaundUwe\Desktop\FRST64.exe
2016-05-16 08:19 - 2016-05-16 20:16 - 00000000 ____D C:\ProgramData\ampere-61
2016-05-14 21:27 - 2016-05-15 20:25 - 00000000 ____D C:\Users\VanessaundUwe\AppData\Roaming\tempco-19
2016-05-14 10:37 - 2016-05-14 10:37 - 00000000 ___HD C:\OneDriveTemp
2016-05-12 09:38 - 2016-05-12 09:38 - 00005012 _____ C:\Users\VanessaundUwe\Documents\cc_20160512_093824.reg
2016-05-12 08:52 - 2016-05-12 08:52 - 00003008 _____ C:\EsgInstallerResumeAction
2016-05-12 08:25 - 2016-05-12 08:27 - 00000000 ____D C:\Program Files (x86)\Trojan Remover
2016-05-12 08:25 - 2016-05-12 08:25 - 00001216 _____ C:\Users\Public\Desktop\Trojan Remover.lnk
2016-05-12 08:25 - 2016-05-12 08:25 - 00000000 ____D C:\Users\VanessaundUwe\Documents\Simply Super Software
2016-05-12 08:25 - 2016-05-12 08:25 - 00000000 ____D C:\Users\VanessaundUwe\AppData\Roaming\Simply Super Software
2016-05-12 08:25 - 2016-05-12 08:25 - 00000000 ____D C:\ProgramData\Simply Super Software
2016-05-12 08:25 - 2016-05-12 08:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover
2016-05-12 07:58 - 2016-05-12 08:28 - 00000000 ____D C:\ProgramData\lvecl-80
2016-05-11 17:37 - 2016-05-11 17:37 - 00000000 ____D C:\Users\VanessaundUwe\AppData\Roaming\Enigma Software Group
2016-05-11 17:37 - 2016-05-11 17:37 - 00000000 _____ C:\autoexec.bat
2016-05-11 17:36 - 2016-05-12 08:53 - 00000000 ____D C:\Program Files\Enigma Software Group
2016-05-11 17:36 - 2016-05-11 17:36 - 00022704 _____ C:\WINDOWS\system32\Drivers\EsgScanner.sys
2016-05-11 17:36 - 2016-05-11 17:36 - 00000000 ____D C:\sh4ldr
2016-05-11 13:10 - 2016-04-23 06:28 - 16984576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-05-11 13:10 - 2016-04-23 06:26 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosStorage.dll
2016-05-11 13:10 - 2016-04-23 06:25 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll
2016-05-11 13:10 - 2016-04-23 06:22 - 00460800 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2016-05-11 13:10 - 2016-04-23 06:19 - 01056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2016-05-11 13:10 - 2016-04-23 06:19 - 00853504 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2016-05-11 13:10 - 2016-04-23 06:18 - 00349696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2016-05-11 13:10 - 2016-04-23 06:16 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2016-05-11 13:10 - 2016-04-23 06:13 - 07200256 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2016-05-11 13:10 - 2016-04-23 06:07 - 05205504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2016-05-11 13:09 - 2016-04-23 07:09 - 22561256 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-05-11 13:09 - 2016-04-23 07:09 - 21123320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-05-11 13:09 - 2016-04-23 07:08 - 06605504 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2016-05-11 13:09 - 2016-04-23 06:31 - 13018112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-05-11 13:09 - 2016-04-23 06:30 - 22379008 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-05-11 13:09 - 2016-04-23 06:23 - 11545088 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-05-11 13:09 - 2016-04-23 06:22 - 09918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-05-11 13:09 - 2016-04-23 06:20 - 19344384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-05-11 13:09 - 2016-04-23 06:20 - 18676224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-05-11 13:09 - 2016-04-23 06:19 - 07977472 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2016-05-11 13:09 - 2016-04-23 06:19 - 00970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2016-05-11 13:09 - 2016-04-23 06:19 - 00440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
2016-05-11 13:09 - 2016-04-23 06:18 - 24604672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-05-11 13:09 - 2016-04-23 06:18 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2016-05-11 13:09 - 2016-04-23 06:18 - 00939520 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2016-05-11 13:09 - 2016-04-23 06:18 - 00870400 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2016-05-11 13:09 - 2016-04-23 06:15 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2016-05-11 13:09 - 2016-04-23 06:15 - 00784896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
2016-05-11 13:09 - 2016-04-23 06:15 - 00348672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll
2016-05-11 13:09 - 2016-04-23 06:14 - 13383168 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-05-11 13:09 - 2016-04-23 06:14 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2016-05-11 13:09 - 2016-04-23 06:13 - 06295552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2016-05-11 13:09 - 2016-04-23 06:06 - 06974464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-05-11 13:09 - 2016-04-23 06:02 - 07832576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-05-11 13:08 - 2016-04-30 08:42 - 01387520 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-05-11 13:08 - 2016-04-30 08:31 - 03591168 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-05-11 13:08 - 2016-04-23 08:12 - 01401024 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-05-11 13:08 - 2016-04-23 08:12 - 01184960 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-05-11 13:08 - 2016-04-23 08:12 - 00713920 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2016-05-11 13:08 - 2016-04-23 08:12 - 00514752 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-05-11 13:08 - 2016-04-23 08:12 - 00294592 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-05-11 13:08 - 2016-04-23 08:12 - 00190144 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2016-05-11 13:08 - 2016-04-23 08:12 - 00046784 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2016-05-11 13:08 - 2016-04-23 07:28 - 01557768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2016-05-11 13:08 - 2016-04-23 07:28 - 01542816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2016-05-11 13:08 - 2016-04-23 07:24 - 07474528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-05-11 13:08 - 2016-04-23 07:24 - 01997328 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2016-05-11 13:08 - 2016-04-23 07:24 - 01819208 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-05-11 13:08 - 2016-04-23 07:24 - 00754664 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2016-05-11 13:08 - 2016-04-23 07:12 - 00925064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2016-05-11 13:08 - 2016-04-23 07:12 - 00451928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll
2016-05-11 13:08 - 2016-04-23 07:12 - 00413536 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifitask.exe
2016-05-11 13:08 - 2016-04-23 07:11 - 01092464 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2016-05-11 13:08 - 2016-04-23 07:11 - 00498960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2016-05-11 13:08 - 2016-04-23 07:10 - 03673424 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-05-11 13:08 - 2016-04-23 07:10 - 02919832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-05-11 13:08 - 2016-04-23 07:09 - 05240960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2016-05-11 13:08 - 2016-04-23 07:09 - 04074160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2016-05-11 13:08 - 2016-04-23 07:09 - 00303216 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe
2016-05-11 13:08 - 2016-04-23 07:09 - 00255168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe
2016-05-11 13:08 - 2016-04-23 07:08 - 04515256 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2016-05-11 13:08 - 2016-04-23 07:01 - 01996640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-05-11 13:08 - 2016-04-23 07:01 - 00650304 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2016-05-11 13:08 - 2016-04-23 07:01 - 00577368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-05-11 13:08 - 2016-04-23 07:01 - 00522176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2016-05-11 13:08 - 2016-04-23 07:00 - 01372304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2016-05-11 13:08 - 2016-04-23 06:39 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsCSP.dll
2016-05-11 13:08 - 2016-04-23 06:32 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapsupdatetask.dll
2016-05-11 13:08 - 2016-04-23 06:31 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll
2016-05-11 13:08 - 2016-04-23 06:30 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2016-05-11 13:08 - 2016-04-23 06:29 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll
2016-05-11 13:08 - 2016-04-23 06:26 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2016-05-11 13:08 - 2016-04-23 06:24 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2016-05-11 13:08 - 2016-04-23 06:21 - 00314880 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
2016-05-11 13:08 - 2016-04-23 06:20 - 00606720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2016-05-11 13:08 - 2016-04-23 06:18 - 00804352 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2016-05-11 13:08 - 2016-04-23 06:18 - 00605184 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2016-05-11 13:08 - 2016-04-23 06:18 - 00585728 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2016-05-11 13:08 - 2016-04-23 06:18 - 00471552 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2016-05-11 13:08 - 2016-04-23 06:17 - 01213440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2016-05-11 13:08 - 2016-04-23 06:17 - 00529920 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2016-05-11 13:08 - 2016-04-23 06:16 - 01319424 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2016-05-11 13:08 - 2016-04-23 06:16 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2016-05-11 13:08 - 2016-04-23 06:15 - 01073152 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2016-05-11 13:08 - 2016-04-23 06:15 - 00865792 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2016-05-11 13:08 - 2016-04-23 06:15 - 00673280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2016-05-11 13:08 - 2016-04-23 06:14 - 00870912 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2016-05-11 13:08 - 2016-04-23 06:14 - 00821760 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2016-05-11 13:08 - 2016-04-23 06:14 - 00647680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2016-05-11 13:08 - 2016-04-23 06:14 - 00354304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
2016-05-11 13:08 - 2016-04-23 06:13 - 00705536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2016-05-11 13:08 - 2016-04-23 06:13 - 00489984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2016-05-11 13:08 - 2016-04-23 06:13 - 00434688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2016-05-11 13:08 - 2016-04-23 06:10 - 12125696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-05-11 13:08 - 2016-04-23 06:10 - 00639488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2016-05-11 13:08 - 2016-04-23 06:09 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-05-11 13:08 - 2016-04-23 06:09 - 02582016 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2016-05-11 13:08 - 2016-04-23 06:08 - 05324288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2016-05-11 13:08 - 2016-04-23 06:08 - 02061824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2016-05-11 13:08 - 2016-04-23 06:07 - 02598912 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2016-05-11 13:08 - 2016-04-23 06:07 - 01500160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-05-11 13:08 - 2016-04-23 06:05 - 05502976 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2016-05-11 13:08 - 2016-04-23 06:05 - 02166784 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-05-11 13:08 - 2016-04-23 06:05 - 02066432 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2016-05-11 13:08 - 2016-04-23 06:05 - 01946112 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2016-05-11 13:08 - 2016-04-23 06:05 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2016-05-11 13:08 - 2016-04-23 06:05 - 00613376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
2016-05-11 13:08 - 2016-04-23 06:04 - 04759040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2016-05-11 13:08 - 2016-04-23 06:04 - 01731072 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-05-11 13:08 - 2016-04-23 06:03 - 05660160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-05-11 13:08 - 2016-04-23 06:03 - 04894208 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-05-11 13:08 - 2016-04-23 06:03 - 02280960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-05-11 13:08 - 2016-04-23 06:03 - 02000896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2016-05-11 13:08 - 2016-04-23 06:03 - 00754176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2016-05-11 13:08 - 2016-04-23 06:02 - 02444288 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2016-05-11 13:08 - 2016-04-23 06:00 - 01390080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-05-11 13:08 - 2016-04-23 06:00 - 00984576 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2016-05-11 13:07 - 2016-05-06 06:53 - 00095072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdport.sys
2016-05-11 13:07 - 2016-05-06 06:05 - 00241664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll
2016-05-11 13:07 - 2016-05-06 06:03 - 00649216 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2016-05-11 13:07 - 2016-05-06 05:53 - 00351232 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnr.dll
2016-05-11 13:07 - 2016-05-06 05:49 - 00289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnrSvc.dll
2016-05-11 13:07 - 2016-05-06 05:44 - 00582656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngccredprov.dll
2016-05-11 13:07 - 2016-05-06 05:43 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll
2016-05-11 13:07 - 2016-05-06 05:23 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcpopkeysrv.dll
2016-05-11 13:07 - 2016-04-23 08:12 - 00092352 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-05-11 13:07 - 2016-04-23 07:26 - 00707608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2016-05-11 13:07 - 2016-04-23 07:24 - 00638816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2016-05-11 13:07 - 2016-04-23 07:24 - 00335712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
2016-05-11 13:07 - 2016-04-23 07:24 - 00099680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2016-05-11 13:07 - 2016-04-23 07:22 - 01161120 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2016-05-11 13:07 - 2016-04-23 07:18 - 00026408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2016-05-11 13:07 - 2016-04-23 07:13 - 00502104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2016-05-11 13:07 - 2016-04-23 07:13 - 00306832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanapi.dll
2016-05-11 13:07 - 2016-04-23 07:13 - 00084832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2016-05-11 13:07 - 2016-04-23 07:11 - 00696672 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2016-05-11 13:07 - 2016-04-23 07:11 - 00390496 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll
2016-05-11 13:07 - 2016-04-23 07:11 - 00131424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ufxsynopsys.sys
2016-05-11 13:07 - 2016-04-23 07:11 - 00115040 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2016-05-11 13:07 - 2016-04-23 07:10 - 00330072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2016-05-11 13:07 - 2016-04-23 07:09 - 00569744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll
2016-05-11 13:07 - 2016-04-23 07:09 - 00565600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2016-05-11 13:07 - 2016-04-23 07:09 - 00465760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2016-05-11 13:07 - 2016-04-23 07:08 - 00725776 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll
2016-05-11 13:07 - 2016-04-23 07:07 - 01848072 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2016-05-11 13:07 - 2016-04-23 07:07 - 01536088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2016-05-11 13:07 - 2016-04-23 07:07 - 00204048 _____ (Microsoft Corporation) C:\WINDOWS\system32\rsaenh.dll
2016-05-11 13:07 - 2016-04-23 07:07 - 00183904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rsaenh.dll
2016-05-11 13:07 - 2016-04-23 07:06 - 00291360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininit.exe
2016-05-11 13:07 - 2016-04-23 07:02 - 00188256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2016-05-11 13:07 - 2016-04-23 07:01 - 00619296 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10level9.dll
2016-05-11 13:07 - 2016-04-23 07:01 - 00513368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10level9.dll
2016-05-11 13:07 - 2016-04-23 07:01 - 00393568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2016-05-11 13:07 - 2016-04-23 07:01 - 00217440 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2016-05-11 13:07 - 2016-04-23 07:00 - 01776768 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2016-05-11 13:07 - 2016-04-23 07:00 - 01594920 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2016-05-11 13:07 - 2016-04-23 07:00 - 01522152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2016-05-11 13:07 - 2016-04-23 07:00 - 01399224 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2016-05-11 13:07 - 2016-04-23 07:00 - 01337240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2016-05-11 13:07 - 2016-04-23 07:00 - 00550656 _____ (Microsoft Corporation) C:\WINDOWS\system32\directmanipulation.dll
2016-05-11 13:07 - 2016-04-23 07:00 - 00453472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\directmanipulation.dll
2016-05-11 13:07 - 2016-04-23 07:00 - 00058208 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwminit.dll
2016-05-11 13:07 - 2016-04-23 06:56 - 00534872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2016-05-11 13:07 - 2016-04-23 06:35 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosHostClient.dll
2016-05-11 13:07 - 2016-04-23 06:34 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbser.sys
2016-05-11 13:07 - 2016-04-23 06:34 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\hmkd.dll
2016-05-11 13:07 - 2016-04-23 06:34 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2016-05-11 13:07 - 2016-04-23 06:33 - 00089600 _____ (Microsoft Corporation) C:\WINDOWS\system32\NFCProvisioningPlugin.dll
2016-05-11 13:07 - 2016-04-23 06:33 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshbth.dll
2016-05-11 13:07 - 2016-04-23 06:33 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmCx.sys
2016-05-11 13:07 - 2016-04-23 06:33 - 00038400 _____ (Microsoft Corporation) C:\WINDOWS\system32\ByteCodeGenerator.exe
2016-05-11 13:07 - 2016-04-23 06:32 - 00134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wificonnapi.dll
2016-05-11 13:07 - 2016-04-23 06:32 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseDesktopAppMgmtCSP.dll
2016-05-11 13:07 - 2016-04-23 06:30 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosHostClient.dll
2016-05-11 13:07 - 2016-04-23 06:29 - 00192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
2016-05-11 13:07 - 2016-04-23 06:29 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll
2016-05-11 13:07 - 2016-04-23 06:29 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\filecrypt.sys
2016-05-11 13:07 - 2016-04-23 06:29 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe
2016-05-11 13:07 - 2016-04-23 06:29 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hmkd.dll
2016-05-11 13:07 - 2016-04-23 06:29 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ByteCodeGenerator.exe
2016-05-11 13:07 - 2016-04-23 06:29 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2016-05-11 13:07 - 2016-04-23 06:28 - 00130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudDomainJoinDataModelServer.dll
2016-05-11 13:07 - 2016-04-23 06:28 - 00127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEDataLayerHelpers.dll
2016-05-11 13:07 - 2016-04-23 06:28 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll
2016-05-11 13:07 - 2016-04-23 06:28 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2016-05-11 13:07 - 2016-04-23 06:28 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshbth.dll
2016-05-11 13:07 - 2016-04-23 06:27 - 00155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidclass.sys
2016-05-11 13:07 - 2016-04-23 06:27 - 00039424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wfdprov.dll
2016-05-11 13:07 - 2016-04-23 06:26 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdbusenum.dll
2016-05-11 13:07 - 2016-04-23 06:25 - 00630784 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll
2016-05-11 13:07 - 2016-04-23 06:25 - 00617984 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2016-05-11 13:07 - 2016-04-23 06:25 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2016-05-11 13:07 - 2016-04-23 06:25 - 00207360 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2016-05-11 13:07 - 2016-04-23 06:24 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-05-11 13:07 - 2016-04-23 06:24 - 00292864 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2016-05-11 13:07 - 2016-04-23 06:24 - 00287232 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll
2016-05-11 13:07 - 2016-04-23 06:24 - 00181248 _____ (Microsoft Corporation) C:\WINDOWS\system32\shacct.dll
2016-05-11 13:07 - 2016-04-23 06:24 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\SubscriptionMgr.dll
2016-05-11 13:07 - 2016-04-23 06:24 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEDataLayerHelpers.dll
2016-05-11 13:07 - 2016-04-23 06:23 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2016-05-11 13:07 - 2016-04-23 06:23 - 00279040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ListSvc.dll
2016-05-11 13:07 - 2016-04-23 06:23 - 00179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\BrowserSettingSync.dll
2016-05-11 13:07 - 2016-04-23 06:23 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BluetoothApis.dll
2016-05-11 13:07 - 2016-04-23 06:22 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll
2016-05-11 13:07 - 2016-04-23 06:21 - 00479232 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2016-05-11 13:07 - 2016-04-23 06:20 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2016-05-11 13:07 - 2016-04-23 06:20 - 00484352 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataSenseHandlers.dll
2016-05-11 13:07 - 2016-04-23 06:20 - 00356864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2016-05-11 13:07 - 2016-04-23 06:20 - 00307200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2016-05-11 13:07 - 2016-04-23 06:20 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shacct.dll
2016-05-11 13:07 - 2016-04-23 06:19 - 00395264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlansec.dll
2016-05-11 13:07 - 2016-04-23 06:19 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BrowserSettingSync.dll
2016-05-11 13:07 - 2016-04-23 06:18 - 00988672 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2016-05-11 13:07 - 2016-04-23 06:18 - 00515072 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2016-05-11 13:07 - 2016-04-23 06:18 - 00436736 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2016-05-11 13:07 - 2016-04-23 06:18 - 00219648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2016-05-11 13:07 - 2016-04-23 06:17 - 00388608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2016-05-11 13:07 - 2016-04-23 06:17 - 00337920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanmsm.dll
2016-05-11 13:07 - 2016-04-23 06:15 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2016-05-11 13:07 - 2016-04-23 06:14 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2016-05-11 13:07 - 2016-04-23 06:14 - 00342528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2016-05-11 13:07 - 2016-04-23 06:12 - 00667648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2016-05-11 13:07 - 2016-04-23 06:07 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2016-05-11 13:07 - 2016-04-23 06:05 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2016-05-11 13:07 - 2016-04-23 06:05 - 00103936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2016-05-11 13:07 - 2016-04-23 06:03 - 02193408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2016-05-11 13:07 - 2016-04-23 06:03 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll
2016-05-11 13:07 - 2016-04-23 06:01 - 04775424 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2016-05-11 13:07 - 2016-04-23 05:45 - 00461824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2016-05-11 13:07 - 2016-04-23 04:10 - 00215040 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2016-05-11 13:07 - 2016-04-23 04:10 - 00002186 _____ C:\WINDOWS\system32\AppxProvisioning.xml
2016-05-11 13:07 - 2016-04-19 00:30 - 00002186 _____ C:\WINDOWS\SysWOW64\AppxProvisioning.xml
2016-05-10 00:01 - 2016-05-17 13:40 - 00000000 ____D C:\FRST
2016-05-09 22:54 - 2016-05-09 22:55 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-05-09 22:54 - 2016-05-09 22:54 - 00001179 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2016-05-09 22:54 - 2016-05-09 22:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2016-05-09 22:54 - 2016-05-09 22:54 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-05-09 22:54 - 2016-05-09 22:54 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2016-05-09 22:54 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-05-09 22:54 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-05-09 22:54 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-05-07 18:11 - 2016-05-09 11:23 - 00000000 ____D C:\Users\VanessaundUwe\AppData\Roaming\taper-46
2016-05-07 10:44 - 2016-05-07 10:44 - 00000000 ____D C:\Users\VanessaundUwe\AppData\Roaming\dvdcss
2016-05-06 17:29 - 2016-05-09 10:43 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-05-03 13:33 - 2016-05-03 13:33 - 00007698 _____ C:\Users\VanessaundUwe\Documents\cc_20160503_133300.reg
2016-04-28 09:48 - 2016-04-28 09:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Anti-Virus
2016-04-28 09:47 - 2013-05-06 08:13 - 00110176 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\klfphc.dll
2016-04-28 09:46 - 2016-05-17 13:27 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2016-04-28 09:46 - 2016-04-28 10:01 - 00927640 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klif.sys
2016-04-28 09:46 - 2016-04-28 09:46 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab
2016-04-28 09:46 - 2015-12-08 21:34 - 00227512 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klhk.sys
2016-04-28 09:46 - 2015-12-08 21:34 - 00181640 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klflt.sys
2016-04-27 08:03 - 2016-04-27 13:13 - 00000000 ____D C:\Users\VanessaundUwe\AppData\Roaming\floating-38
2016-04-25 17:30 - 2016-04-26 11:11 - 00000000 ____D C:\Users\VanessaundUwe\AppData\Roaming\circle-9
2016-04-24 12:32 - 2016-04-24 12:36 - 00000000 ____D C:\Users\VanessaundUwe\Desktop\Fotos bearbeitet
2016-04-22 22:27 - 2016-04-23 10:14 - 00000000 ____D C:\Users\VanessaundUwe\AppData\Roaming\pfmea-6
2016-04-20 23:23 - 2016-04-20 23:23 - 00051038 _____ C:\Users\VanessaundUwe\Documents\cc_20160420_232306.reg
2016-04-17 21:39 - 2016-04-18 10:48 - 00000000 ____D C:\Users\VanessaundUwe\AppData\Roaming\median-50

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-05-17 13:38 - 2012-05-19 17:55 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-05-17 13:38 - 2012-05-18 21:32 - 00001132 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-05-17 13:29 - 2015-10-06 17:46 - 00000000 ____D C:\Users\VanessaundUwe\Documents\Outlook-Dateien
2016-05-17 09:33 - 2015-12-22 19:03 - 00000000 ____D C:\Users\VanessaundUwe\AppData\Local\Packages
2016-05-17 09:33 - 2015-10-30 09:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-05-17 09:33 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-05-17 09:16 - 2016-01-12 00:55 - 00004170 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{988C203C-45F5-47BA-B287-812777036600}
2016-05-17 08:35 - 2016-03-22 23:08 - 01014796 _____ C:\Users\VanessaundUwe\Downloads\Kultur ab Januar 2015.xlsx
2016-05-17 07:43 - 2014-07-09 12:42 - 00000000 ____D C:\Users\VanessaundUwe\AppData\Local\Adobe
2016-05-16 21:22 - 2015-12-03 19:13 - 00000000 ____D C:\Users\VanessaundUwe\Downloads\2016
2016-05-16 09:57 - 2014-07-24 12:52 - 00000000 ____D C:\Users\VanessaundUwe\AppData\Local\Spotify
2016-05-16 09:57 - 2014-07-24 12:50 - 00000000 ____D C:\Users\VanessaundUwe\AppData\Roaming\Spotify
2016-05-16 08:17 - 2015-12-22 17:00 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-05-16 08:17 - 2015-12-22 16:27 - 00000000 ____D C:\ProgramData\NVIDIA
2016-05-15 21:09 - 2015-10-30 09:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-05-15 20:24 - 2015-12-22 16:33 - 00000000 ____D C:\Users\UpdatusUser
2016-05-15 20:24 - 2015-10-06 17:37 - 00000000 ___RD C:\Users\VanessaundUwe\OneDrive
2016-05-15 20:21 - 2015-12-22 16:33 - 00000000 ____D C:\Users\VanessaundUwe
2016-05-13 23:59 - 2012-06-17 14:32 - 00000000 ____D C:\Users\VanessaundUwe\AppData\Roaming\vlc
2016-05-13 12:55 - 2016-01-14 15:43 - 00003972 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2016-05-13 12:55 - 2015-11-04 12:37 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-05-13 10:16 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\rescache
2016-05-12 19:59 - 2011-10-27 22:02 - 00000000 ____D C:\ProgramData\Temp
2016-05-12 08:52 - 2015-10-30 08:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2016-05-11 21:57 - 2015-10-30 09:26 - 00829944 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-05-11 21:57 - 2015-10-30 09:26 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-05-11 20:24 - 2015-10-30 09:21 - 00000000 ____D C:\WINDOWS\INF
2016-05-11 17:11 - 2015-12-22 19:03 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-05-11 15:01 - 2015-10-30 20:44 - 00000000 ____D C:\Program Files\Windows Journal
2016-05-11 15:01 - 2015-10-30 09:24 - 00015703 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
2016-05-11 15:01 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-05-11 15:01 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-05-11 15:01 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\Provisioning
2016-05-11 15:01 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-05-11 15:00 - 2015-10-06 16:05 - 00000000 ____D C:\Users\VanessaundUwe\AppData\Local\JDownloader 2.0
2016-05-11 14:32 - 2013-08-15 19:38 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-05-11 14:16 - 2011-10-27 23:06 - 139319312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-05-11 12:33 - 2016-02-02 19:15 - 00003988 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore1d12f5fdf08843e
2016-05-11 12:33 - 2015-12-05 15:21 - 00001128 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d12f5fdf08843e.job
2016-05-11 12:33 - 2012-05-18 21:32 - 00004190 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-05-10 07:58 - 2016-01-18 19:53 - 00000000 ____D C:\Program Files\KMSpico
2016-05-09 23:46 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\Globalization
2016-05-09 22:45 - 2014-07-18 10:33 - 00000000 ____D C:\AdwCleaner
2016-05-09 10:43 - 2012-05-19 17:22 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-05-07 10:43 - 2015-09-04 18:23 - 00000867 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-05-03 13:33 - 2014-08-08 08:13 - 00000000 ____D C:\ProgramData\Package Cache
2016-05-03 13:31 - 2015-12-22 20:53 - 00000000 ____D C:\Users\VanessaundUwe\AppData\Roaming\uTorrent
2016-04-30 15:51 - 2015-07-25 13:09 - 00000000 ____D C:\Users\VanessaundUwe\Downloads\Books
2016-04-28 14:21 - 2013-01-24 18:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2016-04-28 12:55 - 2015-12-22 16:31 - 02086168 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-04-28 12:55 - 2015-10-30 20:35 - 00889404 _____ C:\WINDOWS\system32\perfh007.dat
2016-04-28 12:55 - 2015-10-30 20:35 - 00197452 _____ C:\WINDOWS\system32\perfc007.dat
2016-04-28 10:15 - 2012-10-24 13:15 - 00000000 ____D C:\Program Files (x86)\Avira
2016-04-28 10:01 - 2015-06-06 08:51 - 00077728 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\kldisk.sys
2016-04-28 09:48 - 2015-10-30 08:28 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2016-04-28 09:47 - 2015-10-30 09:24 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2016-04-28 09:46 - 2009-07-14 05:20 - 00000000 ____D C:\Users\Default.migrated
2016-04-28 09:42 - 2012-10-24 13:20 - 00000000 ____D C:\Users\VanessaundUwe\AppData\Roaming\Avira
2016-04-28 09:42 - 2012-10-24 13:15 - 00000000 ____D C:\ProgramData\Avira
2016-04-26 11:02 - 2015-12-22 19:12 - 00002451 _____ C:\Users\VanessaundUwe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-04-25 17:44 - 2014-11-01 17:41 - 00000000 ____D C:\Users\VanessaundUwe\Downloads\Noch schauen
2016-04-23 17:11 - 2015-12-22 19:42 - 00000000 ____D C:\Users\VanessaundUwe\AppData\Local\Comms
2016-04-22 09:57 - 2010-11-21 05:27 - 00453288 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2016-04-20 10:55 - 2014-12-02 13:40 - 00000000 ____D C:\Users\VanessaundUwe\Downloads\Zeitschriften 2015

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2013-11-23 21:03 - 2013-11-23 21:09 - 0000132 _____ () C:\Users\VanessaundUwe\AppData\Roaming\Adobe CS6-GIF-Format - Voreinstellungen
2013-11-28 18:53 - 2014-03-25 16:16 - 0000132 _____ () C:\Users\VanessaundUwe\AppData\Roaming\Adobe CS6-PNG-Format - Voreinstellungen
2012-06-28 17:26 - 2013-05-09 15:16 - 0009216 _____ () C:\Users\VanessaundUwe\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-07-10 18:45 - 2013-07-10 18:45 - 0000893 _____ () C:\Users\VanessaundUwe\AppData\Local\recently-used.xbel
2012-05-19 10:07 - 2012-05-19 10:07 - 0017408 _____ () C:\Users\VanessaundUwe\AppData\Local\WebpageIcons.db
2013-02-05 20:42 - 2013-03-29 14:28 - 0000032 _____ () C:\ProgramData\aceg.ini
2016-01-12 00:45 - 2016-01-12 00:45 - 0000057 _____ () C:\ProgramData\Ament.ini

Einige Dateien in TEMP:
====================
C:\Users\VanessaundUwe\AppData\Local\Temp\libeay32.dll
C:\Users\VanessaundUwe\AppData\Local\Temp\msvcr120.dll
C:\Users\VanessaundUwe\AppData\Local\Temp\proxy_vole1240164018422986414.dll
C:\Users\VanessaundUwe\AppData\Local\Temp\proxy_vole4915313268689617003.dll
C:\Users\VanessaundUwe\AppData\Local\Temp\proxy_vole5037268272556858600.dll
C:\Users\VanessaundUwe\AppData\Local\Temp\proxy_vole5466512398401284336.dll
C:\Users\VanessaundUwe\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert


LastRegBack: 2016-05-14 14:42

==================== Ende von FRST.txt ============================

Addition:

Code:

ATTFilter

Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:14-05-2016
durchgeführt von VanessaundUwe (2016-05-17 13:43:46)
Gestartet von C:\Users\VanessaundUwe\Desktop
Windows 10 Home Version 1511 (X64) (2015-12-22 17:01:42)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-2663113073-2047370837-3390539344-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2663113073-2047370837-3390539344-503 - Limited - Disabled)
Gast (S-1-5-21-2663113073-2047370837-3390539344-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2663113073-2047370837-3390539344-1003 - Limited - Enabled)
UpdatusUser (S-1-5-21-2663113073-2047370837-3390539344-1000 - Limited - Enabled) => C:\Users\UpdatusUser
VanessaundUwe (S-1-5-21-2663113073-2047370837-3390539344-1001 - Administrator - Enabled) => C:\Users\VanessaundUwe

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Kaspersky Anti-Virus (Enabled - Up to date) {86367591-4BE4-AE08-2FD9-7FCB8259CD98}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Kaspersky Anti-Virus (Enabled - Up to date) {3D579475-6DDE-A186-1569-44B9F9DE8725}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Anti-Virus (Disabled) {BE0DF4B4-018B-AF50-0486-D6FE7C8A8AE3}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

µTorrent (HKU\S-1-5-21-2663113073-2047370837-3390539344-1001\...\uTorrent) (Version: 3.4.6.42094 - BitTorrent Inc.)
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.016.20039 - Adobe Systems Incorporated)
Adobe Digital Editions 2.0 (HKLM-x32\...\Adobe Digital Editions 2.0) (Version: 2.0 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.242 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
calibre (HKLM-x32\...\{49FA2A5C-8FC3-4BD0-A244-CA01A9250E55}) (Version: 2.50.1 - Kovid Goyal)
CCleaner (HKLM\...\CCleaner) (Version: 5.17 - Piriform)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.0.0.0054 - Disc Soft Ltd)
ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 17.1.18829 - Landesfinanzdirektion Thüringen)
FileZilla Client 3.10.3 (HKLM-x32\...\FileZilla Client) (Version: 3.10.3 - Tim Kosse)
Finger Sensing Pad Driver (HKLM\...\{E86906FF-C63D-4EAF-ACE7-5F8D55FBEA9A}) (Version: 9.4.9.5 - Sentelic)
FormatFactory 3.3.5.0 (HKLM-x32\...\FormatFactory) (Version: 3.3.5.0 - Format Factory)
Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Google Drive (HKLM-x32\...\{D7269C20-B3CE-4CD0-8E88-3D307D3BD41A}) (Version: 1.29.2074.1528 - Google, Inc.)
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
HP Dropbox Plugin (HKLM-x32\...\{45B18FC7-3ECE-4F2B-99A8-370886AB8238}) (Version: 36.0.31.53050 - Hewlett-Packard Co.)
HP Google Drive Plugin (HKLM-x32\...\{1502BB1F-7870-4DC9-9178-65CFE00D070C}) (Version: 36.0.31.53050 - Hewlett-Packard Co.)
HP OfficeJet 3830 series - Grundlegende Software für das Gerät (HKLM\...\{DCCF150E-E0CA-4C1E-BD81-207DB6BE2A86}) (Version: 36.0.72.54013 - Hewlett-Packard Co.)
HP OfficeJet 3830 series Hilfe (HKLM-x32\...\{99C52AB4-FBA3-4C12-9AC3-B19A3421EB96}) (Version: 35.0.0 - Hewlett Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.9572 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
Intel PROSet Wireless (x32 Version:  - ) Hidden
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2538 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{006B5C65-3938-4246-B182-994A7E415EDE}) (Version: 1.1.0.0537 - Intel Corporation)
Intel(R) WiDi (HKLM-x32\...\{E1B934BB-6AFA-429F-98E4-76F9CBC72BF6}) (Version: 2.2.14.0 - Intel Corporation)
Intel(R) Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version:  - )
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.32 - Irfan Skiljan)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kaspersky Anti-Virus (HKLM-x32\...\InstallWIX_{77E7AE5C-181C-4CAF-ADBF-946F11C1CE26}) (Version: 16.0.0.614 - Kaspersky Lab)
Kaspersky Anti-Virus (x32 Version: 16.0.0.614 - Kaspersky Lab) Hidden
LameXP v4.07 (HKLM-x32\...\{FBD7A67D-D700-4043-B54F-DD106D00F308}) (Version: 4.07 Final-1 [Build #1286] - LoRd_MuldeR <mulder2@gmx.de>)
Launch Manager (HKLM-x32\...\{D0846526-66DD-4DC9-A02C-98F9A2806812}) (Version: 1.5.1.4 - Wistron Corp.)
Lumia UEFI Blue Driver (HKLM-x32\...\{D6EEB835-5BBF-4F6B-8382-1681148D7771}) (Version: 1.1.8.1448 - Nokia)
Malwarebytes Anti-Malware Version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft Office Professional Plus 2016 - de-de (HKLM\...\ProPlusRetail - de-de) (Version: 16.0.4266.1003 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft_VC100_CRT_x86 (HKLM-x32\...\{6FDDB201-2CA0-42BD-973F-7B2C4A61EA3F}) (Version: 1.0.0 - Microsoft)
Mozilla Firefox 46.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 46.0.1 (x86 de)) (Version: 46.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 46.0.1.5966 - Mozilla)
NVIDIA 3D Vision Driver 285.64 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 285.64 - NVIDIA Corporation)
NVIDIA Graphics Driver 285.64 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 285.64 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}) (Version: 9.10.0513 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.4266.1003 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.4266.1003 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.4266.1003 - Microsoft Corporation) Hidden
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Pošta Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6449 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Reader Driver (HKLM-x32\...\{62BBB2F0-E220-4821-A564-730807D2C34D}) (Version: 6.1.7600.10010 - Realtek Semiconductor Corp.)
Remote Control Input Device Registry Key (HKLM-x32\...\{91EB0B20-08B0-4905-88FB-020952B9979F}) (Version: 1.1.0.0.081231 - Chicony)
Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.16011.2 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (x32 Version: 3.2.16011.2 - Samsung Electronics Co., Ltd.) Hidden
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.59.0 - Samsung Electronics Co., Ltd.)
Shape Collage (HKLM-x32\...\ShapeCollage) (Version:  - Shape Collage Inc.)
Smart Switch (HKLM-x32\...\InstallShield_{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}) (Version: 4.1.16021.15 - Samsung Electronics Co., Ltd.)
Smart Switch (x32 Version: 4.1.16021.15 - Samsung Electronics Co., Ltd.) Hidden
Spelling Dictionaries Support For Adobe Reader X (HKLM-x32\...\{AC76BA86-7AD7-5464-3428-A00000000004}) (Version: 10.0.0 - Adobe Systems Incorporated)
Spotify (HKU\S-1-5-21-2663113073-2047370837-3390539344-1001\...\Spotify) (Version: 1.0.28.87.g8f9312a4 - Spotify AB)
SpyHunter 4 (HKLM-x32\...\SpyHunter) (Version: 4.22.8.4668 - Enigma Software Group, LLC)
Studie zur Verbesserung von HP OfficeJet 3830 series (HKLM\...\{0BE77456-9F9E-41FA-8914-01940B20AEA8}) (Version: 36.0.72.54013 - Hewlett-Packard Co.)
TI USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5C677DD3-45D9-4B10-8591-5F8CEA76BAE0}) (Version: 1.12.16 - Texas Instruments Inc.)
TI USB3 Host Driver (x32 Version: 1.12.16 - Texas Instruments Inc.) Hidden
Trojan Remover 6.9.3 (HKLM-x32\...\Trojan Remover_is1) (Version: 6.9.3 - Simply Super Software)
Turbo Lister 2 (HKLM-x32\...\{8927E07C-97F7-4A54-88FB-D976F50DD46E}) (Version: 2.00.0000 - eBay Inc.)
Versandhelfer (HKLM-x32\...\dpdhl.versandhelfer.medionlap.CDA82DC3FEDD13302C6424313D9A2999F162D21A.1) (Version: 0.9.511 - Deutsche Post AG)
Versandhelfer (x32 Version: 0.9.511 - Deutsche Post AG) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
WinRAR 4.20 (32-Bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
WinUsb CoInstallers (HKLM-x32\...\{B7D4B08A-9D89-4369-B51C-92CF8C03D2F8}) (Version: 1.1.8.1406 - Nokia)
WinUSB Compatible ID Drivers (HKLM-x32\...\{316ED84C-ACDA-4F1F-8E64-52B7AFF8677D}) (Version: 1.1.9.1439 - Nokia)
WinUSB Drivers ext (HKLM-x32\...\{238EAE31-4E9E-43CF-B244-C4879279E6AF}) (Version: 1.1.12.1439 - Nokia)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

CustomCLSID: HKU\S-1-5-21-2663113073-2047370837-3390539344-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\VanessaundUwe\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\FileCoAuth.exe (Microsoft Corporation)

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {0D316AB7-1416-48C9-BE2F-98E44E0638A5} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-05-12] (Adobe Systems Incorporated)
Task: {13548292-62B5-46FE-901A-32171AC7C7CA} - System32\Tasks\HPCustParticipation HP OfficeJet 3830 series => C:\Program Files\HP\HP OfficeJet 3830 series\Bin\HPCustPartic.exe [2015-03-09] (Hewlett-Packard Development Company, LP)
Task: {13C04E78-85A3-4EAB-8EC1-4D75A697776D} - System32\Tasks\{415ED4F3-D631-4EE6-AB81-303998C830FB} => pcalua.exe -a C:\Users\VanessaundUwe\Downloads\ADE_2.0_Installer.exe -d C:\Users\VanessaundUwe\Downloads
Task: {23932692-5781-482C-BE4E-010CF5CF399C} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe
Task: {2AC15BB3-B017-4473-8AB5-D55A0448EA14} - System32\Tasks\AdobeAAMUpdater-1.0-Anuket-VanessaundUwe => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2015-08-05] (Adobe Systems Incorporated)
Task: {3A8D8438-08A6-4DFB-B760-90737F10D2A6} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {51696F76-C61C-45B2-A66E-EB797979E925} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-05-11] (Microsoft Corporation)
Task: {727E0394-47CD-4326-9878-51DCE9BDA933} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
Task: {732A1CB4-491C-4447-908E-45DBBF6AF445} - \AmiUpdXp -> Keine Datei <==== ACHTUNG
Task: {819CC8D0-B527-433F-9E94-83F3FED315E3} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe
Task: {86C11EBC-5923-4224-8C9C-AEAC67C4A609} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {8A26074E-D9A2-46A1-926B-2CD6439E0EB7} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {8B83154D-73CF-4435-ABEB-96C6214BD09D} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe
Task: {8EFFED3C-9DA9-401D-AD9C-61FD3A63F98A} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe
Task: {8F0E5EFB-D820-4DEA-A1D5-8B6237FEBF7B} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {9CBBE4A7-E823-45D3-AEAB-E20865E1F264} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe
Task: {9D3DB79D-C891-41AE-B24E-32BE9900DA22} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe
Task: {9F32AA2E-358A-4EC1-B044-761AA6BFFB94} - System32\Tasks\AutoPico Daily Restart => C:\Program
Task: {A2A7F146-C77A-4233-8C31-D192AF2D5591} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe
Task: {AAB08C40-22FD-4126-84F4-86755786F394} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-04-15] (Piriform Ltd)
Task: {B16E35C8-ECC6-4B42-AA66-B1B9248E5478} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Keine Datei <==== ACHTUNG
Task: {B2851EE3-BFA4-47A4-AFC2-114F3C194922} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-02] (Google Inc.)
Task: {B9CC01BC-768A-4946-AFDB-F6A551A40F00} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-02] (Google Inc.)
Task: {B9DF69B4-AE35-4B57-9B92-FFE592D550FE} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe
Task: {BC1A3F70-620E-4779-85B3-7ECE889A1DDB} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-04-22] (Adobe Systems Incorporated)
Task: {BCCF0E08-B171-4189-9247-F3E434294369} - \Microsoft\Windows\Setup\gwx\runappraiser -> Keine Datei <==== ACHTUNG
Task: {C08B53D2-E793-49B9-B320-3C1C4EFAE8CA} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {C3FD7451-62AC-4654-AF99-DAA95E98F41B} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Keine Datei <==== ACHTUNG
Task: {C6A099CD-5D34-4EDB-B614-CAF872E4E2F5} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {C7BA2836-6C8C-47F8-9A90-E43904B236AA} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe
Task: {CAAAE44E-0401-4EDF-B01F-CC3DBA876ADE} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe
Task: {CCE0DFF5-D617-41DC-9762-FE8A6F2848C1} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Keine Datei <==== ACHTUNG
Task: {CF10B885-BB90-4854-A23B-696EE3A726D9} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2015-10-06] (Microsoft Corporation)
Task: {CFC89B44-7826-4C50-B7A1-ECFE371E3767} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe
Task: {D5395A54-7A70-4614-94AA-D0CA988038E3} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {E09D943B-BA56-45AA-B5DB-C91C66EB995D} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe
Task: {E146F8D9-BEFB-4450-B673-D136F6ECDACE} - System32\Tasks\GoogleUpdateTaskMachineCore1d12f5fdf08843e => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-02] (Google Inc.)
Task: {E3EB8754-FFD1-4D73-942B-F8C7ACAB2F34} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe
Task: {F1774640-2B6A-43C5-9603-E8FA3AA41FA4} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe
Task: {F4F6A6FD-9D1A-44F0-8C26-8B298597FF54} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Keine Datei <==== ACHTUNG
Task: {F9245C66-BE0E-48CA-B1BD-81FCF68BE46F} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2015-10-06] (Microsoft Corporation)
Task: {FB4F02EA-7AD0-46E6-9D4D-76E82CC953A5} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1cf8c54ebfada4.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1cfec34e7a76bd3.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d0002672f1337.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d04241b9fd81d9.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d092e5d4782a0f.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d0c00ad2e94d9a.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d0e5527337fb41.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d0ef9ff94fb37b.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d12f5fdf08843e.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Verknüpfungen =============================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2015-10-30 09:18 - 2015-10-30 09:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2015-12-22 16:27 - 2015-07-23 03:10 - 00116552 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-10-06 17:21 - 2015-08-16 00:21 - 00162880 _____ () C:\Program Files\Common Files\Microsoft Shared\ClickToRun\ApiClient.dll
2015-05-29 08:29 - 2015-05-29 08:29 - 02178896 _____ () C:\Windows\System32\FspService.exe
2016-04-13 12:42 - 2016-03-29 12:20 - 02656952 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-04-13 12:42 - 2016-03-29 12:20 - 02656952 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2015-03-29 12:25 - 2015-03-29 12:25 - 00043480 _____ () C:\FileZilla\fzshellext_64.dll
2016-04-26 11:02 - 2016-04-26 11:02 - 00959176 _____ () C:\Users\VanessaundUwe\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64\ClientTelemetry.dll
2015-12-22 16:12 - 2015-12-22 16:12 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-05-11 13:07 - 2016-04-23 06:25 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-06-01 22:00 - 2015-06-01 22:00 - 00102912 _____ () C:\Windows\System32\IccLibDll_x64.dll
2016-04-15 20:07 - 2016-04-15 20:07 - 00061440 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll
2016-04-19 17:31 - 2016-04-19 17:31 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2016-03-29 12:13 - 2016-03-29 12:13 - 00016896 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.325.12390.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2016-03-29 12:13 - 2016-03-29 12:13 - 17535488 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.325.12390.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2016-03-05 14:16 - 2016-03-05 14:18 - 00291328 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.325.12390.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll
2016-05-11 13:08 - 2016-04-23 06:02 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-05-11 13:08 - 2016-04-23 05:58 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-05-11 13:08 - 2016-04-23 05:58 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-05-11 13:09 - 2016-04-23 06:01 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-10-30 09:18 - 2015-10-30 09:18 - 00218456 _____ () c:\windows\system32\WerEtw.dll
2015-07-08 23:18 - 2015-07-08 23:18 - 00794920 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\kpcengine.2.3.dll
2015-04-13 15:57 - 2015-04-13 15:57 - 00143296 _____ () C:\vlc\libvlc.dll
2015-04-13 16:00 - 2015-04-13 16:00 - 02631616 _____ () C:\vlc\libvlccore.dll
2016-04-19 17:31 - 2016-04-19 17:31 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-04-19 17:31 - 2016-04-19 17:31 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2015-10-06 17:24 - 2015-10-06 17:25 - 01754296 _____ () C:\Program Files (x86)\Microsoft Office\Root\Office16\tmpod.dll
2015-10-06 17:24 - 2015-10-06 17:25 - 01065536 _____ () C:\Program Files (x86)\Microsoft Office\Root\Office16\ADDINS\UmOutlookAddin.dll
2016-05-03 16:41 - 2016-05-03 16:41 - 22346936 _____ () C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.dll
2016-05-03 16:41 - 2016-05-03 16:41 - 00322232 _____ () C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\sqlite.dll
2016-05-03 16:41 - 2016-05-03 16:41 - 46476472 _____ () C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\libcef.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)

AlternateDataStreams: C:\ProgramData\Temp:56E2E879 [118]
AlternateDataStreams: C:\ProgramData\Temp:CB0AACC9 [144]

==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)


==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)

HKU\S-1-5-21-2663113073-2047370837-3390539344-1001\Software\Classes\.exe:  =>  <===== ACHTUNG

==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)


==================== Hosts Inhalt: ==========================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2009-07-14 04:34 - 2013-11-23 20:35 - 00001374 ____N C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1       activate.adobe.com
127.0.0.1       practivate.adobe.com
127.0.0.1       3dns-3.adobe.com
127.0.0.1       adobe-dns-2.adobe.com
127.0.0.1       adobe-dns-3.adobe.com
127.0.0.1       ereg.wip3.adobe.com
127.0.0.1       activate-sea.adobe.com
127.0.0.1       wip3.adobe.com
127.0.0.1       wwis-dubc1-vip60.adobe.com
127.0.0.1       activate-sjc0.adobe.com
127.0.0.1       ereg.adobe.com
127.0.0.1       activate.wip3.adobe.com
127.0.0.1       3dns-2.adobe.com
127.0.0.1       adobe-dns.adobe.com

==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-2663113073-2047370837-3390539344-1000\Control Panel\Desktop\\Wallpaper -> 
HKU\S-1-5-21-2663113073-2047370837-3390539344-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\VanessaundUwe\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: BTMTrayAgent => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
MSCONFIG\startupreg: Spotify => "C:\Users\VanessaundUwe\AppData\Roaming\Spotify\Spotify.exe" -autostart -minimized

==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808
FirewallRules: [{C0374123-E3D0-4A2A-AF23-FD7B330516D2}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{832DE091-A393-41A0-9069-16CED42A908F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{A893F5F5-55BC-49CD-8F78-FF71C30B7FDB}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{904775F6-6930-4E0C-BDAE-6404EED389C3}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{14A2FFDB-C0F0-447C-B3F5-5A8B2F8C5967}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{2AD5F8A5-7AF9-4A1C-A165-0776151658BB}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{8B056BF6-7F65-40EA-A595-381BCC2961AE}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{10B4D7B3-35E5-4BCB-9AF0-570C332970A6}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{08F98417-32F4-4506-9A75-46379350B106}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [UDP Query User{1C533923-8746-4213-AA9F-E8CB87B8FB54}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{E981DB15-4E39-4BAD-987F-C4227C2BA066}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{25AF93FC-F6D1-4242-A385-DB3EC143D466}C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe
FirewallRules: [TCP Query User{224F2EAB-9D65-48F8-B527-63AF3C0AAD06}C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe
FirewallRules: [{4B89F019-378D-4CB6-AF92-2CB1E1BF3207}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{9ECFE6F4-A7AD-4296-B3E7-254C8E0CB697}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{23F69F7A-AFE4-41CC-AED3-FFDD201F5CAB}] => (Allow) LPort=1900
FirewallRules: [{53E576F4-684D-46C6-9AD8-E62974FB99FE}] => (Allow) LPort=2869
FirewallRules: [{04B2E412-4BC1-4D51-B629-6AB6A2708D43}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [UDP Query User{295DE74C-4A72-4955-8559-CA6D38EA6457}C:\vlc\vlc.exe] => (Allow) C:\vlc\vlc.exe
FirewallRules: [TCP Query User{1903870F-8668-4200-9D1B-3C30D813485A}C:\vlc\vlc.exe] => (Allow) C:\vlc\vlc.exe
FirewallRules: [UDP Query User{9F5C1EC9-68F2-424D-99B3-B7D370048090}C:\users\vanessaunduwe\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\vanessaunduwe\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{AB4F2111-5868-48FB-BFB3-49AA9B1B7B16}C:\users\vanessaunduwe\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\vanessaunduwe\appdata\roaming\spotify\spotify.exe
FirewallRules: [{99AE0AFB-72CD-4AB1-BFD7-28DB3E88CBF4}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3507\Agent.exe
FirewallRules: [{42F4F9E3-49D0-4D69-85C9-3DD660CA0258}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3507\Agent.exe
FirewallRules: [UDP Query User{8ED785C4-8B67-48AB-9E1F-E9FB0E017845}C:\users\vanessaunduwe\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\vanessaunduwe\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{5C89C82A-ED44-4302-AADE-600262D3F135}C:\users\vanessaunduwe\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\vanessaunduwe\appdata\roaming\spotify\spotify.exe
FirewallRules: [{3B3BA98C-6E3A-4CE5-9464-40DCE9710926}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{882E49E9-1721-48A8-B10B-EDD92CB1198A}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{D72B193E-DAA6-4947-B0DD-79B43E88826F}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{60633C33-6005-4E69-8984-5F2785A192B6}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
FirewallRules: [{E20DBD12-083A-4C7B-B048-62F51DC45532}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
FirewallRules: [{4C65B3D6-E289-4DC8-A7A1-E03D336E0E43}] => (Allow) C:\Users\VanessaundUwe\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{0263B9A6-98AB-4676-AF80-27916C59B382}] => (Allow) C:\Users\VanessaundUwe\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{8CC1AA41-6D1F-4258-8042-0969C72B17C3}] => (Allow) C:\Users\VanessaundUwe\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{A71B376F-DC00-4E8A-9BC6-8093C38BBFF6}] => (Allow) C:\Users\VanessaundUwe\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{EAE79E6F-A72E-4A3A-8155-B528862C291D}] => (Allow) C:\Users\VanessaundUwe\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{C326D4F1-8F94-4F87-8F5B-9317EE17B4E5}] => (Allow) C:\Users\VanessaundUwe\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{EC80BE6C-A741-45B4-A4A5-1879FEB76882}] => (Allow) C:\Program Files\HP\HP OfficeJet 3830 series\bin\FaxApplications.exe
FirewallRules: [{AE9EFAA9-1162-46C4-817D-9EEFF821368E}] => (Allow) C:\Program Files\HP\HP OfficeJet 3830 series\bin\DigitalWizards.exe
FirewallRules: [{73783793-F380-43CB-A272-15E66D1134DE}] => (Allow) C:\Program Files\HP\HP OfficeJet 3830 series\bin\SendAFax.exe
FirewallRules: [{8FB56B48-9C7F-47F5-B214-5EE0DF650E21}] => (Allow) C:\Program Files\HP\HP OfficeJet 3830 series\bin\FaxPrinterUtility.exe
FirewallRules: [{BB8FBFC3-E065-48F3-81DF-BFF4C15594D0}] => (Allow) C:\Program Files\HP\HP OfficeJet 3830 series\Bin\DeviceSetup.exe
FirewallRules: [{3DB49462-9751-401C-A35E-DF3ADE4EE293}] => (Allow) LPort=5357
FirewallRules: [{C7D4D1AD-7D2C-46FA-840D-077F4D87041D}] => (Allow) C:\Program Files\HP\HP OfficeJet 3830 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{4EC315F3-0EA3-4114-86CB-20666CF4E12D}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe
FirewallRules: [{A695BB64-DB01-4FD7-9369-1730B175811C}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe
FirewallRules: [{F56797FF-754A-4E09-87D9-98712FF563A4}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{8B2C23A9-0B2F-4DD6-B977-95B3CBC2F30F}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe

==================== Wiederherstellungspunkte =========================

07-05-2016 13:25:51 Geplanter Prüfpunkt
09-05-2016 23:52:40 JRT Pre-Junkware Removal
15-05-2016 21:05:53 Windows Update

==================== Fehlerhafte Geräte im Gerätemanager =============


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (05/17/2016 01:40:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: devmonsrv.exe, Version: 1.1.0.51, Zeitstempel: 0x4d6e5bd3
Name des fehlerhaften Moduls: devmonsrv.exe, Version: 1.1.0.51, Zeitstempel: 0x4d6e5bd3
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00043c86
ID des fehlerhaften Prozesses: 0x4d8
Startzeit der fehlerhaften Anwendung: 0xdevmonsrv.exe0
Pfad der fehlerhaften Anwendung: devmonsrv.exe1
Pfad des fehlerhaften Moduls: devmonsrv.exe2
Berichtskennung: devmonsrv.exe3
Vollständiger Name des fehlerhaften Pakets: devmonsrv.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: devmonsrv.exe5

Error: (05/17/2016 01:40:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: devmonsrv.exe, Version: 1.1.0.51, Zeitstempel: 0x4d6e5bd3
Name des fehlerhaften Moduls: devmonsrv.exe, Version: 1.1.0.51, Zeitstempel: 0x4d6e5bd3
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00043c86
ID des fehlerhaften Prozesses: 0xb94
Startzeit der fehlerhaften Anwendung: 0xdevmonsrv.exe0
Pfad der fehlerhaften Anwendung: devmonsrv.exe1
Pfad des fehlerhaften Moduls: devmonsrv.exe2
Berichtskennung: devmonsrv.exe3
Vollständiger Name des fehlerhaften Pakets: devmonsrv.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: devmonsrv.exe5

Error: (05/16/2016 09:21:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: devmonsrv.exe, Version: 1.1.0.51, Zeitstempel: 0x4d6e5bd3
Name des fehlerhaften Moduls: devmonsrv.exe, Version: 1.1.0.51, Zeitstempel: 0x4d6e5bd3
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00043c86
ID des fehlerhaften Prozesses: 0x23f4
Startzeit der fehlerhaften Anwendung: 0xdevmonsrv.exe0
Pfad der fehlerhaften Anwendung: devmonsrv.exe1
Pfad des fehlerhaften Moduls: devmonsrv.exe2
Berichtskennung: devmonsrv.exe3
Vollständiger Name des fehlerhaften Pakets: devmonsrv.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: devmonsrv.exe5

Error: (05/16/2016 08:27:59 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: microsoftedgecp.exe, Version: 11.0.10586.20, Zeitstempel: 0x56540c35
Name des fehlerhaften Moduls: iertutil.dll, Version: 11.0.10586.306, Zeitstempel: 0x571af338
Ausnahmecode: 0x80000003
Fehleroffset: 0x0000000000007040
ID des fehlerhaften Prozesses: 0x2460
Startzeit der fehlerhaften Anwendung: 0xmicrosoftedgecp.exe0
Pfad der fehlerhaften Anwendung: microsoftedgecp.exe1
Pfad des fehlerhaften Moduls: microsoftedgecp.exe2
Berichtskennung: microsoftedgecp.exe3
Vollständiger Name des fehlerhaften Pakets: microsoftedgecp.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: microsoftedgecp.exe5

Error: (05/16/2016 08:17:43 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: devmonsrv.exe, Version: 1.1.0.51, Zeitstempel: 0x4d6e5bd3
Name des fehlerhaften Moduls: devmonsrv.exe, Version: 1.1.0.51, Zeitstempel: 0x4d6e5bd3
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00043c86
ID des fehlerhaften Prozesses: 0x5f4
Startzeit der fehlerhaften Anwendung: 0xdevmonsrv.exe0
Pfad der fehlerhaften Anwendung: devmonsrv.exe1
Pfad des fehlerhaften Moduls: devmonsrv.exe2
Berichtskennung: devmonsrv.exe3
Vollständiger Name des fehlerhaften Pakets: devmonsrv.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: devmonsrv.exe5

Error: (05/16/2016 08:17:43 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: obexsrv.exe, Version: 1.1.0.51, Zeitstempel: 0x4d6e5ab8
Name des fehlerhaften Moduls: obexsrv.exe, Version: 1.1.0.51, Zeitstempel: 0x4d6e5ab8
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0005225c
ID des fehlerhaften Prozesses: 0x934
Startzeit der fehlerhaften Anwendung: 0xobexsrv.exe0
Pfad der fehlerhaften Anwendung: obexsrv.exe1
Pfad des fehlerhaften Moduls: obexsrv.exe2
Berichtskennung: obexsrv.exe3
Vollständiger Name des fehlerhaften Pakets: obexsrv.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: obexsrv.exe5

Error: (05/15/2016 09:46:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: devmonsrv.exe, Version: 1.1.0.51, Zeitstempel: 0x4d6e5bd3
Name des fehlerhaften Moduls: devmonsrv.exe, Version: 1.1.0.51, Zeitstempel: 0x4d6e5bd3
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00043c86
ID des fehlerhaften Prozesses: 0xca4
Startzeit der fehlerhaften Anwendung: 0xdevmonsrv.exe0
Pfad der fehlerhaften Anwendung: devmonsrv.exe1
Pfad des fehlerhaften Moduls: devmonsrv.exe2
Berichtskennung: devmonsrv.exe3
Vollständiger Name des fehlerhaften Pakets: devmonsrv.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: devmonsrv.exe5

Error: (05/15/2016 09:41:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: AcroRd32.exe, Version: 15.16.20039.54196, Zeitstempel: 0x5728a6b1
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000008
Fehleroffset: 0x70db8c7a
ID des fehlerhaften Prozesses: 0x1f40
Startzeit der fehlerhaften Anwendung: 0xAcroRd32.exe0
Pfad der fehlerhaften Anwendung: AcroRd32.exe1
Pfad des fehlerhaften Moduls: AcroRd32.exe2
Berichtskennung: AcroRd32.exe3
Vollständiger Name des fehlerhaften Pakets: AcroRd32.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: AcroRd32.exe5

Error: (05/15/2016 09:07:43 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.

System Error:
Zugriff verweigert
.

Error: (05/15/2016 08:20:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: devmonsrv.exe, Version: 1.1.0.51, Zeitstempel: 0x4d6e5bd3
Name des fehlerhaften Moduls: devmonsrv.exe, Version: 1.1.0.51, Zeitstempel: 0x4d6e5bd3
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00043c86
ID des fehlerhaften Prozesses: 0x8e8
Startzeit der fehlerhaften Anwendung: 0xdevmonsrv.exe0
Pfad der fehlerhaften Anwendung: devmonsrv.exe1
Pfad des fehlerhaften Moduls: devmonsrv.exe2
Berichtskennung: devmonsrv.exe3
Vollständiger Name des fehlerhaften Pakets: devmonsrv.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: devmonsrv.exe5


Systemfehler:
=============
Error: (05/17/2016 01:40:27 PM) (Source: DCOM) (EventID: 10005) (User: ANUKET)
Description: 1053Bluetooth Device MonitorNicht verfügbar{DABF28BE-F6B4-4E40-8F40-C4FB26F3116C}

Error: (05/17/2016 01:40:27 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Bluetooth Device Monitor" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (05/17/2016 01:40:27 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Bluetooth Device Monitor erreicht.

Error: (05/17/2016 01:40:08 PM) (Source: DCOM) (EventID: 10005) (User: ANUKET)
Description: 1053Bluetooth Device MonitorNicht verfügbar{DABF28BE-F6B4-4E40-8F40-C4FB26F3116C}

Error: (05/17/2016 01:40:08 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Bluetooth Device Monitor" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (05/17/2016 01:40:08 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Bluetooth Device Monitor erreicht.

Error: (05/17/2016 01:12:06 PM) (Source: i8042prt) (EventID: 41) (User: )
Description: Beim Aktivieren der Maus für die Informationsübertragung ist ein Fehler aufgetreten. Das Gerät wurde zurückgesetzt, um es wieder funktionstüchtig zu machen.

Error: (05/17/2016 01:12:04 PM) (Source: i8042prt) (EventID: 41) (User: )
Description: Beim Aktivieren der Maus für die Informationsübertragung ist ein Fehler aufgetreten. Das Gerät wurde zurückgesetzt, um es wieder funktionstüchtig zu machen.

Error: (05/17/2016 07:39:59 AM) (Source: i8042prt) (EventID: 41) (User: )
Description: Beim Aktivieren der Maus für die Informationsübertragung ist ein Fehler aufgetreten. Das Gerät wurde zurückgesetzt, um es wieder funktionstüchtig zu machen.

Error: (05/17/2016 07:39:57 AM) (Source: i8042prt) (EventID: 41) (User: )
Description: Beim Aktivieren der Maus für die Informationsübertragung ist ein Fehler aufgetreten. Das Gerät wurde zurückgesetzt, um es wieder funktionstüchtig zu machen.


CodeIntegrity:
===================================
  Date: 2016-05-16 20:13:23.487
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-05-16 08:24:55.146
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-05-12 08:37:29.691
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\VanessaundUwe\AppData\Local\Temp\trutil.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-05-12 08:37:29.638
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\VanessaundUwe\AppData\Local\Temp\trutil.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-05-12 08:37:26.378
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\VanessaundUwe\AppData\Local\Temp\trutil.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-05-12 08:37:26.341
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\VanessaundUwe\AppData\Local\Temp\trutil.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-05-12 08:37:15.054
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\VanessaundUwe\AppData\Local\Temp\trutil.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-05-12 07:06:31.931
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-05-11 15:07:30.556
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-05-11 15:00:11.596
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Speicherinformationen =========================== 

Prozessor: Intel(R) Core(TM) i3-2350M CPU @ 2.30GHz
Prozentuale Nutzung des RAM: 63%
Installierter physikalischer RAM: 4001.87 MB
Verfügbarer physikalischer RAM: 1461.52 MB
Summe virtueller Speicher: 8097.87 MB
Verfügbarer virtueller Speicher: 4570.11 MB

==================== Laufwerke ================================

Drive c: (Boot) (Fixed) (Total:394.66 GB) (Free:87.07 GB) NTFS
Drive d: (Recover) (Fixed) (Total:70 GB) (Free:40.5 GB) NTFS

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 0DA1342C)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=394.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=70 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=1 GB) - (Type=12)

==================== Ende von Addition.txt ============================

Logs von TDSS-Killer kommen in einer weiteren Antwort, da der Text sonst zu lang ist.

