Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Problem beim Starten von .dll - Das angebene Modul wurde nicht gefunden

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 31.12.2015, 19:35   #1
akakesios
 
Problem beim Starten von .dll - Das angebene Modul wurde nicht gefunden - Standard

Problem beim Starten von .dll - Das angebene Modul wurde nicht gefunden



Hallo Trojaner-Board,

ich glaube mir was eingefangen zu haben. Nach dem Hochfahren erhalte ich zwei ähnliche Fehlermeldungen, die Run DLL betreffen: Problem beim Starten von VideoCall.dll und bdyp.dll - Das angegebene Modul wurde nicht gefunden.

Ich hoffe mir kann hier jemand weiterhelfen.

Vielen Dank

Alt 01.01.2016, 14:21   #2
M-K-D-B
/// TB-Ausbilder
 
Problem beim Starten von .dll - Das angebene Modul wurde nicht gefunden - Standard

Problem beim Starten von .dll - Das angebene Modul wurde nicht gefunden






Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen.


Bitte beachte folgende Hinweise:
  • Falls wir Hinweise auf illegal erworbene Software finden, werden wir den Support unterbrechen bis jegliche Art von illegaler Software vom Rechner entfernt wurde.
  • Lies dir die Anleitungen sorgfältig durch. Solltest du Probleme haben, stoppe mit deiner Bearbeitung und beschreibe mir dein Problem so gut es geht.
  • Solltest du mir nicht innerhalb von 3 Tagen antworten, gehe ich davon aus, dass du keine Hilfe mehr benötigst. Dann lösche ich dein Thema aus meinem Abo. Solltest du einmal länger abwesend sein, so gib mir bitte Bescheid!
  • Während der Bereinigung bitte nichts installieren oder deinstallieren, außer ich bitte dich darum!
  • Bitte beachten: Download bei filepony.de: So ladet Ihr unsere Tools richtig!
  • Alle zu verwendenen Programme sind auf dem Desktop abzuspeichern und von dort als Administrator zu starten!



Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab und poste alle Logdateien in CODE-Tags:
So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert deinem Helfer massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke aauf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

Danke für deine Mitarbeit!




Zur ersten Analyse bitte FRST und TDSS-Killer ausführen:



Schritt 1
Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)






Schritt 2
Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.







Bitte poste mit deiner nächsten Antwort
  • die Logdatei von TDSS-Killer,
  • die beiden neuen Logdateien von FRST.
__________________

__________________

Alt 01.01.2016, 14:44   #3
akakesios
 
Problem beim Starten von .dll - Das angebene Modul wurde nicht gefunden - Standard

Logfiles



Hallo Matthias,

vielen Dank für deine Hilfe! Hier die Logfiles:


FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:31-12-2015
Ran by Imre (administrator) on LENOVO-G710 (01-01-2016 14:31:06)
Running from C:\Users\Imre\Desktop
Loaded Profiles: Imre & UpdatusUser (Available Profiles: Imre & UpdatusUser)
Platform: Windows 10 Pro Version 1511 (X64) Language: Englisch (Vereinigte Staaten)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
(Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\acrotray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\System32\NetworkUXBroker.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.1208.10480.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\System32\DataExchangeHost.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtsFT] => C:\WINDOWS\RTFTrack.exe [6340312 2013-09-03] (Realtek semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [286056 2013-09-24] (Intel Corporation)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161728 2015-08-09] (IvoSoft)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500936 2015-03-30] (Adobe Systems Incorporated)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1703424 2013-08-12] (IDT, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3944136 2015-06-03] (Synaptics Incorporated)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [707984 2014-11-19] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe [1856184 2015-09-30] (Adobe Systems Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-11-09] (Oracle Corporation)
HKU\S-1-5-21-253609680-664229831-636946120-1001\...\Run: [Lync] => C:\Program Files\Microsoft Office\Office15\lync.exe [27888296 2015-11-18] (Microsoft Corporation)
HKU\S-1-5-21-253609680-664229831-636946120-1001\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [465920 2015-10-30] (Microsoft Corporation)
HKU\S-1-5-21-253609680-664229831-636946120-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8590760 2015-12-08] (Piriform Ltd)
HKU\S-1-5-21-253609680-664229831-636946120-1002\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [517632 2015-10-30] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2015-08-09] (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2015-08-09] (IvoSoft)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\..\Interfaces\{8a330995-3d46-434b-845d-143a4014b084}: [NameServer] 134.95.127.1,134.95.9.74
Tcpip\..\Interfaces\{e4711dd0-76b8-4f0d-9a42-dbf93871a84c}: [DhcpNameServer] 80.69.100.108 80.69.100.204

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\S-1-5-21-253609680-664229831-636946120-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.de/?gws_rd=ssl
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-11-18] (Microsoft Corporation)
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2015-08-09] (IvoSoft)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-09-30] (Adobe Systems Incorporated)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-11-10] (Microsoft Corporation)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2015-08-09] (IvoSoft)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-09-30] (Adobe Systems Incorporated)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2015-11-18] (Microsoft Corporation)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2015-08-09] (IvoSoft)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2015-11-27] (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-09-30] (Adobe Systems Incorporated)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-11-10] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-11-27] (Oracle Corporation)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2015-08-09] (IvoSoft)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-09-30] (Adobe Systems Incorporated)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2015-08-09] (IvoSoft)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-09-30] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2015-08-09] (IvoSoft)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-09-30] (Adobe Systems Incorporated)
DPF: HKLM-x32 {538793D5-659C-4639-A56C-A179AD87ED44} hxxps://vpngate.uni-koeln.de/CACHE/stc/1/binaries/vpnweb.cab
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2015-02-17] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\Imre\AppData\Roaming\Mozilla\Firefox\Profiles\civ9thwh.default
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_20_0_0_267.dll [2015-12-29] ()
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-03-09] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_267.dll [2015-12-29] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-11-27] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-11-27] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-11-18] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-03-09] (Adobe Systems)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-11-18] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat DC - Create PDF - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn [2015-09-13] [not signed]
StartMenuInternet: FIREFOX.EXE - firefox.exe
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\432D46648BB2740E3F334A083E170B17432D [2015-12-30] <==== ATTENTION

Chrome: 
=======
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2251992 2015-03-27] (Broadcom Corporation.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [14696 2013-09-24] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [351120 2015-07-17] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [338944 2013-08-12] (IDT, Inc.) [File not signed]
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [249032 2015-06-03] (Synaptics Incorporated)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [173312 2015-03-27] (Broadcom Corporation.)
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [7585280 2015-10-30] (Broadcom Corporation)
S3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30264 2015-08-16] (Disc Soft Ltd)
R0 IntelHSWPcc; C:\Windows\System32\drivers\IntelPcc.sys [74344 2013-07-03] (Intel Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverW8x64.sys [193336 2015-09-04] (Intel Corporation)
R3 rtsuvc; C:\Windows\system32\DRIVERS\rtsuvc.sys [8874712 2013-09-03] (Realtek Semiconductor Corp.)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [42696 2015-06-03] (Synaptics Incorporated)
R3 vpnva; C:\Windows\System32\drivers\vpnva64-6.sys [52592 2014-11-19] (Cisco Systems, Inc.)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-01 14:31 - 2016-01-01 14:31 - 00016704 _____ C:\Users\Imre\Desktop\FRST.txt
2016-01-01 14:30 - 2016-01-01 14:31 - 00000000 ____D C:\FRST
2016-01-01 14:29 - 2016-01-01 14:29 - 04727984 _____ (Kaspersky Lab ZAO) C:\Users\Imre\Desktop\tdsskiller.exe
2016-01-01 14:28 - 2016-01-01 14:28 - 02370560 _____ (Farbar) C:\Users\Imre\Desktop\FRST64.exe
2015-12-31 18:52 - 2015-12-31 18:57 - 00000000 ____D C:\Users\Imre\Desktop\SysinternalsSuite
2015-12-31 18:17 - 2015-12-31 18:42 - 00000000 ____D C:\AdwCleaner
2015-12-30 18:40 - 2015-12-30 18:40 - 22908888 _____ (Malwarebytes ) C:\Users\Imre\Downloads\mbam-setup-org-2.2.0.1024.exe
2015-12-30 14:38 - 2015-12-30 14:38 - 00002860 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2015-12-30 14:38 - 2015-12-30 14:38 - 00000000 ____D C:\Program Files\CCleaner
2015-12-30 14:37 - 2015-12-30 14:37 - 00003290 _____ C:\WINDOWS\System32\Tasks\Sunrise
2015-12-30 14:26 - 2015-12-30 14:29 - 00023712 _____ (Corporation) C:\WINDOWS\system32\Drivers\sdfhgdf.sys
2015-12-30 14:26 - 2015-12-30 14:26 - 00187904 _____ C:\WINDOWS\rsrcs.dll
2015-12-30 14:26 - 2015-12-30 14:26 - 00000000 ____D C:\Users\Public\Documents\Baidu
2015-12-30 14:25 - 2015-12-30 14:25 - 00003242 _____ C:\WINDOWS\System32\Tasks\Video Call
2015-12-30 14:25 - 2015-12-30 14:25 - 00003234 _____ C:\WINDOWS\System32\Tasks\Video Call2
2015-12-30 14:24 - 2015-12-30 14:23 - 00001886 _____ C:\WINDOWS\system32\Drivers\etc\hp.bak
2015-12-30 14:20 - 2015-12-30 14:42 - 00000000 ____D C:\Users\Imre\AppData\Local\Omrkics
2015-12-30 14:16 - 2015-12-30 20:43 - 00000000 ____D C:\Program Files (x86)\Microsoft Toolkit Final
2015-12-29 15:13 - 2015-12-29 15:13 - 06968048 _____ (IvoSoft) C:\Users\Imre\Desktop\ClassicShellSetup_4_2_5.exe
2015-12-29 14:06 - 2015-12-29 14:06 - 00026058 _____ C:\Users\Imre\Desktop\Schreiben Vermieter.pdf
2015-12-29 13:12 - 2015-12-30 14:48 - 00000000 ____D C:\WINDOWS\Minidump
2015-12-18 16:24 - 2015-12-07 05:57 - 00973664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2015-12-18 16:24 - 2015-12-07 05:55 - 01281376 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2015-12-18 16:24 - 2015-12-07 05:48 - 02544256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2015-12-18 16:24 - 2015-12-07 05:48 - 02180136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2015-12-18 16:24 - 2015-12-07 05:48 - 01299504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
2015-12-18 16:24 - 2015-12-07 05:48 - 01155944 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2015-12-18 16:24 - 2015-12-07 05:48 - 01118208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2015-12-18 16:24 - 2015-12-07 05:48 - 01092456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2015-12-18 16:24 - 2015-12-07 05:48 - 01065080 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2015-12-18 16:24 - 2015-12-07 05:48 - 01020096 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
2015-12-18 16:24 - 2015-12-07 05:48 - 00983464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2015-12-18 16:24 - 2015-12-07 05:48 - 00884256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2015-12-18 16:24 - 2015-12-07 05:48 - 00823264 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2015-12-18 16:24 - 2015-12-07 05:48 - 00794888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
2015-12-18 16:24 - 2015-12-07 05:48 - 00696160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2015-12-18 16:24 - 2015-12-07 05:48 - 00670928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
2015-12-18 16:24 - 2015-12-07 05:48 - 00526856 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfreadwrite.dll
2015-12-18 16:24 - 2015-12-07 05:48 - 00502112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2015-12-18 16:24 - 2015-12-07 05:48 - 00498448 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2015-12-18 16:24 - 2015-12-07 05:48 - 00462760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfreadwrite.dll
2015-12-18 16:24 - 2015-12-07 05:48 - 00450904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll
2015-12-18 16:24 - 2015-12-07 05:48 - 00337840 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFPlay.dll
2015-12-18 16:24 - 2015-12-07 05:48 - 00289248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFPlay.dll
2015-12-18 16:24 - 2015-12-07 05:48 - 00245848 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2015-12-18 16:24 - 2015-12-07 05:47 - 00925064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2015-12-18 16:24 - 2015-12-07 05:47 - 00898184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll
2015-12-18 16:24 - 2015-12-07 05:47 - 00716928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2015-12-18 16:24 - 2015-12-07 05:46 - 03671888 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-12-18 16:24 - 2015-12-07 05:46 - 02919320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-12-18 16:24 - 2015-12-07 05:45 - 00264544 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll
2015-12-18 16:24 - 2015-12-07 05:15 - 01035776 _____ (Microsoft Corporation) C:\WINDOWS\system32\XboxNetApiSvc.dll
2015-12-18 16:24 - 2015-12-07 05:10 - 00824320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2015-12-18 16:24 - 2015-12-07 05:07 - 16984064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2015-12-18 16:24 - 2015-12-07 05:06 - 00572928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2015-12-18 16:24 - 2015-12-07 05:06 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2015-12-18 16:24 - 2015-12-07 05:03 - 13017600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2015-12-18 16:24 - 2015-12-07 05:02 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2015-12-18 16:24 - 2015-12-07 05:01 - 00543232 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2015-12-18 16:24 - 2015-12-07 05:00 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSFlacDecoder.dll
2015-12-18 16:24 - 2015-12-07 05:00 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2015-12-18 16:24 - 2015-12-07 04:59 - 00558080 _____ (Microsoft Corporation) C:\WINDOWS\system32\MBMediaManager.dll
2015-12-18 16:24 - 2015-12-07 04:59 - 00292352 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2015-12-18 16:24 - 2015-12-07 04:59 - 00286208 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll
2015-12-18 16:24 - 2015-12-07 04:58 - 24601600 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-12-18 16:24 - 2015-12-07 04:58 - 00459776 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2015-12-18 16:24 - 2015-12-07 04:56 - 00607232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2015-12-18 16:24 - 2015-12-07 04:56 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmkvsrcsnk.dll
2015-12-18 16:24 - 2015-12-07 04:53 - 19339264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-12-18 16:24 - 2015-12-07 04:53 - 00381952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll
2015-12-18 16:24 - 2015-12-07 04:51 - 01318912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2015-12-18 16:24 - 2015-12-07 04:50 - 01131520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Audio.dll
2015-12-18 16:24 - 2015-12-07 04:49 - 01105920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Audio.dll
2015-12-18 16:24 - 2015-12-07 04:47 - 03428864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2015-12-18 16:24 - 2015-12-07 04:45 - 02582016 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2015-12-18 16:24 - 2015-12-07 04:45 - 00900608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.dll
2015-12-18 16:24 - 2015-12-07 04:45 - 00683008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.dll
2015-12-18 16:24 - 2015-12-07 04:44 - 02796032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2015-12-18 16:24 - 2015-12-07 04:43 - 02598400 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2015-12-18 16:24 - 2015-12-07 04:43 - 00931328 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSMPEG2ENC.DLL
2015-12-18 16:24 - 2015-12-07 04:41 - 02061824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2015-12-18 16:24 - 2015-12-07 04:40 - 01995776 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2015-12-18 16:24 - 2015-12-07 04:40 - 01706496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
2015-12-18 16:23 - 2015-12-07 05:49 - 00412512 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifitask.exe
2015-12-18 16:23 - 2015-12-07 05:48 - 00115040 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2015-12-18 16:23 - 2015-12-07 05:48 - 00084832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2015-12-18 16:23 - 2015-12-07 05:47 - 00116720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2015-12-18 16:23 - 2015-12-07 05:15 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.XboxLive.ProxyStub.dll
2015-12-18 16:23 - 2015-12-07 05:09 - 00133120 _____ (Microsoft Corporation) C:\WINDOWS\system32\flvprophandler.dll
2015-12-18 16:23 - 2015-12-07 05:09 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanagerprecheck.dll
2015-12-18 16:23 - 2015-12-07 05:09 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorageUsage.dll
2015-12-18 16:23 - 2015-12-07 05:07 - 00134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wificonnapi.dll
2015-12-18 16:23 - 2015-12-07 05:07 - 00077312 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvPluginEng.dll
2015-12-18 16:23 - 2015-12-07 05:06 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCore.dll
2015-12-18 16:23 - 2015-12-07 05:05 - 00192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
2015-12-18 16:23 - 2015-12-07 05:05 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\BackgroundTransferHost.exe
2015-12-18 16:23 - 2015-12-07 05:04 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll
2015-12-18 16:23 - 2015-12-07 05:04 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\provtool.exe
2015-12-18 16:23 - 2015-12-07 05:02 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2015-12-18 16:23 - 2015-12-07 05:01 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BackgroundTransferHost.exe
2015-12-18 16:23 - 2015-12-07 05:00 - 00618496 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2015-12-18 16:23 - 2015-12-07 05:00 - 00203776 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2015-12-18 16:23 - 2015-12-07 04:59 - 00165376 _____ (Microsoft Corporation) C:\WINDOWS\system32\provdatastore.dll
2015-12-18 16:23 - 2015-12-07 04:57 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2015-12-18 16:23 - 2015-12-07 04:57 - 00387072 _____ (Microsoft Corporation) C:\WINDOWS\system32\qdvd.dll
2015-12-18 16:23 - 2015-12-07 04:57 - 00270848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSFlacDecoder.dll
2015-12-18 16:23 - 2015-12-07 04:55 - 07979008 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2015-12-18 16:23 - 2015-12-07 04:55 - 00346112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2015-12-18 16:23 - 2015-12-07 04:54 - 00850432 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2015-12-18 16:23 - 2015-12-07 04:54 - 00569856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qdvd.dll
2015-12-18 16:23 - 2015-12-07 04:51 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll
2015-12-18 16:23 - 2015-12-07 04:48 - 06297088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2015-12-18 16:23 - 2015-12-07 04:40 - 03593216 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2015-12-18 16:23 - 2015-12-07 04:39 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2015-12-18 16:23 - 2015-12-07 04:38 - 00871936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSMPEG2ENC.DLL
2015-12-18 16:23 - 2015-12-07 04:33 - 00375296 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDEServer.exe
2015-12-18 16:23 - 2015-12-07 04:32 - 00126464 _____ (Microsoft Corporation) C:\WINDOWS\system32\dialserver.dll
2015-12-15 23:06 - 2015-12-15 23:06 - 00000000 ____D C:\Users\Imre\AppData\Roaming\IDT
2015-12-15 22:59 - 2015-12-15 22:59 - 00000000 ____D C:\Users\Imre\AppData\Local\ElevatedDiagnostics
2015-12-15 21:16 - 2015-12-15 21:16 - 00247450 _____ C:\Users\Imre\Desktop\Malte Willer - Der Wahrheitsbegriff in Martin Heideggers Sein und Zeit.pdf
2015-12-15 21:03 - 2015-12-30 14:25 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-12-12 14:25 - 2015-12-12 14:38 - 00000000 ____D C:\Users\Imre\Desktop\Bloch Wörtebuch
2015-12-11 22:38 - 2015-12-11 22:36 - 01507612 _____ C:\Users\Imre\Desktop\07. Josef Seifert - Was ist Philosophie. Die Antwort der Realistischen Phänomenologie.pdf
2015-12-10 20:22 - 2015-12-10 20:22 - 05524211 _____ C:\Users\Imre\Desktop\Sabine Obermaier - Tiere und Fabelwesen im Mittelalter.pdf
2015-12-10 18:19 - 2015-12-10 18:19 - 03461629 _____ C:\Users\Imre\Desktop\Johannes Hübner - Einführung in die theoretische Philosophie.pdf
2015-12-10 17:25 - 2015-12-10 17:37 - 00000000 ____D C:\Users\Imre\Desktop\Kuno Lorenz
2015-12-10 16:34 - 2015-12-10 16:34 - 02720698 _____ C:\Users\Imre\Desktop\Fragmenta · Fragmente.pdf
2015-12-10 16:25 - 2015-12-10 16:25 - 14278318 _____ C:\Users\Imre\Desktop\Ludger Hoffmann - Sprachwissenschaft. Ein Reader.pdf
2015-12-09 22:48 - 2015-12-09 22:48 - 00899384 _____ C:\Users\Imre\Desktop\[Dan_Zahavi]_The_Oxford_Handbook_of_Contemporary_P(BookZZ.org).zip
2015-12-08 20:19 - 2015-12-31 19:03 - 00000000 ____D C:\WINDOWS\PCHEALTH
2015-12-08 19:42 - 2015-12-08 19:42 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2015-12-08 19:30 - 2015-12-01 08:12 - 02152800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2015-12-08 19:30 - 2015-11-24 13:07 - 01817160 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-12-08 19:30 - 2015-11-24 12:06 - 01540768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-12-08 19:30 - 2015-11-24 11:26 - 01399224 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2015-12-08 19:30 - 2015-11-24 11:01 - 02756096 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2015-12-08 19:30 - 2015-11-24 10:54 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\readingviewresources.dll
2015-12-08 19:30 - 2015-11-24 10:53 - 00115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-12-08 19:30 - 2015-11-24 10:45 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshrm.dll
2015-12-08 19:30 - 2015-11-24 10:37 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rmcast.sys
2015-12-08 19:30 - 2015-11-24 10:26 - 01337240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2015-12-08 19:30 - 2015-11-24 10:19 - 00182784 _____ (Microsoft Corporation) C:\WINDOWS\system32\shutdownux.dll
2015-12-08 19:30 - 2015-11-24 10:12 - 00523776 _____ (Microsoft Corporation) C:\WINDOWS\system32\catsrvut.dll
2015-12-08 19:30 - 2015-11-24 09:58 - 00604672 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-12-08 19:30 - 2015-11-24 09:55 - 01393664 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2015-12-08 19:30 - 2015-11-24 09:54 - 02756096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2015-12-08 19:30 - 2015-11-24 09:52 - 01717248 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2015-12-08 19:30 - 2015-11-24 09:49 - 01648640 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll
2015-12-08 19:30 - 2015-11-24 09:14 - 00415744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\catsrvut.dll
2015-12-08 19:30 - 2015-11-24 09:03 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-12-08 19:30 - 2015-11-24 08:59 - 01467392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2015-12-08 19:30 - 2015-11-24 08:57 - 01328128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comsvcs.dll
2015-12-08 19:30 - 2015-11-24 08:35 - 22393856 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2015-12-08 19:30 - 2015-11-24 08:29 - 02352128 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2015-12-08 19:30 - 2015-11-24 08:23 - 13381120 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-12-08 19:30 - 2015-11-24 08:11 - 18678272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2015-12-08 19:30 - 2015-11-24 08:08 - 12125184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-12-08 19:30 - 2015-11-24 08:04 - 02155008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2015-12-08 17:01 - 2015-12-08 17:01 - 00231192 _____ C:\Users\Imre\Desktop\Antrag auf Zulassung zu einer Masterleistung.pdf
2015-12-03 14:01 - 2015-11-22 11:47 - 07476576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-12-03 14:01 - 2015-11-22 11:47 - 02653816 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2015-12-03 14:01 - 2015-11-22 11:41 - 01859448 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2015-12-03 14:01 - 2015-11-22 11:41 - 00026408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-12-03 14:01 - 2015-11-22 11:35 - 00538632 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWanAPI.dll
2015-12-03 14:01 - 2015-11-22 11:34 - 00080600 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwapi.dll
2015-12-03 14:01 - 2015-11-22 11:33 - 00095072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdstor.sys
2015-12-03 14:01 - 2015-11-22 11:33 - 00058408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.dll
2015-12-03 14:01 - 2015-11-22 11:33 - 00051680 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsUtilsV2.dll
2015-12-03 14:01 - 2015-11-22 11:30 - 00604928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-12-03 14:01 - 2015-11-22 11:30 - 00161632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2015-12-03 14:01 - 2015-11-22 11:26 - 00431232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWanAPI.dll
2015-12-03 14:01 - 2015-11-22 11:25 - 00063528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wwapi.dll
2015-12-03 14:01 - 2015-11-22 11:24 - 02772584 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2015-12-03 14:01 - 2015-11-22 11:20 - 00795840 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-12-03 14:01 - 2015-11-22 11:19 - 00440160 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2015-12-03 14:01 - 2015-11-22 11:14 - 02185840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2015-12-03 14:01 - 2015-11-22 10:55 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManagerProxy.dll
2015-12-03 14:01 - 2015-11-22 10:54 - 00138240 _____ (Microsoft Corporation) C:\WINDOWS\system32\ETWCoreUIComponentsResources.dll
2015-12-03 14:01 - 2015-11-22 10:49 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2015-12-03 14:01 - 2015-11-22 10:45 - 00638464 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2015-12-03 14:01 - 2015-11-22 10:43 - 00342016 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2015-12-03 14:01 - 2015-11-22 10:42 - 00589312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApi.dll
2015-12-03 14:01 - 2015-11-22 10:42 - 00138240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ETWCoreUIComponentsResources.dll
2015-12-03 14:01 - 2015-11-22 10:41 - 00948224 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManager.dll
2015-12-03 14:01 - 2015-11-22 10:39 - 02126848 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-12-03 14:01 - 2015-11-22 10:39 - 00938496 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2015-12-03 14:01 - 2015-11-22 10:39 - 00870400 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2015-12-03 14:01 - 2015-11-22 10:39 - 00783360 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-12-03 14:01 - 2015-11-22 10:38 - 01223168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2015-12-03 14:01 - 2015-11-22 10:38 - 01212928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2015-12-03 14:01 - 2015-11-22 10:38 - 00912384 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll
2015-12-03 14:01 - 2015-11-22 10:38 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll
2015-12-03 14:01 - 2015-11-22 10:38 - 00060928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssign32.dll
2015-12-03 14:01 - 2015-11-22 10:37 - 02624512 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2015-12-03 14:01 - 2015-11-22 10:37 - 01395200 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2015-12-03 14:01 - 2015-11-22 10:37 - 00515584 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2015-12-03 14:01 - 2015-11-22 10:36 - 01042432 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingOnlineServices.dll
2015-12-03 14:01 - 2015-11-22 10:34 - 02843136 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2015-12-03 14:01 - 2015-11-22 10:34 - 00345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2015-12-03 14:01 - 2015-11-22 10:32 - 00340480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToDevice.dll
2015-12-03 14:01 - 2015-11-22 10:31 - 00470528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApi.dll
2015-12-03 14:01 - 2015-11-22 10:31 - 00416768 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2015-12-03 14:01 - 2015-11-22 10:28 - 01734656 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-12-03 14:01 - 2015-11-22 10:28 - 01387008 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-12-03 14:01 - 2015-11-22 10:28 - 00948224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
2015-12-03 14:01 - 2015-11-22 10:28 - 00870400 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2015-12-03 14:01 - 2015-11-22 10:28 - 00686592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-12-03 14:01 - 2015-11-22 10:27 - 03993600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2015-12-03 14:01 - 2015-11-22 10:27 - 02049024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-12-03 14:01 - 2015-11-22 10:27 - 01944576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2015-12-03 14:01 - 2015-11-22 10:27 - 00241664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll
2015-12-03 14:01 - 2015-11-22 10:26 - 03355136 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2015-12-03 14:01 - 2015-11-22 10:26 - 01139200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2015-12-03 14:01 - 2015-11-22 10:26 - 00709120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingOnlineServices.dll
2015-12-03 14:01 - 2015-11-22 10:26 - 00421888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2015-12-03 14:01 - 2015-11-22 10:25 - 02280448 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-12-03 14:01 - 2015-11-22 10:24 - 02647552 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-12-03 14:01 - 2015-11-22 10:24 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2015-12-03 14:01 - 2015-11-22 10:20 - 01860096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2015-12-03 14:01 - 2015-11-22 10:18 - 01505280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-12-03 14:01 - 2015-11-22 10:18 - 00697856 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToManager.dll
2015-12-03 14:01 - 2015-11-22 10:18 - 00458752 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToDevice.dll
2015-12-03 14:01 - 2015-11-22 10:17 - 02680320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2015-12-03 14:01 - 2015-11-22 10:17 - 02121216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-12-03 14:01 - 2015-11-22 10:11 - 00517632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToManager.dll
2015-12-03 14:00 - 2015-11-22 11:00 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsCSP.dll
2015-12-03 14:00 - 2015-11-22 11:00 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosResource.dll
2015-12-03 14:00 - 2015-11-22 10:57 - 00110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft-Windows-MapControls.dll
2015-12-03 14:00 - 2015-11-22 10:57 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCoreRes.dll
2015-12-03 14:00 - 2015-11-22 10:57 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft-Windows-MosTrace.dll
2015-12-03 14:00 - 2015-11-22 10:57 - 00009728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft-Windows-MosHost.dll
2015-12-03 14:00 - 2015-11-22 10:56 - 01268736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2015-12-03 14:00 - 2015-11-22 10:56 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosHostClient.dll
2015-12-03 14:00 - 2015-11-22 10:56 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ihvrilproxy.dll
2015-12-03 14:00 - 2015-11-22 10:56 - 00055808 _____ (Microsoft Corporation) C:\WINDOWS\system32\rilproxy.dll
2015-12-03 14:00 - 2015-11-22 10:55 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvcProxy.dll
2015-12-03 14:00 - 2015-11-22 10:54 - 00117248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\capimg.sys
2015-12-03 14:00 - 2015-11-22 10:54 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.V2.dll
2015-12-03 14:00 - 2015-11-22 10:54 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanprotdim.dll
2015-12-03 14:00 - 2015-11-22 10:54 - 00044032 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsplib.dll
2015-12-03 14:00 - 2015-11-22 10:54 - 00032256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2015-12-03 14:00 - 2015-11-22 10:54 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\WordBreakers.dll
2015-12-03 14:00 - 2015-11-22 10:54 - 00028160 _____ (Microsoft Corporation) C:\WINDOWS\system32\nativemap.dll
2015-12-03 14:00 - 2015-11-22 10:54 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlStringsRes.dll
2015-12-03 14:00 - 2015-11-22 10:52 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininetlui.dll
2015-12-03 14:00 - 2015-11-22 10:52 - 00060928 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthTokenBrokerExt.dll
2015-12-03 14:00 - 2015-11-22 10:52 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2015-12-03 14:00 - 2015-11-22 10:52 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapsupdatetask.dll
2015-12-03 14:00 - 2015-11-22 10:51 - 00157184 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcertinst.exe
2015-12-03 14:00 - 2015-11-22 10:51 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2015-12-03 14:00 - 2015-11-22 10:51 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll
2015-12-03 14:00 - 2015-11-22 10:51 - 00042496 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapstoasttask.dll
2015-12-03 14:00 - 2015-11-22 10:51 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2015-12-03 14:00 - 2015-11-22 10:50 - 00074240 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssign32.dll
2015-12-03 14:00 - 2015-11-22 10:49 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2015-12-03 14:00 - 2015-11-22 10:49 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wwanpref.dll
2015-12-03 14:00 - 2015-11-22 10:48 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosResource.dll
2015-12-03 14:00 - 2015-11-22 10:46 - 00248832 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserMgrProxy.dll
2015-12-03 14:00 - 2015-11-22 10:45 - 06572032 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanmm.dll
2015-12-03 14:00 - 2015-11-22 10:45 - 00264192 _____ (Nokia) C:\WINDOWS\system32\NmaDirect.dll
2015-12-03 14:00 - 2015-11-22 10:45 - 00220672 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-12-03 14:00 - 2015-11-22 10:45 - 00110592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft-Windows-MapControls.dll
2015-12-03 14:00 - 2015-11-22 10:45 - 00073728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwancfg.dll
2015-12-03 14:00 - 2015-11-22 10:45 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCoreRes.dll
2015-12-03 14:00 - 2015-11-22 10:45 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft-Windows-MosTrace.dll
2015-12-03 14:00 - 2015-11-22 10:45 - 00009728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft-Windows-MosHost.dll
2015-12-03 14:00 - 2015-11-22 10:44 - 01268736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2015-12-03 14:00 - 2015-11-22 10:44 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosHostClient.dll
2015-12-03 14:00 - 2015-11-22 10:43 - 00704000 _____ (Microsoft Corporation) C:\WINDOWS\system32\CellularAPI.dll
2015-12-03 14:00 - 2015-11-22 10:43 - 00382464 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-12-03 14:00 - 2015-11-22 10:43 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XblAuthManagerProxy.dll
2015-12-03 14:00 - 2015-11-22 10:42 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmmigrator.dll
2015-12-03 14:00 - 2015-11-22 10:42 - 00024064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WordBreakers.dll
2015-12-03 14:00 - 2015-11-22 10:42 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlStringsRes.dll
2015-12-03 14:00 - 2015-11-22 10:41 - 01814528 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnidui.dll
2015-12-03 14:00 - 2015-11-22 10:40 - 01056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2015-12-03 14:00 - 2015-11-22 10:40 - 00465920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanconn.dll
2015-12-03 14:00 - 2015-11-22 10:40 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininetlui.dll
2015-12-03 14:00 - 2015-11-22 10:40 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XblAuthTokenBrokerExt.dll
2015-12-03 14:00 - 2015-11-22 10:39 - 01713664 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2015-12-03 14:00 - 2015-11-22 10:39 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2015-12-03 14:00 - 2015-11-22 10:39 - 00957440 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2015-12-03 14:00 - 2015-11-22 10:39 - 00114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinelsa.dll
2015-12-03 14:00 - 2015-11-22 10:39 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll
2015-12-03 14:00 - 2015-11-22 10:39 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosStorage.dll
2015-12-03 14:00 - 2015-11-22 10:39 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2015-12-03 14:00 - 2015-11-22 10:34 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2015-12-03 14:00 - 2015-11-22 10:34 - 00166912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserMgrProxy.dll
2015-12-03 14:00 - 2015-11-22 10:34 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
2015-12-03 14:00 - 2015-11-22 10:34 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditBufferTestHook.dll
2015-12-03 14:00 - 2015-11-22 10:33 - 00205824 _____ (Nokia) C:\WINDOWS\SysWOW64\NmaDirect.dll
2015-12-03 14:00 - 2015-11-22 10:32 - 00334848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-12-03 14:00 - 2015-11-22 10:31 - 07199232 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2015-12-03 14:00 - 2015-11-22 10:29 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2015-12-03 14:00 - 2015-11-22 10:28 - 01443328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRHInproc.dll
2015-12-03 14:00 - 2015-11-22 10:28 - 00793600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2015-12-03 14:00 - 2015-11-22 10:28 - 00784896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
2015-12-03 14:00 - 2015-11-22 10:28 - 00100864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinelsa.dll
2015-12-03 14:00 - 2015-11-22 10:27 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2015-12-03 14:00 - 2015-11-22 10:27 - 00160768 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
2015-12-03 14:00 - 2015-11-22 10:25 - 00133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2015-12-03 14:00 - 2015-11-22 10:24 - 00083456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputLocaleManager.dll
2015-12-03 14:00 - 2015-11-22 10:24 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EditBufferTestHook.dll
2015-12-03 14:00 - 2015-11-22 10:23 - 05202944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2015-12-03 13:12 - 2015-12-30 14:48 - 00000000 ___DC C:\WINDOWS\Panther
2015-12-03 13:08 - 2015-12-03 13:08 - 00000000 ____D C:\Windows.old
2015-12-03 13:07 - 2015-12-03 13:07 - 22572632 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2015-12-03 13:07 - 2015-12-03 13:07 - 21125408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2015-12-03 13:07 - 2015-12-03 13:07 - 11545088 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2015-12-03 13:07 - 2015-12-03 13:07 - 09918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2015-12-03 13:07 - 2015-12-03 13:07 - 02444288 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2015-12-03 13:07 - 2015-12-03 13:07 - 02001408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2015-12-03 13:07 - 2015-12-03 13:07 - 01063424 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-12-03 13:07 - 2015-12-03 13:07 - 00969728 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2015-12-03 13:07 - 2015-12-03 13:07 - 00911648 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcomp.dll
2015-12-03 13:07 - 2015-12-03 13:07 - 00809312 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2015-12-03 13:07 - 2015-12-03 13:07 - 00803840 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-12-03 13:07 - 2015-12-03 13:07 - 00791552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2015-12-03 13:07 - 2015-12-03 13:07 - 00704352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2015-12-03 13:07 - 2015-12-03 13:07 - 00698208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimgapi.dll
2015-12-03 13:07 - 2015-12-03 13:07 - 00675064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dcomp.dll
2015-12-03 13:07 - 2015-12-03 13:07 - 00674816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2015-12-03 13:07 - 2015-12-03 13:07 - 00647168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-12-03 13:07 - 2015-12-03 13:07 - 00630632 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2015-12-03 13:07 - 2015-12-03 13:07 - 00623616 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll
2015-12-03 13:07 - 2015-12-03 13:07 - 00586208 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2015-12-03 13:07 - 2015-12-03 13:07 - 00586080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wimgapi.dll
2015-12-03 13:07 - 2015-12-03 13:07 - 00578912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2015-12-03 13:07 - 2015-12-03 13:07 - 00540752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2015-12-03 13:07 - 2015-12-03 13:07 - 00536768 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2015-12-03 13:07 - 2015-12-03 13:07 - 00523616 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimserv.exe
2015-12-03 13:07 - 2015-12-03 13:07 - 00517632 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2015-12-03 13:07 - 2015-12-03 13:07 - 00516544 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2015-12-03 13:07 - 2015-12-03 13:07 - 00511320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf.dll
2015-12-03 13:07 - 2015-12-03 13:07 - 00490496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2015-12-03 13:07 - 2015-12-03 13:07 - 00454056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2015-12-03 13:07 - 2015-12-03 13:07 - 00450560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll
2015-12-03 13:07 - 2015-12-03 13:07 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2015-12-03 13:07 - 2015-12-03 13:07 - 00408128 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2015-12-03 13:07 - 2015-12-03 13:07 - 00405048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2015-12-03 13:07 - 2015-12-03 13:07 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2015-12-03 13:07 - 2015-12-03 13:07 - 00369912 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2015-12-03 13:07 - 2015-12-03 13:07 - 00366224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2015-12-03 13:07 - 2015-12-03 13:07 - 00365568 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2015-12-03 13:07 - 2015-12-03 13:07 - 00334736 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2015-12-03 13:07 - 2015-12-03 13:07 - 00334336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe
2015-12-03 13:07 - 2015-12-03 13:07 - 00315904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Bluetooth.dll
2015-12-03 13:07 - 2015-12-03 13:07 - 00303104 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2015-12-03 13:07 - 2015-12-03 13:07 - 00296488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2015-12-03 13:07 - 2015-12-03 13:07 - 00286720 _____ (Microsoft Corporation) C:\WINDOWS\system32\deviceaccess.dll
2015-12-03 13:07 - 2015-12-03 13:07 - 00275456 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2015-12-03 13:07 - 2015-12-03 13:07 - 00227840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\deviceaccess.dll
2015-12-03 13:07 - 2015-12-03 13:07 - 00204800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft-Windows-AppModelExecEvents.dll
2015-12-03 13:07 - 2015-12-03 13:07 - 00163328 _____ (Microsoft Corporation) C:\WINDOWS\system32\provops.dll
2015-12-03 13:07 - 2015-12-03 13:07 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringservice.dll
2015-12-03 13:07 - 2015-12-03 13:07 - 00122368 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCsp.dll
2015-12-03 13:07 - 2015-12-03 13:07 - 00118624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2015-12-03 13:07 - 2015-12-03 13:07 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2015-12-03 13:07 - 2015-12-03 13:07 - 00110032 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll
2015-12-03 13:07 - 2015-12-03 13:07 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2015-12-03 13:07 - 2015-12-03 13:07 - 00092352 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-12-03 13:07 - 2015-12-03 13:07 - 00089600 _____ (Microsoft Corporation) C:\WINDOWS\system32\NFCProvisioningPlugin.dll
2015-12-03 13:07 - 2015-12-03 13:07 - 00088392 _____ (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll
2015-12-03 13:07 - 2015-12-03 13:07 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzautoupdate.dll
2015-12-03 13:07 - 2015-12-03 13:07 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2015-12-03 13:07 - 2015-12-03 13:07 - 00078336 _____ (Microsoft Corporation) C:\WINDOWS\system32\BarcodeProvisioningPlugin.dll
2015-12-03 13:07 - 2015-12-03 13:07 - 00073360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\remoteaudioendpoint.dll
2015-12-03 13:07 - 2015-12-03 13:07 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppCapture.dll
2015-12-03 13:07 - 2015-12-03 13:07 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringclient.dll
2015-12-03 13:07 - 2015-12-03 13:07 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemovableMediaProvisioningPlugin.dll
2015-12-03 13:07 - 2015-12-03 13:07 - 00045568 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2015-12-03 13:07 - 2015-12-03 13:07 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.proxy.dll
2015-12-03 13:07 - 2015-12-03 13:07 - 00037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2015-12-03 13:07 - 2015-12-03 13:07 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2015-12-03 13:07 - 2015-12-03 13:07 - 00035680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wimmount.sys
2015-12-03 13:07 - 2015-12-03 13:07 - 00035656 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfpmp.exe
2015-12-03 13:07 - 2015-12-03 13:07 - 00032040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfpmp.exe
2015-12-03 13:07 - 2015-12-03 13:07 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringconfigsp.dll
2015-12-03 13:07 - 2015-12-03 13:07 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
2015-12-03 13:07 - 2015-12-03 13:07 - 00028160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.Provisioning.ProxyStub.dll
2015-12-03 13:07 - 2015-12-03 13:07 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.proxy.dll
2015-12-03 13:07 - 2015-12-03 13:07 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\IcsEntitlementHost.exe
2015-12-03 13:07 - 2015-12-03 13:07 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\dciman32.dll
2015-12-03 13:07 - 2015-12-03 13:07 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dciman32.dll
2015-12-03 13:07 - 2015-12-03 13:07 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\lpk.dll
2015-12-03 13:07 - 2015-12-03 13:07 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpk.dll
2015-12-03 13:04 - 2015-12-31 19:31 - 00775644 _____ C:\WINDOWS\system32\perfh007.dat
2015-12-03 13:04 - 2015-12-31 19:31 - 00155748 _____ C:\WINDOWS\system32\perfc007.dat
2015-12-03 13:04 - 2015-12-03 13:03 - 00305634 _____ C:\WINDOWS\system32\perfi007.dat
2015-12-03 13:04 - 2015-12-03 13:03 - 00040390 _____ C:\WINDOWS\system32\perfd007.dat
2015-12-03 13:04 - 2015-10-30 04:43 - 12039680 _____ (Microsoft Corporation) C:\WINDOWS\system32\NlsLexicons0007.dll
2015-12-03 13:04 - 2015-10-30 04:43 - 11602944 _____ (Microsoft Corporation) C:\WINDOWS\system32\prm0007.dll
2015-12-03 13:04 - 2015-10-30 04:41 - 12039680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NlsLexicons0007.dll
2015-12-03 13:04 - 2015-10-30 04:28 - 02088960 _____ (Microsoft Corporation) C:\WINDOWS\system32\NlsData0007.dll
2015-12-03 13:04 - 2015-10-30 04:26 - 01996800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NlsData0007.dll
2015-12-03 13:03 - 2015-12-03 13:03 - 00000000 ____D C:\WINDOWS\SysWOW64\XPSViewer
2015-12-03 13:03 - 2015-12-03 13:03 - 00000000 ____D C:\WINDOWS\SysWOW64\de
2015-12-03 13:03 - 2015-12-03 13:03 - 00000000 ____D C:\WINDOWS\system32\de
2015-12-03 12:54 - 2015-12-03 12:54 - 00008192 _____ C:\WINDOWS\system32\config\userdiff
2015-12-03 12:51 - 2015-12-03 12:51 - 00000000 ____D C:\Program Files\Reference Assemblies
2015-12-03 12:51 - 2015-12-03 12:51 - 00000000 ____D C:\Program Files\MSBuild
2015-12-03 12:51 - 2015-12-03 12:51 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2015-12-03 12:51 - 2015-12-03 12:51 - 00000000 ____D C:\Program Files (x86)\MSBuild
2015-12-03 12:50 - 2015-10-24 02:47 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2015-12-03 12:50 - 2015-10-24 02:47 - 00103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-12-03 12:50 - 2015-10-24 02:47 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2015-12-03 12:50 - 2015-10-24 02:46 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2015-12-03 12:50 - 2015-10-24 02:46 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2015-12-03 12:50 - 2015-10-24 02:45 - 00124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2015-12-03 12:36 - 2015-12-03 12:36 - 00000000 ____H C:\$WINRE_BACKUP_PARTITION.MARKER
2015-12-03 11:03 - 2015-12-03 11:03 - 00313120 _____ C:\Users\Imre\Desktop\Masterarbeit.pdf
2015-12-03 04:55 - 2015-12-03 04:55 - 00000000 ____D C:\Users\Imre\AppData\Local\ActiveSync
2015-12-03 04:52 - 2015-12-03 04:52 - 00000020 ___SH C:\Users\Imre\ntuser.ini
2015-12-03 04:51 - 2015-12-03 04:51 - 00000000 _SHDL C:\Users\Default\My Documents
2015-12-03 04:51 - 2015-12-03 04:51 - 00000000 _SHDL C:\Users\Default\Documents\My Videos
2015-12-03 04:51 - 2015-12-03 04:51 - 00000000 _SHDL C:\Users\Default\Documents\My Pictures
2015-12-03 04:51 - 2015-12-03 04:51 - 00000000 _SHDL C:\Users\Default\Documents\My Music
2015-12-03 04:51 - 2015-12-03 04:51 - 00000000 _SHDL C:\Users\Default User\Documents\My Videos
2015-12-03 04:51 - 2015-12-03 04:51 - 00000000 _SHDL C:\Users\Default User\Documents\My Pictures
2015-12-03 04:51 - 2015-12-03 04:51 - 00000000 _SHDL C:\Users\Default User\Documents\My Music
2015-12-03 04:44 - 2015-12-31 19:04 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-12-03 04:39 - 2015-12-03 04:39 - 00000020 ___SH C:\Users\UpdatusUser\ntuser.ini
2015-12-03 04:33 - 2015-12-30 20:47 - 00001540 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-12-03 04:33 - 2015-12-03 04:33 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2015-12-03 04:33 - 2015-12-03 04:33 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
2015-12-03 04:29 - 2015-12-03 04:34 - 00000000 ____D C:\WINDOWS\system32\config\bbimigrate
2015-12-03 04:26 - 2015-12-31 18:11 - 00000000 ____D C:\Users\Imre
2015-12-03 04:26 - 2015-12-31 00:58 - 00000000 ____D C:\Users\UpdatusUser
2015-12-03 04:26 - 2015-12-03 04:26 - 00000000 _SHDL C:\Users\UpdatusUser\My Documents
2015-12-03 04:26 - 2015-12-03 04:26 - 00000000 _SHDL C:\Users\UpdatusUser\Documents\My Videos
2015-12-03 04:26 - 2015-12-03 04:26 - 00000000 _SHDL C:\Users\UpdatusUser\Documents\My Pictures
2015-12-03 04:26 - 2015-12-03 04:26 - 00000000 _SHDL C:\Users\UpdatusUser\Documents\My Music
2015-12-03 04:26 - 2015-12-03 04:26 - 00000000 _SHDL C:\Users\Imre\My Documents
2015-12-03 04:26 - 2015-12-03 04:26 - 00000000 _SHDL C:\Users\Imre\Documents\My Videos
2015-12-03 04:26 - 2015-12-03 04:26 - 00000000 _SHDL C:\Users\Imre\Documents\My Pictures
2015-12-03 04:26 - 2015-12-03 04:26 - 00000000 _SHDL C:\Users\Imre\Documents\My Music
2015-12-03 04:22 - 2015-12-03 04:38 - 00000000 ____D C:\ProgramData\NVIDIA
2015-12-03 04:22 - 2015-07-23 02:10 - 06873928 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2015-12-03 04:22 - 2015-07-23 02:10 - 03493008 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2015-12-03 04:22 - 2015-07-23 02:10 - 02558608 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2015-12-03 04:22 - 2015-07-23 02:10 - 01059984 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2015-12-03 04:22 - 2015-07-23 02:10 - 00937800 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
2015-12-03 04:22 - 2015-07-23 02:10 - 00579912 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\oemdspif.dll
2015-12-03 04:22 - 2015-07-23 02:10 - 00385168 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2015-12-03 04:22 - 2015-07-23 02:10 - 00074896 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2015-12-03 04:22 - 2015-07-23 02:10 - 00062608 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2015-12-03 04:22 - 2015-07-22 05:29 - 05121613 _____ C:\WINDOWS\system32\nvcoproc.bin
2015-12-03 04:21 - 2015-12-31 19:04 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2015-12-03 04:21 - 2015-12-03 04:29 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2015-12-03 04:21 - 2015-12-03 04:21 - 00000200 _____ C:\WINDOWS\system32\{EC94D02F-D200-4428-9531-05AF7F9799CB}.bat
2015-12-03 04:21 - 2015-12-03 04:21 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_SynTP_01011.Wdf
2015-12-03 04:21 - 2015-12-03 04:21 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2015-12-03 04:21 - 2015-07-17 22:58 - 00082432 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.DLL
2015-12-03 04:20 - 2015-12-03 04:29 - 00000000 ____D C:\Program Files\Intel
2015-12-03 04:20 - 2015-12-03 04:20 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2015-12-03 04:20 - 2015-12-03 04:20 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_Smb_driver_Intel_01011.Wdf
2015-12-03 04:19 - 2015-12-03 04:19 - 00000000 ____D C:\Program Files\Synaptics
2015-12-03 04:18 - 2015-10-30 08:17 - 02718208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2015-12-03 04:14 - 2015-12-30 14:51 - 04957184 _____ C:\WINDOWS\system32\FNTCACHE.DAT