Librarios · 17.05.2016, 13:13

Code:

ATTFilter

13:48:45.0428 0x2068  TDSS rootkit removing tool 3.1.0.9 Dec 11 2015 22:49:12
13:49:14.0297 0x2068  ============================================================
13:49:14.0297 0x2068  Current date / time: 2016/05/17 13:49:14.0297
13:49:14.0297 0x2068  SystemInfo:
13:49:14.0297 0x2068  
13:49:14.0297 0x2068  OS Version: 10.0.10586 ServicePack: 0.0
13:49:14.0297 0x2068  Product type: Workstation
13:49:14.0297 0x2068  ComputerName: ANUKET
13:49:14.0297 0x2068  UserName: VanessaundUwe
13:49:14.0297 0x2068  Windows directory: C:\WINDOWS
13:49:14.0297 0x2068  System windows directory: C:\WINDOWS
13:49:14.0297 0x2068  Running under WOW64
13:49:14.0297 0x2068  Processor architecture: Intel x64
13:49:14.0297 0x2068  Number of processors: 4
13:49:14.0297 0x2068  Page size: 0x1000
13:49:14.0297 0x2068  Boot type: Normal boot
13:49:14.0297 0x2068  ============================================================
13:49:14.0760 0x2068  KLMD registered as C:\WINDOWS\system32\drivers\71936500.sys
13:49:15.0563 0x2068  System UUID: {B728DC93-CBC1-6E46-EFE9-2C2CA28C9DA2}
13:49:17.0265 0x2068  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:49:17.0265 0x2068  ============================================================
13:49:17.0265 0x2068  \Device\Harddisk0\DR0:
13:49:17.0281 0x2068  MBR partitions:
13:49:17.0281 0x2068  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
13:49:17.0281 0x2068  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x31553000
13:49:17.0281 0x2068  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x31585800, BlocksNum 0x8C00000
13:49:17.0281 0x2068  ============================================================
13:49:17.0296 0x2068  C: <-> \Device\Harddisk0\DR0\Partition2
13:49:17.0334 0x2068  D: <-> \Device\Harddisk0\DR0\Partition3
13:49:17.0334 0x2068  ============================================================
13:49:17.0350 0x2068  Initialize success
13:49:17.0350 0x2068  ============================================================
13:49:55.0612 0x22ec  ============================================================
13:49:55.0612 0x22ec  Scan started
13:49:55.0612 0x22ec  Mode: Manual; SigCheck; TDLFS; 
13:49:55.0612 0x22ec  ============================================================
13:49:55.0612 0x22ec  KSN ping started
13:49:59.0366 0x22ec  KSN ping finished: true
13:50:09.0513 0x22ec  ================ Scan system memory ========================
13:50:09.0513 0x22ec  System memory - ok
13:50:09.0513 0x22ec  ================ Scan services =============================
13:50:09.0746 0x22ec  [ DF1C3D7E6C7929AD83BE22852B5B08CB, 9ECF6211CCD30273A23247E87C31B3A2ACDA623133CEF6E9B3243463C0609C5F ] 1394ohci        C:\WINDOWS\System32\drivers\1394ohci.sys
13:50:09.0946 0x22ec  1394ohci - ok
13:50:10.0015 0x22ec  [ 2C5B3035B86770ADD2FE9BFBAF5B35A4, 19E16F9144FE3E33B5FF248CF0040AB079ACAE22290B1369CC72AE4CB5FE3A90 ] 3ware           C:\WINDOWS\system32\drivers\3ware.sys
13:50:10.0069 0x22ec  3ware - ok
13:50:10.0169 0x22ec  [ 469441BAE3FF8A16826FC62C51EF5E18, E1204677B87F47222D05F670F8DF3DB65EA0881782A8DCFBE0103478ED71187C ] ACPI            C:\WINDOWS\system32\drivers\ACPI.sys
13:50:10.0385 0x22ec  ACPI - ok
13:50:10.0470 0x22ec  [ 7EADED8087C392876521F7EBCE846EF4, 99BF1BD948F97C1ECBC049C7F949B71D73D0B41FB505B2F75B208E655F7DC8A3 ] acpiex          C:\WINDOWS\system32\Drivers\acpiex.sys
13:50:10.0516 0x22ec  acpiex - ok
13:50:10.0572 0x22ec  [ C498887123327CDFD73A05E7A2780920, B45392C46254FCB8D79B6C3A82C8D894063199E6167D8E5F7EA7D60C75CD16EA ] acpipagr        C:\WINDOWS\System32\drivers\acpipagr.sys
13:50:10.0619 0x22ec  acpipagr - ok
13:50:10.0688 0x22ec  [ C8DBE6EFFCF014CAA010B9BDDAC833EC, 96FC29340C62A6B0910DCCBF8945F32089FC300F45B451A540B8854D53734298 ] AcpiPmi         C:\WINDOWS\System32\drivers\acpipmi.sys
13:50:10.0734 0x22ec  AcpiPmi - ok
13:50:10.0772 0x22ec  [ 17039DBEB3B7B9ADCDB4B4533AA9771F, A4D38B144639A20B8B31E4F35FB776A028DB502FAC849FC73EECEB3CCD91830B ] acpitime        C:\WINDOWS\System32\drivers\acpitime.sys
13:50:10.0819 0x22ec  acpitime - ok
13:50:10.0973 0x22ec  [ 36114214BF8D7C464D1E92E4EB6B2DD3, 8E7CB266D4ABCDF332A3D4D341753811D51B72985E36F24A7E757DCA11A65A2A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
13:50:11.0004 0x22ec  AdobeARMservice - ok
13:50:11.0188 0x22ec  [ 6A050671F2C76FB48131F12786802807, 71B37A9CEAE5AB1B069FB010BC547E14445461885B74FA879E63F9F2DAF644A5 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
13:50:11.0251 0x22ec  AdobeFlashPlayerUpdateSvc - ok
13:50:11.0389 0x22ec  [ F7D0CD345D2DA42E7042ABCD73662403, 03183F90A994D69066F15C3DFC1D7D7514AEAF46A5AAC059B1FB327F8C30A35C ] ADP80XX         C:\WINDOWS\system32\drivers\ADP80XX.SYS
13:50:11.0577 0x22ec  ADP80XX - ok
13:50:11.0656 0x22ec  [ 70148EFA9A562E7185B75BBE7D376BF7, 8200E3349A1AFA1040B3D956A17BAF3CDC784A1A3CA396125E7872B36C03D84A ] AFD             C:\WINDOWS\system32\drivers\afd.sys
13:50:11.0772 0x22ec  AFD - ok
13:50:11.0794 0x22ec  [ 870F1A2C936F92B5D053DF7EC75B352F, D617524FD5886D6D3BC2EFBBB5EA310E906454CD7CA7257C3D7BDEA8C4F2DA71 ] agp440          C:\WINDOWS\system32\drivers\agp440.sys
13:50:11.0841 0x22ec  agp440 - ok
13:50:12.0072 0x22ec  [ C17171E63E84F5711DF23B8F1E7A100E, C2AFDDA0A1A502FAE6B51BD00FF5884F46A74D9AEC76856B32E82D244D14FA97 ] AGSService      C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
13:50:12.0297 0x22ec  AGSService - ok
13:50:12.0328 0x22ec  [ 3DF7751D5DC6525E7DC6617FBB45054F, 8E6D4C809DB3B66E7558C4829E01F5C227EE614AC82F33FD99DCC629770D1BE3 ] ahcache         C:\WINDOWS\system32\DRIVERS\ahcache.sys
13:50:12.0413 0x22ec  ahcache - ok
13:50:12.0460 0x22ec  [ 19707ECBCEA71080A85DB2336580DB39, A09AE69C9DE2F3765417F212453B6927C317A94801AE68FBA6A8E8A7CB16CED7 ] AJRouter        C:\WINDOWS\System32\AJRouter.dll
13:50:12.0513 0x22ec  AJRouter - ok
13:50:12.0560 0x22ec  [ AA91A5E156D0364ABA7B01658C2EB014, F61055D581745023939C741CAB3370074D1416BB5A0BE0BD47642D5A75669E12 ] ALG             C:\WINDOWS\System32\alg.exe
13:50:12.0613 0x22ec  ALG - ok
13:50:12.0644 0x22ec  [ B70F0F2F54B4A4DB6E9C830454752F5A, C882DEAC30812E5FA4479A8CB688603C6AF269EF08236688F4C5E7EBED1D4572 ] AmdK8           C:\WINDOWS\System32\drivers\amdk8.sys
13:50:12.0697 0x22ec  AmdK8 - ok
13:50:12.0744 0x22ec  [ 35E890482C9728DD5C552B85DA8A5AB2, 1E0EB7D902AB4C38E23CAFC0BEA250E7F6E180E8814385B4F29730BFC373A191 ] AmdPPM          C:\WINDOWS\System32\drivers\amdppm.sys
13:50:12.0829 0x22ec  AmdPPM - ok
13:50:12.0876 0x22ec  [ 5B30BCFE6E02E45D3EE268FF001BC5E0, 9901DB728885CE36911F79998629B2DD42D56AF9633B5277834F498CC59B0346 ] amdsata         C:\WINDOWS\system32\drivers\amdsata.sys
13:50:12.0914 0x22ec  amdsata - ok
13:50:12.0961 0x22ec  [ F20B30F35A5C7888441B4DCA001ECF8E, 695A5BC1F18B65992EB06A202AD3CBFA17228E76DDFD1AE6977FD315724F75C2 ] amdsbs          C:\WINDOWS\system32\drivers\amdsbs.sys
13:50:13.0030 0x22ec  amdsbs - ok
13:50:13.0061 0x22ec  [ AFE838D7576C581D6483529621AB10CC, 14476A04CC64E7A0F1BBFDACCBD7A87F384BE1877C27656DBB973AF3975D4AE2 ] amdxata         C:\WINDOWS\system32\drivers\amdxata.sys
13:50:13.0099 0x22ec  amdxata - ok
13:50:13.0161 0x22ec  [ 3BC90482A834F998C3B7A9C934A20342, D49765D1DCDE0D7FB2478D33BD28A3733ADA951C5AE7628A5E316F039A3AA0B1 ] AMPPAL          C:\WINDOWS\System32\drivers\AMPPAL.sys
13:50:13.0277 0x22ec  AMPPAL - ok
13:50:13.0330 0x22ec  [ 3BC90482A834F998C3B7A9C934A20342, D49765D1DCDE0D7FB2478D33BD28A3733ADA951C5AE7628A5E316F039A3AA0B1 ] AMPPALP         C:\WINDOWS\system32\DRIVERS\amppal.sys
13:50:13.0393 0x22ec  AMPPALP - ok
13:50:13.0478 0x22ec  [ ADFFD587A8CBDCEB0566521ACEF707DB, 17CF539B17FAAF4CC4306B6D2BBD36D80C93FB49A614293D7351A92445C6C1D0 ] AppHostSvc      C:\WINDOWS\system32\inetsrv\apphostsvc.dll
13:50:13.0531 0x22ec  AppHostSvc - ok
13:50:13.0578 0x22ec  [ EDDB0D726DBECDFC1DBCC6DB464E5A13, 98D128D1E6FA270ED9ADBFE50078F68A794C00D4CBB86E28EC6161FFAD0CA8FF ] AppID           C:\WINDOWS\system32\drivers\appid.sys
13:50:13.0631 0x22ec  AppID - ok
13:50:13.0700 0x22ec  [ 7A55F9237F726D1667073A47B0D1B90F, 7C2D9AA84F1D4CC6C1FAF6848DF9479A534E01029C4387E8C0647745F1E74603 ] AppIDSvc        C:\WINDOWS\System32\appidsvc.dll
13:50:13.0778 0x22ec  AppIDSvc - ok
13:50:13.0816 0x22ec  [ 56E219DF92BE16F62308F884739BE022, FE189EE8A52BC5A0E6B76C632021F84F60307A182F2A67C0C0C7CAA72DEFC723 ] Appinfo         C:\WINDOWS\System32\appinfo.dll
13:50:13.0900 0x22ec  Appinfo - ok
13:50:13.0974 0x22ec  [ 610499A73DF3599608EBB6B3F9929052, A9CA49C4A39A825916AB3791090BCFC7044FDB6B2C3538E01F0CFBC2A9931152 ] AppReadiness    C:\WINDOWS\system32\AppReadiness.dll
13:50:14.0089 0x22ec  AppReadiness - ok
13:50:14.0251 0x22ec  [ 087FBBC026DCC0F693E91079B9901B7E, 544DEC1255923DBDC8351B6CE2220FBC9929F2FFE52C91062C23DE7734DA7A2F ] AppXSvc         C:\WINDOWS\system32\appxdeploymentserver.dll
13:50:14.0598 0x22ec  AppXSvc - ok
13:50:14.0657 0x22ec  [ E3FE8F610B1CC12BC3B2E6BC43DC97E2, 0E18542CF2095A9ADA1759AB8F986E78B0A50A3C6B2AD4EACD80A23D832A2C6D ] arcsas          C:\WINDOWS\system32\drivers\arcsas.sys
13:50:14.0704 0x22ec  arcsas - ok
13:50:14.0874 0x22ec  [ 00B0FDD484914F388B5441285FDE24CB, 90AA8A12BB235BFC3A924F0E23BCEE8742817E3BC5A85E49D8AF8B52E8158ECB ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
13:50:14.0940 0x22ec  aspnet_state - ok
13:50:14.0974 0x22ec  [ 5E00748A1AD246CAECBBB7553BED36CC, DAD2C93F0894E7BB5E5D8D767D8286A909086B49172C504A01097C3A180998C6 ] AsyncMac        C:\WINDOWS\System32\drivers\asyncmac.sys
13:50:15.0038 0x22ec  AsyncMac - ok
13:50:15.0059 0x22ec  [ 492B99D2E3D5D7BFD5F0AE1BE7BD37DD, A3F6BFC4FDC1933FBF3145019B118689A414108B04F43E2563946B2673C89324 ] atapi           C:\WINDOWS\system32\drivers\atapi.sys
13:50:15.0106 0x22ec  atapi - ok
13:50:15.0159 0x22ec  [ 42BF7FA295F453618104B5A50BEE105B, AB44BA2AD2FC5AF3B6BE4489C444C03FD1AB02C22109BF5F39BE459294C4CB18 ] AudioEndpointBuilder C:\WINDOWS\System32\AudioEndpointBuilder.dll
13:50:15.0243 0x22ec  AudioEndpointBuilder - ok
13:50:15.0375 0x22ec  [ 2A2C0983B6FE62F02E7183335B1F5C20, 07845269FE72894D31D3FC927EECE26333AE9A2149A995DA4AE007276B05C647 ] Audiosrv        C:\WINDOWS\System32\Audiosrv.dll
13:50:15.0582 0x22ec  Audiosrv - ok
13:50:15.0660 0x22ec  [ 50C3C62FFE6337E6E4F2F01CB07DF63C, CC9C7D2827E872F22A2A79D42195530F61DF6EA6A1C8F520E25DB35537574FAB ] AVP16.0.0       C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\avp.exe
13:50:15.0714 0x22ec  AVP16.0.0 - ok
13:50:15.0782 0x22ec  [ 7062CE507814D5306DCA5D6A15B7B6B6, 9D60506003A66C2E516B1FCB70CC5B26FB3A9948B95D97C828DD0328E76F2C91 ] AxInstSV        C:\WINDOWS\System32\AxInstSV.dll
13:50:15.0867 0x22ec  AxInstSV - ok
13:50:15.0945 0x22ec  [ 6447BA6FA709514B6C803D159B4C7D1E, 549DDCEAD93DF333F6BBD56A9258A867E4DA219741C00D48C68F8F230A87B11A ] b06bdrv         C:\WINDOWS\system32\drivers\bxvbda.sys
13:50:16.0076 0x22ec  b06bdrv - ok
13:50:16.0107 0x22ec  [ B4AC08B1D04D0CE085435E5CD0E663C5, 61E641388E5692B2EB351E44BA1DB86B5305DD105EE56865D59072CA9407C8AC ] BasicDisplay    C:\WINDOWS\System32\drivers\BasicDisplay.sys
13:50:16.0154 0x22ec  BasicDisplay - ok
13:50:16.0176 0x22ec  [ 25B5BB369DEE2BAE4BF459C978FF9035, DBC2157B2AC0BC92B4011CE5E01F2DCDAAE71E37D9D21102503C6455FAAC4DCA ] BasicRender     C:\WINDOWS\System32\drivers\BasicRender.sys
13:50:16.0223 0x22ec  BasicRender - ok
13:50:16.0254 0x22ec  [ 3F5523DCEFE42B385659C5CB46A6B810, CA24A3DF002B19E7BDEDE9B5EB60623F299D0E78B2E4F58DCFC028D76DEFE52D ] bcmfn           C:\WINDOWS\System32\drivers\bcmfn.sys
13:50:16.0292 0x22ec  bcmfn - ok
13:50:16.0308 0x22ec  [ 0B750A6A6D847E73CA48ADD7A0F5A393, 6A43020F23846EFB1AFA3C070465B0059E9DF60DEB16899E09559462DF30939F ] bcmfn2          C:\WINDOWS\System32\drivers\bcmfn2.sys
13:50:16.0355 0x22ec  bcmfn2 - ok
13:50:16.0408 0x22ec  [ F374C27099807E99A156953F8416D34A, D267B8CD837290F9FC6B4FFD2DB8F54867D808FB155698FC7713BCAB3AE475B5 ] BDESVC          C:\WINDOWS\System32\bdesvc.dll
13:50:16.0524 0x22ec  BDESVC - ok
13:50:16.0577 0x22ec  [ 5A88834AEE15D97695FAE0837B73B3E4, 03035FB51DE218B8EDB15129A0376DDED0C7E7B6DA58DD95B12E4E5C8D852ED8 ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
13:50:16.0624 0x22ec  Beep - ok
13:50:16.0709 0x22ec  [ 37F5E2385CB4D10AB42186974B9C241A, D38FA2B8CE19AC32056060F04B04D031F1621C07528DEDCCD5A8C01AB0A35995 ] BFE             C:\WINDOWS\System32\bfe.dll
13:50:16.0909 0x22ec  BFE - ok
13:50:17.0057 0x22ec  [ 64582C924C48175D52AED0D0E64AB413, 75DC6BC01D26A4BABEDB8013F0C106780F0991CA63075798C7C24B66022F58E3 ] BITS            C:\WINDOWS\System32\qmgr.dll
13:50:17.0280 0x22ec  BITS - ok
13:50:17.0444 0x22ec  [ 55B0C8441DE7D91A819A39D0351154A2, EA39144C82DB7F48D12042ED12701932C9339DA9E9AF002B09FF5E8101BC6047 ] Bluetooth Device Monitor C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
13:50:17.0543 0x22ec  Bluetooth Device Monitor - ok
13:50:17.0659 0x22ec  [ 7E262330DF0C4BE4ECE853B59B9CBE4C, 11397833838266425CB400B5A0F4379E1F23822D1E7BFBC898F7ABD88CC8DA9A ] Bluetooth Media Service C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
13:50:17.0797 0x22ec  Bluetooth Media Service - ok
13:50:17.0882 0x22ec  [ 8BF4B9956E13871A88A3810074E2E110, CB76A83C02904675A28E6E3C29FA6FC3969C1012B6528FF0B0A55036E2E73AF7 ] Bluetooth OBEX Service C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
13:50:18.0013 0x22ec  Bluetooth OBEX Service - ok
13:50:18.0029 0x1f8c  Object required for P2P: [ 6A050671F2C76FB48131F12786802807 ] AdobeFlashPlayerUpdateSvc
13:50:18.0044 0x22ec  [ DA2C6F7ACE392193C424FEA975C5BFFB, 668F91F3E5F8EA170C10823D6959E0EDB32434C51FAA68BEA782EDDF5618690E ] bowser          C:\WINDOWS\system32\DRIVERS\bowser.sys
13:50:18.0098 0x22ec  bowser - ok
13:50:18.0160 0x22ec  [ 492FB85E61768950CDD27C87AED6E8FA, 1BFF11D899581E406D1AB5F2C66C9D816161ECF4B81AAACCCA3663875E86C0A5 ] BrokerInfrastructure C:\WINDOWS\System32\bisrv.dll
13:50:18.0298 0x22ec  BrokerInfrastructure - ok
13:50:18.0345 0x22ec  [ A617BE5E429A035A1CA8217C1B16F0BB, 197EE6C6EB22FF8A626540886F5A2163CC4CB177504C5423856F54BF01EB0FF1 ] Browser         C:\WINDOWS\System32\browser.dll
13:50:18.0399 0x22ec  Browser - ok
13:50:18.0446 0x22ec  [ CAEC7BC11AF69A181AF7932E636E09E4, 503C69045F1E025CBEE2405043BB71CC58478985ECAF6587F73FCB57860F5709 ] BthAvrcpTg      C:\WINDOWS\System32\drivers\BthAvrcpTg.sys
13:50:18.0483 0x22ec  BthAvrcpTg - ok
13:50:18.0515 0x22ec  [ 5F2B4B32E986C058525D3BA2A475A16C, CEC5BB0B025DD9525CFBBEDF6EB6F63336534798495A4F95763CE112DF915088 ] BthHFEnum       C:\WINDOWS\System32\drivers\bthhfenum.sys
13:50:18.0577 0x22ec  BthHFEnum - ok
13:50:18.0599 0x22ec  [ 5406289E8AE2CB52FC408154E0A64BA7, 0A3795F2E6E2B51198452CF69A99159D8E11650E95F41DF0B575CB72F9C6C6B5 ] bthhfhid        C:\WINDOWS\System32\drivers\BthHFHid.sys
13:50:18.0646 0x22ec  bthhfhid - ok
13:50:18.0703 0x22ec  [ BAB101E7826BE287F79C4BA721621989, E6DD25C89267FE87253B8226292F2894F5E702075D3B23B09339D3B28744C060 ] BthHFSrv        C:\WINDOWS\System32\BthHFSrv.dll
13:50:18.0819 0x22ec  BthHFSrv - ok
13:50:18.0888 0x22ec  [ A76F20CCCA31895A1DA78A875E50F946, ECD4B3670DA5984AA24F4354457B4E45983938A89FF6DB03B556A633B4B37E3C ] BTHMODEM        C:\WINDOWS\System32\drivers\bthmodem.sys
13:50:18.0935 0x22ec  BTHMODEM - ok
13:50:18.0966 0x22ec  [ 7A177E18AA6A6A6365E6351C2BF8EDAE, A35224A20014B1215A6824AE5E17B8869A775EA272EF7F25EAFFA18733F8D09D ] bthserv         C:\WINDOWS\system32\bthserv.dll
13:50:19.0019 0x22ec  bthserv - ok
13:50:19.0050 0x22ec  [ 270FBA230E78E25726D065A924589A72, 9D68C51B0A5F969CE2700F6CD9D98DE224D9D67F43D599F07BDCEC020C890E79 ] btmaux          C:\WINDOWS\system32\DRIVERS\btmaux.sys
13:50:19.0066 0x22ec  btmaux - detected UnsignedFile.Multi.Generic ( 1 )
13:50:21.0474 0x22ec  Detect skipped due to KSN trusted
13:50:21.0474 0x22ec  btmaux - ok
13:50:21.0537 0x22ec  [ 0010A54571F525A97EED8C091E96EAA9, 6BA69BD0BEAFAF0385C53E2FEB3C7E19DA797C4C732F60600243F2B79B6CDC64 ] btmhsf          C:\WINDOWS\system32\DRIVERS\btmhsf.sys
13:50:21.0591 0x1f8c  Object send P2P result: true
13:50:21.0591 0x22ec  btmhsf - detected UnsignedFile.Multi.Generic ( 1 )
13:50:24.0972 0x22ec  Detect skipped due to KSN trusted
13:50:24.0972 0x22ec  btmhsf - ok
13:50:25.0057 0x22ec  [ BF89BDBA5D3A0B4256D3F6FC8D31880D, 940F3BF55B88261C9E9A951A092331559FC5B24FE3BA0F1E1AB3450D2CA364C1 ] buttonconverter C:\WINDOWS\System32\drivers\buttonconverter.sys
13:50:25.0104 0x22ec  buttonconverter - ok
13:50:25.0173 0x22ec  [ C24C27FDF93B85A4EFCF25F830253AA2, 35C87518BB59663B57C2361A13AD4E57E37392598F1EB9F07F86CA5A6321AF5A ] CapImg          C:\WINDOWS\System32\drivers\capimg.sys
13:50:25.0242 0x22ec  CapImg - ok
13:50:25.0289 0x22ec  [ 7F9C7226D743B232907ED2537B8A574F, 2211AFC30E8F8FA03020DB48EE14914CD31E50BB6A63FF20AC7C6FA481E72C18 ] cdfs            C:\WINDOWS\system32\DRIVERS\cdfs.sys
13:50:25.0342 0x22ec  cdfs - ok
13:50:25.0404 0x22ec  [ 0A92DC116CFC7F6BE8167DD25CB925CC, 50CAC7BE14FF69B10C029E049F7C441A5572540F027F95F940B185C76C689409 ] CDPSvc          C:\WINDOWS\System32\CDPSvc.dll
13:50:25.0504 0x22ec  CDPSvc - ok
13:50:25.0542 0x22ec  [ 82D97776BF982AA143BDC7DFB5054EA8, 954F56728371E6B3514586DCEAF15C4727BAED6CAFBF788654C4E03BD702942C ] cdrom           C:\WINDOWS\System32\drivers\cdrom.sys
13:50:25.0605 0x22ec  cdrom - ok
13:50:25.0658 0x22ec  [ 4E9158CECF77A029AB98E8FBB43FCED5, AFF8BDB8F8F8DDF4FC0D65712E031DC360856CD3CE5C8A4C8FF960388F37462F ] CertPropSvc     C:\WINDOWS\System32\certprop.dll
13:50:25.0727 0x22ec  CertPropSvc - ok
13:50:25.0774 0x22ec  [ 0505C1D991D0F9D47F3353BB98597C7E, 3B801CCF4980256327A4A9FBD98007DA1E3ACE9C94E5A4C23AB21303B46E8B5A ] circlass        C:\WINDOWS\System32\drivers\circlass.sys
13:50:25.0827 0x22ec  circlass - ok
13:50:25.0890 0x22ec  [ 8B4B39C507ABA09AAFE8E3932D1B392C, 734700155A658BC08FC96E8F99A01DE7F7251D7DDEFA79D258B2EEB370BA7AA8 ] CLFS            C:\WINDOWS\system32\drivers\CLFS.sys
13:50:25.0990 0x22ec  CLFS - ok
13:50:26.0274 0x22ec  [ 323DE48A358D07B81A8DB72057238359, 71854D2C40664493E05C0A7E4F0C7CC74ADA1A63EEC1D4FE32350F6AF8728243 ] ClickToRunSvc   C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
13:50:26.0559 0x22ec  ClickToRunSvc - ok
13:50:26.0659 0x22ec  [ F7526C133AC265F283012E9CD751F873, 6AABDD92FD880F49F63C1CC478C3D8291AF670802CEC58B32730E7675D858D88 ] ClipSVC         C:\WINDOWS\System32\ClipSVC.dll
13:50:26.0775 0x22ec  ClipSVC - ok
13:50:26.0860 0x22ec  [ 95832B049E2833B9F5189823CDF946C7, 72773A42A89220B4A6AC72D1633B16F11191A44D876A44FAB5CEFB717CE3223D ] CmBatt          C:\WINDOWS\System32\drivers\CmBatt.sys
13:50:26.0912 0x22ec  CmBatt - ok
13:50:26.0974 0x22ec  [ B2A6D2A30E93B6F215F74AC7E1733C9C, 960299F7BF2501B46296EDEA050BF30313C17A9B785574B56B79C070BD1B6E1A ] cm_km           C:\WINDOWS\system32\DRIVERS\cm_km.sys
13:50:27.0041 0x22ec  cm_km - ok
13:50:27.0110 0x22ec  [ 3B866F8CB10719A5AF9E410B1B149714, B0A32B526290ED8E1DD93C70AB49DD417B82CA23D6B815163131247091D61DBA ] CNG             C:\WINDOWS\system32\Drivers\cng.sys
13:50:27.0226 0x22ec  CNG - ok
13:50:27.0241 0x22ec  [ 58D640BC2294C71BDE0953F12D4B432F, 0B3B7659FCB97791A2A1F895C8E6F9078F855C94C13EB47464492588C4B02B85 ] cnghwassist     C:\WINDOWS\system32\DRIVERS\cnghwassist.sys
13:50:27.0291 0x22ec  cnghwassist - ok
13:50:27.0395 0x22ec  [ 14F9883588398A1BDE49C75098C75DE6, D9D82DE89FAFE60BC902683BC44C7555533A030150FD5E5A35A24542FACC5CAD ] CompositeBus    C:\WINDOWS\System32\DriverStore\FileRepository\compositebus.inf_amd64_912dfdedc3d2f520\CompositeBus.sys
13:50:27.0442 0x22ec  CompositeBus - ok
13:50:27.0457 0x22ec  COMSysApp - ok
13:50:27.0490 0x22ec  [ 02B8E49148DE5E0A2F6FDF28CE94A6AC, EEA405823F441CA604BEAA44EB71A1D20BC80E124FF7B27380D0201AAF2E0849 ] condrv          C:\WINDOWS\system32\drivers\condrv.sys
13:50:27.0526 0x22ec  condrv - ok
13:50:27.0611 0x22ec  [ 86BE19C6A177AEB93302EA5C4FBE2D11, 5404AB84D270549B1A46574EBDC857525F71B117BE3BA0098FA0A696E56D5C39 ] CoreMessagingRegistrar C:\WINDOWS\system32\coremessaging.dll
13:50:27.0743 0x22ec  CoreMessagingRegistrar - ok
13:50:27.0892 0x22ec  [ B18D590BC5220FDB4A747BC16D78ABC7, D46F8B43BAC22E55DE9AFC19CF371B1C4E8D3707163598B2F9884BB31D730C09 ] cphs            C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
13:50:27.0974 0x22ec  cphs - ok
13:50:28.0027 0x22ec  [ 2CE0D74AED86A372997E9D77AE10B9F5, 1AFAA22C68FD0B81F73CE0EB763AD77AB97E78916752843A5056E1352F0FEA82 ] CryptSvc        C:\WINDOWS\system32\cryptsvc.dll
13:50:28.0096 0x22ec  CryptSvc - ok
13:50:28.0143 0x22ec  [ 2619DC483579DB9FE804044C1ADFFD1A, 23A5420288735A980917091532BE7BB36EB51660AA4555C615AF736357EB02EC ] dam             C:\WINDOWS\system32\drivers\dam.sys
13:50:28.0174 0x22ec  dam - ok
13:50:28.0296 0x22ec  [ B339861C6A2A86FBCA67C2006B461473, 228ADC8A8603C0A4342C6CBC6F2CC919271D42391365061AF660E0D7151C66A4 ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
13:50:28.0459 0x22ec  DcomLaunch - ok
13:50:28.0528 0x22ec  [ 620921E77351FB651632322AD2C195C4, 5A98971995D7A2B5AE6BEA69344FCC6687B582FEF74BDA206D32FB2E6CEB0478 ] DcpSvc          C:\WINDOWS\system32\dcpsvc.dll
13:50:28.0628 0x22ec  DcpSvc - ok
13:50:28.0697 0x22ec  [ 6129EA4294C5C69E4665801E95B16AB2, CE419186CF0F57434426FF925A09F13BE87639679CBB5F2074B0E1A243349D27 ] defragsvc       C:\WINDOWS\System32\defragsvc.dll
13:50:28.0860 0x22ec  defragsvc - ok
13:50:28.0929 0x22ec  [ D12B9B6A6C4885824876422AACC89954, 5853ED5CAF84B7AAFF3EDC5C71FE23EB121DB681D81267D77118424BA9AB6F88 ] DeviceAssociationService C:\WINDOWS\system32\das.dll
13:50:29.0045 0x22ec  DeviceAssociationService - ok
13:50:29.0100 0x22ec  [ 15BA68662CED4B0618010A54478E18E5, 1B913BFA7AA11F3A82D80E95FC4857B810D341F9E68545710F90EBE44DAC1DF8 ] DeviceInstall   C:\WINDOWS\system32\umpnpmgr.dll
13:50:29.0198 0x22ec  DeviceInstall - ok
13:50:29.0247 0x22ec  [ 5BF8BD9B19D665452494C8D56DF4B28D, E5FC649207EF42C04B6737D442FECD3383E82F8998B140319FF400773F1D0978 ] DevQueryBroker  C:\WINDOWS\system32\DevQueryBroker.dll
13:50:29.0278 0x22ec  DevQueryBroker - ok
13:50:29.0332 0x22ec  [ 935823F79CBEDB91637B63D37E3A5A36, BE9A46F1CA631B9252C71758901D55456DC3C143053003D9FA7D67811A1E5026 ] Dfsc            C:\WINDOWS\system32\Drivers\dfsc.sys
13:50:29.0399 0x22ec  Dfsc - ok
13:50:29.0447 0x22ec  [ BC319C065335B10A5AA5938A677A60D5, 6F32AF2A440E763DC2ADD06F3422DCF3285BDFA9E69E5C3CD67A10F039B2830F ] dg_ssudbus      C:\WINDOWS\system32\DRIVERS\ssudbus.sys
13:50:29.0479 0x22ec  dg_ssudbus - ok
13:50:29.0563 0x22ec  [ 5841A361D28069DFC82E1E98040FDC3F, 3A48DB7ADE90654242CB54DAD07F5FF0CD5CABF372C50D5B2C4D7AED068986E1 ] Dhcp            C:\WINDOWS\system32\dhcpcore.dll
13:50:29.0632 0x22ec  Dhcp - ok
13:50:29.0716 0x22ec  [ 9F5AC03F5A0000DD96FA29CD68A6605B, 6964E077635E65DA902CA6C69E704A9DCD5856D22BA75E1CF823E63E62266AF7 ] diagnosticshub.standardcollector.service C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
13:50:29.0779 0x22ec  diagnosticshub.standardcollector.service - ok
13:50:29.0933 0x22ec  [ 15D174719872A30F2FDD6B5B1B8BA5D9, B0E6FF6FC47B731C204F110D4B768231906B144B31F602ECE8EAC24D70BA880D ] DiagTrack       C:\WINDOWS\system32\diagtrack.dll
13:50:30.0157 0x22ec  DiagTrack - ok
13:50:30.0328 0x22ec  [ E085B7FF07EDBD8F5D2A32E447A23E9F, 6A3D14C3CF3A5325BBF758612428A8C44E8C659A108CDA938AF60D1F5EF4039E ] Disc Soft Lite Bus Service C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe
13:50:30.0475 0x22ec  Disc Soft Lite Bus Service - ok
13:50:30.0560 0x22ec  [ 4904B152E4942BF700F2D73228B4D477, 0E5646DCA05A24C71F057C9F9F64AE992D338DA72DF3126175C2FA178854C30F ] disk            C:\WINDOWS\system32\drivers\disk.sys
13:50:30.0614 0x22ec  disk - ok
13:50:30.0692 0x22ec  [ 49F069E2D22F33955A69D44DFD1B5179, 739C52C7B961BA683E8C7CCDB0E95423C17561B2F1F506BAE923DC53DB96B067 ] DmEnrollmentSvc C:\WINDOWS\system32\Windows.Internal.Management.dll
13:50:30.0797 0x22ec  DmEnrollmentSvc - ok
13:50:30.0830 0x22ec  [ 0197AE4B9790A4E73751CACFAA480126, 86BBB398F1A93754B2C329271F13A88FD2F285F30225C38F068F565CCA14EB9F ] dmvsc           C:\WINDOWS\System32\drivers\dmvsc.sys
13:50:30.0877 0x22ec  dmvsc - ok
13:50:30.0946 0x22ec  [ 5EF8EC71A7A91F3DF7798BEFE6786B0E, A3A56B43C72926881C66B7A17C9EAA35C2D9603C8D3849438838536BCD3F4633 ] dmwappushservice C:\WINDOWS\system32\dmwappushsvc.dll
13:50:31.0012 0x22ec  dmwappushservice - ok
13:50:31.0062 0x22ec  [ 5839A317C25F70979433E0905DFABB1B, 7F1CD50C77A33A10259D8A208A355BE7ECAFEA69F810AD908EF8878A792741AF ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
13:50:31.0146 0x22ec  Dnscache - ok
13:50:31.0231 0x22ec  [ 1B15297A3A2CAB6BD586676154F389D8, 623D5F5FC8622B7D9AEEEB1787E6846C1570F0EEF94341239440B616D09D672A ] dot3svc         C:\WINDOWS\System32\dot3svc.dll
13:50:31.0347 0x22ec  dot3svc - ok
13:50:31.0394 0x22ec  [ 316C2D8B8E3C0727969F1C3790EF7193, 631F8578FDB26578C8436E4B9C4DF21E1F58FCFE6DA66E5769AAC3739005D465 ] DPS             C:\WINDOWS\system32\dps.dll
13:50:31.0447 0x22ec  DPS - ok
13:50:31.0494 0x22ec  [ 25FA06D3B49D6ADF8E874FFCDCD76B50, 9AF09B96ED79D94EA36581ABE6CC73313A72891779774B15860D018BEA2BBA0F ] drmkaud         C:\WINDOWS\System32\drivers\drmkaud.sys
13:50:31.0532 0x22ec  drmkaud - ok
13:50:31.0616 0x22ec  [ 16EE6701115BECF8C657D9D6E123F6A1, 16E115B5245C3C988F8B58B90D30F183021C7C7792D3D1C74BEC606E49672B2A ] DsmSvc          C:\WINDOWS\System32\DeviceSetupManager.dll
13:50:31.0694 0x22ec  DsmSvc - ok
13:50:31.0763 0x22ec  [ FBC8C56814642A7CA88ACBCA8DD1121F, 108690704A359991C3D6577477E232F5F2F46B36DF6B4B0738A893EF05D7D4EB ] DsSvc           C:\WINDOWS\System32\DsSvc.dll
13:50:31.0817 0x22ec  DsSvc - ok
13:50:31.0864 0x22ec  [ 496C3C6BC3D930D0960C9E75AA30F4A7, 3FE0E86DA8C2C6A990BB2F1B92C22BD3483882B8D69FF8025BB68A199362C234 ] dtlitescsibus   C:\WINDOWS\System32\drivers\dtlitescsibus.sys
13:50:31.0895 0x22ec  dtlitescsibus - ok
13:50:32.0064 0x22ec  [ 48D8729FACC784900B831212AE56F824, 6AAE1E78B84D0C12B99BE050B787AA167E6BA0B5AA621BEE0DB5312A4771DA63 ] DXGKrnl         C:\WINDOWS\System32\drivers\dxgkrnl.sys
13:50:32.0342 0x22ec  DXGKrnl - ok
13:50:32.0390 0x22ec  [ 0CDF6B61D7F7FFCD195AF0113B9B2C16, 828D3FA31742B54075EAED2E67BBB5166D2EF4F84B791077E96DC0BD5557F11E ] Eaphost         C:\WINDOWS\System32\eapsvc.dll
13:50:32.0452 0x22ec  Eaphost - ok
13:50:32.0783 0x22ec  [ 491275B864B704B54EC08168344E0F38, B4849400C3F819CF7809A2001EA2ECB527022483F7DFE31C3930F951EAFE50CE ] ebdrv           C:\WINDOWS\system32\drivers\evbda.sys
13:50:33.0220 0x22ec  ebdrv - ok
13:50:33.0283 0x22ec  [ 889459F1FDDC5EC58B437AA6C436F33F, 8ACC32C88D81943A8A90FDAF4772C3EDE06CAB5F489F59525BEA7AAB99DAAE73 ] EFS             C:\WINDOWS\System32\lsass.exe
13:50:33.0330 0x22ec  EFS - ok
13:50:33.0367 0x22ec  [ CEF108FCE06892CFA5F1B49527D4BF49, FA337584024B6E6EE4AF519F57FFA4C0FCA19EDC148FF309336C4CCA8F9C9CE8 ] EhStorClass     C:\WINDOWS\system32\drivers\EhStorClass.sys
13:50:33.0414 0x22ec  EhStorClass - ok
13:50:33.0446 0x22ec  [ 5B1EAAE3001A7A320C106FC3859F4111, 700BA2C7D4DFAFFEB78D3804B310A4EE5B4295C84600442665693FF661673951 ] EhStorTcgDrv    C:\WINDOWS\system32\drivers\EhStorTcgDrv.sys
13:50:33.0483 0x22ec  EhStorTcgDrv - ok
13:50:33.0548 0x22ec  [ E34DEFC09F2843C2C24C2248F1ABE6D8, 1FD67EB5820A1D2F4402DE9D95DE288DB69D421A8473074FF23491D7CA8B5ACE ] embeddedmode    C:\WINDOWS\System32\embeddedmodesvc.dll
13:50:33.0614 0x22ec  embeddedmode - ok
13:50:33.0668 0x22ec  [ 062152DD5B225518A991DFCD8536770C, 5C8EF4E0C7DE3B24387FF239A8D0CDA39C2376826F16EAFF09739A6C7EDA01E0 ] EntAppSvc       C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll
13:50:33.0768 0x22ec  EntAppSvc - ok
13:50:33.0783 0x22ec  [ 7A2705148A4BB3CA255F81624338B461, 68AC8F8D2DD8AA4E8F2224A0054DE2AF67EA199217E87CD3C7299B021048F14F ] ErrDev          C:\WINDOWS\System32\drivers\errdev.sys
13:50:33.0830 0x22ec  ErrDev - ok
13:50:33.0868 0x22ec  [ 3B32CAA07D672F8A2E0DF5CB3A873F45, 09687E30FA5779C3593769D66CAEBED95C932746EDD6E83DABE3DCFD126AB5EC ] EsgScanner      C:\WINDOWS\system32\DRIVERS\EsgScanner.sys
13:50:33.0915 0x22ec  EsgScanner - ok
13:50:33.0999 0x22ec  [ 17BE4A35829B37C742084DC02D48E5F0, 7FDA62B56DF585C3F2C6FFB10AC7C0D8F70FA921C4DEA47B2789745CFE2618CE ] EventSystem     C:\WINDOWS\system32\es.dll
13:50:34.0117 0x22ec  EventSystem - ok
13:50:34.0187 0x22ec  [ DFE8A33FBCF6F38182631A4D6097B92D, F9D06780830E74FD5309E6DC5C3EEDB9334A8AE284F381FA91EF2729297F8632 ] exfat           C:\WINDOWS\system32\drivers\exfat.sys
13:50:34.0272 0x22ec  exfat - ok
13:50:34.0334 0x22ec  [ C330883C06E2D4CE4F6982F048265D37, 26044DE176056B7F5BF2A50A659243CFD7F25CFEE035B3A3C3165B3699872926 ] fastfat         C:\WINDOWS\system32\drivers\fastfat.sys
13:50:34.0419 0x22ec  fastfat - ok
13:50:34.0503 0x22ec  [ 952F10D2116B91BA433842D07879AE7A, 9E1EC0C719877EF198AA4DDBE896E9DDEAD360AAC1FC6DF305E7C5C73C7A761D ] Fax             C:\WINDOWS\system32\fxssvc.exe
13:50:34.0635 0x22ec  Fax - ok
13:50:34.0673 0x22ec  [ 9D299AE86D671488926126A84DF77BFD, C076EEDD0524B7D88BC56C97089E0A836CC1AD725E1A544CC4F8DDBB6670C366 ] fdc             C:\WINDOWS\System32\drivers\fdc.sys
13:50:34.0720 0x22ec  fdc - ok
13:50:34.0757 0x22ec  [ 47D09B8C312658ACE433E46DDF51C3A5, E76948DA0F51C7DC6D69B7E36D63CE6E98FDE619FA30E91637F75B5084107D22 ] fdPHost         C:\WINDOWS\system32\fdPHost.dll
13:50:34.0835 0x22ec  fdPHost - ok
13:50:34.0889 0x22ec  [ 177AC945B20C81400A1525ED7B49A425, FD215A2E718EA38A95D985F53AB3DD44B50C2549AA67F44BA98C4709E492051F ] FDResPub        C:\WINDOWS\system32\fdrespub.dll
13:50:34.0958 0x22ec  FDResPub - ok
13:50:34.0989 0x22ec  [ 3E78BEC276DA5A062E4D55F3291B3463, 62983457F506C70D1F89F527AB61C1C0F4D1B002631256A2708F9AF092A8C95E ] fhsvc           C:\WINDOWS\system32\fhsvc.dll
13:50:35.0074 0x22ec  fhsvc - ok
13:50:35.0105 0x22ec  [ 8F2523C9D8F1448FF2156452AF60FA00, 1D39CA54F5F1E62385D9EC041F9445BDDCB63740859B9418AE904FDF3D8388ED ] FileCrypt       C:\WINDOWS\system32\drivers\filecrypt.sys
13:50:35.0174 0x22ec  FileCrypt - ok
13:50:35.0221 0x22ec  [ 92ECCFA58C8195B8EA33ED942469D4E6, 8DB12E8CF80ECA22182F9A1F4CA922336A430297F1F596F204ECF4D9D19F30D9 ] FileInfo        C:\WINDOWS\system32\drivers\fileinfo.sys
13:50:35.0259 0x22ec  FileInfo - ok
13:50:35.0290 0x22ec  [ 87C51FDD50C17882BA93E28BBABB9847, 8987D80FB77D1D3F9E89B491B1287B027DA26FFC4E4BA7B01E07D4D4FC69E236 ] Filetrace       C:\WINDOWS\system32\drivers\filetrace.sys
13:50:35.0359 0x22ec  Filetrace - ok
13:50:35.0374 0x22ec  [ E99261DD76D1C9E05AF575939CAE5AC5, A789724FD2E22AFB2F921836F5C19A21D17F4BBD604771E2908C2651BD31989C ] flpydisk        C:\WINDOWS\System32\drivers\flpydisk.sys
13:50:35.0437 0x22ec  flpydisk - ok
13:50:35.0475 0x22ec  [ 25D7A58625E1453E40D36825DE74E4F1, 74119803D35E3C3CC349B44C6CD9EDF6B797F88584B847F0BF9EED542719B86B ] FltMgr          C:\WINDOWS\system32\drivers\fltmgr.sys
13:50:35.0537 0x22ec  FltMgr - ok
13:50:35.0707 0x22ec  [ 4387DE200BF8DD0E2EE828E655434B9A, 9148D65E54663EEC139E754091F47ABF439A637BEA83F600D30736522DAA845D ] FontCache       C:\WINDOWS\system32\FntCache.dll
13:50:35.0992 0x22ec  FontCache - ok
13:50:36.0140 0x22ec  [ E79DAC43A5E191FC4DDB04197A704BFA, 2FA6C8B5B2DFE66C05828E3F55DFD6268A8210E9BD083F2D09367AD59AF1C6C1 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
13:50:36.0177 0x22ec  FontCache3.0.0.0 - ok
13:50:36.0240 0x22ec  [ B4175E8BE60B099686FF55CA7D692316, 3158FC5B4D1A2F1FC1346754392AE24AE58999B9061B1CE78A65E785BFFADD52 ] FsDepends       C:\WINDOWS\system32\drivers\FsDepends.sys
13:50:36.0278 0x22ec  FsDepends - ok
13:50:36.0309 0x22ec  [ 97E192AD3C00286CB02B9E76565EF38B, 47BEC132D1A425A49E0E023B94BA47E08B40304CD3DD8031F2E345CD1F14539C ] fspad_win764    C:\WINDOWS\system32\DRIVERS\fspad_win764.sys
13:50:36.0362 0x22ec  fspad_win764 - ok
13:50:36.0566 0x22ec  [ 41AEDA395F97B67CD997DDE048EB9F6D, D0369330D8FC2CFE7FBCA48055195EE2BD54E6A0E2A92A14E34B7136166BCC35 ] FspSvc          C:\Windows\System32\FspService.exe
13:50:36.0785 0x22ec  FspSvc - ok
13:50:36.0832 0x22ec  [ CC71372CEB811A72F1DC99089C5CBF53, BB9DDE74D60E534A6F8A51B63DDBB441245F06A00A0AFD37DBBE86255690946D ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
13:50:36.0884 0x22ec  Fs_Rec - ok
13:50:36.0964 0x22ec  [ 50DFE05C698E9B0A63D95E3D669A105C, 3A7D5AE4A01B90C2ECF22AD2783A84C2329EAB9BACFA5237A7DCC3DC5995A864 ] fvevol          C:\WINDOWS\system32\DRIVERS\fvevol.sys
13:50:37.0084 0x22ec  fvevol - ok
13:50:37.0118 0x22ec  [ B9981A4CB9F728B3312A3885BFAA7204, 12FB2EB2E5D2A912769823DD9C1B33DB358CD0B7FBFC788529EF83DD584334F8 ] gagp30kx        C:\WINDOWS\system32\drivers\gagp30kx.sys
13:50:37.0164 0x22ec  gagp30kx - ok
13:50:37.0202 0x22ec  [ 77555B11B264991DDC26872FFCF1AB97, D5F230EEF74EB869F771F8A4AB19C1E6C845BB0EF4A1234882EBDA4FDC431E44 ] gencounter      C:\WINDOWS\System32\drivers\vmgencounter.sys
13:50:37.0249 0x22ec  gencounter - ok
13:50:37.0287 0x22ec  [ F3AC9652D88BF87BA6596CBEA28CE10F, 115F3C0A5B9903B17ADEA80E1825FE927B7361F5BDDF80CE3685EF2D327EDF4F ] genericusbfn    C:\WINDOWS\System32\drivers\genericusbfn.sys
13:50:37.0318 0x22ec  genericusbfn - ok
13:50:37.0365 0x22ec  [ F802FBABF0C4DF1BAA733187B2E476F5, E2533284CEBBB872196B013DD1FBBCA794DB1CAAA37D64849BD9264ECDD2CEE6 ] GPIOClx0101     C:\WINDOWS\system32\Drivers\msgpioclx.sys
13:50:37.0418 0x22ec  GPIOClx0101 - ok
13:50:37.0550 0x22ec  [ B55458A83395A2CFD4E745E9EC4AB5F2, EAB06B089D8A7DBC9AE2A1C919B489911690D341013A5F8F906819C68431CA85 ] gpsvc           C:\WINDOWS\System32\gpsvc.dll
13:50:37.0809 0x22ec  gpsvc - ok
13:50:37.0866 0x22ec  [ D011B0ADB15F4815310CE1BF4780B33E, 3860630917F83A89FE7A6407CC544505FA4BD754619CF273DD630ABFBAAE42EE ] GpuEnergyDrv    C:\WINDOWS\system32\drivers\gpuenergydrv.sys
13:50:37.0921 0x22ec  GpuEnergyDrv - ok
13:50:37.0990 0x22ec  [ DD7423ABBE2913E70D50E9318AD57EE4, 74BC123808F3FA60ADDC51C1383F8250608D3DBA3A8DC175B3418A1CF0BC53E9 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
13:50:38.0005 0x22ec  gupdate - ok
13:50:38.0021 0x22ec  [ DD7423ABBE2913E70D50E9318AD57EE4, 74BC123808F3FA60ADDC51C1383F8250608D3DBA3A8DC175B3418A1CF0BC53E9 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
13:50:38.0059 0x22ec  gupdatem - ok
13:50:38.0106 0x22ec  [ 84BC034B6BB763733C1949B7B9BAF976, 18C2C0F15BAFA46197F0BB629C4F585D893C2A78324CA198F88A04527D524F23 ] HDAudBus        C:\WINDOWS\System32\drivers\HDAudBus.sys
13:50:38.0159 0x22ec  HDAudBus - ok
13:50:38.0175 0x22ec  [ 6B8CB114B8E64C0636EB49F7B914D1FC, 1AD7A43CC5CD99DCEF60C61242B6843D4AD925CE93BA5D75CD8395C7125EF5A7 ] HidBatt         C:\WINDOWS\System32\drivers\HidBatt.sys
13:50:38.0222 0x22ec  HidBatt - ok
13:50:38.0255 0x22ec  [ D1AD197CCDAAC0CB4819DA1D6EB17BAE, C370F974D0A1F7B60F47EAFF57B6CCABE82913187F8BFEE169B8237AE91247B1 ] HidBth          C:\WINDOWS\System32\drivers\hidbth.sys
13:50:38.0306 0x22ec  HidBth - ok
13:50:38.0322 0x22ec  [ 64909DECCFCC6FB5D9A5BAFDCCB31FEE, E19C91FD8D5102A8C4F6C6FF70CA058BB272FEC1B6E9CBA3A473C49948E6AC7E ] hidi2c          C:\WINDOWS\System32\drivers\hidi2c.sys
13:50:38.0375 0x22ec  hidi2c - ok
13:50:38.0391 0x22ec  [ F510F7B7BF61DEAAC04E65C3B65E8D59, 11566086B06FB08B6A179E3068E022DA381C762DC8962D1E1D63DC646DD4D301 ] hidinterrupt    C:\WINDOWS\System32\drivers\hidinterrupt.sys
13:50:38.0438 0x22ec  hidinterrupt - ok
13:50:38.0460 0x22ec  [ 90F3ED42D423C942BA5EA54E2FFE7AC7, BF7DE0C8141CD20A6235657BA897A019ABEFF6A01AA3FB202C73C33433CDEAF8 ] HidIr           C:\WINDOWS\System32\drivers\hidir.sys
13:50:38.0507 0x22ec  HidIr - ok
13:50:38.0538 0x22ec  [ 46DE2EF6382DD9613CB506760648F262, 419555220794380134A64E1956B83B2FD1D1B6E403C5FC729A9107E14A12E968 ] hidserv         C:\WINDOWS\system32\hidserv.dll
13:50:38.0591 0x22ec  hidserv - ok
13:50:38.0623 0x22ec  [ 128DEDDD61915DBA4D451D91D21F0513, 961A0DDA02B0879989300C15E4FF9022882A4CD895D65335C263AC0DD1918314 ] HidUsb          C:\WINDOWS\System32\drivers\hidusb.sys
13:50:38.0676 0x22ec  HidUsb - ok
13:50:38.0723 0x22ec  [ 7CEC266216126BC9A0E1072E1A7E5702, 6B2C0768C8F2590E65B9520D266C07D1A9D89B9E185CC359B0453F399836759F ] HomeGroupListener C:\WINDOWS\system32\ListSvc.dll
13:50:38.0823 0x22ec  HomeGroupListener - ok
13:50:38.0908 0x22ec  [ E2145534FB853921788F52701BED0CAB, DF71F842772FAC21DD8994C97F578A78AC43D06C5F26F752FB69B47DFE3BB112 ] HomeGroupProvider C:\WINDOWS\system32\provsvc.dll
13:50:39.0024 0x22ec  HomeGroupProvider - ok
13:50:39.0093 0x22ec  [ FF442DCDCE1F6E9FAA9C8AD0CD1D199B, A239414E97B310C9545995B0E723B5E792B08D71F651450EB006AD4D1765E4F7 ] HpSAMD          C:\WINDOWS\system32\drivers\HpSAMD.sys
13:50:39.0140 0x22ec  HpSAMD - ok
13:50:39.0240 0x22ec  [ 63C3F74DC398A1C1A77E39DFB9C312CA, 283A13899838B4313BFBC406E832042696C549640A1AB11E23C0B9E499289836 ] HTTP            C:\WINDOWS\system32\drivers\HTTP.sys
13:50:39.0396 0x22ec  HTTP - ok
13:50:39.0443 0x22ec  [ CBA5E88A0F0475B7F49653BB72150BEF, 0F03560D9C30E069D117A555AEE729C81E6BCAE443FA25172D0E9E6903695C67 ] hwpolicy        C:\WINDOWS\system32\drivers\hwpolicy.sys
13:50:39.0481 0x22ec  hwpolicy - ok
13:50:39.0512 0x22ec  [ D668FAB4B0397B426EE3D41683B9A1C0, 66F3E3B2ABC3C9B25A0DADBF09818547ED301230374AC5302B4794629A95DDF8 ] hyperkbd        C:\WINDOWS\System32\drivers\hyperkbd.sys
13:50:39.0559 0x22ec  hyperkbd - ok
13:50:39.0581 0x22ec  [ 53FDD9E69189E546DE4740F8C4D8AB2F, 45ED5B229ED5FD0CEE8BF52EFF88FD8B1889BF348ED7187926F290B3AD48A76D ] i8042prt        C:\WINDOWS\System32\drivers\i8042prt.sys
13:50:39.0628 0x22ec  i8042prt - ok
13:50:39.0665 0x22ec  [ 9A2A2F3C69B9A30B6E78536F6D258BAD, 5E28E132A7300E6F5E0C6439D6BA00F1AEF66D729FF671FDA91274A25A921463 ] iai2c           C:\WINDOWS\System32\drivers\iai2c.sys
13:50:39.0728 0x22ec  iai2c - ok
13:50:39.0766 0x22ec  [ 59A20F5AD9F4AE54098154359519408E, E27B7389C9D123CDDA4EC9CBDB06C4AA5000012391F940EE1492419B593608FE ] iaLPSS2i_I2C    C:\WINDOWS\System32\drivers\iaLPSS2i_I2C.sys
13:50:39.0828 0x22ec  iaLPSS2i_I2C - ok
13:50:39.0844 0x22ec  [ 16A10CCEDCF5AC4CAAE43DC9FC40392F, F77696AE55B992154A3B35F7660BD73E0AB35A6ECEEC1931C0D35748CFA605C0 ] iaLPSSi_GPIO    C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys
13:50:39.0881 0x22ec  iaLPSSi_GPIO - ok
13:50:39.0897 0x22ec  [ EB82A11613326691508D9ED9A4FE29E7, 8445E41BAB21964C7F014742795E462BDDC6C37A261990B3D6BF4E637A719547 ] iaLPSSi_I2C     C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys
13:50:39.0966 0x22ec  iaLPSSi_I2C - ok
13:50:40.0029 0x22ec  [ 6B0029A0253098CCE28EACCFDB9E7208, E33AD69644E1683A971DA1169B704FBCFD9F715E9550816058E420BB5DE4D946 ] iaStorAV        C:\WINDOWS\system32\drivers\iaStorAV.sys
13:50:40.0144 0x22ec  iaStorAV - ok
13:50:40.0214 0x22ec  [ 9652E1E35A92D8C75710C17A63B15796, 72F8C4A49B874226DEE9B7C9704F0E0A98DAA2DF4EAE2F2258E8324ACBD242E4 ] iaStorV         C:\WINDOWS\system32\drivers\iaStorV.sys
13:50:40.0298 0x22ec  iaStorV - ok
13:50:40.0345 0x22ec  [ FFADF691F7BF727AF5C863454A372723, FCF5A5595E8C9C937BE9F1C3AB5D9BD0EFE82DE1298D12085E0CCD84A186D2F2 ] ibbus           C:\WINDOWS\System32\drivers\ibbus.sys
13:50:40.0445 0x22ec  ibbus - ok
13:50:40.0530 0x22ec  [ DE9E40BAEE2E48FD1E3EB423074C014C, 33F0738F8E0C803C025E72401E9A3A5B54E5256BFF18CEE6D913EB65E8003D2B ] iBtFltCoex      C:\WINDOWS\system32\DRIVERS\iBtFltCoex.sys
13:50:40.0545 0x22ec  iBtFltCoex - detected UnsignedFile.Multi.Generic ( 1 )
13:50:43.0908 0x22ec  Detect skipped due to KSN trusted
13:50:43.0908 0x22ec  iBtFltCoex - ok
13:50:44.0008 0x22ec  [ 80BF2990E01E774D64F6E13F30661942, ADFEA2280D29F2C7B0A556C61709301D6327C288064FF5A4D29358403DF41DCE ] icssvc          C:\WINDOWS\System32\tetheringservice.dll
13:50:44.0093 0x22ec  icssvc - ok
13:50:44.0108 0x22ec  IEEtwCollectorService - ok
13:50:44.0531 0x22ec  [ 79AE3CC82CA1563A4B392207997ACE7C, A1E4A1DA95CA2FA197EF5975657822F0F813F6C33DA38E1FA5A840194034D071 ] igfx            C:\WINDOWS\system32\DRIVERS\igdkmd64.sys
13:50:45.0169 0x22ec  igfx - ok
13:50:45.0265 0x22ec  [ 95A03F67830FDCB950E70261128D540D, D052CB703500E2871CF51E015E444F2A99FA9A7579AC422104F0E411F6107BD0 ] IKEEXT          C:\WINDOWS\System32\ikeext.dll
13:50:45.0448 0x22ec  IKEEXT - ok
13:50:45.0506 0x22ec  [ CADDF0927DAC63EDAE48F5C35A61D87D, C46006461311B1563C1D149B9D60B202F30147265B9D93069B084D03A09D2BEC ] intaud_WaveExtensible C:\WINDOWS\system32\drivers\intelaud.sys
13:50:45.0525 0x22ec  intaud_WaveExtensible - ok
13:50:45.0787 0x22ec  [ A5F7CEF8A939EBE270462EDEFD629F20, 889AB15BB3027C3350449776158579C9916F1CCA2B278FEB50E23D599366FDFA ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RTKVHD64.sys
13:50:46.0089 0x22ec  IntcAzAudAddService - ok
13:50:46.0133 0x22ec  [ AE594CC17C33AC146739494615E14851, 0E4FA415C1B4065083D761A458450FAE9C6A6EE6E49B3A598B43871D6F01B3EC ] IntcDAud        C:\WINDOWS\system32\DRIVERS\IntcDAud.sys
13:50:46.0211 0x22ec  IntcDAud - ok
13:50:46.0264 0x22ec  [ ECDB27420D3A98424666904525A8562A, BDA98C3C95F2AD79945EF8213D5C65064052C09C82DD36F0D6724E1D21DCC30A ] intelide        C:\WINDOWS\system32\drivers\intelide.sys
13:50:46.0295 0x22ec  intelide - ok
13:50:46.0333 0x22ec  [ 8FF1978643EFD219C5BA49690191D701, 6FD78A8490107C80090D7125644B8C910855374BE1373D1D6B199307C79680BA ] intelpep        C:\WINDOWS\system32\drivers\intelpep.sys
13:50:46.0364 0x22ec  intelpep - ok
13:50:46.0411 0x22ec  [ B61B60F36E1C8022FA8166ABF0F66B07, 23161F1DA51D44D936329E62DF4C2DAEE3DDD4B3D62CC501A888C0E149788968 ] intelppm        C:\WINDOWS\System32\drivers\intelppm.sys
13:50:46.0465 0x22ec  intelppm - ok
13:50:46.0496 0x22ec  [ CA0D42029AFFC4514D295E1EF823D02D, F2A05CB2B2E8C843FD02DC37E86F23CF928A4B2F9044424A60DE4E82B87DF5C3 ] IoQos           C:\WINDOWS\system32\drivers\ioqos.sys
13:50:46.0534 0x22ec  IoQos - ok
13:50:46.0565 0x22ec  [ 6E3F9D95235DFC9417384080A216F310, 6F13D72661038A91CFABB360621F4B169D78955C3EAD64956A7C825ABAEC5121 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
13:50:46.0634 0x22ec  IpFilterDriver - ok
13:50:46.0734 0x22ec  [ 6E75B731A8A7EFED0821327B08DAB46D, A77B746447824BD3C68B82D7329B82D62098B2409F8AEE4738FA23CB1561E629 ] iphlpsvc        C:\WINDOWS\System32\iphlpsvc.dll
13:50:46.0966 0x22ec  iphlpsvc - ok
13:50:46.0997 0x22ec  [ 4F527ECB5EAB47D8EAF34A469666C469, 8FFBEEF42515B6A7758BE579ED69E3911856CBF7710D9785011332C5E3DFE495 ] IPMIDRV         C:\WINDOWS\System32\drivers\IPMIDrv.sys
13:50:47.0050 0x22ec  IPMIDRV - ok
13:50:47.0097 0x22ec  [ 9E5E8F2A1996F23B7E9687846AA81B01, 29E59384A4F92B3B4F2974942C91A12380113C13D3800900B5F44E2355D05455 ] IPNAT           C:\WINDOWS\system32\drivers\ipnat.sys
13:50:47.0166 0x22ec  IPNAT - ok
13:50:47.0182 0x22ec  [ C317EB660138BC9CBFE37CCDE56351AE, F3AF6C573419D7F65C96A4841D4F056CA281CD5AFACDC7A5F586A390DC6E615B ] IRENUM          C:\WINDOWS\system32\drivers\irenum.sys
13:50:47.0235 0x22ec  IRENUM - ok
13:50:47.0282 0x22ec  [ 531994A6D9399D9B74BE12B5BB58A81E, 6D5CF540C777F4828E1D4C5FE58EE41E6C2F5F399C554DC85F19D1E52229B094 ] isapnp          C:\WINDOWS\system32\drivers\isapnp.sys
13:50:47.0313 0x22ec  isapnp - ok
13:50:47.0367 0x22ec  [ 68D5354A4A9692EEC24664C60F47D4A2, 92124E98B6E286B6127DC6D0BFACC9C6D293D58EAE2B47B45532714CE6A6D0CD ] iScsiPrt        C:\WINDOWS\System32\drivers\msiscsi.sys
13:50:47.0435 0x22b0  Object required for P2P: [ 323DE48A358D07B81A8DB72057238359 ] ClickToRunSvc
13:50:47.0451 0x22ec  iScsiPrt - ok
13:50:47.0483 0x22ec  [ 701D7DB13B0815E7076EF4CB4CE981F8, 02585661656C0069AC318B82DE83DAC660451A0B970FDBCA0F7A8B4CBF7D93A9 ] kbdclass        C:\WINDOWS\System32\drivers\kbdclass.sys
13:50:47.0532 0x22ec  kbdclass - ok
13:50:47.0552 0x22ec  [ 884EBBDDBF5968003B40185BD96FF0E6, E3934D0FF0BEDDF5526AF529F7D15BA8BE479383894975B1AF1A1818C394A6E3 ] kbdhid          C:\WINDOWS\System32\drivers\kbdhid.sys
13:50:47.0583 0x22ec  kbdhid - ok
13:50:47.0598 0x22ec  [ 6B3A0C7902811E6372643447E41F7048, 30667B56A306CFD5D15BC46F8E7D9E167612E71B6C8F554406E706A6330F5B94 ] kdnic           C:\WINDOWS\System32\drivers\kdnic.sys
13:50:47.0652 0x22ec  kdnic - ok
13:50:47.0683 0x22ec  [ 889459F1FDDC5EC58B437AA6C436F33F, 8ACC32C88D81943A8A90FDAF4772C3EDE06CAB5F489F59525BEA7AAB99DAAE73 ] KeyIso          C:\WINDOWS\system32\lsass.exe
13:50:47.0736 0x22ec  KeyIso - ok
13:50:47.0799 0x22ec  [ BEE1682DA217A4AD46C36896769AA580, 4D853D78E459F7BFE4F4217FCAD47CDACFAC19C2F6CF8261FBAA46BDB387FFDC ] kl1             C:\WINDOWS\system32\DRIVERS\kl1.sys
13:50:47.0884 0x22ec  kl1 - ok
13:50:47.0915 0x22ec  [ 86F40D79CE80ACBE6BEBAC8CE89D75A0, 8B800425160D1AF3C32EF7B5CA794658EE09CD3EE782473D8D38E1C7706076B3 ] klbackupdisk    C:\WINDOWS\system32\DRIVERS\klbackupdisk.sys
13:50:47.0937 0x22ec  klbackupdisk - ok
13:50:47.0968 0x22ec  [ 2B4BC41223326FF440E2DB32B9239138, E95D5BB3388D6B219A4C175D5DA77CEB620A27A13F5AA4E7E2C05694B6E26947 ] klbackupflt     C:\WINDOWS\system32\DRIVERS\klbackupflt.sys
13:50:47.0999 0x22ec  klbackupflt - ok
13:50:48.0037 0x22ec  [ 80D7529E1CF09261FADF55E69EFDA90B, 2FE5EC38866E12D78AE3F4AD8CF647BDED616E8A36D9D737F9B6564DDA4685E7 ] kldisk          C:\WINDOWS\system32\DRIVERS\kldisk.sys
13:50:48.0084 0x22ec  kldisk - ok
13:50:48.0100 0x22ec  [ E2097C8F18F1E8E3B7D09F12B51843A3, 0506A99BD0962AAE64692BD7F080DB080F8B678DC59685CF22830A47B486430C ] klelam          C:\WINDOWS\system32\DRIVERS\klelam.sys
13:50:48.0153 0x22ec  klelam - ok
13:50:48.0200 0x22ec  [ BACE50477C184A3AA0755702C23B8B27, 5708A1B7C22702AD2E5DD4491A911A51D2FB768E46857639C0C5D8736E487D0F ] klflt           C:\WINDOWS\system32\DRIVERS\klflt.sys
13:50:48.0238 0x22ec  klflt - ok
13:50:48.0284 0x22ec  [ 0698A6918DAF5B1710F5A5170C34FC03, 15CBA4089950812A5815D7517B6C25959A793A55A66F8AA6746618D42A849351 ] klhk            C:\WINDOWS\system32\DRIVERS\klhk.sys
13:50:48.0338 0x22ec  klhk - ok
13:50:48.0416 0x22ec  [ 3DC953B77F13031C7763464FC0AD1E71, B0142B8A9FB5889D7F76E16EA26F1EA9BC7F1770226CD139B3C932671EBD802B ] KLIF            C:\WINDOWS\system32\DRIVERS\klif.sys
13:50:48.0540 0x22ec  KLIF - ok
13:50:48.0556 0x22ec  [ E62321376344231F5F488758ACC6D553, 1155C1FDD5C95B05EABBD4268A7D3FFF050D0C0921B61226179C312605AB46C3 ] KLIM6           C:\WINDOWS\system32\DRIVERS\klim6.sys
13:50:48.0587 0x22ec  KLIM6 - ok
13:50:48.0656 0x22ec  [ DAE5768E6FD34A36E3B9D1AF1FCA682B, 24DA0B71E3B4AC0FABEE0BF687DF8D35283DBF808CA3AB6F86E72B37471F6B33 ] klkbdflt        C:\WINDOWS\system32\DRIVERS\klkbdflt.sys
13:50:48.0687 0x22ec  klkbdflt - ok
13:50:48.0687 0x22ec  klkbdflt2 - ok
13:50:48.0718 0x22ec  [ FD47C92A63B6EADEA830BFA96C06EAEE, C15C39B6FA53CBD01A2F95243845C4B706B4229F8FFB75C7128819B9CEE5B2CB ] klmouflt        C:\WINDOWS\system32\DRIVERS\klmouflt.sys
13:50:48.0740 0x22ec  klmouflt - ok
13:50:48.0771 0x22ec  [ F610F5F17BC87D61EF8954CCD793BAE4, A77FE26B4A474FE799C3D569BDD7858319C57FC14C1BB43ECFAB1FDB19AF5DC6 ] klpd            C:\WINDOWS\system32\DRIVERS\klpd.sys
13:50:48.0803 0x22ec  klpd - ok
13:50:48.0840 0x22ec  [ 26D3895A519220E94D241A8858D40CD9, CBDE2B937D2897FC2F356F73D983023F7CBE3C9E8A2873877E5CAF40F3D9A680 ] klwfp           C:\WINDOWS\system32\DRIVERS\klwfp.sys
13:50:48.0872 0x22ec  klwfp - ok
13:50:48.0919 0x22ec  [ 91234D71CEED29F2DBA16942CABDCA4F, 5D71BAC86C33BC77EEBF1ECB8F372DFE631991E4C5F36EAF0C8C957150BD6D52 ] Klwtp           C:\WINDOWS\system32\DRIVERS\klwtp.sys
13:50:48.0972 0x22ec  Klwtp - ok
13:50:48.0988 0x22ec  [ 1686DE8288052316EFDD49EEA8929065, AD43D6ACCD8693BD76F218E1A4EE088BA061C1309A3E7DAA7EC94D875985D895 ] kneps           C:\WINDOWS\system32\DRIVERS\kneps.sys
13:50:49.0041 0x22ec  kneps - ok
13:50:49.0072 0x22ec  [ 982C795DE20CED7AEDD2E7899B5D9BC1, 9F4E7536DB253CD83AA2AB89E9F3311714CD70F13AFD16F9B4D4CD86A70FC164 ] KSecDD          C:\WINDOWS\system32\Drivers\ksecdd.sys
13:50:49.0104 0x22ec  KSecDD - ok
13:50:49.0157 0x22ec  [ 7D8B9214692C4D0F1646215D9984E19A, DC73503A8CA67F4E167DEA69AADDEA5F2D756E1C1F4FF42B6ECEA7E637BB80AB ] KSecPkg         C:\WINDOWS\system32\Drivers\ksecpkg.sys
13:50:49.0188 0x22ec  KSecPkg - ok
13:50:49.0219 0x22ec  [ E9BB0023D730701BB5D9839B44F5E6B5, 19D4BAC09424D331922472CFD2D0E32BEFA9188A6AF194C8D1F93FD77CE36691 ] ksthunk         C:\WINDOWS\system32\drivers\ksthunk.sys
13:50:49.0273 0x22ec  ksthunk - ok
13:50:49.0320 0x22ec  [ 71DE1AD9B23661EEC4F2A6EAA5A7D33D, 3219AEF3D6AE5933AE669FD2ED9ED95A8780612E39F31DB3DB9ED6B6244C5F7B ] KtmRm           C:\WINDOWS\system32\msdtckrm.dll
13:50:49.0442 0x22ec  KtmRm - ok
13:50:49.0459 0x22ec  [ 4E444F41E69BBE2E0BAE34D5DFCB5732, ACAEFB839CF7A3113D026B9A715994C3DFF8797D73B991253959EF606C4FBC00 ] L1C             C:\WINDOWS\System32\drivers\L1C63x64.sys
13:50:49.0506 0x22ec  L1C - ok
13:50:49.0575 0x22ec  [ 8BBB2B4429AF340481520C20C17FC5B6, 9E32815349195FC4B1BE213600FD407F2EAEEC8368289EB3E6B769125A739C08 ] LanmanServer    C:\WINDOWS\system32\srvsvc.dll
13:50:49.0660 0x22ec  LanmanServer - ok
13:50:49.0745 0x22ec  [ 1F5D48B1DA1B812BD2411CA44D75DD32, D1BDB8142CB13E8C6DD6F42E07C9D19BBBF6410D5122A04C01B34B95B442DD95 ] LanmanWorkstation C:\WINDOWS\System32\wkssvc.dll
13:50:49.0845 0x22ec  LanmanWorkstation - ok
13:50:49.0892 0x22ec  [ 02C54C5C7EBE371EC0C59795ED22213F, 712AFE0EDF40436124F3FD55ED9B5A3A33A8761A58F4D482BB65229741B1C270 ] lfsvc           C:\WINDOWS\System32\lfsvc.dll
13:50:49.0961 0x22ec  lfsvc - ok
13:50:49.0992 0x22ec  [ 01BF128CC327A2E53898F732AF52B3DB, D62ACDA69D9942F9CEF400874DBB6EAF9811D9657CBFEF89174F88D76BB8D8EA ] LicenseManager  C:\WINDOWS\system32\LicenseManagerSvc.dll
13:50:50.0041 0x22ec  LicenseManager - ok
13:50:50.0077 0x22ec  [ EC34EED89C34B27C292166B725AC7A7B, 58F1BA0CB7743314AC012A82F8CE4072CBDD05D9570C52BC18DC551882F5B1BA ] lltdio          C:\WINDOWS\system32\drivers\lltdio.sys
13:50:50.0146 0x22ec  lltdio - ok
13:50:50.0193 0x22ec  [ 2C23283A0815B048C06D8C0ED76AAD95, 4335546939C1A98CFE9A4403CC82D79CC713439E4DFD1F4760FDD867305151E0 ] lltdsvc         C:\WINDOWS\System32\lltdsvc.dll
13:50:50.0293 0x22ec  lltdsvc - ok
13:50:50.0346 0x22ec  [ CB6365E995F4DB856866500EDD8F61C1, 717ED387F245CAC68217B0F393D7B8AB3805721AB2C4D2D43430FE6E740F0856 ] lmhosts         C:\WINDOWS\System32\lmhsvc.dll
13:50:50.0377 0x22ec  lmhosts - ok
13:50:50.0479 0x22ec  [ 2ED1786B7542CDA261029F6B526EDF44, C6131B65B045EF5B4F62CF6CF089DF0921BA6A8EFC83BCBA45D5DDE78E9D78E2 ] LMS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
13:50:50.0526 0x22ec  LMS - ok
13:50:50.0580 0x22ec  [ 961F28D879D345BFA50AF51285C90F2E, F9931A436651F695B746BC0C07E833D9C9F64126746DF976E691E6CAE26DAC9B ] LSI_SAS         C:\WINDOWS\system32\drivers\lsi_sas.sys
13:50:50.0627 0x22ec  LSI_SAS - ok
13:50:50.0649 0x22ec  [ 6BFB8D1B3407518BE06B6F81F92FA0F5, DE0818DCC0D8D1D30A29AB167C65461A78100ABE2368637CEB9D0ED2B4E88D8E ] LSI_SAS2i       C:\WINDOWS\system32\drivers\lsi_sas2i.sys
13:50:50.0696 0x22ec  LSI_SAS2i - ok
13:50:50.0727 0x22ec  [ BE0E47988D78F731DEC2C0CB03E765CB, CA0015E87A3962611DBF714253FA618A6568346BAE640884432C1D44DE4C8684 ] LSI_SAS3i       C:\WINDOWS\system32\drivers\lsi_sas3i.sys
13:50:50.0780 0x22ec  LSI_SAS3i - ok
13:50:50.0796 0x22ec  [ F99BF02BE9219986817BF094981EEB18, 4303C772366065885C5D937B2E9AC0BF80C84BFB2737716055AD57BF6AADD673 ] LSI_SSS         C:\WINDOWS\system32\drivers\lsi_sss.sys
13:50:50.0849 0x22ec  LSI_SSS - ok
13:50:50.0927 0x22b0  Object send P2P result: true
13:50:50.0927 0x22b0  Object required for P2P: [ 2619DC483579DB9FE804044C1ADFFD1A ] dam
13:50:50.0981 0x22ec  [ FFAA37FBBDD161E8C200C83B40F7872E, 0637B3119FC220CB8E23EE6694A9F1F25CF8D61008B14F6E30FDC17DCF9E077E ] LSM             C:\WINDOWS\System32\lsm.dll
13:50:51.0128 0x22ec  LSM - ok
13:50:51.0166 0x22ec  [ 2FCF837196082864F66CFD9CAB256275, 8BE01C3BCBC1E6E5D1FD7F49E936482E61ACB805F397AB81B8D39C2F0F1083BD ] luafv           C:\WINDOWS\system32\drivers\luafv.sys
13:50:51.0228 0x22ec  luafv - ok
13:50:51.0282 0x22ec  [ 56B24B359838BE86B013C2CFD38BDFC4, 38EA2D320F0CD80E3654AA1A5CA1CCAB1CA5519A562EEE41DC2E5EDF47CEF3F4 ] MapsBroker      C:\WINDOWS\System32\moshost.dll
13:50:51.0329 0x22ec  MapsBroker - ok
13:50:51.0380 0x22ec  [ 2ED29B635F35E31A1C0D3DDB7DD2AD03, F70CC20B98C2DBCD13B0D509D92B3BC3828D1B88F3ACD60C860E163064844181 ] megasas         C:\WINDOWS\system32\drivers\megasas.sys
13:50:51.0427 0x22ec  megasas - ok
13:50:51.0482 0x22ec  [ 22E3CB85870879CBAE13C5095A8B12E3, 5FA5A8EFBA117089CFDBE09743A16BC3A7CC2042C96ABA1F57901747493106BF ] megasr          C:\WINDOWS\system32\drivers\megasr.sys
13:50:51.0598 0x22ec  megasr - ok
13:50:51.0646 0x22ec  [ A6518DCC42F7A6E999BB3BEA8FD87567, 8A9AE992F93F37E0723761EA271A7E1AA8172702C471041A17324474FC96B9BC ] MEIx64          C:\WINDOWS\System32\drivers\HECIx64.sys
13:50:51.0667 0x22ec  MEIx64 - ok
13:50:51.0698 0x22ec  [ F2C23E25636BCA3543E6AD7858E861B7, 0CAB0A037471B4858CE9477E49BF50A5E3E6685E05F8A4BD2D9238551D5073A6 ] MessagingService C:\WINDOWS\System32\MessagingService.dll
13:50:51.0751 0x22ec  MessagingService - ok
13:50:52.0130 0x22ec  [ D41920FBFFF2BBCBBC69A5B383AD022E, E66218A8303422EA10C19BA12343740B9A1A70B11B39E185E805B4F74CD2B75E ] mlx4_bus        C:\WINDOWS\System32\drivers\mlx4_bus.sys
13:50:52.0253 0x22ec  mlx4_bus - ok
13:50:52.0300 0x22ec  [ 64BD0C87064EA20C2D3DC4199F9C239C, ED69706277A58ED2C5F2B1B4E9A4A9C7C20173D46EB57FB31D8B63340BA23193 ] MMCSS           C:\WINDOWS\system32\drivers\mmcss.sys
13:50:52.0353 0x22ec  MMCSS - ok
13:50:52.0384 0x22ec  [ 8D4B46FA84A3A3702EDADD37FAC6EDBA, E3B9E12BD324FE637C365FDC5E490C41889047004D4FC8F7D78339484F2F717B ] Modem           C:\WINDOWS\system32\drivers\modem.sys
13:50:52.0447 0x22ec  Modem - ok
13:50:52.0469 0x22ec  [ 78FEC1BDB168370F131BFBFEA0A04E9D, E07B1BC429C2CFBD6162F89A6502C67A4BAD904ADC05D3505D87A0B2BCE1061B ] monitor         C:\WINDOWS\System32\drivers\monitor.sys
13:50:52.0531 0x22ec  monitor - ok
13:50:52.0569 0x22ec  [ D1CC0833CFBC4222A95CAA5D0C8C78FF, 54F04374C6D3EFF5C1B794C069870458F10757E5773AEE911957089EAF51EC8D ] mouclass        C:\WINDOWS\System32\drivers\mouclass.sys
13:50:52.0616 0x22ec  mouclass - ok
13:50:52.0632 0x22ec  [ C2E05EC6B80BCF5AE362DA873E1BCE64, 4ABE5CA2005A54E92259EDB52205A5C59BDB83026FC0CD7CBB1E3A003C2B535B ] mouhid          C:\WINDOWS\System32\drivers\mouhid.sys
13:50:52.0685 0x22ec  mouhid - ok
13:50:52.0701 0x22ec  [ D5B7668A8F6C67C51FA5C6C513396D6C, 35985AD89344A8464BD78B8DA6A772E4E60A2EB93072AC23673A86EFD0B2270A ] mountmgr        C:\WINDOWS\system32\drivers\mountmgr.sys
13:50:52.0754 0x22ec  mountmgr - ok
13:50:52.0801 0x22ec  [ FC9A9C09B35A93F76A03D5E355FA862C, B7ED57B9D39D547BA2927FC5F02C2475BF131FDB8AD40FFDE72C966506756B56 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
13:50:52.0854 0x22ec  MozillaMaintenance - ok
13:50:52.0870 0x22ec  [ 5FBCB85D127BE21E3A9DAF11A13C00EA, D00AB99CC813E26B0BD2D39161D4138AB89A06B3E3A28712F2D5BCA60905BEC4 ] mpsdrv          C:\WINDOWS\system32\drivers\mpsdrv.sys
13:50:52.0955 0x22ec  mpsdrv - ok
13:50:53.0071 0x22ec  [ 0B28F2ACE5103586D322AD98FAA01309, CE3053DEB6E452C6DCDFD371CF113EB0D740DED6C1C537CB749D1BE5E97FAB09 ] MpsSvc          C:\WINDOWS\system32\mpssvc.dll
13:50:53.0202 0x22ec  MpsSvc - ok
13:50:53.0255 0x22ec  [ 2B9A1FF2450BAF7A795941BE471F16EF, DD213BACDAE4E3C4F89BFE54BCE77B2F66D12AA85949147AE8A31049876CAA3E ] MQAC            C:\WINDOWS\system32\drivers\mqac.sys
13:50:53.0333 0x22ec  MQAC - ok
13:50:53.0371 0x22ec  [ BF6CA7EA5ECD6CF72D3D76652A9B8280, 8EC031D0D8E75CB583B129CBA518701097697498621307108388FA05FBF604BB ] MRxDAV          C:\WINDOWS\system32\drivers\mrxdav.sys
13:50:53.0456 0x22ec  MRxDAV - ok
13:50:53.0518 0x22ec  [ 0B3B0C1D86050355676640488FA897D3, DBED9D6F7AAFB11F4C00C1F69DB7A887A3058E5FA66615A1640242439822B60C ] mrxsmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
13:50:53.0618 0x22ec  mrxsmb - ok
13:50:53.0656 0x22ec  [ 1A490555FD330CA2764D89191177C867, 1004AE2F80BEA9A6DBA3E6B5D2DDFA44FBA253F7137D60B000B094699DE1CB12 ] mrxsmb10        C:\WINDOWS\system32\DRIVERS\mrxsmb10.sys
13:50:53.0757 0x22ec  mrxsmb10 - ok
13:50:53.0819 0x22ec  [ 0F47A6C09F0A7FB5513D322A2B9BE4EC, 00A17CB55D232E11F3D24D0B43FE4FA9E55F7EF5E5607B26ED84C13108AAC4FA ] mrxsmb20        C:\WINDOWS\system32\DRIVERS\mrxsmb20.sys
13:50:53.0872 0x22ec  mrxsmb20 - ok
13:50:53.0935 0x22ec  [ A4411C522D41707D5BCA817A5BB9E30B, EF7505BE475ECAB2B5E66A7419EDAF42A7E7A65BAD3BBE346A8CEE5DD69782CC ] MsBridge        C:\WINDOWS\system32\drivers\bridge.sys
13:50:54.0008 0x22ec  MsBridge - ok
13:50:54.0077 0x22ec  [ 807A6636828E5F43C10A01474B8907EE, F275645F4F0D0A796C33C03EA7FA563A0B890AB3A93E5F99C5EA166F91D249B1 ] MSDTC           C:\WINDOWS\System32\msdtc.exe
13:50:54.0140 0x22ec  MSDTC - ok
13:50:54.0178 0x22ec  [ D123343DDB02E372B02BF2C4293F835F, 8E02D9F7E5DA717B64538444B3FE1C55AA4B0F26F51DA20947E971D27EA09D12 ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
13:50:54.0225 0x22ec  Msfs - ok
13:50:54.0278 0x22ec  [ B3358F380BA3F29F56BE0F7734C24D5F, 229D9E72C429AC51BF6E7C8306218620CB1AA50FE39BA6C11ED0F643E7AF90E5 ] msgpiowin32     C:\WINDOWS\System32\drivers\msgpiowin32.sys
13:50:54.0309 0x22ec  msgpiowin32 - ok
13:50:54.0341 0x22ec  [ B2044D5D125F249680508EC0B2AAEFAC, 9631FF42DA5A7CEE1F2607AA8972EF0A67616F0EEEBC95F97B1C8F5A577ED5C4 ] mshidkmdf       C:\WINDOWS\System32\drivers\mshidkmdf.sys
13:50:54.0378 0x22ec  mshidkmdf - ok
13:50:54.0394 0x22ec  [ 36ABE7FC80BED4FE44754AE5CFB51432, FB89DF3A50C52B69D4E831A370157D1901810093A0D7D7120A120FC5C6E14BF5 ] mshidumdf       C:\WINDOWS\System32\drivers\mshidumdf.sys
13:50:54.0394 0x22b0  Object send P2P result: true
13:50:54.0425 0x22b0  Object required for P2P: [ 9A2A2F3C69B9A30B6E78536F6D258BAD ] iai2c
13:50:54.0463 0x22ec  mshidumdf - ok
13:50:54.0479 0x22ec  [ 59307FEAFC9E72EEEC56B7FD7D294F4C, 56576635870FC68980977FFA0E7F8E8D69A7981DECF5B52D0B2A82E3BA6685EA ] msisadrv        C:\WINDOWS\system32\drivers\msisadrv.sys
13:50:54.0525 0x22ec  msisadrv - ok
13:50:54.0579 0x22ec  [ 236A38F5CB0A23BF0ACCD70ED0BD7F70, 8106B528458E6C8E4437D9064D58F10FF195E67CD308AEBBD5F860AD2D59DCC4 ] MSiSCSI         C:\WINDOWS\system32\iscsiexe.dll
13:50:54.0641 0x22ec  MSiSCSI - ok
13:50:54.0664 0x22ec  msiserver - ok
13:50:54.0679 0x22ec  [ E9457EDFEBC774199F907395C6D09CA2, C3655CE83F4AD1258382722E9A99C33FDD3AA40B62CFEB8DFDD141E254E6DCE2 ] MSKSSRV         C:\WINDOWS\system32\DRIVERS\MSKSSRV.sys
13:50:54.0726 0x22ec  MSKSSRV - ok
13:50:54.0760 0x22ec  [ C85D79735641D27C5821C35ECDDC2334, C1BAFD98122B04665870171C143EC119181351D10777A83680A63BF305703FF3 ] MsLldp          C:\WINDOWS\system32\drivers\mslldp.sys
13:50:54.0826 0x22ec  MsLldp - ok
13:50:54.0864 0x22ec  [ 30130E99810283026C5FA2F57A4BB488, 3CF97CC2F63A7CDEA19C8B2DD73EED161309A7C334FF80567C18423F2DA34249 ] MSMQ            C:\WINDOWS\system32\mqsvc.exe
13:50:54.0927 0x22ec  MSMQ - ok
13:50:54.0960 0x22ec  [ EF75184B64356850D0F04D049C253526, 325476F53372BD70201347F044C8EFEC0DB939E1926454B6DCC0CF7864969650 ] MSPCLOCK        C:\WINDOWS\system32\DRIVERS\MSPCLOCK.sys
13:50:55.0011 0x22ec  MSPCLOCK - ok
13:50:55.0043 0x22ec  [ 543933D166C618E7588EA77707EC1683, 84A65D277E28FDD7CE2345188891093AC88B577E4C528AD39AB629E341199688 ] MSPQM           C:\WINDOWS\system32\DRIVERS\MSPQM.sys
13:50:55.0096 0x22ec  MSPQM - ok
13:50:55.0143 0x22ec  [ 182711E9DDF70121A20EBB61B2DFB9E8, 70606503F6280EA3175B9AEC8370A8F461575755DA86EF6E9C9D04EAD61481FA ] MsRPC           C:\WINDOWS\system32\drivers\MsRPC.sys
13:50:55.0228 0x22ec  MsRPC - ok
13:50:55.0243 0x22ec  [ E887FFDD6734C496407E9219225CB6FF, 0EC9A79224BCE5D0A782E62CC38E3494E8FB65DFC07C66D25C5A1A351121C27D ] mssmbios        C:\WINDOWS\System32\drivers\mssmbios.sys
13:50:55.0281 0x22ec  mssmbios - ok
13:50:55.0312 0x22ec  [ 83A2AB75951000D681FABDB80C07AEFC, 3B2F582F097E3F934C4587B27CB05525350F36924B74CA6BCD364878FA8EC273 ] MSTEE           C:\WINDOWS\system32\DRIVERS\MSTEE.sys
13:50:55.0364 0x22ec  MSTEE - ok
13:50:55.0381 0x22ec  [ 4FA0483896FC16583851EFB733FCB083, BB59243ABE32FBE92EC1B04D24239BE2DF7C2354A407C2EFF97623F07DCBDA35 ] MTConfig        C:\WINDOWS\System32\drivers\MTConfig.sys
13:50:55.0428 0x22ec  MTConfig - ok
13:50:55.0443 0x22ec  [ 60F88248608315E13391C2F1C3B4473F, 99E8B74118A01FC281A1C6B323EFD1A8EA1997B81A013442205066F55327D555 ] Mup             C:\WINDOWS\system32\Drivers\mup.sys
13:50:55.0497 0x22ec  Mup - ok
13:50:55.0528 0x22ec  [ 218705233D02776AE4D19CC37D985C1B, 3D92925867B6B8FFAF78E4080139DCB3D45E1E6E1D0AFB6A4FE248B002BD8471 ] mvumis          C:\WINDOWS\system32\drivers\mvumis.sys
13:50:55.0566 0x22ec  mvumis - ok
13:50:55.0644 0x22ec  [ AA4CD20708B7E0412A5316D7E2875103, 4E60A0865B7656735F3AB34AF5FE48304138F47DE961D4D16661617D711DEBC0 ] NativeWifiP     C:\WINDOWS\system32\DRIVERS\nwifi.sys
13:50:55.0766 0x22ec  NativeWifiP - ok
13:50:55.0813 0x22ec  [ A340A4B27CC7DEDDF953B7E2C9699747, 4C5AB23BD0C69B17E9BD29CAFEDC100A6EFC78BAB645B007FCAE4318C459D345 ] NcaSvc          C:\WINDOWS\System32\ncasvc.dll
13:50:55.0898 0x22ec  NcaSvc - ok
13:50:55.0945 0x22ec  [ 24146738C422814EEB2A98FF1FC5C6E1, 3C70C6768681CE63DED339822EFB36194037B987D92456B9E955061A3A3C63BC ] NcbService      C:\WINDOWS\System32\ncbservice.dll
13:50:56.0044 0x22ec  NcbService - ok
13:50:56.0082 0x22ec  [ 476466DC3AB2327E2DBFAEC11798E2EE, 9ACD74720664CF3F239601DF0BE80AC443AF0FBF666CBB8509169364FB22B95D ] NcdAutoSetup    C:\WINDOWS\System32\NcdAutoSetup.dll
13:50:56.0198 0x22ec  NcdAutoSetup - ok
13:50:56.0245 0x22ec  [ B57CE307DA101C739885B7CC0678077F, F7F45DB6D306060F0FE0E59F39C3B95F6A9B6173930F22C5C41B2003895D6642 ] ndfltr          C:\WINDOWS\System32\drivers\ndfltr.sys
13:50:56.0283 0x22ec  ndfltr - ok
13:50:56.0414 0x22ec  [ E582DA849A58524E645545FB68B6625D, B74E2CF078F6C575EFC4A2E4293D03FE6BA933307D656E0E57FFA17EF324948D ] NDIS            C:\WINDOWS\system32\drivers\ndis.sys
13:50:56.0575 0x22ec  NDIS - ok
13:50:56.0637 0x22ec  [ 202260E7CDD731A32AF62ABD1ABEE008, 0E019FAE09B2659CC3267756DB962CCD69172BA67E3288B491F7B455287A5392 ] NdisCap         C:\WINDOWS\system32\drivers\ndiscap.sys
13:50:56.0716 0x22ec  NdisCap - ok
13:50:56.0738 0x22ec  [ A1D473D0CF10561F29B58EA7C5412A92, 3DBFC1D769E03E30C87FF4F30A9B523A69A7E0CD4EB87F8A9ECE190FEB84C569 ] NdisImPlatform  C:\WINDOWS\system32\drivers\NdisImPlatform.sys
13:50:56.0818 0x22ec  NdisImPlatform - ok
13:50:56.0838 0x22ec  [ 1A0AE283B8DE6BB76412A0F8213D45AC, 91AFFDC7A9277EB59CD54021049BEA715078F90470B8A12F3E9F1386DF068D2D ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
13:50:56.0901 0x22ec  NdisTapi - ok
13:50:56.0954 0x22ec  [ A74EE2D2C0BFF5EC3A6185791868C4CA, A346320DEBEAE890575B4C6594FB3A3A9890A0E86881ADD8376E442282C88D38 ] Ndisuio         C:\WINDOWS\system32\drivers\ndisuio.sys
13:50:57.0023 0x22ec  Ndisuio - ok
13:50:57.0039 0x22ec  [ 32A9BD1342640D48AD85C8B3E812B984, B702B05A0180472139B35B105DD3B6B6F75AEDC9DD1EE342FB576259076455AE ] NdisVirtualBus  C:\WINDOWS\System32\drivers\NdisVirtualBus.sys
13:50:57.0086 0x22ec  NdisVirtualBus - ok
13:50:57.0124 0x22ec  [ 6A6A8CF5EE61801375A38EBB871D4057, AE8EFF18D82BBE83101B380189A6889822891A993EB865E2E81C1D2F60B77C4C ] NdisWan         C:\WINDOWS\System32\drivers\ndiswan.sys
13:50:57.0219 0x22ec  NdisWan - ok
13:50:57.0240 0x22ec  [ 6A6A8CF5EE61801375A38EBB871D4057, AE8EFF18D82BBE83101B380189A6889822891A993EB865E2E81C1D2F60B77C4C ] ndiswanlegacy   C:\WINDOWS\system32\DRIVERS\ndiswan.sys
13:50:57.0323 0x22ec  ndiswanlegacy - ok
13:50:57.0340 0x22ec  [ 50AEF8EF0064A91ABB08D858D039C9DE, 16F1CBE1EC3778D157CC054261068C8D7F8A72D85853CB70178F8DF81D238C8F ] ndproxy         C:\WINDOWS\system32\DRIVERS\NDProxy.sys
13:50:57.0402 0x22ec  ndproxy - ok
13:50:57.0424 0x22ec  [ D358DF634F52247CB43F0781218F4D6E, D375E9E681551467FC5F7AB2AC053C9F22AAC541C0BCBA57090211F45009342C ] Ndu             C:\WINDOWS\system32\drivers\Ndu.sys
13:50:57.0503 0x22ec  Ndu - ok
13:50:57.0523 0x22ec  [ 026618ECF6C4BEBDCB7885D42EC0DBE4, 8E7E13361DCF8748FA3AD518B3DE0A3DCE932316EE32E5529E75785BC5395AD1 ] NetBIOS         C:\WINDOWS\system32\drivers\netbios.sys
13:50:57.0556 0x22ec  NetBIOS - ok
13:50:57.0603 0x22ec  [ F51C02D992A8D6BC5EC4D990F227D4C7, DBBDA422BFA82219403689637BE8D6B0D0A893895143E807FA5A007C166454CB ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
13:50:57.0672 0x22ec  NetBT - ok
13:50:57.0703 0x22ec  [ 889459F1FDDC5EC58B437AA6C436F33F, 8ACC32C88D81943A8A90FDAF4772C3EDE06CAB5F489F59525BEA7AAB99DAAE73 ] Netlogon        C:\WINDOWS\system32\lsass.exe
13:50:57.0741 0x22ec  Netlogon - ok
13:50:57.0825 0x22ec  [ 7FD4C3D32DAE890608F44074A3437CD8, 5B7D9E9AEE26896B818F3C5DBE4C96A33D43CE2CF7716B95AAB7203611C03BFE ] Netman          C:\WINDOWS\System32\netman.dll
13:50:57.0903 0x22b0  Object send P2P result: true
13:50:57.0903 0x22b0  Object required for P2P: [ 59A20F5AD9F4AE54098154359519408E ] iaLPSS2i_I2C
13:50:57.0926 0x22ec  Netman - ok
13:50:58.0026 0x22ec  [ 9E9BEB22644CE1DA521A1D7821BF891F, 5480D52AE1942205B513F916DBCBF5B5F2FFF92D927F4E598FBA618E75BBC2E9 ] NetMsmqActivator C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:50:58.0126 0x22ec  NetMsmqActivator - ok
13:50:58.0157 0x22ec  [ 9E9BEB22644CE1DA521A1D7821BF891F, 5480D52AE1942205B513F916DBCBF5B5F2FFF92D927F4E598FBA618E75BBC2E9 ] NetPipeActivator C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:50:58.0189 0x22ec  NetPipeActivator - ok
13:50:58.0273 0x22ec  [ A059F75402710535A90A8D043674A514, E98536DF74A2B75FDBA6B866DC1909544292DFE5E14F984941470FBA6E8D810C ] netprofm        C:\WINDOWS\System32\netprofmsvc.dll
13:50:58.0405 0x22ec  netprofm - ok
13:50:58.0458 0x22ec  [ 9C6EE1DE9CF7B77FF550A737816EB6DB, 586D561E1A318778668D148B8367D1F7452E770D1743ED5F8EE6EAB03DB31916 ] NetSetupSvc     C:\WINDOWS\System32\NetSetupSvc.dll
13:50:58.0543 0x22ec  NetSetupSvc - ok
13:50:58.0574 0x22ec  [ 9E9BEB22644CE1DA521A1D7821BF891F, 5480D52AE1942205B513F916DBCBF5B5F2FFF92D927F4E598FBA618E75BBC2E9 ] NetTcpActivator C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:50:58.0605 0x22ec  NetTcpActivator - ok
13:50:58.0643 0x22ec  [ 9E9BEB22644CE1DA521A1D7821BF891F, 5480D52AE1942205B513F916DBCBF5B5F2FFF92D927F4E598FBA618E75BBC2E9 ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:50:58.0674 0x22ec  NetTcpPortSharing - ok
13:50:59.0520 0x22ec  [ 272BB8C52BE106B5CC69171AF1D281D4, 3D65A772C15440DF5895843185241D890CCDECA0E02DD6CF32CCB9B5849E31A4 ] NETwNs64        C:\WINDOWS\System32\drivers\Netwsw00.sys
13:51:01.0120 0x22ec  NETwNs64 - ok
13:51:01.0232 0x22ec  [ 0FB83658FBB2C5A18AB98C5C94DB9FAF, 2D15A49F47D8185D7914D26916D1237FCBE2F8351A64877CDDDDE26E766C3D2F ] NgcCtnrSvc      C:\WINDOWS\System32\NgcCtnrSvc.dll
13:51:01.0333 0x22ec  NgcCtnrSvc - ok
13:51:01.0370 0x22b0  Object send P2P result: true
13:51:01.0386 0x22ec  [ 7AAA9916AA10F4B0E9743798A5BA6549, 2E38EEF3F487A7DD0B719A048FFA0EB36B2487A1068BB322553E9DD2FCE46711 ] NgcSvc          C:\WINDOWS\system32\ngcsvc.dll