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-01 14:30 - 2015-10-30 07:28 - 00000000 ____D C:\Windows
2016-01-01 14:29 - 2015-08-16 00:33 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-01-01 14:20 - 2015-07-24 09:32 - 00000000 ____D C:\Users\Imre\AppData\Local\ClassicShell
2016-01-01 14:11 - 2015-10-06 21:28 - 00000000 ____D C:\Users\Imre\Desktop\Tusculum
2016-01-01 13:21 - 2015-07-24 01:29 - 00004152 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{8F7F6C12-9793-4221-8796-83E53881D2F5}
2015-12-31 21:25 - 2015-08-07 20:25 - 00000390 _____ C:\WINDOWS\Tasks\DataFront.job
2015-12-31 19:31 - 2015-10-30 08:21 - 00000000 ____D C:\WINDOWS\INF
2015-12-31 19:31 - 2015-08-16 21:52 - 01802588 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-12-31 19:04 - 2015-07-24 01:12 - 00000000 __SHD C:\Users\Imre\IntelGraphicsProfiles
2015-12-31 19:03 - 2015-10-30 07:28 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2015-12-31 18:54 - 2015-08-09 14:31 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-12-31 18:24 - 2015-10-30 08:24 - 00000000 ___HD C:\Program Files\WindowsApps
2015-12-31 18:24 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-12-30 21:43 - 2015-11-15 23:21 - 00000000 ____D C:\Users\Imre\Desktop\Takimo.-.21.-.Xyphon
2015-12-30 21:20 - 2015-07-23 15:15 - 00000000 ___RD C:\Users\Imre\Desktop\Fachliteratur
2015-12-30 20:55 - 2015-07-24 16:21 - 00000000 ____D C:\Users\Imre\AppData\Roaming\vlc
2015-12-30 20:47 - 2015-11-23 21:25 - 00001186 _____ C:\Users\Public\Desktop\Neuro-Programmer 3.lnk
2015-12-30 20:47 - 2015-11-15 16:04 - 00001152 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS6 (64 Bit).lnk
2015-12-30 20:47 - 2015-11-15 16:03 - 00001264 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS6.lnk
2015-12-30 20:47 - 2015-11-15 16:02 - 00001114 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS6 (64bit).lnk
2015-12-30 20:47 - 2015-11-15 16:01 - 00001226 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS6.lnk
2015-12-30 20:47 - 2015-11-15 15:59 - 00001580 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS6.lnk
2015-12-30 20:47 - 2015-11-15 15:59 - 00001410 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS6.lnk
2015-12-30 20:47 - 2015-11-15 15:56 - 00001393 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Application Manager.lnk
2015-12-30 20:47 - 2015-11-10 16:05 - 00002239 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Digital Editions 4.5.lnk
2015-12-30 20:47 - 2015-09-17 10:54 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat DC.lnk
2015-12-30 20:47 - 2015-09-17 10:54 - 00002102 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller DC.lnk
2015-12-30 20:47 - 2015-07-24 09:32 - 00002248 _____ C:\Users\Imre\AppData\Roaming\Microsoft\Windows\Start Menu\startscreen.lnk
2015-12-30 20:45 - 2015-10-30 08:24 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2015-12-30 18:41 - 2015-08-09 14:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-12-30 18:41 - 2015-08-09 14:31 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-12-30 14:49 - 2015-11-27 17:24 - 00000000 ____D C:\Users\Imre\AppData\Roaming\BitTorrent
2015-12-30 14:46 - 2015-08-16 00:10 - 00000000 ____D C:\Users\Imre\.mediathek3
2015-12-30 14:38 - 2015-07-24 01:02 - 00000000 ____D C:\Users\Imre\AppData\Local\Packages
2015-12-30 14:37 - 2015-07-24 15:37 - 00001034 _____ C:\Users\UpdatusUser\Desktop\Digitale Bibliothek 5.lnk
2015-12-30 14:29 - 2015-07-24 01:05 - 00000000 __RHD C:\Users\Public\AccountPictures
2015-12-30 14:01 - 2015-10-30 08:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-12-29 14:13 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2015-12-27 22:10 - 2015-10-30 08:26 - 00826872 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-12-27 22:10 - 2015-10-30 08:26 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-12-23 16:03 - 2015-07-23 12:39 - 00000000 ___RD C:\Users\Imre\Desktop\Dokumente
2015-12-22 03:30 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-12-22 03:30 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\Provisioning
2015-12-22 03:30 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\bcastdvr
2015-12-21 23:15 - 2015-11-15 00:09 - 00000000 ____D C:\Users\Imre\Desktop\Husserls Einstellungsbegriff
2015-12-21 16:25 - 2015-07-23 15:04 - 00000000 ___RD C:\Users\Imre\Desktop\Uni Köln
2015-12-15 23:04 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-12-15 22:54 - 2015-09-12 14:52 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-12-15 08:23 - 2015-08-16 22:13 - 00000000 ___RD C:\Users\Imre\3D Objects
2015-12-14 08:28 - 2015-08-16 22:02 - 00000000 ___RD C:\Users\Imre\OneDrive
2015-12-12 13:38 - 2015-07-23 15:46 - 00000000 ___RD C:\Users\Imre\Desktop\De Gruyter Studienbuch
2015-12-12 13:13 - 2015-10-30 10:03 - 00000000 ____D C:\WINDOWS\OCR
2015-12-12 01:04 - 2015-11-27 19:20 - 00000000 ____D C:\Users\Imre\Desktop\epub
2015-12-11 22:32 - 2015-10-07 21:36 - 00000000 ____D C:\Users\Imre\Desktop\Zeitschrift für philosophische Forschung
2015-12-11 14:37 - 2015-11-30 17:36 - 00000000 ____D C:\Users\Imre\Desktop\Phänomenologische Forschungen
2015-12-11 00:35 - 2015-07-24 16:54 - 00000000 ____D C:\Users\Imre\.Zettelkasten
2015-12-10 23:05 - 2015-10-16 23:35 - 00000000 ____D C:\Users\Imre\Desktop\Klassiker auslegen
2015-12-09 20:29 - 2015-08-16 00:33 - 00003870 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-12-09 04:39 - 2015-07-24 01:44 - 00301728 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2015-12-08 21:29 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\oobe
2015-12-08 20:20 - 2015-07-24 14:24 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-12-08 20:20 - 2015-07-24 01:11 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-12-08 20:19 - 2013-08-22 14:25 - 00000167 _____ C:\WINDOWS\win.ini
2015-12-08 20:15 - 2015-07-24 01:23 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-12-08 20:14 - 2015-07-24 01:23 - 140158008 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-12-08 19:45 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\rescache
2015-12-04 15:36 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2015-12-04 08:20 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\appcompat
2015-12-03 13:59 - 2015-08-16 00:11 - 00000000 ____D C:\Users\Imre\MediathekView
2015-12-03 13:30 - 2015-08-16 22:02 - 00000000 ____D C:\Users\Imre\AppData\Local\Comms
2015-12-03 13:12 - 2015-10-30 08:24 - 00028672 _____ C:\WINDOWS\system32\config\BCD-Template
2015-12-03 13:07 - 2015-10-30 07:28 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
2015-12-03 13:07 - 2015-10-30 07:28 - 00000000 ____D C:\WINDOWS\system32\Dism
2015-12-03 13:03 - 2015-10-30 10:07 - 00000000 ____D C:\Program Files\Windows Journal
2015-12-03 13:03 - 2015-10-30 10:02 - 00000000 ____D C:\WINDOWS\SysWOW64\winrm
2015-12-03 13:03 - 2015-10-30 10:02 - 00000000 ____D C:\WINDOWS\SysWOW64\WCN
2015-12-03 13:03 - 2015-10-30 10:02 - 00000000 ____D C:\WINDOWS\SysWOW64\slmgr
2015-12-03 13:03 - 2015-10-30 10:02 - 00000000 ____D C:\WINDOWS\SysWOW64\Printing_Admin_Scripts
2015-12-03 13:03 - 2015-10-30 10:02 - 00000000 ____D C:\WINDOWS\system32\winrm
2015-12-03 13:03 - 2015-10-30 10:02 - 00000000 ____D C:\WINDOWS\system32\WCN
2015-12-03 13:03 - 2015-10-30 10:02 - 00000000 ____D C:\WINDOWS\system32\slmgr
2015-12-03 13:03 - 2015-10-30 10:02 - 00000000 ____D C:\WINDOWS\system32\Printing_Admin_Scripts
2015-12-03 13:03 - 2015-10-30 08:24 - 00000000 ___SD C:\WINDOWS\SysWOW64\F12
2015-12-03 13:03 - 2015-10-30 08:24 - 00000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2015-12-03 13:03 - 2015-10-30 08:24 - 00000000 ___SD C:\WINDOWS\system32\F12
2015-12-03 13:03 - 2015-10-30 08:24 - 00000000 ___SD C:\WINDOWS\system32\dsc
2015-12-03 13:03 - 2015-10-30 08:24 - 00000000 ___SD C:\WINDOWS\system32\DiagSvcs
2015-12-03 13:03 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\SysWOW64\oobe
2015-12-03 13:03 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\SysWOW64\MUI
2015-12-03 13:03 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\SysWOW64\Com
2015-12-03 13:03 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\MUI
2015-12-03 13:03 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\migwiz
2015-12-03 13:03 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\Com
2015-12-03 13:03 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\IME
2015-12-03 13:03 - 2015-10-30 08:24 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2015-12-03 13:03 - 2015-10-30 08:24 - 00000000 ____D C:\Program Files\Windows Defender
2015-12-03 13:03 - 2015-10-30 08:24 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2015-12-03 13:03 - 2015-10-30 08:24 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2015-12-03 13:03 - 2015-10-30 07:28 - 00000000 ____D C:\WINDOWS\servicing
2015-12-03 05:11 - 2015-10-30 08:24 - 00000000 ___RD C:\WINDOWS\DevicesFlow
2015-12-03 04:53 - 2015-10-30 08:24 - 00000000 ___RD C:\WINDOWS\PrintDialog
2015-12-03 04:53 - 2015-10-30 08:24 - 00000000 ___RD C:\WINDOWS\MiracastView
2015-12-03 04:51 - 2015-10-30 07:28 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2015-12-03 04:50 - 2015-08-16 20:43 - 00026673 _____ C:\WINDOWS\diagwrn.xml
2015-12-03 04:50 - 2015-08-16 20:43 - 00026673 _____ C:\WINDOWS\diagerr.xml
2015-12-03 04:47 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase
2015-12-03 04:47 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\Registration
2015-12-03 04:45 - 2015-09-13 18:08 - 00002954 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2015-12-03 04:45 - 2015-08-16 21:59 - 00022840 _____ C:\WINDOWS\system32\emptyregdb.dat
2015-12-03 04:45 - 2015-08-07 20:25 - 00003026 _____ C:\WINDOWS\System32\Tasks\DataFront
2015-12-03 04:45 - 2015-07-24 01:09 - 00002934 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-253609680-664229831-636946120-1001
2015-12-03 04:41 - 2015-10-30 08:24 - 00000000 __RHD C:\Users\Public\Libraries
2015-12-03 04:39 - 2015-07-24 16:18 - 01827030 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI
2015-12-03 04:34 - 2015-11-27 19:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre 64bit - E-book Management
2015-12-03 04:34 - 2015-11-23 21:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Neuro-Programmer 3
2015-12-03 04:34 - 2015-10-30 10:07 - 00000000 ____D C:\WINDOWS\ShellNew
2015-12-03 04:34 - 2015-10-30 08:24 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2015-12-03 04:34 - 2015-09-13 17:49 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2015-12-03 04:34 - 2015-08-16 23:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Classic Shell
2015-12-03 04:34 - 2015-07-24 16:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2015-12-03 04:34 - 2015-07-24 16:18 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2015-12-03 04:34 - 2015-07-24 16:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-12-03 04:34 - 2015-07-24 15:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Digitale Bibliothek 5
2015-12-03 04:34 - 2015-07-24 15:08 - 00000000 ____D C:\Program Files\Dolby Digital Plus
2015-12-03 04:34 - 2015-07-24 10:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco
2015-12-03 04:33 - 2015-07-10 10:05 - 00000000 ____D C:\Users\Default.migrated
2015-12-03 04:31 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\spool
2015-12-03 04:31 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\InputMethod
2015-12-03 04:31 - 2015-07-24 16:19 - 00000000 ____D C:\WINDOWS\SysWOW64\Atheros_L1e
2015-12-03 04:31 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\WindowsInternal.Inbox.Shared
2015-12-03 04:31 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\WindowsInternal.Inbox.Media.Shared
2015-12-03 04:30 - 2015-07-24 11:13 - 00000000 ____D C:\WINDOWS\system32\appmgmt
2015-12-03 04:29 - 2015-11-10 16:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
2015-12-03 04:29 - 2015-10-30 08:24 - 00000000 ___SD C:\WINDOWS\Downloaded Program Files
2015-12-03 04:29 - 2015-10-30 08:24 - 00000000 ___RD C:\WINDOWS\PurchaseDialog
2015-12-03 04:29 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2015-12-03 04:29 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\InputMethod
2015-12-03 04:29 - 2015-10-30 08:24 - 00000000 ____D C:\ProgramData\USOPrivate
2015-12-03 04:29 - 2015-10-30 08:24 - 00000000 ____D C:\Program Files\Common Files\System
2015-12-03 04:29 - 2015-10-30 08:24 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2015-12-03 04:29 - 2015-09-14 19:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Propellerhead
2015-12-03 04:29 - 2015-09-09 09:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rosetta Stone
2015-12-03 04:29 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\ADFS
2015-12-03 04:25 - 2015-10-30 07:28 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2015-12-03 04:22 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\Help
2015-12-03 04:14 - 2015-10-30 10:14 - 00000000 ____D C:\WINDOWS\ServiceProfiles
2015-12-03 03:34 - 2015-07-24 10:52 - 00008192 __RSH C:\BOOTSECT.BAK
2015-12-03 03:30 - 2015-10-30 10:42 - 00000000 ___HD C:\$WINDOWS.~BT