Da der Logfile nicht in einen Beitrag passt, hier der erste Teil. Der 2. Teil kommt gleich.

Librarios · 17.05.2016, 13:14

Code:

ATTFilter

13:51:01.0533 0x22ec  NgcSvc - ok
13:51:01.0602 0x22ec  [ 1B8F07B59F7DAE02264FB8A16088C467, 1795DA9F72C34A9F47D9AAF5E95D40C3296948EB89D9600679AB4660671A5C65 ] NlaSvc          C:\WINDOWS\System32\nlasvc.dll
13:51:01.0718 0x22ec  NlaSvc - ok
13:51:01.0772 0x22ec  [ 465DC580170CD844206D7E3EF1DBF2A1, 5A14001029BE154C708CCA34449B280905DB79978FC7F0BE0CF20B20E47752CF ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
13:51:01.0834 0x22ec  Npfs - ok
13:51:01.0872 0x22ec  [ 29395C214D2CD4C81F73166AB988A797, 3631EB2EA17E455ECD151C0BC9A3DF6EC87C75B15DC9B607CFB68D7C463E04B7 ] npsvctrig       C:\WINDOWS\System32\drivers\npsvctrig.sys
13:51:01.0951 0x22ec  npsvctrig - ok
13:51:01.0971 0x22ec  [ AF8B7848E102A83AAECCD24B181CEBE5, B2AAE3567EE3A7975CDFCB3FE41D33C74D4486BFF35FF56E0516A01C744BA52B ] nsi             C:\WINDOWS\system32\nsisvc.dll
13:51:02.0020 0x22ec  nsi - ok
13:51:02.0035 0x22ec  [ 2871225495F832A8C8A7DD1A17EDB3DC, 2F6664C7F5FB2341B2AAF3C5A258FA0D7AEEE447562D7F39FD5A4EE905C18C6D ] nsiproxy        C:\WINDOWS\system32\drivers\nsiproxy.sys
13:51:02.0073 0x22ec  nsiproxy - ok
13:51:02.0274 0x22ec  [ 19BD8A88AAC580592668B070AC0727D9, 60DB84895C40E6412BEB2D0E4D7F05891446B9DE992D70579CC90BA3FB27FC01 ] NTFS            C:\WINDOWS\system32\drivers\NTFS.sys
13:51:02.0537 0x22ec  NTFS - ok
13:51:02.0574 0x22ec  [ 6DBD703320484C37CEA9E4E2D266A8CE, 85D6F73C0E3FDE16829C9BC0D13DD89E64183EAE02F84607F6B8440CB7F366E6 ] Null            C:\WINDOWS\system32\drivers\Null.sys
13:51:02.0621 0x22ec  Null - ok
13:51:03.0447 0x22ec  [ DF0BB2C179476D312B7BC0056CEC50A6, 64CC3201FA903E0EC9C99BE167C439C14A4C9AC2A88898B64789EEB381DB97B6 ] nvlddmkm        C:\WINDOWS\system32\DRIVERS\nvlddmkm.sys
13:51:04.0583 0x22ec  nvlddmkm - ok
13:51:04.0639 0x22ec  [ 2328DC3622412EE112868645DA013075, 361A3D2FDE53F5EAF3068A64F7848020C62B256C3F08BE5F863544A0747DD2D6 ] nvpciflt        C:\WINDOWS\system32\DRIVERS\nvpciflt.sys
13:51:04.0654 0x22ec  nvpciflt - ok
13:51:04.0701 0x22ec  [ 604D27CC38CC23493F218D0BB834B3FF, EF5E5759CCF16DD97271C82DAF47FB2086EBCA5DE7D05177B70CA1197B95F41E ] nvraid          C:\WINDOWS\system32\drivers\nvraid.sys
13:51:04.0738 0x22ec  nvraid - ok
13:51:04.0770 0x22ec  [ 8B50D897657AB4A15FD9E251BBF7D107, 36036130DD46D9BF105AC7176E219F3BE7D1168A660A0F8DFF76F61FBFA4B417 ] nvstor          C:\WINDOWS\system32\drivers\nvstor.sys
13:51:04.0839 0x22ec  nvstor - ok
13:51:04.0955 0x22ec  [ DFCCA437717EACA8418F47992A41B39A, E587A629B894EE6A16AC414747D492FFC6B6E9F051B40F7D25F0D4406E2FF919 ] nvsvc           C:\WINDOWS\system32\nvvsvc.exe
13:51:05.0102 0x22ec  nvsvc - ok
13:51:05.0340 0x22ec  [ 03AA7307C0D92D38D7AF90E181736B8D, 9484B09BDCC143C22A70C4C02CB619FB1C9922238C045B406620425F041A1920 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
13:51:05.0580 0x22ec  nvUpdatusService - ok
13:51:05.0623 0x22ec  [ 31F990B2B6B91E9D7A667405CE12FCB1, 907E095D1E83CDAFF34BE789FC41CDD7BB4DEE23261E1D03C1CF0D4D030534AC ] nv_agp          C:\WINDOWS\system32\drivers\nv_agp.sys
13:51:05.0672 0x22ec  nv_agp - ok
13:51:05.0745 0x22ec  [ 7F3A0D052B8E00E730316210B1DD092F, 14BD026EA759F6C81ED6B4DBB04E0584B7F6456725503FC73CD4347B7743005F ] OneSyncSvc      C:\WINDOWS\System32\APHostService.dll
13:51:05.0845 0x22ec  OneSyncSvc - ok
13:51:06.0177 0x22ec  [ D21292345D9791CAFF94B960E574E206, 78961043FC24810D45E824320A682F037CC26D7FF7178F7ECB03C9A574BDD318 ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:51:06.0231 0x22ec  ose - ok
13:51:06.0673 0x22ec  [ FE9C0029E1AF26350D9985D00520E5C8, 967079CCF7B2CBD4B48C9F076675C26AF93A1CEC26C96811F279414E34004EE6 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
13:51:07.0403 0x22ec  osppsvc - ok
13:51:07.0500 0x22ec  [ 334131C162B118EF49930D41B0E17825, 10EF08870B6E118AED2E0E3F45E06BA8A485439823BE98F44E34E7D2B65AA2EF ] p2pimsvc        C:\WINDOWS\system32\pnrpsvc.dll
13:51:07.0599 0x22ec  p2pimsvc - ok
13:51:07.0651 0x22ec  [ 4A5634915AF62C983E08425905D0C04C, 09BC3F7AD9F79C5FF59520933D06FE155AC21CD0ABAFE66B81C9F87D83A2339F ] p2psvc          C:\WINDOWS\system32\p2psvc.dll
13:51:07.0767 0x22ec  p2psvc - ok
13:51:07.0835 0x22ec  [ 7D0FC96264C0F8F2C1321E33E8EB646C, 82A06437B9B096BCCF5CE31BDF3539696E2E41DFA9870C358566EEE2F7D3B447 ] Parport         C:\WINDOWS\System32\drivers\parport.sys
13:51:07.0882 0x22ec  Parport - ok
13:51:07.0920 0x22ec  [ 24AC0FD10325FBC2303B29A5F237AEB0, D94B26A36EBE4EFE8EA270FA6600811206830480BE953809F74FAB80628DF879 ] partmgr         C:\WINDOWS\system32\drivers\partmgr.sys
13:51:07.0967 0x22ec  partmgr - ok
13:51:08.0051 0x22ec  [ 0ECA2ADD5FBCE73183A68935C71B40B7, 08CC5F2F10D1DD1A1396CC29196314003491D3AF3DE59CADB281F252577F1860 ] PcaSvc          C:\WINDOWS\System32\pcasvc.dll
13:51:08.0151 0x22ec  PcaSvc - ok
13:51:08.0204 0x22ec  [ CFFE69B6C276A3418687109EA8AC9E7D, A516B2F4BFB0CD8B38219E3BF783C0BD99CD9EA1BACBE2284987F6DC0976BD36 ] pci             C:\WINDOWS\system32\drivers\pci.sys
13:51:08.0283 0x22ec  pci - ok
13:51:08.0320 0x22ec  [ 2B4D98DF0CA57FB9536DBC80D2449D1F, AB34FA8585A20854369C0FAEB18BF5C7734D7E3C791F644B0576E40D609FCD09 ] pciide          C:\WINDOWS\system32\drivers\pciide.sys
13:51:08.0367 0x22ec  pciide - ok
13:51:08.0405 0x22ec  [ F4D5793BF2E58AF15C6CF2FEEF9E73EB, 9B5A40AF8838063F8F0A2B1480B39A2711AAE78BD972CDA60CCA0EB2BA211A87 ] pcmcia          C:\WINDOWS\system32\drivers\pcmcia.sys
13:51:08.0452 0x22ec  pcmcia - ok
13:51:08.0467 0x22ec  [ 22A53744CEEADFFFD33BA010FAD95229, 30B775EC9795105B8BF785BD63115C160955E7EFF74B995D3EC288138D1825A3 ] pcw             C:\WINDOWS\system32\drivers\pcw.sys
13:51:08.0505 0x22ec  pcw - ok
13:51:08.0537 0x22ec  [ 67B9684B8272D5EBD1CCBB1DBD425EC8, 09BE2A2EB3A71E594D08B8D817820965DEEAD283029EBB0B74CCC658A2706233 ] pdc             C:\WINDOWS\system32\drivers\pdc.sys
13:51:08.0583 0x22ec  pdc - ok
13:51:08.0684 0x22ec  [ E2F8376F9731D12A009C522036C6073A, 5B8B68D3C013AAA8ED368C97042984C35E8D023542DBA404E7A03E89F2357E66 ] PEAUTH          C:\WINDOWS\system32\drivers\peauth.sys
13:51:08.0853 0x22ec  PEAUTH - ok
13:51:08.0903 0x22ec  [ 1398A85E59698067CBBE1D66A9C13ADF, E3609F183068BFAED756B2F9237181D60A6F6D78691248B8BF5B0AEB6A367E3D ] percsas2i       C:\WINDOWS\system32\drivers\percsas2i.sys
13:51:08.0937 0x22ec  percsas2i - ok
13:51:08.0969 0x22ec  [ 35F7C7AD709D909D618D9EDF987FC3ED, EE713E33688E74C5A2546CC58EBD8EA8F8116F25E42DCF8DA21DCBC7C7590E0E ] percsas3i       C:\WINDOWS\system32\drivers\percsas3i.sys
13:51:09.0022 0x22ec  percsas3i - ok
13:51:09.0168 0x22ec  [ 0DAF7B7D85F7AF38E29161460899C63F, F2609F2BD02C714857F5D5E6EF580643429C54E175AA72D38467F8F3A4E7F59F ] PerfHost        C:\WINDOWS\SysWow64\perfhost.exe
13:51:09.0222 0x22ec  PerfHost - ok
13:51:09.0338 0x22ec  [ 57606281E23B0F53347527691E947B2B, 7030182E706CEBE6BD52BDC71CA8F2230AD445AE6554188E76F09A5E2612BD2E ] PhoneSvc        C:\WINDOWS\System32\PhoneService.dll
13:51:09.0506 0x22ec  PhoneSvc - ok
13:51:09.0538 0x22ec  [ 04F7878E7017105AB782353231561749, FB2811D98216720D4FDF0AC0EDF16C6CD33D7224B4CAFA752B4D2A839E6DD88A ] PimIndexMaintenanceSvc C:\WINDOWS\System32\PimIndexMaintenance.dll
13:51:09.0623 0x22ec  PimIndexMaintenanceSvc - ok
13:51:10.0008 0x22ec  [ A546F72EFFE5CBBC98003A0CA19DA0F8, 89AE396676A37D851F46427E421E8E8ED5B4BADC33023F1E215CC352A4110F44 ] pla             C:\WINDOWS\system32\pla.dll
13:51:10.0302 0x22ec  pla - ok
13:51:10.0355 0x22ec  [ 15BA68662CED4B0618010A54478E18E5, 1B913BFA7AA11F3A82D80E95FC4857B810D341F9E68545710F90EBE44DAC1DF8 ] PlugPlay        C:\WINDOWS\system32\umpnpmgr.dll
13:51:10.0440 0x22ec  PlugPlay - ok
13:51:10.0471 0x22ec  [ 6BF7093B27EA90FD9222845D19C1BE5F, CF8A6764BB6B369258F21FD303E4CAE08632195620A0BD66B62F62F5D7B762B8 ] PNRPAutoReg     C:\WINDOWS\system32\pnrpauto.dll
13:51:10.0509 0x22ec  PNRPAutoReg - ok
13:51:10.0556 0x22ec  [ 334131C162B118EF49930D41B0E17825, 10EF08870B6E118AED2E0E3F45E06BA8A485439823BE98F44E34E7D2B65AA2EF ] PNRPsvc         C:\WINDOWS\system32\pnrpsvc.dll
13:51:10.0672 0x22ec  PNRPsvc - ok
13:51:10.0740 0x22ec  [ 5A91C28F99043215121499257468C4BD, 816D2AEBA29B8A050747E01CE11EB12A05C1CDDF91835C44BBB6A7B9D348B15A ] PolicyAgent     C:\WINDOWS\System32\ipsecsvc.dll
13:51:10.0856 0x22ec  PolicyAgent - ok
13:51:10.0908 0x22ec  [ AE3B1056FC1795F18D990C4908A6ECBF, 1C41F7714EBF54DF358D9B19D6AFE7281D3EABE20038B568A12031B76E1D50D9 ] Power           C:\WINDOWS\system32\umpo.dll
13:51:10.0972 0x22ec  Power - ok
13:51:11.0026 0x22ec  [ 5BA6B9AD03B81546BA64E488C4EF9D17, C43442577685FA1A7C32094B2F14FC92BA6B511FD9FDBA6FD82473A1B165FC61 ] PptpMiniport    C:\WINDOWS\System32\drivers\raspptp.sys
13:51:11.0108 0x22ec  PptpMiniport - ok
13:51:11.0435 0x22ec  [ 959F94AD1255BC749884EDDD14EC29C4, 2CD6DA9778EA36FA0B4080F6DB1C634712238E014E47546403CD3CDB35A1DCA8 ] PrintNotify     C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll
13:51:11.0869 0x22ec  PrintNotify - ok
13:51:12.0018 0x22ec  [ 21AECFF3EB5748CBE12538A2500EFDE5, A1679F21363E99E3698B9C6F7E7E3BB2877D47089BC381AF0C51B1DD8B24325B ] Processor       C:\WINDOWS\System32\drivers\processr.sys
13:51:12.0072 0x22ec  Processor - ok
13:51:12.0134 0x22ec  [ 7E0078F1EFEB6F8F47CF85C1D73C7EBC, 831BC3CE72F29AD259DEE7121D6F785CE0A8462CFB69DD7FB1F3BDAF16CDBF3E ] ProfSvc         C:\WINDOWS\system32\profsvc.dll
13:51:12.0219 0x22ec  ProfSvc - ok
13:51:12.0254 0x22ec  [ 596FB6C5A72F34B7566930985E543806, 870B43783DB4CF845FA72BC5E40CE76BE6DFC66FE9E9B4B0A52D6B7FE7EA65FC ] Psched          C:\WINDOWS\system32\drivers\pacer.sys
13:51:12.0304 0x22ec  Psched - ok
13:51:12.0356 0x22ec  [ D8EB393983B644879DE0546122CC16DF, 4A11DDFB016B560E770660183AF1ADA4831D97DAEAF560E60259F81F2727CBFC ] ptun0901        C:\WINDOWS\System32\drivers\ptun0901.sys
13:51:12.0388 0x22ec  ptun0901 - ok
13:51:12.0457 0x22ec  [ E84F66BA185934C166F8DF0FA8F88455, 2E0380E98DA29B3F43FB3FE0E1ECA52B3C9AEF54CE982D5514F70FAE81758449 ] QWAVE           C:\WINDOWS\system32\qwave.dll
13:51:12.0556 0x22ec  QWAVE - ok
13:51:12.0604 0x22ec  [ CFBA9C976CBF6796E5DC39EF59984021, A1C956AD828FC70ED92D702516E0F88A4BDAF8C93C571D7CA20F1695FD8E70C2 ] QWAVEdrv        C:\WINDOWS\system32\drivers\qwavedrv.sys
13:51:12.0635 0x22ec  QWAVEdrv - ok
13:51:12.0657 0x22ec  [ 7B2AD8C55217B514C14281AB97B4E21D, A1E295897B864B9C0177FF1C502EB060084A1783C0E7E53636291F901C2E2AA8 ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
13:51:12.0704 0x22ec  RasAcd - ok
13:51:12.0757 0x22ec  [ E15A9CE1E2E7D1C8DF97A4FC1FFE6289, 44B53418D6BC51ACC567CF6917A0981889B44AE420489C9C03F5A30418B37267 ] RasAgileVpn     C:\WINDOWS\System32\drivers\AgileVpn.sys
13:51:12.0820 0x22ec  RasAgileVpn - ok
13:51:12.0873 0x22ec  [ D60BA4C76D194472D6602FF3D2D51ADE, 01272663897685C75FFBC3F1C0CFDB8D0E1A58182049E0B607D634536A8F6400 ] RasAuto         C:\WINDOWS\System32\rasauto.dll
13:51:12.0955 0x22ec  RasAuto - ok
13:51:13.0005 0x22ec  [ E3C82823B22463BC38AA4F8ADA852624, FF601B117F4003E2CC65B6143C2A270331EB257EE82B3BC020247D1AB1CD625F ] Rasl2tp         C:\WINDOWS\System32\drivers\rasl2tp.sys
13:51:13.0089 0x22ec  Rasl2tp - ok
13:51:13.0174 0x22ec  [ 3655D86C5E2982B131FC0935DE24F98F, 0386B31FECDDED77450609A807097B2307361CB59B236DEC41037BDC95897463 ] RasMan          C:\WINDOWS\System32\rasmans.dll
13:51:13.0337 0x22ec  RasMan - ok
13:51:13.0375 0x22ec  [ 3369023EB5790A75BA7DABA14B75D922, 36B63D5B74FDC932AAF1A876514024602D2F3EAF2CA33D1247CBA1E52FDB0418 ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
13:51:13.0422 0x22ec  RasPppoe - ok
13:51:13.0475 0x22ec  [ 1E32A8CD65C4AD0A827CFEB13034DA29, 5D9A92E13020D994CCD39F701BACAFE2177A40A9CC89649441B91E3F3DECD911 ] RasSstp         C:\WINDOWS\System32\drivers\rassstp.sys
13:51:13.0537 0x22ec  RasSstp - ok
13:51:13.0591 0x22ec  [ 2B648363E4C5E34B469C58596F377DD9, 30F82770468BBA562CEA0E9E39B24ACEFBE022343D0180C82E2ACE8957B73E44 ] rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
13:51:13.0691 0x22ec  rdbss - ok
13:51:13.0738 0x22ec  [ D0221C13960E274CC539D72D5A842ED0, A5A961506B9D7429D97D0635FD69E74736C0E8405487E1D22BB5CD978A60044C ] rdpbus          C:\WINDOWS\System32\drivers\rdpbus.sys
13:51:13.0776 0x22ec  rdpbus - ok
13:51:13.0822 0x22ec  [ 1DC2CC74B51E4DC4CD5A20C1021E4010, 46B7D17EE27439F2191504D1C6F6C70B2540BD4F2261DBB1F4BE783BEA99B04C ] RDPDR           C:\WINDOWS\system32\drivers\rdpdr.sys
13:51:13.0891 0x22ec  RDPDR - ok
13:51:13.0923 0x22ec  [ 177DF954D0DEC0465A380C75F6E7F65F, 6B30C78223029BD5DBA586BF961968F85762209BA55CD031460A215B20F93AB2 ] RdpVideoMiniport C:\WINDOWS\system32\drivers\rdpvideominiport.sys
13:51:13.0960 0x22ec  RdpVideoMiniport - ok
13:51:14.0007 0x22ec  [ 5D1680871054D2B0B8A971BC8AB3B837, 9CAB0B2E3857829D34A82A78B120D07E292D4D5060168D964295EB23339B7DE7 ] rdyboost        C:\WINDOWS\system32\drivers\rdyboost.sys
13:51:14.0092 0x22ec  rdyboost - ok
13:51:14.0177 0x22ec  [ 341E6830DA70F65730300DAB4CB0B490, 341EC8DB5E39963EF89E726F08730AFB2356C3BAD71CCE9EECCAB4D9B31C4863 ] ReFSv1          C:\WINDOWS\system32\drivers\ReFSv1.sys
13:51:14.0308 0x22ec  ReFSv1 - ok
13:51:14.0408 0x22ec  [ 8355BCA85B0928382DFCDD02FCD1681A, F306F038DA09C8D2095C311818E2F991B55BCD96B40B95D2A53A60EA6AC37014 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
13:51:14.0561 0x22ec  RemoteAccess - ok
13:51:14.0624 0x22ec  [ 2C82F4DCABAB389CEBB1C9E86C715C9C, 70354621D3D467616A419A818C54D2C89EA013C5050BA9944E3A7A4F25CAD6BA ] RemoteRegistry  C:\WINDOWS\system32\regsvc.dll
13:51:14.0709 0x22ec  RemoteRegistry - ok
13:51:14.0808 0x22ec  [ CFF943806EBAD5CFAC26FD3DF304E79F, 4992AFB7CE3E2117A11B97FD92ED2EC02183D461F89179B6EA42C8F5AC973374 ] RetailDemo      C:\WINDOWS\system32\RDXService.dll
13:51:15.0040 0x22ec  RetailDemo - ok
13:51:15.0109 0x22ec  [ 176D8470B15CD9080861594F9A33FA01, CFB66D7FEB9465985C2866D64EA03B7E7BE830DCF6C02B3FE2244D7F7E5343E2 ] RpcEptMapper    C:\WINDOWS\System32\RpcEpMap.dll
13:51:15.0178 0x22ec  RpcEptMapper - ok
13:51:15.0241 0x22ec  [ 1A563653DAEDFE4CA81936E0D2FD8B56, 308B0DFEBA63333D407093C449A08ABFECE118C9274100809356BDAF7FA32EB6 ] RpcLocator      C:\WINDOWS\system32\locator.exe
13:51:15.0279 0x22ec  RpcLocator - ok
13:51:15.0363 0x22ec  [ B339861C6A2A86FBCA67C2006B461473, 228ADC8A8603C0A4342C6CBC6F2CC919271D42391365061AF660E0D7151C66A4 ] RpcSs           C:\WINDOWS\system32\rpcss.dll
13:51:15.0513 0x22ec  RpcSs - ok
13:51:15.0560 0x22ec  [ 0AC5FCDC29ED97ECDEF1276425EE2059, 8A12D1732D4AA18A9ED8416F4D4A49B81CE7C4C86ABCEE8FF28A16EA61993CFE ] rspndr          C:\WINDOWS\system32\drivers\rspndr.sys
13:51:15.0629 0x22ec  rspndr - ok
13:51:15.0714 0x22ec  [ 3940780911A7BD1793B7CEEC9E4429C2, 539511D26D2EE348F80D9EFA414FD731983B14D8218E498217E7A0A0E439E41C ] RTSUER          C:\WINDOWS\system32\Drivers\RtsUer.sys
13:51:15.0792 0x22ec  RTSUER - ok
13:51:15.0846 0x22ec  [ 044890BB0D6CF1E23C1087234D320509, FA6C79D24BE4ACCFAC617D2850B922BFAA7C2766AE625C725F3ACF43C934EFAF ] s3cap           C:\WINDOWS\System32\drivers\vms3cap.sys
13:51:15.0877 0x22ec  s3cap - ok
13:51:15.0930 0x22ec  [ 889459F1FDDC5EC58B437AA6C436F33F, 8ACC32C88D81943A8A90FDAF4772C3EDE06CAB5F489F59525BEA7AAB99DAAE73 ] SamSs           C:\WINDOWS\system32\lsass.exe
13:51:15.0977 0x22ec  SamSs - ok
13:51:16.0015 0x22ec  [ 530F797129776AA7E81994783A97E2AD, F131EF036702C6E741E5A6851AE07E81043CE8BAEED0768838C0F31CE14FEC1A ] sbp2port        C:\WINDOWS\system32\drivers\sbp2port.sys
13:51:16.0062 0x22ec  sbp2port - ok
13:51:16.0131 0x22ec  [ 0C12493B333B96797AFC5F3C7831C051, BEE786D7ED14221B1A9450060597393AC44116D776B913E045B5F6066D720F74 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.dll
13:51:16.0231 0x22ec  SCardSvr - ok
13:51:16.0262 0x22ec  [ 40110802D217FE1CB581D9A70B1FD16F, CCB920593CCC6663676039F3F731536DFEF535C3F715F6DB6F34D0D733BEF89B ] ScDeviceEnum    C:\WINDOWS\System32\ScDeviceEnum.dll
13:51:16.0363 0x22ec  ScDeviceEnum - ok
13:51:16.0421 0x22ec  [ 9B6B1D4DB35A3D9BEAF023BC95E1F49D, CA44124CA3E9958FB77A891CD234A993B63E8AC6632AE801CDEC6666267E7C7E ] scfilter        C:\WINDOWS\system32\DRIVERS\scfilter.sys
13:51:16.0468 0x22ec  scfilter - ok
13:51:16.0584 0x22ec  [ EA195B8BC11C1CDB313CFD456EFFA0E9, EEDF349C59ED0645B04040707906BB4496527243858C2A6BE46BE7029B4A7F37 ] Schedule        C:\WINDOWS\system32\schedsvc.dll
13:51:16.0785 0x22ec  Schedule - ok
13:51:16.0854 0x22ec  [ 4E9158CECF77A029AB98E8FBB43FCED5, AFF8BDB8F8F8DDF4FC0D65712E031DC360856CD3CE5C8A4C8FF960388F37462F ] SCPolicySvc     C:\WINDOWS\System32\certprop.dll
13:51:16.0938 0x22ec  SCPolicySvc - ok
13:51:17.0001 0x22ec  [ B24408471C1BCB17FC44F5B47EA8DEA3, 1CFE07C793F2A3D883E9071B8703C01A7619C8C0A02AAEBAA1130F36654AFD4F ] sdbus           C:\WINDOWS\System32\drivers\sdbus.sys
13:51:17.0085 0x22ec  sdbus - ok
13:51:17.0139 0x22ec  [ 811EC0B1221402FCED0BA37E112BF627, 366EB8AF04C603BED6CF53652CC937099B247D5DD8C58D699D0D8DA22F8FDD51 ] SDRSVC          C:\WINDOWS\System32\SDRSVC.dll
13:51:17.0223 0x22ec  SDRSVC - ok
13:51:17.0255 0x22ec  [ DE6D7DC78D956928F59F7415A0F41E13, C0F8EEED29BF63A0D8FB5A0286C1C768BFEF598EC52715D910B5BB1A76231805 ] sdstor          C:\WINDOWS\System32\drivers\sdstor.sys
13:51:17.0301 0x22ec  sdstor - ok
13:51:17.0339 0x22ec  [ EBD07BD20B5E0E92A398566EF8720F79, 8A88C861D4113B9938C32CBD28FD3D7F1C3133E700E23E17F5DFD7B26CCDA04A ] seclogon        C:\WINDOWS\system32\seclogon.dll
13:51:17.0402 0x22ec  seclogon - ok
13:51:17.0424 0x22ec  [ B7B9EEBCB7466338403A75D15AC120D7, B8F79DA71F8CD0F30983F7D92B625A431C212DD543DE2B3DC03EC5A68C41B00D ] SENS            C:\WINDOWS\System32\sens.dll
13:51:17.0502 0x22ec  SENS - ok
13:51:17.0640 0x22ec  [ D14DD7D766664F880FECF44CE6017966, ECF966E3ACF4EBD5A3259468A076619A539E35F1B97AB6A98FBD7882F1FBBBAB ] SensorDataService C:\WINDOWS\System32\SensorDataService.exe
13:51:17.0903 0x22ec  SensorDataService - ok
13:51:17.0972 0x22ec  [ 45D26646E3AD737E5DE3DB91CCCE7DBA, B05AB32700998C8347BC5797B18EB97F303FCB2302BED852348F2703DEDE72F9 ] SensorService   C:\WINDOWS\system32\SensorService.dll
13:51:18.0088 0x22ec  SensorService - ok
13:51:18.0156 0x22ec  [ 7363A65C738F5A5292D7BDBE55D8C3C2, C53C10A0AE58613DFCC91E62E004D9B188E4793C2A19B4BE871A705EEE77048E ] SensrSvc        C:\WINDOWS\system32\sensrsvc.dll
13:51:18.0226 0x22ec  SensrSvc - ok
13:51:18.0272 0x22ec  [ 67585C295FF2D221679E376B68893B35, 4B5E9A8DA8C6F7B1F7129F80A0603503D467E5650306FB4C309977D74037E46B ] SerCx           C:\WINDOWS\system32\drivers\SerCx.sys
13:51:18.0326 0x22ec  SerCx - ok
13:51:18.0388 0x22ec  [ B8C4852CBCAAC1374C08EC7445443824, DDE577A81B3E11B5B56096317BC47AA6E286573042407B96A9D29BE981F3FA4D ] SerCx2          C:\WINDOWS\system32\drivers\SerCx2.sys
13:51:18.0442 0x22ec  SerCx2 - ok
13:51:18.0489 0x22ec  [ D3A103944A8FCD78FD48B2B19092790C, 252DB8395DA8639E748658D3BE7863C1700E27AA5C41BB700CFCE193FE3F04E9 ] Serenum         C:\WINDOWS\System32\drivers\serenum.sys
13:51:18.0542 0x22ec  Serenum - ok
13:51:18.0573 0x22ec  [ 249A563C48DFD9E42A37587653E003BB, D022FAE2B7AC9D99B9F230A4DF0B045891588162587E1F468B5E05C8DA98AA9A ] Serial          C:\WINDOWS\System32\drivers\serial.sys
13:51:18.0627 0x22ec  Serial - ok
13:51:18.0673 0x22ec  [ 0F5B43074AE731D2C6F061241C9D84A6, 05CFEB30A4FC11441552D37687608C8C2FD6DC2F2266AE9D6526753E26283DE6 ] sermouse        C:\WINDOWS\System32\drivers\sermouse.sys
13:51:18.0722 0x22ec  sermouse - ok
13:51:18.0821 0x22ec  [ CD90E445F6458512A5BA884D561EFCF1, E792FAB8AFF4126C1977024060842D788A06475139782896AFD7B39C85FCDF3F ] SessionEnv      C:\WINDOWS\system32\sessenv.dll
13:51:18.0927 0x22ec  SessionEnv - ok
13:51:18.0959 0x22ec  [ D9FE59276BD56A9643C32D5FACE2F251, 591862D868A545F468496DE97DEE42C9DB3AFBFC0881CBA79EB6641A254AF033 ] sfloppy         C:\WINDOWS\System32\drivers\sfloppy.sys
13:51:19.0028 0x22ec  sfloppy - ok
13:51:19.0090 0x22ec  [ F8083C536BEDE61AFB4069D8A8C16DA7, 13AADAD7B5582911B8ABBE0CF7132CC517F7413A361CCF8ED502F803D061FFA3 ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
13:51:19.0206 0x22ec  SharedAccess - ok
13:51:19.0329 0x22ec  [ AE6E4D3172FBF45B944668CB3998B8A8, E7D7F98CB464C236A17069987F7B678D7688D9D577334151EF09DF5C6F22AFFC ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
13:51:19.0491 0x22ec  ShellHWDetection - ok
13:51:19.0545 0x22ec  [ ABBE803FE0BDAE0E5BE74DDEFBE62F23, 5009F489F7A6D66628C23A0FA3D7632399D0AD72BD11A1B70D7E768ED507377D ] SiSRaid2        C:\WINDOWS\system32\drivers\SiSRaid2.sys
13:51:19.0576 0x22ec  SiSRaid2 - ok
13:51:19.0607 0x22ec  [ 6043DF55CFE3C7ACF477645FA64DEA98, 0E18EF8EC589841BC319C17FBABA7383FD247C9441ABF64A0D830976F3E611AE ] SiSRaid4        C:\WINDOWS\system32\drivers\sisraid4.sys
13:51:19.0646 0x22ec  SiSRaid4 - ok
13:51:19.0708 0x22ec  [ B922D32039A3B5991E64429EC4EE52A9, 5EB7EB1F6D2C25F06044D8CA9F3BA0471FB40C8C96432BDC2C80CC36DC49BA0B ] smphost         C:\WINDOWS\System32\smphost.dll
13:51:19.0777 0x22ec  smphost - ok
13:51:19.0846 0x22ec  [ F07301C282AA222C33F8C28B4F545275, 2938943A3A62B33C8296DF3B57897D32293F5395A5E2A01C76B0160A98C12520 ] SmsRouter       C:\WINDOWS\system32\SmsRouterSvc.dll
13:51:20.0009 0x22ec  SmsRouter - ok
13:51:20.0078 0x22ec  [ 0B6BECB2651EF947249CDC3715E8B9CC, EB7281AF3529DE16FE8CD0C0C0C8877641865A5864D58628DBAB865B510B0D0B ] SNMPTRAP        C:\WINDOWS\System32\snmptrap.exe
13:51:20.0131 0x22ec  SNMPTRAP - ok
13:51:20.0229 0x22ec  [ 1A6CB30F0EFC1632E6F1B852CA892583, 0E6BDCEE837AEC3D02C437478143C75550C94A50E36895DDB095F54A2FA18E2A ] spaceport       C:\WINDOWS\system32\drivers\spaceport.sys
13:51:20.0332 0x22ec  spaceport - ok
13:51:20.0363 0x22ec  [ E1C158F6C00359278727A2CEE5D2ED71, 1591F942C6DD99D3BA7FD4D72D957864117B2263F205468A15F1D1417C6F799D ] SpbCx           C:\WINDOWS\system32\drivers\SpbCx.sys
13:51:20.0410 0x22ec  SpbCx - ok
13:51:20.0510 0x22ec  [ D1241DFC397FA8CCFB4BB4B63AAD31AC, F8C57C2F7CA8B6D8FEE1505A143A3FECF502C8DCFFC375F9C8848A87D9714C9E ] Spooler         C:\WINDOWS\System32\spoolsv.exe
13:51:20.0679 0x22ec  Spooler - ok
13:51:21.0231 0x22ec  [ 7C58AFEC26E9F7730A8AA7FD40225937, 546EAD8889F2A1BB6DCCB7781976B975F34DA1C9047F95FEAA52CF38EC60C6DD ] sppsvc          C:\WINDOWS\system32\sppsvc.exe
13:51:22.0149 0x22ec  sppsvc - ok
13:51:22.0381 0x22ec  [ ACC1709EC7FE6EB8999DBC91C50C2B34, 83ABF51751A264291C53A32B86239A607361E56CB045CD2CBE6E41DBB8A01F54 ] srv             C:\WINDOWS\system32\DRIVERS\srv.sys
13:51:22.0498 0x22ec  srv - ok
13:51:22.0551 0x22ec  [ AFBCFC946FAE7483E27BD316D03F94A5, CC9478EA717E85C38304957E923997821DFE2A995D7C8DF98C15267D952BEFBE ] srv2            C:\WINDOWS\system32\DRIVERS\srv2.sys
13:51:22.0682 0x22ec  srv2 - ok
13:51:22.0751 0x22ec  [ 107C1EBE79710E4A759449BD6604245A, 963D693F4E61EDC7B3AA9006CC274D56E577CE0035A61DDB2A6DE72116D5C52B ] srvnet          C:\WINDOWS\system32\DRIVERS\srvnet.sys
13:51:22.0836 0x22ec  srvnet - ok
13:51:22.0905 0x22ec  [ 8C1786C073A496B8C0C8A5450A4FFD5B, 13BF3B42A63CE6C461259D4CE767FB0DE1F10433512A11D2B2C033E36E652542 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
13:51:23.0052 0x22ec  SSDPSRV - ok
13:51:23.0128 0x22ec  [ 217A982201052EFC8C3C0C88D229791C, 11509E3446ED7B75C9A05CDC4A7AF18926CB463E0D98BAE1CD5DB43E88F94F90 ] SstpSvc         C:\WINDOWS\system32\sstpsvc.dll
13:51:23.0203 0x22ec  SstpSvc - ok
13:51:23.0255 0x22ec  [ 37680AECA1BF2D430719A297F68ECD49, 64E6A2C077316CE4807F2F480324F4011003686F698CCB0AA93C659DAAE1FAB5 ] ssudmdm         C:\WINDOWS\system32\DRIVERS\ssudmdm.sys
13:51:23.0287 0x22ec  ssudmdm - ok
13:51:23.0419 0x22ec  [ 7DB9E612A2742ACEAB080B882E83141C, FFD1FA36E732F55223F3F4B5F845331DBB3073B023C2C5BF51A0E7680DEE7FA7 ] ss_conn_service C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
13:51:23.0519 0x22ec  ss_conn_service - ok
13:51:23.0794 0x22ec  [ 58863C57E4598C4F9DA967C5C36CFA5D, BB34FBC324E84E05128258CE3755241ECB63F7F2AE7F96716AC373931FAF92A8 ] StateRepository C:\WINDOWS\system32\windows.staterepository.dll
13:51:24.0185 0x22ec  StateRepository - ok
13:51:24.0285 0x22ec  [ B7368B1BF6C20922DFEDF0A35F69EEEF, 818AC8059D55A6567286C4466A5DBE96AEE4A8F799098B59022FFCA85C99F3CB ] Stereo Service  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
13:51:24.0332 0x22ec  Stereo Service - ok
13:51:24.0369 0x22ec  [ CCDA497C880AD16D87EDFAEFCFB2EDF5, 622599AA35ACFF0375DA252210BE42E7E90F30EDFEFF2F62FDB14AE6E45B5F88 ] stexstor        C:\WINDOWS\system32\drivers\stexstor.sys
13:51:24.0401 0x22ec  stexstor - ok
13:51:24.0448 0x22ec  [ 2834415C4EDD6CE35CB3CFEC50E08469, 28426616C709457DF38B5E2B4B9666C1255B81D2097589A95AAABD1BFACD302A ] StillCam        C:\WINDOWS\system32\DRIVERS\serscan.sys
13:51:24.0501 0x22ec  StillCam - ok
13:51:24.0601 0x22ec  [ 75476CAA8FA0A4E573948CDE8C7F0304, 68C4405CACA77AEED71761875A9AF60BCFBDD39E356BEA1BA8226E099BAA5FA4 ] stisvc          C:\WINDOWS\System32\wiaservc.dll
13:51:24.0733 0x22ec  stisvc - ok
13:51:24.0771 0x22ec  [ BF8EA6FC3358C2F69678E3E94F764F84, D274DAD7B5756DD49CA44277C73497F1EC465C8E365CC730CD194932C3825920 ] storahci        C:\WINDOWS\system32\drivers\storahci.sys
13:51:24.0817 0x22ec  storahci - ok
13:51:24.0871 0x22ec  [ 32FF460DA8C1F370F5C08B7654899B73, 0C9D5D38D033109BA672ABAFEF0F0CD295E9FFA108ACFCA9044429D9B2CA9057 ] storflt         C:\WINDOWS\system32\drivers\vmstorfl.sys
13:51:24.0917 0x22ec  storflt - ok
13:51:24.0933 0x22ec  [ CC21DB3EF619B9480FE31A4EFE92CBEB, 256EFCA2F231F41D34250E1460BF88894D943EAE83A0B153FCADE700AB4DE11E ] stornvme        C:\WINDOWS\system32\drivers\stornvme.sys
13:51:24.0986 0x22ec  stornvme - ok
13:51:25.0018 0x22ec  [ 390B8A75768E2689586539C224520895, D72F52E6D7AC5DC318FF9C1DF1F4E8A435D65B6BB59D7F1642222EC026BC54DB ] storqosflt      C:\WINDOWS\system32\drivers\storqosflt.sys
13:51:25.0087 0x22ec  storqosflt - ok
13:51:25.0171 0x22ec  [ FE42F8A07885E518ED1E846C93E4B78C, 264B21A5E07654F159A3E324F3B38A8C11AF619F61B5779A46367DD99EBD00A6 ] StorSvc         C:\WINDOWS\system32\storsvc.dll
13:51:25.0319 0x22ec  StorSvc - ok
13:51:25.0350 0x22ec  [ 770A92D9D3A0BF61C97C3AFCB36847D9, 21A8CC3F8E63B971C4FF8DDED5C7032E093A7B0F16E2128A9BD2E890BA76A1D9 ] storufs         C:\WINDOWS\system32\drivers\storufs.sys
13:51:25.0388 0x22ec  storufs - ok
13:51:25.0403 0x22ec  [ 736A2418E3E7F3DB3CF6EB0A55D1D581, 2D3BBC4E0C7B51EDE7479A978E4BCD5F47A7257745179F01D2D9ECFD83CCCC82 ] storvsc         C:\WINDOWS\system32\drivers\storvsc.sys
13:51:25.0450 0x22ec  storvsc - ok
13:51:25.0488 0x22ec  [ FA8F6E3AD3F92B35D2673CC9FD20429C, 62F81CBACF7E16FEF9DE3BE95FA5C9BDB51BAE4667AE5AE71399864A390FF6D5 ] svsvc           C:\WINDOWS\system32\svsvc.dll
13:51:25.0550 0x22ec  svsvc - ok
13:51:25.0604 0x22ec  [ BD98B0225BCD49E8A62F4F8EE1D1F613, CDAD11969B2DA417079547724BECC3DB4FC4711B3C01590EB0D02774B69B6D90 ] swenum          C:\WINDOWS\System32\drivers\swenum.sys
13:51:25.0651 0x22ec  swenum - ok
13:51:25.0773 0x22ec  [ F577910A133A592234EBAAD3F3AFA258, 36F514740EE2D2B2F7ABFFFA13D575233EC4CE774EB58BF889C09930FEF1F443 ] SwitchBoard     C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
13:51:25.0905 0x22ec  SwitchBoard - detected UnsignedFile.Multi.Generic ( 1 )
13:51:29.0274 0x22ec  Detect skipped due to KSN trusted
13:51:29.0274 0x22ec  SwitchBoard - ok
13:51:29.0362 0x22ec  [ 22E539A9B96C66A713583EC017562616, 210DA61DFC7AA9AD23277D9CC0239B781F4EABD322D0803AEC9434D68B81FABD ] swprv           C:\WINDOWS\System32\swprv.dll
13:51:29.0491 0x22ec  swprv - ok
13:51:29.0545 0x22ec  [ CAE4B27B469C583131EA5AAE622F5D76, 3979006EB22489D1AAD2EC2E9F32C286EEDCDB83B37B97E58BA831263EC33B84 ] Synth3dVsc      C:\WINDOWS\System32\drivers\Synth3dVsc.sys
13:51:29.0592 0x22ec  Synth3dVsc - ok
13:51:29.0730 0x22ec  [ 34A3EB84B2A830E6F450B8F885AE4E6E, E61AC6D17B815CB71F26D71CA3CCAFD9E66A170E3ED2E64A4F20D097A0C683B5 ] SysMain         C:\WINDOWS\system32\sysmain.dll
13:51:29.0946 0x22ec  SysMain - ok
13:51:30.0008 0x22ec  [ AF2C8D7C1D4DCFD5C31501F009DF42B7, 3DDF9353F014EE99B031BBC969620CA07647FBB8D78EB4697C8D633021B46B11 ] SystemEventsBroker C:\WINDOWS\System32\SystemEventsBrokerServer.dll
13:51:30.0139 0x22ec  SystemEventsBroker - ok
13:51:30.0188 0x22ec  [ 6979A147C0D5C5CAB621ADC394D32B80, C30B8E3D271A1591D965559EA4A11A1BE63A34D832ED53B26CE91799C888DF77 ] TabletInputService C:\WINDOWS\System32\TabSvc.dll
13:51:30.0257 0x22ec  TabletInputService - ok
13:51:30.0304 0x22ec  [ 3C32FF010F869BC184DF71290477384E, 55CFCEC7F026C6E2E96A2FBE846AB513BB12BB0348735274FE1B71AF019C837B ] tap0901         C:\WINDOWS\system32\DRIVERS\tap0901.sys
13:51:30.0341 0x22ec  tap0901 - ok
13:51:30.0373 0x22ec  [ 3A7CABF7DE8F1325BE8F46685469AEC3, 03B2FDEA5E10B9584EFC4ED22D6C2529322FBEF0DFEC60FE12FCE5C4A2E42F9C ] taphss6         C:\WINDOWS\system32\DRIVERS\taphss6.sys
13:51:30.0404 0x22ec  taphss6 - ok
13:51:30.0442 0x22ec  [ 86B62FC8CB89946446F9B24FE49A66FD, 7B095310D1C78B82E5ACAC4713E101DD1323A3CF6FB39218C2E78ABE2B0385B5 ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
13:51:30.0542 0x22ec  TapiSrv - ok
13:51:30.0589 0x22ec  [ 927D0CDB3F96EFC1E98FB1A2C9FB67AD, 58F14DAA0EA21EA2F2A1D3D62C88BD8E5A0E0EF498B7B8D367BEEADE6A46843C ] tapoas          C:\WINDOWS\system32\DRIVERS\tapoas.sys
13:51:30.0642 0x22ec  tapoas - ok
13:51:30.0843 0x22ec  [ 083A727D784009F9CCFB120C7841B7AF, 14242ECC3EB17154AD856A2C5229324BA6914291F4E2CD93E6AE251A31130448 ] Tcpip           C:\WINDOWS\system32\drivers\tcpip.sys
13:51:31.0174 0x22ec  Tcpip - ok
13:51:31.0382 0x22ec  [ 083A727D784009F9CCFB120C7841B7AF, 14242ECC3EB17154AD856A2C5229324BA6914291F4E2CD93E6AE251A31130448 ] Tcpip6          C:\WINDOWS\system32\drivers\tcpip.sys
13:51:31.0636 0x0450  Object required for P2P: [ 807A6636828E5F43C10A01474B8907EE ] MSDTC
13:51:31.0683 0x22ec  Tcpip6 - ok
13:51:31.0752 0x22ec  [ 17F37EC9042D84561C550620643D9A85, B01620BA319A1383D403E6E50C7724879520F3267654556D975CAFFF91A82C78 ] tcpipreg        C:\WINDOWS\system32\drivers\tcpipreg.sys
13:51:31.0805 0x22ec  tcpipreg - ok
13:51:31.0868 0x22ec  [ 91D3F2A6253EF83EFBD7903028F58C4D, C15768CCCF734093B0F8A5E76882B35927B716E4F14D91ACEE897E1C078D43D1 ] tdx             C:\WINDOWS\system32\DRIVERS\tdx.sys
13:51:31.0921 0x22ec  tdx - ok
13:51:31.0952 0x22ec  [ E730D0EB1B84EBC98423FC8D285EDBC0, 442DD433F9D22304E64EC7ACFC4E04892D4D92D8AC545A3530FC932A2EEC4767 ] terminpt        C:\WINDOWS\System32\drivers\terminpt.sys
13:51:32.0006 0x22ec  terminpt - ok
13:51:32.0106 0x22ec  [ 14307D4801C8CEF0A615907C09E886B3, C7F34C294D70DE689F673E0B5E9253B27EFEBBE6FA38B68B3B0B0374A896407E ] TermService     C:\WINDOWS\System32\termsrv.dll
13:51:32.0306 0x22ec  TermService - ok
13:51:32.0337 0x22ec  [ D009D1BC14FD5F2AC93D1878735F6C39, D8BCE505B66E05BC00075E46B38359CA4D0FA484EB7981A74221885E8A1FFB87 ] Themes          C:\WINDOWS\system32\themeservice.dll
13:51:32.0422 0x22ec  Themes - ok
13:51:32.0485 0x22ec  [ 5F27DE2082E16D4C1D6C627C8ECBD341, 08DA3EB3EF2B2006B6F9F2C8C149DF55DE6738975D556206A814096CAB5C1411 ] TieringEngineService C:\WINDOWS\system32\TieringEngineService.exe
13:51:32.0589 0x22ec  TieringEngineService - ok
13:51:32.0658 0x22ec  [ 82BC3D304654F8EBEFABDDC2AD70AFE3, 466334A46F6579E7C3F619B15243B270AACE9D04FE06E5228B4759FD619BDDD9 ] tiledatamodelsvc C:\WINDOWS\system32\tileobjserver.dll
13:51:32.0812 0x22ec  tiledatamodelsvc - ok
13:51:32.0859 0x22ec  [ 7E81E3E0D7F83BFE3C3975020B6C7F12, 316F9415646CC7A4E9A5F1E07310D433457E623B3E589543E4A6C73C4F77712C ] TimeBroker      C:\WINDOWS\System32\TimeBrokerServer.dll
13:51:32.0944 0x22ec  TimeBroker - ok
13:51:33.0012 0x22ec  [ 169B0A246067457FEF8A18EED7EED9D5, BF5AC0CB29E1E456253B881CD0608B578D7343E9DFE1738A14598D1DFFE1AB66 ] TPM             C:\WINDOWS\System32\drivers\tpm.sys
13:51:33.0091 0x22ec  TPM - ok
13:51:33.0129 0x22ec  [ AA84AF93CE5AF1F05838B51D20295419, 85B3EE773C691EEDFA080CD9C59D31CB58A5BC577AEE91A929F5DFBE1368AB6D ] TrkWks          C:\WINDOWS\System32\trkwks.dll
13:51:33.0213 0x22ec  TrkWks - ok
13:51:33.0291 0x22ec  [ E50DD57F496CED8873FA3E7D38BCCD42, 36B95F6F2CF48078C6B19FB452C87BB07E95C8804A5C6B526D349AC6227CAB26 ] TrustedInstaller C:\WINDOWS\servicing\TrustedInstaller.exe
13:51:33.0360 0x22ec  TrustedInstaller - ok
13:51:33.0411 0x22ec  [ 48E828C66AB016E48F2CB4DD585315FD, 063809B610F6B177B65D62D12605FB94F108DB26A9FD3067E6D6C51F0D92E774 ] tsusbflt        C:\WINDOWS\system32\drivers\TsUsbFlt.sys
13:51:33.0476 0x22ec  tsusbflt - ok
13:51:33.0514 0x22ec  [ 267C76EE60736EA5A1811A53FA02AABE, 28D4C4CB972534204B8336D0403B70E4EFE4F8369ABDE7401FFCCF7D4E3EA165 ] TsUsbGD         C:\WINDOWS\System32\drivers\TsUsbGD.sys
13:51:33.0561 0x22ec  TsUsbGD - ok
13:51:33.0592 0x22ec  [ 8CE72F094B822AD5EE9C3A3AFC0C16B6, 827CCD849544E1DA364B03DBC82A848D2F93AD32BA14ED52709C609BC70CE5CA ] tunnel          C:\WINDOWS\System32\drivers\tunnel.sys
13:51:33.0677 0x22ec  tunnel - ok
13:51:33.0714 0x22ec  [ 56C238ACFE4CB020D3E38508249039EA, 172868080F07D98175229A02410FE751B5958ED5A3D567D4AE5736F4025DF432 ] tzautoupdate    C:\WINDOWS\system32\tzautoupdate.dll
13:51:33.0777 0x22ec  tzautoupdate - ok
13:51:33.0813 0x22ec  [ 42C546414F80BD6C0137FC3A106F8A69, 067FFCAF0059935851888BD984E848E4E1A6CC1941A8F4534067CCF0B2A3B2E6 ] uagp35          C:\WINDOWS\system32\drivers\uagp35.sys
13:51:33.0846 0x22ec  uagp35 - ok
13:51:33.0915 0x22ec  [ 1686DBC81748B096232B15F16C302985, 63D72D1838C42A95599AF3C0B19A069E310ADB091208011D7D6FBAC968D1A59A ] UASPStor        C:\WINDOWS\System32\drivers\uaspstor.sys
13:51:33.0962 0x22ec  UASPStor - ok
13:51:33.0993 0x22ec  [ 82D3B1F4D80057826AA649D78147DE36, 344A738F6866BFD3095BB802206DDB2F9E9AD89DC39CAA7DE96455F410683829 ] UcmCx0101       C:\WINDOWS\system32\Drivers\UcmCx.sys
13:51:34.0062 0x22ec  UcmCx0101 - ok
13:51:34.0077 0x22ec  [ 1C95F7CE37D9EFB90EBE987A9712356C, B9EE7743ADA50276F05D735C5C29E44039D630A7DC93766A0EAF400DA037E4AF ] UcmUcsi         C:\WINDOWS\System32\drivers\UcmUcsi.sys
13:51:34.0131 0x22ec  UcmUcsi - ok
13:51:34.0162 0x22ec  [ AED081772091C98173905E2DF28C223B, 08541CF3354EBB634BD590E0019128F70A6FCA9075B7E785A9E9BD82EC234DD3 ] Ucx01000        C:\WINDOWS\system32\drivers\ucx01000.sys
13:51:34.0231 0x22ec  Ucx01000 - ok
13:51:34.0262 0x22ec  [ DCA34A111C29E4578DF2B8CEA3C7CDBD, 86BCE4C8EC228724D5896067A85A4768B6069D10A482ECC51A8F828DBD3880C9 ] UdeCx           C:\WINDOWS\system32\drivers\udecx.sys
13:51:34.0309 0x22ec  UdeCx - ok
13:51:34.0363 0x22ec  [ 718A956AE00CE086F381044AB66CC29C, E4EED1600C72CECE1D4507827C329A93D356BBA027470FCF6C4B5C1651DED643 ] udfs            C:\WINDOWS\system32\DRIVERS\udfs.sys
13:51:34.0479 0x22ec  udfs - ok
13:51:34.0494 0x22ec  [ BA760F8E66428BA9FF1E8BFBC6248136, BE7DCBB293B12672CB3653E640C46F669BD738D320F34F4FA4A26F6B248561F0 ] UEFI            C:\WINDOWS\System32\drivers\UEFI.sys
13:51:34.0547 0x22ec  UEFI - ok
13:51:34.0594 0x22ec  [ 28B8E1C6CBCF9FFE2FABFF3160C26ADF, 1C90E6C4E17C9B5555151943970BB6CC196E7EFC6665D9B9DCBB1EC51C70C715 ] Ufx01000        C:\WINDOWS\system32\drivers\ufx01000.sys
13:51:34.0664 0x22ec  Ufx01000 - ok
13:51:34.0695 0x22ec  [ 2B1DABA97DDF5365FC66EE7DEDD86A13, 2FF3355862938B37EE63FCA149415CE5032BF54747B07517BB21460733B65AD8 ] UfxChipidea     C:\WINDOWS\System32\drivers\UfxChipidea.sys
13:51:34.0733 0x22ec  UfxChipidea - ok
13:51:34.0780 0x22ec  [ 2A87EA182EA333D79AA0B03833EA67F2, 227792A8B4E63CF60A3DEECF829448C8FD59A40DEF3F42414E432820F8D34F64 ] ufxsynopsys     C:\WINDOWS\System32\drivers\ufxsynopsys.sys
13:51:34.0817 0x22ec  ufxsynopsys - ok
13:51:34.0880 0x22ec  [ 63451BD694651307254B8DD37A3D79C7, C781E2D876AF42D5972CCDCF86B7A59F6AF8AF0C6350647F3FA1B209119B5EF9 ] UI0Detect       C:\WINDOWS\system32\UI0Detect.exe
13:51:34.0949 0x22ec  UI0Detect - ok
13:51:34.0996 0x22ec  [ 6DE78C04BF32ECA7AF3064F53687C9A5, 164D3BB24EBA3EAF613799928063FE75220A4E583D985F53A895017782C18600 ] uliagpkx        C:\WINDOWS\system32\drivers\uliagpkx.sys
13:51:35.0049 0x22ec  uliagpkx - ok
13:51:35.0080 0x22ec  [ 67D1E0E6E4D5D33AF0AEF0E33B4DA0F4, BA2E6F16B6B3B54C943F1E7B9F79A6D1332A7ED228D754CC5AE70E3CD78B1F37 ] umbus           C:\WINDOWS\System32\drivers\umbus.sys
13:51:35.0096 0x0450  Object send P2P result: true
13:51:35.0149 0x0450  Object required for P2P: [ 7C58AFEC26E9F7730A8AA7FD40225937 ] sppsvc
13:51:35.0181 0x22ec  umbus - ok
13:51:35.0196 0x22ec  [ 11680607944A719EF20E0E740785712A, 1567C2B3AAD702DCC2DC9C6B7B92EE5B681C06701A39DAC3AA7E2BE9E1E04F47 ] UmPass          C:\WINDOWS\System32\drivers\umpass.sys
13:51:35.0273 0x22ec  UmPass - ok
13:51:35.0319 0x22ec  [ FD949725D9EB52C0B87435CDE1134668, 96E2B3D3379E9AE225E5A4C5251207F1E7DA573901F4F026758EDE9FAEF4F2C5 ] UmRdpService    C:\WINDOWS\System32\umrdp.dll