==================== Files in the root of some directories =======

2015-07-24 15:08 - 2015-07-24 15:08 - 0000000 _____ () C:\ProgramData\DP45977C.lfl

Some files in TEMP:
====================
C:\Users\Imre\AppData\Local\Temp\DDLHZGAE.exe
C:\Users\Imre\AppData\Local\Temp\sqlite3.dll
C:\Users\Imre\AppData\Local\Temp\Uninstall.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-12-31 18:52

==================== End of FRST.txt ============================
         
--- --- ---

--- --- ---


[CODE]Additional
FRST Logfile:
Code:
ATTFilter
scan result of Farbar Recovery Scan Tool (x64) Version:31-12-2015
Ran by Imre (2016-01-01 14:32:08)
Running from C:\Users\Imre\Desktop
Windows 10 Pro (X64) (2015-12-03 03:52:15)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-253609680-664229831-636946120-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-253609680-664229831-636946120-503 - Limited - Disabled)
Guest (S-1-5-21-253609680-664229831-636946120-501 - Limited - Disabled)
Imre (S-1-5-21-253609680-664229831-636946120-1001 - Administrator - Enabled) => C:\Users\Imre
UpdatusUser (S-1-5-21-253609680-664229831-636946120-1002 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 15.06 beta (x64) (HKLM\...\7-Zip) (Version: 15.06 - Igor Pavlov)
Adobe Acrobat DC (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-0C0F074E4100}) (Version: 15.009.20079 - Adobe Systems Incorporated)
Adobe Digital Editions 4.5 (HKLM-x32\...\Adobe Digital Editions 4.5) (Version: 4.5.0 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.267 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 20.2.1245.53580 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 20.2.1245.53580 - Alcor Micro Corp.) Hidden
BitTorrent (HKU\S-1-5-21-253609680-664229831-636946120-1001\...\BitTorrent) (Version: 7.9.5.41373 - BitTorrent Inc.)
calibre 64bit (HKLM\...\{54EFBCD2-A4FB-4C37-A720-9A8195EFC7B4}) (Version: 2.45.0 - Kovid Goyal)
CCleaner (HKLM\...\CCleaner) (Version: 5.13 - Piriform)
Cisco AnyConnect Secure Mobility Client  (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.06073 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.06073 - Cisco Systems, Inc.) Hidden
Classic Shell (HKLM\...\{E289B7DD-6732-4333-A47A-75A145D23EE3}) (Version: 4.2.4 - IvoSoft)
Digitale Bibliothek 5 (HKLM-x32\...\Digitale Bibliothek 5) (Version:  - )
Dolby Digital Plus Advanced Audio (HKLM\...\{B0BFC63F-EA07-419E-960B-3FB2ED5DD0B2}) (Version: 7.3.2.2 - Dolby Laboratories Inc)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6490.0 - IDT)
Intel Collaborative Processor Performance Control (HKLM-x32\...\0E7DAF70-FB54-4B91-B192-7E771C25AEEB) (Version: 1.0.0.1013 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.14.4170 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.5.1000 - Intel Corporation)
Java 8 Update 66 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218066F0}) (Version: 8.0.660.18 - Oracle Corporation)
Lenovo Bluetooth with Enhanced Data Rate Software (HKLM\...\{C6D9ED03-6FCF-4410-9CB7-45CA285F9E11}) (Version: 12.0.0.7850 - Broadcom Corporation)
Lenovo EasyCamera (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.2.9200.10245 - Realtek Semiconductor Corp.)
Malwarebytes Anti-Malware Version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 41.0.2 (x86 de) (HKLM-x32\...\Mozilla Firefox 41.0.2 (x86 de)) (Version: 41.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 41.0.2.5765 - Mozilla)
Nero 11 v11.2.4.100 (x64) (HKLM\...\Nero 11 v11.2.4.100 (x64)11.2.4.100) (Version: 11.2.4.100 - Friends in War)
Neuro-Programmer 3.3.1 (HKLM-x32\...\Neuro-Programmer 3_is1) (Version:  - Transparent Corporation)
NVIDIA PhysX-Systemsoftware 9.13.0725 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0725 - NVIDIA Corporation)
NVIDIA Update 1.14.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.14.17 - NVIDIA Corporation)
Outils de vérification linguistique 2013 de Microsoft Office*- Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Qualcomm Atheros Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.21 - Qualcomm Atheros Inc.)
Reason 5.0 (HKLM-x32\...\Reason5_is1) (Version: 5.0 - Propellerhead Software AB)
Rosetta Stone Version 3 (HKLM-x32\...\{99011A6E-5200-11DE-BDB8-7ACD56D89593}) (Version: 3.4.5.0 - Rosetta Stone Ltd.)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version:  - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version:  - Microsoft) Hidden
SoulseekQt (HKLM-x32\...\SoulseekQt) (Version:  - )
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.9.5 - Synaptics Incorporated)
Update for Skype for Business 2015 (KB3039776) 64-Bit Edition (HKLM\...\{90150000-012B-0407-1000-0000000FF1CE}_Office15.PROPLUS_{5D2260D6-DB16-41DC-915B-A39BF4F66362}) (Version:  - Microsoft)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-253609680-664229831-636946120-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Imre\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileCoAuth.exe (Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {00DEA9D6-20C6-4A26-9F0A-999DBC169F51} - \SwiftSearch Auto Updater 1.10.0.25 Core -> No File <==== ATTENTION
Task: {0823CBBB-67BB-4826-9EAD-6075A009B4E9} - System32\Tasks\DataFront => c:\programdata\{17500a68-0a28-ed62-1750-00a680a229a0}\wcw vs. nwo - world tour.7z.exe <==== ATTENTION
Task: {08587A3B-B281-462F-8FBF-CC0BDF89BEDF} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {0CFE2E40-6A97-48C5-9F38-DE82315CF1B0} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
Task: {1064874A-9833-4123-B88A-35523B9C1165} - \SwiftSearch Auto Updater 1.10.0.25 Pending Update -> No File <==== ATTENTION
Task: {148DDEA2-8EDA-4C25-8538-8A054424C3C2} - System32\Tasks\Sunrise => C:\WINDOWS\TEMP\CUpdater\s37o..exe
Task: {1B3341E4-54FE-47F6-AFC1-6C219695C6ED} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {1D06BC2C-9B6F-425C-A0F5-E3159C4647DD} - System32\Tasks\Video Call2 => Rundll32.exe "C:\Users\Imre\AppData\Local\Video Call\{1DEB4D14-D28A-014F-C7DA-C125519B84F0}\bdyp.dll",#1 <==== ATTENTION
Task: {2EC557EF-EC10-47AC-BB23-4D6BAA8FD147} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {34629B12-29E5-486E-85B4-A7A4343F4201} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {5764B183-AA5D-4C32-B20A-B7FA940E6750} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {62141068-451E-450C-BD86-EB2954B73E1F} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {7056FB29-CF72-47EE-A11E-1B676D9F503E} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {7C631AD8-A9B4-4AF8-9B89-3796E25FC422} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {84D4F724-F90D-44B9-A286-078AFA2739D4} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {944EC87C-BFB0-4159-935C-0D7CD9320BD2} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-12-29] (Adobe Systems Incorporated)
Task: {97C703A7-4DBC-4E7F-AD7E-D2E1DE934C14} - \Run_Bobby_Browser -> No File <==== ATTENTION
Task: {999DB9B9-7B0F-44D6-BB79-5A5C4C93E0DE} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {9BF957EE-E5FF-4C8A-9F17-B4172B6B7270} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {9C0C1A11-F24A-4B95-8B34-AF4F2CA4048B} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {A18E9C7F-12E0-4EEF-8F9E-FB4546D865F5} - \crash_service -> No File <==== ATTENTION
Task: {A3880DBE-2741-4C96-A495-D0E52E503E5E} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {A6E5BA1A-A413-4E60-AAA5-66E0E654DD6B} - System32\Tasks\Video Call => Rundll32.exe "C:\Users\Imre\AppData\Local\Video Call\{1DEB4D14-D28A-014F-C7DA-C125519B84F0}\VideoCall.dll",#1 <==== ATTENTION
Task: {B1013309-EC6F-41C3-8E37-AB1F7BF47178} - \IBUpd2 -> No File <==== ATTENTION
Task: {D48CC34D-B817-4736-9220-8BA549AF25B7} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {DF12B579-D720-47EB-BB52-338774B3BA7E} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-12-08] (Microsoft Corporation)
Task: {E7CDD728-A539-4DD9-9207-7E514326E840} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {F1D4B828-0A02-4D6F-B391-8A75D263D78B} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-12-08] (Piriform Ltd)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\DataFront.job => c:\programdata\{17500a68-0a28-ed62-1750-00a680a229a0}\wcw vs. nwo - world tour.7z.exe <==== ATTENTION

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-10-30 08:18 - 2015-10-30 08:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2015-12-03 04:22 - 2015-07-23 02:10 - 00116552 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-12-03 14:01 - 2015-11-22 11:47 - 02653816 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-12-03 14:01 - 2015-11-22 11:47 - 02653816 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2015-12-17 15:22 - 2015-12-17 15:23 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2015-07-17 23:35 - 2015-07-17 23:35 - 00396688 _____ () C:\WINDOWS\system32\igfxTray.exe
2015-12-03 14:01 - 2015-11-22 11:47 - 02653816 _____ () C:\Windows\System32\CoreUIComponents.dll
2015-12-18 16:23 - 2015-12-07 05:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2015-12-18 16:23 - 2015-12-07 05:00 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-12-18 16:24 - 2015-12-07 04:37 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2015-12-18 16:24 - 2015-12-07 04:33 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-12-18 16:24 - 2015-12-07 04:34 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2015-12-18 16:24 - 2015-12-07 04:36 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-12-08 20:25 - 2015-12-08 20:25 - 00057344 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll
2015-12-10 15:51 - 2015-12-10 15:52 - 00012800 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.1208.10480.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2015-12-10 15:51 - 2015-12-10 15:52 - 11542016 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.1208.10480.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2015-11-20 13:28 - 2015-11-20 13:28 - 00258560 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.1208.10480.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll
2014-11-19 16:36 - 2014-11-19 16:36 - 00063376 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
2015-12-17 15:22 - 2015-12-17 15:23 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2015-12-17 15:22 - 2015-12-17 15:23 - 21845504 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2015-03-17 00:34 - 2015-03-17 00:34 - 00010240 _____ () C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\locale\de_de\acrotray.deu

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\WINDOWS\system32\Drivers\sdfhgdf.sys:{6289c87f-ae25-11e5-8292-20256487a424}
AlternateDataStreams: C:\WINDOWS\system32\Drivers\sdfhgdf.sys:{6289c880-ae25-11e5-8292-20256487a424}
AlternateDataStreams: C:\WINDOWS\system32\Drivers\sdfhgdf.sys:{6289ca6b-ae25-11e5-8292-20256487a424}
AlternateDataStreams: C:\WINDOWS\system32\Drivers\sdfhgdf.sys:{6289ca6c-ae25-11e5-8292-20256487a424}
AlternateDataStreams: C:\ProgramData\TEMP:157E1AD3

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-253609680-664229831-636946120-1001\...\uni-koeln.de -> hxxps://vpngate.uni-koeln.de

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2015-12-30 14:23 - 00001886 ____A C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 lm.licenses.adobe.com
127.0.0.1 lmlicenses.wip4.adobe.com
127.0.0.1 lm-prd-da1.licenses.adobe.com
127.0.0.1 activate.adobe.com
127.0.0.1 activate.wip4.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 practivate-da1.adobe.com
127.0.0.1 na1r.services.adobe.com
127.0.0.1 hlrcv.stage.adobe.com
127.0.0.1 uds.licenses.adobe.com
127.0.0.1 licenses.adobe.com
127.0.0.1 license.adobe.com
127.0.0.1 helpexamples.com
127.0.0.1 activate-sea.adobe.com  
127.0.0.1 activate-sjc0.adobe.com
127.0.0.1 ereg.adobe.com  
127.0.0.1 activate.wip3.adobe.com  
127.0.0.1 wip3.adobe.com  
127.0.0.1 ereg.wip3.adobe.com  
127.0.0.1 wwis-dubc1-vip60.adobe.com
127.0.0.1 bild.de
127.0.0.1 www.bild.de
127.0.0.1 www.express.de
127.0.0.1 express.de
127.0.0.1       down.baidu2016.com
127.0.0.1       123.sogou.com
127.0.0.1       www.czzsyzgm.com
127.0.0.1       www.czzsyzxl.com
127.0.0.1       down.baidu2016.com
127.0.0.1       123.sogou.com

There are 1 more lines.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-253609680-664229831-636946120-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Imre\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\windows 8.png
HKU\S-1-5-21-253609680-664229831-636946120-1002\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 134.95.127.1 - 134.95.9.74
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run: => "IAStorIcon"
HKLM\...\StartupApproved\Run: => "RtsFT"
HKU\S-1-5-21-253609680-664229831-636946120-1001\...\StartupApproved\StartupFolder: => "An OneNote senden.lnk"
HKU\S-1-5-21-253609680-664229831-636946120-1001\...\StartupApproved\Run: => "Lync"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{8D4E7D3F-05DD-4E72-82E2-9AB888D95DF7}] => (Allow) C:\Users\Imre\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{E8E684B2-3F54-4BFF-B7E3-5F68FB3A23DB}] => (Allow) C:\Users\Imre\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{FEFBD5C7-9158-49BA-B5C6-B96A547E668C}] => (Allow) C:\Users\Imre\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{09F494C0-0C80-4C54-91F3-CB9EC1038AF1}] => (Allow) C:\Users\Imre\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{5E13F8A6-6651-4244-B49D-D60B74281DFA}] => (Allow) C:\Users\Imre\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{E3203284-7FC1-4CA1-9A45-1D10CD6DD051}] => (Allow) C:\Users\Imre\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [UDP Query User{5162E3C3-82F3-4C28-AD34-8A650ADC1FDE}C:\program files (x86)\soulseekqt\soulseekqt.exe] => (Allow) C:\program files (x86)\soulseekqt\soulseekqt.exe
FirewallRules: [TCP Query User{14DEBD76-4677-42CC-A290-EE342B7440F1}C:\program files (x86)\soulseekqt\soulseekqt.exe] => (Allow) C:\program files (x86)\soulseekqt\soulseekqt.exe
FirewallRules: [{C8719EC4-11FA-470D-9048-CA0F956A5CAF}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{36F7EDBC-9FD3-4FE7-B257-2502042DC8DB}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{D77488F8-6FF2-4856-9DE6-774A3A38812C}] => (Allow) C:\Program Files (x86)\Rosetta Stone\Rosetta Stone Version 3\support\bin\win\RosettaStoneLtdServices.exe
FirewallRules: [{F873506A-477B-4025-AAD5-061AE3A27D46}] => (Allow) C:\Program Files (x86)\Rosetta Stone\Rosetta Stone Version 3\support\bin\win\RosettaStoneLtdServices.exe
FirewallRules: [{C5E16228-5EFC-4313-AC67-212D9A363BD6}] => (Allow) C:\Program Files (x86)\Rosetta Stone\Rosetta Stone Version 3\RosettaStoneVersion3.exe
FirewallRules: [{A74A5CA6-053B-47DD-9186-94605A9F25A1}] => (Allow) C:\Program Files (x86)\Rosetta Stone\Rosetta Stone Version 3\RosettaStoneVersion3.exe
FirewallRules: [{FA470FA1-30BB-4B01-8545-99847B8AE539}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{D0B97454-4D39-46F3-8917-71C7F33144BB}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{D1F0B3E2-E728-4A09-81A8-FE3ABC5E3D8D}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{29EB162D-CA76-496A-91DC-1D3A49BC0746}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{110267F7-B12F-4D70-9FDA-F317C8CC7406}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{61B2B2A9-B4B1-4018-B3AB-4B48FF694695}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{6BBE8B66-8029-4ED3-B96E-52F1FC9B78B3}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{E35EB8AB-5ACD-41EB-BE8F-61919F4EDF48}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{8FCE982D-4992-4C49-AE13-75F68F256EEB}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{17314852-0735-4947-BA6A-E2785055737B}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe

==================== Restore Points =========================

21-12-2015 15:35:05 Windows Update
30-12-2015 14:00:37 Windows Update
31-12-2015 18:26:23 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (12/31/2015 06:57:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: RootkitRevealer.exe, Version: 1.71.0.0, Zeitstempel: 0x44e255aa
Name des fehlerhaften Moduls: RootkitRevealer.exe, Version: 1.71.0.0, Zeitstempel: 0x44e255aa
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000040cd
ID des fehlerhaften Prozesses: 0x1f3c
Startzeit der fehlerhaften Anwendung: 0xRootkitRevealer.exe0
Pfad der fehlerhaften Anwendung: RootkitRevealer.exe1
Pfad des fehlerhaften Moduls: RootkitRevealer.exe2
Berichtskennung: RootkitRevealer.exe3
Vollständiger Name des fehlerhaften Pakets: RootkitRevealer.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: RootkitRevealer.exe5

Error: (12/31/2015 06:56:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: DiskView64.exe, Version: 2.40.0.0, Zeitstempel: 0x4baa7c46
Name des fehlerhaften Moduls: DiskView64.exe, Version: 2.40.0.0, Zeitstempel: 0x4baa7c46
Ausnahmecode: 0xc0000409
Fehleroffset: 0x0000000000001507
ID des fehlerhaften Prozesses: 0x1c60
Startzeit der fehlerhaften Anwendung: 0xDiskView64.exe0
Pfad der fehlerhaften Anwendung: DiskView64.exe1
Pfad des fehlerhaften Moduls: DiskView64.exe2
Berichtskennung: DiskView64.exe3
Vollständiger Name des fehlerhaften Pakets: DiskView64.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: DiskView64.exe5

Error: (12/31/2015 06:26:48 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (12/31/2015 06:26:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: SkypeHost.exe, Version: 10.1.0.2123, Zeitstempel: 0x566f6bfe
Name des fehlerhaften Moduls: SkyWrap.dll, Version: 10.1.0.2123, Zeitstempel: 0x566f6bdd
Ausnahmecode: 0xc0000005
Fehleroffset: 0x002081c8
ID des fehlerhaften Prozesses: 0x1094
Startzeit der fehlerhaften Anwendung: 0xSkypeHost.exe0
Pfad der fehlerhaften Anwendung: SkypeHost.exe1
Pfad des fehlerhaften Moduls: SkypeHost.exe2
Berichtskennung: SkypeHost.exe3
Vollständiger Name des fehlerhaften Pakets: SkypeHost.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: SkypeHost.exe5

Error: (12/30/2015 09:16:27 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm iexplore.exe, Version 11.0.10586.20 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Systemsteuerung "Sicherheit und Wartung", um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1564

Startzeit: 01d1433ca62e8922

Beendigungszeit: 19

Anwendungspfad: C:\Program Files (x86)\Internet Explorer\iexplore.exe

Berichts-ID: 32cebfeb-af32-11e5-8294-20256487a424

Vollständiger Name des fehlerhaften Pakets: 

Auf das fehlerhafte Paket bezogene Anwendungs-ID:

Error: (12/30/2015 08:53:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: vlc.exe, Version: 2.2.1.0, Zeitstempel: 0x00000000
Name des fehlerhaften Moduls: libqt4_plugin.dll, Version: 2.2.1.0, Zeitstempel: 0xa2d0a2c0
Ausnahmecode: 0x40000015
Fehleroffset: 0x000000000076310b
ID des fehlerhaften Prozesses: 0x1bd4
Startzeit der fehlerhaften Anwendung: 0xvlc.exe0
Pfad der fehlerhaften Anwendung: vlc.exe1
Pfad des fehlerhaften Moduls: vlc.exe2
Berichtskennung: vlc.exe3
Vollständiger Name des fehlerhaften Pakets: vlc.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: vlc.exe5

Error: (12/30/2015 02:37:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: MsMpEng.exe, Version: 4.9.10586.0, Zeitstempel: 0x5632d908
Name des fehlerhaften Moduls: msvcrt.dll, Version: 7.0.10586.0, Zeitstempel: 0x5632d79e
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000005d5b8
ID des fehlerhaften Prozesses: 0x8a0
Startzeit der fehlerhaften Anwendung: 0xMsMpEng.exe0
Pfad der fehlerhaften Anwendung: MsMpEng.exe1
Pfad des fehlerhaften Moduls: MsMpEng.exe2
Berichtskennung: MsMpEng.exe3
Vollständiger Name des fehlerhaften Pakets: MsMpEng.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: MsMpEng.exe5

Error: (12/30/2015 02:25:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: microsoftedgecp.exe, Version: 11.0.10586.20, Zeitstempel: 0x56540c35
Name des fehlerhaften Moduls: edgehtml.dll, Version: 11.0.10586.20, Zeitstempel: 0x56541351
Ausnahmecode: 0x8000ffff
Fehleroffset: 0x000000000049b7aa
ID des fehlerhaften Prozesses: 0xd90
Startzeit der fehlerhaften Anwendung: 0xmicrosoftedgecp.exe0
Pfad der fehlerhaften Anwendung: microsoftedgecp.exe1
Pfad des fehlerhaften Moduls: microsoftedgecp.exe2
Berichtskennung: microsoftedgecp.exe3
Vollständiger Name des fehlerhaften Pakets: microsoftedgecp.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: microsoftedgecp.exe5

Error: (12/30/2015 02:00:55 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (12/29/2015 02:46:58 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8


System errors:
=============
Error: (12/31/2015 08:42:51 PM) (Source: DCOM) (EventID: 10016) (User: LENOVO-G710)
Description: application-specificLocalActivation{9E175B6D-F52A-11D8-B9A5-505054503030}{9E175B9C-F52A-11D8-B9A5-505054503030}Lenovo-G710ImreS-1-5-21-253609680-664229831-636946120-1001LocalHost (Using LRPC)Microsoft.MicrosoftEdge_25.10586.0.0_neutral__8wekyb3d8bbweS-1-15-2-3624051433-2125758914-1423191267-1740899205-1073925389-3782572162-737981194

Error: (12/31/2015 07:03:27 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "User Data Access_25dad" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Restart the service.