13:51:35.0397 0x22ec  UmRdpService - ok
13:51:35.0520 0x22ec  [ CB902A15DD21B363FECA5DCCF34F5C57, 6A0836A12A410EBD5C667982852B58CA9E9EDB11EA666C413CC0F811E01A549D ] UnistoreSvc     C:\WINDOWS\System32\unistore.dll
13:51:35.0699 0x22ec  UnistoreSvc - ok
13:51:36.0270 0x22ec  [ 7E5E1603D0FF2D240AE70295C5C3FEFC, 1E5F8E415ACE3C6DFBE636473DBE051329174F2A085516B6FC1515A54014D02B ] UNS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
13:51:36.0539 0x22ec  UNS - ok
13:51:36.0624 0x22ec  [ B85A8CF2BE74DFF1E80097AC94584112, B1DBACC33A4143FEE2CF54E567590A69580312AD7A053BCC85B487C4D451FBDA ] upnphost        C:\WINDOWS\System32\upnphost.dll
13:51:36.0740 0x22ec  upnphost - ok
13:51:36.0787 0x22ec  [ 2410A0C20D21A25E6C01979FA886BE90, DD3F92D8CF110D47B9E36BA0EB10EB34C0FDD28FE0D57E4B60F9326703388F75 ] UrsChipidea     C:\WINDOWS\System32\drivers\urschipidea.sys
13:51:36.0825 0x22ec  UrsChipidea - ok
13:51:36.0871 0x22ec  [ 6E59CE43B6BA5AA1ADCF36A4DBBB92BB, 647D66775A90F67D803043DE8C8AE8BC2F7A042A8DCF9C95BF5458C79609481B ] UrsCx01000      C:\WINDOWS\system32\drivers\urscx01000.sys
13:51:36.0940 0x22ec  UrsCx01000 - ok
13:51:36.0972 0x22ec  [ E8A59FA109A22FC07E44BDFCC9727DBD, 0DC5928C0FF7E5B38917660D6EFECCC22172DB0BB9B23216F33E750790529C16 ] UrsSynopsys     C:\WINDOWS\System32\drivers\urssynopsys.sys
13:51:37.0019 0x22ec  UrsSynopsys - ok
13:51:37.0056 0x22ec  [ D8A44550ECE102B6443F5D54DCE7DAB3, 97F5AE7B17DAC4A4F3186C77116BC8E49874FB0018C99D8E2CDA29D89E8B0912 ] usbccgp         C:\WINDOWS\System32\drivers\usbccgp.sys
13:51:37.0125 0x22ec  usbccgp - ok
13:51:37.0157 0x22ec  [ 66B3D22DAB5312FF238ABF5C6D9F8FAB, 4A644AFC1C27D692D352BEB8801398A00EA5B4055476063AF905A0A46DDBF8BB ] usbcir          C:\WINDOWS\System32\drivers\usbcir.sys
13:51:37.0226 0x22ec  usbcir - ok
13:51:37.0288 0x22ec  [ 3E4F20DB902D2E2914F3FF3DB9772200, F3D32BE06A26164B5F6E8DB67160D1DBBDC6D14666EEF84EA43C78CB7706E31C ] usbehci         C:\WINDOWS\System32\drivers\usbehci.sys
13:51:37.0326 0x22ec  usbehci - ok
13:51:37.0388 0x22ec  [ 41F7F00D76904416EF1F9EFA1A4C37A2, 7A4250EB2E2E0037B3AE1480C13B229ECFF5C575E68E4F934EE011DB1833B46A ] usbhub          C:\WINDOWS\System32\drivers\usbhub.sys
13:51:37.0473 0x22ec  usbhub - ok
13:51:37.0527 0x22ec  [ E7463CE8579A0418A98BE9BE42C647D7, 923CD51C82FCF9DC4E9EEA99E53634EE07EBF62FB5DFC337F01309D7D5C7622C ] USBHUB3         C:\WINDOWS\System32\drivers\UsbHub3.sys
13:51:37.0642 0x22ec  USBHUB3 - ok
13:51:37.0674 0x22ec  [ DAB35CCA86F5FBE77D870A40089BC4A1, 4A47D59D882D0F2B93F2EE7F10995E7D68B58009434E2CBD04C659E0D1F059D8 ] usbohci         C:\WINDOWS\System32\drivers\usbohci.sys
13:51:37.0727 0x22ec  usbohci - ok
13:51:37.0743 0x0450  Object send P2P result: true
13:51:37.0743 0x22ec  [ 21162F65C7756AAECAEBED9E67D0A5FE, DE3B43964171DB5B0464DA5E7A674A5D200A8695E6EF1AE2030681066ABA2688 ] usbprint        C:\WINDOWS\System32\drivers\usbprint.sys
13:51:37.0790 0x22ec  usbprint - ok
13:51:37.0843 0x22ec  [ 4AAD6547953D373A1EB5B2DF583D868B, 4E3DCEC9644550996C314FCC39F885DDE4AA7AD821B8596D96C5BEA5D60795F7 ] usbser          C:\WINDOWS\System32\drivers\usbser.sys
13:51:37.0890 0x22ec  usbser - ok
13:51:37.0928 0x22ec  [ 8949F77132A4F8F3BA17C6727099F002, 86AD4A2263B34983335180FDAE775D1744E042D2A11300D27DF546F15F285A25 ] USBSTOR         C:\WINDOWS\System32\drivers\USBSTOR.SYS
13:51:37.0974 0x22ec  USBSTOR - ok
13:51:38.0006 0x22ec  [ 8B3E458A8851F9A3B2109B1680EE1159, 753AC8F82F65564F00EA2F60B43E4B815FEAABE0DA35B6356210A5F4B1CA3EFC ] usbuhci         C:\WINDOWS\System32\drivers\usbuhci.sys
13:51:38.0043 0x22ec  usbuhci - ok
13:51:38.0106 0x22ec  [ 9E9D58F5E1702955B2F4D62996F80E8E, 6C21C250B9D98346D0D5CB7D6C11AB120A1D195C28313BDB0CE532663F0114E2 ] USBXHCI         C:\WINDOWS\System32\drivers\USBXHCI.SYS
13:51:38.0175 0x22ec  USBXHCI - ok
13:51:38.0329 0x22ec  [ 2771EBB565F5C121E66060B173991D4D, 1EB34A6262A18E47ADCA392FDB2D58E8428A1CA43EB4196D76A897F74A03CA7F ] UserDataSvc     C:\WINDOWS\System32\userdataservice.dll
13:51:38.0576 0x22ec  UserDataSvc - ok
13:51:39.0162 0x22ec  [ 36EC82F0E399F36BD25F593D63DC144A, 2A9E916A098ACD5A5074A5FD053ECAB027A0932A348C728F20CD63EF16289533 ] UserManager     C:\WINDOWS\System32\usermgr.dll
13:51:39.0346 0x22ec  UserManager - ok
13:51:39.0426 0x22ec  [ 05F4CB5991D897E4253BF61FA5E828F8, 25B5B6751B4455491E9A050DF5C12F788B5677F70FB4844E0BF851090AC1F74C ] UsoSvc          C:\WINDOWS\system32\usocore.dll
13:51:39.0547 0x22ec  UsoSvc - ok
13:51:39.0578 0x22ec  [ 889459F1FDDC5EC58B437AA6C436F33F, 8ACC32C88D81943A8A90FDAF4772C3EDE06CAB5F489F59525BEA7AAB99DAAE73 ] VaultSvc        C:\WINDOWS\system32\lsass.exe
13:51:39.0627 0x22ec  VaultSvc - ok
13:51:39.0678 0x22ec  [ E1BE37312785A71862516F66B3FD24CE, D248C513DBEACB192653C6E46809209F341771B146544BBF43B86369280B4F8B ] vdrvroot        C:\WINDOWS\system32\drivers\vdrvroot.sys
13:51:39.0709 0x22ec  vdrvroot - ok
13:51:39.0810 0x22ec  [ 67A6E949395A09914AD8B38FE14B8D15, 593F2FAA880B2E0468F98BD58B5214A170E5890907B25294D7A47C66505A3D45 ] vds             C:\WINDOWS\System32\vds.exe
13:51:39.0973 0x22ec  vds - ok
13:51:40.0020 0x22ec  [ E42C0F2850735FF9D908B9DB581E6314, E2204A56BF37FC57CD2ED96E3F908882D72B4BFF1BFB97C5172C851F1E4F9650 ] VerifierExt     C:\WINDOWS\system32\drivers\VerifierExt.sys
13:51:40.0089 0x22ec  VerifierExt - ok
13:51:40.0174 0x22ec  [ EC15FD6A28757793E2DA394CD94ABD52, DC758BBEE9C6952D7B3F7171EF67B037B4068E88189A2C4A894122D1D1209468 ] vhdmp           C:\WINDOWS\System32\drivers\vhdmp.sys
13:51:40.0289 0x22ec  vhdmp - ok
13:51:40.0321 0x22ec  [ D0C9632C350F46786643A069251BC249, CF65BA0D3F3D2B821C10E2D4F53F5B6BF6236CA9767419392A561CFA79254C3B ] vhf             C:\WINDOWS\System32\drivers\vhf.sys
13:51:40.0358 0x22ec  vhf - ok
13:51:40.0390 0x22ec  [ E886CB75DA2B6EB35469EF10135624C7, 3AFC59A0709B984F517A918D5BBEBEB1C80001BEC87C133447DCEAEDE00E516D ] vmbus           C:\WINDOWS\system32\drivers\vmbus.sys
13:51:40.0443 0x22ec  vmbus - ok
13:51:40.0459 0x22ec  [ 46D2EC27820EC0F798F85821E53C2942, D298A7D6AC16F76A069F843C8DD323ECB340D361733CB9B076BCDE8FC5F1FEFC ] VMBusHID        C:\WINDOWS\System32\drivers\VMBusHID.sys
13:51:40.0506 0x22ec  VMBusHID - ok
13:51:40.0590 0x22ec  [ 9AFCCEBFC4D311B62EF0C5457FBB405C, 965736DD97D7BF23AA62D4DFB4563534B252E26C66A3FDD1461024FD2315C53A ] vmicguestinterface C:\WINDOWS\System32\ICSvc.dll
13:51:40.0722 0x22ec  vmicguestinterface - ok
13:51:40.0775 0x22ec  [ 9AFCCEBFC4D311B62EF0C5457FBB405C, 965736DD97D7BF23AA62D4DFB4563534B252E26C66A3FDD1461024FD2315C53A ] vmicheartbeat   C:\WINDOWS\System32\ICSvc.dll
13:51:40.0875 0x22ec  vmicheartbeat - ok
13:51:40.0922 0x22ec  [ 9AFCCEBFC4D311B62EF0C5457FBB405C, 965736DD97D7BF23AA62D4DFB4563534B252E26C66A3FDD1461024FD2315C53A ] vmickvpexchange C:\WINDOWS\System32\ICSvc.dll
13:51:41.0022 0x22ec  vmickvpexchange - ok
13:51:41.0091 0x22ec  [ 9AFCCEBFC4D311B62EF0C5457FBB405C, 965736DD97D7BF23AA62D4DFB4563534B252E26C66A3FDD1461024FD2315C53A ] vmicrdv         C:\WINDOWS\System32\ICSvc.dll
13:51:41.0192 0x22ec  vmicrdv - ok
13:51:41.0245 0x22ec  [ 9AFCCEBFC4D311B62EF0C5457FBB405C, 965736DD97D7BF23AA62D4DFB4563534B252E26C66A3FDD1461024FD2315C53A ] vmicshutdown    C:\WINDOWS\System32\ICSvc.dll
13:51:41.0341 0x22ec  vmicshutdown - ok
13:51:41.0377 0x22ec  [ 9AFCCEBFC4D311B62EF0C5457FBB405C, 965736DD97D7BF23AA62D4DFB4563534B252E26C66A3FDD1461024FD2315C53A ] vmictimesync    C:\WINDOWS\System32\ICSvc.dll
13:51:41.0477 0x22ec  vmictimesync - ok
13:51:41.0524 0x22ec  [ 9AFCCEBFC4D311B62EF0C5457FBB405C, 965736DD97D7BF23AA62D4DFB4563534B252E26C66A3FDD1461024FD2315C53A ] vmicvmsession   C:\WINDOWS\System32\ICSvc.dll
13:51:41.0608 0x22ec  vmicvmsession - ok
13:51:41.0677 0x22ec  [ 9AFCCEBFC4D311B62EF0C5457FBB405C, 965736DD97D7BF23AA62D4DFB4563534B252E26C66A3FDD1461024FD2315C53A ] vmicvss         C:\WINDOWS\System32\ICSvc.dll
13:51:41.0746 0x22ec  vmicvss - ok
13:51:41.0809 0x22ec  [ B9265F47E7A354BAAA0AF5CBA3F8F7CE, F836E7BEDC7CAB1C01225164D171A0210D8F909F52992E4C0BF3C92B365BCD52 ] volmgr          C:\WINDOWS\system32\drivers\volmgr.sys
13:51:41.0845 0x22ec  volmgr - ok
13:51:41.0878 0x22ec  [ BEE9C8B72AB752B794F69C2B9B3678AA, 49A5093C26F3CDCD60577F7F2D7F936C7B2BD010B27F2C49A7B6AA41E42DF98D ] volmgrx         C:\WINDOWS\system32\drivers\volmgrx.sys
13:51:41.0925 0x22ec  volmgrx - ok
13:51:41.0978 0x22ec  [ E1F91A727A04C9F8199D04FF3BBBF63C, 076CAEE621DBF7DE24ED92BA239C440879FDB674CF3213DF3E35AEC03D0D2031 ] volsnap         C:\WINDOWS\system32\drivers\volsnap.sys
13:51:42.0047 0x22ec  volsnap - ok
13:51:42.0078 0x22ec  [ F7B1B1101271E31F43CC76E890704F51, 2282D82B220C3D13FF980ED8E40443C83816D3DA9557EACEA137873F92BB9CF4 ] vpci            C:\WINDOWS\System32\drivers\vpci.sys
13:51:42.0109 0x22ec  vpci - ok
13:51:42.0147 0x22ec  [ D48ED0A08BD2FD25A833E6AC99623091, 6CA7580878D3893E14B4938023A00CDFC9BE215A0CE4ED59A94F95DFD9FDF4D8 ] vsmraid         C:\WINDOWS\system32\drivers\vsmraid.sys
13:51:42.0194 0x22ec  vsmraid - ok
13:51:42.0346 0x22ec  [ 4CF5A1E0C4FCA956ACD6C654E2A8610E, 57F3C7200C25E8717AF92AF2ED7615C6605179D3514B432220FA6EA94CAB4F2E ] VSS             C:\WINDOWS\system32\vssvc.exe
13:51:42.0595 0x22ec  VSS - ok
13:51:42.0698 0x22ec  [ 79F4D90FAA0ACC1866F2F3E03E39CA89, EE08BCBF29A7E4AFFF520B8DF067281425F433EC275F8C86CE8F20F000E92E3D ] vssbrigde64     C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\x64\vssbridge64.exe
13:51:42.0729 0x22ec  vssbrigde64 - ok
13:51:42.0799 0x22ec  [ 6990D4AFDF545669D4E6C232F26DE1FB, 9B8F99A035188FD96BA79E935E8EF387BEA2223ECA0B74CF64AB993DABAA5722 ] VSTXRAID        C:\WINDOWS\system32\drivers\vstxraid.sys
13:51:42.0868 0x22ec  VSTXRAID - ok
13:51:42.0915 0x22ec  [ 1EE11F0508C58EF081F4176E66D6970B, 9069B3FC8850C7CF617909C6DBFC3753FEB59A9E708379CC57190F4097FB374E ] vwifibus        C:\WINDOWS\System32\drivers\vwifibus.sys
13:51:42.0968 0x22ec  vwifibus - ok
13:51:42.0999 0x22ec  [ 938E4EF58E42D252B742B0E243011B90, AC0C21FBAF15924CB271CA43ACB7A86287936C78B4852BCFC59EC7EC703E036C ] vwififlt        C:\WINDOWS\system32\drivers\vwififlt.sys
13:51:43.0068 0x22ec  vwififlt - ok
13:51:43.0115 0x22ec  [ 3BE5AAC930447FD18D4A8255A2FEC95C, A517357188FE4A5BD98A3CDB2165ACCE96CCE4BE2B90DDBEAF70B6DDF393F506 ] vwifimp         C:\WINDOWS\System32\drivers\vwifimp.sys
13:51:43.0225 0x22ec  vwifimp - ok
13:51:43.0294 0x22ec  [ 48C1A256591297C43ECFC4E30D144EAA, 8E66833ED2CEB6D7E499EB2E4282B4F9DFA28B6D21757BB88EC52FD069D7FACE ] W32Time         C:\WINDOWS\system32\w32time.dll
13:51:43.0441 0x22ec  W32Time - ok
13:51:43.0510 0x22ec  [ CDA9A00B16808D7A5BBB66287B89EE21, B25F98F26B0153E5DD5C744539CB6ACAFAA13E0F7B5D140C1844158B79BC9006 ] w3logsvc        C:\WINDOWS\system32\inetsrv\w3logsvc.dll
13:51:43.0561 0x22ec  w3logsvc - ok
13:51:43.0642 0x22ec  [ 1430B095A4DF52C04BDBC31C861C9324, B686C97D13CE966D44A7695BE78A4501F96CF8E69B24AFFE6C8E643132BB8861 ] W3SVC           C:\WINDOWS\system32\inetsrv\iisw3adm.dll
13:51:43.0766 0x22ec  W3SVC - ok
13:51:43.0802 0x22ec  [ 00C27B64C758C111E5D78A70DE6CA2B6, C99761B9B671B3A1FF1C52796CCA3F4F825BF50D9657D13B551E849CDD82055D ] WacomPen        C:\WINDOWS\System32\drivers\wacompen.sys
13:51:43.0845 0x22ec  WacomPen - ok
13:51:43.0912 0x22ec  [ D76D1AC4F2C642D09A68227D129A4726, D14D6C4D94E9660848C74B220359683D91A4A3D70750E781A20B6D86D46794CE ] WalletService   C:\WINDOWS\system32\WalletService.dll
13:51:44.0030 0x22ec  WalletService - ok
13:51:44.0061 0x22ec  [ 8CB53620B2C2F0641DD7563EA0FDF491, D62FE75C908409A54949F0E3C39558DC7A8F11AF7496ED7B0872D80D08CB67A7 ] wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
13:51:44.0114 0x22ec  wanarp - ok
13:51:44.0130 0x22ec  [ 8CB53620B2C2F0641DD7563EA0FDF491, D62FE75C908409A54949F0E3C39558DC7A8F11AF7496ED7B0872D80D08CB67A7 ] wanarpv6        C:\WINDOWS\system32\DRIVERS\wanarp.sys
13:51:44.0193 0x22ec  wanarpv6 - ok
13:51:44.0262 0x22ec  [ 1430B095A4DF52C04BDBC31C861C9324, B686C97D13CE966D44A7695BE78A4501F96CF8E69B24AFFE6C8E643132BB8861 ] WAS             C:\WINDOWS\system32\inetsrv\iisw3adm.dll
13:51:44.0362 0x22ec  WAS - ok
13:51:44.0537 0x22ec  [ 2598BBF11C9E7D0885DCA52E7FD5BCBD, 46B1FB080A2CD88C89A0EB8BA2594A1FA2C341ED77A6C6835CBFFE42907FAC55 ] wbengine        C:\WINDOWS\system32\wbengine.exe
13:51:44.0785 0x22ec  wbengine - ok
13:51:44.0870 0x22ec  [ 642EFABF900374FA85639D83B5533AFD, 292692D6AAC2A785D237ADFBC7CA3D379E8FC79FA366A8CE7D06F5CA5CE6866B ] WbioSrvc        C:\WINDOWS\System32\wbiosrvc.dll
13:51:45.0023 0x22ec  WbioSrvc - ok
13:51:45.0101 0x22ec  [ 0BF8D8C7EC9FB15D6480A12101E88B71, E7BC6A4E53D8C9D73BF83097DFE43ED8038B7BED0AE56E5AF7983F74562F15A3 ] Wcmsvc          C:\WINDOWS\System32\wcmsvc.dll
13:51:45.0255 0x22ec  Wcmsvc - ok
13:51:45.0358 0x22ec  [ 53A036CED1270F2459E708A05922FD49, 2F281A72E4B0408DE6C8153F5988C9AA38591FB1E72558767D389637D0666A85 ] wcncsvc         C:\WINDOWS\System32\wcncsvc.dll
13:51:45.0474 0x22ec  wcncsvc - ok
13:51:45.0506 0x22ec  [ 965B6197A659782B6A0F68411A180AAD, 5541AB78B71E4FA655BCBF2D80D574B2A3B4AA8871F65D26620BDE549FA5459A ] WcsPlugInService C:\WINDOWS\System32\WcsPlugInService.dll
13:51:45.0559 0x22ec  WcsPlugInService - ok
13:51:45.0574 0x22ec  [ 069D3D6E20AD753B34FCE856F0436869, CF8C12295DDAA56E7350019AADBA533D7857CFB3F20DEE14E557963645A9331B ] WdBoot          C:\WINDOWS\system32\drivers\WdBoot.sys
13:51:45.0627 0x22ec  WdBoot - ok
13:51:45.0744 0x22ec  [ 6CC727E94CD84E9720FDCDA8089CABCC, BCF66056B06DED6BC2D329E910FCD3E685D627BAD3B5D7F4B0E970B45CD9CEF4 ] Wdf01000        C:\WINDOWS\system32\drivers\Wdf01000.sys
13:51:45.0844 0x22ec  Wdf01000 - ok
13:51:45.0924 0x22ec  [ E3E97151A1D1E87BB2D5371F66C5F169, 0ED0B9852FE0533816F5EE2F06045B3964A00FD749A7011DB3C663AB6FA369E2 ] WdFilter        C:\WINDOWS\system32\drivers\WdFilter.sys
13:51:45.0993 0x22ec  WdFilter - ok
13:51:46.0044 0x22ec  [ 75DC67553051103547B693898CB32D08, 4FCF2C3DBBE85461364B1F3A3F3629B52C8664487D30142D15937A4C96EF6A8F ] WdiServiceHost  C:\WINDOWS\system32\wdi.dll
13:51:46.0129 0x22ec  WdiServiceHost - ok
13:51:46.0144 0x22ec  [ 75DC67553051103547B693898CB32D08, 4FCF2C3DBBE85461364B1F3A3F3629B52C8664487D30142D15937A4C96EF6A8F ] WdiSystemHost   C:\WINDOWS\system32\wdi.dll
13:51:46.0229 0x22ec  WdiSystemHost - ok
13:51:46.0307 0x22ec  [ 2BC2E99623119521EEF7910A11D0FDE0, 3F3E48A79534F0F65F961D9B170D534562E04901B630127B16DF02E6D42F2BBF ] wdiwifi         C:\WINDOWS\system32\DRIVERS\wdiwifi.sys
13:51:46.0447 0x22ec  wdiwifi - ok
13:51:46.0478 0x22ec  [ 07B043160399AF4009054E2EA3464BF4, 8D652D7CD75F8FB2B5414155355F0C970015914E1AC6522DBB8387BB8662F542 ] WdNisDrv        C:\WINDOWS\system32\Drivers\WdNisDrv.sys
13:51:46.0532 0x22ec  WdNisDrv - ok
13:51:46.0547 0x22ec  WdNisSvc - ok
13:51:46.0602 0x22ec  [ 9972D395DBD05D91DA5EDADEB9325680, 9382D846793F285721A1A0FED42F914035A53D856B902FADB0B7144C471BDA91 ] WebClient       C:\WINDOWS\System32\webclnt.dll
13:51:46.0710 0x22ec  WebClient - ok
13:51:46.0763 0x22ec  [ B6BF579761489720BCE787F723F596E5, 879B17F6A4F23F5E85A09126B7B407955DDCEB1BA4A8FFC0A418B7F47311C056 ] Wecsvc          C:\WINDOWS\system32\wecsvc.dll
13:51:46.0848 0x22ec  Wecsvc - ok
13:51:46.0879 0x22ec  [ 10C9CF8771A2A87F575F9FB56821474E, 15E3DFFE9CF6777F67E426ECF797D2DF743EA152DEE336DCC9C2F92A0E6EB9A3 ] WEPHOSTSVC      C:\WINDOWS\system32\wephostsvc.dll
13:51:46.0933 0x22ec  WEPHOSTSVC - ok
13:51:46.0980 0x22ec  [ 357C083FE35D030D991D163AAF622A06, F301852D49DBDEF0D28F56CD74CBDC71CA003EBD07D3F46EA5C870DC1BD07896 ] wercplsupport   C:\WINDOWS\System32\wercplsupport.dll
13:51:47.0064 0x22ec  wercplsupport - ok
13:51:47.0111 0x22ec  [ 2235AF716D15D9DFE4C59DC2AC0C440C, 2DCFCEBEA77E7E40CEF9A785BE1A794B390B36E40FBCF49B494F9CEA3F6A28C4 ] WerSvc          C:\WINDOWS\System32\WerSvc.dll
13:51:47.0233 0x22ec  WerSvc - ok
13:51:47.0265 0x22ec  [ C11272713719922DE5711094333BD166, 61D4F07E02AECF04964FF51EEA31069A2B0EAA549AD2B29B5FD3E1E6BB543593 ] WFPLWFS         C:\WINDOWS\system32\drivers\wfplwfs.sys
13:51:47.0333 0x22ec  WFPLWFS - ok
13:51:47.0365 0x22ec  [ 205A1FAE910F5C493D236245850BB62A, DBA4D1D734BAA3CDEB8A7F9C81A8DAA88CEA55AF5C4C5908E76FB8E522C5EC8A ] WiaRpc          C:\WINDOWS\System32\wiarpc.dll
13:51:47.0412 0x22ec  WiaRpc - ok
13:51:47.0465 0x22ec  [ EF536C54AB9281FDC4E83B07279FCFC4, 22E4F133170682EE14413CA8FDC2DBE73AB31960D6ACB728A6B398229FDDFD3B ] WIMMount        C:\WINDOWS\system32\drivers\wimmount.sys
13:51:47.0496 0x22ec  WIMMount - ok
13:51:47.0512 0x22ec  WinDefend - ok
13:51:47.0581 0x22ec  [ D8966A76408107224C6013993135DD78, 6159F69BC26FF817078E68C70E6DFC9075FEBF9EF9F4F046C7A65BC377544AE6 ] WindowsTrustedRT C:\WINDOWS\system32\drivers\WindowsTrustedRT.sys
13:51:47.0634 0x22ec  WindowsTrustedRT - ok
13:51:47.0650 0x22ec  [ 8B102A7B6CE326FD4208CC7C2D183343, E47C1D76CBFD2A382C3A7BB048D752FB6DD4616FADDEB1C3ADD5DDAE149742AF ] WindowsTrustedRTProxy C:\WINDOWS\system32\drivers\WindowsTrustedRTProxy.sys
13:51:47.0697 0x22ec  WindowsTrustedRTProxy - ok
13:51:47.0797 0x22ec  [ FFD04E8263FC9CDB89BAD8C27C337223, 7021161D354F1536DA261D001524B92301466631DCFA161A7C6355AAC86BBE40 ] WinHttpAutoProxySvc C:\WINDOWS\system32\winhttp.dll
13:51:47.0966 0x22ec  WinHttpAutoProxySvc - ok
13:51:48.0022 0x22ec  [ 4A53441C1C4D2878BEF27E381138BB2D, C221E74491E6FD2AF472B53876B46788D5CF62F4E645457F3B3816FD0ED2BAA1 ] WinMad          C:\WINDOWS\System32\drivers\winmad.sys
13:51:48.0053 0x22ec  WinMad - ok
13:51:48.0153 0x22ec  [ 1033C37122C7404C3B926ADF84874832, 163B3A7112F13AE7BB2655A28C6B19AF9B263F2AD2FF1B75314BE3E2B9118903 ] Winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
13:51:48.0240 0x22ec  Winmgmt - ok
13:51:48.0495 0x22ec  [ 703D0F62C5AA4D08EE8756516C0D125D, 02015A5E62490C11EC968160C528C2AFD1D7194AACA27F407B06EB462657511F ] WinRM           C:\WINDOWS\system32\WsmSvc.dll
13:51:48.0903 0x22ec  WinRM - ok
13:51:49.0079 0x22ec  [ 260907CE034FE327AC99BDA4153AB22F, B96501F43248713C2E153B9D22B78D51412A3C6989A2FB5F53A406C6CDC98D30 ] WINUSB          C:\WINDOWS\System32\drivers\WinUSB.SYS
13:51:49.0148 0x22ec  WINUSB - ok
13:51:49.0164 0x22ec  [ 40A3E8D729F458B2C9A8BD9380FF83D5, CD42FFC138969EF8C9588FD113F0B9A98FBA282D46A5B6BCFA765F55ED6E97A1 ] WinVerbs        C:\WINDOWS\System32\drivers\winverbs.sys
13:51:49.0232 0x22ec  WinVerbs - ok
13:51:49.0264 0x22ec  [ 2E1D1B7FED9042CDBAD4A053F7F86A44, DA32D1E01DFA6D7BEF10DFB014E62490BD35994628F93C1EC9F65735AD3F58C1 ] WiseFS          C:\Windows\WiseFs64.sys
13:51:49.0280 0x22ec  WiseFS - detected UnsignedFile.Multi.Generic ( 1 )
13:51:51.0666 0x22ec  Detect skipped due to KSN trusted
13:51:51.0666 0x22ec  WiseFS - ok
13:51:51.0765 0x22ec  [ 4C69A8E2E159C1C59BC4B688E9DD7F8C, 235C7A41425846EFE4966490EB7F72AA768B3FE1665843BF58520DDBD6822A74 ] WisLMSvc        C:\Program Files (x86)\Launch Manager\WisLMSvc.exe
13:51:51.0788 0x22ec  WisLMSvc - ok
13:51:51.0994 0x22ec  [ 453740989239803FE363FF8B40EA2E08, 25499705627C38D3431B3C336E0CF3BF55ABB0C461B88DA6D3767CAAE1E2B893 ] WlanSvc         C:\WINDOWS\System32\wlansvc.dll
13:51:52.0352 0x22ec  WlanSvc - ok
13:51:52.0537 0x22ec  [ E48BBF1363F843E030757EC190DD33E6, B37199495115ED423BA99B7317377CE865BB482D4E847861E871480AC49D4A84 ] wlidsvc         C:\WINDOWS\system32\wlidsvc.dll
13:51:52.0878 0x22ec  wlidsvc - ok
13:51:52.0909 0x22ec  [ 8F010BF65238F3F822D22BA12831796E, 2CA830F259B742D2F5CDD0437960BF512D40FB4A4C2342E3BABB38D468F79694 ] WmiAcpi         C:\WINDOWS\System32\drivers\wmiacpi.sys
13:51:52.0962 0x22ec  WmiAcpi - ok
13:51:53.0025 0x22ec  [ 74ACA5A7880C1F0BB9D60E32E1705A70, A89817BCCBFF94D7394614DA81D1C6C4F53AF47A539E674EEF6DC3FC496BF702 ] wmiApSrv        C:\WINDOWS\system32\wbem\WmiApSrv.exe
13:51:53.0125 0x22ec  wmiApSrv - ok
13:51:53.0163 0x22ec  WMPNetworkSvc - ok
13:51:53.0210 0x22ec  [ 2A9650FCC696DB28E45EA8B33B99B8E6, FBEBC6C05D50F578C6EEE0A7285EBE1DEADB08DD21FA3232630FD8D5A68FC3FB ] Wof             C:\WINDOWS\system32\drivers\Wof.sys
13:51:53.0263 0x22ec  Wof - ok
13:51:53.0464 0x22ec  [ 4090C6738AA92B428220857B4D44F638, 4A3EE47494051E5BA8393F2AC8226EF434DA3AA1895CF4BADC9BC1BC378647C6 ] workfolderssvc  C:\WINDOWS\system32\workfolderssvc.dll
13:51:53.0764 0x22ec  workfolderssvc - ok
13:51:53.0811 0x22ec  [ 22C52D7EE7C7D0E02C8EFD8CAE8E3A71, 126605A12CEC9CC07DE3050F12E43CECABEAF0D00DF12300AF70F34700F7FE8E ] wpcfltr         C:\WINDOWS\system32\DRIVERS\wpcfltr.sys
13:51:53.0843 0x22ec  wpcfltr - ok
13:51:53.0896 0x22ec  [ 45FA01F8B7971ACB65202038E34D04A3, 9B2C2ABC7DB716295B0BD0AF04DA08E6B4200D7CF1C7DB59DD8FD8FEBD56D94C ] WPDBusEnum      C:\WINDOWS\system32\wpdbusenum.dll
13:51:53.0981 0x22ec  WPDBusEnum - ok
13:51:54.0012 0x22ec  [ 1C08E424CBDD5065BB7266F8C048C1B1, 0452C85EDA6CBAB75C2617886C5D8117ED25D91F1BE0F8377B08D55B6629B028 ] WpdUpFltr       C:\WINDOWS\system32\drivers\WpdUpFltr.sys
13:51:54.0043 0x22ec  WpdUpFltr - ok
13:51:54.0112 0x22ec  [ 2C6EEFFBB7FB1C51CCD3737C77AB9109, 8C2ED309FAF4312512E7BCCBBC51B1353603A3499077A1DE21991F0692AF1620 ] WpnService      C:\WINDOWS\system32\WpnService.dll
13:51:54.0166 0x22ec  WpnService - ok
13:51:54.0197 0x22ec  [ 638B43D39A3D0B47024555CF1095E6F1, C7EA0A6ED227A5256EB02CA76FEC538DF196B8DC38DA2A567757D2B221C9473E ] ws2ifsl         C:\WINDOWS\system32\drivers\ws2ifsl.sys
13:51:54.0244 0x22ec  ws2ifsl - ok
13:51:54.0297 0x22ec  [ 9C17CF2D05F8DA5AC66880B6BEE64E7D, 8930079A1AFA97657BE567038EE57C988D3DE9A6C24EA46160E2974837082535 ] wscsvc          C:\WINDOWS\System32\wscsvc.dll
13:51:54.0382 0x22ec  wscsvc - ok
13:51:54.0397 0x22ec  WSearch - ok
13:51:54.0698 0x22ec  [ 6E04BBE242E2889B37300C4DF5CE1126, FBDAEAC62C48A4FC5EF412AE47FF10590AE83E8871412F76F6F9BAE910542DFA ] WSService       C:\WINDOWS\System32\WSService.dll
13:51:55.0124 0x22ec  WSService - ok
13:51:55.0457 0x22ec  [ 8A88DBA247BFF23BD284C2189F41FDA5, 86A617CB7C7473306DA2889AA30B488ABB9B824F7DCA31AA675DA6EB3974887C ] wuauserv        C:\WINDOWS\system32\wuaueng.dll
13:51:55.0827 0x22ec  wuauserv - ok
13:51:55.0889 0x22ec  [ A928F25CB62232F413EE655352856E10, 1D2B278A24DDDE8792ADE7649FF90A98E186B79F13AA296C30E4180293BE906A ] WudfPf          C:\WINDOWS\system32\drivers\WudfPf.sys
13:51:55.0942 0x22ec  WudfPf - ok
13:51:55.0974 0x22ec  [ A932391623D5CEC4EF4A2A17D3CEBFCD, 54AA17F385347DED262BDA84F2D99106DC5D9BF8765D647BD76265356193BDFA ] WUDFRd          C:\WINDOWS\system32\drivers\WudfRd.sys
13:51:56.0058 0x22ec  WUDFRd - ok
13:51:56.0111 0x22ec  [ 1336DA39FE006EAB2733CA4DE5B3560C, F0D6C71ADCB66D4D14EC6D09FD43F5521A3A8CA53F248DFD01696FB4F033BE77 ] wudfsvc         C:\WINDOWS\System32\WUDFSvc.dll
13:51:56.0175 0x22ec  wudfsvc - ok
13:51:56.0227 0x22ec  [ A932391623D5CEC4EF4A2A17D3CEBFCD, 54AA17F385347DED262BDA84F2D99106DC5D9BF8765D647BD76265356193BDFA ] WUDFWpdFs       C:\WINDOWS\system32\DRIVERS\WUDFRd.sys
13:51:56.0290 0x22ec  WUDFWpdFs - ok
13:51:56.0327 0x22ec  [ A932391623D5CEC4EF4A2A17D3CEBFCD, 54AA17F385347DED262BDA84F2D99106DC5D9BF8765D647BD76265356193BDFA ] WUDFWpdMtp      C:\WINDOWS\system32\DRIVERS\WUDFRd.sys
13:51:56.0390 0x22ec  WUDFWpdMtp - ok
13:51:56.0528 0x22ec  [ 5DA95027DF2317174E8C39B4A8D1FCD8, 99B356411CB08B8BCCF2348DBF1FD5D4F417EA509D9C7CE23E5877C333F4D304 ] WwanSvc         C:\WINDOWS\System32\wwansvc.dll
13:51:56.0744 0x22ec  WwanSvc - ok
13:51:56.0844 0x22ec  [ 5DFAF8BE5A3CABAABF6795BC09EB7876, 1AFD0BC50EA5C2CCB2874E97FE5205175C80849BD6C9BDAF9FBC49174D478997 ] XblAuthManager  C:\WINDOWS\System32\XblAuthManager.dll
13:51:57.0014 0x22ec  XblAuthManager - ok
13:51:57.0161 0x22ec  [ 7118498F6E48758A2EF5A7D1982E2B62, 1FF75AE64CB6DB263E8B35515E092B325AA71A6B2210F8F2B0AD087B3BA33345 ] XblGameSave     C:\WINDOWS\System32\XblGameSave.dll
13:51:57.0393 0x22ec  XblGameSave - ok
13:51:57.0446 0x22ec  [ F279536122B83FD0D8E158AA753E1B7C, 6A542F28E24B30DBDC2EEE24DA33C2F4ADB3596AEDDD71DC1495DD40577CE4BB ] xboxgip         C:\WINDOWS\System32\drivers\xboxgip.sys
13:51:57.0546 0x22ec  xboxgip - ok
13:51:57.0662 0x22ec  [ 69E727F94BEA64E66C284F3C482F33E6, B3E0F287E7A251E0FC17C41089C45737027E54F0213BDE847356AC882B4D3700 ] XboxNetApiSvc   C:\WINDOWS\system32\XboxNetApiSvc.dll
13:51:57.0863 0x22ec  XboxNetApiSvc - ok
13:51:57.0910 0x22ec  [ DA0807D87A62D076C29C4E30F1E84F46, CA3079350038091AEE04D4DA7C06865E9DB3095120AE61AAB575AA77E86A6223 ] xinputhid       C:\WINDOWS\System32\drivers\xinputhid.sys
13:51:57.0963 0x22ec  xinputhid - ok
13:51:57.0963 0x22ec  ================ Scan global ===============================
13:51:58.0047 0x22ec  [ 82E25186617BA6C15010F0D47C705705, 5BF9E38918E6EAE86448137E2D120B80318AA1143CDDF539A2BFBEE227646816 ] C:\WINDOWS\system32\basesrv.dll
13:51:58.0117 0x22ec  [ E2899695BD30B5F93EC626EBBEF2CB69, B190D2903A109D2C146D881F90769060A0E971942F4AA61AEAD81861032D89C3 ] C:\WINDOWS\system32\winsrv.dll
13:51:58.0195 0x22ec  [ 09E92888FFF86F3334E59778724DCA6F, 2344763B52395EF565A9DE5F55BEDCA026AD2E8072FFD06F826BF366B3BA2AB4 ] C:\WINDOWS\system32\sxssrv.dll
13:51:58.0252 0x22ec  [ 6FF8248F3A9D69A095C7F3F42BC29CB2, 9077B1AA0AFB8DB329FDED0E51085DE1C51B22A986162F29037FCA404A80D512 ] C:\WINDOWS\system32\services.exe
13:51:58.0283 0x22ec  [ Global ] - ok
13:51:58.0283 0x22ec  ================ Scan MBR ==================================
13:51:58.0299 0x22ec  [ EB2571B16B316C9FE5AA1C4797FF61EE ] \Device\Harddisk0\DR0
13:52:03.0920 0x12b4  Object required for P2P: [ 34A3EB84B2A830E6F450B8F885AE4E6E ] SysMain
13:52:05.0223 0x22ec  \Device\Harddisk0\DR0 - ok
13:52:05.0223 0x22ec  ================ Scan VBR ==================================
13:52:05.0223 0x22ec  [ 6A903CA563214361E00BF5C5D5C3D2A6 ] \Device\Harddisk0\DR0\Partition1
13:52:05.0270 0x22ec  \Device\Harddisk0\DR0\Partition1 - ok
13:52:05.0286 0x22ec  [ 8B891B889BC9C16081C131209EBF0F77 ] \Device\Harddisk0\DR0\Partition2
13:52:05.0286 0x22ec  \Device\Harddisk0\DR0\Partition2 - ok
13:52:05.0323 0x22ec  [ 44A1A062C90E4C06B60942525CB5811B ] \Device\Harddisk0\DR0\Partition3
13:52:05.0323 0x22ec  \Device\Harddisk0\DR0\Partition3 - ok
13:52:05.0323 0x22ec  ================ Scan generic autorun ======================
13:52:05.0370 0x22ec  fspuip - ok
13:52:06.0284 0x22ec  [ 10E268B0D4AA2ECED79BE1A327A16A61, 460AF4A72F44F2EC3C726353BADA4294BB3736FA1131C83D9AFDCF1F318FD60F ] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
13:52:07.0398 0x12b4  Object send P2P result: true
13:52:07.0430 0x12b4  Object required for P2P: [ 4CF5A1E0C4FCA956ACD6C654E2A8610E ] VSS
13:52:07.0684 0x22ec  RTHDVCPL - ok
13:52:07.0901 0x22ec  [ E897F9B62E611D59FDFAB82FC829B93A, E11E1A488D461105104E7FFD9F8219BDD231807FE33600233BEF11A432E138FD ] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
13:52:08.0147 0x22ec  RtHDVBg_Dolby - ok
13:52:08.0182 0x22ec  [ 0C3154D0620F974AD5C4E8D87626C8CF, 4E6B751F9C0D5D4833A12166BC5142E0A7402E98D00F570926ED9CA0936A8007 ] C:\WINDOWS\system32\igfxtray.exe
13:52:08.0231 0x22ec  IgfxTray - ok
13:52:08.0278 0x22ec  [ E4AA3D28753EF9DB333FE40079993B09, ECC60BAA7D21EF97CDA17F45277FBFE52B2169155DDB157E34A7AE2EC1BEC185 ] C:\WINDOWS\system32\hkcmd.exe
13:52:08.0357 0x22ec  HotKeysCmds - ok
13:52:08.0410 0x22ec  [ CF40080765D6F66FA93318C0DB6C7D1F, 015EE5BE439DAC6D3F7C7471EEF554C11F28947492E3F7AA14BB72622C327DCD ] C:\WINDOWS\system32\igfxpers.exe
13:52:08.0472 0x22ec  Persistence - ok
13:52:08.0573 0x22ec  [ 63B913AAB1244D8DED54CF0EFC8A56BD, 639830E9ECB004F09EA968EDF68C0037B5DFF7CCFF007DE5D11DEF2166707341 ] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe
13:52:08.0642 0x22ec  AdobeAAMUpdater-1.0 - ok
13:52:08.0690 0x22ec  [ 9BE365E0380829A96B11237B91356CAF, 92E6858275354E1B455AE2EB11F8FDEBE00DB874083B2BD64CCB49B89301AAB0 ] C:\Program Files (x86)\Launch Manager\HotkeyApp.exe
13:52:08.0727 0x22ec  HotkeyApp - ok
13:52:08.0759 0x22ec  [ DFA1067EA4157BCCCFD48F052066A076, 5E5B60C20CFF1F3F9D45588B0E0AEB59C3F4C11089CCB52AA92890773BAA081F ] C:\Program Files (x86)\Launch Manager\OSD.exe
13:52:08.0828 0x22ec  LMgrVolOSD - ok
13:52:08.0859 0x22ec  [ 70CE12FE6D58F4E2DDDECC1FEDCFF96C, B1CADC4B8E7A3A6D27BF9FA227902F15305532FD3D180DAC2C512E4153A4BC39 ] C:\Program Files (x86)\Launch Manager\Wbutton.exe
13:52:08.0928 0x22ec  Wbutton - ok
13:52:08.0997 0x22ec  [ 34D296AFC913E302953C70463EF09A48, BC413307CBC56C039EE8A05B51A56E14EF59678FBB33815AEB320078056C8CE7 ] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
13:52:09.0028 0x22ec  HP Software Update - ok
13:52:09.0742 0x22ec  [ 88F8A731DEA7F49D92F84A0A77C5CC67, 030458922DA43AAF6C95EC430860A73032616851E03E58170F71E918720717CB ] C:\Windows\SysWOW64\OneDriveSetup.exe
13:52:10.0552 0x22ec  OneDriveSetup - ok
13:52:10.0880 0x12b4  Object send P2P result: true
13:52:11.0161 0x22ec  [ 88F8A731DEA7F49D92F84A0A77C5CC67, 030458922DA43AAF6C95EC430860A73032616851E03E58170F71E918720717CB ] C:\Windows\SysWOW64\OneDriveSetup.exe
13:52:11.0836 0x22ec  OneDriveSetup - ok
13:52:12.0451 0x22ec  [ 88F8A731DEA7F49D92F84A0A77C5CC67, 030458922DA43AAF6C95EC430860A73032616851E03E58170F71E918720717CB ] C:\Windows\SysWOW64\OneDriveSetup.exe
13:52:13.0021 0x22ec  OneDriveSetup - ok
13:52:13.0052 0x22ec  Sidebar - ok
13:52:13.0137 0x22ec  [ CB396B37F21C205F00ACE39CF999295A, FD8CB2426D4B9F13480DD823F0479E75316F6486262E88E420398A2C7AB91F57 ] C:\Program Files (x86)\Windows Mail\wab.exe
13:52:13.0537 0x22ec  WAB Migrate - ok
13:52:13.0769 0x22ec  [ 8E3A4D64A060C5CAA90F3B0C15A7DFE9, 62CEE1449AF368A5FA16DDF9690526965C32979564CF66BD8B3BB534110A910C ] C:\Users\VanessaundUwe\AppData\Roaming\Spotify\SpotifyWebHelper.exe
13:52:13.0938 0x22ec  Spotify Web Helper - ok
13:52:14.0595 0x22ec  [ 79B65FCC2AC6169B0B898F2894C61221, 5D4801D5D3C8E60F02D93E07B0068471C37B7E25359786A868DBC391D9E4E9DD ] C:\Program Files\CCleaner\CCleaner64.exe
13:52:15.0493 0x22ec  CCleaner Monitoring - ok
13:52:15.0859 0x22ec  [ B98194D75819C598E4FD574F5AC67537, CE036D8141007D2FDF15879B3F5AA6C4E2A34A2B3ACD40970AC33C33FA6518AD ] C:\Program Files\DAEMON Tools Lite\DTAgent.exe
13:52:16.0294 0x22ec  DAEMON Tools Lite Automount - ok
13:52:16.0598 0x22ec  [ F9387D080BF8566354CDB0445AB8F87B, 4EE5D4A15E2D3DF578FA0370449C0894166B1B2998B63D9F02A994845350B86A ] C:\Users\VanessaundUwe\AppData\Local\Microsoft\OneDrive\OneDrive.exe
13:52:16.0665 0x22ec  OneDrive - ok
13:52:17.0203 0x22ec  [ 96C06D6C65559D1B7D6C5A62288725EE, 61CCCA9248742414AAE8973DF121CE2E7EC1385D219E3F3D306EAA3A2989C28C ] C:\Users\VanessaundUwe\AppData\Roaming\Spotify\Spotify.exe
13:52:18.0007 0x22ec  Spotify - ok
13:52:18.0370 0x22ec  [ EAD8BFF3BF75C7D0B28527303EA13933, 4832257495F3366202411545986611FB785C5480BC13CAFBFB877F78FF0DE9F5 ] C:\Program Files\HP\HP OfficeJet 3830 series\Bin\ScanToPCActivationApp.exe
13:52:18.0718 0x22ec  HP OfficeJet 3830 series (NET) - ok
13:52:18.0830 0x22ec  [ DC54B039458C66E12299ED2838E8175E, 94550869D7C3844198810DF121C670F0ED195D5C8FC9D56AD0D1B62C43834388 ] C:\ProgramData\class-3\class-47.exe
13:52:18.0984 0x22ec  class-2 - detected UnsignedFile.Multi.Generic ( 1 )
13:52:22.0585 0x22ec  class-2 ( UnsignedFile.Multi.Generic ) - warning
13:52:24.0771 0x1de8  Object required for P2P: [ 8E3A4D64A060C5CAA90F3B0C15A7DFE9 ] C:\Users\VanessaundUwe\AppData\Roaming\Spotify\SpotifyWebHelper.exe
13:52:25.0279 0x22ec  [ 41E25E514D90E9C8BC570484DBAFF62B, E6C49F7CE186DC4C9DA2C393469B070C0F1B95A01D281AE2B89538DA453D1583 ] C:\WINDOWS\system32\cmd.exe
13:52:25.0433 0x22ec  Uninstall C:\Users\VanessaundUwe\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64 - ok
13:52:25.0480 0x22ec  [ 41E25E514D90E9C8BC570484DBAFF62B, E6C49F7CE186DC4C9DA2C393469B070C0F1B95A01D281AE2B89538DA453D1583 ] C:\WINDOWS\system32\cmd.exe
13:52:25.0580 0x22ec  Uninstall C:\Users\VanessaundUwe\AppData\Local\Microsoft\OneDrive\17.3.5892.0626 - ok
13:52:25.0634 0x22ec  [ 41E25E514D90E9C8BC570484DBAFF62B, E6C49F7CE186DC4C9DA2C393469B070C0F1B95A01D281AE2B89538DA453D1583 ] C:\WINDOWS\system32\cmd.exe
13:52:25.0712 0x22ec  Uninstall C:\Users\VanessaundUwe\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64 - ok
13:52:25.0765 0x22ec  [ 41E25E514D90E9C8BC570484DBAFF62B, E6C49F7CE186DC4C9DA2C393469B070C0F1B95A01D281AE2B89538DA453D1583 ] C:\WINDOWS\system32\cmd.exe
13:52:25.0850 0x22ec  Uninstall C:\Users\VanessaundUwe\AppData\Local\Microsoft\OneDrive\17.3.6281.1202 - ok
13:52:25.0897 0x22ec  [ 41E25E514D90E9C8BC570484DBAFF62B, E6C49F7CE186DC4C9DA2C393469B070C0F1B95A01D281AE2B89538DA453D1583 ] C:\WINDOWS\system32\cmd.exe
13:52:25.0981 0x22ec  Uninstall C:\Users\VanessaundUwe\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64 - ok
13:52:26.0182 0x22ec  [ 41E25E514D90E9C8BC570484DBAFF62B, E6C49F7CE186DC4C9DA2C393469B070C0F1B95A01D281AE2B89538DA453D1583 ] C:\WINDOWS\system32\cmd.exe
13:52:26.0267 0x22ec  Uninstall C:\Users\VanessaundUwe\AppData\Local\Microsoft\OneDrive\17.3.6301.0127 - ok
13:52:26.0515 0x22ec  [ 53A997A49E1B38823EAEA2643B121356, 4BA2D1D7367515B976E04E800A8E1A2AA1D2378CDB8BD1AF42B020460F15915A ] C:\Users\VanessaundUwe\AppData\Roaming\bionics-3\bionics-53.exe
13:52:26.0637 0x22ec  bionics-5 - detected UnsignedFile.Multi.Generic ( 1 )
13:52:27.0262 0x1de8  Object send P2P result: true
13:52:27.0262 0x1de8  Object required for P2P: [ 79B65FCC2AC6169B0B898F2894C61221 ] C:\Program Files\CCleaner\CCleaner64.exe
13:52:29.0984 0x22ec  bionics-5 ( UnsignedFile.Multi.Generic ) - warning
13:52:30.0812 0x1de8  Object send P2P result: true
13:52:30.0812 0x1de8  Object required for P2P: [ 96C06D6C65559D1B7D6C5A62288725EE ] C:\Users\VanessaundUwe\AppData\Roaming\Spotify\Spotify.exe
13:52:31.0770 0x1668  Object required for P2P: [ 41E25E514D90E9C8BC570484DBAFF62B ] C:\WINDOWS\system32\cmd.exe
13:52:34.0235 0x1668  Object send P2P result: true
13:52:34.0235 0x1668  Object required for P2P: [ 41E25E514D90E9C8BC570484DBAFF62B ] C:\WINDOWS\system32\cmd.exe
13:52:34.0382 0x1de8  Object send P2P result: true
13:52:36.0694 0x1668  Object send P2P result: true
13:52:36.0694 0x1668  Object required for P2P: [ 41E25E514D90E9C8BC570484DBAFF62B ] C:\WINDOWS\system32\cmd.exe
13:52:40.0161 0x1668  Object send P2P result: true
13:52:40.0161 0x1668  Object required for P2P: [ 41E25E514D90E9C8BC570484DBAFF62B ] C:\WINDOWS\system32\cmd.exe
13:52:42.0366 0x22ec  Waiting for KSN requests completion. In queue: 3
13:52:43.0377 0x22ec  Waiting for KSN requests completion. In queue: 3
13:52:43.0625 0x1668  Object send P2P result: true
13:52:43.0625 0x1668  Object required for P2P: [ 41E25E514D90E9C8BC570484DBAFF62B ] C:\WINDOWS\system32\cmd.exe
13:52:44.0380 0x22ec  Waiting for KSN requests completion. In queue: 2
13:52:45.0389 0x22ec  Waiting for KSN requests completion. In queue: 2
13:52:46.0393 0x22ec  Waiting for KSN requests completion. In queue: 2
13:52:47.0082 0x1668  Object send P2P result: true
13:52:47.0082 0x1668  Object required for P2P: [ 41E25E514D90E9C8BC570484DBAFF62B ] C:\WINDOWS\system32\cmd.exe
13:52:47.0401 0x22ec  Waiting for KSN requests completion. In queue: 1
13:52:48.0414 0x22ec  Waiting for KSN requests completion. In queue: 1
13:52:49.0415 0x22ec  Waiting for KSN requests completion. In queue: 1
13:52:50.0430 0x22ec  Waiting for KSN requests completion. In queue: 1
13:52:50.0546 0x1668  Object send P2P result: true
13:52:51.0631 0x22ec  AV detected via SS2: Kaspersky Anti-Virus, C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\wmiav.exe ( 16.0.0.614 ), 0x41000 ( enabled : updated )
13:52:51.0663 0x22ec  AV detected via SS2: Windows Defender, C:\Program Files\Windows Defender\MSASCui.exe ( 4.9.10586.0 ), 0x60100 ( disabled : updated )
13:52:51.0678 0x22ec  FW detected via SS2: Kaspersky Anti-Virus, C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\wmiav.exe ( 16.0.0.614 ), 0x40010 ( disabled )
13:52:51.0709 0x22ec  Win FW state via NFP2: enabled ( trusted )
13:53:04.0085 0x22ec  ============================================================
13:53:04.0085 0x22ec  Scan finished
13:53:04.0085 0x22ec  ============================================================
13:53:04.0100 0x2a44  Detected object count: 2
13:53:04.0100 0x2a44  Actual detected object count: 2
13:54:57.0320 0x2a44  class-2 ( UnsignedFile.Multi.Generic ) - skipped by user
13:54:57.0320 0x2a44  class-2 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:54:57.0320 0x2a44  bionics-5 ( UnsignedFile.Multi.Generic ) - skipped by user
13:54:57.0320 0x2a44  bionics-5 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:57:03.0809 0x0e20  Deinitialize success

M-K-D-B · 17.05.2016, 13:21

Servus,

du bist mit einem Banking-Trojaner infiziert.
Bis wir mit der Bereinigung fertig sind, bitte keine Online-Geschäfte mehr ausführen.