Error: (12/31/2015 07:03:27 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "User Data Storage_25dad" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Restart the service.

Error: (12/31/2015 07:03:27 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Contact Data_25dad" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Restart the service.

Error: (12/31/2015 07:03:27 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Sync Host_25dad" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Restart the service.

Error: (12/31/2015 07:03:27 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (12/31/2015 06:42:13 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "User Data Access_27459" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Restart the service.

Error: (12/31/2015 06:42:13 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "User Data Storage_27459" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Restart the service.

Error: (12/31/2015 06:42:13 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Contact Data_27459" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Restart the service.

Error: (12/31/2015 06:42:13 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Sync Host_27459" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Restart the service.


CodeIntegrity:
===================================
  Date: 2016-01-01 13:29:43.278
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-01-01 13:29:43.235
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-12-31 18:53:20.491
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-12-31 18:53:20.358
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-12-31 18:34:16.643
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-12-31 18:34:16.540
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-12-30 20:49:44.717
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-12-30 15:10:27.125
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-12-30 15:10:27.054
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-12-30 14:40:28.775
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\BubbleSound\BubbleSound.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i5-4200M CPU @ 2.50GHz
Percentage of memory in use: 36%
Total physical RAM: 8116.36 MB
Available physical RAM: 5143.68 MB
Total Virtual: 9396.36 MB
Available Virtual: 6378.88 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.32 GB) (Free:267.87 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:465.76 GB) (Free:465.6 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: D9FA2484)
Partition 1: (Active) - (Size=465.3 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=450 MB) - (Type=27)
Partition 3: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================
         
--- --- ---
__________________

Alt 01.01.2016, 14:46   #4
akakesios
 
Problem beim Starten von .dll - Das angebene Modul wurde nicht gefunden - Standard

Problem beim Starten von .dll - Das angebene Modul wurde nicht gefunden



Code:
ATTFilter
14:33:52.0552 0x1c54  TDSS rootkit removing tool 3.1.0.9 Dec 11 2015 22:49:12
14:34:07.0483 0x1c54  ============================================================
14:34:07.0483 0x1c54  Current date / time: 2016/01/01 14:34:07.0483
14:34:07.0483 0x1c54  SystemInfo:
14:34:07.0483 0x1c54  
14:34:07.0483 0x1c54  OS Version: 10.0.10586 ServicePack: 0.0
14:34:07.0483 0x1c54  Product type: Workstation
14:34:07.0483 0x1c54  ComputerName: LENOVO-G710
14:34:07.0483 0x1c54  UserName: Imre
14:34:07.0483 0x1c54  Windows directory: C:\WINDOWS
14:34:07.0483 0x1c54  System windows directory: C:\WINDOWS
14:34:07.0483 0x1c54  Running under WOW64
14:34:07.0483 0x1c54  Processor architecture: Intel x64
14:34:07.0483 0x1c54  Number of processors: 4
14:34:07.0483 0x1c54  Page size: 0x1000
14:34:07.0483 0x1c54  Boot type: Normal boot
14:34:07.0483 0x1c54  ============================================================
14:34:07.0628 0x1c54  KLMD registered as C:\WINDOWS\system32\drivers\80937857.sys
14:34:08.0471 0x1c54  System UUID: {E307C639-E7F6-7307-DE1A-EDD8358E3558}
14:34:09.0135 0x1c54  Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:34:09.0135 0x1c54  ============================================================
14:34:09.0135 0x1c54  \Device\Harddisk0\DR0:
14:34:09.0135 0x1c54  MBR partitions:
14:34:09.0135 0x1c54  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3A2A2000
14:34:09.0135 0x1c54  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x3A383800, BlocksNum 0x3A3835B0
14:34:09.0135 0x1c54  ============================================================
14:34:09.0135 0x1c54  C: <-> \Device\Harddisk0\DR0\Partition1
14:34:09.0173 0x1c54  D: <-> \Device\Harddisk0\DR0\Partition2
14:34:09.0173 0x1c54  ============================================================
14:34:09.0173 0x1c54  Initialize success
14:34:09.0173 0x1c54  ============================================================
14:34:52.0530 0x0b40  ============================================================
14:34:52.0530 0x0b40  Scan started
14:34:52.0530 0x0b40  Mode: Manual; SigCheck; TDLFS; 
14:34:52.0530 0x0b40  ============================================================
14:34:52.0530 0x0b40  KSN ping started
14:34:54.0897 0x0b40  KSN ping finished: true
14:34:56.0371 0x0b40  ================ Scan system memory ========================
14:34:56.0371 0x0b40  System memory - ok
14:34:56.0387 0x0b40  ================ Scan services =============================
14:34:56.0540 0x0b40  1394ohci - ok
14:34:56.0540 0x0b40  3ware - ok
14:34:56.0555 0x0b40  ACPI - ok
14:34:56.0555 0x0b40  acpiex - ok
14:34:56.0571 0x0b40  acpipagr - ok
14:34:56.0587 0x0b40  AcpiPmi - ok
14:34:56.0587 0x0b40  acpitime - ok
14:34:56.0587 0x0b40  [ E13DE7CD2B62254DD4FF658B7798A37D, 9FCCC90DEF6BE83F8C41D4552D235A7BB5534954D2E7CB7B1C336A31FCCAB3AD ] ACPIVPC         C:\WINDOWS\System32\drivers\AcpiVpc.sys
14:34:56.0639 0x0b40  ACPIVPC - ok
14:34:56.0640 0x0b40  [ D0B11E40EA74A98A5E133DF1F5276240, BAD5885CD8CC271D59DFA95159EFC3AC36D2BA11B6DA593AAED0C45F1C2F280F ] acsock          C:\WINDOWS\system32\DRIVERS\acsock64.sys
14:34:56.0656 0x0b40  acsock - ok
14:34:56.0719 0x0b40  [ 5DB2C6B908C50767E2EDAA294A7566B5, 13AE4879D679BB0C6B2A5A5B13910359815A9D2E569BC1DE740B5A387A78CF33 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
14:34:56.0719 0x0b40  AdobeARMservice - ok
14:34:56.0803 0x0b40  [ C3E7E1F3C85A6788F3BA078BA214341E, A3D72ACE045730DC1C8A6F4E3937C5C765AB447BF7C573BEC53DE8148EB4A1C8 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
14:34:56.0819 0x0b40  AdobeFlashPlayerUpdateSvc - ok
14:34:56.0835 0x0b40  ADP80XX - ok
14:34:56.0840 0x0b40  AFD - ok
14:34:56.0840 0x0b40  agp440 - ok
14:34:56.0840 0x0b40  ahcache - ok
14:34:56.0840 0x0b40  AJRouter - ok
14:34:56.0840 0x0b40  ALG - ok
14:34:56.0856 0x0b40  AmdK8 - ok
14:34:56.0856 0x0b40  AmdPPM - ok
14:34:56.0856 0x0b40  amdsata - ok
14:34:56.0856 0x0b40  amdsbs - ok
14:34:56.0856 0x0b40  amdxata - ok
14:34:56.0872 0x0b40  [ 4126D30992B26303E47E8981313FD6D6, 4C8DB2DDDB88FBEA87CDBFB93D9855B40043778878AF4A5571C174434F9C0D4C ] AmUStor         C:\WINDOWS\system32\drivers\AmUStor.SYS
14:34:56.0872 0x0b40  AmUStor - ok
14:34:56.0888 0x0b40  AppID - ok
14:34:56.0888 0x0b40  AppIDSvc - ok
14:34:56.0888 0x0b40  Appinfo - ok
14:34:56.0888 0x0b40  AppMgmt - ok
14:34:56.0888 0x0b40  AppReadiness - ok
14:34:56.0903 0x0b40  AppXSvc - ok
14:34:56.0903 0x0b40  arcsas - ok
14:34:56.0903 0x0b40  AsyncMac - ok
14:34:56.0903 0x0b40  atapi - ok
14:34:56.0903 0x0b40  AudioEndpointBuilder - ok
14:34:56.0919 0x0b40  Audiosrv - ok
14:34:56.0919 0x0b40  AxInstSV - ok
14:34:56.0919 0x0b40  b06bdrv - ok
14:34:56.0919 0x0b40  BasicDisplay - ok
14:34:56.0919 0x0b40  BasicRender - ok
14:34:56.0941 0x0b40  [ 6FED40EC0DB11DF1B2AD08621FBDDED6, 06258C9C9B7C231A6900E1E237001A4E5513F74CEA7B4DFAB56490D455AB0549 ] bcbtums         C:\WINDOWS\system32\drivers\bcbtums.sys
14:34:56.0941 0x0b40  bcbtums - ok
14:34:56.0941 0x0b40  BCM43XX - ok
14:34:57.0003 0x0b40  [ 43907773F7563AF4DF0999D47522E802, 2563666842008E202B6A64435F06169A259D6DC56D16AF7359114C20A4FA4400 ] BcmBtRSupport   C:\WINDOWS\system32\BtwRSupportService.exe
14:34:57.0057 0x0b40  BcmBtRSupport - ok
14:34:57.0072 0x0b40  bcmfn - ok
14:34:57.0072 0x0b40  bcmfn2 - ok
14:34:57.0072 0x0b40  BDESVC - ok
14:34:57.0072 0x0b40  Beep - ok
14:34:57.0088 0x0b40  BFE - ok
14:34:57.0088 0x0b40  BITS - ok
14:34:57.0088 0x0b40  bowser - ok
14:34:57.0088 0x0b40  BrokerInfrastructure - ok
14:34:57.0088 0x0b40  Browser - ok
14:34:57.0104 0x0b40  BthAvrcpTg - ok
14:34:57.0104 0x0b40  BthEnum - ok
14:34:57.0104 0x0b40  BthHFEnum - ok
14:34:57.0104 0x0b40  bthhfhid - ok
14:34:57.0119 0x0b40  BthHFSrv - ok
14:34:57.0119 0x0b40  BthLEEnum - ok
14:34:57.0119 0x0b40  BTHMODEM - ok
14:34:57.0119 0x0b40  BthPan - ok
14:34:57.0135 0x0b40  BTHPORT - ok
14:34:57.0139 0x0b40  bthserv - ok
14:34:57.0141 0x0b40  BTHUSB - ok
14:34:57.0141 0x0b40  [ 8B8B304DF17084338326BC4ACC2716C5, 426D56742D0E3E8471EE28FC5E0158223826770DF5BED88D5863D265A070A45D ] btwampfl        C:\WINDOWS\system32\DRIVERS\btwampfl.sys
14:34:57.0157 0x0b40  btwampfl - ok
14:34:57.0157 0x0b40  buttonconverter - ok
14:34:57.0157 0x0b40  CapImg - ok
14:34:57.0157 0x0b40  cdfs - ok
14:34:57.0172 0x0b40  CDPSvc - ok
14:34:57.0172 0x0b40  cdrom - ok
14:34:57.0172 0x0b40  CertPropSvc - ok
14:34:57.0172 0x0b40  circlass - ok
14:34:57.0188 0x0b40  CLFS - ok
14:34:57.0188 0x0b40  ClipSVC - ok
14:34:57.0188 0x0b40  CmBatt - ok
14:34:57.0204 0x0b40  CNG - ok
14:34:57.0204 0x0b40  cnghwassist - ok
14:34:57.0256 0x0b40  CompositeBus - ok
14:34:57.0256 0x0b40  COMSysApp - ok
14:34:57.0256 0x0b40  condrv - ok
14:34:57.0256 0x0b40  CoreMessagingRegistrar - ok
14:34:57.0344 0x0b40  [ A6B9FD89353D6005DD74485F591F2A83, 1148FDAC0C4B01E9F7C925E22F0E13CA0ECA3DB8AE13F3303E99AB03D4E7B644 ] cphs            C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
14:34:57.0376 0x0b40  cphs - ok
14:34:57.0376 0x0b40  CryptSvc - ok
14:34:57.0376 0x0b40  CSC - ok
14:34:57.0391 0x0b40  CscService - ok
14:34:57.0391 0x0b40  dam - ok
14:34:57.0391 0x0b40  DcomLaunch - ok
14:34:57.0391 0x0b40  DcpSvc - ok
14:34:57.0391 0x0b40  defragsvc - ok
14:34:57.0407 0x0b40  DeviceAssociationService - ok
14:34:57.0407 0x0b40  DeviceInstall - ok
14:34:57.0407 0x0b40  DevQueryBroker - ok
14:34:57.0407 0x0b40  Dfsc - ok
14:34:57.0422 0x0b40  Dhcp - ok
14:34:57.0422 0x0b40  diagnosticshub.standardcollector.service - ok
14:34:57.0422 0x0b40  DiagTrack - ok
14:34:57.0422 0x0b40  disk - ok
14:34:57.0439 0x0b40  DmEnrollmentSvc - ok
14:34:57.0442 0x0b40  dmvsc - ok
14:34:57.0445 0x0b40  dmwappushservice - ok
14:34:57.0445 0x0b40  Dnscache - ok
14:34:57.0445 0x0b40  dot3svc - ok
14:34:57.0445 0x0b40  DPS - ok
14:34:57.0460 0x0b40  drmkaud - ok
14:34:57.0460 0x0b40  DsmSvc - ok
14:34:57.0460 0x0b40  DsSvc - ok
14:34:57.0460 0x0b40  [ 496C3C6BC3D930D0960C9E75AA30F4A7, 3FE0E86DA8C2C6A990BB2F1B92C22BD3483882B8D69FF8025BB68A199362C234 ] dtlitescsibus   C:\WINDOWS\System32\drivers\dtlitescsibus.sys
14:34:57.0476 0x0b40  dtlitescsibus - ok
14:34:57.0476 0x0b40  DXGKrnl - ok
14:34:57.0476 0x0b40  Eaphost - ok
14:34:57.0476 0x0b40  ebdrv - ok
14:34:57.0492 0x0b40  EFS - ok
14:34:57.0492 0x0b40  EhStorClass - ok
14:34:57.0492 0x0b40  EhStorTcgDrv - ok
14:34:57.0492 0x0b40  embeddedmode - ok
14:34:57.0492 0x0b40  EntAppSvc - ok
14:34:57.0507 0x0b40  ErrDev - ok
14:34:57.0507 0x0b40  EventSystem - ok
14:34:57.0507 0x0b40  exfat - ok
14:34:57.0507 0x0b40  fastfat - ok
14:34:57.0523 0x0b40  Fax - ok
14:34:57.0523 0x0b40  fdc - ok
14:34:57.0523 0x0b40  fdPHost - ok
14:34:57.0523 0x0b40  FDResPub - ok
14:34:57.0540 0x0b40  fhsvc - ok
14:34:57.0543 0x0b40  FileCrypt - ok
14:34:57.0545 0x0b40  FileInfo - ok
14:34:57.0545 0x0b40  Filetrace - ok
14:34:57.0623 0x0b40  [ BB0667B0171B632B97EA759515476F07, 07A123B2182D5813D2898928C231638353CF086606E9D5A5AF4A2A73E17CEC27 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
14:34:57.0661 0x0b40  FLEXnet Licensing Service - ok
14:34:57.0661 0x0b40  flpydisk - ok
14:34:57.0661 0x0b40  FltMgr - ok
14:34:57.0676 0x0b40  FontCache - ok
14:34:57.0708 0x0b40  FontCache3.0.0.0 - ok
14:34:57.0708 0x0b40  FsDepends - ok
14:34:57.0708 0x0b40  Fs_Rec - ok
14:34:57.0708 0x0b40  fvevol - ok
14:34:57.0723 0x0b40  gagp30kx - ok
14:34:57.0723 0x0b40  gencounter - ok
14:34:57.0723 0x0b40  genericusbfn - ok
14:34:57.0723 0x0b40  GPIOClx0101 - ok
14:34:57.0742 0x0b40  gpsvc - ok
14:34:57.0745 0x0b40  GpuEnergyDrv - ok
14:34:57.0745 0x0b40  HDAudBus - ok
14:34:57.0745 0x0b40  HidBatt - ok
14:34:57.0745 0x0b40  HidBth - ok
14:34:57.0745 0x0b40  hidi2c - ok
14:34:57.0761 0x0b40  hidinterrupt - ok
14:34:57.0761 0x0b40  HidIr - ok
14:34:57.0761 0x0b40  hidserv - ok
14:34:57.0761 0x0b40  HidUsb - ok
14:34:57.0761 0x0b40  HomeGroupListener - ok
14:34:57.0777 0x0b40  HomeGroupProvider - ok
14:34:57.0777 0x0b40  HpSAMD - ok
14:34:57.0777 0x0b40  HTTP - ok
14:34:57.0777 0x0b40  hwpolicy - ok
14:34:57.0777 0x0b40  hyperkbd - ok
14:34:57.0792 0x0b40  i8042prt - ok
14:34:57.0792 0x0b40  iai2c - ok
14:34:57.0792 0x0b40  iaLPSS2i_I2C - ok
14:34:57.0792 0x0b40  iaLPSSi_GPIO - ok
14:34:57.0792 0x0b40  iaLPSSi_I2C - ok
14:34:57.0824 0x0b40  [ E5A15FEDEBDFB8E12CB94DBF01833775, 9C751A1FD8A5CEC8DD9FE8AE46E86A514C67F07EED04AB23A26A36F400DF8EA4 ] iaStorA         C:\WINDOWS\system32\drivers\iaStorA.sys
14:34:57.0846 0x0b40  iaStorA - ok
14:34:57.0846 0x0b40  iaStorAV - ok
14:34:57.0877 0x0b40  [ 95BA9605AE793746D8F6AD18E5DA7EFE, 1CFB12E798E268D812EB20EBC85AC1DD1345F073389DEF79986BA45E7BDC701D ] IAStorDataMgrSvc C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
14:34:57.0893 0x0b40  IAStorDataMgrSvc - ok
14:34:57.0893 0x0b40  iaStorV - ok
14:34:57.0893 0x0b40  ibbus - ok
14:34:57.0908 0x0b40  icssvc - ok
14:34:57.0908 0x0b40  IEEtwCollectorService - ok
14:34:58.0077 0x0b40  [ 6FFC445E0D38C3C880125F2C201C9BC6, 488A427239B55394359751FCB8CBAEA8E2AE1CB2AE03C04590E7B8C80EF3F709 ] igfx            C:\WINDOWS\system32\DRIVERS\igdkmd64.sys
14:34:58.0247 0x0b40  igfx - ok
14:34:58.0262 0x0b40  [ AC4F72ABB5ED596A0F3D9D1EDDC4B27C, F48BFF192B523709DEF64578EA7217EED59E2C1D2627E7BD54E59DABC25B8C36 ] igfxCUIService2.0.0.0 C:\WINDOWS\system32\igfxCUIService.exe
14:34:58.0278 0x0b40  igfxCUIService2.0.0.0 - ok
14:34:58.0278 0x0b40  IKEEXT - ok
14:34:58.0293 0x0b40  [ 42777B7BE4946135578E5C3BC1D2E4AD, CE4FF334238D0A98139676420E770A42DC0F5567F49D618B56CD55417F556D05 ] IntcDAud        C:\WINDOWS\system32\DRIVERS\IntcDAud.sys
14:34:58.0309 0x0b40  IntcDAud - ok
14:34:58.0325 0x0b40  [ B1B3CED4AACC96080EE7E7516A558184, 3B76DDC32EDEF6FFC5722FB063576FBE154A958A73F9E3B377E541C9BB2F06D5 ] IntelHSWPcc     C:\WINDOWS\system32\drivers\IntelPcc.sys
14:34:58.0325 0x0b40  IntelHSWPcc - ok
14:34:58.0325 0x0b40  intelide - ok
14:34:58.0342 0x0b40  intelpep - ok
14:34:58.0345 0x0b40  intelppm - ok
14:34:58.0346 0x0b40  IoQos - ok
14:34:58.0346 0x0b40  IpFilterDriver - ok
14:34:58.0346 0x0b40  iphlpsvc - ok
14:34:58.0346 0x0b40  IPMIDRV - ok
14:34:58.0362 0x0b40  IPNAT - ok
14:34:58.0362 0x0b40  IRENUM - ok
14:34:58.0362 0x0b40  isapnp - ok
14:34:58.0362 0x0b40  iScsiPrt - ok
14:34:58.0362 0x0b40  [ F1D3A377ED9BA1CA449824C41CAF104C, EA0E90D5D827664CFDB644753C6DC134C3F8F852F24175EC8328A9FA925B25BF ] iwdbus          C:\WINDOWS\System32\drivers\iwdbus.sys
14:34:58.0378 0x0b40  iwdbus - ok
14:34:58.0378 0x0b40  kbdclass - ok
14:34:58.0378 0x0b40  kbdhid - ok
14:34:58.0378 0x0b40  kdnic - ok
14:34:58.0393 0x0b40  KeyIso - ok
14:34:58.0393 0x0b40  KSecDD - ok
14:34:58.0393 0x0b40  KSecPkg - ok
14:34:58.0393 0x0b40  ksthunk - ok
14:34:58.0409 0x0b40  KtmRm - ok
14:34:58.0409 0x0b40  [ 4E5EA006CFFB96E0BAFC767D659AAB9A, A24A334955FB98D0903971454FADAC639D535BD32BB48964BD95019C7F6C454E ] L1C             C:\WINDOWS\System32\drivers\L1C63x64.sys
14:34:58.0409 0x0b40  L1C - ok
14:34:58.0425 0x0b40  LanmanServer - ok
14:34:58.0425 0x0b40  LanmanWorkstation - ok
14:34:58.0425 0x0b40  lfsvc - ok
14:34:58.0425 0x0b40  LicenseManager - ok
14:34:58.0443 0x0b40  lltdio - ok
14:34:58.0447 0x0b40  lltdsvc - ok
14:34:58.0447 0x0b40  lmhosts - ok
14:34:58.0447 0x0b40  LSI_SAS - ok
14:34:58.0447 0x0b40  LSI_SAS2i - ok
14:34:58.0447 0x0b40  LSI_SAS3i - ok
14:34:58.0463 0x0b40  LSI_SSS - ok
14:34:58.0463 0x0b40  LSM - ok
14:34:58.0463 0x0b40  luafv - ok
14:34:58.0463 0x0b40  MapsBroker - ok
14:34:58.0547 0x0b40  [ CFBC6C6D8A492697CABD1D353EE64933, DDAA844908324740C891EB8F08E2A8BB00457063B31C4A762745C1C2415FC12D ] MBAMProtector   C:\WINDOWS\system32\drivers\mbam.sys
14:34:58.0547 0x0b40  MBAMProtector - ok
14:34:58.0648 0x0b40  [ 40C126CB15FAB7D6C66490DCA9C1AED2, B32CEE2D2409232C245427D5E9647FDF59AF1D8AB5E8A98EE2D1F1314599FD14 ] MBAMService     C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
14:34:58.0679 0x0b40  MBAMService - ok
14:34:58.0695 0x0b40  [ 08DECFCB9BA97786165A69AB1015BC30, EDC8C8447B57BD412E2DEBCA9B5B1B58C19D40105DC7CE9520DE214081696B05 ] MBAMWebAccessControl C:\WINDOWS\system32\drivers\mwac.sys
14:34:58.0695 0x0b40  MBAMWebAccessControl - ok
14:34:58.0695 0x0b40  megasas - ok
14:34:58.0695 0x0b40  megasr - ok
14:34:58.0710 0x0b40  [ E7C9F74D8CAAB1FF7964C27C070FB16C, 76CCD9109E1031A336B7E275368520FFB60D500E24444B04066F205D1ED5BA2B ] MEIx64          C:\WINDOWS\System32\drivers\TeeDriverW8x64.sys
14:34:58.0726 0x0b40  MEIx64 - ok
14:34:58.0726 0x0b40  MessagingService - ok
14:34:58.0863 0x0b40  mlx4_bus - ok
14:34:58.0879 0x0b40  MMCSS - ok
14:34:58.0895 0x0b40  Modem - ok
14:34:58.0895 0x0b40  monitor - ok
14:34:58.0895 0x0b40  mouclass - ok
14:34:58.0895 0x0b40  mouhid - ok
14:34:58.0910 0x0b40  mountmgr - ok
14:34:58.0910 0x0b40  [ C34AB4280614658903BE848CE79ACDB5, 9A943D9B3CF941DAE4EA4E2771B5EC5DA37AB16AD43095EF092B4259D62FF810 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
14:34:58.0926 0x0b40  MozillaMaintenance - ok
14:34:58.0926 0x0b40  mpsdrv - ok
14:34:58.0942 0x0b40  MpsSvc - ok
14:34:58.0945 0x0b40  MRxDAV - ok
14:34:58.0948 0x0b40  mrxsmb - ok
14:34:58.0948 0x0b40  mrxsmb10 - ok
14:34:58.0948 0x0b40  mrxsmb20 - ok
14:34:58.0948 0x0b40  MsBridge - ok
14:34:58.0948 0x0b40  MSDTC - ok
14:34:58.0964 0x0b40  Msfs - ok
14:34:58.0964 0x0b40  msgpiowin32 - ok
14:34:58.0964 0x0b40  mshidkmdf - ok
14:34:58.0964 0x0b40  mshidumdf - ok
14:34:58.0979 0x0b40  msisadrv - ok
14:34:58.0979 0x0b40  MSiSCSI - ok
14:34:58.0979 0x0b40  msiserver - ok
14:34:58.0979 0x0b40  MSKSSRV - ok
14:34:58.0995 0x0b40  MsLldp - ok
14:34:58.0995 0x0b40  MSPCLOCK - ok
14:34:58.0995 0x0b40  MSPQM - ok
14:34:58.0995 0x0b40  MsRPC - ok
14:34:58.0995 0x0b40  mssmbios - ok
14:34:59.0011 0x0b40  MSTEE - ok
14:34:59.0011 0x0b40  MTConfig - ok
14:34:59.0026 0x0b40  Mup - ok
14:34:59.0026 0x0b40  mvumis - ok
14:34:59.0046 0x0b40  NativeWifiP - ok
14:34:59.0048 0x0b40  NcaSvc - ok
14:34:59.0048 0x0b40  NcbService - ok
14:34:59.0048 0x0b40  NcdAutoSetup - ok
14:34:59.0048 0x0b40  ndfltr - ok
14:34:59.0048 0x0b40  NDIS - ok
14:34:59.0063 0x0b40  NdisCap - ok
14:34:59.0063 0x0b40  NdisImPlatform - ok
14:34:59.0063 0x0b40  NdisTapi - ok
14:34:59.0063 0x0b40  Ndisuio - ok
14:34:59.0079 0x0b40  NdisVirtualBus - ok
14:34:59.0079 0x0b40  NdisWan - ok
14:34:59.0079 0x0b40  ndiswanlegacy - ok
14:34:59.0079 0x0b40  ndproxy - ok
14:34:59.0095 0x0b40  Ndu - ok
14:34:59.0095 0x0b40  NetBIOS - ok
14:34:59.0095 0x0b40  NetBT - ok
14:34:59.0095 0x0b40  Netlogon - ok
14:34:59.0110 0x0b40  Netman - ok
14:34:59.0110 0x0b40  netprofm - ok
14:34:59.0110 0x0b40  NetSetupSvc - ok
14:34:59.0148 0x0b40  NetTcpPortSharing - ok
14:34:59.0148 0x0b40  NgcCtnrSvc - ok
14:34:59.0148 0x0b40  NgcSvc - ok
14:34:59.0179 0x0b40  NlaSvc - ok
14:34:59.0179 0x0b40  Npfs - ok
14:34:59.0179 0x0b40  npsvctrig - ok
14:34:59.0179 0x0b40  nsi - ok
14:34:59.0195 0x0b40  nsiproxy - ok
14:34:59.0195 0x0b40  NTFS - ok
14:34:59.0195 0x0b40  Null - ok
14:34:59.0496 0x0b40  [ DF0BB2C179476D312B7BC0056CEC50A6, 64CC3201FA903E0EC9C99BE167C439C14A4C9AC2A88898B64789EEB381DB97B6 ] nvlddmkm        C:\WINDOWS\system32\DRIVERS\nvlddmkm.sys
14:34:59.0728 0x0b40  nvlddmkm - ok
14:34:59.0750 0x0b40  nvraid - ok
14:34:59.0750 0x0b40  nvstor - ok
14:34:59.0781 0x0b40  [ DFCCA437717EACA8418F47992A41B39A, E587A629B894EE6A16AC414747D492FFC6B6E9F051B40F7D25F0D4406E2FF919 ] nvsvc           C:\WINDOWS\system32\nvvsvc.exe
14:34:59.0797 0x0b40  nvsvc - ok
14:34:59.0847 0x0b40  [ 845AF450F71A11B7358C6EFE9A76A894, 8042DF2402D00E210536552AC8202F6112F75C2F1506B0BED8DD3F04AF7BEF3F ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
14:34:59.0866 0x0b40  nvUpdatusService - ok
14:34:59.0882 0x0b40  nv_agp - ok
14:34:59.0882 0x0b40  OneSyncSvc - ok
14:34:59.0929 0x0b40  [ 11E0B35479C895888BA3D7F619DCFFF3, 6ED82C19898101EC00BD64A9F90595C3D20AD2D2902AA8765B740FB3B9312DDF ] ose64           C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:34:59.0929 0x0b40  ose64 - ok
14:34:59.0951 0x0b40  p2pimsvc - ok
14:34:59.0951 0x0b40  p2psvc - ok
14:34:59.0951 0x0b40  Parport - ok
14:34:59.0951 0x0b40  partmgr - ok
14:34:59.0966 0x0b40  PcaSvc - ok
14:34:59.0966 0x0b40  pci - ok
14:34:59.0966 0x0b40  pciide - ok
14:34:59.0966 0x0b40  pcmcia - ok
14:34:59.0982 0x0b40  pcw - ok
14:34:59.0982 0x0b40  pdc - ok
14:34:59.0982 0x0b40  PEAUTH - ok
14:34:59.0998 0x0b40  PeerDistSvc - ok
14:34:59.0998 0x0b40  percsas2i - ok
14:34:59.0998 0x0b40  percsas3i - ok
14:35:00.0066 0x0b40  PerfHost - ok
14:35:00.0066 0x0b40  PhoneSvc - ok
14:35:00.0082 0x0b40  PimIndexMaintenanceSvc - ok
14:35:00.0150 0x0b40  pla - ok
14:35:00.0150 0x0b40  PlugPlay - ok
14:35:00.0166 0x0b40  PNRPAutoReg - ok
14:35:00.0182 0x0b40  PNRPsvc - ok
14:35:00.0182 0x0b40  PolicyAgent - ok
14:35:00.0182 0x0b40  Power - ok
14:35:00.0197 0x0b40  PptpMiniport - ok
14:35:00.0329 0x0b40  [ 959F94AD1255BC749884EDDD14EC29C4, 2CD6DA9778EA36FA0B4080F6DB1C634712238E014E47546403CD3CDB35A1DCA8 ] PrintNotify     C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll
14:35:00.0451 0x0b40  PrintNotify - ok
14:35:00.0451 0x0b40  Processor - ok
14:35:00.0467 0x0b40  ProfSvc - ok
14:35:00.0467 0x0b40  Psched - ok
14:35:00.0467 0x0b40  QWAVE - ok
14:35:00.0467 0x0b40  QWAVEdrv - ok
14:35:00.0482 0x0b40  RasAcd - ok
14:35:00.0482 0x0b40  RasAgileVpn - ok
14:35:00.0482 0x0b40  RasAuto - ok
14:35:00.0482 0x0b40  Rasl2tp - ok
14:35:00.0498 0x0b40  RasMan - ok
14:35:00.0498 0x0b40  RasPppoe - ok
14:35:00.0498 0x0b40  RasSstp - ok
14:35:00.0498 0x0b40  rdbss - ok
14:35:00.0498 0x0b40  rdpbus - ok
14:35:00.0514 0x0b40  RDPDR - ok
14:35:00.0514 0x0b40  RdpVideoMiniport - ok
14:35:00.0514 0x0b40  rdyboost - ok
14:35:00.0529 0x0b40  ReFSv1 - ok
14:35:00.0529 0x0b40  RemoteAccess - ok
14:35:00.0529 0x0b40  RemoteRegistry - ok
14:35:00.0529 0x0b40  RetailDemo - ok
14:35:00.0529 0x0b40  RFCOMM - ok
14:35:00.0548 0x0b40  RpcEptMapper - ok
14:35:00.0550 0x0b40  RpcLocator - ok
14:35:00.0551 0x0b40  RpcSs - ok
14:35:00.0551 0x0b40  rspndr - ok
14:35:00.0815 0x0b40  [ 5D298E56746D170E95C763F1BB65687B, 35BB342748246488595D47FC85BB90C6EC4BB3C9D89758541E7D0D87ED5217DD ] rtsuvc          C:\WINDOWS\system32\DRIVERS\rtsuvc.sys
14:35:01.0000 0x0b40  rtsuvc - ok
14:35:01.0015 0x0b40  s3cap - ok
14:35:01.0031 0x0b40  SamSs - ok
14:35:01.0053 0x0b40  sbp2port - ok
14:35:01.0053 0x0b40  SCardSvr - ok
14:35:01.0053 0x0b40  ScDeviceEnum - ok
14:35:01.0069 0x0b40  scfilter - ok
14:35:01.0069 0x0b40  Schedule - ok
14:35:01.0069 0x0b40  SCPolicySvc - ok
14:35:01.0069 0x0b40  sdbus - ok
14:35:01.0069 0x0b40  SDRSVC - ok
14:35:01.0084 0x0b40  sdstor - ok
14:35:01.0084 0x0b40  seclogon - ok
14:35:01.0084 0x0b40  SENS - ok
14:35:01.0084 0x0b40  SensorDataService - ok
14:35:01.0100 0x0b40  SensorService - ok
14:35:01.0100 0x0b40  SensrSvc - ok
14:35:01.0100 0x0b40  SerCx - ok
14:35:01.0100 0x0b40  SerCx2 - ok
14:35:01.0100 0x0b40  Serenum - ok
14:35:01.0116 0x0b40  Serial - ok
14:35:01.0116 0x0b40  sermouse - ok
14:35:01.0116 0x0b40  SessionEnv - ok
14:35:01.0131 0x0b40  sfloppy - ok
14:35:01.0131 0x0b40  SharedAccess - ok
14:35:01.0131 0x0b40  ShellHWDetection - ok
14:35:01.0131 0x0b40  SiSRaid2 - ok
14:35:01.0147 0x0b40  SiSRaid4 - ok
14:35:01.0153 0x0b40  [ 8A6571231D93C08434A56E19E33A35CB, 78A12B58D129D5B2017C9A94734656B9F1ED41345DF1D01F82702D4D95C1BE3F ] SmbDrvI         C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys
14:35:01.0153 0x0b40  SmbDrvI - ok
14:35:01.0153 0x0b40  smphost - ok
14:35:01.0153 0x0b40  SmsRouter - ok
14:35:01.0169 0x0b40  SNMPTRAP - ok
14:35:01.0169 0x0b40  spaceport - ok
14:35:01.0169 0x0b40  SpbCx - ok
14:35:01.0184 0x0b40  Spooler - ok
14:35:01.0184 0x0b40  sppsvc - ok
14:35:01.0184 0x0b40  srv - ok
14:35:01.0184 0x0b40  srv2 - ok
14:35:01.0184 0x0b40  srvnet - ok
14:35:01.0200 0x0b40  SSDPSRV - ok
14:35:01.0200 0x0b40  SstpSvc - ok
14:35:01.0216 0x0b40  [ 9F32B689FFC8F454D6086FC125001F84, C000811E9032F2607ECE62632921E71B92A4FF832856D59E74D95089699D8447 ] STacSV          C:\Program Files\IDT\WDM\STacSV64.exe
14:35:01.0216 0x0b40  STacSV - detected UnsignedFile.Multi.Generic ( 1 )
14:35:02.0337 0x055c  Object required for P2P: [ C3E7E1F3C85A6788F3BA078BA214341E ] AdobeFlashPlayerUpdateSvc
14:35:03.0639 0x0b40  Detect skipped due to KSN trusted
14:35:03.0639 0x0b40  STacSV - ok
14:35:03.0639 0x0b40  StateRepository - ok
14:35:03.0655 0x0b40  stexstor - ok
14:35:03.0692 0x0b40  [ F4C2C83BAFEBABA3B934A934D3C7186B, C6C7AD8B511E710A3F4B96238ED8F11E34779E4B7F213C1FEC81FEE11D9FC505 ] STHDA           C:\WINDOWS\system32\DRIVERS\stwrt64.sys
14:35:03.0723 0x0b40  STHDA - ok
14:35:03.0723 0x0b40  stisvc - ok
14:35:03.0723 0x0b40  storahci - ok
14:35:03.0739 0x0b40  storflt - ok
14:35:03.0739 0x0b40  stornvme - ok
14:35:03.0739 0x0b40  storqosflt - ok
14:35:03.0739 0x0b40  StorSvc - ok
14:35:03.0755 0x0b40  storufs - ok
14:35:03.0755 0x0b40  storvsc - ok
14:35:03.0755 0x0b40  svsvc - ok
14:35:03.0755 0x0b40  swenum - ok
14:35:03.0792 0x0b40  [ F577910A133A592234EBAAD3F3AFA258, 36F514740EE2D2B2F7ABFFFA13D575233EC4CE774EB58BF889C09930FEF1F443 ] SwitchBoard     C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
14:35:03.0808 0x0b40  SwitchBoard - detected UnsignedFile.Multi.Generic ( 1 )
14:35:04.0857 0x055c  Object send P2P result: true
14:35:06.0199 0x0b40  Detect skipped due to KSN trusted
14:35:06.0199 0x0b40  SwitchBoard - ok
14:35:06.0202 0x0b40  swprv - ok
14:35:06.0202 0x0b40  Synth3dVsc - ok
14:35:06.0249 0x0b40  [ 7DC2B34FB6F1798F2D13453E0321D025, 60EF12A8824384DD88D9C5D188E8FB137F0F85A63C06AAF720CB2D616EB847F4 ] SynTP           C:\WINDOWS\system32\DRIVERS\SynTP.sys
14:35:06.0281 0x0b40  SynTP - ok
14:35:06.0302 0x0b40  [ 6FBDBC24B1642868E041463795CBFA44, E9FA0DB094E7B2129ABD325BC91A48D6646380D6AA97BE6233C220E0C98637AF ] SynTPEnhService C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
14:35:06.0318 0x0b40  SynTPEnhService - ok
14:35:06.0318 0x0b40  SysMain - ok
14:35:06.0318 0x0b40  SystemEventsBroker - ok
14:35:06.0333 0x0b40  TabletInputService - ok
14:35:06.0333 0x0b40  TapiSrv - ok
14:35:06.0333 0x0b40  Tcpip - ok
14:35:06.0333 0x0b40  Tcpip6 - ok
14:35:06.0349 0x0b40  tcpipreg - ok
14:35:06.0349 0x0b40  tdx - ok
14:35:06.0349 0x0b40  terminpt - ok
14:35:06.0349 0x0b40  TermService - ok
14:35:06.0364 0x0b40  Themes - ok
14:35:06.0364 0x0b40  TieringEngineService - ok
14:35:06.0364 0x0b40  tiledatamodelsvc - ok
14:35:06.0364 0x0b40  TimeBroker - ok
14:35:06.0380 0x0b40  TPM - ok
14:35:06.0380 0x0b40  TrkWks - ok
14:35:06.0380 0x0b40  TrustedInstaller - ok
14:35:06.0380 0x0b40  tsusbflt - ok
14:35:06.0397 0x0b40  TsUsbGD - ok
14:35:06.0401 0x0b40  tunnel - ok
14:35:06.0402 0x0b40  tzautoupdate - ok
14:35:06.0402 0x0b40  uagp35 - ok
14:35:06.0402 0x0b40  UASPStor - ok
14:35:06.0402 0x0b40  UcmCx0101 - ok
14:35:06.0417 0x0b40  UcmUcsi - ok
14:35:06.0417 0x0b40  Ucx01000 - ok
14:35:06.0417 0x0b40  UdeCx - ok
14:35:06.0417 0x0b40  udfs - ok
14:35:06.0417 0x0b40  UEFI - ok
14:35:06.0433 0x0b40  Ufx01000 - ok
14:35:06.0433 0x0b40  UfxChipidea - ok
14:35:06.0433 0x0b40  ufxsynopsys - ok
14:35:06.0465 0x0b40  UI0Detect - ok
14:35:06.0465 0x0b40  uliagpkx - ok
14:35:06.0465 0x0b40  umbus - ok
14:35:06.0465 0x0b40  UmPass - ok
14:35:06.0465 0x0b40  UmRdpService - ok
14:35:06.0480 0x0b40  UnistoreSvc - ok
14:35:06.0502 0x0b40  upnphost - ok
14:35:06.0502 0x0b40  UrsChipidea - ok
14:35:06.0502 0x0b40  UrsCx01000 - ok
14:35:06.0502 0x0b40  UrsSynopsys - ok
14:35:06.0518 0x0b40  usbccgp - ok
14:35:06.0518 0x0b40  usbcir - ok
14:35:06.0518 0x0b40  usbehci - ok
14:35:06.0518 0x0b40  usbhub - ok
14:35:06.0518 0x0b40  USBHUB3 - ok
14:35:06.0533 0x0b40  usbohci - ok
14:35:06.0533 0x0b40  usbprint - ok
14:35:06.0533 0x0b40  usbser - ok
14:35:06.0533 0x0b40  USBSTOR - ok
14:35:06.0549 0x0b40  usbuhci - ok
14:35:06.0549 0x0b40  USBXHCI - ok
14:35:06.0549 0x0b40  UserDataSvc - ok
14:35:06.0565 0x0b40  UserManager - ok
14:35:06.0565 0x0b40  UsoSvc - ok
14:35:06.0565 0x0b40  VaultSvc - ok
14:35:06.0580 0x0b40  [ F257A2737280F0076EAE3AB489C06474, A02E37292D86E675D55C13097E9F107C73DDFD8AAC69310F7D9910A811A541D8 ] VClone          C:\WINDOWS\System32\drivers\VClone.sys
14:35:06.0580 0x0b40  VClone - ok
14:35:06.0596 0x0b40  vdrvroot - ok
14:35:06.0599 0x0b40  vds - ok
14:35:06.0602 0x0b40  VerifierExt - ok
14:35:06.0602 0x0b40  vhdmp - ok
14:35:06.0602 0x0b40  vhf - ok
14:35:06.0602 0x0b40  vmbus - ok
14:35:06.0602 0x0b40  VMBusHID - ok
14:35:06.0618 0x0b40  vmicguestinterface - ok
14:35:06.0618 0x0b40  vmicheartbeat - ok
14:35:06.0618 0x0b40  vmickvpexchange - ok
14:35:06.0618 0x0b40  vmicrdv - ok
14:35:06.0618 0x0b40  vmicshutdown - ok
14:35:06.0634 0x0b40  vmictimesync - ok
14:35:06.0634 0x0b40  vmicvmsession - ok
14:35:06.0634 0x0b40  vmicvss - ok
14:35:06.0634 0x0b40  volmgr - ok
14:35:06.0634 0x0b40  volmgrx - ok
14:35:06.0649 0x0b40  volsnap - ok
14:35:06.0649 0x0b40  vpci - ok
14:35:06.0665 0x0b40  [ EAA5E27927B63B118F926CDF2F52EA75, 07A21B4D5CB174F64B0D1117F040C6FD88E00328AB4B4C6317F17BDC08BD502E ] vpnagent        C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
14:35:06.0680 0x0b40  vpnagent - ok
14:35:06.0698 0x0b40  [ 0F42C39016F82F345C0F2DB2D5B90EB4, 2E957E72BB8D0293F61FA7385BA9400DF7759E1E3D35FE24F3877A6460988F4D ] vpnva           C:\WINDOWS\System32\drivers\vpnva64-6.sys
14:35:06.0703 0x0b40  vpnva - ok
14:35:06.0703 0x0b40  vsmraid - ok
14:35:06.0703 0x0b40  VSS - ok
14:35:06.0703 0x0b40  VSTXRAID - ok
14:35:06.0703 0x0b40  vwifibus - ok
14:35:06.0718 0x0b40  vwififlt - ok
14:35:06.0718 0x0b40  vwifimp - ok
14:35:06.0718 0x0b40  W32Time - ok
14:35:06.0718 0x0b40  WacomPen - ok
14:35:06.0734 0x0b40  WalletService - ok
14:35:06.0734 0x0b40  wanarp - ok
14:35:06.0734 0x0b40  wanarpv6 - ok
14:35:06.0734 0x0b40  wbengine - ok
14:35:06.0734 0x0b40  WbioSrvc - ok
14:35:06.0749 0x0b40  Wcmsvc - ok
14:35:06.0749 0x0b40  wcncsvc - ok
14:35:06.0749 0x0b40  WcsPlugInService - ok
14:35:06.0749 0x0b40  WdBoot - ok
14:35:06.0765 0x0b40  Wdf01000 - ok
14:35:06.0765 0x0b40  WdFilter - ok
14:35:06.0765 0x0b40  WdiServiceHost - ok
14:35:06.0765 0x0b40  WdiSystemHost - ok
14:35:06.0765 0x0b40  wdiwifi - ok
14:35:06.0781 0x0b40  WdNisDrv - ok
14:35:06.0781 0x0b40  WdNisSvc - ok
14:35:06.0781 0x0b40  WebClient - ok
14:35:06.0781 0x0b40  Wecsvc - ok
14:35:06.0797 0x0b40  WEPHOSTSVC - ok
14:35:06.0801 0x0b40  wercplsupport - ok
14:35:06.0803 0x0b40  WerSvc - ok
14:35:06.0803 0x0b40  WFPLWFS - ok
14:35:06.0803 0x0b40  WiaRpc - ok
14:35:06.0803 0x0b40  WIMMount - ok
14:35:06.0803 0x0b40  WinDefend - ok
14:35:06.0818 0x0b40  WindowsTrustedRT - ok
14:35:06.0818 0x0b40  WindowsTrustedRTProxy - ok
14:35:06.0818 0x0b40  WinHttpAutoProxySvc - ok
14:35:06.0834 0x0b40  WinMad - ok
14:35:06.0850 0x0b40  Winmgmt - ok
14:35:06.0850 0x0b40  WinRM - ok
14:35:06.0850 0x0b40  WINUSB - ok
14:35:06.0865 0x0b40  WinVerbs - ok
14:35:06.0865 0x0b40  WlanSvc - ok
14:35:06.0865 0x0b40  wlidsvc - ok
14:35:06.0865 0x0b40  WmiAcpi - ok
14:35:06.0881 0x0b40  wmiApSrv - ok
14:35:06.0881 0x0b40  WMPNetworkSvc - ok
14:35:06.0881 0x0b40  [ 2A9650FCC696DB28E45EA8B33B99B8E6, FBEBC6C05D50F578C6EEE0A7285EBE1DEADB08DD21FA3232630FD8D5A68FC3FB ] Wof             C:\WINDOWS\system32\drivers\Wof.sys
14:35:06.0903 0x0b40  Wof - ok
14:35:06.0918 0x0b40  workfolderssvc - ok
14:35:06.0918 0x0b40  wpcfltr - ok
14:35:06.0918 0x0b40  WPDBusEnum - ok
14:35:06.0934 0x0b40  WpdUpFltr - ok
14:35:06.0934 0x0b40  WpnService - ok
14:35:06.0934 0x0b40  ws2ifsl - ok
14:35:06.0950 0x0b40  wscsvc - ok
14:35:06.0950 0x0b40  WSearch - ok
14:35:06.0950 0x0b40  WSService - ok
14:35:06.0965 0x0b40  wuauserv - ok
14:35:06.0981 0x0b40  WudfPf - ok
14:35:06.0981 0x0b40  WUDFRd - ok
14:35:06.0981 0x0b40  wudfsvc - ok
14:35:06.0998 0x0b40  WUDFWpdFs - ok
14:35:07.0003 0x0b40  WUDFWpdMtp - ok
14:35:07.0003 0x0b40  WwanSvc - ok
14:35:07.0003 0x0b40  XblAuthManager - ok
14:35:07.0003 0x0b40  XblGameSave - ok
14:35:07.0019 0x0b40  xboxgip - ok
14:35:07.0019 0x0b40  XboxNetApiSvc - ok
14:35:07.0019 0x0b40  xinputhid - ok
14:35:07.0019 0x0b40  ================ Scan global ===============================
14:35:07.0066 0x0b40  [ Global ] - ok
14:35:07.0066 0x0b40  ================ Scan MBR ==================================
14:35:07.0081 0x0b40  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
14:35:07.0718 0x0b40  \Device\Harddisk0\DR0 - ok
14:35:07.0718 0x0b40  ================ Scan VBR ==================================
14:35:07.0734 0x0b40  [ DB70BC78E1687228365BC870F9710A40 ] \Device\Harddisk0\DR0\Partition1
14:35:07.0765 0x0b40  \Device\Harddisk0\DR0\Partition1 - ok
14:35:07.0765 0x0b40  [ F6F191E5F1C4D2ADFA31179E9B108681 ] \Device\Harddisk0\DR0\Partition2
14:35:07.0799 0x0b40  \Device\Harddisk0\DR0\Partition2 - ok
14:35:07.0800 0x0b40  ================ Scan generic autorun ======================
14:35:07.0966 0x0b40  [ 50D20C57D4977601FD66F2ACDE1B1D3A, 6432868E2DEC32D6391FA7E16C049260C8A168C5D3159245A9D0463FCC69E2BD ] C:\WINDOWS\RTFTrack.exe
14:35:08.0198 0x0b40  RtsFT - ok
14:35:08.0203 0x0b40  [ 37F0C08BFCEDF218A43C84B2447AACB1, 895C1EAF1BC4C7CB4AA803D19A422E8CC59FDC07FAC1A78E5FCC03C31D4AFB84 ] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe
14:35:08.0235 0x0b40  IAStorIcon - detected UnsignedFile.Multi.Generic ( 1 )
14:35:10.0649 0x0b40  Detect skipped due to KSN trusted
14:35:10.0649 0x0b40  IAStorIcon - ok
14:35:10.0696 0x0b40  [ 5917DC01B9AC1FD64136D4691FFC7987, 8AAB5E31A4F4056843EC0896BF3F0A91604FF39F4AD439F64D2E882E72511A98 ] C:\Program Files\Classic Shell\ClassicStartMenu.exe
14:35:10.0734 0x0b40  Classic Start Menu - ok
14:35:10.0750 0x0b40  [ 51B634D617073986FA73417318F7C121, CAB64175383F501FA515D335167334D7F2147F0889E5052484AA1FF866C6F8CF ] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe
14:35:10.0765 0x0b40  AdobeAAMUpdater-1.0 - ok
14:35:10.0816 0x0b40  [ 0B27419E1FF4F326D07FF1D6EBAD20E8, FF3DD255B99676B4AC0EE1F32BBBF9B601392F37A54B62EB704F0060248F7D35 ] C:\Program Files\IDT\WDM\sttray64.exe
14:35:10.0881 0x0b40  SysTrayApp - detected UnsignedFile.Multi.Generic ( 1 )
14:35:13.0300 0x0b40  Detect skipped due to KSN trusted
14:35:13.0300 0x0b40  SysTrayApp - ok
14:35:13.0300 0x0b40  SynTPEnh - ok
14:35:13.0338 0x0b40  [ FBDB3FB7A588CE9A502D96BCB9EFCDF3, 54927F45FB36A91F6E1F0B7D35621C4F0555B6A364A6E97E2A38937C6153C55B ] C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
14:35:13.0353 0x0b40  Cisco AnyConnect Secure Mobility Agent for Windows - ok
14:35:13.0416 0x0b40  [ A122681D5D9AEF04FC069ECD45AB771B, 6B00BA27ED479A9FA8CFF38529B20117E61704B9A670DB9ED950BA8E077892AF ] C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe
14:35:13.0454 0x0b40  Acrobat Assistant 8.0 - ok
14:35:13.0516 0x0b40  OneDriveSetup - ok
14:35:13.0516 0x0b40  OneDriveSetup - ok
14:35:13.0601 0x0b40  [ 2010CA459E5EC8F9D5FC8B000D130294, 058FF215A3AAD04F2A4CF23B2CC62A5EA28F5A705EFA689DCE9126720CF33229 ] C:\Users\Imre\AppData\Local\Microsoft\OneDrive\OneDrive.exe
14:35:13.0654 0x0b40  OneDrive - ok
14:35:13.0670 0x0b40  Lync - ok
14:35:13.0670 0x0b40  RESTART_STICKY_NOTES - ok
14:35:13.0902 0x0b40  [ CE1DEC053DA24927E89D9AA196D31281, 39DD431CFCD10AA4E176062E33A0262FEE5806E192B37037C97439B1CEF232C8 ] C:\Program Files\CCleaner\CCleaner64.exe
14:35:14.0086 0x0b40  CCleaner Monitoring - ok
14:35:14.0102 0x0b40  OneDriveSetup - ok
14:35:14.0102 0x0b40  WAB Migrate - ok
14:35:14.0102 0x0b40  Waiting for KSN requests completion. In queue: 6
14:35:15.0109 0x0b40  Waiting for KSN requests completion. In queue: 6
14:35:16.0121 0x0b40  Waiting for KSN requests completion. In queue: 6
14:35:16.0611 0x1dd4  Object required for P2P: [ 2010CA459E5EC8F9D5FC8B000D130294 ] C:\Users\Imre\AppData\Local\Microsoft\OneDrive\OneDrive.exe
14:35:17.0130 0x0b40  Waiting for KSN requests completion. In queue: 2
14:35:18.0130 0x0b40  Waiting for KSN requests completion. In queue: 2
14:35:19.0103 0x1dd4  Object send P2P result: true
14:35:19.0150 0x0b40  AV detected via SS2: Windows Defender, C:\Program Files\Windows Defender\MSASCui.exe ( 4.9.10586.0 ), 0x61100 ( enabled : updated )
14:35:19.0166 0x0b40  Win FW state via NFP2: enabled ( trusted )
14:35:21.0621 0x0b40  ============================================================
14:35:21.0621 0x0b40  Scan finished
14:35:21.0621 0x0b40  ============================================================
14:35:21.0639 0x1138  Detected object count: 0
14:35:21.0639 0x1138  Actual detected object count: 0
14:35:45.0226 0x0f70  Deinitialize success
         