Du hast da mindestens eine illegale/gecrackte Software auf deinem Rechner:
Adobe Photoshop

Lesestoff:
Illegale Software: Cracks, Keygens und Co

Bitte lesen => http://www.trojaner-board.de/95393-c...-software.html

Es geht weiter, wenn du alles Illegale entfernt hast.

Bei wiederholten Crack/Keygen Verstößen behalte ich es mir vor, den Support einzustellen, d.h. Hilfe nur noch bei der Datensicherung und Neuinstallation des Betriebssystems.

Librarios · 17.05.2016, 14:15

Hallo Matthias,

sorry, ein Bekannter hatte mir das mal installiert. Habe Photoshop nun entfernt. Soll ich als Beweis noch irgendwelche neuen Logfiles erstellen und posten?

BG Librarios

M-K-D-B · 17.05.2016, 20:27

Servus,

bitte FRST nochmal zur Kontrolle:

Starte die FRST.exe erneut. Setze einen Haken vor Addition.txt und drücke auf Untersuchen.
FRST erstellt wieder zwei Logdateien (FRST.txt und Addition.txt).
Poste mir beide Logdateien mit deiner nächsten Antwort.

Librarios · 17.05.2016, 20:52

Hallo Matthias,

anbei die neuen Logfiles:

Code:

ATTFilter

Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:14-05-2016
durchgeführt von VanessaundUwe (Administrator) auf ANUKET (17-05-2016 21:44:15)
Gestartet von C:\Users\VanessaundUwe\Desktop
Geladene Profile: UpdatusUser & VanessaundUwe (Verfügbare Profile: UpdatusUser & VanessaundUwe)
Platform: Windows 10 Home Version 1511 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: Edge)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
() C:\Windows\System32\FspService.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\avp.exe
(DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\WerFault.exe
konnte nicht auf den Prozess zugreifen -> obexsrv.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\x64\wmi64.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\avpui.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(BitTorrent Inc.) C:\Users\VanessaundUwe\AppData\Roaming\uTorrent\uTorrent.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Spotify Ltd) C:\Users\VanessaundUwe\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe
(Spotify Ltd) C:\Users\VanessaundUwe\AppData\Roaming\Spotify\Spotify.exe
(Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP OfficeJet 3830 series\Bin\ScanToPCActivationApp.exe
(Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP OfficeJet 3830 series\Bin\HPNetworkCommunicatorCom.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Wistron) C:\Program Files (x86)\Launch Manager\HotkeyApp.exe
(Wistron Corp.) C:\Program Files (x86)\Launch Manager\WisLMSvc.exe
(Wistron Corp.) C:\Program Files (x86)\Launch Manager\OSD.exe
(Wistron Corp.) C:\Program Files (x86)\Launch Manager\WButton.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Simply Super Software) C:\Program Files (x86)\Trojan Remover\Trjscan.exe


==================== Registry (Nicht auf der Ausnahmeliste) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [fspuip] => C:\Program Files\FSP\fspuip.exe [6319440 2015-05-29] (Sentelic Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12681320 2011-08-26] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2277480 2011-08-16] (Realtek Semiconductor)
HKLM-x32\...\Run: [HotkeyApp] => C:\Program Files (x86)\Launch Manager\HotkeyApp.exe [207400 2011-08-06] (Wistron)
HKLM-x32\...\Run: [LMgrVolOSD] => C:\Program Files (x86)\Launch Manager\OSD.exe [348960 2011-08-06] (Wistron Corp.)
HKLM-x32\...\Run: [Wbutton] => C:\Program Files (x86)\Launch Manager\Wbutton.exe [447016 2011-08-13] (Wistron Corp.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [TrojanScanner] => C:\Program Files (x86)\Trojan Remover\Trjscan.exe [3753016 2016-05-12] (Simply Super Software)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2663113073-2047370837-3390539344-1000\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-2663113073-2047370837-3390539344-1000\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [517632 2015-10-30] (Microsoft Corporation)
HKU\S-1-5-21-2663113073-2047370837-3390539344-1001\...\Run: [Spotify Web Helper] => C:\Users\VanessaundUwe\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1525360 2016-04-27] (Spotify Ltd)
HKU\S-1-5-21-2663113073-2047370837-3390539344-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8698584 2016-04-15] (Piriform Ltd)
HKU\S-1-5-21-2663113073-2047370837-3390539344-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4471536 2015-05-21] (Disc Soft Ltd)
HKU\S-1-5-21-2663113073-2047370837-3390539344-1001\...\Run: [Spotify] => C:\Users\VanessaundUwe\AppData\Roaming\Spotify\Spotify.exe [6890608 2016-04-27] (Spotify Ltd)
HKU\S-1-5-21-2663113073-2047370837-3390539344-1001\...\Run: [HP OfficeJet 3830 series (NET)] => C:\Program Files\HP\HP OfficeJet 3830 series\Bin\ScanToPCActivationApp.exe [3651080 2015-03-09] (Hewlett-Packard Development Company, LP)
HKU\S-1-5-21-2663113073-2047370837-3390539344-1001\...\Run: [adhesion-5] => C:\ProgramData\adhesion-8\adhesion-26.exe [611416 2016-05-17] (InSoft)
HKU\S-1-5-21-2663113073-2047370837-3390539344-1001\...\RunOnce: [Uninstall C:\Users\VanessaundUwe\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\VanessaundUwe\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64"
HKU\S-1-5-21-2663113073-2047370837-3390539344-1001\...\RunOnce: [Uninstall C:\Users\VanessaundUwe\AppData\Local\Microsoft\OneDrive\17.3.5892.0626] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\VanessaundUwe\AppData\Local\Microsoft\OneDrive\17.3.5892.0626"
HKU\S-1-5-21-2663113073-2047370837-3390539344-1001\...\RunOnce: [Uninstall C:\Users\VanessaundUwe\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\VanessaundUwe\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64"
HKU\S-1-5-21-2663113073-2047370837-3390539344-1001\...\RunOnce: [Uninstall C:\Users\VanessaundUwe\AppData\Local\Microsoft\OneDrive\17.3.6281.1202] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\VanessaundUwe\AppData\Local\Microsoft\OneDrive\17.3.6281.1202"
HKU\S-1-5-21-2663113073-2047370837-3390539344-1001\...\RunOnce: [Uninstall C:\Users\VanessaundUwe\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\VanessaundUwe\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64"
HKU\S-1-5-21-2663113073-2047370837-3390539344-1001\...\RunOnce: [Uninstall C:\Users\VanessaundUwe\AppData\Local\Microsoft\OneDrive\17.3.6301.0127] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\VanessaundUwe\AppData\Local\Microsoft\OneDrive\17.3.6301.0127"
HKU\S-1-5-21-2663113073-2047370837-3390539344-1001\...\Winlogon: [Shell] C:\ProgramData\hardness-79\hardness-27.exe -5,explorer.exe <==== ACHTUNG
HKU\S-1-5-21-2663113073-2047370837-3390539344-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [31744 2015-10-30] (Microsoft Corporation)
AppInit_DLLs: C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [176904 2015-07-23] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [155280 2015-07-23] (NVIDIA Corporation)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-04-25] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-04-25] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-04-25] (Google)
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} =>  Keine Datei
Startup: C:\Users\VanessaundUwe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk [2016-05-04]
ShortcutTarget: An OneNote senden.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Keine Datei)
Startup: C:\Users\VanessaundUwe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\meson-4.lnk [2016-05-17]
ShortcutTarget: meson-4.lnk -> C:\Users\VanessaundUwe\AppData\Roaming\meson-0\meson-2.exe (ReGet Software)

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Hosts: Es ist mehr als ein Eintrag in der Hosts Datei zu finden. Siehe Hosts-Bereich in Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{8f5df9ee-db20-4d5f-824a-44184399e846}: [DhcpNameServer] 192.168.178.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.avira.net/#web/result?source=art&q=
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.avira.net/#web/result?source=art&q=
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.avira.net/#web/result?source=art&q=
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.avira.net/#web/result?source=art&q=
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://search.avira.net/#web/result?source=art&q=
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://search.avira.net/#web/result?source=art&q=
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://search.avira.net/#web/result?source=art&q=
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://search.avira.net/#web/result?source=art&q=
HKU\S-1-5-21-2663113073-2047370837-3390539344-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/
HKU\S-1-5-21-2663113073-2047370837-3390539344-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.avira.net/#web/result?source=art&q=
HKU\S-1-5-21-2663113073-2047370837-3390539344-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://search.avira.net/#web/result?source=art&q=
HKU\S-1-5-21-2663113073-2047370837-3390539344-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://search.avira.net/#web/result?source=art&q=
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope Wert fehlt
SearchScopes: HKU\S-1-5-21-2663113073-2047370837-3390539344-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Kaspersky Protection plugin -> {C66D064F-82FE-4E1A-B06A-B2490BA48B18} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\x64\IEExt\ie_plugin.dll [2015-12-08] (AO Kaspersky Lab)
BHO: Kein Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> Keine Datei
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-23] (Oracle Corporation)
BHO-x32: Kaspersky Protection plugin -> {C66D064F-82FE-4E1A-B06A-B2490BA48B18} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\IEExt\ie_plugin.dll [2015-12-08] (AO Kaspersky Lab)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-23] (Oracle Corporation)
Toolbar: HKLM - Kaspersky Protection toolbar - {3507FA00-ADA2-4A02-99B9-51AD26CA9120} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\x64\IEExt\ie_plugin.dll [2015-12-08] (AO Kaspersky Lab)
Toolbar: HKLM-x32 - Kaspersky Protection toolbar - {3507FA00-ADA2-4A02-99B9-51AD26CA9120} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\IEExt\ie_plugin.dll [2015-12-08] (AO Kaspersky Lab)

FireFox:
========
FF ProfilePath: C:\Users\VanessaundUwe\AppData\Roaming\Mozilla\Firefox\Profiles\1llto6n5.default-1405673245214
FF Homepage: hxxp://www.google.de
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_21_0_0_242.dll [2016-05-12] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [Keine Datei]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_242.dll [2016-05-12] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-23] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-23] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-14] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-14] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2011-10-17] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2011-10-17] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.1 -> C:\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-05-03] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll [Keine Datei]
FF Plugin HKU\S-1-5-21-2663113073-2047370837-3390539344-1001: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [Keine Datei]
FF Extension: Ebay Toolbar - C:\Users\VanessaundUwe\AppData\Roaming\Mozilla\Firefox\Profiles\1llto6n5.default-1405673245214\extensions\FFEbayShoppingToolbar@wangtom.com [2015-07-22]
FF Extension: Kaspersky Protection - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\FFExt\light_plugin_firefox [2016-04-28]
FF Extension: Avira Browser Safety - C:\Users\VanessaundUwe\AppData\Roaming\Mozilla\Firefox\Profiles\1llto6n5.default-1405673245214\Extensions\abs@avira.com [2016-05-13]
FF Extension: ADB Helper - C:\Users\VanessaundUwe\AppData\Roaming\Mozilla\Firefox\Profiles\1llto6n5.default-1405673245214\Extensions\adbhelper@mozilla.org [2016-02-06]
FF Extension: Pin It button - C:\Users\VanessaundUwe\AppData\Roaming\Mozilla\Firefox\Profiles\1llto6n5.default-1405673245214\Extensions\jid1-YcMV6ngYmQRA2w@jetpack.xpi [2016-01-07]
FF Extension: OmniSidebar - C:\Users\VanessaundUwe\AppData\Roaming\Mozilla\Firefox\Profiles\1llto6n5.default-1405673245214\Extensions\osb@quicksaver.xpi [2016-03-01]
FF Extension: Avira SafeSearch - C:\Users\VanessaundUwe\AppData\Roaming\Mozilla\Firefox\Profiles\1llto6n5.default-1405673245214\Extensions\safesearch@avira.com.xpi [2016-02-25]
FF Extension: eBay for Firefox - C:\Users\VanessaundUwe\AppData\Roaming\Mozilla\Firefox\Profiles\1llto6n5.default-1405673245214\Extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}.xpi [2016-05-03]
FF Extension: ColorZilla - C:\Users\VanessaundUwe\AppData\Roaming\Mozilla\Firefox\Profiles\1llto6n5.default-1405673245214\Extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326} [2015-09-05]
FF Extension: Video DownloadHelper - C:\Users\VanessaundUwe\AppData\Roaming\Mozilla\Firefox\Profiles\1llto6n5.default-1405673245214\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2016-05-09]
FF Extension: web_clipper - C:\Users\VanessaundUwe\AppData\Roaming\Mozilla\Firefox\Profiles\1llto6n5.default-1405673245214\Extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}.xpi [2016-04-27]
FF HKLM-x32\...\Firefox\Extensions: [light_plugin_D772DC8D6FAF43A29B25C4EBAA5AD1DE@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\FFExt\light_plugin_firefox

Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [eahebamiopdhefndnmappcihfajigkka] - hxxps://chrome.google.com/webstore/detail/eahebamiopdhefndnmappcihfajigkka
CHR HKLM-x32\...\Chrome\Extension: [eahebamiopdhefndnmappcihfajigkka] - hxxps://chrome.google.com/webstore/detail/eahebamiopdhefndnmappcihfajigkka

==================== Dienste (Nicht auf der Ausnahmeliste) ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2021592 2016-04-05] (Adobe Systems, Incorporated)
R2 AVP16.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\avp.exe [194000 2015-12-08] (Kaspersky Lab ZAO)
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1272560 2015-05-21] (Disc Soft Ltd)
R2 FspSvc; C:\Windows\System32\FspService.exe [2178896 2015-05-29] ()
R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [754784 2016-01-08] (DEVGURU Co., LTD.)
S3 vssbrigde64; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\x64\vssbridge64.exe [144640 2015-07-09] (AO Kaspersky Lab)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
R3 WisLMSvc; C:\Program Files (x86)\Launch Manager\WisLMSvc.exe [118560 2011-08-06] (Wistron Corp.)

===================== Treiber (Nicht auf der Ausnahmeliste) ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S3 btmaux; C:\Windows\System32\DRIVERS\btmaux.sys [51712 2011-03-08] (Intel Corporation) [Datei ist nicht signiert]
S3 btmhsf; C:\Windows\System32\DRIVERS\btmhsf.sys [274944 2011-03-08] (Intel Corporation) [Datei ist nicht signiert]
R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [389816 2015-07-06] (Kaspersky Lab ZAO)
R3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30264 2015-05-30] (Disc Soft Ltd)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2016-05-11] ()
R3 fspad_win764; C:\Windows\system32\DRIVERS\fspad_win764.sys [209232 2015-05-29] (Sentelic Corporation)
S3 iBtFltCoex; C:\Windows\System32\DRIVERS\iBtFltCoex.sys [59904 2011-03-23] (Intel Corporation) [Datei ist nicht signiert]
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [478392 2015-06-22] (Kaspersky Lab ZAO)
R0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [53432 2015-06-06] (Kaspersky Lab ZAO)
R1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [70512 2015-06-27] (Kaspersky Lab ZAO)
R2 kldisk; C:\Windows\system32\DRIVERS\kldisk.sys [77728 2016-04-28] (AO Kaspersky Lab)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [30328 2015-06-24] (Kaspersky Lab)
R3 klflt; C:\Windows\system32\DRIVERS\klflt.sys [181640 2015-12-08] (AO Kaspersky Lab)
R1 klhk; C:\Windows\system32\DRIVERS\klhk.sys [227512 2015-12-08] (AO Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [927640 2016-04-28] (AO Kaspersky Lab)
R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [39608 2015-06-11] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [41656 2015-06-06] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [41656 2015-06-07] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [41352 2015-12-08] (AO Kaspersky Lab)
R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [87944 2015-12-08] (Kaspersky Lab ZAO)
R1 Klwtp; C:\Windows\system32\DRIVERS\klwtp.sys [102584 2015-06-16] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [187056 2015-06-23] (Kaspersky Lab ZAO)
R3 ptun0901; C:\Windows\System32\drivers\ptun0901.sys [27136 2014-08-08] (The OpenVPN Project)
R3 RTSUER; C:\Windows\system32\Drivers\RtsUer.sys [402960 2015-05-14] (Realsil Semiconductor Corporation)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-06-21] (Anchorfree Inc.)
S3 tapoas; C:\Windows\System32\DRIVERS\tapoas.sys [30720 2012-07-15] (The OpenVPN Project)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
R2 WiseFS; C:\Windows\WiseFs64.sys [12328 2014-12-19] (WiseCleaner.com) [Datei ist nicht signiert]
U3 idsvc; kein ImagePath
U4 klkbdflt2; \SystemRoot\system32\DRIVERS\klkbdflt2.sys [X]
U3 wpcsvc; kein ImagePath

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-05-17 21:40 - 2016-05-17 21:40 - 00000000 ____D C:\ProgramData\adhesion-8
2016-05-17 20:36 - 2016-05-17 20:36 - 00001132 _____ C:\Users\Public\Desktop\OpenOffice 4.1.2.lnk
2016-05-17 20:36 - 2016-05-17 20:36 - 00000000 ___SD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.2
2016-05-17 20:35 - 2016-05-17 20:35 - 00000000 ____D C:\Program Files (x86)\OpenOffice 4
2016-05-17 20:32 - 2016-05-17 20:33 - 00000000 ____D C:\Users\VanessaundUwe\Desktop\OpenOffice 4.1.2 (de) Installation Files
2016-05-17 16:23 - 2016-05-17 16:23 - 00000000 ____D C:\Users\VanessaundUwe\AppData\Roaming\meson-0
2016-05-17 16:20 - 2016-05-17 16:21 - 00000352 _____ C:\Users\VanessaundUwe\Desktop\Einkaufen.txt
2016-05-17 16:20 - 2016-05-17 16:20 - 00000000 ____D C:\ProgramData\hardness-79
2016-05-17 16:14 - 2016-05-17 16:16 - 164803434 _____ C:\Users\VanessaundUwe\Downloads\Apache_OpenOffice_4.1.2_Win_x86_install_de.exe
2016-05-17 15:53 - 2016-05-17 15:56 - 29304579 _____ C:\Users\VanessaundUwe\Downloads\Romantic Homes - June 2016.pdf
2016-05-17 14:46 - 2016-05-17 14:50 - 36147071 _____ C:\Users\VanessaundUwe\Downloads\Self - June 2016.pdf
2016-05-17 14:00 - 2016-05-17 14:00 - 00279624 _____ C:\Users\VanessaundUwe\Desktop\TDSSKiller.txt
2016-05-17 13:48 - 2016-05-17 13:57 - 00279624 _____ C:\TDSSKiller.3.1.0.9_17.05.2016_13.48.45_log.txt
2016-05-17 13:47 - 2016-05-17 13:47 - 04727984 _____ (Kaspersky Lab ZAO) C:\Users\VanessaundUwe\Desktop\tdsskiller.exe
2016-05-17 13:43 - 2016-05-17 13:59 - 00049616 _____ C:\Users\VanessaundUwe\Desktop\Addition.txt
2016-05-17 13:40 - 2016-05-17 21:44 - 00024138 _____ C:\Users\VanessaundUwe\Desktop\FRST.txt
2016-05-17 13:38 - 2016-05-17 13:40 - 21043711 _____ C:\Users\VanessaundUwe\Downloads\Clean Eating - June 2016.pdf
2016-05-17 13:20 - 2016-05-17 13:20 - 00000000 ____D C:\Users\VanessaundUwe\AppData\Roaming\bionics-3
2016-05-17 07:48 - 2016-05-17 08:07 - 89593854 _____ C:\Users\VanessaundUwe\Downloads\Vegetarian Times - June 2016.pdf
2016-05-16 09:01 - 2016-05-16 09:02 - 02382336 _____ (Farbar) C:\Users\VanessaundUwe\Desktop\FRST64.exe
2016-05-16 08:19 - 2016-05-16 20:16 - 00000000 ____D C:\ProgramData\ampere-61
2016-05-14 21:27 - 2016-05-15 20:25 - 00000000 ____D C:\Users\VanessaundUwe\AppData\Roaming\tempco-19
2016-05-14 10:37 - 2016-05-14 10:37 - 00000000 ___HD C:\OneDriveTemp
2016-05-12 09:38 - 2016-05-12 09:38 - 00005012 _____ C:\Users\VanessaundUwe\Documents\cc_20160512_093824.reg
2016-05-12 08:25 - 2016-05-12 08:27 - 00000000 ____D C:\Program Files (x86)\Trojan Remover
2016-05-12 08:25 - 2016-05-12 08:25 - 00001216 _____ C:\Users\Public\Desktop\Trojan Remover.lnk
2016-05-12 08:25 - 2016-05-12 08:25 - 00000000 ____D C:\Users\VanessaundUwe\Documents\Simply Super Software
2016-05-12 08:25 - 2016-05-12 08:25 - 00000000 ____D C:\Users\VanessaundUwe\AppData\Roaming\Simply Super Software
2016-05-12 08:25 - 2016-05-12 08:25 - 00000000 ____D C:\ProgramData\Simply Super Software
2016-05-12 08:25 - 2016-05-12 08:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover
2016-05-12 07:58 - 2016-05-12 08:28 - 00000000 ____D C:\ProgramData\lvecl-80
2016-05-11 17:37 - 2016-05-11 17:37 - 00000000 _____ C:\autoexec.bat
2016-05-11 17:36 - 2016-05-11 17:36 - 00022704 _____ C:\WINDOWS\system32\Drivers\EsgScanner.sys
2016-05-11 13:10 - 2016-04-23 06:28 - 16984576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-05-11 13:10 - 2016-04-23 06:26 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosStorage.dll
2016-05-11 13:10 - 2016-04-23 06:25 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll
2016-05-11 13:10 - 2016-04-23 06:22 - 00460800 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2016-05-11 13:10 - 2016-04-23 06:19 - 01056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2016-05-11 13:10 - 2016-04-23 06:19 - 00853504 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2016-05-11 13:10 - 2016-04-23 06:18 - 00349696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2016-05-11 13:10 - 2016-04-23 06:16 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2016-05-11 13:10 - 2016-04-23 06:13 - 07200256 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2016-05-11 13:10 - 2016-04-23 06:07 - 05205504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2016-05-11 13:09 - 2016-04-23 07:09 - 22561256 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-05-11 13:09 - 2016-04-23 07:09 - 21123320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-05-11 13:09 - 2016-04-23 07:08 - 06605504 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2016-05-11 13:09 - 2016-04-23 06:31 - 13018112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-05-11 13:09 - 2016-04-23 06:30 - 22379008 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-05-11 13:09 - 2016-04-23 06:23 - 11545088 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-05-11 13:09 - 2016-04-23 06:22 - 09918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-05-11 13:09 - 2016-04-23 06:20 - 19344384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-05-11 13:09 - 2016-04-23 06:20 - 18676224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-05-11 13:09 - 2016-04-23 06:19 - 07977472 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2016-05-11 13:09 - 2016-04-23 06:19 - 00970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2016-05-11 13:09 - 2016-04-23 06:19 - 00440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
2016-05-11 13:09 - 2016-04-23 06:18 - 24604672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-05-11 13:09 - 2016-04-23 06:18 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2016-05-11 13:09 - 2016-04-23 06:18 - 00939520 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2016-05-11 13:09 - 2016-04-23 06:18 - 00870400 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2016-05-11 13:09 - 2016-04-23 06:15 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2016-05-11 13:09 - 2016-04-23 06:15 - 00784896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
2016-05-11 13:09 - 2016-04-23 06:15 - 00348672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll
2016-05-11 13:09 - 2016-04-23 06:14 - 13383168 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-05-11 13:09 - 2016-04-23 06:14 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2016-05-11 13:09 - 2016-04-23 06:13 - 06295552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2016-05-11 13:09 - 2016-04-23 06:06 - 06974464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-05-11 13:09 - 2016-04-23 06:02 - 07832576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-05-11 13:08 - 2016-04-30 08:42 - 01387520 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-05-11 13:08 - 2016-04-30 08:31 - 03591168 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-05-11 13:08 - 2016-04-23 08:12 - 01401024 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-05-11 13:08 - 2016-04-23 08:12 - 01184960 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-05-11 13:08 - 2016-04-23 08:12 - 00713920 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2016-05-11 13:08 - 2016-04-23 08:12 - 00514752 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-05-11 13:08 - 2016-04-23 08:12 - 00294592 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-05-11 13:08 - 2016-04-23 08:12 - 00190144 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2016-05-11 13:08 - 2016-04-23 08:12 - 00046784 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2016-05-11 13:08 - 2016-04-23 07:28 - 01557768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2016-05-11 13:08 - 2016-04-23 07:28 - 01542816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2016-05-11 13:08 - 2016-04-23 07:24 - 07474528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-05-11 13:08 - 2016-04-23 07:24 - 01997328 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2016-05-11 13:08 - 2016-04-23 07:24 - 01819208 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-05-11 13:08 - 2016-04-23 07:24 - 00754664 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2016-05-11 13:08 - 2016-04-23 07:12 - 00925064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2016-05-11 13:08 - 2016-04-23 07:12 - 00451928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll
2016-05-11 13:08 - 2016-04-23 07:12 - 00413536 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifitask.exe
2016-05-11 13:08 - 2016-04-23 07:11 - 01092464 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2016-05-11 13:08 - 2016-04-23 07:11 - 00498960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2016-05-11 13:08 - 2016-04-23 07:10 - 03673424 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-05-11 13:08 - 2016-04-23 07:10 - 02919832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-05-11 13:08 - 2016-04-23 07:09 - 05240960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2016-05-11 13:08 - 2016-04-23 07:09 - 04074160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2016-05-11 13:08 - 2016-04-23 07:09 - 00303216 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe
2016-05-11 13:08 - 2016-04-23 07:09 - 00255168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe
2016-05-11 13:08 - 2016-04-23 07:08 - 04515256 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2016-05-11 13:08 - 2016-04-23 07:01 - 01996640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-05-11 13:08 - 2016-04-23 07:01 - 00650304 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2016-05-11 13:08 - 2016-04-23 07:01 - 00577368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-05-11 13:08 - 2016-04-23 07:01 - 00522176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2016-05-11 13:08 - 2016-04-23 07:00 - 01372304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2016-05-11 13:08 - 2016-04-23 06:39 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsCSP.dll
2016-05-11 13:08 - 2016-04-23 06:32 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapsupdatetask.dll
2016-05-11 13:08 - 2016-04-23 06:31 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll
2016-05-11 13:08 - 2016-04-23 06:30 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2016-05-11 13:08 - 2016-04-23 06:29 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll
2016-05-11 13:08 - 2016-04-23 06:26 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2016-05-11 13:08 - 2016-04-23 06:24 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2016-05-11 13:08 - 2016-04-23 06:21 - 00314880 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
2016-05-11 13:08 - 2016-04-23 06:20 - 00606720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2016-05-11 13:08 - 2016-04-23 06:18 - 00804352 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2016-05-11 13:08 - 2016-04-23 06:18 - 00605184 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2016-05-11 13:08 - 2016-04-23 06:18 - 00585728 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2016-05-11 13:08 - 2016-04-23 06:18 - 00471552 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2016-05-11 13:08 - 2016-04-23 06:17 - 01213440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2016-05-11 13:08 - 2016-04-23 06:17 - 00529920 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2016-05-11 13:08 - 2016-04-23 06:16 - 01319424 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2016-05-11 13:08 - 2016-04-23 06:16 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2016-05-11 13:08 - 2016-04-23 06:15 - 01073152 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2016-05-11 13:08 - 2016-04-23 06:15 - 00865792 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2016-05-11 13:08 - 2016-04-23 06:15 - 00673280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2016-05-11 13:08 - 2016-04-23 06:14 - 00870912 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2016-05-11 13:08 - 2016-04-23 06:14 - 00821760 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2016-05-11 13:08 - 2016-04-23 06:14 - 00647680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2016-05-11 13:08 - 2016-04-23 06:14 - 00354304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
2016-05-11 13:08 - 2016-04-23 06:13 - 00705536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2016-05-11 13:08 - 2016-04-23 06:13 - 00489984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2016-05-11 13:08 - 2016-04-23 06:13 - 00434688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2016-05-11 13:08 - 2016-04-23 06:10 - 12125696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-05-11 13:08 - 2016-04-23 06:10 - 00639488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2016-05-11 13:08 - 2016-04-23 06:09 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-05-11 13:08 - 2016-04-23 06:09 - 02582016 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2016-05-11 13:08 - 2016-04-23 06:08 - 05324288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2016-05-11 13:08 - 2016-04-23 06:08 - 02061824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2016-05-11 13:08 - 2016-04-23 06:07 - 02598912 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2016-05-11 13:08 - 2016-04-23 06:07 - 01500160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-05-11 13:08 - 2016-04-23 06:05 - 05502976 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2016-05-11 13:08 - 2016-04-23 06:05 - 02166784 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-05-11 13:08 - 2016-04-23 06:05 - 02066432 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2016-05-11 13:08 - 2016-04-23 06:05 - 01946112 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2016-05-11 13:08 - 2016-04-23 06:05 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2016-05-11 13:08 - 2016-04-23 06:05 - 00613376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
2016-05-11 13:08 - 2016-04-23 06:04 - 04759040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2016-05-11 13:08 - 2016-04-23 06:04 - 01731072 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-05-11 13:08 - 2016-04-23 06:03 - 05660160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-05-11 13:08 - 2016-04-23 06:03 - 04894208 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-05-11 13:08 - 2016-04-23 06:03 - 02280960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-05-11 13:08 - 2016-04-23 06:03 - 02000896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2016-05-11 13:08 - 2016-04-23 06:03 - 00754176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2016-05-11 13:08 - 2016-04-23 06:02 - 02444288 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2016-05-11 13:08 - 2016-04-23 06:00 - 01390080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-05-11 13:08 - 2016-04-23 06:00 - 00984576 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2016-05-11 13:07 - 2016-05-06 06:53 - 00095072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdport.sys
2016-05-11 13:07 - 2016-05-06 06:05 - 00241664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll
2016-05-11 13:07 - 2016-05-06 06:03 - 00649216 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2016-05-11 13:07 - 2016-05-06 05:53 - 00351232 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnr.dll
2016-05-11 13:07 - 2016-05-06 05:49 - 00289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnrSvc.dll
2016-05-11 13:07 - 2016-05-06 05:44 - 00582656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngccredprov.dll
2016-05-11 13:07 - 2016-05-06 05:43 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll
2016-05-11 13:07 - 2016-05-06 05:23 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcpopkeysrv.dll
2016-05-11 13:07 - 2016-04-23 08:12 - 00092352 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-05-11 13:07 - 2016-04-23 07:26 - 00707608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2016-05-11 13:07 - 2016-04-23 07:24 - 00638816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2016-05-11 13:07 - 2016-04-23 07:24 - 00335712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
2016-05-11 13:07 - 2016-04-23 07:24 - 00099680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2016-05-11 13:07 - 2016-04-23 07:22 - 01161120 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2016-05-11 13:07 - 2016-04-23 07:18 - 00026408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2016-05-11 13:07 - 2016-04-23 07:13 - 00502104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2016-05-11 13:07 - 2016-04-23 07:13 - 00306832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanapi.dll
2016-05-11 13:07 - 2016-04-23 07:13 - 00084832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2016-05-11 13:07 - 2016-04-23 07:11 - 00696672 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2016-05-11 13:07 - 2016-04-23 07:11 - 00390496 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll
2016-05-11 13:07 - 2016-04-23 07:11 - 00131424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ufxsynopsys.sys
2016-05-11 13:07 - 2016-04-23 07:11 - 00115040 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2016-05-11 13:07 - 2016-04-23 07:10 - 00330072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2016-05-11 13:07 - 2016-04-23 07:09 - 00569744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll
2016-05-11 13:07 - 2016-04-23 07:09 - 00565600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2016-05-11 13:07 - 2016-04-23 07:09 - 00465760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2016-05-11 13:07 - 2016-04-23 07:08 - 00725776 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll
2016-05-11 13:07 - 2016-04-23 07:07 - 01848072 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2016-05-11 13:07 - 2016-04-23 07:07 - 01536088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2016-05-11 13:07 - 2016-04-23 07:07 - 00204048 _____ (Microsoft Corporation) C:\WINDOWS\system32\rsaenh.dll
2016-05-11 13:07 - 2016-04-23 07:07 - 00183904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rsaenh.dll
2016-05-11 13:07 - 2016-04-23 07:06 - 00291360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininit.exe
2016-05-11 13:07 - 2016-04-23 07:02 - 00188256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2016-05-11 13:07 - 2016-04-23 07:01 - 00619296 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10level9.dll
2016-05-11 13:07 - 2016-04-23 07:01 - 00513368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10level9.dll
2016-05-11 13:07 - 2016-04-23 07:01 - 00393568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2016-05-11 13:07 - 2016-04-23 07:01 - 00217440 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2016-05-11 13:07 - 2016-04-23 07:00 - 01776768 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2016-05-11 13:07 - 2016-04-23 07:00 - 01594920 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2016-05-11 13:07 - 2016-04-23 07:00 - 01522152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2016-05-11 13:07 - 2016-04-23 07:00 - 01399224 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2016-05-11 13:07 - 2016-04-23 07:00 - 01337240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2016-05-11 13:07 - 2016-04-23 07:00 - 00550656 _____ (Microsoft Corporation) C:\WINDOWS\system32\directmanipulation.dll
2016-05-11 13:07 - 2016-04-23 07:00 - 00453472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\directmanipulation.dll
2016-05-11 13:07 - 2016-04-23 07:00 - 00058208 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwminit.dll
2016-05-11 13:07 - 2016-04-23 06:56 - 00534872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2016-05-11 13:07 - 2016-04-23 06:35 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosHostClient.dll
2016-05-11 13:07 - 2016-04-23 06:34 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbser.sys
2016-05-11 13:07 - 2016-04-23 06:34 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\hmkd.dll
2016-05-11 13:07 - 2016-04-23 06:34 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2016-05-11 13:07 - 2016-04-23 06:33 - 00089600 _____ (Microsoft Corporation) C:\WINDOWS\system32\NFCProvisioningPlugin.dll
2016-05-11 13:07 - 2016-04-23 06:33 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshbth.dll
2016-05-11 13:07 - 2016-04-23 06:33 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmCx.sys
2016-05-11 13:07 - 2016-04-23 06:33 - 00038400 _____ (Microsoft Corporation) C:\WINDOWS\system32\ByteCodeGenerator.exe
2016-05-11 13:07 - 2016-04-23 06:32 - 00134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wificonnapi.dll
2016-05-11 13:07 - 2016-04-23 06:32 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseDesktopAppMgmtCSP.dll
2016-05-11 13:07 - 2016-04-23 06:30 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosHostClient.dll
2016-05-11 13:07 - 2016-04-23 06:29 - 00192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
2016-05-11 13:07 - 2016-04-23 06:29 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll
2016-05-11 13:07 - 2016-04-23 06:29 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\filecrypt.sys
2016-05-11 13:07 - 2016-04-23 06:29 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe
2016-05-11 13:07 - 2016-04-23 06:29 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hmkd.dll
2016-05-11 13:07 - 2016-04-23 06:29 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ByteCodeGenerator.exe
2016-05-11 13:07 - 2016-04-23 06:29 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2016-05-11 13:07 - 2016-04-23 06:28 - 00130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudDomainJoinDataModelServer.dll
2016-05-11 13:07 - 2016-04-23 06:28 - 00127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEDataLayerHelpers.dll
2016-05-11 13:07 - 2016-04-23 06:28 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll
2016-05-11 13:07 - 2016-04-23 06:28 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2016-05-11 13:07 - 2016-04-23 06:28 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshbth.dll
2016-05-11 13:07 - 2016-04-23 06:27 - 00155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidclass.sys
2016-05-11 13:07 - 2016-04-23 06:27 - 00039424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wfdprov.dll
2016-05-11 13:07 - 2016-04-23 06:26 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdbusenum.dll
2016-05-11 13:07 - 2016-04-23 06:25 - 00630784 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll
2016-05-11 13:07 - 2016-04-23 06:25 - 00617984 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2016-05-11 13:07 - 2016-04-23 06:25 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2016-05-11 13:07 - 2016-04-23 06:25 - 00207360 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2016-05-11 13:07 - 2016-04-23 06:24 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-05-11 13:07 - 2016-04-23 06:24 - 00292864 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2016-05-11 13:07 - 2016-04-23 06:24 - 00287232 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll
2016-05-11 13:07 - 2016-04-23 06:24 - 00181248 _____ (Microsoft Corporation) C:\WINDOWS\system32\shacct.dll
2016-05-11 13:07 - 2016-04-23 06:24 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\SubscriptionMgr.dll
2016-05-11 13:07 - 2016-04-23 06:24 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEDataLayerHelpers.dll
2016-05-11 13:07 - 2016-04-23 06:23 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2016-05-11 13:07 - 2016-04-23 06:23 - 00279040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ListSvc.dll
2016-05-11 13:07 - 2016-04-23 06:23 - 00179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\BrowserSettingSync.dll
2016-05-11 13:07 - 2016-04-23 06:23 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BluetoothApis.dll
2016-05-11 13:07 - 2016-04-23 06:22 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll
2016-05-11 13:07 - 2016-04-23 06:21 - 00479232 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2016-05-11 13:07 - 2016-04-23 06:20 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2016-05-11 13:07 - 2016-04-23 06:20 - 00484352 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataSenseHandlers.dll
2016-05-11 13:07 - 2016-04-23 06:20 - 00356864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2016-05-11 13:07 - 2016-04-23 06:20 - 00307200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2016-05-11 13:07 - 2016-04-23 06:20 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shacct.dll
2016-05-11 13:07 - 2016-04-23 06:19 - 00395264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlansec.dll
2016-05-11 13:07 - 2016-04-23 06:19 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BrowserSettingSync.dll
2016-05-11 13:07 - 2016-04-23 06:18 - 00988672 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2016-05-11 13:07 - 2016-04-23 06:18 - 00515072 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2016-05-11 13:07 - 2016-04-23 06:18 - 00436736 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2016-05-11 13:07 - 2016-04-23 06:18 - 00219648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2016-05-11 13:07 - 2016-04-23 06:17 - 00388608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2016-05-11 13:07 - 2016-04-23 06:17 - 00337920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanmsm.dll
2016-05-11 13:07 - 2016-04-23 06:15 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2016-05-11 13:07 - 2016-04-23 06:14 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2016-05-11 13:07 - 2016-04-23 06:14 - 00342528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2016-05-11 13:07 - 2016-04-23 06:12 - 00667648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2016-05-11 13:07 - 2016-04-23 06:07 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2016-05-11 13:07 - 2016-04-23 06:05 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2016-05-11 13:07 - 2016-04-23 06:05 - 00103936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2016-05-11 13:07 - 2016-04-23 06:03 - 02193408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2016-05-11 13:07 - 2016-04-23 06:03 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll
2016-05-11 13:07 - 2016-04-23 06:01 - 04775424 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2016-05-11 13:07 - 2016-04-23 05:45 - 00461824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2016-05-11 13:07 - 2016-04-23 04:10 - 00215040 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2016-05-11 13:07 - 2016-04-23 04:10 - 00002186 _____ C:\WINDOWS\system32\AppxProvisioning.xml
2016-05-11 13:07 - 2016-04-19 00:30 - 00002186 _____ C:\WINDOWS\SysWOW64\AppxProvisioning.xml
2016-05-10 00:01 - 2016-05-17 21:44 - 00000000 ____D C:\FRST
2016-05-09 22:54 - 2016-05-09 22:55 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-05-09 22:54 - 2016-05-09 22:54 - 00001179 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2016-05-09 22:54 - 2016-05-09 22:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2016-05-09 22:54 - 2016-05-09 22:54 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-05-09 22:54 - 2016-05-09 22:54 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2016-05-09 22:54 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-05-09 22:54 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-05-09 22:54 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-05-07 18:11 - 2016-05-09 11:23 - 00000000 ____D C:\Users\VanessaundUwe\AppData\Roaming\taper-46
2016-05-07 10:44 - 2016-05-07 10:44 - 00000000 ____D C:\Users\VanessaundUwe\AppData\Roaming\dvdcss
2016-05-06 17:29 - 2016-05-09 10:43 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-05-03 13:33 - 2016-05-03 13:33 - 00007698 _____ C:\Users\VanessaundUwe\Documents\cc_20160503_133300.reg
2016-04-28 09:48 - 2016-04-28 09:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Anti-Virus
2016-04-28 09:47 - 2013-05-06 08:13 - 00110176 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\klfphc.dll
2016-04-28 09:46 - 2016-05-17 21:40 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2016-04-28 09:46 - 2016-04-28 10:01 - 00927640 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klif.sys
2016-04-28 09:46 - 2016-04-28 09:46 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab
2016-04-28 09:46 - 2015-12-08 21:34 - 00227512 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klhk.sys
2016-04-28 09:46 - 2015-12-08 21:34 - 00181640 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klflt.sys
2016-04-27 08:03 - 2016-04-27 13:13 - 00000000 ____D C:\Users\VanessaundUwe\AppData\Roaming\floating-38
2016-04-25 17:30 - 2016-04-26 11:11 - 00000000 ____D C:\Users\VanessaundUwe\AppData\Roaming\circle-9
2016-04-24 12:32 - 2016-04-24 12:36 - 00000000 ____D C:\Users\VanessaundUwe\Desktop\Fotos bearbeitet
2016-04-22 22:27 - 2016-04-23 10:14 - 00000000 ____D C:\Users\VanessaundUwe\AppData\Roaming\pfmea-6
2016-04-20 23:23 - 2016-04-20 23:23 - 00051038 _____ C:\Users\VanessaundUwe\Documents\cc_20160420_232306.reg
2016-04-17 21:39 - 2016-04-18 10:48 - 00000000 ____D C:\Users\VanessaundUwe\AppData\Roaming\median-50

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-05-17 21:42 - 2015-10-06 17:37 - 00000000 ___RD C:\Users\VanessaundUwe\OneDrive
2016-05-17 21:39 - 2015-12-22 17:00 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-05-17 21:39 - 2015-12-22 16:27 - 00000000 ____D C:\ProgramData\NVIDIA
2016-05-17 21:39 - 2015-12-22 16:20 - 05109024 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-05-17 21:38 - 2015-10-30 08:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2016-05-17 21:37 - 2015-12-22 16:33 - 00000000 ____D C:\Users\VanessaundUwe
2016-05-17 20:38 - 2012-05-19 17:55 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-05-17 20:38 - 2012-05-18 21:32 - 00001132 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-05-17 20:26 - 2016-01-12 00:55 - 00004170 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{988C203C-45F5-47BA-B287-812777036600}
2016-05-17 18:22 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-05-17 18:17 - 2015-10-30 09:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-05-17 15:13 - 2011-10-28 14:33 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2016-05-17 15:12 - 2015-10-30 09:24 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-05-17 15:12 - 2015-10-30 09:24 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-05-17 15:08 - 2016-03-22 23:08 - 01014796 _____ C:\Users\VanessaundUwe\Downloads\Kultur ab Januar 2015.xlsx
2016-05-17 15:08 - 2015-10-06 17:46 - 00000000 ____D C:\Users\VanessaundUwe\Documents\Outlook-Dateien
2016-05-17 15:06 - 2012-08-28 14:14 - 00000000 ____D C:\Program Files\Adobe
2016-05-17 15:06 - 2011-10-27 21:58 - 00000000 ____D C:\Program Files (x86)\Adobe
2016-05-17 15:05 - 2012-05-18 22:14 - 00000000 ____D C:\Users\VanessaundUwe\AppData\Roaming\Adobe
2016-05-17 15:05 - 2011-10-27 21:58 - 00000000 ____D C:\ProgramData\Adobe
2016-05-17 15:01 - 2013-04-26 20:20 - 00000000 ____D C:\Users\VanessaundUwe\Documents\My Digital Editions
2016-05-17 09:33 - 2015-12-22 19:03 - 00000000 ____D C:\Users\VanessaundUwe\AppData\Local\Packages
2016-05-17 07:43 - 2014-07-09 12:42 - 00000000 ____D C:\Users\VanessaundUwe\AppData\Local\Adobe
2016-05-16 21:22 - 2015-12-03 19:13 - 00000000 ____D C:\Users\VanessaundUwe\Downloads\2016
2016-05-16 09:57 - 2014-07-24 12:52 - 00000000 ____D C:\Users\VanessaundUwe\AppData\Local\Spotify
2016-05-16 09:57 - 2014-07-24 12:50 - 00000000 ____D C:\Users\VanessaundUwe\AppData\Roaming\Spotify
2016-05-15 21:09 - 2015-10-30 09:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-05-15 20:24 - 2015-12-22 16:33 - 00000000 ____D C:\Users\UpdatusUser
2016-05-13 23:59 - 2012-06-17 14:32 - 00000000 ____D C:\Users\VanessaundUwe\AppData\Roaming\vlc
2016-05-13 12:55 - 2016-01-14 15:43 - 00003972 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2016-05-13 12:55 - 2015-11-04 12:37 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-05-13 10:16 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\rescache
2016-05-12 19:59 - 2011-10-27 22:02 - 00000000 ____D C:\ProgramData\Temp
2016-05-11 21:57 - 2015-10-30 09:26 - 00829944 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-05-11 21:57 - 2015-10-30 09:26 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-05-11 20:24 - 2015-10-30 09:21 - 00000000 ____D C:\WINDOWS\INF
2016-05-11 17:11 - 2015-12-22 19:03 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-05-11 15:01 - 2015-10-30 20:44 - 00000000 ____D C:\Program Files\Windows Journal
2016-05-11 15:01 - 2015-10-30 09:24 - 00015703 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
2016-05-11 15:01 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-05-11 15:01 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-05-11 15:01 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\Provisioning
2016-05-11 15:01 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-05-11 15:00 - 2015-10-06 16:05 - 00000000 ____D C:\Users\VanessaundUwe\AppData\Local\JDownloader 2.0
2016-05-11 14:32 - 2013-08-15 19:38 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-05-11 14:16 - 2011-10-27 23:06 - 139319312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-05-11 12:33 - 2016-02-02 19:15 - 00003988 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore1d12f5fdf08843e
2016-05-11 12:33 - 2015-12-05 15:21 - 00001128 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d12f5fdf08843e.job
2016-05-11 12:33 - 2012-05-18 21:32 - 00004190 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-05-10 07:58 - 2016-01-18 19:53 - 00000000 ____D C:\Program Files\KMSpico
2016-05-09 23:46 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\Globalization
2016-05-09 22:45 - 2014-07-18 10:33 - 00000000 ____D C:\AdwCleaner
2016-05-09 10:43 - 2012-05-19 17:22 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-05-07 10:43 - 2015-09-04 18:23 - 00000867 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-05-03 13:33 - 2014-08-08 08:13 - 00000000 ____D C:\ProgramData\Package Cache
2016-05-03 13:31 - 2015-12-22 20:53 - 00000000 ____D C:\Users\VanessaundUwe\AppData\Roaming\uTorrent
2016-04-30 15:51 - 2015-07-25 13:09 - 00000000 ____D C:\Users\VanessaundUwe\Downloads\Books
2016-04-28 14:21 - 2013-01-24 18:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2016-04-28 12:55 - 2015-12-22 16:31 - 02086168 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-04-28 12:55 - 2015-10-30 20:35 - 00889404 _____ C:\WINDOWS\system32\perfh007.dat
2016-04-28 12:55 - 2015-10-30 20:35 - 00197452 _____ C:\WINDOWS\system32\perfc007.dat
2016-04-28 10:15 - 2012-10-24 13:15 - 00000000 ____D C:\Program Files (x86)\Avira
2016-04-28 10:01 - 2015-06-06 08:51 - 00077728 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\kldisk.sys
2016-04-28 09:48 - 2015-10-30 08:28 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2016-04-28 09:47 - 2015-10-30 09:24 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2016-04-28 09:46 - 2009-07-14 05:20 - 00000000 ____D C:\Users\Default.migrated
2016-04-28 09:42 - 2012-10-24 13:20 - 00000000 ____D C:\Users\VanessaundUwe\AppData\Roaming\Avira
2016-04-28 09:42 - 2012-10-24 13:15 - 00000000 ____D C:\ProgramData\Avira
2016-04-26 11:02 - 2015-12-22 19:12 - 00002451 _____ C:\Users\VanessaundUwe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-04-25 17:44 - 2014-11-01 17:41 - 00000000 ____D C:\Users\VanessaundUwe\Downloads\Noch schauen
2016-04-23 17:11 - 2015-12-22 19:42 - 00000000 ____D C:\Users\VanessaundUwe\AppData\Local\Comms
2016-04-22 09:57 - 2010-11-21 05:27 - 00453288 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2016-04-20 10:55 - 2014-12-02 13:40 - 00000000 ____D C:\Users\VanessaundUwe\Downloads\Zeitschriften 2015

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2013-11-23 21:03 - 2013-11-23 21:09 - 0000132 _____ () C:\Users\VanessaundUwe\AppData\Roaming\Adobe CS6-GIF-Format - Voreinstellungen
2013-11-28 18:53 - 2014-03-25 16:16 - 0000132 _____ () C:\Users\VanessaundUwe\AppData\Roaming\Adobe CS6-PNG-Format - Voreinstellungen
2012-06-28 17:26 - 2013-05-09 15:16 - 0009216 _____ () C:\Users\VanessaundUwe\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-07-10 18:45 - 2013-07-10 18:45 - 0000893 _____ () C:\Users\VanessaundUwe\AppData\Local\recently-used.xbel
2012-05-19 10:07 - 2012-05-19 10:07 - 0017408 _____ () C:\Users\VanessaundUwe\AppData\Local\WebpageIcons.db
2013-02-05 20:42 - 2013-03-29 14:28 - 0000032 _____ () C:\ProgramData\aceg.ini
2016-01-12 00:45 - 2016-01-12 00:45 - 0000057 _____ () C:\ProgramData\Ament.ini

Einige Dateien in TEMP:
====================
C:\Users\VanessaundUwe\AppData\Local\Temp\libeay32.dll
C:\Users\VanessaundUwe\AppData\Local\Temp\msvcr120.dll
C:\Users\VanessaundUwe\AppData\Local\Temp\proxy_vole1240164018422986414.dll
C:\Users\VanessaundUwe\AppData\Local\Temp\proxy_vole4915313268689617003.dll
C:\Users\VanessaundUwe\AppData\Local\Temp\proxy_vole5037268272556858600.dll
C:\Users\VanessaundUwe\AppData\Local\Temp\proxy_vole5466512398401284336.dll
C:\Users\VanessaundUwe\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert


LastRegBack: 2016-05-14 14:42

==================== Ende von FRST.txt ============================

und Addition:

Code:

ATTFilter

Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:14-05-2016
durchgeführt von VanessaundUwe (2016-05-17 21:47:27)
Gestartet von C:\Users\VanessaundUwe\Desktop
Windows 10 Home Version 1511 (X64) (2015-12-22 17:01:42)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-2663113073-2047370837-3390539344-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2663113073-2047370837-3390539344-503 - Limited - Disabled)
Gast (S-1-5-21-2663113073-2047370837-3390539344-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2663113073-2047370837-3390539344-1003 - Limited - Enabled)
UpdatusUser (S-1-5-21-2663113073-2047370837-3390539344-1000 - Limited - Enabled) => C:\Users\UpdatusUser
VanessaundUwe (S-1-5-21-2663113073-2047370837-3390539344-1001 - Administrator - Enabled) => C:\Users\VanessaundUwe

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Kaspersky Anti-Virus (Enabled - Up to date) {86367591-4BE4-AE08-2FD9-7FCB8259CD98}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Kaspersky Anti-Virus (Enabled - Up to date) {3D579475-6DDE-A186-1569-44B9F9DE8725}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Anti-Virus (Disabled) {BE0DF4B4-018B-AF50-0486-D6FE7C8A8AE3}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

µTorrent (HKU\S-1-5-21-2663113073-2047370837-3390539344-1001\...\uTorrent) (Version: 3.4.6.42094 - BitTorrent Inc.)
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.016.20039 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.242 - Adobe Systems Incorporated)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
calibre (HKLM-x32\...\{49FA2A5C-8FC3-4BD0-A244-CA01A9250E55}) (Version: 2.50.1 - Kovid Goyal)
CCleaner (HKLM\...\CCleaner) (Version: 5.17 - Piriform)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.0.0.0054 - Disc Soft Ltd)
ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 17.1.18829 - Landesfinanzdirektion Thüringen)
FileZilla Client 3.10.3 (HKLM-x32\...\FileZilla Client) (Version: 3.10.3 - Tim Kosse)
Finger Sensing Pad Driver (HKLM\...\{E86906FF-C63D-4EAF-ACE7-5F8D55FBEA9A}) (Version: 9.4.9.5 - Sentelic)
FormatFactory 3.3.5.0 (HKLM-x32\...\FormatFactory) (Version: 3.3.5.0 - Format Factory)
Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Google Drive (HKLM-x32\...\{D7269C20-B3CE-4CD0-8E88-3D307D3BD41A}) (Version: 1.29.2074.1528 - Google, Inc.)
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
HP Dropbox Plugin (HKLM-x32\...\{45B18FC7-3ECE-4F2B-99A8-370886AB8238}) (Version: 36.0.31.53050 - Hewlett-Packard Co.)
HP Google Drive Plugin (HKLM-x32\...\{1502BB1F-7870-4DC9-9178-65CFE00D070C}) (Version: 36.0.31.53050 - Hewlett-Packard Co.)
HP OfficeJet 3830 series - Grundlegende Software für das Gerät (HKLM\...\{DCCF150E-E0CA-4C1E-BD81-207DB6BE2A86}) (Version: 36.0.72.54013 - Hewlett-Packard Co.)
HP OfficeJet 3830 series Hilfe (HKLM-x32\...\{99C52AB4-FBA3-4C12-9AC3-B19A3421EB96}) (Version: 35.0.0 - Hewlett Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.9572 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
Intel PROSet Wireless (x32 Version:  - ) Hidden
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2538 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{006B5C65-3938-4246-B182-994A7E415EDE}) (Version: 1.1.0.0537 - Intel Corporation)
Intel(R) WiDi (HKLM-x32\...\{E1B934BB-6AFA-429F-98E4-76F9CBC72BF6}) (Version: 2.2.14.0 - Intel Corporation)
Intel(R) Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version:  - )
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.32 - Irfan Skiljan)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kaspersky Anti-Virus (HKLM-x32\...\InstallWIX_{77E7AE5C-181C-4CAF-ADBF-946F11C1CE26}) (Version: 16.0.0.614 - Kaspersky Lab)
Kaspersky Anti-Virus (x32 Version: 16.0.0.614 - Kaspersky Lab) Hidden
LameXP v4.07 (HKLM-x32\...\{FBD7A67D-D700-4043-B54F-DD106D00F308}) (Version: 4.07 Final-1 [Build #1286] - LoRd_MuldeR <mulder2@gmx.de>)
Launch Manager (HKLM-x32\...\{D0846526-66DD-4DC9-A02C-98F9A2806812}) (Version: 1.5.1.4 - Wistron Corp.)
Lumia UEFI Blue Driver (HKLM-x32\...\{D6EEB835-5BBF-4F6B-8382-1681148D7771}) (Version: 1.1.8.1448 - Nokia)
Malwarebytes Anti-Malware Version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft_VC100_CRT_x86 (HKLM-x32\...\{6FDDB201-2CA0-42BD-973F-7B2C4A61EA3F}) (Version: 1.0.0 - Microsoft)
Mozilla Firefox 46.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 46.0.1 (x86 de)) (Version: 46.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 46.0.1.5966 - Mozilla)
NVIDIA 3D Vision Driver 285.64 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 285.64 - NVIDIA Corporation)
NVIDIA Graphics Driver 285.64 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 285.64 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}) (Version: 9.10.0513 - NVIDIA Corporation)
OpenOffice 4.1.2 (HKLM-x32\...\{F5CAB1AF-7B1A-4CEC-B829-A3F699473AE1}) (Version: 4.12.9782 - Apache Software Foundation)
Pošta Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6449 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Reader Driver (HKLM-x32\...\{62BBB2F0-E220-4821-A564-730807D2C34D}) (Version: 6.1.7600.10010 - Realtek Semiconductor Corp.)
Remote Control Input Device Registry Key (HKLM-x32\...\{91EB0B20-08B0-4905-88FB-020952B9979F}) (Version: 1.1.0.0.081231 - Chicony)
Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.16011.2 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (x32 Version: 3.2.16011.2 - Samsung Electronics Co., Ltd.) Hidden
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.59.0 - Samsung Electronics Co., Ltd.)
Shape Collage (HKLM-x32\...\ShapeCollage) (Version:  - Shape Collage Inc.)
Smart Switch (HKLM-x32\...\InstallShield_{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}) (Version: 4.1.16021.15 - Samsung Electronics Co., Ltd.)
Smart Switch (x32 Version: 4.1.16021.15 - Samsung Electronics Co., Ltd.) Hidden
Spelling Dictionaries Support For Adobe Reader X (HKLM-x32\...\{AC76BA86-7AD7-5464-3428-A00000000004}) (Version: 10.0.0 - Adobe Systems Incorporated)
Spotify (HKU\S-1-5-21-2663113073-2047370837-3390539344-1001\...\Spotify) (Version: 1.0.28.87.g8f9312a4 - Spotify AB)
Studie zur Verbesserung von HP OfficeJet 3830 series (HKLM\...\{0BE77456-9F9E-41FA-8914-01940B20AEA8}) (Version: 36.0.72.54013 - Hewlett-Packard Co.)
TI USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5C677DD3-45D9-4B10-8591-5F8CEA76BAE0}) (Version: 1.12.16 - Texas Instruments Inc.)
TI USB3 Host Driver (x32 Version: 1.12.16 - Texas Instruments Inc.) Hidden
Trojan Remover 6.9.3 (HKLM-x32\...\Trojan Remover_is1) (Version: 6.9.3 - Simply Super Software)
Turbo Lister 2 (HKLM-x32\...\{8927E07C-97F7-4A54-88FB-D976F50DD46E}) (Version: 2.00.0000 - eBay Inc.)
Versandhelfer (HKLM-x32\...\dpdhl.versandhelfer.medionlap.CDA82DC3FEDD13302C6424313D9A2999F162D21A.1) (Version: 0.9.511 - Deutsche Post AG)
Versandhelfer (x32 Version: 0.9.511 - Deutsche Post AG) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
WinRAR 4.20 (32-Bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
WinUsb CoInstallers (HKLM-x32\...\{B7D4B08A-9D89-4369-B51C-92CF8C03D2F8}) (Version: 1.1.8.1406 - Nokia)
WinUSB Compatible ID Drivers (HKLM-x32\...\{316ED84C-ACDA-4F1F-8E64-52B7AFF8677D}) (Version: 1.1.9.1439 - Nokia)
WinUSB Drivers ext (HKLM-x32\...\{238EAE31-4E9E-43CF-B244-C4879279E6AF}) (Version: 1.1.12.1439 - Nokia)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

CustomCLSID: HKU\S-1-5-21-2663113073-2047370837-3390539344-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\VanessaundUwe\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\FileCoAuth.exe (Microsoft Corporation)

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {0D316AB7-1416-48C9-BE2F-98E44E0638A5} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-05-12] (Adobe Systems Incorporated)
Task: {13548292-62B5-46FE-901A-32171AC7C7CA} - System32\Tasks\HPCustParticipation HP OfficeJet 3830 series => C:\Program Files\HP\HP OfficeJet 3830 series\Bin\HPCustPartic.exe [2015-03-09] (Hewlett-Packard Development Company, LP)
Task: {13C04E78-85A3-4EAB-8EC1-4D75A697776D} - System32\Tasks\{415ED4F3-D631-4EE6-AB81-303998C830FB} => pcalua.exe -a C:\Users\VanessaundUwe\Downloads\ADE_2.0_Installer.exe -d C:\Users\VanessaundUwe\Downloads
Task: {23932692-5781-482C-BE4E-010CF5CF399C} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe
Task: {3A8D8438-08A6-4DFB-B760-90737F10D2A6} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {51696F76-C61C-45B2-A66E-EB797979E925} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-05-11] (Microsoft Corporation)
Task: {727E0394-47CD-4326-9878-51DCE9BDA933} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
Task: {732A1CB4-491C-4447-908E-45DBBF6AF445} - \AmiUpdXp -> Keine Datei <==== ACHTUNG
Task: {819CC8D0-B527-433F-9E94-83F3FED315E3} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe
Task: {86C11EBC-5923-4224-8C9C-AEAC67C4A609} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {8A26074E-D9A2-46A1-926B-2CD6439E0EB7} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {8B83154D-73CF-4435-ABEB-96C6214BD09D} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe
Task: {8EFFED3C-9DA9-401D-AD9C-61FD3A63F98A} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe
Task: {8F0E5EFB-D820-4DEA-A1D5-8B6237FEBF7B} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {9CBBE4A7-E823-45D3-AEAB-E20865E1F264} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe
Task: {9D3DB79D-C891-41AE-B24E-32BE9900DA22} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe
Task: {9F32AA2E-358A-4EC1-B044-761AA6BFFB94} - System32\Tasks\AutoPico Daily Restart => C:\Program
Task: {A2A7F146-C77A-4233-8C31-D192AF2D5591} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe
Task: {AAB08C40-22FD-4126-84F4-86755786F394} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-04-15] (Piriform Ltd)
Task: {B16E35C8-ECC6-4B42-AA66-B1B9248E5478} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Keine Datei <==== ACHTUNG
Task: {B2851EE3-BFA4-47A4-AFC2-114F3C194922} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-02] (Google Inc.)
Task: {B9CC01BC-768A-4946-AFDB-F6A551A40F00} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-02] (Google Inc.)
Task: {B9DF69B4-AE35-4B57-9B92-FFE592D550FE} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe
Task: {BC1A3F70-620E-4779-85B3-7ECE889A1DDB} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-04-22] (Adobe Systems Incorporated)
Task: {BCCF0E08-B171-4189-9247-F3E434294369} - \Microsoft\Windows\Setup\gwx\runappraiser -> Keine Datei <==== ACHTUNG
Task: {C08B53D2-E793-49B9-B320-3C1C4EFAE8CA} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {C3FD7451-62AC-4654-AF99-DAA95E98F41B} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Keine Datei <==== ACHTUNG
Task: {C6A099CD-5D34-4EDB-B614-CAF872E4E2F5} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {C7BA2836-6C8C-47F8-9A90-E43904B236AA} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe
Task: {CAAAE44E-0401-4EDF-B01F-CC3DBA876ADE} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe
Task: {CCE0DFF5-D617-41DC-9762-FE8A6F2848C1} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Keine Datei <==== ACHTUNG
Task: {CFC89B44-7826-4C50-B7A1-ECFE371E3767} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe
Task: {D5395A54-7A70-4614-94AA-D0CA988038E3} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {E09D943B-BA56-45AA-B5DB-C91C66EB995D} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe
Task: {E146F8D9-BEFB-4450-B673-D136F6ECDACE} - System32\Tasks\GoogleUpdateTaskMachineCore1d12f5fdf08843e => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-02] (Google Inc.)
Task: {E3EB8754-FFD1-4D73-942B-F8C7ACAB2F34} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe
Task: {F1774640-2B6A-43C5-9603-E8FA3AA41FA4} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe
Task: {F4F6A6FD-9D1A-44F0-8C26-8B298597FF54} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Keine Datei <==== ACHTUNG
Task: {FB4F02EA-7AD0-46E6-9D4D-76E82CC953A5} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1cf8c54ebfada4.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1cfec34e7a76bd3.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d0002672f1337.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d04241b9fd81d9.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d092e5d4782a0f.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d0c00ad2e94d9a.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d0e5527337fb41.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d0ef9ff94fb37b.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d12f5fdf08843e.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Verknüpfungen =============================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2015-10-30 09:18 - 2015-10-30 09:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2015-12-22 16:27 - 2015-07-23 03:10 - 00116552 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-05-29 08:29 - 2015-05-29 08:29 - 02178896 _____ () C:\Windows\System32\FspService.exe
2016-04-13 12:42 - 2016-03-29 12:20 - 02656952 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-04-19 17:31 - 2016-04-19 17:31 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2016-04-13 12:42 - 2016-03-29 12:20 - 02656952 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-04-26 11:02 - 2016-04-26 11:02 - 00959176 _____ () C:\Users\VanessaundUwe\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64\ClientTelemetry.dll
2015-03-29 12:25 - 2015-03-29 12:25 - 00043480 _____ () C:\FileZilla\fzshellext_64.dll
2015-12-22 16:12 - 2015-12-22 16:12 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-05-11 13:07 - 2016-04-23 06:25 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-05-11 13:08 - 2016-04-23 06:02 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-05-11 13:08 - 2016-04-23 05:58 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-05-11 13:08 - 2016-04-23 05:58 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-05-11 13:09 - 2016-04-23 06:01 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-06-01 22:00 - 2015-06-01 22:00 - 00102912 _____ () C:\Windows\System32\IccLibDll_x64.dll
2016-04-15 20:07 - 2016-04-15 20:07 - 00061440 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll
2015-12-22 16:12 - 2015-12-22 16:12 - 03081568 _____ () C:\Windows\SystemApps\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\ContentDeliveryManager.Background.dll
2015-12-22 16:12 - 2015-12-22 16:12 - 02394976 _____ () C:\Windows\SystemApps\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\ContentManagementSDK.dll
2015-07-08 23:18 - 2015-07-08 23:18 - 00794920 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\kpcengine.2.3.dll
2016-04-19 17:31 - 2016-04-19 17:31 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-04-19 17:31 - 2016-04-19 17:31 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2016-04-26 11:02 - 2016-04-26 11:02 - 00679624 _____ () C:\Users\VanessaundUwe\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\ClientTelemetry.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)

AlternateDataStreams: C:\ProgramData\Temp:56E2E879 [118]
AlternateDataStreams: C:\ProgramData\Temp:CB0AACC9 [144]

==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)


==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)

HKU\S-1-5-21-2663113073-2047370837-3390539344-1001\Software\Classes\.exe:  =>  <===== ACHTUNG

==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)


==================== Hosts Inhalt: ==========================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2009-07-14 04:34 - 2013-11-23 20:35 - 00001374 ____N C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1       activate.adobe.com
127.0.0.1       practivate.adobe.com
127.0.0.1       3dns-3.adobe.com
127.0.0.1       adobe-dns-2.adobe.com
127.0.0.1       adobe-dns-3.adobe.com
127.0.0.1       ereg.wip3.adobe.com
127.0.0.1       activate-sea.adobe.com
127.0.0.1       wip3.adobe.com
127.0.0.1       wwis-dubc1-vip60.adobe.com
127.0.0.1       activate-sjc0.adobe.com
127.0.0.1       ereg.adobe.com
127.0.0.1       activate.wip3.adobe.com
127.0.0.1       3dns-2.adobe.com
127.0.0.1       adobe-dns.adobe.com

==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-2663113073-2047370837-3390539344-1000\Control Panel\Desktop\\Wallpaper -> 
HKU\S-1-5-21-2663113073-2047370837-3390539344-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\VanessaundUwe\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: BTMTrayAgent => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
MSCONFIG\startupreg: Spotify => "C:\Users\VanessaundUwe\AppData\Roaming\Spotify\Spotify.exe" -autostart -minimized

==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808
FirewallRules: [{C0374123-E3D0-4A2A-AF23-FD7B330516D2}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{832DE091-A393-41A0-9069-16CED42A908F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{10B4D7B3-35E5-4BCB-9AF0-570C332970A6}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{08F98417-32F4-4506-9A75-46379350B106}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [UDP Query User{1C533923-8746-4213-AA9F-E8CB87B8FB54}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{E981DB15-4E39-4BAD-987F-C4227C2BA066}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{25AF93FC-F6D1-4242-A385-DB3EC143D466}C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe
FirewallRules: [TCP Query User{224F2EAB-9D65-48F8-B527-63AF3C0AAD06}C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe
FirewallRules: [{4B89F019-378D-4CB6-AF92-2CB1E1BF3207}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{9ECFE6F4-A7AD-4296-B3E7-254C8E0CB697}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{23F69F7A-AFE4-41CC-AED3-FFDD201F5CAB}] => (Allow) LPort=1900
FirewallRules: [{53E576F4-684D-46C6-9AD8-E62974FB99FE}] => (Allow) LPort=2869
FirewallRules: [{04B2E412-4BC1-4D51-B629-6AB6A2708D43}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [UDP Query User{295DE74C-4A72-4955-8559-CA6D38EA6457}C:\vlc\vlc.exe] => (Allow) C:\vlc\vlc.exe
FirewallRules: [TCP Query User{1903870F-8668-4200-9D1B-3C30D813485A}C:\vlc\vlc.exe] => (Allow) C:\vlc\vlc.exe
FirewallRules: [UDP Query User{9F5C1EC9-68F2-424D-99B3-B7D370048090}C:\users\vanessaunduwe\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\vanessaunduwe\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{AB4F2111-5868-48FB-BFB3-49AA9B1B7B16}C:\users\vanessaunduwe\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\vanessaunduwe\appdata\roaming\spotify\spotify.exe
FirewallRules: [{99AE0AFB-72CD-4AB1-BFD7-28DB3E88CBF4}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3507\Agent.exe
FirewallRules: [{42F4F9E3-49D0-4D69-85C9-3DD660CA0258}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3507\Agent.exe
FirewallRules: [UDP Query User{8ED785C4-8B67-48AB-9E1F-E9FB0E017845}C:\users\vanessaunduwe\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\vanessaunduwe\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{5C89C82A-ED44-4302-AADE-600262D3F135}C:\users\vanessaunduwe\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\vanessaunduwe\appdata\roaming\spotify\spotify.exe
FirewallRules: [{3B3BA98C-6E3A-4CE5-9464-40DCE9710926}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{882E49E9-1721-48A8-B10B-EDD92CB1198A}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{D72B193E-DAA6-4947-B0DD-79B43E88826F}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{60633C33-6005-4E69-8984-5F2785A192B6}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
FirewallRules: [{E20DBD12-083A-4C7B-B048-62F51DC45532}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
FirewallRules: [{4C65B3D6-E289-4DC8-A7A1-E03D336E0E43}] => (Allow) C:\Users\VanessaundUwe\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{0263B9A6-98AB-4676-AF80-27916C59B382}] => (Allow) C:\Users\VanessaundUwe\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{8CC1AA41-6D1F-4258-8042-0969C72B17C3}] => (Allow) C:\Users\VanessaundUwe\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{A71B376F-DC00-4E8A-9BC6-8093C38BBFF6}] => (Allow) C:\Users\VanessaundUwe\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{EAE79E6F-A72E-4A3A-8155-B528862C291D}] => (Allow) C:\Users\VanessaundUwe\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{C326D4F1-8F94-4F87-8F5B-9317EE17B4E5}] => (Allow) C:\Users\VanessaundUwe\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{EC80BE6C-A741-45B4-A4A5-1879FEB76882}] => (Allow) C:\Program Files\HP\HP OfficeJet 3830 series\bin\FaxApplications.exe
FirewallRules: [{AE9EFAA9-1162-46C4-817D-9EEFF821368E}] => (Allow) C:\Program Files\HP\HP OfficeJet 3830 series\bin\DigitalWizards.exe
FirewallRules: [{73783793-F380-43CB-A272-15E66D1134DE}] => (Allow) C:\Program Files\HP\HP OfficeJet 3830 series\bin\SendAFax.exe
FirewallRules: [{8FB56B48-9C7F-47F5-B214-5EE0DF650E21}] => (Allow) C:\Program Files\HP\HP OfficeJet 3830 series\bin\FaxPrinterUtility.exe
FirewallRules: [{BB8FBFC3-E065-48F3-81DF-BFF4C15594D0}] => (Allow) C:\Program Files\HP\HP OfficeJet 3830 series\Bin\DeviceSetup.exe
FirewallRules: [{3DB49462-9751-401C-A35E-DF3ADE4EE293}] => (Allow) LPort=5357
FirewallRules: [{C7D4D1AD-7D2C-46FA-840D-077F4D87041D}] => (Allow) C:\Program Files\HP\HP OfficeJet 3830 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{4EC315F3-0EA3-4114-86CB-20666CF4E12D}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe
FirewallRules: [{A695BB64-DB01-4FD7-9369-1730B175811C}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe
FirewallRules: [{F56797FF-754A-4E09-87D9-98712FF563A4}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{8B2C23A9-0B2F-4DD6-B977-95B3CBC2F30F}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe

==================== Wiederherstellungspunkte =========================

07-05-2016 13:25:51 Geplanter Prüfpunkt
09-05-2016 23:52:40 JRT Pre-Junkware Removal
15-05-2016 21:05:53 Windows Update
17-05-2016 20:33:45 OpenOffice 4.1.2 wird installiert

==================== Fehlerhafte Geräte im Gerätemanager =============


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (05/17/2016 09:39:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: obexsrv.exe, Version: 1.1.0.51, Zeitstempel: 0x4d6e5ab8
Name des fehlerhaften Moduls: obexsrv.exe, Version: 1.1.0.51, Zeitstempel: 0x4d6e5ab8
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0005225c
ID des fehlerhaften Prozesses: 0x9e8
Startzeit der fehlerhaften Anwendung: 0xobexsrv.exe0
Pfad der fehlerhaften Anwendung: obexsrv.exe1
Pfad des fehlerhaften Moduls: obexsrv.exe2
Berichtskennung: obexsrv.exe3
Vollständiger Name des fehlerhaften Pakets: obexsrv.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: obexsrv.exe5

Error: (05/17/2016 09:39:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: devmonsrv.exe, Version: 1.1.0.51, Zeitstempel: 0x4d6e5bd3
Name des fehlerhaften Moduls: devmonsrv.exe, Version: 1.1.0.51, Zeitstempel: 0x4d6e5bd3
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00043c86
ID des fehlerhaften Prozesses: 0x894
Startzeit der fehlerhaften Anwendung: 0xdevmonsrv.exe0
Pfad der fehlerhaften Anwendung: devmonsrv.exe1
Pfad des fehlerhaften Moduls: devmonsrv.exe2
Berichtskennung: devmonsrv.exe3
Vollständiger Name des fehlerhaften Pakets: devmonsrv.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: devmonsrv.exe5

Error: (05/17/2016 08:34:19 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.