Alt 01.01.2016, 15:02   #5
M-K-D-B
/// TB-Ausbilder
 
Problem beim Starten von .dll - Das angebene Modul wurde nicht gefunden - Standard

Problem beim Starten von .dll - Das angebene Modul wurde nicht gefunden



Servus,



ja du hast Recht, dein Rechner ist infiziert.


Fangen wir gleich an:






Schritt 1
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).






Schritt 2
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.







Schritt 3

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.







Schritt 4
  • Starte die FRST.exe erneut. Setze einen Haken vor Addition.txt und drücke auf Scan.
  • FRST erstellt nun zwei Logdateien (FRST.txt und Addition.txt).
  • Poste mir beide Logdateien mit deiner nächsten Antwort.






Bitte poste mit deiner nächsten Antwort
  • die Logdatei von AdwCleaner,
  • die Logdatei von MBAM,
  • die Logdatei von JRT,
  • die beiden neuen Logdateien von FRST.

__________________
Grüße aus Bayern
M-K-D-B

______________________________________

Das Trojaner-Board unterstützen

Alt 01.01.2016, 15:43   #6
akakesios
 
Problem beim Starten von .dll - Das angebene Modul wurde nicht gefunden - Standard

Problem beim Starten von .dll - Das angebene Modul wurde nicht gefunden



Code:
ATTFilter
# AdwCleaner v5.027 - Bericht erstellt am 01/01/2016 um 15:24:46
# Aktualisiert am 30/12/2015 von Xplode
# Datenbank : 2015-12-30.1 [Server]
# Betriebssystem : Windows 10 Pro  (x64)
# Benutzername : Imre - LENOVO-G710
# Gestartet von : C:\Users\Imre\Desktop\AdwCleaner_5.027.exe
# Option : Löschen
# Unterstützung : http://toolslib.net/forum

***** [ Dienste ] *****


***** [ Ordner ] *****


***** [ Dateien ] *****


***** [ DLLs ] *****


***** [ Verknüpfungen ] *****


***** [ Aufgabenplanung ] *****


***** [ Registrierungsdatenbank ] *****


***** [ Internetbrowser ] *****


*************************

:: "Tracing" Schlüssel gelöscht
:: Proxy Einstellungen zurückgesetzt
:: Winsock Einstellungen zurückgesetzt
:: Chrome Richtlinien gelöscht

########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [798 Bytes] ##########
         
Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlaufdatum: 01.01.2016
Suchlaufzeit: 15:28
Protokolldatei: aaa.txt
Administrator: Ja

Version: 2.2.0.1024
Malware-Datenbank: v2016.01.01.02
Rootkit-Datenbank: v2015.12.26.01
Lizenz: Kostenlose Version
Malware-Schutz: Deaktiviert
Schutz vor bösartigen Websites: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 10
CPU: x64
Dateisystem: NTFS
Benutzer: Imre

Suchlauftyp: Bedrohungssuchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 380582
Abgelaufene Zeit: 6 Min., 17 Sek.

Speicher: Aktiviert
Start: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(keine bösartigen Elemente erkannt)

Module: 0
(keine bösartigen Elemente erkannt)

Registrierungsschlüssel: 0
(keine bösartigen Elemente erkannt)

Registrierungswerte: 0
(keine bösartigen Elemente erkannt)

Registrierungsdaten: 0
(keine bösartigen Elemente erkannt)

Ordner: 0
(keine bösartigen Elemente erkannt)

Dateien: 0
(keine bösartigen Elemente erkannt)

Physische Sektoren: 0
(keine bösartigen Elemente erkannt)


(end)
         
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.1 (11.24.2015)
Operating System: Windows 10 Pro x64 
Ran by Imre (Administrator) on 01.01.2016 at 15:36:29,01
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 0 




Registry: 0 





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 01.01.2016 at 15:38:35,73
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:31-12-2015
Ran by Imre (administrator) on LENOVO-G710 (01-01-2016 15:39:13)
Running from C:\Users\Imre\Desktop
Loaded Profiles: Imre & UpdatusUser (Available Profiles: Imre & UpdatusUser)
Platform: Windows 10 Pro Version 1511 (X64) Language: Englisch (Vereinigte Staaten)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
(Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtsFT] => C:\WINDOWS\RTFTrack.exe [6340312 2013-09-03] (Realtek semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [286056 2013-09-24] (Intel Corporation)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161728 2015-08-09] (IvoSoft)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500936 2015-03-30] (Adobe Systems Incorporated)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1703424 2013-08-12] (IDT, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3944136 2015-06-03] (Synaptics Incorporated)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [707984 2014-11-19] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe [1856184 2015-09-30] (Adobe Systems Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-11-09] (Oracle Corporation)
HKU\S-1-5-21-253609680-664229831-636946120-1001\...\Run: [Lync] => C:\Program Files\Microsoft Office\Office15\lync.exe [27888296 2015-11-18] (Microsoft Corporation)
HKU\S-1-5-21-253609680-664229831-636946120-1001\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [465920 2015-10-30] (Microsoft Corporation)
HKU\S-1-5-21-253609680-664229831-636946120-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8590760 2015-12-08] (Piriform Ltd)
HKU\S-1-5-21-253609680-664229831-636946120-1002\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [517632 2015-10-30] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2015-08-09] (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2015-08-09] (IvoSoft)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 80.69.100.108 80.69.100.204
Tcpip\..\Interfaces\{e4711dd0-76b8-4f0d-9a42-dbf93871a84c}: [DhcpNameServer] 80.69.100.108 80.69.100.204

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\S-1-5-21-253609680-664229831-636946120-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.de/?gws_rd=ssl
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-11-18] (Microsoft Corporation)
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2015-08-09] (IvoSoft)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-09-30] (Adobe Systems Incorporated)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-11-10] (Microsoft Corporation)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2015-08-09] (IvoSoft)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-09-30] (Adobe Systems Incorporated)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2015-11-18] (Microsoft Corporation)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2015-08-09] (IvoSoft)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2015-11-27] (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-09-30] (Adobe Systems Incorporated)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-11-10] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-11-27] (Oracle Corporation)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2015-08-09] (IvoSoft)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-09-30] (Adobe Systems Incorporated)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2015-08-09] (IvoSoft)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-09-30] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2015-08-09] (IvoSoft)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-09-30] (Adobe Systems Incorporated)
DPF: HKLM-x32 {538793D5-659C-4639-A56C-A179AD87ED44} hxxps://vpngate.uni-koeln.de/CACHE/stc/1/binaries/vpnweb.cab
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2015-02-17] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\Imre\AppData\Roaming\Mozilla\Firefox\Profiles\civ9thwh.default
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_20_0_0_267.dll [2015-12-29] ()
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-03-09] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_267.dll [2015-12-29] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-11-27] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-11-27] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-11-18] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-03-09] (Adobe Systems)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-11-18] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat DC - Create PDF - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn [2015-09-13] [not signed]
StartMenuInternet: FIREFOX.EXE - firefox.exe
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\432D46648BB2740E3F334A083E170B17432D [2015-12-30] <==== ATTENTION

Chrome: 
=======
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2251992 2015-03-27] (Broadcom Corporation.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [14696 2013-09-24] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [351120 2015-07-17] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [338944 2013-08-12] (IDT, Inc.) [File not signed]
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [249032 2015-06-03] (Synaptics Incorporated)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [173312 2015-03-27] (Broadcom Corporation.)
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [7585280 2015-10-30] (Broadcom Corporation)
S3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30264 2015-08-16] (Disc Soft Ltd)
R0 IntelHSWPcc; C:\Windows\System32\drivers\IntelPcc.sys [74344 2013-07-03] (Intel Corporation)
S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-01-01] (Malwarebytes)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverW8x64.sys [193336 2015-09-04] (Intel Corporation)
R3 rtsuvc; C:\Windows\system32\DRIVERS\rtsuvc.sys [8874712 2013-09-03] (Realtek Semiconductor Corp.)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [42696 2015-06-03] (Synaptics Incorporated)
S3 vpnva; C:\Windows\System32\drivers\vpnva64-6.sys [52592 2014-11-19] (Cisco Systems, Inc.)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-01 15:39 - 2016-01-01 15:39 - 00015071 _____ C:\Users\Imre\Desktop\FRST.txt
2016-01-01 15:38 - 2016-01-01 15:38 - 00000545 _____ C:\Users\Imre\Desktop\JRT.txt
2016-01-01 15:35 - 2016-01-01 15:35 - 00001193 _____ C:\Users\Imre\Desktop\mbam.txt
2016-01-01 15:28 - 2016-01-01 15:28 - 00001167 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2016-01-01 15:26 - 2016-01-01 15:26 - 00000879 _____ C:\Users\Imre\Desktop\AdwCleaner[C2].txt
2016-01-01 15:10 - 2016-01-01 15:10 - 00001553 _____ C:\Users\Imre\Desktop\Kant's Tugendlehre.url
2016-01-01 15:09 - 2016-01-01 15:09 - 01599336 _____ (Malwarebytes) C:\Users\Imre\Desktop\JRT.exe
2016-01-01 15:06 - 2016-01-01 15:06 - 01745920 _____ C:\Users\Imre\Desktop\AdwCleaner_5.027.exe
2016-01-01 14:57 - 2016-01-01 15:05 - 00000000 ____D C:\Users\Imre\Desktop\Kant's Tugendlehre
2016-01-01 14:30 - 2016-01-01 15:39 - 00000000 ____D C:\FRST
2016-01-01 14:29 - 2016-01-01 14:29 - 04727984 _____ (Kaspersky Lab ZAO) C:\Users\Imre\Desktop\tdsskiller.exe
2016-01-01 14:28 - 2016-01-01 14:28 - 02370560 _____ (Farbar) C:\Users\Imre\Desktop\FRST64.exe
2015-12-31 18:52 - 2015-12-31 18:57 - 00000000 ____D C:\Users\Imre\Desktop\SysinternalsSuite
2015-12-31 18:17 - 2016-01-01 15:24 - 00000000 ____D C:\AdwCleaner
2015-12-30 18:40 - 2015-12-30 18:40 - 22908888 _____ (Malwarebytes ) C:\Users\Imre\Desktop\mbam-setup-org-2.2.0.1024.exe
2015-12-30 14:38 - 2015-12-30 14:38 - 00002860 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2015-12-30 14:38 - 2015-12-30 14:38 - 00000000 ____D C:\Program Files\CCleaner
2015-12-30 14:37 - 2015-12-30 14:37 - 00003290 _____ C:\WINDOWS\System32\Tasks\Sunrise
2015-12-30 14:26 - 2015-12-30 14:29 - 00023712 _____ (Corporation) C:\WINDOWS\system32\Drivers\sdfhgdf.sys
2015-12-30 14:26 - 2015-12-30 14:26 - 00187904 _____ C:\WINDOWS\rsrcs.dll
2015-12-30 14:26 - 2015-12-30 14:26 - 00000000 ____D C:\Users\Public\Documents\Baidu
2015-12-30 14:25 - 2015-12-30 14:25 - 00003242 _____ C:\WINDOWS\System32\Tasks\Video Call
2015-12-30 14:25 - 2015-12-30 14:25 - 00003234 _____ C:\WINDOWS\System32\Tasks\Video Call2
2015-12-30 14:24 - 2015-12-30 14:23 - 00001886 _____ C:\WINDOWS\system32\Drivers\etc\hp.bak
2015-12-30 14:20 - 2015-12-30 14:42 - 00000000 ____D C:\Users\Imre\AppData\Local\Omrkics
2015-12-30 14:16 - 2015-12-30 20:43 - 00000000 ____D C:\Program Files (x86)\Microsoft Toolkit Final
2015-12-29 15:13 - 2015-12-29 15:13 - 06968048 _____ (IvoSoft) C:\Users\Imre\Desktop\ClassicShellSetup_4_2_5.exe
2015-12-29 14:06 - 2015-12-29 14:06 - 00026058 _____ C:\Users\Imre\Desktop\Schreiben Vermieter.pdf
2015-12-29 13:12 - 2015-12-30 14:48 - 00000000 ____D C:\WINDOWS\Minidump
2015-12-18 16:24 - 2015-12-07 05:57 - 00973664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2015-12-18 16:24 - 2015-12-07 05:55 - 01281376 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2015-12-18 16:24 - 2015-12-07 05:48 - 02544256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2015-12-18 16:24 - 2015-12-07 05:48 - 02180136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2015-12-18 16:24 - 2015-12-07 05:48 - 01299504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
2015-12-18 16:24 - 2015-12-07 05:48 - 01155944 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2015-12-18 16:24 - 2015-12-07 05:48 - 01118208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2015-12-18 16:24 - 2015-12-07 05:48 - 01092456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2015-12-18 16:24 - 2015-12-07 05:48 - 01065080 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2015-12-18 16:24 - 2015-12-07 05:48 - 01020096 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
2015-12-18 16:24 - 2015-12-07 05:48 - 00983464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2015-12-18 16:24 - 2015-12-07 05:48 - 00884256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2015-12-18 16:24 - 2015-12-07 05:48 - 00823264 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2015-12-18 16:24 - 2015-12-07 05:48 - 00794888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
2015-12-18 16:24 - 2015-12-07 05:48 - 00696160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2015-12-18 16:24 - 2015-12-07 05:48 - 00670928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
2015-12-18 16:24 - 2015-12-07 05:48 - 00526856 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfreadwrite.dll
2015-12-18 16:24 - 2015-12-07 05:48 - 00502112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2015-12-18 16:24 - 2015-12-07 05:48 - 00498448 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2015-12-18 16:24 - 2015-12-07 05:48 - 00462760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfreadwrite.dll
2015-12-18 16:24 - 2015-12-07 05:48 - 00450904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll
2015-12-18 16:24 - 2015-12-07 05:48 - 00337840 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFPlay.dll
2015-12-18 16:24 - 2015-12-07 05:48 - 00289248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFPlay.dll
2015-12-18 16:24 - 2015-12-07 05:48 - 00245848 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2015-12-18 16:24 - 2015-12-07 05:47 - 00925064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2015-12-18 16:24 - 2015-12-07 05:47 - 00898184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll
2015-12-18 16:24 - 2015-12-07 05:47 - 00716928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2015-12-18 16:24 - 2015-12-07 05:46 - 03671888 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-12-18 16:24 - 2015-12-07 05:46 - 02919320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-12-18 16:24 - 2015-12-07 05:45 - 00264544 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll
2015-12-18 16:24 - 2015-12-07 05:15 - 01035776 _____ (Microsoft Corporation) C:\WINDOWS\system32\XboxNetApiSvc.dll
2015-12-18 16:24 - 2015-12-07 05:10 - 00824320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2015-12-18 16:24 - 2015-12-07 05:07 - 16984064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2015-12-18 16:24 - 2015-12-07 05:06 - 00572928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2015-12-18 16:24 - 2015-12-07 05:06 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2015-12-18 16:24 - 2015-12-07 05:03 - 13017600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2015-12-18 16:24 - 2015-12-07 05:02 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2015-12-18 16:24 - 2015-12-07 05:01 - 00543232 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2015-12-18 16:24 - 2015-12-07 05:00 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSFlacDecoder.dll
2015-12-18 16:24 - 2015-12-07 05:00 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2015-12-18 16:24 - 2015-12-07 04:59 - 00558080 _____ (Microsoft Corporation) C:\WINDOWS\system32\MBMediaManager.dll
2015-12-18 16:24 - 2015-12-07 04:59 - 00292352 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2015-12-18 16:24 - 2015-12-07 04:59 - 00286208 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll
2015-12-18 16:24 - 2015-12-07 04:58 - 24601600 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-12-18 16:24 - 2015-12-07 04:58 - 00459776 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2015-12-18 16:24 - 2015-12-07 04:56 - 00607232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2015-12-18 16:24 - 2015-12-07 04:56 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmkvsrcsnk.dll
2015-12-18 16:24 - 2015-12-07 04:53 - 19339264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-12-18 16:24 - 2015-12-07 04:53 - 00381952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll
2015-12-18 16:24 - 2015-12-07 04:51 - 01318912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2015-12-18 16:24 - 2015-12-07 04:50 - 01131520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Audio.dll
2015-12-18 16:24 - 2015-12-07 04:49 - 01105920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Audio.dll
2015-12-18 16:24 - 2015-12-07 04:47 - 03428864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2015-12-18 16:24 - 2015-12-07 04:45 - 02582016 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2015-12-18 16:24 - 2015-12-07 04:45 - 00900608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.dll
2015-12-18 16:24 - 2015-12-07 04:45 - 00683008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.dll
2015-12-18 16:24 - 2015-12-07 04:44 - 02796032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2015-12-18 16:24 - 2015-12-07 04:43 - 02598400 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2015-12-18 16:24 - 2015-12-07 04:43 - 00931328 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSMPEG2ENC.DLL
2015-12-18 16:24 - 2015-12-07 04:41 - 02061824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2015-12-18 16:24 - 2015-12-07 04:40 - 01995776 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2015-12-18 16:24 - 2015-12-07 04:40 - 01706496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
2015-12-18 16:23 - 2015-12-07 05:49 - 00412512 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifitask.exe
2015-12-18 16:23 - 2015-12-07 05:48 - 00115040 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2015-12-18 16:23 - 2015-12-07 05:48 - 00084832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2015-12-18 16:23 - 2015-12-07 05:47 - 00116720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2015-12-18 16:23 - 2015-12-07 05:15 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.XboxLive.ProxyStub.dll
2015-12-18 16:23 - 2015-12-07 05:09 - 00133120 _____ (Microsoft Corporation) C:\WINDOWS\system32\flvprophandler.dll
2015-12-18 16:23 - 2015-12-07 05:09 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanagerprecheck.dll
2015-12-18 16:23 - 2015-12-07 05:09 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorageUsage.dll
2015-12-18 16:23 - 2015-12-07 05:07 - 00134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wificonnapi.dll
2015-12-18 16:23 - 2015-12-07 05:07 - 00077312 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvPluginEng.dll
2015-12-18 16:23 - 2015-12-07 05:06 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCore.dll
2015-12-18 16:23 - 2015-12-07 05:05 - 00192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
2015-12-18 16:23 - 2015-12-07 05:05 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\BackgroundTransferHost.exe
2015-12-18 16:23 - 2015-12-07 05:04 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll
2015-12-18 16:23 - 2015-12-07 05:04 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\provtool.exe
2015-12-18 16:23 - 2015-12-07 05:02 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2015-12-18 16:23 - 2015-12-07 05:01 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BackgroundTransferHost.exe
2015-12-18 16:23 - 2015-12-07 05:00 - 00618496 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2015-12-18 16:23 - 2015-12-07 05:00 - 00203776 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2015-12-18 16:23 - 2015-12-07 04:59 - 00165376 _____ (Microsoft Corporation) C:\WINDOWS\system32\provdatastore.dll
2015-12-18 16:23 - 2015-12-07 04:57 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2015-12-18 16:23 - 2015-12-07 04:57 - 00387072 _____ (Microsoft Corporation) C:\WINDOWS\system32\qdvd.dll
2015-12-18 16:23 - 2015-12-07 04:57 - 00270848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSFlacDecoder.dll
2015-12-18 16:23 - 2015-12-07 04:55 - 07979008 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2015-12-18 16:23 - 2015-12-07 04:55 - 00346112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2015-12-18 16:23 - 2015-12-07 04:54 - 00850432 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2015-12-18 16:23 - 2015-12-07 04:54 - 00569856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qdvd.dll
2015-12-18 16:23 - 2015-12-07 04:51 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll
2015-12-18 16:23 - 2015-12-07 04:48 - 06297088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2015-12-18 16:23 - 2015-12-07 04:40 - 03593216 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2015-12-18 16:23 - 2015-12-07 04:39 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2015-12-18 16:23 - 2015-12-07 04:38 - 00871936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSMPEG2ENC.DLL
2015-12-18 16:23 - 2015-12-07 04:33 - 00375296 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDEServer.exe
2015-12-18 16:23 - 2015-12-07 04:32 - 00126464 _____ (Microsoft Corporation) C:\WINDOWS\system32\dialserver.dll
2015-12-15 23:06 - 2015-12-15 23:06 - 00000000 ____D C:\Users\Imre\AppData\Roaming\IDT
2015-12-15 22:59 - 2015-12-15 22:59 - 00000000 ____D C:\Users\Imre\AppData\Local\ElevatedDiagnostics
2015-12-15 21:16 - 2015-12-15 21:16 - 00247450 _____ C:\Users\Imre\Desktop\Malte Willer - Der Wahrheitsbegriff in Martin Heideggers Sein und Zeit.pdf
2015-12-15 21:03 - 2015-12-30 14:25 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-12-12 14:25 - 2015-12-12 14:38 - 00000000 ____D C:\Users\Imre\Desktop\Bloch Wörtebuch
2015-12-11 22:38 - 2015-12-11 22:36 - 01507612 _____ C:\Users\Imre\Desktop\07. Josef Seifert - Was ist Philosophie. Die Antwort der Realistischen Phänomenologie.pdf
2015-12-10 20:22 - 2015-12-10 20:22 - 05524211 _____ C:\Users\Imre\Desktop\Sabine Obermaier - Tiere und Fabelwesen im Mittelalter.pdf
2015-12-10 18:19 - 2015-12-10 18:19 - 03461629 _____ C:\Users\Imre\Desktop\Johannes Hübner - Einführung in die theoretische Philosophie.pdf
2015-12-10 17:25 - 2015-12-10 17:37 - 00000000 ____D C:\Users\Imre\Desktop\Kuno Lorenz
2015-12-10 16:34 - 2015-12-10 16:34 - 02720698 _____ C:\Users\Imre\Desktop\Fragmenta · Fragmente.pdf
2015-12-10 16:25 - 2015-12-10 16:25 - 14278318 _____ C:\Users\Imre\Desktop\Ludger Hoffmann - Sprachwissenschaft. Ein Reader.pdf
2015-12-09 22:48 - 2015-12-09 22:48 - 00899384 _____ C:\Users\Imre\Desktop\[Dan_Zahavi]_The_Oxford_Handbook_of_Contemporary_P(BookZZ.org).zip
2015-12-08 20:19 - 2015-12-31 19:03 - 00000000 ____D C:\WINDOWS\PCHEALTH
2015-12-08 19:42 - 2015-12-08 19:42 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2015-12-08 19:30 - 2015-12-01 08:12 - 02152800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2015-12-08 19:30 - 2015-11-24 13:07 - 01817160 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-12-08 19:30 - 2015-11-24 12:06 - 01540768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-12-08 19:30 - 2015-11-24 11:26 - 01399224 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2015-12-08 19:30 - 2015-11-24 11:01 - 02756096 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2015-12-08 19:30 - 2015-11-24 10:54 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\readingviewresources.dll
2015-12-08 19:30 - 2015-11-24 10:53 - 00115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-12-08 19:30 - 2015-11-24 10:45 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshrm.dll
2015-12-08 19:30 - 2015-11-24 10:37 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rmcast.sys
2015-12-08 19:30 - 2015-11-24 10:26 - 01337240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2015-12-08 19:30 - 2015-11-24 10:19 - 00182784 _____ (Microsoft Corporation) C:\WINDOWS\system32\shutdownux.dll
2015-12-08 19:30 - 2015-11-24 10:12 - 00523776 _____ (Microsoft Corporation) C:\WINDOWS\system32\catsrvut.dll
2015-12-08 19:30 - 2015-11-24 09:58 - 00604672 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-12-08 19:30 - 2015-11-24 09:55 - 01393664 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2015-12-08 19:30 - 2015-11-24 09:54 - 02756096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2015-12-08 19:30 - 2015-11-24 09:52 - 01717248 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2015-12-08 19:30 - 2015-11-24 09:49 - 01648640 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll
2015-12-08 19:30 - 2015-11-24 09:14 - 00415744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\catsrvut.dll
2015-12-08 19:30 - 2015-11-24 09:03 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-12-08 19:30 - 2015-11-24 08:59 - 01467392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2015-12-08 19:30 - 2015-11-24 08:57 - 01328128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comsvcs.dll
2015-12-08 19:30 - 2015-11-24 08:35 - 22393856 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2015-12-08 19:30 - 2015-11-24 08:29 - 02352128 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2015-12-08 19:30 - 2015-11-24 08:23 - 13381120 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-12-08 19:30 - 2015-11-24 08:11 - 18678272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2015-12-08 19:30 - 2015-11-24 08:08 - 12125184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-12-08 19:30 - 2015-11-24 08:04 - 02155008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2015-12-08 17:01 - 2015-12-08 17:01 - 00231192 _____ C:\Users\Imre\Desktop\Antrag auf Zulassung zu einer Masterleistung.pdf
2015-12-03 14:01 - 2015-11-22 11:47 - 07476576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-12-03 14:01 - 2015-11-22 11:47 - 02653816 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2015-12-03 14:01 - 2015-11-22 11:41 - 01859448 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2015-12-03 14:01 - 2015-11-22 11:41 - 00026408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-12-03 14:01 - 2015-11-22 11:35 - 00538632 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWanAPI.dll
2015-12-03 14:01 - 2015-11-22 11:34 - 00080600 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwapi.dll
2015-12-03 14:01 - 2015-11-22 11:33 - 00095072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdstor.sys
2015-12-03 14:01 - 2015-11-22 11:33 - 00058408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.dll
2015-12-03 14:01 - 2015-11-22 11:33 - 00051680 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsUtilsV2.dll
2015-12-03 14:01 - 2015-11-22 11:30 - 00604928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-12-03 14:01 - 2015-11-22 11:30 - 00161632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2015-12-03 14:01 - 2015-11-22 11:26 - 00431232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWanAPI.dll
2015-12-03 14:01 - 2015-11-22 11:25 - 00063528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wwapi.dll
2015-12-03 14:01 - 2015-11-22 11:24 - 02772584 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2015-12-03 14:01 - 2015-11-22 11:20 - 00795840 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-12-03 14:01 - 2015-11-22 11:19 - 00440160 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2015-12-03 14:01 - 2015-11-22 11:14 - 02185840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2015-12-03 14:01 - 2015-11-22 10:55 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManagerProxy.dll
2015-12-03 14:01 - 2015-11-22 10:54 - 00138240 _____ (Microsoft Corporation) C:\WINDOWS\system32\ETWCoreUIComponentsResources.dll
2015-12-03 14:01 - 2015-11-22 10:49 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2015-12-03 14:01 - 2015-11-22 10:45 - 00638464 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2015-12-03 14:01 - 2015-11-22 10:43 - 00342016 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2015-12-03 14:01 - 2015-11-22 10:42 - 00589312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApi.dll
2015-12-03 14:01 - 2015-11-22 10:42 - 00138240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ETWCoreUIComponentsResources.dll
2015-12-03 14:01 - 2015-11-22 10:41 - 00948224 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManager.dll
2015-12-03 14:01 - 2015-11-22 10:39 - 02126848 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-12-03 14:01 - 2015-11-22 10:39 - 00938496 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2015-12-03 14:01 - 2015-11-22 10:39 - 00870400 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2015-12-03 14:01 - 2015-11-22 10:39 - 00783360 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-12-03 14:01 - 2015-11-22 10:38 - 01223168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2015-12-03 14:01 - 2015-11-22 10:38 - 01212928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2015-12-03 14:01 - 2015-11-22 10:38 - 00912384 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll
2015-12-03 14:01 - 2015-11-22 10:38 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll
2015-12-03 14:01 - 2015-11-22 10:38 - 00060928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssign32.dll
2015-12-03 14:01 - 2015-11-22 10:37 - 02624512 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2015-12-03 14:01 - 2015-11-22 10:37 - 01395200 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2015-12-03 14:01 - 2015-11-22 10:37 - 00515584 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2015-12-03 14:01 - 2015-11-22 10:36 - 01042432 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingOnlineServices.dll
2015-12-03 14:01 - 2015-11-22 10:34 - 02843136 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2015-12-03 14:01 - 2015-11-22 10:34 - 00345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2015-12-03 14:01 - 2015-11-22 10:32 - 00340480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToDevice.dll
2015-12-03 14:01 - 2015-11-22 10:31 - 00470528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApi.dll
2015-12-03 14:01 - 2015-11-22 10:31 - 00416768 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2015-12-03 14:01 - 2015-11-22 10:28 - 01734656 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-12-03 14:01 - 2015-11-22 10:28 - 01387008 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-12-03 14:01 - 2015-11-22 10:28 - 00948224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
2015-12-03 14:01 - 2015-11-22 10:28 - 00870400 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2015-12-03 14:01 - 2015-11-22 10:28 - 00686592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-12-03 14:01 - 2015-11-22 10:27 - 03993600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2015-12-03 14:01 - 2015-11-22 10:27 - 02049024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-12-03 14:01 - 2015-11-22 10:27 - 01944576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2015-12-03 14:01 - 2015-11-22 10:27 - 00241664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll
2015-12-03 14:01 - 2015-11-22 10:26 - 03355136 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2015-12-03 14:01 - 2015-11-22 10:26 - 01139200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2015-12-03 14:01 - 2015-11-22 10:26 - 00709120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingOnlineServices.dll
2015-12-03 14:01 - 2015-11-22 10:26 - 00421888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2015-12-03 14:01 - 2015-11-22 10:25 - 02280448 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-12-03 14:01 - 2015-11-22 10:24 - 02647552 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-12-03 14:01 - 2015-11-22 10:24 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2015-12-03 14:01 - 2015-11-22 10:20 - 01860096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2015-12-03 14:01 - 2015-11-22 10:18 - 01505280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-12-03 14:01 - 2015-11-22 10:18 - 00697856 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToManager.dll
2015-12-03 14:01 - 2015-11-22 10:18 - 00458752 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToDevice.dll
2015-12-03 14:01 - 2015-11-22 10:17 - 02680320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2015-12-03 14:01 - 2015-11-22 10:17 - 02121216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-12-03 14:01 - 2015-11-22 10:11 - 00517632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToManager.dll
2015-12-03 14:00 - 2015-11-22 11:00 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsCSP.dll
2015-12-03 14:00 - 2015-11-22 11:00 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosResource.dll
2015-12-03 14:00 - 2015-11-22 10:57 - 00110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft-Windows-MapControls.dll
2015-12-03 14:00 - 2015-11-22 10:57 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCoreRes.dll
2015-12-03 14:00 - 2015-11-22 10:57 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft-Windows-MosTrace.dll
2015-12-03 14:00 - 2015-11-22 10:57 - 00009728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft-Windows-MosHost.dll
2015-12-03 14:00 - 2015-11-22 10:56 - 01268736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2015-12-03 14:00 - 2015-11-22 10:56 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosHostClient.dll
2015-12-03 14:00 - 2015-11-22 10:56 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ihvrilproxy.dll
2015-12-03 14:00 - 2015-11-22 10:56 - 00055808 _____ (Microsoft Corporation) C:\WINDOWS\system32\rilproxy.dll
2015-12-03 14:00 - 2015-11-22 10:55 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvcProxy.dll
2015-12-03 14:00 - 2015-11-22 10:54 - 00117248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\capimg.sys
2015-12-03 14:00 - 2015-11-22 10:54 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.V2.dll
2015-12-03 14:00 - 2015-11-22 10:54 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanprotdim.dll
2015-12-03 14:00 - 2015-11-22 10:54 - 00044032 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsplib.dll
2015-12-03 14:00 - 2015-11-22 10:54 - 00032256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2015-12-03 14:00 - 2015-11-22 10:54 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\WordBreakers.dll
2015-12-03 14:00 - 2015-11-22 10:54 - 00028160 _____ (Microsoft Corporation) C:\WINDOWS\system32\nativemap.dll
2015-12-03 14:00 - 2015-11-22 10:54 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlStringsRes.dll
2015-12-03 14:00 - 2015-11-22 10:52 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininetlui.dll
2015-12-03 14:00 - 2015-11-22 10:52 - 00060928 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthTokenBrokerExt.dll
2015-12-03 14:00 - 2015-11-22 10:52 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2015-12-03 14:00 - 2015-11-22 10:52 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapsupdatetask.dll
2015-12-03 14:00 - 2015-11-22 10:51 - 00157184 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcertinst.exe
2015-12-03 14:00 - 2015-11-22 10:51 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2015-12-03 14:00 - 2015-11-22 10:51 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll
2015-12-03 14:00 - 2015-11-22 10:51 - 00042496 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapstoasttask.dll
2015-12-03 14:00 - 2015-11-22 10:51 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2015-12-03 14:00 - 2015-11-22 10:50 - 00074240 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssign32.dll
2015-12-03 14:00 - 2015-11-22 10:49 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2015-12-03 14:00 - 2015-11-22 10:49 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wwanpref.dll
2015-12-03 14:00 - 2015-11-22 10:48 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosResource.dll
2015-12-03 14:00 - 2015-11-22 10:46 - 00248832 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserMgrProxy.dll
2015-12-03 14:00 - 2015-11-22 10:45 - 06572032 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanmm.dll
2015-12-03 14:00 - 2015-11-22 10:45 - 00264192 _____ (Nokia) C:\WINDOWS\system32\NmaDirect.dll
2015-12-03 14:00 - 2015-11-22 10:45 - 00220672 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-12-03 14:00 - 2015-11-22 10:45 - 00110592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft-Windows-MapControls.dll
2015-12-03 14:00 - 2015-11-22 10:45 - 00073728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwancfg.dll
2015-12-03 14:00 - 2015-11-22 10:45 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCoreRes.dll
2015-12-03 14:00 - 2015-11-22 10:45 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft-Windows-MosTrace.dll
2015-12-03 14:00 - 2015-11-22 10:45 - 00009728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft-Windows-MosHost.dll
2015-12-03 14:00 - 2015-11-22 10:44 - 01268736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2015-12-03 14:00 - 2015-11-22 10:44 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosHostClient.dll
2015-12-03 14:00 - 2015-11-22 10:43 - 00704000 _____ (Microsoft Corporation) C:\WINDOWS\system32\CellularAPI.dll
2015-12-03 14:00 - 2015-11-22 10:43 - 00382464 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-12-03 14:00 - 2015-11-22 10:43 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XblAuthManagerProxy.dll
2015-12-03 14:00 - 2015-11-22 10:42 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmmigrator.dll
2015-12-03 14:00 - 2015-11-22 10:42 - 00024064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WordBreakers.dll
2015-12-03 14:00 - 2015-11-22 10:42 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlStringsRes.dll
2015-12-03 14:00 - 2015-11-22 10:41 - 01814528 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnidui.dll
2015-12-03 14:00 - 2015-11-22 10:40 - 01056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2015-12-03 14:00 - 2015-11-22 10:40 - 00465920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanconn.dll
2015-12-03 14:00 - 2015-11-22 10:40 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininetlui.dll
2015-12-03 14:00 - 2015-11-22 10:40 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XblAuthTokenBrokerExt.dll
2015-12-03 14:00 - 2015-11-22 10:39 - 01713664 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2015-12-03 14:00 - 2015-11-22 10:39 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2015-12-03 14:00 - 2015-11-22 10:39 - 00957440 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2015-12-03 14:00 - 2015-11-22 10:39 - 00114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinelsa.dll
2015-12-03 14:00 - 2015-11-22 10:39 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll
2015-12-03 14:00 - 2015-11-22 10:39 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosStorage.dll
2015-12-03 14:00 - 2015-11-22 10:39 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2015-12-03 14:00 - 2015-11-22 10:34 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2015-12-03 14:00 - 2015-11-22 10:34 - 00166912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserMgrProxy.dll
2015-12-03 14:00 - 2015-11-22 10:34 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
2015-12-03 14:00 - 2015-11-22 10:34 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditBufferTestHook.dll
2015-12-03 14:00 - 2015-11-22 10:33 - 00205824 _____ (Nokia) C:\WINDOWS\SysWOW64\NmaDirect.dll
2015-12-03 14:00 - 2015-11-22 10:32 - 00334848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-12-03 14:00 - 2015-11-22 10:31 - 07199232 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2015-12-03 14:00 - 2015-11-22 10:29 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2015-12-03 14:00 - 2015-11-22 10:28 - 01443328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRHInproc.dll
2015-12-03 14:00 - 2015-11-22 10:28 - 00793600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2015-12-03 14:00 - 2015-11-22 10:28 - 00784896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
2015-12-03 14:00 - 2015-11-22 10:28 - 00100864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinelsa.dll
2015-12-03 14:00 - 2015-11-22 10:27 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2015-12-03 14:00 - 2015-11-22 10:27 - 00160768 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
2015-12-03 14:00 - 2015-11-22 10:25 - 00133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2015-12-03 14:00 - 2015-11-22 10:24 - 00083456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputLocaleManager.dll
2015-12-03 14:00 - 2015-11-22 10:24 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EditBufferTestHook.dll
2015-12-03 14:00 - 2015-11-22 10:23 - 05202944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2015-12-03 13:12 - 2015-12-30 14:48 - 00000000 ___DC C:\WINDOWS\Panther
2015-12-03 13:08 - 2015-12-03 13:08 - 00000000 ____D C:\Windows.old
2015-12-03 13:07 - 2015-12-03 13:07 - 22572632 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2015-12-03 13:07 - 2015-12-03 13:07 - 21125408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2015-12-03 13:07 - 2015-12-03 13:07 - 11545088 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2015-12-03 13:07 - 2015-12-03 13:07 - 09918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2015-12-03 13:07 - 2015-12-03 13:07 - 02444288 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2015-12-03 13:07 - 2015-12-03 13:07 - 02001408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2015-12-03 13:07 - 2015-12-03 13:07 - 01063424 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-12-03 13:07 - 2015-12-03 13:07 - 00969728 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2015-12-03 13:07 - 2015-12-03 13:07 - 00911648 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcomp.dll
2015-12-03 13:07 - 2015-12-03 13:07 - 00809312 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2015-12-03 13:07 - 2015-12-03 13:07 - 00803840 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-12-03 13:07 - 2015-12-03 13:07 - 00791552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2015-12-03 13:07 - 2015-12-03 13:07 - 00704352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2015-12-03 13:07 - 2015-12-03 13:07 - 00698208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimgapi.dll
2015-12-03 13:07 - 2015-12-03 13:07 - 00675064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dcomp.dll
2015-12-03 13:07 - 2015-12-03 13:07 - 00674816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2015-12-03 13:07 - 2015-12-03 13:07 - 00647168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-12-03 13:07 - 2015-12-03 13:07 - 00630632 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2015-12-03 13:07 - 2015-12-03 13:07 - 00623616 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll
2015-12-03 13:07 - 2015-12-03 13:07 - 00586208 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2015-12-03 13:07 - 2015-12-03 13:07 - 00586080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wimgapi.dll
2015-12-03 13:07 - 2015-12-03 13:07 - 00578912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2015-12-03 13:07 - 2015-12-03 13:07 - 00540752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2015-12-03 13:07 - 2015-12-03 13:07 - 00536768 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2015-12-03 13:07 - 2015-12-03 13:07 - 00523616 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimserv.exe
2015-12-03 13:07 - 2015-12-03 13:07 - 00517632 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2015-12-03 13:07 - 2015-12-03 13:07 - 00516544 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2015-12-03 13:07 - 2015-12-03 13:07 - 00511320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf.dll
2015-12-03 13:07 - 2015-12-03 13:07 - 00490496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2015-12-03 13:07 - 2015-12-03 13:07 - 00454056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2015-12-03 13:07 - 2015-12-03 13:07 - 00450560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll
2015-12-03 13:07 - 2015-12-03 13:07 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2015-12-03 13:07 - 2015-12-03 13:07 - 00408128 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2015-12-03 13:07 - 2015-12-03 13:07 - 00405048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2015-12-03 13:07 - 2015-12-03 13:07 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2015-12-03 13:07 - 2015-12-03 13:07 - 00369912 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2015-12-03 13:07 - 2015-12-03 13:07 - 00366224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2015-12-03 13:07 - 2015-12-03 13:07 - 00365568 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2015-12-03 13:07 - 2015-12-03 13:07 - 00334736 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2015-12-03 13:07 - 2015-12-03 13:07 - 00334336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe
2015-12-03 13:07 - 2015-12-03 13:07 - 00315904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Bluetooth.dll
2015-12-03 13:07 - 2015-12-03 13:07 - 00303104 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2015-12-03 13:07 - 2015-12-03 13:07 - 00296488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2015-12-03 13:07 - 2015-12-03 13:07 - 00286720 _____ (Microsoft Corporation) C:\WINDOWS\system32\deviceaccess.dll
2015-12-03 13:07 - 2015-12-03 13:07 - 00275456 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2015-12-03 13:07 - 2015-12-03 13:07 - 00227840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\deviceaccess.dll
2015-12-03 13:07 - 2015-12-03 13:07 - 00204800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft-Windows-AppModelExecEvents.dll
2015-12-03 13:07 - 2015-12-03 13:07 - 00163328 _____ (Microsoft Corporation) C:\WINDOWS\system32\provops.dll
2015-12-03 13:07 - 2015-12-03 13:07 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringservice.dll
2015-12-03 13:07 - 2015-12-03 13:07 - 00122368 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCsp.dll
2015-12-03 13:07 - 2015-12-03 13:07 - 00118624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2015-12-03 13:07 - 2015-12-03 13:07 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2015-12-03 13:07 - 2015-12-03 13:07 - 00110032 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll
2015-12-03 13:07 - 2015-12-03 13:07 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2015-12-03 13:07 - 2015-12-03 13:07 - 00092352 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-12-03 13:07 - 2015-12-03 13:07 - 00089600 _____ (Microsoft Corporation) C:\WINDOWS\system32\NFCProvisioningPlugin.dll
2015-12-03 13:07 - 2015-12-03 13:07 - 00088392 _____ (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll
2015-12-03 13:07 - 2015-12-03 13:07 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzautoupdate.dll
2015-12-03 13:07 - 2015-12-03 13:07 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2015-12-03 13:07 - 2015-12-03 13:07 - 00078336 _____ (Microsoft Corporation) C:\WINDOWS\system32\BarcodeProvisioningPlugin.dll
2015-12-03 13:07 - 2015-12-03 13:07 - 00073360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\remoteaudioendpoint.dll
2015-12-03 13:07 - 2015-12-03 13:07 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppCapture.dll
2015-12-03 13:07 - 2015-12-03 13:07 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringclient.dll
2015-12-03 13:07 - 2015-12-03 13:07 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemovableMediaProvisioningPlugin.dll
2015-12-03 13:07 - 2015-12-03 13:07 - 00045568 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2015-12-03 13:07 - 2015-12-03 13:07 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.proxy.dll
2015-12-03 13:07 - 2015-12-03 13:07 - 00037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2015-12-03 13:07 - 2015-12-03 13:07 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2015-12-03 13:07 - 2015-12-03 13:07 - 00035680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wimmount.sys
2015-12-03 13:07 - 2015-12-03 13:07 - 00035656 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfpmp.exe
2015-12-03 13:07 - 2015-12-03 13:07 - 00032040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfpmp.exe
2015-12-03 13:07 - 2015-12-03 13:07 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringconfigsp.dll
2015-12-03 13:07 - 2015-12-03 13:07 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
2015-12-03 13:07 - 2015-12-03 13:07 - 00028160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.Provisioning.ProxyStub.dll
2015-12-03 13:07 - 2015-12-03 13:07 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.proxy.dll
2015-12-03 13:07 - 2015-12-03 13:07 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\IcsEntitlementHost.exe
2015-12-03 13:07 - 2015-12-03 13:07 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\dciman32.dll
2015-12-03 13:07 - 2015-12-03 13:07 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dciman32.dll
2015-12-03 13:07 - 2015-12-03 13:07 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\lpk.dll
2015-12-03 13:07 - 2015-12-03 13:07 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpk.dll
2015-12-03 13:04 - 2016-01-01 15:29 - 00775644 _____ C:\WINDOWS\system32\perfh007.dat
2015-12-03 13:04 - 2016-01-01 15:29 - 00155748 _____ C:\WINDOWS\system32\perfc007.dat
2015-12-03 13:04 - 2015-12-03 13:03 - 00305634 _____ C:\WINDOWS\system32\perfi007.dat
2015-12-03 13:04 - 2015-12-03 13:03 - 00040390 _____ C:\WINDOWS\system32\perfd007.dat
2015-12-03 13:04 - 2015-10-30 04:43 - 12039680 _____ (Microsoft Corporation) C:\WINDOWS\system32\NlsLexicons0007.dll
2015-12-03 13:04 - 2015-10-30 04:43 - 11602944 _____ (Microsoft Corporation) C:\WINDOWS\system32\prm0007.dll
2015-12-03 13:04 - 2015-10-30 04:41 - 12039680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NlsLexicons0007.dll
2015-12-03 13:04 - 2015-10-30 04:28 - 02088960 _____ (Microsoft Corporation) C:\WINDOWS\system32\NlsData0007.dll
2015-12-03 13:04 - 2015-10-30 04:26 - 01996800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NlsData0007.dll
2015-12-03 13:03 - 2015-12-03 13:03 - 00000000 ____D C:\WINDOWS\SysWOW64\XPSViewer
2015-12-03 13:03 - 2015-12-03 13:03 - 00000000 ____D C:\WINDOWS\SysWOW64\de
2015-12-03 13:03 - 2015-12-03 13:03 - 00000000 ____D C:\WINDOWS\system32\de
2015-12-03 12:54 - 2015-12-03 12:54 - 00008192 _____ C:\WINDOWS\system32\config\userdiff
2015-12-03 12:51 - 2015-12-03 12:51 - 00000000 ____D C:\Program Files\Reference Assemblies
2015-12-03 12:51 - 2015-12-03 12:51 - 00000000 ____D C:\Program Files\MSBuild
2015-12-03 12:51 - 2015-12-03 12:51 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2015-12-03 12:51 - 2015-12-03 12:51 - 00000000 ____D C:\Program Files (x86)\MSBuild
2015-12-03 12:50 - 2015-10-24 02:47 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2015-12-03 12:50 - 2015-10-24 02:47 - 00103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-12-03 12:50 - 2015-10-24 02:47 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2015-12-03 12:50 - 2015-10-24 02:46 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2015-12-03 12:50 - 2015-10-24 02:46 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2015-12-03 12:50 - 2015-10-24 02:45 - 00124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2015-12-03 12:36 - 2015-12-03 12:36 - 00000000 ____H C:\$WINRE_BACKUP_PARTITION.MARKER
2015-12-03 11:03 - 2015-12-03 11:03 - 00313120 _____ C:\Users\Imre\Desktop\Masterarbeit.pdf
2015-12-03 04:55 - 2015-12-03 04:55 - 00000000 ____D C:\Users\Imre\AppData\Local\ActiveSync
2015-12-03 04:52 - 2015-12-03 04:52 - 00000020 ___SH C:\Users\Imre\ntuser.ini
2015-12-03 04:51 - 2015-12-03 04:51 - 00000000 _SHDL C:\Users\Default\My Documents
2015-12-03 04:51 - 2015-12-03 04:51 - 00000000 _SHDL C:\Users\Default\Documents\My Videos
2015-12-03 04:51 - 2015-12-03 04:51 - 00000000 _SHDL C:\Users\Default\Documents\My Pictures
2015-12-03 04:51 - 2015-12-03 04:51 - 00000000 _SHDL C:\Users\Default\Documents\My Music
2015-12-03 04:51 - 2015-12-03 04:51 - 00000000 _SHDL C:\Users\Default User\Documents\My Videos
2015-12-03 04:51 - 2015-12-03 04:51 - 00000000 _SHDL C:\Users\Default User\Documents\My Pictures
2015-12-03 04:51 - 2015-12-03 04:51 - 00000000 _SHDL C:\Users\Default User\Documents\My Music
2015-12-03 04:44 - 2016-01-01 15:25 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-12-03 04:39 - 2015-12-03 04:39 - 00000020 ___SH C:\Users\UpdatusUser\ntuser.ini
2015-12-03 04:33 - 2015-12-30 20:47 - 00001540 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-12-03 04:33 - 2015-12-03 04:33 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2015-12-03 04:33 - 2015-12-03 04:33 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
2015-12-03 04:29 - 2015-12-03 04:34 - 00000000 ____D C:\WINDOWS\system32\config\bbimigrate
2015-12-03 04:26 - 2015-12-31 18:11 - 00000000 ____D C:\Users\Imre
2015-12-03 04:26 - 2015-12-31 00:58 - 00000000 ____D C:\Users\UpdatusUser
2015-12-03 04:26 - 2015-12-03 04:26 - 00000000 _SHDL C:\Users\UpdatusUser\My Documents
2015-12-03 04:26 - 2015-12-03 04:26 - 00000000 _SHDL C:\Users\UpdatusUser\Documents\My Videos
2015-12-03 04:26 - 2015-12-03 04:26 - 00000000 _SHDL C:\Users\UpdatusUser\Documents\My Pictures
2015-12-03 04:26 - 2015-12-03 04:26 - 00000000 _SHDL C:\Users\UpdatusUser\Documents\My Music
2015-12-03 04:26 - 2015-12-03 04:26 - 00000000 _SHDL C:\Users\Imre\My Documents
2015-12-03 04:26 - 2015-12-03 04:26 - 00000000 _SHDL C:\Users\Imre\Documents\My Videos
2015-12-03 04:26 - 2015-12-03 04:26 - 00000000 _SHDL C:\Users\Imre\Documents\My Pictures
2015-12-03 04:26 - 2015-12-03 04:26 - 00000000 _SHDL C:\Users\Imre\Documents\My Music
2015-12-03 04:22 - 2015-12-03 04:38 - 00000000 ____D C:\ProgramData\NVIDIA
2015-12-03 04:22 - 2015-07-23 02:10 - 06873928 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2015-12-03 04:22 - 2015-07-23 02:10 - 03493008 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2015-12-03 04:22 - 2015-07-23 02:10 - 02558608 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2015-12-03 04:22 - 2015-07-23 02:10 - 01059984 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2015-12-03 04:22 - 2015-07-23 02:10 - 00937800 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
2015-12-03 04:22 - 2015-07-23 02:10 - 00579912 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\oemdspif.dll
2015-12-03 04:22 - 2015-07-23 02:10 - 00385168 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2015-12-03 04:22 - 2015-07-23 02:10 - 00074896 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2015-12-03 04:22 - 2015-07-23 02:10 - 00062608 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2015-12-03 04:22 - 2015-07-22 05:29 - 05121613 _____ C:\WINDOWS\system32\nvcoproc.bin
2015-12-03 04:21 - 2016-01-01 15:25 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2015-12-03 04:21 - 2015-12-03 04:29 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2015-12-03 04:21 - 2015-12-03 04:21 - 00000200 _____ C:\WINDOWS\system32\{EC94D02F-D200-4428-9531-05AF7F9799CB}.bat
2015-12-03 04:21 - 2015-12-03 04:21 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_SynTP_01011.Wdf
2015-12-03 04:21 - 2015-12-03 04:21 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2015-12-03 04:21 - 2015-07-17 22:58 - 00082432 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.DLL
2015-12-03 04:20 - 2015-12-03 04:29 - 00000000 ____D C:\Program Files\Intel
2015-12-03 04:20 - 2015-12-03 04:20 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2015-12-03 04:20 - 2015-12-03 04:20 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_Smb_driver_Intel_01011.Wdf
2015-12-03 04:19 - 2015-12-03 04:19 - 00000000 ____D C:\Program Files\Synaptics
2015-12-03 04:18 - 2015-10-30 08:17 - 02718208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2015-12-03 04:14 - 2015-12-30 14:51 - 04957184 _____ C:\WINDOWS\system32\FNTCACHE.DAT