System Error:
Zugriff verweigert
.

Error: (05/17/2016 01:56:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: microsoftedgecp.exe, Version: 11.0.10586.20, Zeitstempel: 0x56540c35
Name des fehlerhaften Moduls: iertutil.dll, Version: 11.0.10586.306, Zeitstempel: 0x571af338
Ausnahmecode: 0x80000003
Fehleroffset: 0x0000000000007040
ID des fehlerhaften Prozesses: 0x2528
Startzeit der fehlerhaften Anwendung: 0xmicrosoftedgecp.exe0
Pfad der fehlerhaften Anwendung: microsoftedgecp.exe1
Pfad des fehlerhaften Moduls: microsoftedgecp.exe2
Berichtskennung: microsoftedgecp.exe3
Vollständiger Name des fehlerhaften Pakets: microsoftedgecp.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: microsoftedgecp.exe5

Error: (05/17/2016 01:48:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: devmonsrv.exe, Version: 1.1.0.51, Zeitstempel: 0x4d6e5bd3
Name des fehlerhaften Moduls: devmonsrv.exe, Version: 1.1.0.51, Zeitstempel: 0x4d6e5bd3
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00043c86
ID des fehlerhaften Prozesses: 0x17e4
Startzeit der fehlerhaften Anwendung: 0xdevmonsrv.exe0
Pfad der fehlerhaften Anwendung: devmonsrv.exe1
Pfad des fehlerhaften Moduls: devmonsrv.exe2
Berichtskennung: devmonsrv.exe3
Vollständiger Name des fehlerhaften Pakets: devmonsrv.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: devmonsrv.exe5

Error: (05/17/2016 01:47:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: devmonsrv.exe, Version: 1.1.0.51, Zeitstempel: 0x4d6e5bd3
Name des fehlerhaften Moduls: devmonsrv.exe, Version: 1.1.0.51, Zeitstempel: 0x4d6e5bd3
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00043c86
ID des fehlerhaften Prozesses: 0x1f18
Startzeit der fehlerhaften Anwendung: 0xdevmonsrv.exe0
Pfad der fehlerhaften Anwendung: devmonsrv.exe1
Pfad des fehlerhaften Moduls: devmonsrv.exe2
Berichtskennung: devmonsrv.exe3
Vollständiger Name des fehlerhaften Pakets: devmonsrv.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: devmonsrv.exe5

Error: (05/17/2016 01:40:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: devmonsrv.exe, Version: 1.1.0.51, Zeitstempel: 0x4d6e5bd3
Name des fehlerhaften Moduls: devmonsrv.exe, Version: 1.1.0.51, Zeitstempel: 0x4d6e5bd3
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00043c86
ID des fehlerhaften Prozesses: 0x4d8
Startzeit der fehlerhaften Anwendung: 0xdevmonsrv.exe0
Pfad der fehlerhaften Anwendung: devmonsrv.exe1
Pfad des fehlerhaften Moduls: devmonsrv.exe2
Berichtskennung: devmonsrv.exe3
Vollständiger Name des fehlerhaften Pakets: devmonsrv.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: devmonsrv.exe5

Error: (05/17/2016 01:40:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: devmonsrv.exe, Version: 1.1.0.51, Zeitstempel: 0x4d6e5bd3
Name des fehlerhaften Moduls: devmonsrv.exe, Version: 1.1.0.51, Zeitstempel: 0x4d6e5bd3
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00043c86
ID des fehlerhaften Prozesses: 0xb94
Startzeit der fehlerhaften Anwendung: 0xdevmonsrv.exe0
Pfad der fehlerhaften Anwendung: devmonsrv.exe1
Pfad des fehlerhaften Moduls: devmonsrv.exe2
Berichtskennung: devmonsrv.exe3
Vollständiger Name des fehlerhaften Pakets: devmonsrv.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: devmonsrv.exe5

Error: (05/16/2016 09:21:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: devmonsrv.exe, Version: 1.1.0.51, Zeitstempel: 0x4d6e5bd3
Name des fehlerhaften Moduls: devmonsrv.exe, Version: 1.1.0.51, Zeitstempel: 0x4d6e5bd3
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00043c86
ID des fehlerhaften Prozesses: 0x23f4
Startzeit der fehlerhaften Anwendung: 0xdevmonsrv.exe0
Pfad der fehlerhaften Anwendung: devmonsrv.exe1
Pfad des fehlerhaften Moduls: devmonsrv.exe2
Berichtskennung: devmonsrv.exe3
Vollständiger Name des fehlerhaften Pakets: devmonsrv.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: devmonsrv.exe5

Error: (05/16/2016 08:27:59 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: microsoftedgecp.exe, Version: 11.0.10586.20, Zeitstempel: 0x56540c35
Name des fehlerhaften Moduls: iertutil.dll, Version: 11.0.10586.306, Zeitstempel: 0x571af338
Ausnahmecode: 0x80000003
Fehleroffset: 0x0000000000007040
ID des fehlerhaften Prozesses: 0x2460
Startzeit der fehlerhaften Anwendung: 0xmicrosoftedgecp.exe0
Pfad der fehlerhaften Anwendung: microsoftedgecp.exe1
Pfad des fehlerhaften Moduls: microsoftedgecp.exe2
Berichtskennung: microsoftedgecp.exe3
Vollständiger Name des fehlerhaften Pakets: microsoftedgecp.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: microsoftedgecp.exe5


Systemfehler:
=============
Error: (05/17/2016 09:44:35 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde nicht richtig gestartet.

Error: (05/17/2016 09:39:41 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Bluetooth Device Monitor" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (05/17/2016 09:39:41 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Bluetooth Device Monitor erreicht.

Error: (05/17/2016 09:39:41 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Bluetooth OBEX Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (05/17/2016 09:39:41 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Bluetooth OBEX Service erreicht.

Error: (05/17/2016 09:39:22 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "NetTcpActivator" ist vom Dienst "NetTcpPortSharing" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1058

Error: (05/17/2016 09:38:45 PM) (Source: i8042prt) (EventID: 41) (User: )
Description: Beim Aktivieren der Maus für die Informationsübertragung ist ein Fehler aufgetreten. Das Gerät wurde zurückgesetzt, um es wieder funktionstüchtig zu machen.

Error: (05/17/2016 09:38:43 PM) (Source: i8042prt) (EventID: 41) (User: )
Description: Beim Aktivieren der Maus für die Informationsübertragung ist ein Fehler aufgetreten. Das Gerät wurde zurückgesetzt, um es wieder funktionstüchtig zu machen.

Error: (05/17/2016 09:37:22 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Benutzerdatenzugriff_3bbaa" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (05/17/2016 09:37:22 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Benutzerdatenspeicher _3bbaa" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.


CodeIntegrity:
===================================
  Date: 2016-05-16 20:13:23.487
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-05-16 08:24:55.146
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-05-12 08:37:29.691
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\VanessaundUwe\AppData\Local\Temp\trutil.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-05-12 08:37:29.638
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\VanessaundUwe\AppData\Local\Temp\trutil.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-05-12 08:37:26.378
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\VanessaundUwe\AppData\Local\Temp\trutil.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-05-12 08:37:26.341
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\VanessaundUwe\AppData\Local\Temp\trutil.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-05-12 08:37:15.054
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\VanessaundUwe\AppData\Local\Temp\trutil.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-05-12 07:06:31.931
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-05-11 15:07:30.556
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-05-11 15:00:11.596
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Speicherinformationen =========================== 

Prozessor: Intel(R) Core(TM) i3-2350M CPU @ 2.30GHz
Prozentuale Nutzung des RAM: 42%
Installierter physikalischer RAM: 4001.87 MB
Verfügbarer physikalischer RAM: 2317.02 MB
Summe virtueller Speicher: 8097.87 MB
Verfügbarer virtueller Speicher: 6279.23 MB

==================== Laufwerke ================================

Drive c: (Boot) (Fixed) (Total:394.66 GB) (Free:91.43 GB) NTFS
Drive d: (Recover) (Fixed) (Total:70 GB) (Free:40.5 GB) NTFS

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 0DA1342C)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=394.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=70 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=1 GB) - (Type=12)

==================== Ende von Addition.txt ============================

BG Librarios

M-K-D-B · 17.05.2016, 20:57

Servus,

wie gesagt, keine Online-Geschäfte mehr bis wir hier fertig sind.

Schritt 1
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

start
CloseProcesses:
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-2663113073-2047370837-3390539344-1001\...\Run: [adhesion-5] => C:\ProgramData\adhesion-8\adhesion-26.exe [611416 2016-05-17] (InSoft)
C:\ProgramData\adhesion-8
Startup: C:\Users\VanessaundUwe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\meson-4.lnk [2016-05-17]
ShortcutTarget: meson-4.lnk -> C:\Users\VanessaundUwe\AppData\Roaming\meson-0\meson-2.exe (ReGet Software)
C:\Users\VanessaundUwe\AppData\Roaming\meson-0
C:\ProgramData\hardness-79
C:\ProgramData\ampere-61
C:\Users\VanessaundUwe\AppData\Roaming\tempco-19
C:\ProgramData\lvecl-80
C:\Users\VanessaundUwe\AppData\Roaming\taper-46
Task: {732A1CB4-491C-4447-908E-45DBBF6AF445} - \AmiUpdXp -> Keine Datei <==== ACHTUNG
Unlock: C:\WINDOWS\system32\Drivers\etc\hosts
C:\WINDOWS\system32\Drivers\etc\hosts
Hosts: 
RemoveProxy:
CMD: ipconfig /flushdns
CMD: netsh winsock reset
EmptyTemp:
end

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Schritt 2
Deaktiviere bitte dein Antivirenprogramm, da es die Entfernung von SpyHunter blockieren kann.
Bitte downloade SpyHunterCleaner und speichere die Datei auf dem Desktop. (Bebilderte Anleitung)

Speichere alle Arbeiten und schließe alle noch offenen Programme und Browser.
Starte die SpyHunterCleaner.exe.
Drücke eine beliebige Taste, um den Entfernungsprozess zu starten. Dieser dauert in der Regel nur kurz.
Wenn das Tool fertig ist, wird es automatisch einen Neustart durchführen.

Schritt 3

Starte die FRST.exe erneut. Setze einen Haken vor Addition.txt und drücke auf Scan.
FRST erstellt wieder zwei Logdateien (FRST.txt und Addition.txt).
Poste mir beide Logdateien mit deiner nächsten Antwort.

Bitte poste mit deiner nächsten Antwort

die Logdatei des FRST-Fix,
die beiden neuen Logdateien von FRST.

Librarios · 17.05.2016, 21:26

Moin,

anbei die Logfiles:

Code:

ATTFilter

Entferungsergebnis von Farbar Recovery Scan Tool (x64) Version:14-05-2016
durchgeführt von VanessaundUwe (2016-05-17 22:03:54) Run:1
Gestartet von C:\Users\VanessaundUwe\Desktop
Geladene Profile: UpdatusUser & VanessaundUwe (Verfügbare Profile: UpdatusUser & VanessaundUwe)
Start-Modus: Normal
==============================================

fixlist Inhalt:
*****************
start
CloseProcesses:
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-2663113073-2047370837-3390539344-1001\...\Run: [adhesion-5] => C:\ProgramData\adhesion-8\adhesion-26.exe [611416 2016-05-17] (InSoft)
C:\ProgramData\adhesion-8
Startup: C:\Users\VanessaundUwe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\meson-4.lnk [2016-05-17]
ShortcutTarget: meson-4.lnk -> C:\Users\VanessaundUwe\AppData\Roaming\meson-0\meson-2.exe (ReGet Software)
C:\Users\VanessaundUwe\AppData\Roaming\meson-0
C:\ProgramData\hardness-79
C:\ProgramData\ampere-61
C:\Users\VanessaundUwe\AppData\Roaming\tempco-19
C:\ProgramData\lvecl-80
C:\Users\VanessaundUwe\AppData\Roaming\taper-46
Task: {732A1CB4-491C-4447-908E-45DBBF6AF445} - \AmiUpdXp -> Keine Datei <==== ACHTUNG
Unlock: C:\WINDOWS\system32\Drivers\etc\hosts
C:\WINDOWS\system32\Drivers\etc\hosts
Hosts: 
RemoveProxy:
CMD: ipconfig /flushdns
CMD: netsh winsock reset
EmptyTemp:
end
         
*****************

Prozess erfolgreich geschlossen.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => Wert erfolgreich entfernt
HKU\S-1-5-21-2663113073-2047370837-3390539344-1001\Software\Microsoft\Windows\CurrentVersion\Run\\adhesion-5 => Wert erfolgreich entfernt
C:\ProgramData\adhesion-8 => erfolgreich verschoben
C:\Users\VanessaundUwe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\meson-4.lnk => erfolgreich verschoben
C:\Users\VanessaundUwe\AppData\Roaming\meson-0\meson-2.exe => erfolgreich verschoben
C:\Users\VanessaundUwe\AppData\Roaming\meson-0 => erfolgreich verschoben
C:\ProgramData\hardness-79 => erfolgreich verschoben
C:\ProgramData\ampere-61 => erfolgreich verschoben
C:\Users\VanessaundUwe\AppData\Roaming\tempco-19 => erfolgreich verschoben
C:\ProgramData\lvecl-80 => erfolgreich verschoben
C:\Users\VanessaundUwe\AppData\Roaming\taper-46 => erfolgreich verschoben
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{732A1CB4-491C-4447-908E-45DBBF6AF445}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{732A1CB4-491C-4447-908E-45DBBF6AF445}" => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AmiUpdXp => Schlüssel nicht gefunden. 
"C:\WINDOWS\system32\Drivers\etc\hosts" => wurde entsperrt
C:\WINDOWS\system32\Drivers\etc\hosts => erfolgreich verschoben
Hosts erfolgreich wiederhergestellt.

========= RemoveProxy: =========

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => Wert erfolgreich entfernt
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => Wert erfolgreich entfernt
HKU\S-1-5-21-2663113073-2047370837-3390539344-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => Wert erfolgreich entfernt
HKU\S-1-5-21-2663113073-2047370837-3390539344-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => Wert erfolgreich entfernt


========= Ende von RemoveProxy: =========


=========  ipconfig /flushdns =========


Windows-IP-Konfiguration

Der DNS-Aufl�sungscache wurde geleert.

========= Ende von CMD: =========


=========  netsh winsock reset =========


Der Winsock-Katalog wurde zur�ckgesetzt.
Sie m�ssen den Computer neu starten, um den Vorgang abzuschlie�en.


========= Ende von CMD: =========

EmptyTemp: => 236.2 MB temporäre Dateien entfernt.


Das System musste neu gestartet werden.

==== Ende von Fixlog 22:04:52 ====

Code:

ATTFilter

Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:14-05-2016
durchgeführt von VanessaundUwe (Administrator) auf ANUKET (17-05-2016 22:17:57)
Gestartet von C:\Users\VanessaundUwe\Desktop
Geladene Profile: VanessaundUwe (Verfügbare Profile: UpdatusUser & VanessaundUwe)
Platform: Windows 10 Home Version 1511 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: Edge)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\avp.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
() C:\Windows\System32\FspService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\WerFault.exe
konnte nicht auf den Prozess zugreifen -> obexsrv.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\x64\wmi64.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\avpui.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Spotify Ltd) C:\Users\VanessaundUwe\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Spotify Ltd) C:\Users\VanessaundUwe\AppData\Roaming\Spotify\Spotify.exe
(Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP OfficeJet 3830 series\Bin\ScanToPCActivationApp.exe
(Wistron) C:\Program Files (x86)\Launch Manager\HotkeyApp.exe
(Wistron Corp.) C:\Program Files (x86)\Launch Manager\OSD.exe
(Wistron Corp.) C:\Program Files (x86)\Launch Manager\WisLMSvc.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe
(Wistron Corp.) C:\Program Files (x86)\Launch Manager\WButton.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Spotify Ltd) C:\Users\VanessaundUwe\AppData\Roaming\Spotify\SpotifyCrashService.exe
(Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP OfficeJet 3830 series\Bin\HPNetworkCommunicatorCom.exe
(Simply Super Software) C:\Program Files (x86)\Trojan Remover\Trjscan.exe
(Spotify Ltd) C:\Users\VanessaundUwe\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\VanessaundUwe\AppData\Roaming\Spotify\Spotify.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.10586.168_none_76587b40265ca57e\TiWorker.exe


==================== Registry (Nicht auf der Ausnahmeliste) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [fspuip] => C:\Program Files\FSP\fspuip.exe [6319440 2015-05-29] (Sentelic Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12681320 2011-08-26] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2277480 2011-08-16] (Realtek Semiconductor)
HKLM-x32\...\Run: [HotkeyApp] => C:\Program Files (x86)\Launch Manager\HotkeyApp.exe [207400 2011-08-06] (Wistron)
HKLM-x32\...\Run: [LMgrVolOSD] => C:\Program Files (x86)\Launch Manager\OSD.exe [348960 2011-08-06] (Wistron Corp.)
HKLM-x32\...\Run: [Wbutton] => C:\Program Files (x86)\Launch Manager\Wbutton.exe [447016 2011-08-13] (Wistron Corp.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [TrojanScanner] => C:\Program Files (x86)\Trojan Remover\Trjscan.exe [3753016 2016-05-12] (Simply Super Software)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2663113073-2047370837-3390539344-1000\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-2663113073-2047370837-3390539344-1000\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [517632 2015-10-30] (Microsoft Corporation)
AppInit_DLLs: C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [176904 2015-07-23] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [155280 2015-07-23] (NVIDIA Corporation)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-04-25] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-04-25] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-04-25] (Google)
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} =>  Keine Datei
Startup: C:\Users\VanessaundUwe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk [2016-05-04]
ShortcutTarget: An OneNote senden.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Keine Datei)

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{8f5df9ee-db20-4d5f-824a-44184399e846}: [DhcpNameServer] 192.168.178.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.avira.net/#web/result?source=art&q=
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.avira.net/#web/result?source=art&q=
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.avira.net/#web/result?source=art&q=
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.avira.net/#web/result?source=art&q=
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://search.avira.net/#web/result?source=art&q=
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://search.avira.net/#web/result?source=art&q=
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://search.avira.net/#web/result?source=art&q=
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://search.avira.net/#web/result?source=art&q=
HKU\S-1-5-21-2663113073-2047370837-3390539344-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/
HKU\S-1-5-21-2663113073-2047370837-3390539344-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.avira.net/#web/result?source=art&q=
HKU\S-1-5-21-2663113073-2047370837-3390539344-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://search.avira.net/#web/result?source=art&q=
HKU\S-1-5-21-2663113073-2047370837-3390539344-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://search.avira.net/#web/result?source=art&q=
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope Wert fehlt
SearchScopes: HKU\S-1-5-21-2663113073-2047370837-3390539344-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Kaspersky Protection plugin -> {C66D064F-82FE-4E1A-B06A-B2490BA48B18} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\x64\IEExt\ie_plugin.dll [2015-12-08] (AO Kaspersky Lab)
BHO: Kein Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> Keine Datei
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-23] (Oracle Corporation)
BHO-x32: Kaspersky Protection plugin -> {C66D064F-82FE-4E1A-B06A-B2490BA48B18} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\IEExt\ie_plugin.dll [2015-12-08] (AO Kaspersky Lab)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-23] (Oracle Corporation)
Toolbar: HKLM - Kaspersky Protection toolbar - {3507FA00-ADA2-4A02-99B9-51AD26CA9120} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\x64\IEExt\ie_plugin.dll [2015-12-08] (AO Kaspersky Lab)
Toolbar: HKLM-x32 - Kaspersky Protection toolbar - {3507FA00-ADA2-4A02-99B9-51AD26CA9120} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\IEExt\ie_plugin.dll [2015-12-08] (AO Kaspersky Lab)

FireFox:
========
FF ProfilePath: C:\Users\VanessaundUwe\AppData\Roaming\Mozilla\Firefox\Profiles\1llto6n5.default-1405673245214
FF Homepage: hxxp://www.google.de
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_21_0_0_242.dll [2016-05-12] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [Keine Datei]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_242.dll [2016-05-12] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-23] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-23] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-14] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-14] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2011-10-17] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2011-10-17] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.1 -> C:\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-05-03] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll [Keine Datei]
FF Plugin HKU\S-1-5-21-2663113073-2047370837-3390539344-1001: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [Keine Datei]
FF Extension: Ebay Toolbar - C:\Users\VanessaundUwe\AppData\Roaming\Mozilla\Firefox\Profiles\1llto6n5.default-1405673245214\extensions\FFEbayShoppingToolbar@wangtom.com [2015-07-22]
FF Extension: Kaspersky Protection - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\FFExt\light_plugin_firefox [2016-04-28]
FF Extension: Avira Browser Safety - C:\Users\VanessaundUwe\AppData\Roaming\Mozilla\Firefox\Profiles\1llto6n5.default-1405673245214\Extensions\abs@avira.com [2016-05-13]
FF Extension: ADB Helper - C:\Users\VanessaundUwe\AppData\Roaming\Mozilla\Firefox\Profiles\1llto6n5.default-1405673245214\Extensions\adbhelper@mozilla.org [2016-02-06]
FF Extension: Pin It button - C:\Users\VanessaundUwe\AppData\Roaming\Mozilla\Firefox\Profiles\1llto6n5.default-1405673245214\Extensions\jid1-YcMV6ngYmQRA2w@jetpack.xpi [2016-01-07]
FF Extension: OmniSidebar - C:\Users\VanessaundUwe\AppData\Roaming\Mozilla\Firefox\Profiles\1llto6n5.default-1405673245214\Extensions\osb@quicksaver.xpi [2016-03-01]
FF Extension: Avira SafeSearch - C:\Users\VanessaundUwe\AppData\Roaming\Mozilla\Firefox\Profiles\1llto6n5.default-1405673245214\Extensions\safesearch@avira.com.xpi [2016-02-25]
FF Extension: eBay for Firefox - C:\Users\VanessaundUwe\AppData\Roaming\Mozilla\Firefox\Profiles\1llto6n5.default-1405673245214\Extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}.xpi [2016-05-03]
FF Extension: ColorZilla - C:\Users\VanessaundUwe\AppData\Roaming\Mozilla\Firefox\Profiles\1llto6n5.default-1405673245214\Extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326} [2015-09-05]
FF Extension: Video DownloadHelper - C:\Users\VanessaundUwe\AppData\Roaming\Mozilla\Firefox\Profiles\1llto6n5.default-1405673245214\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2016-05-09]
FF Extension: web_clipper - C:\Users\VanessaundUwe\AppData\Roaming\Mozilla\Firefox\Profiles\1llto6n5.default-1405673245214\Extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}.xpi [2016-04-27]
FF HKLM-x32\...\Firefox\Extensions: [light_plugin_D772DC8D6FAF43A29B25C4EBAA5AD1DE@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\FFExt\light_plugin_firefox

Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [eahebamiopdhefndnmappcihfajigkka] - hxxps://chrome.google.com/webstore/detail/eahebamiopdhefndnmappcihfajigkka
CHR HKLM-x32\...\Chrome\Extension: [eahebamiopdhefndnmappcihfajigkka] - hxxps://chrome.google.com/webstore/detail/eahebamiopdhefndnmappcihfajigkka

==================== Dienste (Nicht auf der Ausnahmeliste) ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2021592 2016-04-05] (Adobe Systems, Incorporated)
R2 AVP16.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\avp.exe [194000 2015-12-08] (Kaspersky Lab ZAO)
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1272560 2015-05-21] (Disc Soft Ltd)
R2 FspSvc; C:\Windows\System32\FspService.exe [2178896 2015-05-29] ()
R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [754784 2016-01-08] (DEVGURU Co., LTD.)
S3 vssbrigde64; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\x64\vssbridge64.exe [144640 2015-07-09] (AO Kaspersky Lab)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
R3 WisLMSvc; C:\Program Files (x86)\Launch Manager\WisLMSvc.exe [118560 2011-08-06] (Wistron Corp.)

===================== Treiber (Nicht auf der Ausnahmeliste) ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S3 btmaux; C:\Windows\System32\DRIVERS\btmaux.sys [51712 2011-03-08] (Intel Corporation) [Datei ist nicht signiert]
S3 btmhsf; C:\Windows\System32\DRIVERS\btmhsf.sys [274944 2011-03-08] (Intel Corporation) [Datei ist nicht signiert]
R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [389816 2015-07-06] (Kaspersky Lab ZAO)
R3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30264 2015-05-30] (Disc Soft Ltd)
R3 fspad_win764; C:\Windows\system32\DRIVERS\fspad_win764.sys [209232 2015-05-29] (Sentelic Corporation)
S3 iBtFltCoex; C:\Windows\System32\DRIVERS\iBtFltCoex.sys [59904 2011-03-23] (Intel Corporation) [Datei ist nicht signiert]
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [478392 2015-06-22] (Kaspersky Lab ZAO)
R0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [53432 2015-06-06] (Kaspersky Lab ZAO)
R1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [70512 2015-06-27] (Kaspersky Lab ZAO)
R2 kldisk; C:\Windows\system32\DRIVERS\kldisk.sys [77728 2016-04-28] (AO Kaspersky Lab)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [30328 2015-06-24] (Kaspersky Lab)
R3 klflt; C:\Windows\system32\DRIVERS\klflt.sys [181640 2015-12-08] (AO Kaspersky Lab)
R1 klhk; C:\Windows\system32\DRIVERS\klhk.sys [227512 2015-12-08] (AO Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [927640 2016-04-28] (AO Kaspersky Lab)
R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [39608 2015-06-11] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [41656 2015-06-06] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [41656 2015-06-07] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [41352 2015-12-08] (AO Kaspersky Lab)
R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [87944 2015-12-08] (Kaspersky Lab ZAO)
R1 Klwtp; C:\Windows\system32\DRIVERS\klwtp.sys [102584 2015-06-16] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [187056 2015-06-23] (Kaspersky Lab ZAO)
R3 ptun0901; C:\Windows\System32\drivers\ptun0901.sys [27136 2014-08-08] (The OpenVPN Project)
R3 RTSUER; C:\Windows\system32\Drivers\RtsUer.sys [402960 2015-05-14] (Realsil Semiconductor Corporation)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-06-21] (Anchorfree Inc.)
S3 tapoas; C:\Windows\System32\DRIVERS\tapoas.sys [30720 2012-07-15] (The OpenVPN Project)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
R2 WiseFS; C:\Windows\WiseFs64.sys [12328 2014-12-19] (WiseCleaner.com) [Datei ist nicht signiert]
U3 idsvc; kein ImagePath
U4 klkbdflt2; \SystemRoot\system32\DRIVERS\klkbdflt2.sys [X]
U3 wpcsvc; kein ImagePath

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-05-17 22:16 - 2016-05-17 22:16 - 00000000 ___HD C:\OneDriveTemp
2016-05-17 22:11 - 2016-05-17 22:11 - 00310784 _____ C:\Users\VanessaundUwe\Downloads\SpyHunterCleaner-reboot.exe
2016-05-17 22:11 - 2016-05-17 22:11 - 00310784 _____ C:\Users\VanessaundUwe\Desktop\SpyHunterCleaner-reboot.exe
2016-05-17 22:10 - 2016-05-17 22:10 - 00508928 _____ C:\Users\VanessaundUwe\Desktop\SpyHunterCleaner.exe
2016-05-17 22:03 - 2016-05-17 22:04 - 00004069 _____ C:\Users\VanessaundUwe\Desktop\Fixlog.txt
2016-05-17 20:36 - 2016-05-17 20:36 - 00001132 _____ C:\Users\Public\Desktop\OpenOffice 4.1.2.lnk
2016-05-17 20:36 - 2016-05-17 20:36 - 00000000 ___SD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.2
2016-05-17 20:35 - 2016-05-17 20:35 - 00000000 ____D C:\Program Files (x86)\OpenOffice 4
2016-05-17 20:32 - 2016-05-17 20:33 - 00000000 ____D C:\Users\VanessaundUwe\Desktop\OpenOffice 4.1.2 (de) Installation Files
2016-05-17 16:20 - 2016-05-17 16:21 - 00000352 _____ C:\Users\VanessaundUwe\Desktop\Einkaufen.txt
2016-05-17 16:14 - 2016-05-17 16:16 - 164803434 _____ C:\Users\VanessaundUwe\Downloads\Apache_OpenOffice_4.1.2_Win_x86_install_de.exe
2016-05-17 15:53 - 2016-05-17 15:56 - 29304579 _____ C:\Users\VanessaundUwe\Downloads\Romantic Homes - June 2016.pdf
2016-05-17 14:46 - 2016-05-17 14:50 - 36147071 _____ C:\Users\VanessaundUwe\Downloads\Self - June 2016.pdf
2016-05-17 14:00 - 2016-05-17 14:00 - 00279624 _____ C:\Users\VanessaundUwe\Desktop\TDSSKiller.txt
2016-05-17 13:48 - 2016-05-17 13:57 - 00279624 _____ C:\TDSSKiller.3.1.0.9_17.05.2016_13.48.45_log.txt
2016-05-17 13:47 - 2016-05-17 13:47 - 04727984 _____ (Kaspersky Lab ZAO) C:\Users\VanessaundUwe\Desktop\tdsskiller.exe
2016-05-17 13:43 - 2016-05-17 21:49 - 00046832 _____ C:\Users\VanessaundUwe\Desktop\Addition.txt
2016-05-17 13:40 - 2016-05-17 22:17 - 00020754 _____ C:\Users\VanessaundUwe\Desktop\FRST.txt
2016-05-17 13:38 - 2016-05-17 13:40 - 21043711 _____ C:\Users\VanessaundUwe\Downloads\Clean Eating - June 2016.pdf
2016-05-17 13:20 - 2016-05-17 13:20 - 00000000 ____D C:\Users\VanessaundUwe\AppData\Roaming\bionics-3
2016-05-17 07:48 - 2016-05-17 08:07 - 89593854 _____ C:\Users\VanessaundUwe\Downloads\Vegetarian Times - June 2016.pdf
2016-05-16 09:01 - 2016-05-16 09:02 - 02382336 _____ (Farbar) C:\Users\VanessaundUwe\Desktop\FRST64.exe
2016-05-12 09:38 - 2016-05-12 09:38 - 00005012 _____ C:\Users\VanessaundUwe\Documents\cc_20160512_093824.reg
2016-05-12 08:25 - 2016-05-12 08:27 - 00000000 ____D C:\Program Files (x86)\Trojan Remover
2016-05-12 08:25 - 2016-05-12 08:25 - 00001216 _____ C:\Users\Public\Desktop\Trojan Remover.lnk
2016-05-12 08:25 - 2016-05-12 08:25 - 00000000 ____D C:\Users\VanessaundUwe\Documents\Simply Super Software
2016-05-12 08:25 - 2016-05-12 08:25 - 00000000 ____D C:\Users\VanessaundUwe\AppData\Roaming\Simply Super Software
2016-05-12 08:25 - 2016-05-12 08:25 - 00000000 ____D C:\ProgramData\Simply Super Software
2016-05-12 08:25 - 2016-05-12 08:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover
2016-05-11 13:10 - 2016-04-23 06:28 - 16984576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-05-11 13:10 - 2016-04-23 06:26 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosStorage.dll
2016-05-11 13:10 - 2016-04-23 06:25 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll
2016-05-11 13:10 - 2016-04-23 06:22 - 00460800 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2016-05-11 13:10 - 2016-04-23 06:19 - 01056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2016-05-11 13:10 - 2016-04-23 06:19 - 00853504 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2016-05-11 13:10 - 2016-04-23 06:18 - 00349696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2016-05-11 13:10 - 2016-04-23 06:16 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2016-05-11 13:10 - 2016-04-23 06:13 - 07200256 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2016-05-11 13:10 - 2016-04-23 06:07 - 05205504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2016-05-11 13:09 - 2016-04-23 07:09 - 22561256 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-05-11 13:09 - 2016-04-23 07:09 - 21123320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-05-11 13:09 - 2016-04-23 07:08 - 06605504 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2016-05-11 13:09 - 2016-04-23 06:31 - 13018112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-05-11 13:09 - 2016-04-23 06:30 - 22379008 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-05-11 13:09 - 2016-04-23 06:23 - 11545088 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-05-11 13:09 - 2016-04-23 06:22 - 09918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-05-11 13:09 - 2016-04-23 06:20 - 19344384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-05-11 13:09 - 2016-04-23 06:20 - 18676224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-05-11 13:09 - 2016-04-23 06:19 - 07977472 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2016-05-11 13:09 - 2016-04-23 06:19 - 00970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2016-05-11 13:09 - 2016-04-23 06:19 - 00440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
2016-05-11 13:09 - 2016-04-23 06:18 - 24604672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-05-11 13:09 - 2016-04-23 06:18 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2016-05-11 13:09 - 2016-04-23 06:18 - 00939520 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2016-05-11 13:09 - 2016-04-23 06:18 - 00870400 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2016-05-11 13:09 - 2016-04-23 06:15 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2016-05-11 13:09 - 2016-04-23 06:15 - 00784896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
2016-05-11 13:09 - 2016-04-23 06:15 - 00348672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll
2016-05-11 13:09 - 2016-04-23 06:14 - 13383168 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-05-11 13:09 - 2016-04-23 06:14 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2016-05-11 13:09 - 2016-04-23 06:13 - 06295552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2016-05-11 13:09 - 2016-04-23 06:06 - 06974464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-05-11 13:09 - 2016-04-23 06:02 - 07832576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-05-11 13:08 - 2016-04-30 08:42 - 01387520 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-05-11 13:08 - 2016-04-30 08:31 - 03591168 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-05-11 13:08 - 2016-04-23 08:12 - 01401024 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-05-11 13:08 - 2016-04-23 08:12 - 01184960 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-05-11 13:08 - 2016-04-23 08:12 - 00713920 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2016-05-11 13:08 - 2016-04-23 08:12 - 00514752 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-05-11 13:08 - 2016-04-23 08:12 - 00294592 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-05-11 13:08 - 2016-04-23 08:12 - 00190144 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2016-05-11 13:08 - 2016-04-23 08:12 - 00046784 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2016-05-11 13:08 - 2016-04-23 07:28 - 01557768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2016-05-11 13:08 - 2016-04-23 07:28 - 01542816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2016-05-11 13:08 - 2016-04-23 07:24 - 07474528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-05-11 13:08 - 2016-04-23 07:24 - 01997328 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2016-05-11 13:08 - 2016-04-23 07:24 - 01819208 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-05-11 13:08 - 2016-04-23 07:24 - 00754664 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2016-05-11 13:08 - 2016-04-23 07:12 - 00925064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2016-05-11 13:08 - 2016-04-23 07:12 - 00451928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll
2016-05-11 13:08 - 2016-04-23 07:12 - 00413536 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifitask.exe
2016-05-11 13:08 - 2016-04-23 07:11 - 01092464 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2016-05-11 13:08 - 2016-04-23 07:11 - 00498960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2016-05-11 13:08 - 2016-04-23 07:10 - 03673424 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-05-11 13:08 - 2016-04-23 07:10 - 02919832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-05-11 13:08 - 2016-04-23 07:09 - 05240960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2016-05-11 13:08 - 2016-04-23 07:09 - 04074160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2016-05-11 13:08 - 2016-04-23 07:09 - 00303216 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe
2016-05-11 13:08 - 2016-04-23 07:09 - 00255168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe
2016-05-11 13:08 - 2016-04-23 07:08 - 04515256 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2016-05-11 13:08 - 2016-04-23 07:01 - 01996640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-05-11 13:08 - 2016-04-23 07:01 - 00650304 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2016-05-11 13:08 - 2016-04-23 07:01 - 00577368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-05-11 13:08 - 2016-04-23 07:01 - 00522176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2016-05-11 13:08 - 2016-04-23 07:00 - 01372304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2016-05-11 13:08 - 2016-04-23 06:39 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsCSP.dll
2016-05-11 13:08 - 2016-04-23 06:32 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapsupdatetask.dll
2016-05-11 13:08 - 2016-04-23 06:31 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll
2016-05-11 13:08 - 2016-04-23 06:30 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2016-05-11 13:08 - 2016-04-23 06:29 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll
2016-05-11 13:08 - 2016-04-23 06:26 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2016-05-11 13:08 - 2016-04-23 06:24 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2016-05-11 13:08 - 2016-04-23 06:21 - 00314880 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
2016-05-11 13:08 - 2016-04-23 06:20 - 00606720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2016-05-11 13:08 - 2016-04-23 06:18 - 00804352 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2016-05-11 13:08 - 2016-04-23 06:18 - 00605184 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2016-05-11 13:08 - 2016-04-23 06:18 - 00585728 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2016-05-11 13:08 - 2016-04-23 06:18 - 00471552 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2016-05-11 13:08 - 2016-04-23 06:17 - 01213440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2016-05-11 13:08 - 2016-04-23 06:17 - 00529920 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2016-05-11 13:08 - 2016-04-23 06:16 - 01319424 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2016-05-11 13:08 - 2016-04-23 06:16 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2016-05-11 13:08 - 2016-04-23 06:15 - 01073152 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2016-05-11 13:08 - 2016-04-23 06:15 - 00865792 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2016-05-11 13:08 - 2016-04-23 06:15 - 00673280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2016-05-11 13:08 - 2016-04-23 06:14 - 00870912 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2016-05-11 13:08 - 2016-04-23 06:14 - 00821760 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2016-05-11 13:08 - 2016-04-23 06:14 - 00647680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2016-05-11 13:08 - 2016-04-23 06:14 - 00354304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
2016-05-11 13:08 - 2016-04-23 06:13 - 00705536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2016-05-11 13:08 - 2016-04-23 06:13 - 00489984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2016-05-11 13:08 - 2016-04-23 06:13 - 00434688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2016-05-11 13:08 - 2016-04-23 06:10 - 12125696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-05-11 13:08 - 2016-04-23 06:10 - 00639488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2016-05-11 13:08 - 2016-04-23 06:09 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-05-11 13:08 - 2016-04-23 06:09 - 02582016 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2016-05-11 13:08 - 2016-04-23 06:08 - 05324288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2016-05-11 13:08 - 2016-04-23 06:08 - 02061824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2016-05-11 13:08 - 2016-04-23 06:07 - 02598912 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2016-05-11 13:08 - 2016-04-23 06:07 - 01500160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-05-11 13:08 - 2016-04-23 06:05 - 05502976 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2016-05-11 13:08 - 2016-04-23 06:05 - 02166784 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-05-11 13:08 - 2016-04-23 06:05 - 02066432 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2016-05-11 13:08 - 2016-04-23 06:05 - 01946112 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2016-05-11 13:08 - 2016-04-23 06:05 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2016-05-11 13:08 - 2016-04-23 06:05 - 00613376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
2016-05-11 13:08 - 2016-04-23 06:04 - 04759040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2016-05-11 13:08 - 2016-04-23 06:04 - 01731072 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-05-11 13:08 - 2016-04-23 06:03 - 05660160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-05-11 13:08 - 2016-04-23 06:03 - 04894208 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-05-11 13:08 - 2016-04-23 06:03 - 02280960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-05-11 13:08 - 2016-04-23 06:03 - 02000896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2016-05-11 13:08 - 2016-04-23 06:03 - 00754176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2016-05-11 13:08 - 2016-04-23 06:02 - 02444288 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2016-05-11 13:08 - 2016-04-23 06:00 - 01390080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-05-11 13:08 - 2016-04-23 06:00 - 00984576 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2016-05-11 13:07 - 2016-05-06 06:53 - 00095072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdport.sys
2016-05-11 13:07 - 2016-05-06 06:05 - 00241664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll
2016-05-11 13:07 - 2016-05-06 06:03 - 00649216 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2016-05-11 13:07 - 2016-05-06 05:53 - 00351232 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnr.dll
2016-05-11 13:07 - 2016-05-06 05:49 - 00289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnrSvc.dll
2016-05-11 13:07 - 2016-05-06 05:44 - 00582656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngccredprov.dll
2016-05-11 13:07 - 2016-05-06 05:43 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll
2016-05-11 13:07 - 2016-05-06 05:23 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcpopkeysrv.dll
2016-05-11 13:07 - 2016-04-23 08:12 - 00092352 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-05-11 13:07 - 2016-04-23 07:26 - 00707608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2016-05-11 13:07 - 2016-04-23 07:24 - 00638816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2016-05-11 13:07 - 2016-04-23 07:24 - 00335712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
2016-05-11 13:07 - 2016-04-23 07:24 - 00099680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2016-05-11 13:07 - 2016-04-23 07:22 - 01161120 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2016-05-11 13:07 - 2016-04-23 07:18 - 00026408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2016-05-11 13:07 - 2016-04-23 07:13 - 00502104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2016-05-11 13:07 - 2016-04-23 07:13 - 00306832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanapi.dll
2016-05-11 13:07 - 2016-04-23 07:13 - 00084832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2016-05-11 13:07 - 2016-04-23 07:11 - 00696672 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2016-05-11 13:07 - 2016-04-23 07:11 - 00390496 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll
2016-05-11 13:07 - 2016-04-23 07:11 - 00131424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ufxsynopsys.sys
2016-05-11 13:07 - 2016-04-23 07:11 - 00115040 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2016-05-11 13:07 - 2016-04-23 07:10 - 00330072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2016-05-11 13:07 - 2016-04-23 07:09 - 00569744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll
2016-05-11 13:07 - 2016-04-23 07:09 - 00565600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2016-05-11 13:07 - 2016-04-23 07:09 - 00465760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2016-05-11 13:07 - 2016-04-23 07:08 - 00725776 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll
2016-05-11 13:07 - 2016-04-23 07:07 - 01848072 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2016-05-11 13:07 - 2016-04-23 07:07 - 01536088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2016-05-11 13:07 - 2016-04-23 07:07 - 00204048 _____ (Microsoft Corporation) C:\WINDOWS\system32\rsaenh.dll
2016-05-11 13:07 - 2016-04-23 07:07 - 00183904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rsaenh.dll
2016-05-11 13:07 - 2016-04-23 07:06 - 00291360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininit.exe
2016-05-11 13:07 - 2016-04-23 07:02 - 00188256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2016-05-11 13:07 - 2016-04-23 07:01 - 00619296 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10level9.dll
2016-05-11 13:07 - 2016-04-23 07:01 - 00513368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10level9.dll
2016-05-11 13:07 - 2016-04-23 07:01 - 00393568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2016-05-11 13:07 - 2016-04-23 07:01 - 00217440 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2016-05-11 13:07 - 2016-04-23 07:00 - 01776768 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2016-05-11 13:07 - 2016-04-23 07:00 - 01594920 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2016-05-11 13:07 - 2016-04-23 07:00 - 01522152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2016-05-11 13:07 - 2016-04-23 07:00 - 01399224 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2016-05-11 13:07 - 2016-04-23 07:00 - 01337240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2016-05-11 13:07 - 2016-04-23 07:00 - 00550656 _____ (Microsoft Corporation) C:\WINDOWS\system32\directmanipulation.dll
2016-05-11 13:07 - 2016-04-23 07:00 - 00453472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\directmanipulation.dll
2016-05-11 13:07 - 2016-04-23 07:00 - 00058208 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwminit.dll
2016-05-11 13:07 - 2016-04-23 06:56 - 00534872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2016-05-11 13:07 - 2016-04-23 06:35 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosHostClient.dll
2016-05-11 13:07 - 2016-04-23 06:34 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbser.sys
2016-05-11 13:07 - 2016-04-23 06:34 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\hmkd.dll
2016-05-11 13:07 - 2016-04-23 06:34 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2016-05-11 13:07 - 2016-04-23 06:33 - 00089600 _____ (Microsoft Corporation) C:\WINDOWS\system32\NFCProvisioningPlugin.dll
2016-05-11 13:07 - 2016-04-23 06:33 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshbth.dll
2016-05-11 13:07 - 2016-04-23 06:33 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmCx.sys
2016-05-11 13:07 - 2016-04-23 06:33 - 00038400 _____ (Microsoft Corporation) C:\WINDOWS\system32\ByteCodeGenerator.exe
2016-05-11 13:07 - 2016-04-23 06:32 - 00134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wificonnapi.dll
2016-05-11 13:07 - 2016-04-23 06:32 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseDesktopAppMgmtCSP.dll
2016-05-11 13:07 - 2016-04-23 06:30 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosHostClient.dll
2016-05-11 13:07 - 2016-04-23 06:29 - 00192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
2016-05-11 13:07 - 2016-04-23 06:29 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll
2016-05-11 13:07 - 2016-04-23 06:29 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\filecrypt.sys
2016-05-11 13:07 - 2016-04-23 06:29 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe
2016-05-11 13:07 - 2016-04-23 06:29 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hmkd.dll
2016-05-11 13:07 - 2016-04-23 06:29 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ByteCodeGenerator.exe
2016-05-11 13:07 - 2016-04-23 06:29 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2016-05-11 13:07 - 2016-04-23 06:28 - 00130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudDomainJoinDataModelServer.dll
2016-05-11 13:07 - 2016-04-23 06:28 - 00127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEDataLayerHelpers.dll
2016-05-11 13:07 - 2016-04-23 06:28 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll
2016-05-11 13:07 - 2016-04-23 06:28 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2016-05-11 13:07 - 2016-04-23 06:28 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshbth.dll
2016-05-11 13:07 - 2016-04-23 06:27 - 00155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidclass.sys
2016-05-11 13:07 - 2016-04-23 06:27 - 00039424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wfdprov.dll
2016-05-11 13:07 - 2016-04-23 06:26 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdbusenum.dll
2016-05-11 13:07 - 2016-04-23 06:25 - 00630784 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll
2016-05-11 13:07 - 2016-04-23 06:25 - 00617984 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2016-05-11 13:07 - 2016-04-23 06:25 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2016-05-11 13:07 - 2016-04-23 06:25 - 00207360 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2016-05-11 13:07 - 2016-04-23 06:24 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-05-11 13:07 - 2016-04-23 06:24 - 00292864 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2016-05-11 13:07 - 2016-04-23 06:24 - 00287232 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll
2016-05-11 13:07 - 2016-04-23 06:24 - 00181248 _____ (Microsoft Corporation) C:\WINDOWS\system32\shacct.dll
2016-05-11 13:07 - 2016-04-23 06:24 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\SubscriptionMgr.dll
2016-05-11 13:07 - 2016-04-23 06:24 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEDataLayerHelpers.dll
2016-05-11 13:07 - 2016-04-23 06:23 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2016-05-11 13:07 - 2016-04-23 06:23 - 00279040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ListSvc.dll
2016-05-11 13:07 - 2016-04-23 06:23 - 00179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\BrowserSettingSync.dll
2016-05-11 13:07 - 2016-04-23 06:23 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BluetoothApis.dll
2016-05-11 13:07 - 2016-04-23 06:22 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll
2016-05-11 13:07 - 2016-04-23 06:21 - 00479232 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2016-05-11 13:07 - 2016-04-23 06:20 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2016-05-11 13:07 - 2016-04-23 06:20 - 00484352 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataSenseHandlers.dll
2016-05-11 13:07 - 2016-04-23 06:20 - 00356864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2016-05-11 13:07 - 2016-04-23 06:20 - 00307200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2016-05-11 13:07 - 2016-04-23 06:20 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shacct.dll
2016-05-11 13:07 - 2016-04-23 06:19 - 00395264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlansec.dll
2016-05-11 13:07 - 2016-04-23 06:19 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BrowserSettingSync.dll
2016-05-11 13:07 - 2016-04-23 06:18 - 00988672 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2016-05-11 13:07 - 2016-04-23 06:18 - 00515072 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2016-05-11 13:07 - 2016-04-23 06:18 - 00436736 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2016-05-11 13:07 - 2016-04-23 06:18 - 00219648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2016-05-11 13:07 - 2016-04-23 06:17 - 00388608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2016-05-11 13:07 - 2016-04-23 06:17 - 00337920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanmsm.dll
2016-05-11 13:07 - 2016-04-23 06:15 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2016-05-11 13:07 - 2016-04-23 06:14 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2016-05-11 13:07 - 2016-04-23 06:14 - 00342528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2016-05-11 13:07 - 2016-04-23 06:12 - 00667648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2016-05-11 13:07 - 2016-04-23 06:07 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2016-05-11 13:07 - 2016-04-23 06:05 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2016-05-11 13:07 - 2016-04-23 06:05 - 00103936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2016-05-11 13:07 - 2016-04-23 06:03 - 02193408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2016-05-11 13:07 - 2016-04-23 06:03 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll
2016-05-11 13:07 - 2016-04-23 06:01 - 04775424 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2016-05-11 13:07 - 2016-04-23 05:45 - 00461824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2016-05-11 13:07 - 2016-04-23 04:10 - 00215040 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2016-05-11 13:07 - 2016-04-23 04:10 - 00002186 _____ C:\WINDOWS\system32\AppxProvisioning.xml
2016-05-11 13:07 - 2016-04-19 00:30 - 00002186 _____ C:\WINDOWS\SysWOW64\AppxProvisioning.xml
2016-05-10 00:01 - 2016-05-17 22:17 - 00000000 ____D C:\FRST
2016-05-09 22:54 - 2016-05-09 22:55 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-05-09 22:54 - 2016-05-09 22:54 - 00001179 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2016-05-09 22:54 - 2016-05-09 22:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2016-05-09 22:54 - 2016-05-09 22:54 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-05-09 22:54 - 2016-05-09 22:54 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2016-05-09 22:54 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-05-09 22:54 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-05-09 22:54 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-05-07 10:44 - 2016-05-07 10:44 - 00000000 ____D C:\Users\VanessaundUwe\AppData\Roaming\dvdcss
2016-05-06 17:29 - 2016-05-09 10:43 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-05-03 13:33 - 2016-05-03 13:33 - 00007698 _____ C:\Users\VanessaundUwe\Documents\cc_20160503_133300.reg
2016-04-28 09:48 - 2016-04-28 09:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Anti-Virus
2016-04-28 09:47 - 2013-05-06 08:13 - 00110176 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\klfphc.dll
2016-04-28 09:46 - 2016-05-17 22:15 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2016-04-28 09:46 - 2016-04-28 10:01 - 00927640 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klif.sys
2016-04-28 09:46 - 2016-04-28 09:46 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab
2016-04-28 09:46 - 2015-12-08 21:34 - 00227512 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klhk.sys
2016-04-28 09:46 - 2015-12-08 21:34 - 00181640 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klflt.sys
2016-04-27 08:03 - 2016-04-27 13:13 - 00000000 ____D C:\Users\VanessaundUwe\AppData\Roaming\floating-38
2016-04-25 17:30 - 2016-04-26 11:11 - 00000000 ____D C:\Users\VanessaundUwe\AppData\Roaming\circle-9
2016-04-24 12:32 - 2016-04-24 12:36 - 00000000 ____D C:\Users\VanessaundUwe\Desktop\Fotos bearbeitet
2016-04-22 22:27 - 2016-04-23 10:14 - 00000000 ____D C:\Users\VanessaundUwe\AppData\Roaming\pfmea-6
2016-04-20 23:23 - 2016-04-20 23:23 - 00051038 _____ C:\Users\VanessaundUwe\Documents\cc_20160420_232306.reg
2016-04-17 21:39 - 2016-04-18 10:48 - 00000000 ____D C:\Users\VanessaundUwe\AppData\Roaming\median-50

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-05-17 22:21 - 2014-07-24 12:50 - 00000000 ____D C:\Users\VanessaundUwe\AppData\Roaming\Spotify
2016-05-17 22:16 - 2015-10-06 17:37 - 00000000 ___RD C:\Users\VanessaundUwe\OneDrive
2016-05-17 22:16 - 2014-07-24 12:52 - 00000000 ____D C:\Users\VanessaundUwe\AppData\Local\Spotify
2016-05-17 22:13 - 2015-12-22 17:00 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-05-17 22:13 - 2015-12-22 16:27 - 00000000 ____D C:\ProgramData\NVIDIA
2016-05-17 22:13 - 2015-10-30 08:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2016-05-17 21:39 - 2015-12-22 16:20 - 05109024 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-05-17 21:38 - 2015-12-22 16:33 - 00000000 ____D C:\Users\UpdatusUser
2016-05-17 21:37 - 2015-12-22 16:33 - 00000000 ____D C:\Users\VanessaundUwe
2016-05-17 20:38 - 2012-05-19 17:55 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-05-17 20:38 - 2012-05-18 21:32 - 00001132 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-05-17 20:26 - 2016-01-12 00:55 - 00004170 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{988C203C-45F5-47BA-B287-812777036600}
2016-05-17 18:22 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-05-17 18:17 - 2015-10-30 09:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-05-17 15:13 - 2011-10-28 14:33 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2016-05-17 15:12 - 2015-10-30 09:24 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-05-17 15:12 - 2015-10-30 09:24 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-05-17 15:08 - 2016-03-22 23:08 - 01014796 _____ C:\Users\VanessaundUwe\Downloads\Kultur ab Januar 2015.xlsx
2016-05-17 15:08 - 2015-10-06 17:46 - 00000000 ____D C:\Users\VanessaundUwe\Documents\Outlook-Dateien
2016-05-17 15:06 - 2012-08-28 14:14 - 00000000 ____D C:\Program Files\Adobe
2016-05-17 15:06 - 2011-10-27 21:58 - 00000000 ____D C:\Program Files (x86)\Adobe
2016-05-17 15:05 - 2012-05-18 22:14 - 00000000 ____D C:\Users\VanessaundUwe\AppData\Roaming\Adobe
2016-05-17 15:05 - 2011-10-27 21:58 - 00000000 ____D C:\ProgramData\Adobe
2016-05-17 15:01 - 2013-04-26 20:20 - 00000000 ____D C:\Users\VanessaundUwe\Documents\My Digital Editions
2016-05-17 09:33 - 2015-12-22 19:03 - 00000000 ____D C:\Users\VanessaundUwe\AppData\Local\Packages
2016-05-17 07:43 - 2014-07-09 12:42 - 00000000 ____D C:\Users\VanessaundUwe\AppData\Local\Adobe
2016-05-16 21:22 - 2015-12-03 19:13 - 00000000 ____D C:\Users\VanessaundUwe\Downloads\2016
2016-05-15 21:09 - 2015-10-30 09:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-05-13 23:59 - 2012-06-17 14:32 - 00000000 ____D C:\Users\VanessaundUwe\AppData\Roaming\vlc
2016-05-13 12:55 - 2016-01-14 15:43 - 00003972 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2016-05-13 12:55 - 2015-11-04 12:37 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-05-13 10:16 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\rescache
2016-05-12 19:59 - 2011-10-27 22:02 - 00000000 ____D C:\ProgramData\Temp
2016-05-11 21:57 - 2015-10-30 09:26 - 00829944 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-05-11 21:57 - 2015-10-30 09:26 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-05-11 20:24 - 2015-10-30 09:21 - 00000000 ____D C:\WINDOWS\INF
2016-05-11 17:11 - 2015-12-22 19:03 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-05-11 15:01 - 2015-10-30 20:44 - 00000000 ____D C:\Program Files\Windows Journal
2016-05-11 15:01 - 2015-10-30 09:24 - 00015703 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
2016-05-11 15:01 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-05-11 15:01 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-05-11 15:01 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\Provisioning
2016-05-11 15:01 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-05-11 15:00 - 2015-10-06 16:05 - 00000000 ____D C:\Users\VanessaundUwe\AppData\Local\JDownloader 2.0
2016-05-11 14:32 - 2013-08-15 19:38 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-05-11 14:16 - 2011-10-27 23:06 - 139319312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-05-11 12:33 - 2016-02-02 19:15 - 00003988 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore1d12f5fdf08843e
2016-05-11 12:33 - 2015-12-05 15:21 - 00001128 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d12f5fdf08843e.job
2016-05-11 12:33 - 2012-05-18 21:32 - 00004190 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-05-10 07:58 - 2016-01-18 19:53 - 00000000 ____D C:\Program Files\KMSpico
2016-05-09 23:46 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\Globalization
2016-05-09 22:45 - 2014-07-18 10:33 - 00000000 ____D C:\AdwCleaner
2016-05-09 10:43 - 2012-05-19 17:22 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-05-07 10:43 - 2015-09-04 18:23 - 00000867 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-05-03 13:33 - 2014-08-08 08:13 - 00000000 ____D C:\ProgramData\Package Cache
2016-05-03 13:31 - 2015-12-22 20:53 - 00000000 ____D C:\Users\VanessaundUwe\AppData\Roaming\uTorrent
2016-04-30 15:51 - 2015-07-25 13:09 - 00000000 ____D C:\Users\VanessaundUwe\Downloads\Books
2016-04-28 14:21 - 2013-01-24 18:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2016-04-28 12:55 - 2015-12-22 16:31 - 02086168 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-04-28 12:55 - 2015-10-30 20:35 - 00889404 _____ C:\WINDOWS\system32\perfh007.dat
2016-04-28 12:55 - 2015-10-30 20:35 - 00197452 _____ C:\WINDOWS\system32\perfc007.dat
2016-04-28 10:15 - 2012-10-24 13:15 - 00000000 ____D C:\Program Files (x86)\Avira
2016-04-28 10:01 - 2015-06-06 08:51 - 00077728 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\kldisk.sys
2016-04-28 09:48 - 2015-10-30 08:28 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2016-04-28 09:47 - 2015-10-30 09:24 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2016-04-28 09:46 - 2009-07-14 05:20 - 00000000 ____D C:\Users\Default.migrated
2016-04-28 09:42 - 2012-10-24 13:20 - 00000000 ____D C:\Users\VanessaundUwe\AppData\Roaming\Avira
2016-04-28 09:42 - 2012-10-24 13:15 - 00000000 ____D C:\ProgramData\Avira
2016-04-26 11:02 - 2015-12-22 19:12 - 00002451 _____ C:\Users\VanessaundUwe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-04-25 17:44 - 2014-11-01 17:41 - 00000000 ____D C:\Users\VanessaundUwe\Downloads\Noch schauen
2016-04-23 17:11 - 2015-12-22 19:42 - 00000000 ____D C:\Users\VanessaundUwe\AppData\Local\Comms
2016-04-22 09:57 - 2010-11-21 05:27 - 00453288 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2016-04-20 10:55 - 2014-12-02 13:40 - 00000000 ____D C:\Users\VanessaundUwe\Downloads\Zeitschriften 2015

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2013-11-23 21:03 - 2013-11-23 21:09 - 0000132 _____ () C:\Users\VanessaundUwe\AppData\Roaming\Adobe CS6-GIF-Format - Voreinstellungen
2013-11-28 18:53 - 2014-03-25 16:16 - 0000132 _____ () C:\Users\VanessaundUwe\AppData\Roaming\Adobe CS6-PNG-Format - Voreinstellungen
2012-06-28 17:26 - 2013-05-09 15:16 - 0009216 _____ () C:\Users\VanessaundUwe\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-07-10 18:45 - 2013-07-10 18:45 - 0000893 _____ () C:\Users\VanessaundUwe\AppData\Local\recently-used.xbel
2012-05-19 10:07 - 2012-05-19 10:07 - 0017408 _____ () C:\Users\VanessaundUwe\AppData\Local\WebpageIcons.db
2013-02-05 20:42 - 2013-03-29 14:28 - 0000032 _____ () C:\ProgramData\aceg.ini
2016-01-12 00:45 - 2016-01-12 00:45 - 0000057 _____ () C:\ProgramData\Ament.ini

==================== Bamital & volsnap =================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert


LastRegBack: 2016-05-14 14:42

==================== Ende von FRST.txt ============================

Code:

ATTFilter

Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:14-05-2016
durchgeführt von VanessaundUwe (2016-05-17 22:23:24)
Gestartet von C:\Users\VanessaundUwe\Desktop
Windows 10 Home Version 1511 (X64) (2015-12-22 17:01:42)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-2663113073-2047370837-3390539344-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2663113073-2047370837-3390539344-503 - Limited - Disabled)
Gast (S-1-5-21-2663113073-2047370837-3390539344-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2663113073-2047370837-3390539344-1003 - Limited - Enabled)
UpdatusUser (S-1-5-21-2663113073-2047370837-3390539344-1000 - Limited - Enabled) => C:\Users\UpdatusUser
VanessaundUwe (S-1-5-21-2663113073-2047370837-3390539344-1001 - Administrator - Enabled) => C:\Users\VanessaundUwe

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Kaspersky Anti-Virus (Enabled - Up to date) {86367591-4BE4-AE08-2FD9-7FCB8259CD98}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Kaspersky Anti-Virus (Enabled - Up to date) {3D579475-6DDE-A186-1569-44B9F9DE8725}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Anti-Virus (Disabled) {BE0DF4B4-018B-AF50-0486-D6FE7C8A8AE3}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

µTorrent (HKU\S-1-5-21-2663113073-2047370837-3390539344-1001\...\uTorrent) (Version: 3.4.6.42094 - BitTorrent Inc.)
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.016.20039 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.242 - Adobe Systems Incorporated)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
calibre (HKLM-x32\...\{49FA2A5C-8FC3-4BD0-A244-CA01A9250E55}) (Version: 2.50.1 - Kovid Goyal)
CCleaner (HKLM\...\CCleaner) (Version: 5.17 - Piriform)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.0.0.0054 - Disc Soft Ltd)
ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 17.1.18829 - Landesfinanzdirektion Thüringen)
FileZilla Client 3.10.3 (HKLM-x32\...\FileZilla Client) (Version: 3.10.3 - Tim Kosse)
Finger Sensing Pad Driver (HKLM\...\{E86906FF-C63D-4EAF-ACE7-5F8D55FBEA9A}) (Version: 9.4.9.5 - Sentelic)
FormatFactory 3.3.5.0 (HKLM-x32\...\FormatFactory) (Version: 3.3.5.0 - Format Factory)
Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Google Drive (HKLM-x32\...\{D7269C20-B3CE-4CD0-8E88-3D307D3BD41A}) (Version: 1.29.2074.1528 - Google, Inc.)
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
HP Dropbox Plugin (HKLM-x32\...\{45B18FC7-3ECE-4F2B-99A8-370886AB8238}) (Version: 36.0.31.53050 - Hewlett-Packard Co.)
HP Google Drive Plugin (HKLM-x32\...\{1502BB1F-7870-4DC9-9178-65CFE00D070C}) (Version: 36.0.31.53050 - Hewlett-Packard Co.)
HP OfficeJet 3830 series - Grundlegende Software für das Gerät (HKLM\...\{DCCF150E-E0CA-4C1E-BD81-207DB6BE2A86}) (Version: 36.0.72.54013 - Hewlett-Packard Co.)
HP OfficeJet 3830 series Hilfe (HKLM-x32\...\{99C52AB4-FBA3-4C12-9AC3-B19A3421EB96}) (Version: 35.0.0 - Hewlett Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.9572 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
Intel PROSet Wireless (x32 Version:  - ) Hidden
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2538 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{006B5C65-3938-4246-B182-994A7E415EDE}) (Version: 1.1.0.0537 - Intel Corporation)
Intel(R) WiDi (HKLM-x32\...\{E1B934BB-6AFA-429F-98E4-76F9CBC72BF6}) (Version: 2.2.14.0 - Intel Corporation)
Intel(R) Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version:  - )
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.32 - Irfan Skiljan)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kaspersky Anti-Virus (HKLM-x32\...\InstallWIX_{77E7AE5C-181C-4CAF-ADBF-946F11C1CE26}) (Version: 16.0.0.614 - Kaspersky Lab)
Kaspersky Anti-Virus (x32 Version: 16.0.0.614 - Kaspersky Lab) Hidden
LameXP v4.07 (HKLM-x32\...\{FBD7A67D-D700-4043-B54F-DD106D00F308}) (Version: 4.07 Final-1 [Build #1286] - LoRd_MuldeR <mulder2@gmx.de>)
Launch Manager (HKLM-x32\...\{D0846526-66DD-4DC9-A02C-98F9A2806812}) (Version: 1.5.1.4 - Wistron Corp.)
Lumia UEFI Blue Driver (HKLM-x32\...\{D6EEB835-5BBF-4F6B-8382-1681148D7771}) (Version: 1.1.8.1448 - Nokia)
Malwarebytes Anti-Malware Version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft_VC100_CRT_x86 (HKLM-x32\...\{6FDDB201-2CA0-42BD-973F-7B2C4A61EA3F}) (Version: 1.0.0 - Microsoft)
Mozilla Firefox 46.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 46.0.1 (x86 de)) (Version: 46.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 46.0.1.5966 - Mozilla)
NVIDIA 3D Vision Driver 285.64 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 285.64 - NVIDIA Corporation)
NVIDIA Graphics Driver 285.64 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 285.64 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}) (Version: 9.10.0513 - NVIDIA Corporation)
OpenOffice 4.1.2 (HKLM-x32\...\{F5CAB1AF-7B1A-4CEC-B829-A3F699473AE1}) (Version: 4.12.9782 - Apache Software Foundation)
Pošta Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6449 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Reader Driver (HKLM-x32\...\{62BBB2F0-E220-4821-A564-730807D2C34D}) (Version: 6.1.7600.10010 - Realtek Semiconductor Corp.)
Remote Control Input Device Registry Key (HKLM-x32\...\{91EB0B20-08B0-4905-88FB-020952B9979F}) (Version: 1.1.0.0.081231 - Chicony)
Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.16011.2 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (x32 Version: 3.2.16011.2 - Samsung Electronics Co., Ltd.) Hidden
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.59.0 - Samsung Electronics Co., Ltd.)
Shape Collage (HKLM-x32\...\ShapeCollage) (Version:  - Shape Collage Inc.)
Smart Switch (HKLM-x32\...\InstallShield_{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}) (Version: 4.1.16021.15 - Samsung Electronics Co., Ltd.)
Smart Switch (x32 Version: 4.1.16021.15 - Samsung Electronics Co., Ltd.) Hidden
Spelling Dictionaries Support For Adobe Reader X (HKLM-x32\...\{AC76BA86-7AD7-5464-3428-A00000000004}) (Version: 10.0.0 - Adobe Systems Incorporated)
Spotify (HKU\S-1-5-21-2663113073-2047370837-3390539344-1001\...\Spotify) (Version: 1.0.28.87.g8f9312a4 - Spotify AB)
Studie zur Verbesserung von HP OfficeJet 3830 series (HKLM\...\{0BE77456-9F9E-41FA-8914-01940B20AEA8}) (Version: 36.0.72.54013 - Hewlett-Packard Co.)
TI USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5C677DD3-45D9-4B10-8591-5F8CEA76BAE0}) (Version: 1.12.16 - Texas Instruments Inc.)
TI USB3 Host Driver (x32 Version: 1.12.16 - Texas Instruments Inc.) Hidden
Trojan Remover 6.9.3 (HKLM-x32\...\Trojan Remover_is1) (Version: 6.9.3 - Simply Super Software)
Turbo Lister 2 (HKLM-x32\...\{8927E07C-97F7-4A54-88FB-D976F50DD46E}) (Version: 2.00.0000 - eBay Inc.)
Versandhelfer (HKLM-x32\...\dpdhl.versandhelfer.medionlap.CDA82DC3FEDD13302C6424313D9A2999F162D21A.1) (Version: 0.9.511 - Deutsche Post AG)
Versandhelfer (x32 Version: 0.9.511 - Deutsche Post AG) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
WinRAR 4.20 (32-Bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
WinUsb CoInstallers (HKLM-x32\...\{B7D4B08A-9D89-4369-B51C-92CF8C03D2F8}) (Version: 1.1.8.1406 - Nokia)
WinUSB Compatible ID Drivers (HKLM-x32\...\{316ED84C-ACDA-4F1F-8E64-52B7AFF8677D}) (Version: 1.1.9.1439 - Nokia)
WinUSB Drivers ext (HKLM-x32\...\{238EAE31-4E9E-43CF-B244-C4879279E6AF}) (Version: 1.1.12.1439 - Nokia)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