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-01 15:29 - 2015-10-30 08:21 - 00000000 ____D C:\WINDOWS\INF
2016-01-01 15:29 - 2015-08-16 21:52 - 01802588 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-01-01 15:29 - 2015-08-16 00:33 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-01-01 15:28 - 2015-08-09 14:31 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-01-01 15:28 - 2015-08-09 14:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2016-01-01 15:28 - 2015-08-09 14:31 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2016-01-01 15:25 - 2015-10-30 07:28 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2016-01-01 15:25 - 2015-08-07 20:25 - 00000390 _____ C:\WINDOWS\Tasks\DataFront.job
2016-01-01 15:25 - 2015-07-24 01:12 - 00000000 __SHD C:\Users\Imre\IntelGraphicsProfiles
2016-01-01 14:32 - 2015-10-30 07:28 - 00000000 ____D C:\Windows
2016-01-01 14:20 - 2015-07-24 09:32 - 00000000 ____D C:\Users\Imre\AppData\Local\ClassicShell
2016-01-01 14:11 - 2015-10-06 21:28 - 00000000 ____D C:\Users\Imre\Desktop\Tusculum
2016-01-01 13:21 - 2015-07-24 01:29 - 00004152 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{8F7F6C12-9793-4221-8796-83E53881D2F5}
2015-12-31 18:24 - 2015-10-30 08:24 - 00000000 ___HD C:\Program Files\WindowsApps
2015-12-31 18:24 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-12-30 21:43 - 2015-11-15 23:21 - 00000000 ____D C:\Users\Imre\Desktop\Takimo.-.21.-.Xyphon
2015-12-30 21:20 - 2015-07-23 15:15 - 00000000 ___RD C:\Users\Imre\Desktop\Fachliteratur
2015-12-30 20:55 - 2015-07-24 16:21 - 00000000 ____D C:\Users\Imre\AppData\Roaming\vlc
2015-12-30 20:47 - 2015-11-23 21:25 - 00001186 _____ C:\Users\Public\Desktop\Neuro-Programmer 3.lnk
2015-12-30 20:47 - 2015-11-15 16:04 - 00001152 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS6 (64 Bit).lnk
2015-12-30 20:47 - 2015-11-15 16:03 - 00001264 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS6.lnk
2015-12-30 20:47 - 2015-11-15 16:02 - 00001114 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS6 (64bit).lnk
2015-12-30 20:47 - 2015-11-15 16:01 - 00001226 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS6.lnk
2015-12-30 20:47 - 2015-11-15 15:59 - 00001580 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS6.lnk
2015-12-30 20:47 - 2015-11-15 15:59 - 00001410 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS6.lnk
2015-12-30 20:47 - 2015-11-15 15:56 - 00001393 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Application Manager.lnk
2015-12-30 20:47 - 2015-11-10 16:05 - 00002239 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Digital Editions 4.5.lnk
2015-12-30 20:47 - 2015-09-17 10:54 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat DC.lnk
2015-12-30 20:47 - 2015-09-17 10:54 - 00002102 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller DC.lnk
2015-12-30 20:47 - 2015-07-24 09:32 - 00002248 _____ C:\Users\Imre\AppData\Roaming\Microsoft\Windows\Start Menu\startscreen.lnk
2015-12-30 20:45 - 2015-10-30 08:24 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2015-12-30 14:49 - 2015-11-27 17:24 - 00000000 ____D C:\Users\Imre\AppData\Roaming\BitTorrent
2015-12-30 14:46 - 2015-08-16 00:10 - 00000000 ____D C:\Users\Imre\.mediathek3
2015-12-30 14:38 - 2015-07-24 01:02 - 00000000 ____D C:\Users\Imre\AppData\Local\Packages
2015-12-30 14:37 - 2015-07-24 15:37 - 00001034 _____ C:\Users\UpdatusUser\Desktop\Digitale Bibliothek 5.lnk
2015-12-30 14:29 - 2015-07-24 01:05 - 00000000 __RHD C:\Users\Public\AccountPictures
2015-12-30 14:01 - 2015-10-30 08:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-12-29 14:13 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2015-12-27 22:10 - 2015-10-30 08:26 - 00826872 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-12-27 22:10 - 2015-10-30 08:26 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-12-23 16:03 - 2015-07-23 12:39 - 00000000 ___RD C:\Users\Imre\Desktop\Dokumente
2015-12-22 03:30 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-12-22 03:30 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\Provisioning
2015-12-22 03:30 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\bcastdvr
2015-12-21 23:15 - 2015-11-15 00:09 - 00000000 ____D C:\Users\Imre\Desktop\Husserls Einstellungsbegriff
2015-12-21 16:25 - 2015-07-23 15:04 - 00000000 ___RD C:\Users\Imre\Desktop\Uni Köln
2015-12-15 23:04 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-12-15 22:54 - 2015-09-12 14:52 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-12-15 08:23 - 2015-08-16 22:13 - 00000000 ___RD C:\Users\Imre\3D Objects
2015-12-14 08:28 - 2015-08-16 22:02 - 00000000 ___RD C:\Users\Imre\OneDrive
2015-12-12 13:38 - 2015-07-23 15:46 - 00000000 ___RD C:\Users\Imre\Desktop\De Gruyter Studienbuch
2015-12-12 13:13 - 2015-10-30 10:03 - 00000000 ____D C:\WINDOWS\OCR
2015-12-12 01:04 - 2015-11-27 19:20 - 00000000 ____D C:\Users\Imre\Desktop\epub
2015-12-11 22:32 - 2015-10-07 21:36 - 00000000 ____D C:\Users\Imre\Desktop\Zeitschrift für philosophische Forschung
2015-12-11 14:37 - 2015-11-30 17:36 - 00000000 ____D C:\Users\Imre\Desktop\Phänomenologische Forschungen
2015-12-11 00:35 - 2015-07-24 16:54 - 00000000 ____D C:\Users\Imre\.Zettelkasten
2015-12-10 23:05 - 2015-10-16 23:35 - 00000000 ____D C:\Users\Imre\Desktop\Klassiker auslegen
2015-12-09 20:29 - 2015-08-16 00:33 - 00003870 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-12-09 04:39 - 2015-07-24 01:44 - 00301728 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2015-12-08 21:29 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\oobe
2015-12-08 20:20 - 2015-07-24 14:24 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-12-08 20:20 - 2015-07-24 01:11 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-12-08 20:19 - 2013-08-22 14:25 - 00000167 _____ C:\WINDOWS\win.ini
2015-12-08 20:15 - 2015-07-24 01:23 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-12-08 20:14 - 2015-07-24 01:23 - 140158008 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-12-08 19:45 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\rescache
2015-12-04 15:36 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2015-12-04 08:20 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\appcompat
2015-12-03 13:59 - 2015-08-16 00:11 - 00000000 ____D C:\Users\Imre\MediathekView
2015-12-03 13:30 - 2015-08-16 22:02 - 00000000 ____D C:\Users\Imre\AppData\Local\Comms
2015-12-03 13:12 - 2015-10-30 08:24 - 00028672 _____ C:\WINDOWS\system32\config\BCD-Template
2015-12-03 13:07 - 2015-10-30 07:28 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
2015-12-03 13:07 - 2015-10-30 07:28 - 00000000 ____D C:\WINDOWS\system32\Dism
2015-12-03 13:03 - 2015-10-30 10:07 - 00000000 ____D C:\Program Files\Windows Journal
2015-12-03 13:03 - 2015-10-30 10:02 - 00000000 ____D C:\WINDOWS\SysWOW64\winrm
2015-12-03 13:03 - 2015-10-30 10:02 - 00000000 ____D C:\WINDOWS\SysWOW64\WCN
2015-12-03 13:03 - 2015-10-30 10:02 - 00000000 ____D C:\WINDOWS\SysWOW64\slmgr
2015-12-03 13:03 - 2015-10-30 10:02 - 00000000 ____D C:\WINDOWS\SysWOW64\Printing_Admin_Scripts
2015-12-03 13:03 - 2015-10-30 10:02 - 00000000 ____D C:\WINDOWS\system32\winrm
2015-12-03 13:03 - 2015-10-30 10:02 - 00000000 ____D C:\WINDOWS\system32\WCN
2015-12-03 13:03 - 2015-10-30 10:02 - 00000000 ____D C:\WINDOWS\system32\slmgr
2015-12-03 13:03 - 2015-10-30 10:02 - 00000000 ____D C:\WINDOWS\system32\Printing_Admin_Scripts
2015-12-03 13:03 - 2015-10-30 08:24 - 00000000 ___SD C:\WINDOWS\SysWOW64\F12
2015-12-03 13:03 - 2015-10-30 08:24 - 00000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2015-12-03 13:03 - 2015-10-30 08:24 - 00000000 ___SD C:\WINDOWS\system32\F12
2015-12-03 13:03 - 2015-10-30 08:24 - 00000000 ___SD C:\WINDOWS\system32\dsc
2015-12-03 13:03 - 2015-10-30 08:24 - 00000000 ___SD C:\WINDOWS\system32\DiagSvcs
2015-12-03 13:03 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\SysWOW64\oobe
2015-12-03 13:03 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\SysWOW64\MUI
2015-12-03 13:03 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\SysWOW64\Com
2015-12-03 13:03 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\MUI
2015-12-03 13:03 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\migwiz
2015-12-03 13:03 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\Com
2015-12-03 13:03 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\IME
2015-12-03 13:03 - 2015-10-30 08:24 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2015-12-03 13:03 - 2015-10-30 08:24 - 00000000 ____D C:\Program Files\Windows Defender
2015-12-03 13:03 - 2015-10-30 08:24 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2015-12-03 13:03 - 2015-10-30 08:24 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2015-12-03 13:03 - 2015-10-30 07:28 - 00000000 ____D C:\WINDOWS\servicing
2015-12-03 05:11 - 2015-10-30 08:24 - 00000000 ___RD C:\WINDOWS\DevicesFlow
2015-12-03 04:53 - 2015-10-30 08:24 - 00000000 ___RD C:\WINDOWS\PrintDialog
2015-12-03 04:53 - 2015-10-30 08:24 - 00000000 ___RD C:\WINDOWS\MiracastView
2015-12-03 04:51 - 2015-10-30 07:28 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2015-12-03 04:50 - 2015-08-16 20:43 - 00026673 _____ C:\WINDOWS\diagwrn.xml
2015-12-03 04:50 - 2015-08-16 20:43 - 00026673 _____ C:\WINDOWS\diagerr.xml
2015-12-03 04:47 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase
2015-12-03 04:47 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\Registration
2015-12-03 04:45 - 2015-09-13 18:08 - 00002954 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2015-12-03 04:45 - 2015-08-16 21:59 - 00022840 _____ C:\WINDOWS\system32\emptyregdb.dat
2015-12-03 04:45 - 2015-08-07 20:25 - 00003026 _____ C:\WINDOWS\System32\Tasks\DataFront
2015-12-03 04:45 - 2015-07-24 01:09 - 00002934 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-253609680-664229831-636946120-1001
2015-12-03 04:41 - 2015-10-30 08:24 - 00000000 __RHD C:\Users\Public\Libraries
2015-12-03 04:39 - 2015-07-24 16:18 - 01827030 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI
2015-12-03 04:34 - 2015-11-27 19:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre 64bit - E-book Management
2015-12-03 04:34 - 2015-11-23 21:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Neuro-Programmer 3
2015-12-03 04:34 - 2015-10-30 10:07 - 00000000 ____D C:\WINDOWS\ShellNew
2015-12-03 04:34 - 2015-10-30 08:24 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2015-12-03 04:34 - 2015-09-13 17:49 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2015-12-03 04:34 - 2015-08-16 23:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Classic Shell
2015-12-03 04:34 - 2015-07-24 16:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2015-12-03 04:34 - 2015-07-24 16:18 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2015-12-03 04:34 - 2015-07-24 16:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-12-03 04:34 - 2015-07-24 15:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Digitale Bibliothek 5
2015-12-03 04:34 - 2015-07-24 15:08 - 00000000 ____D C:\Program Files\Dolby Digital Plus
2015-12-03 04:34 - 2015-07-24 10:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco
2015-12-03 04:33 - 2015-07-10 10:05 - 00000000 ____D C:\Users\Default.migrated
2015-12-03 04:31 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\spool
2015-12-03 04:31 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\InputMethod
2015-12-03 04:31 - 2015-07-24 16:19 - 00000000 ____D C:\WINDOWS\SysWOW64\Atheros_L1e
2015-12-03 04:31 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\WindowsInternal.Inbox.Shared
2015-12-03 04:31 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\WindowsInternal.Inbox.Media.Shared
2015-12-03 04:30 - 2015-07-24 11:13 - 00000000 ____D C:\WINDOWS\system32\appmgmt
2015-12-03 04:29 - 2015-11-10 16:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
2015-12-03 04:29 - 2015-10-30 08:24 - 00000000 ___SD C:\WINDOWS\Downloaded Program Files
2015-12-03 04:29 - 2015-10-30 08:24 - 00000000 ___RD C:\WINDOWS\PurchaseDialog
2015-12-03 04:29 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2015-12-03 04:29 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\InputMethod
2015-12-03 04:29 - 2015-10-30 08:24 - 00000000 ____D C:\ProgramData\USOPrivate
2015-12-03 04:29 - 2015-10-30 08:24 - 00000000 ____D C:\Program Files\Common Files\System
2015-12-03 04:29 - 2015-10-30 08:24 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2015-12-03 04:29 - 2015-09-14 19:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Propellerhead
2015-12-03 04:29 - 2015-09-09 09:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rosetta Stone
2015-12-03 04:29 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\ADFS
2015-12-03 04:25 - 2015-10-30 07:28 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2015-12-03 04:22 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\Help
2015-12-03 04:14 - 2015-10-30 10:14 - 00000000 ____D C:\WINDOWS\ServiceProfiles
2015-12-03 03:34 - 2015-07-24 10:52 - 00008192 __RSH C:\BOOTSECT.BAK
2015-12-03 03:30 - 2015-10-30 10:42 - 00000000 ___HD C:\$WINDOWS.~BT