CustomCLSID: HKU\S-1-5-21-2663113073-2047370837-3390539344-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\VanessaundUwe\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\FileCoAuth.exe (Microsoft Corporation)

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {0D316AB7-1416-48C9-BE2F-98E44E0638A5} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-05-12] (Adobe Systems Incorporated)
Task: {13548292-62B5-46FE-901A-32171AC7C7CA} - System32\Tasks\HPCustParticipation HP OfficeJet 3830 series => C:\Program Files\HP\HP OfficeJet 3830 series\Bin\HPCustPartic.exe [2015-03-09] (Hewlett-Packard Development Company, LP)
Task: {13C04E78-85A3-4EAB-8EC1-4D75A697776D} - System32\Tasks\{415ED4F3-D631-4EE6-AB81-303998C830FB} => pcalua.exe -a C:\Users\VanessaundUwe\Downloads\ADE_2.0_Installer.exe -d C:\Users\VanessaundUwe\Downloads
Task: {23932692-5781-482C-BE4E-010CF5CF399C} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe
Task: {3A8D8438-08A6-4DFB-B760-90737F10D2A6} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {51696F76-C61C-45B2-A66E-EB797979E925} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-05-11] (Microsoft Corporation)
Task: {727E0394-47CD-4326-9878-51DCE9BDA933} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
Task: {819CC8D0-B527-433F-9E94-83F3FED315E3} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe
Task: {86C11EBC-5923-4224-8C9C-AEAC67C4A609} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {8A26074E-D9A2-46A1-926B-2CD6439E0EB7} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {8B83154D-73CF-4435-ABEB-96C6214BD09D} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe
Task: {8EFFED3C-9DA9-401D-AD9C-61FD3A63F98A} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe
Task: {8F0E5EFB-D820-4DEA-A1D5-8B6237FEBF7B} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {9CBBE4A7-E823-45D3-AEAB-E20865E1F264} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe
Task: {9D3DB79D-C891-41AE-B24E-32BE9900DA22} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe
Task: {9F32AA2E-358A-4EC1-B044-761AA6BFFB94} - System32\Tasks\AutoPico Daily Restart => C:\Program
Task: {A2A7F146-C77A-4233-8C31-D192AF2D5591} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe
Task: {AAB08C40-22FD-4126-84F4-86755786F394} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-04-15] (Piriform Ltd)
Task: {B16E35C8-ECC6-4B42-AA66-B1B9248E5478} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Keine Datei <==== ACHTUNG
Task: {B2851EE3-BFA4-47A4-AFC2-114F3C194922} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-02] (Google Inc.)
Task: {B9CC01BC-768A-4946-AFDB-F6A551A40F00} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-02] (Google Inc.)
Task: {B9DF69B4-AE35-4B57-9B92-FFE592D550FE} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe
Task: {BC1A3F70-620E-4779-85B3-7ECE889A1DDB} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-04-22] (Adobe Systems Incorporated)
Task: {BCCF0E08-B171-4189-9247-F3E434294369} - \Microsoft\Windows\Setup\gwx\runappraiser -> Keine Datei <==== ACHTUNG
Task: {C08B53D2-E793-49B9-B320-3C1C4EFAE8CA} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {C3FD7451-62AC-4654-AF99-DAA95E98F41B} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Keine Datei <==== ACHTUNG
Task: {C6A099CD-5D34-4EDB-B614-CAF872E4E2F5} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {C7BA2836-6C8C-47F8-9A90-E43904B236AA} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe
Task: {CAAAE44E-0401-4EDF-B01F-CC3DBA876ADE} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe
Task: {CCE0DFF5-D617-41DC-9762-FE8A6F2848C1} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Keine Datei <==== ACHTUNG
Task: {CFC89B44-7826-4C50-B7A1-ECFE371E3767} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe
Task: {D5395A54-7A70-4614-94AA-D0CA988038E3} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {E09D943B-BA56-45AA-B5DB-C91C66EB995D} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe
Task: {E146F8D9-BEFB-4450-B673-D136F6ECDACE} - System32\Tasks\GoogleUpdateTaskMachineCore1d12f5fdf08843e => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-02] (Google Inc.)
Task: {E3EB8754-FFD1-4D73-942B-F8C7ACAB2F34} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe
Task: {F1774640-2B6A-43C5-9603-E8FA3AA41FA4} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe
Task: {F4F6A6FD-9D1A-44F0-8C26-8B298597FF54} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Keine Datei <==== ACHTUNG
Task: {FB4F02EA-7AD0-46E6-9D4D-76E82CC953A5} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1cf8c54ebfada4.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1cfec34e7a76bd3.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d0002672f1337.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d04241b9fd81d9.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d092e5d4782a0f.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d0c00ad2e94d9a.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d0e5527337fb41.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d0ef9ff94fb37b.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d12f5fdf08843e.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Verknüpfungen =============================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2015-10-30 09:18 - 2015-10-30 09:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2015-12-22 16:27 - 2015-07-23 03:10 - 00116552 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-05-29 08:29 - 2015-05-29 08:29 - 02178896 _____ () C:\Windows\System32\FspService.exe
2016-04-13 12:42 - 2016-03-29 12:20 - 02656952 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-04-13 12:42 - 2016-03-29 12:20 - 02656952 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-04-26 11:02 - 2016-04-26 11:02 - 00959176 _____ () C:\Users\VanessaundUwe\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64\ClientTelemetry.dll
2016-04-19 17:31 - 2016-04-19 17:31 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2015-12-22 16:12 - 2015-12-22 16:12 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-05-11 13:07 - 2016-04-23 06:25 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-05-11 13:08 - 2016-04-23 06:02 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-05-11 13:08 - 2016-04-23 05:58 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-05-11 13:08 - 2016-04-23 05:58 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-05-11 13:09 - 2016-04-23 06:01 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-06-01 22:00 - 2015-06-01 22:00 - 00102912 _____ () C:\Windows\System32\IccLibDll_x64.dll
2015-07-08 23:18 - 2015-07-08 23:18 - 00794920 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\kpcengine.2.3.dll
2016-04-19 17:31 - 2016-04-19 17:31 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-04-19 17:31 - 2016-04-19 17:31 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2016-04-26 11:02 - 2016-04-26 11:02 - 00679624 _____ () C:\Users\VanessaundUwe\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\ClientTelemetry.dll
2015-03-19 15:49 - 2016-04-27 09:53 - 47503472 _____ () C:\Users\VanessaundUwe\AppData\Roaming\Spotify\libcef.dll
2015-03-19 15:49 - 2016-04-27 09:53 - 01584240 _____ () C:\Users\VanessaundUwe\AppData\Roaming\Spotify\libglesv2.dll
2015-03-19 15:49 - 2016-04-27 09:53 - 00082032 _____ () C:\Users\VanessaundUwe\AppData\Roaming\Spotify\libegl.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)

AlternateDataStreams: C:\ProgramData\Temp:56E2E879 [118]
AlternateDataStreams: C:\ProgramData\Temp:CB0AACC9 [144]

==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)


==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)

HKU\S-1-5-21-2663113073-2047370837-3390539344-1001\Software\Classes\.exe:  =>  <===== ACHTUNG

==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)


==================== Hosts Inhalt: ===============================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2009-07-14 04:34 - 2016-05-17 22:04 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1       localhost

==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-2663113073-2047370837-3390539344-1000\Control Panel\Desktop\\Wallpaper -> 
HKU\S-1-5-21-2663113073-2047370837-3390539344-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\VanessaundUwe\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: BTMTrayAgent => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
MSCONFIG\startupreg: Spotify => "C:\Users\VanessaundUwe\AppData\Roaming\Spotify\Spotify.exe" -autostart -minimized

==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808
FirewallRules: [{C0374123-E3D0-4A2A-AF23-FD7B330516D2}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{832DE091-A393-41A0-9069-16CED42A908F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{10B4D7B3-35E5-4BCB-9AF0-570C332970A6}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{08F98417-32F4-4506-9A75-46379350B106}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [UDP Query User{1C533923-8746-4213-AA9F-E8CB87B8FB54}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{E981DB15-4E39-4BAD-987F-C4227C2BA066}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{25AF93FC-F6D1-4242-A385-DB3EC143D466}C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe
FirewallRules: [TCP Query User{224F2EAB-9D65-48F8-B527-63AF3C0AAD06}C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe
FirewallRules: [{4B89F019-378D-4CB6-AF92-2CB1E1BF3207}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{9ECFE6F4-A7AD-4296-B3E7-254C8E0CB697}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{23F69F7A-AFE4-41CC-AED3-FFDD201F5CAB}] => (Allow) LPort=1900
FirewallRules: [{53E576F4-684D-46C6-9AD8-E62974FB99FE}] => (Allow) LPort=2869
FirewallRules: [{04B2E412-4BC1-4D51-B629-6AB6A2708D43}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [UDP Query User{295DE74C-4A72-4955-8559-CA6D38EA6457}C:\vlc\vlc.exe] => (Allow) C:\vlc\vlc.exe
FirewallRules: [TCP Query User{1903870F-8668-4200-9D1B-3C30D813485A}C:\vlc\vlc.exe] => (Allow) C:\vlc\vlc.exe
FirewallRules: [UDP Query User{9F5C1EC9-68F2-424D-99B3-B7D370048090}C:\users\vanessaunduwe\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\vanessaunduwe\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{AB4F2111-5868-48FB-BFB3-49AA9B1B7B16}C:\users\vanessaunduwe\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\vanessaunduwe\appdata\roaming\spotify\spotify.exe
FirewallRules: [{99AE0AFB-72CD-4AB1-BFD7-28DB3E88CBF4}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3507\Agent.exe
FirewallRules: [{42F4F9E3-49D0-4D69-85C9-3DD660CA0258}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3507\Agent.exe
FirewallRules: [UDP Query User{8ED785C4-8B67-48AB-9E1F-E9FB0E017845}C:\users\vanessaunduwe\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\vanessaunduwe\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{5C89C82A-ED44-4302-AADE-600262D3F135}C:\users\vanessaunduwe\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\vanessaunduwe\appdata\roaming\spotify\spotify.exe
FirewallRules: [{3B3BA98C-6E3A-4CE5-9464-40DCE9710926}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{882E49E9-1721-48A8-B10B-EDD92CB1198A}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{D72B193E-DAA6-4947-B0DD-79B43E88826F}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{60633C33-6005-4E69-8984-5F2785A192B6}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
FirewallRules: [{E20DBD12-083A-4C7B-B048-62F51DC45532}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
FirewallRules: [{4C65B3D6-E289-4DC8-A7A1-E03D336E0E43}] => (Allow) C:\Users\VanessaundUwe\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{0263B9A6-98AB-4676-AF80-27916C59B382}] => (Allow) C:\Users\VanessaundUwe\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{8CC1AA41-6D1F-4258-8042-0969C72B17C3}] => (Allow) C:\Users\VanessaundUwe\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{A71B376F-DC00-4E8A-9BC6-8093C38BBFF6}] => (Allow) C:\Users\VanessaundUwe\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{EAE79E6F-A72E-4A3A-8155-B528862C291D}] => (Allow) C:\Users\VanessaundUwe\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{C326D4F1-8F94-4F87-8F5B-9317EE17B4E5}] => (Allow) C:\Users\VanessaundUwe\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{EC80BE6C-A741-45B4-A4A5-1879FEB76882}] => (Allow) C:\Program Files\HP\HP OfficeJet 3830 series\bin\FaxApplications.exe
FirewallRules: [{AE9EFAA9-1162-46C4-817D-9EEFF821368E}] => (Allow) C:\Program Files\HP\HP OfficeJet 3830 series\bin\DigitalWizards.exe
FirewallRules: [{73783793-F380-43CB-A272-15E66D1134DE}] => (Allow) C:\Program Files\HP\HP OfficeJet 3830 series\bin\SendAFax.exe
FirewallRules: [{8FB56B48-9C7F-47F5-B214-5EE0DF650E21}] => (Allow) C:\Program Files\HP\HP OfficeJet 3830 series\bin\FaxPrinterUtility.exe
FirewallRules: [{BB8FBFC3-E065-48F3-81DF-BFF4C15594D0}] => (Allow) C:\Program Files\HP\HP OfficeJet 3830 series\Bin\DeviceSetup.exe
FirewallRules: [{3DB49462-9751-401C-A35E-DF3ADE4EE293}] => (Allow) LPort=5357
FirewallRules: [{C7D4D1AD-7D2C-46FA-840D-077F4D87041D}] => (Allow) C:\Program Files\HP\HP OfficeJet 3830 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{4EC315F3-0EA3-4114-86CB-20666CF4E12D}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe
FirewallRules: [{A695BB64-DB01-4FD7-9369-1730B175811C}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe
FirewallRules: [{F56797FF-754A-4E09-87D9-98712FF563A4}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{8B2C23A9-0B2F-4DD6-B977-95B3CBC2F30F}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe

==================== Wiederherstellungspunkte =========================

07-05-2016 13:25:51 Geplanter Prüfpunkt
09-05-2016 23:52:40 JRT Pre-Junkware Removal
15-05-2016 21:05:53 Windows Update
17-05-2016 20:33:45 OpenOffice 4.1.2 wird installiert

==================== Fehlerhafte Geräte im Gerätemanager =============


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (05/17/2016 10:14:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: obexsrv.exe, Version: 1.1.0.51, Zeitstempel: 0x4d6e5ab8
Name des fehlerhaften Moduls: obexsrv.exe, Version: 1.1.0.51, Zeitstempel: 0x4d6e5ab8
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0005225c
ID des fehlerhaften Prozesses: 0xa38
Startzeit der fehlerhaften Anwendung: 0xobexsrv.exe0
Pfad der fehlerhaften Anwendung: obexsrv.exe1
Pfad des fehlerhaften Moduls: obexsrv.exe2
Berichtskennung: obexsrv.exe3
Vollständiger Name des fehlerhaften Pakets: obexsrv.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: obexsrv.exe5

Error: (05/17/2016 10:14:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: devmonsrv.exe, Version: 1.1.0.51, Zeitstempel: 0x4d6e5bd3
Name des fehlerhaften Moduls: devmonsrv.exe, Version: 1.1.0.51, Zeitstempel: 0x4d6e5bd3
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00043c86
ID des fehlerhaften Prozesses: 0x894
Startzeit der fehlerhaften Anwendung: 0xdevmonsrv.exe0
Pfad der fehlerhaften Anwendung: devmonsrv.exe1
Pfad des fehlerhaften Moduls: devmonsrv.exe2
Berichtskennung: devmonsrv.exe3
Vollständiger Name des fehlerhaften Pakets: devmonsrv.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: devmonsrv.exe5

Error: (05/17/2016 10:12:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: svchost.exe, Version: 10.0.10586.0, Zeitstempel: 0x5632d7ba
Name des fehlerhaften Moduls: ESENT.dll, Version: 10.0.10586.212, Zeitstempel: 0x56fa1686
Ausnahmecode: 0xc0000602
Fehleroffset: 0x000000000022885f
ID des fehlerhaften Prozesses: 0x900
Startzeit der fehlerhaften Anwendung: 0xsvchost.exe0
Pfad der fehlerhaften Anwendung: svchost.exe1
Pfad des fehlerhaften Moduls: svchost.exe2
Berichtskennung: svchost.exe3
Vollständiger Name des fehlerhaften Pakets: svchost.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: svchost.exe5

Error: (05/17/2016 10:12:50 PM) (Source: ESENT) (EventID: 908) (User: )
Description: svchost (2304) Der Prozess wird aufgrund eines nicht behebbaren Fehlers beendet: PV: 10.0.10586.0 SV: 10.0.10586.0 GLE: 0 ERR: -1603(fucb.cxx:359): dllentry.cxx(103) (ESENT[10.0.10586.0] RETAIL RTM MBCS)

Error: (05/17/2016 10:06:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: devmonsrv.exe, Version: 1.1.0.51, Zeitstempel: 0x4d6e5bd3
Name des fehlerhaften Moduls: devmonsrv.exe, Version: 1.1.0.51, Zeitstempel: 0x4d6e5bd3
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00043c86
ID des fehlerhaften Prozesses: 0x888
Startzeit der fehlerhaften Anwendung: 0xdevmonsrv.exe0
Pfad der fehlerhaften Anwendung: devmonsrv.exe1
Pfad des fehlerhaften Moduls: devmonsrv.exe2
Berichtskennung: devmonsrv.exe3
Vollständiger Name des fehlerhaften Pakets: devmonsrv.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: devmonsrv.exe5

Error: (05/17/2016 10:06:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: obexsrv.exe, Version: 1.1.0.51, Zeitstempel: 0x4d6e5ab8
Name des fehlerhaften Moduls: obexsrv.exe, Version: 1.1.0.51, Zeitstempel: 0x4d6e5ab8
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0005225c
ID des fehlerhaften Prozesses: 0xa48
Startzeit der fehlerhaften Anwendung: 0xobexsrv.exe0
Pfad der fehlerhaften Anwendung: obexsrv.exe1
Pfad des fehlerhaften Moduls: obexsrv.exe2
Berichtskennung: obexsrv.exe3
Vollständiger Name des fehlerhaften Pakets: obexsrv.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: obexsrv.exe5

Error: (05/17/2016 09:39:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: obexsrv.exe, Version: 1.1.0.51, Zeitstempel: 0x4d6e5ab8
Name des fehlerhaften Moduls: obexsrv.exe, Version: 1.1.0.51, Zeitstempel: 0x4d6e5ab8
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0005225c
ID des fehlerhaften Prozesses: 0x9e8
Startzeit der fehlerhaften Anwendung: 0xobexsrv.exe0
Pfad der fehlerhaften Anwendung: obexsrv.exe1
Pfad des fehlerhaften Moduls: obexsrv.exe2
Berichtskennung: obexsrv.exe3
Vollständiger Name des fehlerhaften Pakets: obexsrv.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: obexsrv.exe5

Error: (05/17/2016 09:39:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: devmonsrv.exe, Version: 1.1.0.51, Zeitstempel: 0x4d6e5bd3
Name des fehlerhaften Moduls: devmonsrv.exe, Version: 1.1.0.51, Zeitstempel: 0x4d6e5bd3
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00043c86
ID des fehlerhaften Prozesses: 0x894
Startzeit der fehlerhaften Anwendung: 0xdevmonsrv.exe0
Pfad der fehlerhaften Anwendung: devmonsrv.exe1
Pfad des fehlerhaften Moduls: devmonsrv.exe2
Berichtskennung: devmonsrv.exe3
Vollständiger Name des fehlerhaften Pakets: devmonsrv.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: devmonsrv.exe5

Error: (05/17/2016 08:34:19 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.

System Error:
Zugriff verweigert
.

Error: (05/17/2016 01:56:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: microsoftedgecp.exe, Version: 11.0.10586.20, Zeitstempel: 0x56540c35
Name des fehlerhaften Moduls: iertutil.dll, Version: 11.0.10586.306, Zeitstempel: 0x571af338
Ausnahmecode: 0x80000003
Fehleroffset: 0x0000000000007040
ID des fehlerhaften Prozesses: 0x2528
Startzeit der fehlerhaften Anwendung: 0xmicrosoftedgecp.exe0
Pfad der fehlerhaften Anwendung: microsoftedgecp.exe1
Pfad des fehlerhaften Moduls: microsoftedgecp.exe2
Berichtskennung: microsoftedgecp.exe3
Vollständiger Name des fehlerhaften Pakets: microsoftedgecp.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: microsoftedgecp.exe5


Systemfehler:
=============
Error: (05/17/2016 10:22:59 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde nicht richtig gestartet.

Error: (05/17/2016 10:20:53 PM) (Source: DCOM) (EventID: 10010) (User: NT-AUTORITÄT)
Description: {B91D5831-B1BD-4608-8198-D72E155020F7}

Error: (05/17/2016 10:18:42 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "Übermittlungsoptimierung" wurde nicht richtig gestartet.

Error: (05/17/2016 10:14:42 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "NetMsmqActivator" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (05/17/2016 10:14:42 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst NetMsmqActivator erreicht.

Error: (05/17/2016 10:14:27 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Bluetooth OBEX Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (05/17/2016 10:14:27 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Bluetooth OBEX Service erreicht.

Error: (05/17/2016 10:14:27 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Bluetooth Device Monitor" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (05/17/2016 10:14:27 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Bluetooth Device Monitor erreicht.

Error: (05/17/2016 10:14:02 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "NetTcpActivator" ist vom Dienst "NetTcpPortSharing" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1058


CodeIntegrity:
===================================
  Date: 2016-05-17 22:21:16.914
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-05-17 22:21:16.859
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-05-17 22:21:16.798
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-05-16 20:13:23.487
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-05-16 08:24:55.146
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-05-12 08:37:29.691
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\VanessaundUwe\AppData\Local\Temp\trutil.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-05-12 08:37:29.638
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\VanessaundUwe\AppData\Local\Temp\trutil.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-05-12 08:37:26.378
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\VanessaundUwe\AppData\Local\Temp\trutil.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-05-12 08:37:26.341
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\VanessaundUwe\AppData\Local\Temp\trutil.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-05-12 08:37:15.054
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\VanessaundUwe\AppData\Local\Temp\trutil.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Speicherinformationen =========================== 

Prozessor: Intel(R) Core(TM) i3-2350M CPU @ 2.30GHz
Prozentuale Nutzung des RAM: 53%
Installierter physikalischer RAM: 4001.87 MB
Verfügbarer physikalischer RAM: 1848.51 MB
Summe virtueller Speicher: 8097.87 MB
Verfügbarer virtueller Speicher: 5970.26 MB

==================== Laufwerke ================================

Drive c: (Boot) (Fixed) (Total:394.66 GB) (Free:91.65 GB) NTFS
Drive d: (Recover) (Fixed) (Total:70 GB) (Free:40.5 GB) NTFS

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 0DA1342C)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=394.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=70 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=1 GB) - (Type=12)

==================== Ende von Addition.txt ============================

BG Librarios

M-K-D-B · 17.05.2016, 22:18

Servus,

Schritt 1
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

start
CloseProcesses:
C:\Users\VanessaundUwe\AppData\Roaming\bionics-3
C:\Users\VanessaundUwe\AppData\Roaming\floating-38
C:\Users\VanessaundUwe\AppData\Roaming\circle-9
C:\Users\VanessaundUwe\AppData\Roaming\pfmea-6
C:\Users\VanessaundUwe\AppData\Roaming\median-50
EmptyTemp:
end

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Schritt 2
Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Schritt 3
Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Schritt 4

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

Schritt 5

Starte die FRST.exe erneut. Setze einen Haken vor Addition.txt und drücke auf Scan.
FRST erstellt nun zwei Logdateien (FRST.txt und Addition.txt).
Poste mir beide Logdateien mit deiner nächsten Antwort.

Bitte poste mit deiner nächsten Antwort

die Logdatei des FRST-Fix,
die Logdatei von AdwCleaner,
die Logdatei von MBAM,
die Logdatei von JRT,
die beiden neuen Logdateien von FRST.

Librarios · 18.05.2016, 11:46

Hallo Matthias,

anbei die neuen Logfiles:

Code:

ATTFilter

Entferungsergebnis von Farbar Recovery Scan Tool (x64) Version:14-05-2016
durchgeführt von VanessaundUwe (2016-05-18 11:05:18) Run:2
Gestartet von C:\Users\VanessaundUwe\Desktop
Geladene Profile: UpdatusUser & VanessaundUwe (Verfügbare Profile: UpdatusUser & VanessaundUwe)
Start-Modus: Normal
==============================================

fixlist Inhalt:
*****************
start
CloseProcesses:
C:\Users\VanessaundUwe\AppData\Roaming\bionics-3
C:\Users\VanessaundUwe\AppData\Roaming\floating-38
C:\Users\VanessaundUwe\AppData\Roaming\circle-9
C:\Users\VanessaundUwe\AppData\Roaming\pfmea-6
C:\Users\VanessaundUwe\AppData\Roaming\median-50
EmptyTemp:
end
*****************

Prozess erfolgreich geschlossen.
C:\Users\VanessaundUwe\AppData\Roaming\bionics-3 => erfolgreich verschoben
C:\Users\VanessaundUwe\AppData\Roaming\floating-38 => erfolgreich verschoben
C:\Users\VanessaundUwe\AppData\Roaming\circle-9 => erfolgreich verschoben
C:\Users\VanessaundUwe\AppData\Roaming\pfmea-6 => erfolgreich verschoben
C:\Users\VanessaundUwe\AppData\Roaming\median-50 => erfolgreich verschoben
EmptyTemp: => 16.2 MB temporäre Dateien entfernt.


Das System musste neu gestartet werden.

==== Ende von Fixlog 11:05:27 ====

Code:

ATTFilter

# AdwCleaner v5.117 - Bericht erstellt am 18/05/2016 um 11:21:12
# Aktualisiert am 15/05/2016 von Xplode
# Datenbank : 2016-05-15.2 [Server]
# Betriebssystem : Windows 10 Home  (X64)
# Benutzername : VanessaundUwe - ANUKET
# Gestartet von : C:\Users\VanessaundUwe\Desktop\AdwCleaner_5.117.exe
# Option : Löschen
# Unterstützung : hxxp://toolslib.net/forum

***** [ Dienste ] *****


***** [ Ordner ] *****


***** [ Dateien ] *****


***** [ DLLs ] *****


***** [ WMI ] *****


***** [ Verknüpfungen ] *****


***** [ Aufgabenplanung ] *****


***** [ Registrierungsdatenbank ] *****

[-] Schlüssel gelöscht : HKCU\Software\OCS

***** [ Internetbrowser ] *****

[-] [C:\Users\VanessaundUwe\AppData\Roaming\Mozilla\Firefox\Profiles\1llto6n5.default-1405673245214\prefs.js] gelöscht : user_pref("extensions.safesearch@avira.com.AUC_GUID", "86a595c9-1dfa-43c1-a410-76f804b8a881");
[-] [C:\Users\VanessaundUwe\AppData\Roaming\Mozilla\Firefox\Profiles\1llto6n5.default-1405673245214\prefs.js] gelöscht : user_pref("extensions.safesearch@avira.com.MP_DISTINCT_ID", "fa13bef7e57595e5b0547a8747ac55c50af6242f");
[-] [C:\Users\VanessaundUwe\AppData\Roaming\Mozilla\Firefox\Profiles\1llto6n5.default-1405673245214\prefs.js] gelöscht : user_pref("extensions.safesearch@avira.com.initialSettingsApplied", "true");
[-] [C:\Users\VanessaundUwe\AppData\Roaming\Mozilla\Firefox\Profiles\1llto6n5.default-1405673245214\prefs.js] gelöscht : user_pref("extensions.safesearch@avira.com.install", "1462831101438");
[-] [C:\Users\VanessaundUwe\AppData\Roaming\Mozilla\Firefox\Profiles\1llto6n5.default-1405673245214\prefs.js] gelöscht : user_pref("extensions.safesearch@avira.com.migration_1_2_1", true);
[-] [C:\Users\VanessaundUwe\AppData\Roaming\Mozilla\Firefox\Profiles\1llto6n5.default-1405673245214\prefs.js] gelöscht : user_pref("extensions.safesearch@avira.com.overrideNewTab", true);
[-] [C:\Users\VanessaundUwe\AppData\Roaming\Mozilla\Firefox\Profiles\1llto6n5.default-1405673245214\prefs.js] gelöscht : user_pref("extensions.safesearch@avira.com.prev_default_engine_name", "\"Google\"");
[-] [C:\Users\VanessaundUwe\AppData\Roaming\Mozilla\Firefox\Profiles\1llto6n5.default-1405673245214\prefs.js] gelöscht : user_pref("extensions.safesearch@avira.com.sdk.baseURI", "resource://safesearch-at-avira-dot-com/");
[-] [C:\Users\VanessaundUwe\AppData\Roaming\Mozilla\Firefox\Profiles\1llto6n5.default-1405673245214\prefs.js] gelöscht : user_pref("extensions.safesearch@avira.com.sdk.domain", "safesearch-at-avira-dot-com");
[-] [C:\Users\VanessaundUwe\AppData\Roaming\Mozilla\Firefox\Profiles\1llto6n5.default-1405673245214\prefs.js] gelöscht : user_pref("extensions.safesearch@avira.com.sdk.load.reason", "startup");
[-] [C:\Users\VanessaundUwe\AppData\Roaming\Mozilla\Firefox\Profiles\1llto6n5.default-1405673245214\prefs.js] gelöscht : user_pref("extensions.safesearch@avira.com.sdk.rootURI", "jar:file:///C:/Users/VanessaundUwe/AppData/Roaming/Mozilla/Firefox/Profiles/1llto6n5.default-1405673245214/extensions/safesearch@avira.com.xpi[...]
[-] [C:\Users\VanessaundUwe\AppData\Roaming\Mozilla\Firefox\Profiles\1llto6n5.default-1405673245214\prefs.js] gelöscht : user_pref("extensions.safesearch@avira.com.sdk.version", "1.4.0.332");

*************************

:: "Tracing" Schlüssel gelöscht
:: Proxy Einstellungen zurückgesetzt
:: Winsock Einstellungen zurückgesetzt
:: Internet Explorer Richtlinien gelöscht
:: Chrome Richtlinien gelöscht

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [8859 Bytes] - [09/05/2016 22:45:39]
C:\AdwCleaner\AdwCleaner[C2].txt - [3614 Bytes] - [18/05/2016 11:21:12]
C:\AdwCleaner\AdwCleaner[R0].txt - [19243 Bytes] - [18/07/2014 10:33:33]
C:\AdwCleaner\AdwCleaner[S0].txt - [16676 Bytes] - [18/07/2014 10:35:03]
C:\AdwCleaner\AdwCleaner[S1].txt - [9046 Bytes] - [09/05/2016 22:40:31]
C:\AdwCleaner\AdwCleaner[S2].txt - [3881 Bytes] - [18/05/2016 11:17:41]

########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [3981 Bytes] ##########

Code:

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlaufdatum: 18.05.2016
Suchlaufzeit: 11:34
Protokolldatei: mbam.txt
Administrator: Ja

Version: 2.2.1.1043
Malware-Datenbank: v2016.05.18.03
Rootkit-Datenbank: v2016.05.06.01
Lizenz: Kostenlose Version
Malware-Schutz: Deaktiviert
Schutz vor bösartigen Websites: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 10
CPU: x64
Dateisystem: NTFS
Benutzer: VanessaundUwe

Suchlauftyp: Bedrohungssuchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 352721
Abgelaufene Zeit: 45 Min., 26 Sek.

Speicher: Aktiviert
Start: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(keine bösartigen Elemente erkannt)

Module: 0
(keine bösartigen Elemente erkannt)

Registrierungsschlüssel: 0
(keine bösartigen Elemente erkannt)

Registrierungswerte: 0
(keine bösartigen Elemente erkannt)

Registrierungsdaten: 0
(keine bösartigen Elemente erkannt)

Ordner: 0
(keine bösartigen Elemente erkannt)

Dateien: 0
(keine bösartigen Elemente erkannt)

Physische Sektoren: 0
(keine bösartigen Elemente erkannt)


(end)

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.6 (04.25.2016)
Operating System: Windows 10 Home x64 
Ran by VanessaundUwe (Administrator) on 18.05.2016 at 12:26:25,60
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 0 


Deleted the following from C:\Users\VanessaundUwe\AppData\Roaming\Mozilla\Firefox\Profiles\1llto6n5.default-1405673245214\prefs.js
user_pref(browser.uiCustomization.state, {\placements\:{\PanelUI-contents\:[\edit-controls\,\zoom-controls\,\new-window-button\,\privatebrowsing-button\,\save-
user_pref(extensions.safesearch@avira.com.AUC_GUID, 260ce1fb-3817-4b1b-8e46-f64170e6a445);
user_pref(extensions.safesearch@avira.com.MP_DISTINCT_ID, 03724f8cfbd619c596f185736f9f7860ebdb195c);
user_pref(extensions.safesearch@avira.com.initialSettingsApplied, true);
user_pref(extensions.safesearch@avira.com.install, 1463563718695);
user_pref(extensions.safesearch@avira.com.migration_1_2_1, true);
user_pref(extensions.safesearch@avira.com.overrideNewTab, true);
user_pref(extensions.safesearch@avira.com.prev_default_engine_name, \Google\);
user_pref(extensions.safesearch@avira.com.sdk.baseURI, resource://safesearch-at-avira-dot-com/);
user_pref(extensions.safesearch@avira.com.sdk.domain, safesearch-at-avira-dot-com);
user_pref(extensions.safesearch@avira.com.sdk.load.reason, startup);
user_pref(extensions.safesearch@avira.com.sdk.rootURI, jar:file:///C:/Users/VanessaundUwe/AppData/Roaming/Mozilla/Firefox/Profiles/1llto6n5.default-1405673245214/extensions
user_pref(extensions.safesearch@avira.com.sdk.version, 1.4.0.332);
user_pref(extensions.xpiState, {\app-profile\:{\abs@avira.com\:{\d\:\C:\\\\Users\\\\VanessaundUwe\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\1llto6n5



Registry: 0 





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 18.05.2016 at 12:30:42,41
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Code:

ATTFilter

Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:14-05-2016
durchgeführt von VanessaundUwe (Administrator) auf ANUKET (18-05-2016 12:32:25)
Gestartet von C:\Users\VanessaundUwe\Desktop
Geladene Profile: UpdatusUser & VanessaundUwe (Verfügbare Profile: UpdatusUser & VanessaundUwe)
Platform: Windows 10 Home Version 1511 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: Edge)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
() C:\Windows\System32\FspService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler64.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe
(Wistron Corp.) C:\Program Files (x86)\Launch Manager\WisLMSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP OfficeJet 3830 series\Bin\HPNetworkCommunicatorCom.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_21_0_0_242.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_21_0_0_242.exe


==================== Registry (Nicht auf der Ausnahmeliste) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [fspuip] => C:\Program Files\FSP\fspuip.exe [6319440 2015-05-29] (Sentelic Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12681320 2011-08-26] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2277480 2011-08-16] (Realtek Semiconductor)
HKLM-x32\...\Run: [HotkeyApp] => C:\Program Files (x86)\Launch Manager\HotkeyApp.exe [207400 2011-08-06] (Wistron)
HKLM-x32\...\Run: [LMgrVolOSD] => C:\Program Files (x86)\Launch Manager\OSD.exe [348960 2011-08-06] (Wistron Corp.)
HKLM-x32\...\Run: [Wbutton] => C:\Program Files (x86)\Launch Manager\Wbutton.exe [447016 2011-08-13] (Wistron Corp.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [TrojanScanner] => C:\Program Files (x86)\Trojan Remover\Trjscan.exe [3753016 2016-05-12] (Simply Super Software)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2663113073-2047370837-3390539344-1000\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-2663113073-2047370837-3390539344-1000\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [517632 2015-10-30] (Microsoft Corporation)
HKU\S-1-5-21-2663113073-2047370837-3390539344-1001\...\Run: [Spotify Web Helper] => C:\Users\VanessaundUwe\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1525360 2016-04-27] (Spotify Ltd)
HKU\S-1-5-21-2663113073-2047370837-3390539344-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8698584 2016-04-15] (Piriform Ltd)
HKU\S-1-5-21-2663113073-2047370837-3390539344-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4471536 2015-05-21] (Disc Soft Ltd)
HKU\S-1-5-21-2663113073-2047370837-3390539344-1001\...\Run: [Spotify] => C:\Users\VanessaundUwe\AppData\Roaming\Spotify\Spotify.exe [6890608 2016-04-27] (Spotify Ltd)
HKU\S-1-5-21-2663113073-2047370837-3390539344-1001\...\Run: [HP OfficeJet 3830 series (NET)] => C:\Program Files\HP\HP OfficeJet 3830 series\Bin\ScanToPCActivationApp.exe [3651080 2015-03-09] (Hewlett-Packard Development Company, LP)
HKU\S-1-5-21-2663113073-2047370837-3390539344-1001\...\RunOnce: [Uninstall C:\Users\VanessaundUwe\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\VanessaundUwe\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64"
HKU\S-1-5-21-2663113073-2047370837-3390539344-1001\...\RunOnce: [Uninstall C:\Users\VanessaundUwe\AppData\Local\Microsoft\OneDrive\17.3.5892.0626] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\VanessaundUwe\AppData\Local\Microsoft\OneDrive\17.3.5892.0626"
HKU\S-1-5-21-2663113073-2047370837-3390539344-1001\...\RunOnce: [Uninstall C:\Users\VanessaundUwe\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\VanessaundUwe\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64"
HKU\S-1-5-21-2663113073-2047370837-3390539344-1001\...\RunOnce: [Uninstall C:\Users\VanessaundUwe\AppData\Local\Microsoft\OneDrive\17.3.6281.1202] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\VanessaundUwe\AppData\Local\Microsoft\OneDrive\17.3.6281.1202"
HKU\S-1-5-21-2663113073-2047370837-3390539344-1001\...\RunOnce: [Uninstall C:\Users\VanessaundUwe\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\VanessaundUwe\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64"
HKU\S-1-5-21-2663113073-2047370837-3390539344-1001\...\RunOnce: [Uninstall C:\Users\VanessaundUwe\AppData\Local\Microsoft\OneDrive\17.3.6301.0127] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\VanessaundUwe\AppData\Local\Microsoft\OneDrive\17.3.6301.0127"
HKU\S-1-5-21-2663113073-2047370837-3390539344-1001\...\Winlogon: [Shell] C:\ProgramData\hardness-79\hardness-27.exe -5,explorer.exe <==== ACHTUNG
HKU\S-1-5-21-2663113073-2047370837-3390539344-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [31744 2015-10-30] (Microsoft Corporation)
AppInit_DLLs: C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [176904 2015-07-23] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [155280 2015-07-23] (NVIDIA Corporation)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-04-25] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-04-25] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-04-25] (Google)
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} =>  Keine Datei
Startup: C:\Users\VanessaundUwe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk [2016-05-04]
ShortcutTarget: An OneNote senden.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Keine Datei)

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{8f5df9ee-db20-4d5f-824a-44184399e846}: [DhcpNameServer] 192.168.178.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.avira.net/#web/result?source=art&q=
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.avira.net/#web/result?source=art&q=
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.avira.net/#web/result?source=art&q=
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.avira.net/#web/result?source=art&q=
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://search.avira.net/#web/result?source=art&q=
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://search.avira.net/#web/result?source=art&q=
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://search.avira.net/#web/result?source=art&q=
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://search.avira.net/#web/result?source=art&q=
HKU\S-1-5-21-2663113073-2047370837-3390539344-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/
HKU\S-1-5-21-2663113073-2047370837-3390539344-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.avira.net/#web/result?source=art&q=
HKU\S-1-5-21-2663113073-2047370837-3390539344-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://search.avira.net/#web/result?source=art&q=
HKU\S-1-5-21-2663113073-2047370837-3390539344-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://search.avira.net/#web/result?source=art&q=
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope Wert fehlt
SearchScopes: HKU\S-1-5-21-2663113073-2047370837-3390539344-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Kaspersky Protection plugin -> {C66D064F-82FE-4E1A-B06A-B2490BA48B18} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\x64\IEExt\ie_plugin.dll [2015-12-08] (AO Kaspersky Lab)
BHO: Kein Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> Keine Datei
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-23] (Oracle Corporation)
BHO-x32: Kaspersky Protection plugin -> {C66D064F-82FE-4E1A-B06A-B2490BA48B18} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\IEExt\ie_plugin.dll [2015-12-08] (AO Kaspersky Lab)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-23] (Oracle Corporation)
Toolbar: HKLM - Kaspersky Protection toolbar - {3507FA00-ADA2-4A02-99B9-51AD26CA9120} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\x64\IEExt\ie_plugin.dll [2015-12-08] (AO Kaspersky Lab)
Toolbar: HKLM-x32 - Kaspersky Protection toolbar - {3507FA00-ADA2-4A02-99B9-51AD26CA9120} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\IEExt\ie_plugin.dll [2015-12-08] (AO Kaspersky Lab)

FireFox:
========
FF ProfilePath: C:\Users\VanessaundUwe\AppData\Roaming\Mozilla\Firefox\Profiles\1llto6n5.default-1405673245214
FF Homepage: hxxp://www.google.de
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_21_0_0_242.dll [2016-05-12] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [Keine Datei]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_242.dll [2016-05-12] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-23] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-23] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-14] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-14] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2011-10-17] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2011-10-17] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.1 -> C:\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-05-03] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll [Keine Datei]
FF Plugin HKU\S-1-5-21-2663113073-2047370837-3390539344-1001: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [Keine Datei]
FF Extension: Ebay Toolbar - C:\Users\VanessaundUwe\AppData\Roaming\Mozilla\Firefox\Profiles\1llto6n5.default-1405673245214\extensions\FFEbayShoppingToolbar@wangtom.com [2015-07-22]
FF Extension: Kaspersky Protection - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\FFExt\light_plugin_firefox [2016-04-28]
FF Extension: Avira Browser Safety - C:\Users\VanessaundUwe\AppData\Roaming\Mozilla\Firefox\Profiles\1llto6n5.default-1405673245214\Extensions\abs@avira.com [2016-05-13]
FF Extension: ADB Helper - C:\Users\VanessaundUwe\AppData\Roaming\Mozilla\Firefox\Profiles\1llto6n5.default-1405673245214\Extensions\adbhelper@mozilla.org [2016-02-06]
FF Extension: Pin It button - C:\Users\VanessaundUwe\AppData\Roaming\Mozilla\Firefox\Profiles\1llto6n5.default-1405673245214\Extensions\jid1-YcMV6ngYmQRA2w@jetpack.xpi [2016-01-07]
FF Extension: OmniSidebar - C:\Users\VanessaundUwe\AppData\Roaming\Mozilla\Firefox\Profiles\1llto6n5.default-1405673245214\Extensions\osb@quicksaver.xpi [2016-03-01]
FF Extension: Avira SafeSearch - C:\Users\VanessaundUwe\AppData\Roaming\Mozilla\Firefox\Profiles\1llto6n5.default-1405673245214\Extensions\safesearch@avira.com.xpi [2016-02-25]
FF Extension: eBay for Firefox - C:\Users\VanessaundUwe\AppData\Roaming\Mozilla\Firefox\Profiles\1llto6n5.default-1405673245214\Extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}.xpi [2016-05-03]
FF Extension: ColorZilla - C:\Users\VanessaundUwe\AppData\Roaming\Mozilla\Firefox\Profiles\1llto6n5.default-1405673245214\Extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326} [2015-09-05]
FF Extension: Video DownloadHelper - C:\Users\VanessaundUwe\AppData\Roaming\Mozilla\Firefox\Profiles\1llto6n5.default-1405673245214\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2016-05-09]
FF Extension: web_clipper - C:\Users\VanessaundUwe\AppData\Roaming\Mozilla\Firefox\Profiles\1llto6n5.default-1405673245214\Extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}.xpi [2016-04-27]
FF HKLM-x32\...\Firefox\Extensions: [light_plugin_D772DC8D6FAF43A29B25C4EBAA5AD1DE@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\FFExt\light_plugin_firefox

Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [eahebamiopdhefndnmappcihfajigkka] - hxxps://chrome.google.com/webstore/detail/eahebamiopdhefndnmappcihfajigkka
CHR HKLM-x32\...\Chrome\Extension: [eahebamiopdhefndnmappcihfajigkka] - hxxps://chrome.google.com/webstore/detail/eahebamiopdhefndnmappcihfajigkka

==================== Dienste (Nicht auf der Ausnahmeliste) ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2021592 2016-04-05] (Adobe Systems, Incorporated)
S2 AVP16.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\avp.exe [194000 2015-12-08] (Kaspersky Lab ZAO)
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1272560 2015-05-21] (Disc Soft Ltd)
R2 FspSvc; C:\Windows\System32\FspService.exe [2178896 2015-05-29] ()
R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [754784 2016-01-08] (DEVGURU Co., LTD.)
S3 vssbrigde64; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\x64\vssbridge64.exe [144640 2015-07-09] (AO Kaspersky Lab)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
R3 WisLMSvc; C:\Program Files (x86)\Launch Manager\WisLMSvc.exe [118560 2011-08-06] (Wistron Corp.)

===================== Treiber (Nicht auf der Ausnahmeliste) ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S3 btmaux; C:\Windows\System32\DRIVERS\btmaux.sys [51712 2011-03-08] (Intel Corporation) [Datei ist nicht signiert]
S3 btmhsf; C:\Windows\System32\DRIVERS\btmhsf.sys [274944 2011-03-08] (Intel Corporation) [Datei ist nicht signiert]
R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [389816 2015-07-06] (Kaspersky Lab ZAO)
R3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30264 2015-05-30] (Disc Soft Ltd)
R3 fspad_win764; C:\Windows\system32\DRIVERS\fspad_win764.sys [209232 2015-05-29] (Sentelic Corporation)
S3 iBtFltCoex; C:\Windows\System32\DRIVERS\iBtFltCoex.sys [59904 2011-03-23] (Intel Corporation) [Datei ist nicht signiert]
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [478392 2015-06-22] (Kaspersky Lab ZAO)
R0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [53432 2015-06-06] (Kaspersky Lab ZAO)
R1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [70512 2015-06-27] (Kaspersky Lab ZAO)
R2 kldisk; C:\Windows\system32\DRIVERS\kldisk.sys [77728 2016-04-28] (AO Kaspersky Lab)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [30328 2015-06-24] (Kaspersky Lab)
R3 klflt; C:\Windows\system32\DRIVERS\klflt.sys [181640 2015-12-08] (AO Kaspersky Lab)
R1 klhk; C:\Windows\system32\DRIVERS\klhk.sys [227512 2015-12-08] (AO Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [927640 2016-04-28] (AO Kaspersky Lab)
R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [39608 2015-06-11] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [41656 2015-06-06] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [41656 2015-06-07] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [41352 2015-12-08] (AO Kaspersky Lab)
R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [87944 2015-12-08] (Kaspersky Lab ZAO)
R1 Klwtp; C:\Windows\system32\DRIVERS\klwtp.sys [102584 2015-06-16] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [187056 2015-06-23] (Kaspersky Lab ZAO)
R3 ptun0901; C:\Windows\System32\drivers\ptun0901.sys [27136 2014-08-08] (The OpenVPN Project)
R3 RTSUER; C:\Windows\system32\Drivers\RtsUer.sys [402960 2015-05-14] (Realsil Semiconductor Corporation)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-06-21] (Anchorfree Inc.)
S3 tapoas; C:\Windows\System32\DRIVERS\tapoas.sys [30720 2012-07-15] (The OpenVPN Project)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
R2 WiseFS; C:\Windows\WiseFs64.sys [12328 2014-12-19] (WiseCleaner.com) [Datei ist nicht signiert]
U3 idsvc; kein ImagePath
U4 klkbdflt2; \SystemRoot\system32\DRIVERS\klkbdflt2.sys [X]
U3 wpcsvc; kein ImagePath

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-05-18 12:30 - 2016-05-18 12:30 - 00002061 _____ C:\Users\VanessaundUwe\Desktop\JRT.txt
2016-05-18 12:23 - 2016-05-18 12:23 - 01610816 _____ (Malwarebytes) C:\Users\VanessaundUwe\Desktop\JRT.exe
2016-05-18 12:23 - 2016-05-18 12:23 - 00001204 _____ C:\Users\VanessaundUwe\Desktop\mbam.txt
2016-05-18 11:29 - 2016-05-18 11:30 - 22851472 _____ (Malwarebytes ) C:\Users\VanessaundUwe\Desktop\mbam-setup-2.2.1.1043.exe
2016-05-18 11:14 - 2016-05-18 11:14 - 03651136 _____ C:\Users\VanessaundUwe\Desktop\AdwCleaner_5.117.exe
2016-05-18 10:50 - 2016-05-18 11:01 - 00652123 _____ C:\Users\VanessaundUwe\Downloads\Kultur ab Januar 2015.ods
2016-05-18 10:37 - 2016-05-18 10:37 - 00000000 ____D C:\Users\Public\Documents\sun
2016-05-18 10:20 - 2016-05-18 10:25 - 41334088 _____ C:\Users\VanessaundUwe\Downloads\Freundin_-_18_Mai_2016.pdf
2016-05-17 22:16 - 2016-05-17 22:16 - 00000000 ___HD C:\OneDriveTemp
2016-05-17 22:11 - 2016-05-17 22:11 - 00310784 _____ C:\Users\VanessaundUwe\Desktop\SpyHunterCleaner-reboot.exe
2016-05-17 22:10 - 2016-05-17 22:10 - 00508928 _____ C:\Users\VanessaundUwe\Desktop\SpyHunterCleaner.exe
2016-05-17 22:03 - 2016-05-18 11:05 - 00001247 _____ C:\Users\VanessaundUwe\Desktop\Fixlog.txt
2016-05-17 20:36 - 2016-05-17 20:36 - 00001132 _____ C:\Users\Public\Desktop\OpenOffice 4.1.2.lnk
2016-05-17 20:36 - 2016-05-17 20:36 - 00000000 ___SD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.2
2016-05-17 20:35 - 2016-05-17 20:35 - 00000000 ____D C:\Program Files (x86)\OpenOffice 4
2016-05-17 20:32 - 2016-05-17 20:33 - 00000000 ____D C:\Users\VanessaundUwe\Desktop\OpenOffice 4.1.2 (de) Installation Files
2016-05-17 16:20 - 2016-05-17 16:21 - 00000352 _____ C:\Users\VanessaundUwe\Desktop\Einkaufen.txt
2016-05-17 16:14 - 2016-05-17 16:16 - 164803434 _____ C:\Users\VanessaundUwe\Downloads\Apache_OpenOffice_4.1.2_Win_x86_install_de.exe
2016-05-17 15:53 - 2016-05-17 15:56 - 29304579 _____ C:\Users\VanessaundUwe\Downloads\Romantic Homes - June 2016.pdf
2016-05-17 14:46 - 2016-05-17 14:50 - 36147071 _____ C:\Users\VanessaundUwe\Downloads\Self - June 2016.pdf
2016-05-17 14:00 - 2016-05-17 14:00 - 00279624 _____ C:\Users\VanessaundUwe\Desktop\TDSSKiller.txt
2016-05-17 13:48 - 2016-05-17 13:57 - 00279624 _____ C:\TDSSKiller.3.1.0.9_17.05.2016_13.48.45_log.txt
2016-05-17 13:47 - 2016-05-17 13:47 - 04727984 _____ (Kaspersky Lab ZAO) C:\Users\VanessaundUwe\Desktop\tdsskiller.exe
2016-05-17 13:43 - 2016-05-17 22:25 - 00045371 _____ C:\Users\VanessaundUwe\Desktop\Addition.txt
2016-05-17 13:40 - 2016-05-18 12:34 - 00022262 _____ C:\Users\VanessaundUwe\Desktop\FRST.txt
2016-05-17 13:38 - 2016-05-17 13:40 - 21043711 _____ C:\Users\VanessaundUwe\Downloads\Clean Eating - June 2016.pdf
2016-05-17 07:48 - 2016-05-17 08:07 - 89593854 _____ C:\Users\VanessaundUwe\Downloads\Vegetarian Times - June 2016.pdf
2016-05-16 09:01 - 2016-05-16 09:02 - 02382336 _____ (Farbar) C:\Users\VanessaundUwe\Desktop\FRST64.exe
2016-05-12 09:38 - 2016-05-12 09:38 - 00005012 _____ C:\Users\VanessaundUwe\Documents\cc_20160512_093824.reg
2016-05-12 08:25 - 2016-05-12 08:27 - 00000000 ____D C:\Program Files (x86)\Trojan Remover
2016-05-12 08:25 - 2016-05-12 08:25 - 00001216 _____ C:\Users\Public\Desktop\Trojan Remover.lnk
2016-05-12 08:25 - 2016-05-12 08:25 - 00000000 ____D C:\Users\VanessaundUwe\Documents\Simply Super Software
2016-05-12 08:25 - 2016-05-12 08:25 - 00000000 ____D C:\Users\VanessaundUwe\AppData\Roaming\Simply Super Software
2016-05-12 08:25 - 2016-05-12 08:25 - 00000000 ____D C:\ProgramData\Simply Super Software
2016-05-12 08:25 - 2016-05-12 08:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover
2016-05-11 13:10 - 2016-04-23 06:28 - 16984576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-05-11 13:10 - 2016-04-23 06:26 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosStorage.dll
2016-05-11 13:10 - 2016-04-23 06:25 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll
2016-05-11 13:10 - 2016-04-23 06:22 - 00460800 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2016-05-11 13:10 - 2016-04-23 06:19 - 01056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2016-05-11 13:10 - 2016-04-23 06:19 - 00853504 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2016-05-11 13:10 - 2016-04-23 06:18 - 00349696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2016-05-11 13:10 - 2016-04-23 06:16 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2016-05-11 13:10 - 2016-04-23 06:13 - 07200256 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2016-05-11 13:10 - 2016-04-23 06:07 - 05205504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2016-05-11 13:09 - 2016-04-23 07:09 - 22561256 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-05-11 13:09 - 2016-04-23 07:09 - 21123320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-05-11 13:09 - 2016-04-23 07:08 - 06605504 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2016-05-11 13:09 - 2016-04-23 06:31 - 13018112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-05-11 13:09 - 2016-04-23 06:30 - 22379008 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-05-11 13:09 - 2016-04-23 06:23 - 11545088 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-05-11 13:09 - 2016-04-23 06:22 - 09918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-05-11 13:09 - 2016-04-23 06:20 - 19344384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-05-11 13:09 - 2016-04-23 06:20 - 18676224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-05-11 13:09 - 2016-04-23 06:19 - 07977472 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2016-05-11 13:09 - 2016-04-23 06:19 - 00970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2016-05-11 13:09 - 2016-04-23 06:19 - 00440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
2016-05-11 13:09 - 2016-04-23 06:18 - 24604672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-05-11 13:09 - 2016-04-23 06:18 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2016-05-11 13:09 - 2016-04-23 06:18 - 00939520 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2016-05-11 13:09 - 2016-04-23 06:18 - 00870400 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2016-05-11 13:09 - 2016-04-23 06:15 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2016-05-11 13:09 - 2016-04-23 06:15 - 00784896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
2016-05-11 13:09 - 2016-04-23 06:15 - 00348672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll
2016-05-11 13:09 - 2016-04-23 06:14 - 13383168 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-05-11 13:09 - 2016-04-23 06:14 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2016-05-11 13:09 - 2016-04-23 06:13 - 06295552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2016-05-11 13:09 - 2016-04-23 06:06 - 06974464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-05-11 13:09 - 2016-04-23 06:02 - 07832576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-05-11 13:08 - 2016-04-30 08:42 - 01387520 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-05-11 13:08 - 2016-04-30 08:31 - 03591168 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-05-11 13:08 - 2016-04-23 08:12 - 01401024 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-05-11 13:08 - 2016-04-23 08:12 - 01184960 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-05-11 13:08 - 2016-04-23 08:12 - 00713920 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2016-05-11 13:08 - 2016-04-23 08:12 - 00514752 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-05-11 13:08 - 2016-04-23 08:12 - 00294592 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-05-11 13:08 - 2016-04-23 08:12 - 00190144 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2016-05-11 13:08 - 2016-04-23 08:12 - 00046784 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2016-05-11 13:08 - 2016-04-23 07:28 - 01557768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2016-05-11 13:08 - 2016-04-23 07:28 - 01542816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2016-05-11 13:08 - 2016-04-23 07:24 - 07474528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-05-11 13:08 - 2016-04-23 07:24 - 01997328 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2016-05-11 13:08 - 2016-04-23 07:24 - 01819208 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-05-11 13:08 - 2016-04-23 07:24 - 00754664 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2016-05-11 13:08 - 2016-04-23 07:12 - 00925064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2016-05-11 13:08 - 2016-04-23 07:12 - 00451928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll
2016-05-11 13:08 - 2016-04-23 07:12 - 00413536 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifitask.exe
2016-05-11 13:08 - 2016-04-23 07:11 - 01092464 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2016-05-11 13:08 - 2016-04-23 07:11 - 00498960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2016-05-11 13:08 - 2016-04-23 07:10 - 03673424 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-05-11 13:08 - 2016-04-23 07:10 - 02919832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-05-11 13:08 - 2016-04-23 07:09 - 05240960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2016-05-11 13:08 - 2016-04-23 07:09 - 04074160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2016-05-11 13:08 - 2016-04-23 07:09 - 00303216 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe
2016-05-11 13:08 - 2016-04-23 07:09 - 00255168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe
2016-05-11 13:08 - 2016-04-23 07:08 - 04515256 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2016-05-11 13:08 - 2016-04-23 07:01 - 01996640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-05-11 13:08 - 2016-04-23 07:01 - 00650304 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2016-05-11 13:08 - 2016-04-23 07:01 - 00577368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-05-11 13:08 - 2016-04-23 07:01 - 00522176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2016-05-11 13:08 - 2016-04-23 07:00 - 01372304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2016-05-11 13:08 - 2016-04-23 06:39 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsCSP.dll
2016-05-11 13:08 - 2016-04-23 06:32 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapsupdatetask.dll
2016-05-11 13:08 - 2016-04-23 06:31 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll
2016-05-11 13:08 - 2016-04-23 06:30 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2016-05-11 13:08 - 2016-04-23 06:29 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll
2016-05-11 13:08 - 2016-04-23 06:26 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2016-05-11 13:08 - 2016-04-23 06:24 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2016-05-11 13:08 - 2016-04-23 06:21 - 00314880 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
2016-05-11 13:08 - 2016-04-23 06:20 - 00606720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2016-05-11 13:08 - 2016-04-23 06:18 - 00804352 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2016-05-11 13:08 - 2016-04-23 06:18 - 00605184 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2016-05-11 13:08 - 2016-04-23 06:18 - 00585728 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2016-05-11 13:08 - 2016-04-23 06:18 - 00471552 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2016-05-11 13:08 - 2016-04-23 06:17 - 01213440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2016-05-11 13:08 - 2016-04-23 06:17 - 00529920 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2016-05-11 13:08 - 2016-04-23 06:16 - 01319424 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2016-05-11 13:08 - 2016-04-23 06:16 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2016-05-11 13:08 - 2016-04-23 06:15 - 01073152 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2016-05-11 13:08 - 2016-04-23 06:15 - 00865792 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2016-05-11 13:08 - 2016-04-23 06:15 - 00673280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2016-05-11 13:08 - 2016-04-23 06:14 - 00870912 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2016-05-11 13:08 - 2016-04-23 06:14 - 00821760 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2016-05-11 13:08 - 2016-04-23 06:14 - 00647680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2016-05-11 13:08 - 2016-04-23 06:14 - 00354304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
2016-05-11 13:08 - 2016-04-23 06:13 - 00705536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2016-05-11 13:08 - 2016-04-23 06:13 - 00489984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2016-05-11 13:08 - 2016-04-23 06:13 - 00434688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2016-05-11 13:08 - 2016-04-23 06:10 - 12125696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-05-11 13:08 - 2016-04-23 06:10 - 00639488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2016-05-11 13:08 - 2016-04-23 06:09 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-05-11 13:08 - 2016-04-23 06:09 - 02582016 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2016-05-11 13:08 - 2016-04-23 06:08 - 05324288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2016-05-11 13:08 - 2016-04-23 06:08 - 02061824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2016-05-11 13:08 - 2016-04-23 06:07 - 02598912 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2016-05-11 13:08 - 2016-04-23 06:07 - 01500160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-05-11 13:08 - 2016-04-23 06:05 - 05502976 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2016-05-11 13:08 - 2016-04-23 06:05 - 02166784 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-05-11 13:08 - 2016-04-23 06:05 - 02066432 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2016-05-11 13:08 - 2016-04-23 06:05 - 01946112 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2016-05-11 13:08 - 2016-04-23 06:05 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2016-05-11 13:08 - 2016-04-23 06:05 - 00613376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
2016-05-11 13:08 - 2016-04-23 06:04 - 04759040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2016-05-11 13:08 - 2016-04-23 06:04 - 01731072 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-05-11 13:08 - 2016-04-23 06:03 - 05660160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-05-11 13:08 - 2016-04-23 06:03 - 04894208 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-05-11 13:08 - 2016-04-23 06:03 - 02280960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-05-11 13:08 - 2016-04-23 06:03 - 02000896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2016-05-11 13:08 - 2016-04-23 06:03 - 00754176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2016-05-11 13:08 - 2016-04-23 06:02 - 02444288 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2016-05-11 13:08 - 2016-04-23 06:00 - 01390080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-05-11 13:08 - 2016-04-23 06:00 - 00984576 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2016-05-11 13:07 - 2016-05-06 06:53 - 00095072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdport.sys
2016-05-11 13:07 - 2016-05-06 06:05 - 00241664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll
2016-05-11 13:07 - 2016-05-06 06:03 - 00649216 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2016-05-11 13:07 - 2016-05-06 05:53 - 00351232 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnr.dll
2016-05-11 13:07 - 2016-05-06 05:49 - 00289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnrSvc.dll
2016-05-11 13:07 - 2016-05-06 05:44 - 00582656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngccredprov.dll
2016-05-11 13:07 - 2016-05-06 05:43 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll
2016-05-11 13:07 - 2016-05-06 05:23 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcpopkeysrv.dll
2016-05-11 13:07 - 2016-04-23 08:12 - 00092352 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-05-11 13:07 - 2016-04-23 07:26 - 00707608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2016-05-11 13:07 - 2016-04-23 07:24 - 00638816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2016-05-11 13:07 - 2016-04-23 07:24 - 00335712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
2016-05-11 13:07 - 2016-04-23 07:24 - 00099680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2016-05-11 13:07 - 2016-04-23 07:22 - 01161120 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2016-05-11 13:07 - 2016-04-23 07:18 - 00026408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2016-05-11 13:07 - 2016-04-23 07:13 - 00502104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2016-05-11 13:07 - 2016-04-23 07:13 - 00306832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanapi.dll
2016-05-11 13:07 - 2016-04-23 07:13 - 00084832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2016-05-11 13:07 - 2016-04-23 07:11 - 00696672 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2016-05-11 13:07 - 2016-04-23 07:11 - 00390496 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll
2016-05-11 13:07 - 2016-04-23 07:11 - 00131424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ufxsynopsys.sys
2016-05-11 13:07 - 2016-04-23 07:11 - 00115040 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2016-05-11 13:07 - 2016-04-23 07:10 - 00330072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2016-05-11 13:07 - 2016-04-23 07:09 - 00569744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll
2016-05-11 13:07 - 2016-04-23 07:09 - 00565600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2016-05-11 13:07 - 2016-04-23 07:09 - 00465760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2016-05-11 13:07 - 2016-04-23 07:08 - 00725776 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll
2016-05-11 13:07 - 2016-04-23 07:07 - 01848072 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2016-05-11 13:07 - 2016-04-23 07:07 - 01536088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2016-05-11 13:07 - 2016-04-23 07:07 - 00204048 _____ (Microsoft Corporation) C:\WINDOWS\system32\rsaenh.dll
2016-05-11 13:07 - 2016-04-23 07:07 - 00183904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rsaenh.dll
2016-05-11 13:07 - 2016-04-23 07:06 - 00291360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininit.exe
2016-05-11 13:07 - 2016-04-23 07:02 - 00188256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2016-05-11 13:07 - 2016-04-23 07:01 - 00619296 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10level9.dll
2016-05-11 13:07 - 2016-04-23 07:01 - 00513368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10level9.dll
2016-05-11 13:07 - 2016-04-23 07:01 - 00393568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2016-05-11 13:07 - 2016-04-23 07:01 - 00217440 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2016-05-11 13:07 - 2016-04-23 07:00 - 01776768 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2016-05-11 13:07 - 2016-04-23 07:00 - 01594920 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2016-05-11 13:07 - 2016-04-23 07:00 - 01522152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2016-05-11 13:07 - 2016-04-23 07:00 - 01399224 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2016-05-11 13:07 - 2016-04-23 07:00 - 01337240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2016-05-11 13:07 - 2016-04-23 07:00 - 00550656 _____ (Microsoft Corporation) C:\WINDOWS\system32\directmanipulation.dll
2016-05-11 13:07 - 2016-04-23 07:00 - 00453472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\directmanipulation.dll
2016-05-11 13:07 - 2016-04-23 07:00 - 00058208 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwminit.dll
2016-05-11 13:07 - 2016-04-23 06:56 - 00534872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2016-05-11 13:07 - 2016-04-23 06:35 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosHostClient.dll
2016-05-11 13:07 - 2016-04-23 06:34 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbser.sys
2016-05-11 13:07 - 2016-04-23 06:34 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\hmkd.dll
2016-05-11 13:07 - 2016-04-23 06:34 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2016-05-11 13:07 - 2016-04-23 06:33 - 00089600 _____ (Microsoft Corporation) C:\WINDOWS\system32\NFCProvisioningPlugin.dll
2016-05-11 13:07 - 2016-04-23 06:33 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshbth.dll
2016-05-11 13:07 - 2016-04-23 06:33 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmCx.sys
2016-05-11 13:07 - 2016-04-23 06:33 - 00038400 _____ (Microsoft Corporation) C:\WINDOWS\system32\ByteCodeGenerator.exe
2016-05-11 13:07 - 2016-04-23 06:32 - 00134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wificonnapi.dll
2016-05-11 13:07 - 2016-04-23 06:32 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseDesktopAppMgmtCSP.dll
2016-05-11 13:07 - 2016-04-23 06:30 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosHostClient.dll
2016-05-11 13:07 - 2016-04-23 06:29 - 00192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
2016-05-11 13:07 - 2016-04-23 06:29 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll
2016-05-11 13:07 - 2016-04-23 06:29 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\filecrypt.sys
2016-05-11 13:07 - 2016-04-23 06:29 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe
2016-05-11 13:07 - 2016-04-23 06:29 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hmkd.dll
2016-05-11 13:07 - 2016-04-23 06:29 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ByteCodeGenerator.exe
2016-05-11 13:07 - 2016-04-23 06:29 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2016-05-11 13:07 - 2016-04-23 06:28 - 00130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudDomainJoinDataModelServer.dll
2016-05-11 13:07 - 2016-04-23 06:28 - 00127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEDataLayerHelpers.dll
2016-05-11 13:07 - 2016-04-23 06:28 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll
2016-05-11 13:07 - 2016-04-23 06:28 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2016-05-11 13:07 - 2016-04-23 06:28 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshbth.dll
2016-05-11 13:07 - 2016-04-23 06:27 - 00155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidclass.sys
2016-05-11 13:07 - 2016-04-23 06:27 - 00039424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wfdprov.dll
2016-05-11 13:07 - 2016-04-23 06:26 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdbusenum.dll
2016-05-11 13:07 - 2016-04-23 06:25 - 00630784 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll
2016-05-11 13:07 - 2016-04-23 06:25 - 00617984 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2016-05-11 13:07 - 2016-04-23 06:25 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2016-05-11 13:07 - 2016-04-23 06:25 - 00207360 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2016-05-11 13:07 - 2016-04-23 06:24 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-05-11 13:07 - 2016-04-23 06:24 - 00292864 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2016-05-11 13:07 - 2016-04-23 06:24 - 00287232 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll
2016-05-11 13:07 - 2016-04-23 06:24 - 00181248 _____ (Microsoft Corporation) C:\WINDOWS\system32\shacct.dll
2016-05-11 13:07 - 2016-04-23 06:24 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\SubscriptionMgr.dll
2016-05-11 13:07 - 2016-04-23 06:24 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEDataLayerHelpers.dll
2016-05-11 13:07 - 2016-04-23 06:23 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2016-05-11 13:07 - 2016-04-23 06:23 - 00279040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ListSvc.dll
2016-05-11 13:07 - 2016-04-23 06:23 - 00179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\BrowserSettingSync.dll
2016-05-11 13:07 - 2016-04-23 06:23 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BluetoothApis.dll
2016-05-11 13:07 - 2016-04-23 06:22 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll
2016-05-11 13:07 - 2016-04-23 06:21 - 00479232 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2016-05-11 13:07 - 2016-04-23 06:20 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2016-05-11 13:07 - 2016-04-23 06:20 - 00484352 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataSenseHandlers.dll
2016-05-11 13:07 - 2016-04-23 06:20 - 00356864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2016-05-11 13:07 - 2016-04-23 06:20 - 00307200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2016-05-11 13:07 - 2016-04-23 06:20 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shacct.dll
2016-05-11 13:07 - 2016-04-23 06:19 - 00395264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlansec.dll
2016-05-11 13:07 - 2016-04-23 06:19 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BrowserSettingSync.dll
2016-05-11 13:07 - 2016-04-23 06:18 - 00988672 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2016-05-11 13:07 - 2016-04-23 06:18 - 00515072 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2016-05-11 13:07 - 2016-04-23 06:18 - 00436736 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2016-05-11 13:07 - 2016-04-23 06:18 - 00219648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2016-05-11 13:07 - 2016-04-23 06:17 - 00388608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2016-05-11 13:07 - 2016-04-23 06:17 - 00337920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanmsm.dll
2016-05-11 13:07 - 2016-04-23 06:15 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2016-05-11 13:07 - 2016-04-23 06:14 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2016-05-11 13:07 - 2016-04-23 06:14 - 00342528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2016-05-11 13:07 - 2016-04-23 06:12 - 00667648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2016-05-11 13:07 - 2016-04-23 06:07 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2016-05-11 13:07 - 2016-04-23 06:05 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2016-05-11 13:07 - 2016-04-23 06:05 - 00103936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2016-05-11 13:07 - 2016-04-23 06:03 - 02193408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2016-05-11 13:07 - 2016-04-23 06:03 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll
2016-05-11 13:07 - 2016-04-23 06:01 - 04775424 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2016-05-11 13:07 - 2016-04-23 05:45 - 00461824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2016-05-11 13:07 - 2016-04-23 04:10 - 00215040 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2016-05-11 13:07 - 2016-04-23 04:10 - 00002186 _____ C:\WINDOWS\system32\AppxProvisioning.xml
2016-05-11 13:07 - 2016-04-19 00:30 - 00002186 _____ C:\WINDOWS\SysWOW64\AppxProvisioning.xml
2016-05-10 00:01 - 2016-05-18 12:32 - 00000000 ____D C:\FRST
2016-05-09 22:54 - 2016-05-18 11:34 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-05-09 22:54 - 2016-05-18 11:33 - 00001179 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2016-05-09 22:54 - 2016-05-18 11:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2016-05-09 22:54 - 2016-05-18 11:33 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2016-05-09 22:54 - 2016-05-09 22:54 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-05-09 22:54 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-05-09 22:54 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-05-09 22:54 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-05-07 10:44 - 2016-05-07 10:44 - 00000000 ____D C:\Users\VanessaundUwe\AppData\Roaming\dvdcss
2016-05-06 17:29 - 2016-05-09 10:43 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-05-03 13:33 - 2016-05-03 13:33 - 00007698 _____ C:\Users\VanessaundUwe\Documents\cc_20160503_133300.reg
2016-04-28 09:48 - 2016-04-28 09:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Anti-Virus
2016-04-28 09:47 - 2013-05-06 08:13 - 00110176 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\klfphc.dll
2016-04-28 09:46 - 2016-05-18 11:25 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2016-04-28 09:46 - 2016-04-28 10:01 - 00927640 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klif.sys
2016-04-28 09:46 - 2016-04-28 09:46 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab
2016-04-28 09:46 - 2015-12-08 21:34 - 00227512 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klhk.sys
2016-04-28 09:46 - 2015-12-08 21:34 - 00181640 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klflt.sys
2016-04-24 12:32 - 2016-04-24 12:36 - 00000000 ____D C:\Users\VanessaundUwe\Desktop\Fotos bearbeitet
2016-04-20 23:23 - 2016-04-20 23:23 - 00051038 _____ C:\Users\VanessaundUwe\Documents\cc_20160420_232306.reg

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-05-18 12:27 - 2015-10-06 17:37 - 00000000 ___RD C:\Users\VanessaundUwe\OneDrive
2016-05-18 12:02 - 2016-01-12 00:55 - 00004170 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{988C203C-45F5-47BA-B287-812777036600}
2016-05-18 11:38 - 2012-05-19 17:55 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-05-18 11:38 - 2012-05-18 21:32 - 00001132 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-05-18 11:32 - 2014-07-24 12:50 - 00000000 ____D C:\Users\VanessaundUwe\AppData\Roaming\Spotify
2016-05-18 11:27 - 2014-07-24 12:52 - 00000000 ____D C:\Users\VanessaundUwe\AppData\Local\Spotify
2016-05-18 11:23 - 2015-12-22 17:00 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-05-18 11:23 - 2015-12-22 16:27 - 00000000 ____D C:\ProgramData\NVIDIA
2016-05-18 11:23 - 2015-10-30 08:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2016-05-18 11:21 - 2014-07-18 10:33 - 00000000 ____D C:\AdwCleaner
2016-05-17 21:39 - 2015-12-22 16:20 - 05109024 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-05-17 21:38 - 2015-12-22 16:33 - 00000000 ____D C:\Users\UpdatusUser
2016-05-17 21:37 - 2015-12-22 16:33 - 00000000 ____D C:\Users\VanessaundUwe
2016-05-17 18:22 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-05-17 18:17 - 2015-10-30 09:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-05-17 15:13 - 2011-10-28 14:33 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2016-05-17 15:12 - 2015-10-30 09:24 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-05-17 15:12 - 2015-10-30 09:24 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-05-17 15:08 - 2016-03-22 23:08 - 01014796 _____ C:\Users\VanessaundUwe\Downloads\Kultur ab Januar 2015.xlsx
2016-05-17 15:08 - 2015-10-06 17:46 - 00000000 ____D C:\Users\VanessaundUwe\Documents\Outlook-Dateien
2016-05-17 15:06 - 2012-08-28 14:14 - 00000000 ____D C:\Program Files\Adobe
2016-05-17 15:06 - 2011-10-27 21:58 - 00000000 ____D C:\Program Files (x86)\Adobe
2016-05-17 15:05 - 2012-05-18 22:14 - 00000000 ____D C:\Users\VanessaundUwe\AppData\Roaming\Adobe
2016-05-17 15:05 - 2011-10-27 21:58 - 00000000 ____D C:\ProgramData\Adobe
2016-05-17 15:01 - 2013-04-26 20:20 - 00000000 ____D C:\Users\VanessaundUwe\Documents\My Digital Editions
2016-05-17 09:33 - 2015-12-22 19:03 - 00000000 ____D C:\Users\VanessaundUwe\AppData\Local\Packages
2016-05-17 07:43 - 2014-07-09 12:42 - 00000000 ____D C:\Users\VanessaundUwe\AppData\Local\Adobe
2016-05-16 21:22 - 2015-12-03 19:13 - 00000000 ____D C:\Users\VanessaundUwe\Downloads\2016
2016-05-15 21:09 - 2015-10-30 09:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-05-13 23:59 - 2012-06-17 14:32 - 00000000 ____D C:\Users\VanessaundUwe\AppData\Roaming\vlc
2016-05-13 12:55 - 2016-01-14 15:43 - 00003972 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2016-05-13 12:55 - 2015-11-04 12:37 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-05-13 10:16 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\rescache
2016-05-12 19:59 - 2011-10-27 22:02 - 00000000 ____D C:\ProgramData\Temp
2016-05-11 21:57 - 2015-10-30 09:26 - 00829944 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-05-11 21:57 - 2015-10-30 09:26 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-05-11 20:24 - 2015-10-30 09:21 - 00000000 ____D C:\WINDOWS\INF
2016-05-11 17:11 - 2015-12-22 19:03 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-05-11 15:01 - 2015-10-30 20:44 - 00000000 ____D C:\Program Files\Windows Journal
2016-05-11 15:01 - 2015-10-30 09:24 - 00015703 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
2016-05-11 15:01 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-05-11 15:01 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-05-11 15:01 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\Provisioning
2016-05-11 15:01 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-05-11 15:00 - 2015-10-06 16:05 - 00000000 ____D C:\Users\VanessaundUwe\AppData\Local\JDownloader 2.0
2016-05-11 14:32 - 2013-08-15 19:38 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-05-11 14:16 - 2011-10-27 23:06 - 139319312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-05-11 12:33 - 2016-02-02 19:15 - 00003988 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore1d12f5fdf08843e
2016-05-11 12:33 - 2015-12-05 15:21 - 00001128 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d12f5fdf08843e.job
2016-05-11 12:33 - 2012-05-18 21:32 - 00004190 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-05-10 07:58 - 2016-01-18 19:53 - 00000000 ____D C:\Program Files\KMSpico
2016-05-09 23:46 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\Globalization
2016-05-09 10:43 - 2012-05-19 17:22 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-05-07 10:43 - 2015-09-04 18:23 - 00000867 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-05-03 13:33 - 2014-08-08 08:13 - 00000000 ____D C:\ProgramData\Package Cache
2016-05-03 13:31 - 2015-12-22 20:53 - 00000000 ____D C:\Users\VanessaundUwe\AppData\Roaming\uTorrent
2016-04-30 15:51 - 2015-07-25 13:09 - 00000000 ____D C:\Users\VanessaundUwe\Downloads\Books
2016-04-28 14:21 - 2013-01-24 18:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2016-04-28 12:55 - 2015-12-22 16:31 - 02086168 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-04-28 12:55 - 2015-10-30 20:35 - 00889404 _____ C:\WINDOWS\system32\perfh007.dat
2016-04-28 12:55 - 2015-10-30 20:35 - 00197452 _____ C:\WINDOWS\system32\perfc007.dat
2016-04-28 10:15 - 2012-10-24 13:15 - 00000000 ____D C:\Program Files (x86)\Avira
2016-04-28 10:01 - 2015-06-06 08:51 - 00077728 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\kldisk.sys
2016-04-28 09:48 - 2015-10-30 08:28 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2016-04-28 09:47 - 2015-10-30 09:24 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2016-04-28 09:46 - 2009-07-14 05:20 - 00000000 ____D C:\Users\Default.migrated
2016-04-28 09:42 - 2012-10-24 13:20 - 00000000 ____D C:\Users\VanessaundUwe\AppData\Roaming\Avira
2016-04-28 09:42 - 2012-10-24 13:15 - 00000000 ____D C:\ProgramData\Avira
2016-04-26 11:02 - 2015-12-22 19:12 - 00002451 _____ C:\Users\VanessaundUwe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-04-25 17:44 - 2014-11-01 17:41 - 00000000 ____D C:\Users\VanessaundUwe\Downloads\Noch schauen
2016-04-23 17:11 - 2015-12-22 19:42 - 00000000 ____D C:\Users\VanessaundUwe\AppData\Local\Comms
2016-04-22 09:57 - 2010-11-21 05:27 - 00453288 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2016-04-20 10:55 - 2014-12-02 13:40 - 00000000 ____D C:\Users\VanessaundUwe\Downloads\Zeitschriften 2015

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2013-11-23 21:03 - 2013-11-23 21:09 - 0000132 _____ () C:\Users\VanessaundUwe\AppData\Roaming\Adobe CS6-GIF-Format - Voreinstellungen
2013-11-28 18:53 - 2014-03-25 16:16 - 0000132 _____ () C:\Users\VanessaundUwe\AppData\Roaming\Adobe CS6-PNG-Format - Voreinstellungen
2012-06-28 17:26 - 2013-05-09 15:16 - 0009216 _____ () C:\Users\VanessaundUwe\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-07-10 18:45 - 2013-07-10 18:45 - 0000893 _____ () C:\Users\VanessaundUwe\AppData\Local\recently-used.xbel
2012-05-19 10:07 - 2012-05-19 10:07 - 0017408 _____ () C:\Users\VanessaundUwe\AppData\Local\WebpageIcons.db
2013-02-05 20:42 - 2013-03-29 14:28 - 0000032 _____ () C:\ProgramData\aceg.ini
2016-01-12 00:45 - 2016-01-12 00:45 - 0000057 _____ () C:\ProgramData\Ament.ini

Einige Dateien in TEMP:
====================
C:\Users\VanessaundUwe\AppData\Local\Temp\libeay32.dll
C:\Users\VanessaundUwe\AppData\Local\Temp\msvcr120.dll
C:\Users\VanessaundUwe\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert


LastRegBack: 2016-05-14 14:42

==================== Ende von FRST.txt ============================

Code:

ATTFilter

Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:14-05-2016
durchgeführt von VanessaundUwe (2016-05-18 12:35:46)
Gestartet von C:\Users\VanessaundUwe\Desktop
Windows 10 Home Version 1511 (X64) (2015-12-22 17:01:42)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-2663113073-2047370837-3390539344-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2663113073-2047370837-3390539344-503 - Limited - Disabled)
Gast (S-1-5-21-2663113073-2047370837-3390539344-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2663113073-2047370837-3390539344-1003 - Limited - Enabled)
UpdatusUser (S-1-5-21-2663113073-2047370837-3390539344-1000 - Limited - Enabled) => C:\Users\UpdatusUser
VanessaundUwe (S-1-5-21-2663113073-2047370837-3390539344-1001 - Administrator - Enabled) => C:\Users\VanessaundUwe

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Kaspersky Anti-Virus (Disabled - Up to date) {86367591-4BE4-AE08-2FD9-7FCB8259CD98}
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Kaspersky Anti-Virus (Disabled - Up to date) {3D579475-6DDE-A186-1569-44B9F9DE8725}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Anti-Virus (Disabled) {BE0DF4B4-018B-AF50-0486-D6FE7C8A8AE3}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

µTorrent (HKU\S-1-5-21-2663113073-2047370837-3390539344-1001\...\uTorrent) (Version: 3.4.6.42094 - BitTorrent Inc.)
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.016.20039 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.242 - Adobe Systems Incorporated)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
calibre (HKLM-x32\...\{49FA2A5C-8FC3-4BD0-A244-CA01A9250E55}) (Version: 2.50.1 - Kovid Goyal)
CCleaner (HKLM\...\CCleaner) (Version: 5.17 - Piriform)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.0.0.0054 - Disc Soft Ltd)
ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 17.1.18829 - Landesfinanzdirektion Thüringen)
FileZilla Client 3.10.3 (HKLM-x32\...\FileZilla Client) (Version: 3.10.3 - Tim Kosse)
Finger Sensing Pad Driver (HKLM\...\{E86906FF-C63D-4EAF-ACE7-5F8D55FBEA9A}) (Version: 9.4.9.5 - Sentelic)
FormatFactory 3.3.5.0 (HKLM-x32\...\FormatFactory) (Version: 3.3.5.0 - Format Factory)
Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Google Drive (HKLM-x32\...\{D7269C20-B3CE-4CD0-8E88-3D307D3BD41A}) (Version: 1.29.2074.1528 - Google, Inc.)
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
HP Dropbox Plugin (HKLM-x32\...\{45B18FC7-3ECE-4F2B-99A8-370886AB8238}) (Version: 36.0.31.53050 - Hewlett-Packard Co.)
HP Google Drive Plugin (HKLM-x32\...\{1502BB1F-7870-4DC9-9178-65CFE00D070C}) (Version: 36.0.31.53050 - Hewlett-Packard Co.)
HP OfficeJet 3830 series - Grundlegende Software für das Gerät (HKLM\...\{DCCF150E-E0CA-4C1E-BD81-207DB6BE2A86}) (Version: 36.0.72.54013 - Hewlett-Packard Co.)
HP OfficeJet 3830 series Hilfe (HKLM-x32\...\{99C52AB4-FBA3-4C12-9AC3-B19A3421EB96}) (Version: 35.0.0 - Hewlett Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.9572 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
Intel PROSet Wireless (x32 Version:  - ) Hidden
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2538 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{006B5C65-3938-4246-B182-994A7E415EDE}) (Version: 1.1.0.0537 - Intel Corporation)
Intel(R) WiDi (HKLM-x32\...\{E1B934BB-6AFA-429F-98E4-76F9CBC72BF6}) (Version: 2.2.14.0 - Intel Corporation)
Intel(R) Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version:  - )
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.32 - Irfan Skiljan)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kaspersky Anti-Virus (HKLM-x32\...\InstallWIX_{77E7AE5C-181C-4CAF-ADBF-946F11C1CE26}) (Version: 16.0.0.614 - Kaspersky Lab)
Kaspersky Anti-Virus (x32 Version: 16.0.0.614 - Kaspersky Lab) Hidden
LameXP v4.07 (HKLM-x32\...\{FBD7A67D-D700-4043-B54F-DD106D00F308}) (Version: 4.07 Final-1 [Build #1286] - LoRd_MuldeR <mulder2@gmx.de>)
Launch Manager (HKLM-x32\...\{D0846526-66DD-4DC9-A02C-98F9A2806812}) (Version: 1.5.1.4 - Wistron Corp.)
Lumia UEFI Blue Driver (HKLM-x32\...\{D6EEB835-5BBF-4F6B-8382-1681148D7771}) (Version: 1.1.8.1448 - Nokia)
Malwarebytes Anti-Malware Version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft_VC100_CRT_x86 (HKLM-x32\...\{6FDDB201-2CA0-42BD-973F-7B2C4A61EA3F}) (Version: 1.0.0 - Microsoft)
Mozilla Firefox 46.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 46.0.1 (x86 de)) (Version: 46.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 46.0.1.5966 - Mozilla)
NVIDIA 3D Vision Driver 285.64 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 285.64 - NVIDIA Corporation)
NVIDIA Graphics Driver 285.64 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 285.64 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}) (Version: 9.10.0513 - NVIDIA Corporation)
OpenOffice 4.1.2 (HKLM-x32\...\{F5CAB1AF-7B1A-4CEC-B829-A3F699473AE1}) (Version: 4.12.9782 - Apache Software Foundation)
Pošta Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6449 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Reader Driver (HKLM-x32\...\{62BBB2F0-E220-4821-A564-730807D2C34D}) (Version: 6.1.7600.10010 - Realtek Semiconductor Corp.)
Remote Control Input Device Registry Key (HKLM-x32\...\{91EB0B20-08B0-4905-88FB-020952B9979F}) (Version: 1.1.0.0.081231 - Chicony)
Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.16011.2 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (x32 Version: 3.2.16011.2 - Samsung Electronics Co., Ltd.) Hidden
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.59.0 - Samsung Electronics Co., Ltd.)
Shape Collage (HKLM-x32\...\ShapeCollage) (Version:  - Shape Collage Inc.)
Smart Switch (HKLM-x32\...\InstallShield_{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}) (Version: 4.1.16021.15 - Samsung Electronics Co., Ltd.)
Smart Switch (x32 Version: 4.1.16021.15 - Samsung Electronics Co., Ltd.) Hidden
Spelling Dictionaries Support For Adobe Reader X (HKLM-x32\...\{AC76BA86-7AD7-5464-3428-A00000000004}) (Version: 10.0.0 - Adobe Systems Incorporated)
Spotify (HKU\S-1-5-21-2663113073-2047370837-3390539344-1001\...\Spotify) (Version: 1.0.28.87.g8f9312a4 - Spotify AB)
Studie zur Verbesserung von HP OfficeJet 3830 series (HKLM\...\{0BE77456-9F9E-41FA-8914-01940B20AEA8}) (Version: 36.0.72.54013 - Hewlett-Packard Co.)
TI USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5C677DD3-45D9-4B10-8591-5F8CEA76BAE0}) (Version: 1.12.16 - Texas Instruments Inc.)
TI USB3 Host Driver (x32 Version: 1.12.16 - Texas Instruments Inc.) Hidden
Trojan Remover 6.9.3 (HKLM-x32\...\Trojan Remover_is1) (Version: 6.9.3 - Simply Super Software)
Turbo Lister 2 (HKLM-x32\...\{8927E07C-97F7-4A54-88FB-D976F50DD46E}) (Version: 2.00.0000 - eBay Inc.)
Versandhelfer (HKLM-x32\...\dpdhl.versandhelfer.medionlap.CDA82DC3FEDD13302C6424313D9A2999F162D21A.1) (Version: 0.9.511 - Deutsche Post AG)
Versandhelfer (x32 Version: 0.9.511 - Deutsche Post AG) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
WinRAR 4.20 (32-Bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
WinUsb CoInstallers (HKLM-x32\...\{B7D4B08A-9D89-4369-B51C-92CF8C03D2F8}) (Version: 1.1.8.1406 - Nokia)
WinUSB Compatible ID Drivers (HKLM-x32\...\{316ED84C-ACDA-4F1F-8E64-52B7AFF8677D}) (Version: 1.1.9.1439 - Nokia)
WinUSB Drivers ext (HKLM-x32\...\{238EAE31-4E9E-43CF-B244-C4879279E6AF}) (Version: 1.1.12.1439 - Nokia)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

CustomCLSID: HKU\S-1-5-21-2663113073-2047370837-3390539344-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\VanessaundUwe\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\FileCoAuth.exe (Microsoft Corporation)

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {0D316AB7-1416-48C9-BE2F-98E44E0638A5} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-05-12] (Adobe Systems Incorporated)
Task: {13548292-62B5-46FE-901A-32171AC7C7CA} - System32\Tasks\HPCustParticipation HP OfficeJet 3830 series => C:\Program Files\HP\HP OfficeJet 3830 series\Bin\HPCustPartic.exe [2015-03-09] (Hewlett-Packard Development Company, LP)
Task: {13C04E78-85A3-4EAB-8EC1-4D75A697776D} - System32\Tasks\{415ED4F3-D631-4EE6-AB81-303998C830FB} => pcalua.exe -a C:\Users\VanessaundUwe\Downloads\ADE_2.0_Installer.exe -d C:\Users\VanessaundUwe\Downloads
Task: {23932692-5781-482C-BE4E-010CF5CF399C} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe
Task: {3A8D8438-08A6-4DFB-B760-90737F10D2A6} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {51696F76-C61C-45B2-A66E-EB797979E925} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-05-11] (Microsoft Corporation)
Task: {727E0394-47CD-4326-9878-51DCE9BDA933} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
Task: {819CC8D0-B527-433F-9E94-83F3FED315E3} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe
Task: {86C11EBC-5923-4224-8C9C-AEAC67C4A609} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {8A26074E-D9A2-46A1-926B-2CD6439E0EB7} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {8B83154D-73CF-4435-ABEB-96C6214BD09D} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe
Task: {8EFFED3C-9DA9-401D-AD9C-61FD3A63F98A} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe
Task: {8F0E5EFB-D820-4DEA-A1D5-8B6237FEBF7B} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {9CBBE4A7-E823-45D3-AEAB-E20865E1F264} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe
Task: {9D3DB79D-C891-41AE-B24E-32BE9900DA22} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe
Task: {9F32AA2E-358A-4EC1-B044-761AA6BFFB94} - System32\Tasks\AutoPico Daily Restart => C:\Program
Task: {A2A7F146-C77A-4233-8C31-D192AF2D5591} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe
Task: {AAB08C40-22FD-4126-84F4-86755786F394} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-04-15] (Piriform Ltd)
Task: {B16E35C8-ECC6-4B42-AA66-B1B9248E5478} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Keine Datei <==== ACHTUNG
Task: {B2851EE3-BFA4-47A4-AFC2-114F3C194922} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-02] (Google Inc.)
Task: {B9CC01BC-768A-4946-AFDB-F6A551A40F00} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-02] (Google Inc.)
Task: {B9DF69B4-AE35-4B57-9B92-FFE592D550FE} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe
Task: {BC1A3F70-620E-4779-85B3-7ECE889A1DDB} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-04-22] (Adobe Systems Incorporated)
Task: {BCCF0E08-B171-4189-9247-F3E434294369} - \Microsoft\Windows\Setup\gwx\runappraiser -> Keine Datei <==== ACHTUNG
Task: {C08B53D2-E793-49B9-B320-3C1C4EFAE8CA} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {C3FD7451-62AC-4654-AF99-DAA95E98F41B} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Keine Datei <==== ACHTUNG
Task: {C6A099CD-5D34-4EDB-B614-CAF872E4E2F5} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {C7BA2836-6C8C-47F8-9A90-E43904B236AA} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe
Task: {CAAAE44E-0401-4EDF-B01F-CC3DBA876ADE} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe
Task: {CCE0DFF5-D617-41DC-9762-FE8A6F2848C1} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Keine Datei <==== ACHTUNG
Task: {CFC89B44-7826-4C50-B7A1-ECFE371E3767} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe
Task: {D5395A54-7A70-4614-94AA-D0CA988038E3} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {E09D943B-BA56-45AA-B5DB-C91C66EB995D} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe
Task: {E146F8D9-BEFB-4450-B673-D136F6ECDACE} - System32\Tasks\GoogleUpdateTaskMachineCore1d12f5fdf08843e => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-02] (Google Inc.)
Task: {E3EB8754-FFD1-4D73-942B-F8C7ACAB2F34} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe
Task: {F1774640-2B6A-43C5-9603-E8FA3AA41FA4} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe
Task: {F4F6A6FD-9D1A-44F0-8C26-8B298597FF54} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Keine Datei <==== ACHTUNG
Task: {FB4F02EA-7AD0-46E6-9D4D-76E82CC953A5} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1cf8c54ebfada4.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1cfec34e7a76bd3.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d0002672f1337.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d04241b9fd81d9.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d092e5d4782a0f.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d0c00ad2e94d9a.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d0e5527337fb41.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d0ef9ff94fb37b.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d12f5fdf08843e.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Verknüpfungen =============================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2015-10-30 09:18 - 2015-10-30 09:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2015-05-29 08:29 - 2015-05-29 08:29 - 02178896 _____ () C:\Windows\System32\FspService.exe
2016-04-13 12:42 - 2016-03-29 12:20 - 02656952 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-04-13 12:42 - 2016-03-29 12:20 - 02656952 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2015-03-29 12:25 - 2015-03-29 12:25 - 00043480 _____ () C:\FileZilla\fzshellext_64.dll
2016-04-26 11:02 - 2016-04-26 11:02 - 00959176 _____ () C:\Users\VanessaundUwe\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64\ClientTelemetry.dll
2016-04-19 17:31 - 2016-04-19 17:31 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2015-12-22 16:12 - 2015-12-22 16:12 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-05-11 13:07 - 2016-04-23 06:25 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-05-11 13:08 - 2016-04-23 06:02 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-05-11 13:08 - 2016-04-23 05:58 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-05-11 13:08 - 2016-04-23 05:58 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-05-11 13:09 - 2016-04-23 06:01 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-04-19 17:31 - 2016-04-19 17:31 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-04-19 17:31 - 2016-04-19 17:31 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2015-03-29 12:25 - 2015-03-29 12:25 - 00039384 _____ () C:\FileZilla\fzshellext.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)

AlternateDataStreams: C:\ProgramData\Temp:56E2E879 [118]
AlternateDataStreams: C:\ProgramData\Temp:CB0AACC9 [144]

==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)


==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)

HKU\S-1-5-21-2663113073-2047370837-3390539344-1001\Software\Classes\.exe:  =>  <===== ACHTUNG

==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)


==================== Hosts Inhalt: ===============================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2009-07-14 04:34 - 2016-05-17 22:04 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1       localhost

==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-2663113073-2047370837-3390539344-1000\Control Panel\Desktop\\Wallpaper -> 
HKU\S-1-5-21-2663113073-2047370837-3390539344-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\VanessaundUwe\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: BTMTrayAgent => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
MSCONFIG\startupreg: Spotify => "C:\Users\VanessaundUwe\AppData\Roaming\Spotify\Spotify.exe" -autostart -minimized

==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808
FirewallRules: [{C0374123-E3D0-4A2A-AF23-FD7B330516D2}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{832DE091-A393-41A0-9069-16CED42A908F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{10B4D7B3-35E5-4BCB-9AF0-570C332970A6}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{08F98417-32F4-4506-9A75-46379350B106}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [UDP Query User{1C533923-8746-4213-AA9F-E8CB87B8FB54}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{E981DB15-4E39-4BAD-987F-C4227C2BA066}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{25AF93FC-F6D1-4242-A385-DB3EC143D466}C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe
FirewallRules: [TCP Query User{224F2EAB-9D65-48F8-B527-63AF3C0AAD06}C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe
FirewallRules: [{4B89F019-378D-4CB6-AF92-2CB1E1BF3207}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{9ECFE6F4-A7AD-4296-B3E7-254C8E0CB697}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{23F69F7A-AFE4-41CC-AED3-FFDD201F5CAB}] => (Allow) LPort=1900
FirewallRules: [{53E576F4-684D-46C6-9AD8-E62974FB99FE}] => (Allow) LPort=2869
FirewallRules: [{04B2E412-4BC1-4D51-B629-6AB6A2708D43}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [UDP Query User{295DE74C-4A72-4955-8559-CA6D38EA6457}C:\vlc\vlc.exe] => (Allow) C:\vlc\vlc.exe
FirewallRules: [TCP Query User{1903870F-8668-4200-9D1B-3C30D813485A}C:\vlc\vlc.exe] => (Allow) C:\vlc\vlc.exe
FirewallRules: [UDP Query User{9F5C1EC9-68F2-424D-99B3-B7D370048090}C:\users\vanessaunduwe\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\vanessaunduwe\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{AB4F2111-5868-48FB-BFB3-49AA9B1B7B16}C:\users\vanessaunduwe\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\vanessaunduwe\appdata\roaming\spotify\spotify.exe
FirewallRules: [{99AE0AFB-72CD-4AB1-BFD7-28DB3E88CBF4}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3507\Agent.exe
FirewallRules: [{42F4F9E3-49D0-4D69-85C9-3DD660CA0258}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3507\Agent.exe
FirewallRules: [UDP Query User{8ED785C4-8B67-48AB-9E1F-E9FB0E017845}C:\users\vanessaunduwe\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\vanessaunduwe\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{5C89C82A-ED44-4302-AADE-600262D3F135}C:\users\vanessaunduwe\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\vanessaunduwe\appdata\roaming\spotify\spotify.exe
FirewallRules: [{3B3BA98C-6E3A-4CE5-9464-40DCE9710926}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{882E49E9-1721-48A8-B10B-EDD92CB1198A}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{D72B193E-DAA6-4947-B0DD-79B43E88826F}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{60633C33-6005-4E69-8984-5F2785A192B6}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
FirewallRules: [{E20DBD12-083A-4C7B-B048-62F51DC45532}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
FirewallRules: [{4C65B3D6-E289-4DC8-A7A1-E03D336E0E43}] => (Allow) C:\Users\VanessaundUwe\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{0263B9A6-98AB-4676-AF80-27916C59B382}] => (Allow) C:\Users\VanessaundUwe\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{8CC1AA41-6D1F-4258-8042-0969C72B17C3}] => (Allow) C:\Users\VanessaundUwe\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{A71B376F-DC00-4E8A-9BC6-8093C38BBFF6}] => (Allow) C:\Users\VanessaundUwe\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{EAE79E6F-A72E-4A3A-8155-B528862C291D}] => (Allow) C:\Users\VanessaundUwe\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{C326D4F1-8F94-4F87-8F5B-9317EE17B4E5}] => (Allow) C:\Users\VanessaundUwe\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{EC80BE6C-A741-45B4-A4A5-1879FEB76882}] => (Allow) C:\Program Files\HP\HP OfficeJet 3830 series\bin\FaxApplications.exe
FirewallRules: [{AE9EFAA9-1162-46C4-817D-9EEFF821368E}] => (Allow) C:\Program Files\HP\HP OfficeJet 3830 series\bin\DigitalWizards.exe
FirewallRules: [{73783793-F380-43CB-A272-15E66D1134DE}] => (Allow) C:\Program Files\HP\HP OfficeJet 3830 series\bin\SendAFax.exe
FirewallRules: [{8FB56B48-9C7F-47F5-B214-5EE0DF650E21}] => (Allow) C:\Program Files\HP\HP OfficeJet 3830 series\bin\FaxPrinterUtility.exe
FirewallRules: [{BB8FBFC3-E065-48F3-81DF-BFF4C15594D0}] => (Allow) C:\Program Files\HP\HP OfficeJet 3830 series\Bin\DeviceSetup.exe
FirewallRules: [{3DB49462-9751-401C-A35E-DF3ADE4EE293}] => (Allow) LPort=5357
FirewallRules: [{C7D4D1AD-7D2C-46FA-840D-077F4D87041D}] => (Allow) C:\Program Files\HP\HP OfficeJet 3830 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{4EC315F3-0EA3-4114-86CB-20666CF4E12D}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe
FirewallRules: [{A695BB64-DB01-4FD7-9369-1730B175811C}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe
FirewallRules: [{95E1AA2A-0E74-425D-9787-CCD2A9520AB6}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{D110AE22-413C-45CD-9996-CAC107C4EE01}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe

==================== Wiederherstellungspunkte =========================

07-05-2016 13:25:51 Geplanter Prüfpunkt
09-05-2016 23:52:40 JRT Pre-Junkware Removal
15-05-2016 21:05:53 Windows Update
17-05-2016 20:33:45 OpenOffice 4.1.2 wird installiert
18-05-2016 12:26:33 JRT Pre-Junkware Removal

==================== Fehlerhafte Geräte im Gerätemanager =============


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (05/18/2016 12:27:01 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.

System Error:
Zugriff verweigert
.

Error: (05/18/2016 12:26:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: devmonsrv.exe, Version: 1.1.0.51, Zeitstempel: 0x4d6e5bd3
Name des fehlerhaften Moduls: devmonsrv.exe, Version: 1.1.0.51, Zeitstempel: 0x4d6e5bd3
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00043c86
ID des fehlerhaften Prozesses: 0x2114
Startzeit der fehlerhaften Anwendung: 0xdevmonsrv.exe0
Pfad der fehlerhaften Anwendung: devmonsrv.exe1
Pfad des fehlerhaften Moduls: devmonsrv.exe2
Berichtskennung: devmonsrv.exe3
Vollständiger Name des fehlerhaften Pakets: devmonsrv.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: devmonsrv.exe5

Error: (05/18/2016 12:25:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: devmonsrv.exe, Version: 1.1.0.51, Zeitstempel: 0x4d6e5bd3
Name des fehlerhaften Moduls: devmonsrv.exe, Version: 1.1.0.51, Zeitstempel: 0x4d6e5bd3
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00043c86
ID des fehlerhaften Prozesses: 0x840
Startzeit der fehlerhaften Anwendung: 0xdevmonsrv.exe0
Pfad der fehlerhaften Anwendung: devmonsrv.exe1
Pfad des fehlerhaften Moduls: devmonsrv.exe2
Berichtskennung: devmonsrv.exe3
Vollständiger Name des fehlerhaften Pakets: devmonsrv.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: devmonsrv.exe5

Error: (05/18/2016 12:09:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: AutoPico.exe, Version: 5.4.0.0, Zeitstempel: 0x52157dfb
Name des fehlerhaften Moduls: clr.dll, Version: 4.6.1080.0, Zeitstempel: 0x570c4ace
Ausnahmecode: 0xc00000fd
Fehleroffset: 0x00000000000073e3
ID des fehlerhaften Prozesses: 0x21cc
Startzeit der fehlerhaften Anwendung: 0xAutoPico.exe0
Pfad der fehlerhaften Anwendung: AutoPico.exe1
Pfad des fehlerhaften Moduls: AutoPico.exe2
Berichtskennung: AutoPico.exe3
Vollständiger Name des fehlerhaften Pakets: AutoPico.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: AutoPico.exe5

Error: (05/18/2016 12:09:46 PM) (Source: Software Protection Platform Service) (EventID: 1017) (User: )
Description: Fehler bei der Installation des Kaufnachweises. 0x80070057
Teil-Pkey=?
ACID=?
Genauer Fehler[?]

Error: (05/18/2016 12:09:46 PM) (Source: Software Protection Platform Service) (EventID: 1017) (User: )
Description: Fehler bei der Installation des Kaufnachweises. 0x80070057
Teil-Pkey=?
ACID=?
Genauer Fehler[?]

Error: (05/18/2016 12:09:46 PM) (Source: Software Protection Platform Service) (EventID: 1017) (User: )
Description: Fehler bei der Installation des Kaufnachweises. 0x80070057
Teil-Pkey=?
ACID=?
Genauer Fehler[?]

Error: (05/18/2016 12:09:46 PM) (Source: Software Protection Platform Service) (EventID: 1017) (User: )
Description: Fehler bei der Installation des Kaufnachweises. 0x80070057
Teil-Pkey=?
ACID=?
Genauer Fehler[?]

Error: (05/18/2016 12:09:46 PM) (Source: Software Protection Platform Service) (EventID: 1017) (User: )
Description: Fehler bei der Installation des Kaufnachweises. 0x80070057
Teil-Pkey=?
ACID=?
Genauer Fehler[?]

Error: (05/18/2016 12:09:46 PM) (Source: Software Protection Platform Service) (EventID: 1017) (User: )
Description: Fehler bei der Installation des Kaufnachweises. 0x80070057
Teil-Pkey=?
ACID=?
Genauer Fehler[?]


Systemfehler:
=============
Error: (05/18/2016 12:27:52 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "NVIDIA Display Driver Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (05/18/2016 12:26:05 PM) (Source: DCOM) (EventID: 10005) (User: ANUKET)
Description: 1053Bluetooth Device MonitorNicht verfügbar{DABF28BE-F6B4-4E40-8F40-C4FB26F3116C}

Error: (05/18/2016 12:26:05 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Bluetooth Device Monitor" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (05/18/2016 12:26:05 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Bluetooth Device Monitor erreicht.

Error: (05/18/2016 12:25:25 PM) (Source: DCOM) (EventID: 10005) (User: ANUKET)
Description: 1053Bluetooth Device MonitorNicht verfügbar{DABF28BE-F6B4-4E40-8F40-C4FB26F3116C}

Error: (05/18/2016 12:25:25 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Bluetooth Device Monitor" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (05/18/2016 12:25:25 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Bluetooth Device Monitor erreicht.

Error: (05/18/2016 11:31:12 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde nicht richtig gestartet.

Error: (05/18/2016 11:30:28 AM) (Source: DCOM) (EventID: 10005) (User: ANUKET)
Description: 1053Bluetooth Device MonitorNicht verfügbar{DABF28BE-F6B4-4E40-8F40-C4FB26F3116C}

Error: (05/18/2016 11:30:28 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Bluetooth Device Monitor" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053


CodeIntegrity:
===================================
  Date: 2016-05-17 22:21:16.914
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-05-17 22:21:16.859
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-05-17 22:21:16.798
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-05-16 20:13:23.487
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-05-16 08:24:55.146
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-05-12 08:37:29.691
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\VanessaundUwe\AppData\Local\Temp\trutil.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-05-12 08:37:29.638
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\VanessaundUwe\AppData\Local\Temp\trutil.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-05-12 08:37:26.378
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\VanessaundUwe\AppData\Local\Temp\trutil.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-05-12 08:37:26.341
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\VanessaundUwe\AppData\Local\Temp\trutil.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-05-12 08:37:15.054
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\VanessaundUwe\AppData\Local\Temp\trutil.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Speicherinformationen =========================== 

Prozessor: Intel(R) Core(TM) i3-2350M CPU @ 2.30GHz
Prozentuale Nutzung des RAM: 46%
Installierter physikalischer RAM: 4001.87 MB
Verfügbarer physikalischer RAM: 2136.62 MB
Summe virtueller Speicher: 8097.87 MB
Verfügbarer virtueller Speicher: 6166.05 MB

==================== Laufwerke ================================

Drive c: (Boot) (Fixed) (Total:394.66 GB) (Free:90.9 GB) NTFS
Drive d: (Recover) (Fixed) (Total:70 GB) (Free:40.5 GB) NTFS

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 0DA1342C)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=394.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=70 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=1 GB) - (Type=12)

==================== Ende von Addition.txt ============================

M-K-D-B · 18.05.2016, 15:14

Servus,

wir entfernen die letzten Reste und kontrollieren nochmal alles.

Hinweis: Der Suchlauf mit ESET kann länger dauern.

Schritt 1
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

start
CloseProcesses:
HKU\S-1-5-21-2663113073-2047370837-3390539344-1001\...\Winlogon: [Shell] C:\ProgramData\hardness-79\hardness-27.exe -5,explorer.exe <==== ACHTUNG
C:\ProgramData\hardness-79
EmptyTemp:
end

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Schritt 2

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Schritt 3
Downloade dir die passende Version von HitmanPro auf deinen Desktop: HitmanPro - 32 Bit | HitmanPro - 64 Bit.

Starte die HitmanPro.exe
Klicke auf
Entferne den Haken bei
Klicke auf
und
Akzeptiere die Lizenzbedingungen und klicke auf
Klicke auf

und auf
Wenn der Scan beendet wurde, nichts löschen lassen etc. sondern wähle unten links auf der Button-Leiste
und speichere die Logdatei auf Deinem Desktop.
Schließe HitmanPro und poste mir das Log.

Schritt 4

Starte die FRST.exe erneut. Setze einen Haken vor Addition.txt und drücke auf Untersuchen.
FRST erstellt wieder zwei Logdateien (FRST.txt und Addition.txt).
Poste mir beide Logdateien mit deiner nächsten Antwort.

Gibt es jetzt noch Probleme mit dem PC? Wenn ja, welche?

Bitte poste mit deiner nächsten Antwort

die Logdatei des FRST-Fix,
die Logdatei von ESET,
die Logdatei von HitmanPro,
die beiden neuen Logdateien von FRST,
die Beantwortung der gestellten Fragen.

Librarios · 19.05.2016, 07:37

Moin Matthias,

anbei die Logfiles:

Code:

ATTFilter

Entferungsergebnis von Farbar Recovery Scan Tool (x64) Version:14-05-2016
durchgeführt von VanessaundUwe (2016-05-18 18:49:07) Run:3
Gestartet von C:\Users\VanessaundUwe\Desktop
Geladene Profile: UpdatusUser & VanessaundUwe (Verfügbare Profile: UpdatusUser & VanessaundUwe)
Start-Modus: Normal
==============================================

fixlist Inhalt:
*****************
start
CloseProcesses:
HKU\S-1-5-21-2663113073-2047370837-3390539344-1001\...\Winlogon: [Shell] C:\ProgramData\hardness-79\hardness-27.exe -5,explorer.exe <==== ACHTUNG
C:\ProgramData\hardness-79
EmptyTemp:
end
*****************

Prozess erfolgreich geschlossen.
HKU\S-1-5-21-2663113073-2047370837-3390539344-1001\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Wert erfolgreich entfernt
"C:\ProgramData\hardness-79" => nicht gefunden.
EmptyTemp: => 178 MB temporäre Dateien entfernt.


Das System musste neu gestartet werden.

==== Ende von Fixlog 18:49:15 ====

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=7982bf1c05bfe6419c5f23fecbc26b21
# end=init
# utc_time=2016-05-18 05:11:24
# local_time=2016-05-18 07:11:24 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.2.9200 NT 
Update Init
Update Download
Update Finalize
Updated modules version: 29513
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=7982bf1c05bfe6419c5f23fecbc26b21
# end=updated
# utc_time=2016-05-18 05:14:31
# local_time=2016-05-18 07:14:31 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.2.9200 NT 
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=7982bf1c05bfe6419c5f23fecbc26b21
# engine=29513
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2016-05-18 10:18:58
# local_time=2016-05-19 12:18:58 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT 
# compatibility_mode_1='Kaspersky Anti-Virus'
# compatibility_mode=1306 16777213 100 100 19663 27832190 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 47410 17424081 0 0
# scanned=244307
# found=78
# cleaned=0
# scan_time=18267
sh=01C53FBC0030066FE9032FEC431D9EA26B5811CC ft=1 fh=af8c82510ee8e748 vn="Win32/AlteredSoftware.C evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe.vir"
sh=0E7CC420B0BE38296EF8516DC3786361119F1F5F ft=1 fh=02f58beb2edcfbd2 vn="Win32/AlteredSoftware.A evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\globalUpdate\Update\1.3.25.0\GoogleCrashHandler.exe.vir"
sh=01C53FBC0030066FE9032FEC431D9EA26B5811CC ft=1 fh=af8c82510ee8e748 vn="Win32/AlteredSoftware.C evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\globalUpdate\Update\1.3.25.0\GoogleUpdate.exe.vir"
sh=A565AA91F7873179776579995E9F4D2B2894AE5A ft=1 fh=22e3a81795d8fb05 vn="Variante von Win32/AlteredSoftware.B evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\globalUpdate\Update\1.3.25.0\GoogleUpdateBroker.exe.vir"
sh=F1A0D0D29F924A24AF0F0521CF6F9A9150A10ECC ft=1 fh=22e3a817befc6b5a vn="Variante von Win32/AlteredSoftware.B evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\globalUpdate\Update\1.3.25.0\GoogleUpdateOnDemand.exe.vir"
sh=6EF70363E6C4EB77DAEB4A7F90EACCF07CCCBFEC ft=1 fh=c71c001192caf50d vn="Win32/AlteredSoftware.A evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\globalUpdate\Update\1.3.25.0\goopdate.dll.vir"
sh=8C10EB6850C145E57F1D3C42C987DA20D3E667DB ft=1 fh=d9cdf1c8ff17595a vn="Variante von Win32/AlteredSoftware.B evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\globalUpdate\Update\1.3.25.0\goopdateres_en.dll.vir"
sh=EBE901FC9EAFBBB0FBBF57388F456C0D4CE259C9 ft=1 fh=c71c0011fea7552e vn="Variante von Win32/AlteredSoftware.E evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll.vir"
sh=EDB4A6C7E75E18ACB805418EFFD78267BB2F37C4 ft=1 fh=c71c001126306ac8 vn="Variante von Win32/AlteredSoftware.G evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\globalUpdate\Update\1.3.25.0\psmachine.dll.vir"
sh=CF59E8174BBD4D78634E4948B45F5C7BE0B6FFCF ft=1 fh=3966826d47bc5a39 vn="Variante von Win64/Toolbar.Crossrider.A evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\hosts\hosts-bho64.dll.vir"
sh=C375149DD32A9A7AA6A73A52CD72CFDF0CC3C41C ft=1 fh=c71c00113f60402f vn="Variante von Win32/Toolbar.CrossRider.H evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\hosts\hosts-buttonutil.dll.vir"
sh=0D4035E79F089ECEF3749B0F0F154843A5ADB3D6 ft=1 fh=f3fd0242b69965f6 vn="Variante von Win64/Toolbar.Crossrider.A evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\hosts\hosts-buttonutil64.dll.vir"
sh=DEB32C4F0894905A626BB3F5C107BE730D78B589 ft=1 fh=a4d2b54acd6bcbc4 vn="Variante von Win64/Toolbar.Crossrider.A evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\hosts\hosts-buttonutil64.exe.vir"
sh=1A16640F4BA4C75F77D2CFBCCE4BB8DF28D5AB50 ft=1 fh=153db0a8e9d377e3 vn="Win32/Packed.VMDetector.B evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\hosts\Uninstall.exe.vir"
sh=5D8FCFFC982C8A3B13173E63B9E41EAE6E85CE31 ft=0 fh=0000000000000000 vn="JS/ShopperPro.A evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ShopperPro\database1_0_0.json.vir"
sh=0CACF65C99062D1F6839DA2755D4437B85B98627 ft=0 fh=0000000000000000 vn="JS/ShopperPro.A evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ShopperPro\manifest.json.vir"
sh=EA043247F0C7F42154CA6ACE4CFF5912BE0BED7C ft=0 fh=0000000000000000 vn="JS/ShopperPro.A evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ShopperPro\FireFox\content\overlay.js.vir"
sh=5D8FCFFC982C8A3B13173E63B9E41EAE6E85CE31 ft=0 fh=0000000000000000 vn="JS/ShopperPro.A evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ShopperPro\JSDriver\1.37.0.199\database1_0_0.json.vir"
sh=529409B527AE0E1FA55B0B2FCB0A26F9ACD51A2E ft=1 fh=b82f6564c99a0e42 vn="Variante von Win32/SBWatchman.D evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\YouTube Accelerator\engine.dll.vir"
sh=71C3ECDAF9BCBF19C4BF9B9154257CD9DC52D4DE ft=1 fh=ac17c8b2c65b7d03 vn="Variante von Win32/SBWatchman.D evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\YouTube Accelerator\helper.dll.vir"
sh=917E94C411F808A84FFDB02AEBA3899E0F31D663 ft=1 fh=cf8b93dcf802a948 vn="Variante von Win32/SBWatchman.D evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\YouTube Accelerator\ipc.dll.vir"
sh=DD07F8FF5BF422D6FEAA22EADD71F94CB53C0182 ft=1 fh=1771a0a747c348da vn="Variante von Win32/SBWatchman.D evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\YouTube Accelerator\Res.dll.vir"
sh=CE9DC084B057829C337EB2DE93C4164AFDBBD618 ft=1 fh=153f08e79348d5cb vn="Variante von Win32/SBWatchman.D evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\YouTube Accelerator\testlsp.exe.vir"
sh=778BE66BCDD5E9B949B34D6EE9FA306FF88EAC60 ft=1 fh=cfc3af82ed02f203 vn="Variante von Win32/SBWatchman.D evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\YouTube Accelerator\unelevate.exe.vir"
sh=F78F45870F68C54EB2F72E466991E30027B41BB1 ft=1 fh=c71c0011ae148a5a vn="Variante von Win32/ShopperPro.A evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\YouTube Accelerator\Updater.exe.vir"
sh=727203B26507CDB3958AC253CA5DC67E4FFA93C8 ft=1 fh=945bb9dda31087a4 vn="Variante von Win32/SBWatchman.D evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\YouTube Accelerator\xmldb.dll.vir"
sh=85E95C32BB795CB1AE188AC5A770341E734E2B73 ft=1 fh=3fdeb359b65d58e9 vn="Variante von Win32/SBWatchman.D evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\YouTube Accelerator\YouTubeAccelerator.exe.vir"
sh=7B44E18E2CD5C955B7BCAC69D036B9DE96919CDB ft=1 fh=c7c465a8ff54c3da vn="Variante von Win32/SBWatchman.D evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\YouTube Accelerator\YouTubeAcceleratorService.exe.vir"
sh=1DA5AD4B9CAA904F538EEDDF01BB24A3574FE419 ft=1 fh=1f19ec1c8b46e563 vn="Variante von Win32/SBWatchman.D evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\YouTube Accelerator\YTAHUninstall.exe.vir"
sh=FCDAA60ED70ED2AE77B2C587E205C65623666B8A ft=1 fh=a3b88d6bc9ba03a7 vn="Variante von Win32/SBWatchman.D evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\YouTube Accelerator\ytalsp.dll.vir"
sh=5231648B4BF178EE67C027BB5835E24D863A45AD ft=1 fh=d18b4b77c749f8ee vn="Variante von Win32/SBWatchman.E evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\YouTube Accelerator\YTAUninstall.exe.vir"
sh=2D043DCA07EEB88147C959D435F13383B100A232 ft=1 fh=dd8d99e6db1a9696 vn="Variante von Win32/SBWatchman.E evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\YTAHelper\SPRemove.exe.vir"
sh=25B0D10131D7E6CE06C35FC17D35FBC0155E3B92 ft=1 fh=be8ecd58c861b44a vn="Variante von Win32/ShopperPro.A evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\YTAHelper\YTAHelper.dll.vir"
sh=8C84AA91503F55C311397D797115A8E71932F0D2 ft=1 fh=81a7e72cd3366518 vn="Variante von Win32/SBWatchman.D evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\YTAHelper\YTAHelper64.dll.vir"
sh=C45212EE737187F879F34651004F8B1EBBE6E1A5 ft=1 fh=e8c47c9c9fdf109b vn="Win64/ShopperPro.B evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\YTAHelper\JSDriver\jsdrv.sys.vir"
sh=5D8FCFFC982C8A3B13173E63B9E41EAE6E85CE31 ft=0 fh=0000000000000000 vn="JS/ShopperPro.A evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\ShopperPro\database1_0_0.json.vir"
sh=25B0D10131D7E6CE06C35FC17D35FBC0155E3B92 ft=1 fh=be8ecd58c861b44a vn="Variante von Win32/ShopperPro.A evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\YTAHelper\YTAHelper.dll.vir"
sh=8C84AA91503F55C311397D797115A8E71932F0D2 ft=1 fh=81a7e72cd3366518 vn="Variante von Win32/SBWatchman.D evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\YTAHelper\YTAHelper64.dll.vir"
sh=DD6FCCEDC3FD751B163389DB9F1C3BC91CFDADC0 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.O evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\VanessaundUwe\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnlomafmkpiclmaaekkhpoecnclldmaa\1.26.104_0\extensionData\plugins\14_CrossriderUtils.js.vir"
sh=3B861553E2E5AB5258BAE46D7A6FD4EAE9705B69 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.G evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\VanessaundUwe\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnlomafmkpiclmaaekkhpoecnclldmaa\1.26.104_0\extensionData\plugins\19_CHAppAPIWrapper.js.vir"
sh=63D3217BF16BFB37091DD90C82E573D8CA13F08E ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.F evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\VanessaundUwe\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnlomafmkpiclmaaekkhpoecnclldmaa\1.26.104_0\extensionData\plugins\1_base.js.vir"
sh=5902FC10054355A5B8B9CC41620445BAA0F1D0AB ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.F evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\VanessaundUwe\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnlomafmkpiclmaaekkhpoecnclldmaa\1.26.104_0\extensionData\plugins\21_debug.js.vir"
sh=9968E7101A0C09D5340EE60D45B074AB1C8302C2 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.S evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\VanessaundUwe\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnlomafmkpiclmaaekkhpoecnclldmaa\1.26.104_0\extensionData\plugins\22_resources.js.vir"
sh=57F2136CD86B69E88017E3346CF16BE0C2A51A2B ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.F evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\VanessaundUwe\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnlomafmkpiclmaaekkhpoecnclldmaa\1.26.104_0\extensionData\plugins\28_initializer.js.vir"
sh=2EBC101982648313FFE20510A6C6754410F9D89B ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.M evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\VanessaundUwe\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnlomafmkpiclmaaekkhpoecnclldmaa\1.26.104_0\extensionData\plugins\47_resources_background.js.vir"
sh=148CA44D7C0A3E2F5E2A3D38EFC5D999D2701A84 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.P evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\VanessaundUwe\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnlomafmkpiclmaaekkhpoecnclldmaa\1.26.104_0\extensionData\plugins\64_appApiMessage.js.vir"
sh=02E56AAFE10A8928A4C7E6CE7AC4AD724982177A ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.N evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\VanessaundUwe\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnlomafmkpiclmaaekkhpoecnclldmaa\1.26.104_0\extensionData\plugins\97_resourceApiWrapper.js.vir"
sh=712BF29726C0BD86DF7199F352E8A5712FCC4888 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.E evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\VanessaundUwe\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnlomafmkpiclmaaekkhpoecnclldmaa\1.26.104_0\js\background.js.vir"
sh=217BF64EC5C0F57FC5B0433381F5B95B0E9B8275 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.S evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\VanessaundUwe\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnlomafmkpiclmaaekkhpoecnclldmaa\1.26.104_0\js\main.js.vir"
sh=832ADA6E9B2673CA1DE314A566FF76316F0A2997 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.G evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\VanessaundUwe\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnlomafmkpiclmaaekkhpoecnclldmaa\1.26.104_0\js\api\chrome.js.vir"
sh=0D01342DDB5A9F7675623FB5C025962E25A56075 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.G evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\VanessaundUwe\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnlomafmkpiclmaaekkhpoecnclldmaa\1.26.104_0\js\api\cookie.js.vir"
sh=FD2A3FEFF97D325433D2011C5ED5755B6D6A8FAA ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.G evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\VanessaundUwe\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnlomafmkpiclmaaekkhpoecnclldmaa\1.26.104_0\js\api\message.js.vir"
sh=CA4563F63D05349DF3C504C456185B7559177496 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.G evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\VanessaundUwe\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnlomafmkpiclmaaekkhpoecnclldmaa\1.26.104_0\js\lib\bg_app_api.js.vir"
sh=6B8D57805A81A0C2A68E87C410FF89D15BB71CC9 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.H evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\VanessaundUwe\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnlomafmkpiclmaaekkhpoecnclldmaa\1.26.104_0\js\lib\cookie_store.js.vir"
sh=CCE2C38E8E351E54EF7624D60D5C8E8943A8C1D9 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.F evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\VanessaundUwe\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnlomafmkpiclmaaekkhpoecnclldmaa\1.26.104_0\js\lib\crossriderAPI.js.vir"
sh=EDB82EF0A2AC160256F1A5C49F0778E3A42AC559 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.G evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\VanessaundUwe\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnlomafmkpiclmaaekkhpoecnclldmaa\1.26.104_0\js\lib\events.js.vir"
sh=902E327ADBC89F0A47999D10E7F6F6554CFCC0F4 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.G evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\VanessaundUwe\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnlomafmkpiclmaaekkhpoecnclldmaa\1.26.104_0\js\lib\onBGDocumentLoad.js.vir"
sh=09D5AE4A80F65C6B9123A1F494E3E181BF3C46FD ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.G evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\VanessaundUwe\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnlomafmkpiclmaaekkhpoecnclldmaa\1.26.104_0\js\lib\reports.js.vir"
sh=BE038417E468CAA3BBA91CFFD2F554922504407C ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.G evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\VanessaundUwe\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnlomafmkpiclmaaekkhpoecnclldmaa\1.26.104_0\js\lib\util.js.vir"
sh=D88F73897D0415B880A52D98AACBCBA8372956B2 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.G evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\VanessaundUwe\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnlomafmkpiclmaaekkhpoecnclldmaa\1.26.104_0\js\lib\xhr.js.vir"
sh=E0B3E8879FCE6F7DBEF9FF7F3565634DE39185D1 ft=1 fh=87edca75966e4e29 vn="Win32/Somoto.I evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\VanessaundUwe\AppData\Local\webplayer\Uninstall.exe.vir"
sh=4C1A2BEACA0702A3EA3EF5005CD064605850813E ft=1 fh=c71c0011871ed107 vn="Win32/Somoto.I evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\VanessaundUwe\AppData\Local\webplayer\AppsHat\WebPlayer.exe.vir"
sh=B0771A929A9624C256B45124E6F0C999707380E8 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.G evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\VanessaundUwe\AppData\Roaming\Mozilla\Firefox\Profiles\z7otxyyl.default\Extensions\05dd836e-2cbd-4204-9ff3-2f8a8665967d@a8876730-fb0c-4057-a2fc-f9c09d438e81.com\chrome\content\core\xhr.js.vir"
sh=F2B6C01B0C8E3FDDC1D1FF717405839AF5E87C45 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.O evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\VanessaundUwe\AppData\Roaming\Mozilla\Firefox\Profiles\z7otxyyl.default\Extensions\05dd836e-2cbd-4204-9ff3-2f8a8665967d@a8876730-fb0c-4057-a2fc-f9c09d438e81.com\extensionData\plugins\14_CrossriderUtils.js.vir"
sh=63D3217BF16BFB37091DD90C82E573D8CA13F08E ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.F evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\VanessaundUwe\AppData\Roaming\Mozilla\Firefox\Profiles\z7otxyyl.default\Extensions\05dd836e-2cbd-4204-9ff3-2f8a8665967d@a8876730-fb0c-4057-a2fc-f9c09d438e81.com\extensionData\plugins\1_base.js.vir"
sh=5902FC10054355A5B8B9CC41620445BAA0F1D0AB ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.F evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\VanessaundUwe\AppData\Roaming\Mozilla\Firefox\Profiles\z7otxyyl.default\Extensions\05dd836e-2cbd-4204-9ff3-2f8a8665967d@a8876730-fb0c-4057-a2fc-f9c09d438e81.com\extensionData\plugins\21_debug.js.vir"
sh=9968E7101A0C09D5340EE60D45B074AB1C8302C2 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.S evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\VanessaundUwe\AppData\Roaming\Mozilla\Firefox\Profiles\z7otxyyl.default\Extensions\05dd836e-2cbd-4204-9ff3-2f8a8665967d@a8876730-fb0c-4057-a2fc-f9c09d438e81.com\extensionData\plugins\22_resources.js.vir"
sh=57F2136CD86B69E88017E3346CF16BE0C2A51A2B ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.F evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\VanessaundUwe\AppData\Roaming\Mozilla\Firefox\Profiles\z7otxyyl.default\Extensions\05dd836e-2cbd-4204-9ff3-2f8a8665967d@a8876730-fb0c-4057-a2fc-f9c09d438e81.com\extensionData\plugins\28_initializer.js.vir"
sh=2EBC101982648313FFE20510A6C6754410F9D89B ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.M evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\VanessaundUwe\AppData\Roaming\Mozilla\Firefox\Profiles\z7otxyyl.default\Extensions\05dd836e-2cbd-4204-9ff3-2f8a8665967d@a8876730-fb0c-4057-a2fc-f9c09d438e81.com\extensionData\plugins\47_resources_background.js.vir"
sh=148CA44D7C0A3E2F5E2A3D38EFC5D999D2701A84 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.P evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\VanessaundUwe\AppData\Roaming\Mozilla\Firefox\Profiles\z7otxyyl.default\Extensions\05dd836e-2cbd-4204-9ff3-2f8a8665967d@a8876730-fb0c-4057-a2fc-f9c09d438e81.com\extensionData\plugins\64_appApiMessage.js.vir"
sh=5D8FCFFC982C8A3B13173E63B9E41EAE6E85CE31 ft=0 fh=0000000000000000 vn="JS/ShopperPro.A evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\VanessaundUwe\AppData\Roaming\Mozilla\Firefox\Profiles\z7otxyyl.default\Extensions\{746505DC-0E21-4667-97F8-72EA6BCF5EEF}\content\database1_0_0.json.vir"
sh=EA043247F0C7F42154CA6ACE4CFF5912BE0BED7C ft=0 fh=0000000000000000 vn="JS/ShopperPro.A evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\VanessaundUwe\AppData\Roaming\Mozilla\Firefox\Profiles\z7otxyyl.default\Extensions\{746505DC-0E21-4667-97F8-72EA6BCF5EEF}\content\overlay.js.vir"
sh=92962813AB03375D06DEEC70F8B145DFD7444489 ft=1 fh=be60b5ebbf004ae2 vn="Variante von Win32/SpeedUpMyPC.F evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\VanessaundUwe\AppData\Roaming\OpenCandy\C685006B10964277BD451AF946908138\speedupmypcDE.exe.vir"
sh=9CE7CAB0E90C9116073463BD29302A47E8865150 ft=1 fh=a231b81eed0aed7a vn="Variante von Win32/Kryptik.EXNU Trojaner" ac=I fn="C:\FRST\Quarantine\C\ProgramData\adhesion-8\adhesion-26.exe"
sh=B97F71C079DBA93138DBC4DE8216C95DAE9365C7 ft=1 fh=989b7c0349de3072 vn="Variante von Win32/Kryptik.EXPI Trojaner" ac=I fn="C:\FRST\Quarantine\C\ProgramData\hardness-79\hardness-27.exe"
sh=2661334264C77EA06500B2B7EABAD079D18E33F1 ft=1 fh=e75739334fb510e0 vn="Variante von Win32/Kryptik.EXPI Trojaner" ac=I fn="C:\FRST\Quarantine\C\Users\VanessaundUwe\AppData\Roaming\meson-0\meson-2.exe.xBAD"
sh=F4C9795DDFB79BE132817EC7F991537853AC8EE1 ft=1 fh=c71c001103a2644d vn="Variante von Win32/AdWare.RegTweaker.A Anwendung" ac=I fn="C:\Program Files (x86)\RegTweaker\RegTweaker.exe"
sh=A9F6A3299D8E5A8B0F8F18915521C8B3E7C9F864 ft=1 fh=a874d3fc82897e2d vn="Variante von Win32/Toolbar.Conduit.P evtl. unerwÃ¼nschte Anwendung" ac=I fn="D:\TOOLS\Medion MediaPack\medion_mediapack_2_ext.exe"

Code:

ATTFilter


	Code: 

 ATTFilter

  
	HitmanPro 3.7.14.265
www.hitmanpro.com

   Computer name . . . . : ANUKET
   Windows . . . . . . . : 10.0.0.10586.X64/4
   User name . . . . . . : ANUKET\VanessaundUwe
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Free

   Scan date . . . . . . : 2016-05-19 08:13:03
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 11m 45s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No

   Threats . . . . . . . : 5
   Traces  . . . . . . . : 7

   Objects scanned . . . : 1.930.466
   Files scanned . . . . : 64.549
   Remnants scanned  . . : 479.302 files / 1.386.615 keys

Malware _____________________________________________________________________

   C:\FRST\Quarantine\C\ProgramData\adhesion-8\adhesion-26.exe
      Size . . . . . . . : 611.416 bytes
      Age  . . . . . . . : 1.4 days (2016-05-17 21:40:40)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 46203B92630CBE59F4EF1EF5F63FB08F33297E2D214525C0D71160BDE1F4C393
      RSA Key Size . . . : 1024
      Authenticode . . . : Invalid
    > Bitdefender  . . . : Trojan.Agent.BTIM
    > Kaspersky  . . . . : HEUR:Trojan.Win32.Generic
      Fuzzy  . . . . . . : 136.0
      Forensic Cluster
          0.0s C:\FRST\Quarantine\C\ProgramData\adhesion-8\
          0.0s C:\FRST\Quarantine\C\ProgramData\adhesion-8\adhesion-26.exe

   C:\FRST\Quarantine\C\ProgramData\hardness-79\hardness-27.exe
      Size . . . . . . . : 812.032 bytes
      Age  . . . . . . . : 1.7 days (2016-05-17 16:20:36)
      Entropy  . . . . . : 7.1
      SHA-256  . . . . . : 3110FD89C2A3C8299A9D430B9DBB401681E13C90021D4D4AFBC543906ED3640E
      Product  . . . . . : ReGet2
      Publisher  . . . . : ReGet Software
      Description  . . . : ReGet 2.2
      Version  . . . . . : 2,2,0,265
      Copyright  . . . . : Copyright (c) 1996-2005 by ReGet Software (support@reget.com)
      LanguageID . . . . : 1033
    > Bitdefender  . . . : Gen:Variant.Adware.Razy.56200
      Fuzzy  . . . . . . : 106.0
      Forensic Cluster
          0.0s C:\FRST\Quarantine\C\ProgramData\hardness-79\
          0.0s C:\FRST\Quarantine\C\ProgramData\hardness-79\hardness-27.exe
          1.9s C:\ProgramData\Kaspersky Lab\AVP16.0.0\SysWHist\file_cache\fb7f9372ffdbc82526395968497e648e.bin

   C:\FRST\Quarantine\C\Users\VanessaundUwe\AppData\Roaming\bionics-3\bionics-53.exe
      Size . . . . . . . : 767.488 bytes
      Age  . . . . . . . : 1.8 days (2016-05-17 13:20:54)
      Entropy  . . . . . : 7.2
      SHA-256  . . . . . : 4BA2D1D7367515B976E04E800A8E1A2AA1D2378CDB8BD1AF42B020460F15915A
      Version  . . . . . : 1.0.0.0
    > Bitdefender  . . . : Trojan.Agent.BTII
    > Kaspersky  . . . . : Trojan.Win32.Waldek.nwm
      Fuzzy  . . . . . . : 109.0
      Forensic Cluster
          0.0s C:\FRST\Quarantine\C\Users\VanessaundUwe\AppData\Roaming\bionics-3\
          0.0s C:\FRST\Quarantine\C\Users\VanessaundUwe\AppData\Roaming\bionics-3\bionics-53.exe
          0.5s C:\ProgramData\Kaspersky Lab\AVP16.0.0\SysWHist\file_cache\53a997a49e1b38823eaea2643b121356.bin

   C:\Program Files\KMSpico\AutoPico.exe
      Size . . . . . . . : 517.120 bytes
      Age  . . . . . . . : 121.5 days (2016-01-18 19:53:54)
      Entropy  . . . . . : 5.8
      SHA-256  . . . . . : 7AE00B292E7196E05E1666FBF64FA079CD605E33058E2957088B97CDFCE68BB8
      Needs elevation  . : Yes
      Product  . . . . . : AutoPico
      LanguageID . . . . : 0
    > Bitdefender  . . . : Trojan.Dropper.VQK
      Fuzzy  . . . . . . : 106.0
      References
         C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico\AutoPico.lnk

   C:\ProgramData\KMSAutoS\KMSAuto Net.exe
      Size . . . . . . . : 6.977.272 bytes
      Age  . . . . . . . : 225.6 days (2015-10-06 17:49:55)
      Entropy  . . . . . : 7.1
      SHA-256  . . . . . : 69A8AE6352CFFD366409DF8E566E84315B4BFFCF5865A4B8079C446123BA1D26
      Needs elevation  . : Yes
      Product  . . . . . : KMSAuto Net
      Publisher  . . . . : MSFree Inc.
      Description  . . . : KMSAuto Net
      Version  . . . . . : 1.3.8
      RSA Key Size . . . : 1024
      LanguageID . . . . : 0
      Authenticode . . . : Self-signed
    > Bitdefender  . . . : Application.Hacktool.ME
      Fuzzy  . . . . . . : 105.0


Suspicious files ____________________________________________________________

   C:\Users\VanessaundUwe\Desktop\FRST64.exe
      Size . . . . . . . : 2.382.336 bytes
      Age  . . . . . . . : 3.0 days (2016-05-16 09:01:56)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 85935D11765EB841A719AF85915D35861444F041C078C58774D682F391EDCD45
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.

17.05.2016, 20:27	#8
M-K-D-B /// TB-Ausbilder	Windows 10: Onlinebanking und angebliche "Fehlüberweisung" Servus, bitte FRST nochmal zur Kontrolle: Starte die FRST.exe erneut. Setze einen Haken vor Addition.txt und drücke auf Untersuchen. FRST erstellt wieder zwei Logdateien (FRST.txt und Addition.txt). Poste mir beide Logdateien mit deiner nächsten Antwort.

Windows 10: Onlinebanking und angebliche "Fehlüberweisung"

Plagegeister aller Art und deren Bekämpfung: Windows 10: Onlinebanking und angebliche "Fehlüberweisung"