==================== Files in the root of some directories =======

2015-07-24 15:08 - 2015-07-24 15:08 - 0000000 _____ () C:\ProgramData\DP45977C.lfl

Some files in TEMP:
====================
C:\Users\Imre\AppData\Local\Temp\DDLHZGAE.exe
C:\Users\Imre\AppData\Local\Temp\sqlite3.dll
C:\Users\Imre\AppData\Local\Temp\Uninstall.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-12-31 18:52

==================== End of FRST.txt ============================
         
--- --- ---

--- --- ---

Alt 01.01.2016, 15:43   #7
akakesios
 
Problem beim Starten von .dll - Das angebene Modul wurde nicht gefunden - Standard

Problem beim Starten von .dll - Das angebene Modul wurde nicht gefunden



Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version:31-12-2015
Ran by Imre (2016-01-01 15:39:46)
Running from C:\Users\Imre\Desktop
Windows 10 Pro (X64) (2015-12-03 03:52:15)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-253609680-664229831-636946120-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-253609680-664229831-636946120-503 - Limited - Disabled)
Guest (S-1-5-21-253609680-664229831-636946120-501 - Limited - Disabled)
Imre (S-1-5-21-253609680-664229831-636946120-1001 - Administrator - Enabled) => C:\Users\Imre
UpdatusUser (S-1-5-21-253609680-664229831-636946120-1002 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 15.06 beta (x64) (HKLM\...\7-Zip) (Version: 15.06 - Igor Pavlov)
Adobe Acrobat DC (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-0C0F074E4100}) (Version: 15.009.20079 - Adobe Systems Incorporated)
Adobe Digital Editions 4.5 (HKLM-x32\...\Adobe Digital Editions 4.5) (Version: 4.5.0 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.267 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 20.2.1245.53580 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 20.2.1245.53580 - Alcor Micro Corp.) Hidden
BitTorrent (HKU\S-1-5-21-253609680-664229831-636946120-1001\...\BitTorrent) (Version: 7.9.5.41373 - BitTorrent Inc.)
calibre 64bit (HKLM\...\{54EFBCD2-A4FB-4C37-A720-9A8195EFC7B4}) (Version: 2.45.0 - Kovid Goyal)
CCleaner (HKLM\...\CCleaner) (Version: 5.13 - Piriform)
Cisco AnyConnect Secure Mobility Client  (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.06073 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.06073 - Cisco Systems, Inc.) Hidden
Classic Shell (HKLM\...\{E289B7DD-6732-4333-A47A-75A145D23EE3}) (Version: 4.2.4 - IvoSoft)
Digitale Bibliothek 5 (HKLM-x32\...\Digitale Bibliothek 5) (Version:  - )
Dolby Digital Plus Advanced Audio (HKLM\...\{B0BFC63F-EA07-419E-960B-3FB2ED5DD0B2}) (Version: 7.3.2.2 - Dolby Laboratories Inc)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6490.0 - IDT)
Intel Collaborative Processor Performance Control (HKLM-x32\...\0E7DAF70-FB54-4B91-B192-7E771C25AEEB) (Version: 1.0.0.1013 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.14.4170 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.5.1000 - Intel Corporation)
Java 8 Update 66 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218066F0}) (Version: 8.0.660.18 - Oracle Corporation)
Lenovo Bluetooth with Enhanced Data Rate Software (HKLM\...\{C6D9ED03-6FCF-4410-9CB7-45CA285F9E11}) (Version: 12.0.0.7850 - Broadcom Corporation)
Lenovo EasyCamera (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.2.9200.10245 - Realtek Semiconductor Corp.)
Malwarebytes Anti-Malware Version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 41.0.2 (x86 de) (HKLM-x32\...\Mozilla Firefox 41.0.2 (x86 de)) (Version: 41.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 41.0.2.5765 - Mozilla)
Nero 11 v11.2.4.100 (x64) (HKLM\...\Nero 11 v11.2.4.100 (x64)11.2.4.100) (Version: 11.2.4.100 - Friends in War)
Neuro-Programmer 3.3.1 (HKLM-x32\...\Neuro-Programmer 3_is1) (Version:  - Transparent Corporation)
NVIDIA PhysX-Systemsoftware 9.13.0725 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0725 - NVIDIA Corporation)
NVIDIA Update 1.14.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.14.17 - NVIDIA Corporation)
Outils de vérification linguistique 2013 de Microsoft Office*- Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Qualcomm Atheros Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.21 - Qualcomm Atheros Inc.)
Reason 5.0 (HKLM-x32\...\Reason5_is1) (Version: 5.0 - Propellerhead Software AB)
Rosetta Stone Version 3 (HKLM-x32\...\{99011A6E-5200-11DE-BDB8-7ACD56D89593}) (Version: 3.4.5.0 - Rosetta Stone Ltd.)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version:  - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version:  - Microsoft) Hidden
SoulseekQt (HKLM-x32\...\SoulseekQt) (Version:  - )
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.9.5 - Synaptics Incorporated)
Update for Skype for Business 2015 (KB3039776) 64-Bit Edition (HKLM\...\{90150000-012B-0407-1000-0000000FF1CE}_Office15.PROPLUS_{5D2260D6-DB16-41DC-915B-A39BF4F66362}) (Version:  - Microsoft)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-253609680-664229831-636946120-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Imre\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileCoAuth.exe (Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {00DEA9D6-20C6-4A26-9F0A-999DBC169F51} - \SwiftSearch Auto Updater 1.10.0.25 Core -> No File <==== ATTENTION
Task: {0823CBBB-67BB-4826-9EAD-6075A009B4E9} - System32\Tasks\DataFront => c:\programdata\{17500a68-0a28-ed62-1750-00a680a229a0}\wcw vs. nwo - world tour.7z.exe <==== ATTENTION
Task: {08587A3B-B281-462F-8FBF-CC0BDF89BEDF} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {0CFE2E40-6A97-48C5-9F38-DE82315CF1B0} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
Task: {1064874A-9833-4123-B88A-35523B9C1165} - \SwiftSearch Auto Updater 1.10.0.25 Pending Update -> No File <==== ATTENTION
Task: {148DDEA2-8EDA-4C25-8538-8A054424C3C2} - System32\Tasks\Sunrise => C:\WINDOWS\TEMP\CUpdater\s37o..exe
Task: {1B3341E4-54FE-47F6-AFC1-6C219695C6ED} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {1D06BC2C-9B6F-425C-A0F5-E3159C4647DD} - System32\Tasks\Video Call2 => Rundll32.exe "C:\Users\Imre\AppData\Local\Video Call\{1DEB4D14-D28A-014F-C7DA-C125519B84F0}\bdyp.dll",#1 <==== ATTENTION
Task: {2EC557EF-EC10-47AC-BB23-4D6BAA8FD147} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {34629B12-29E5-486E-85B4-A7A4343F4201} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {5764B183-AA5D-4C32-B20A-B7FA940E6750} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {5B335996-9070-48A9-B0D2-CA542E7DB231} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-12-08] (Microsoft Corporation)
Task: {62141068-451E-450C-BD86-EB2954B73E1F} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {7056FB29-CF72-47EE-A11E-1B676D9F503E} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {7C631AD8-A9B4-4AF8-9B89-3796E25FC422} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {84D4F724-F90D-44B9-A286-078AFA2739D4} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {944EC87C-BFB0-4159-935C-0D7CD9320BD2} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-12-29] (Adobe Systems Incorporated)
Task: {97C703A7-4DBC-4E7F-AD7E-D2E1DE934C14} - \Run_Bobby_Browser -> No File <==== ATTENTION
Task: {999DB9B9-7B0F-44D6-BB79-5A5C4C93E0DE} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {9BF957EE-E5FF-4C8A-9F17-B4172B6B7270} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {9C0C1A11-F24A-4B95-8B34-AF4F2CA4048B} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {A18E9C7F-12E0-4EEF-8F9E-FB4546D865F5} - \crash_service -> No File <==== ATTENTION
Task: {A3880DBE-2741-4C96-A495-D0E52E503E5E} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {A6E5BA1A-A413-4E60-AAA5-66E0E654DD6B} - System32\Tasks\Video Call => Rundll32.exe "C:\Users\Imre\AppData\Local\Video Call\{1DEB4D14-D28A-014F-C7DA-C125519B84F0}\VideoCall.dll",#1 <==== ATTENTION
Task: {B1013309-EC6F-41C3-8E37-AB1F7BF47178} - \IBUpd2 -> No File <==== ATTENTION
Task: {D48CC34D-B817-4736-9220-8BA549AF25B7} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {E7CDD728-A539-4DD9-9207-7E514326E840} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {F1D4B828-0A02-4D6F-B391-8A75D263D78B} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-12-08] (Piriform Ltd)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\DataFront.job => c:\programdata\{17500a68-0a28-ed62-1750-00a680a229a0}\wcw vs. nwo - world tour.7z.exe <==== ATTENTION

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-10-30 08:18 - 2015-10-30 08:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2015-12-03 14:01 - 2015-11-22 11:47 - 02653816 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-12-17 15:22 - 2015-12-17 15:23 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2015-12-03 14:01 - 2015-11-22 11:47 - 02653816 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2015-12-08 20:25 - 2015-12-08 20:25 - 00057344 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll
2015-12-18 16:23 - 2015-12-07 05:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2015-12-18 16:23 - 2015-12-07 05:00 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-12-18 16:24 - 2015-12-07 04:37 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2015-12-18 16:24 - 2015-12-07 04:33 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-12-18 16:24 - 2015-12-07 04:34 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2015-12-18 16:24 - 2015-12-07 04:36 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2014-11-19 16:36 - 2014-11-19 16:36 - 00063376 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
2015-12-17 15:22 - 2015-12-17 15:23 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2015-12-17 15:22 - 2015-12-17 15:23 - 21845504 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe\SkyWrap.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\WINDOWS\system32\Drivers\sdfhgdf.sys:{6289c87f-ae25-11e5-8292-20256487a424}
AlternateDataStreams: C:\WINDOWS\system32\Drivers\sdfhgdf.sys:{6289c880-ae25-11e5-8292-20256487a424}
AlternateDataStreams: C:\WINDOWS\system32\Drivers\sdfhgdf.sys:{6289ca6b-ae25-11e5-8292-20256487a424}
AlternateDataStreams: C:\WINDOWS\system32\Drivers\sdfhgdf.sys:{6289ca6c-ae25-11e5-8292-20256487a424}
AlternateDataStreams: C:\ProgramData\TEMP:157E1AD3

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-253609680-664229831-636946120-1001\...\uni-koeln.de -> hxxps://vpngate.uni-koeln.de

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2015-12-30 14:23 - 00001886 ____A C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 lm.licenses.adobe.com
127.0.0.1 lmlicenses.wip4.adobe.com
127.0.0.1 lm-prd-da1.licenses.adobe.com
127.0.0.1 activate.adobe.com
127.0.0.1 activate.wip4.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 practivate-da1.adobe.com
127.0.0.1 na1r.services.adobe.com
127.0.0.1 hlrcv.stage.adobe.com
127.0.0.1 uds.licenses.adobe.com
127.0.0.1 licenses.adobe.com
127.0.0.1 license.adobe.com
127.0.0.1 helpexamples.com
127.0.0.1 activate-sea.adobe.com  
127.0.0.1 activate-sjc0.adobe.com
127.0.0.1 ereg.adobe.com  
127.0.0.1 activate.wip3.adobe.com  
127.0.0.1 wip3.adobe.com  
127.0.0.1 ereg.wip3.adobe.com  
127.0.0.1 wwis-dubc1-vip60.adobe.com
127.0.0.1 bild.de
127.0.0.1 www.bild.de
127.0.0.1 www.express.de
127.0.0.1 express.de
127.0.0.1       down.baidu2016.com
127.0.0.1       123.sogou.com
127.0.0.1       www.czzsyzgm.com
127.0.0.1       www.czzsyzxl.com
127.0.0.1       down.baidu2016.com
127.0.0.1       123.sogou.com

There are 1 more lines.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-253609680-664229831-636946120-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Imre\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\windows 8.png
HKU\S-1-5-21-253609680-664229831-636946120-1002\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 80.69.100.108 - 80.69.100.204
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run: => "IAStorIcon"
HKLM\...\StartupApproved\Run: => "RtsFT"
HKU\S-1-5-21-253609680-664229831-636946120-1001\...\StartupApproved\StartupFolder: => "An OneNote senden.lnk"
HKU\S-1-5-21-253609680-664229831-636946120-1001\...\StartupApproved\Run: => "Lync"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{8D4E7D3F-05DD-4E72-82E2-9AB888D95DF7}] => (Allow) C:\Users\Imre\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{E8E684B2-3F54-4BFF-B7E3-5F68FB3A23DB}] => (Allow) C:\Users\Imre\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{FEFBD5C7-9158-49BA-B5C6-B96A547E668C}] => (Allow) C:\Users\Imre\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{09F494C0-0C80-4C54-91F3-CB9EC1038AF1}] => (Allow) C:\Users\Imre\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{5E13F8A6-6651-4244-B49D-D60B74281DFA}] => (Allow) C:\Users\Imre\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{E3203284-7FC1-4CA1-9A45-1D10CD6DD051}] => (Allow) C:\Users\Imre\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [UDP Query User{5162E3C3-82F3-4C28-AD34-8A650ADC1FDE}C:\program files (x86)\soulseekqt\soulseekqt.exe] => (Allow) C:\program files (x86)\soulseekqt\soulseekqt.exe
FirewallRules: [TCP Query User{14DEBD76-4677-42CC-A290-EE342B7440F1}C:\program files (x86)\soulseekqt\soulseekqt.exe] => (Allow) C:\program files (x86)\soulseekqt\soulseekqt.exe
FirewallRules: [{C8719EC4-11FA-470D-9048-CA0F956A5CAF}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{36F7EDBC-9FD3-4FE7-B257-2502042DC8DB}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{D77488F8-6FF2-4856-9DE6-774A3A38812C}] => (Allow) C:\Program Files (x86)\Rosetta Stone\Rosetta Stone Version 3\support\bin\win\RosettaStoneLtdServices.exe
FirewallRules: [{F873506A-477B-4025-AAD5-061AE3A27D46}] => (Allow) C:\Program Files (x86)\Rosetta Stone\Rosetta Stone Version 3\support\bin\win\RosettaStoneLtdServices.exe
FirewallRules: [{C5E16228-5EFC-4313-AC67-212D9A363BD6}] => (Allow) C:\Program Files (x86)\Rosetta Stone\Rosetta Stone Version 3\RosettaStoneVersion3.exe
FirewallRules: [{A74A5CA6-053B-47DD-9186-94605A9F25A1}] => (Allow) C:\Program Files (x86)\Rosetta Stone\Rosetta Stone Version 3\RosettaStoneVersion3.exe
FirewallRules: [{FA470FA1-30BB-4B01-8545-99847B8AE539}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{D0B97454-4D39-46F3-8917-71C7F33144BB}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{D1F0B3E2-E728-4A09-81A8-FE3ABC5E3D8D}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{29EB162D-CA76-496A-91DC-1D3A49BC0746}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{110267F7-B12F-4D70-9FDA-F317C8CC7406}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{61B2B2A9-B4B1-4018-B3AB-4B48FF694695}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{6BBE8B66-8029-4ED3-B96E-52F1FC9B78B3}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{E35EB8AB-5ACD-41EB-BE8F-61919F4EDF48}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{8FCE982D-4992-4C49-AE13-75F68F256EEB}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{17314852-0735-4947-BA6A-E2785055737B}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe

==================== Restore Points =========================

21-12-2015 15:35:05 Windows Update
30-12-2015 14:00:37 Windows Update
31-12-2015 18:26:23 JRT Pre-Junkware Removal
01-01-2016 15:36:31 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/01/2016 03:36:38 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (01/01/2016 02:41:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: microsoftedgecp.exe, Version: 11.0.10586.20, Zeitstempel: 0x56540c35
Name des fehlerhaften Moduls: edgehtml.dll, Version: 11.0.10586.20, Zeitstempel: 0x56541351
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000003dcb07
ID des fehlerhaften Prozesses: 0x1340
Startzeit der fehlerhaften Anwendung: 0xmicrosoftedgecp.exe0
Pfad der fehlerhaften Anwendung: microsoftedgecp.exe1
Pfad des fehlerhaften Moduls: microsoftedgecp.exe2
Berichtskennung: microsoftedgecp.exe3
Vollständiger Name des fehlerhaften Pakets: microsoftedgecp.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: microsoftedgecp.exe5

Error: (12/31/2015 06:57:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: RootkitRevealer.exe, Version: 1.71.0.0, Zeitstempel: 0x44e255aa
Name des fehlerhaften Moduls: RootkitRevealer.exe, Version: 1.71.0.0, Zeitstempel: 0x44e255aa
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000040cd
ID des fehlerhaften Prozesses: 0x1f3c
Startzeit der fehlerhaften Anwendung: 0xRootkitRevealer.exe0
Pfad der fehlerhaften Anwendung: RootkitRevealer.exe1
Pfad des fehlerhaften Moduls: RootkitRevealer.exe2
Berichtskennung: RootkitRevealer.exe3
Vollständiger Name des fehlerhaften Pakets: RootkitRevealer.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: RootkitRevealer.exe5

Error: (12/31/2015 06:56:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: DiskView64.exe, Version: 2.40.0.0, Zeitstempel: 0x4baa7c46
Name des fehlerhaften Moduls: DiskView64.exe, Version: 2.40.0.0, Zeitstempel: 0x4baa7c46
Ausnahmecode: 0xc0000409
Fehleroffset: 0x0000000000001507
ID des fehlerhaften Prozesses: 0x1c60
Startzeit der fehlerhaften Anwendung: 0xDiskView64.exe0
Pfad der fehlerhaften Anwendung: DiskView64.exe1
Pfad des fehlerhaften Moduls: DiskView64.exe2
Berichtskennung: DiskView64.exe3
Vollständiger Name des fehlerhaften Pakets: DiskView64.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: DiskView64.exe5

Error: (12/31/2015 06:26:48 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (12/31/2015 06:26:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: SkypeHost.exe, Version: 10.1.0.2123, Zeitstempel: 0x566f6bfe
Name des fehlerhaften Moduls: SkyWrap.dll, Version: 10.1.0.2123, Zeitstempel: 0x566f6bdd
Ausnahmecode: 0xc0000005
Fehleroffset: 0x002081c8
ID des fehlerhaften Prozesses: 0x1094
Startzeit der fehlerhaften Anwendung: 0xSkypeHost.exe0
Pfad der fehlerhaften Anwendung: SkypeHost.exe1
Pfad des fehlerhaften Moduls: SkypeHost.exe2
Berichtskennung: SkypeHost.exe3
Vollständiger Name des fehlerhaften Pakets: SkypeHost.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: SkypeHost.exe5

Error: (12/30/2015 09:16:27 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm iexplore.exe, Version 11.0.10586.20 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Systemsteuerung "Sicherheit und Wartung", um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1564

Startzeit: 01d1433ca62e8922

Beendigungszeit: 19

Anwendungspfad: C:\Program Files (x86)\Internet Explorer\iexplore.exe

Berichts-ID: 32cebfeb-af32-11e5-8294-20256487a424

Vollständiger Name des fehlerhaften Pakets: 

Auf das fehlerhafte Paket bezogene Anwendungs-ID:

Error: (12/30/2015 08:53:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: vlc.exe, Version: 2.2.1.0, Zeitstempel: 0x00000000
Name des fehlerhaften Moduls: libqt4_plugin.dll, Version: 2.2.1.0, Zeitstempel: 0xa2d0a2c0
Ausnahmecode: 0x40000015
Fehleroffset: 0x000000000076310b
ID des fehlerhaften Prozesses: 0x1bd4
Startzeit der fehlerhaften Anwendung: 0xvlc.exe0
Pfad der fehlerhaften Anwendung: vlc.exe1
Pfad des fehlerhaften Moduls: vlc.exe2
Berichtskennung: vlc.exe3
Vollständiger Name des fehlerhaften Pakets: vlc.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: vlc.exe5

Error: (12/30/2015 02:37:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: MsMpEng.exe, Version: 4.9.10586.0, Zeitstempel: 0x5632d908
Name des fehlerhaften Moduls: msvcrt.dll, Version: 7.0.10586.0, Zeitstempel: 0x5632d79e
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000005d5b8
ID des fehlerhaften Prozesses: 0x8a0
Startzeit der fehlerhaften Anwendung: 0xMsMpEng.exe0
Pfad der fehlerhaften Anwendung: MsMpEng.exe1
Pfad des fehlerhaften Moduls: MsMpEng.exe2
Berichtskennung: MsMpEng.exe3
Vollständiger Name des fehlerhaften Pakets: MsMpEng.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: MsMpEng.exe5

Error: (12/30/2015 02:25:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: microsoftedgecp.exe, Version: 11.0.10586.20, Zeitstempel: 0x56540c35
Name des fehlerhaften Moduls: edgehtml.dll, Version: 11.0.10586.20, Zeitstempel: 0x56541351
Ausnahmecode: 0x8000ffff
Fehleroffset: 0x000000000049b7aa
ID des fehlerhaften Prozesses: 0xd90
Startzeit der fehlerhaften Anwendung: 0xmicrosoftedgecp.exe0
Pfad der fehlerhaften Anwendung: microsoftedgecp.exe1
Pfad des fehlerhaften Moduls: microsoftedgecp.exe2
Berichtskennung: microsoftedgecp.exe3
Vollständiger Name des fehlerhaften Pakets: microsoftedgecp.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: microsoftedgecp.exe5


System errors:
=============
Error: (01/01/2016 03:36:47 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "NVIDIA Display Driver Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (01/01/2016 03:25:03 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "User Data Access_30162" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Restart the service.

Error: (01/01/2016 03:25:03 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "User Data Storage_30162" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Restart the service.

Error: (01/01/2016 03:25:03 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Contact Data_30162" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Restart the service.

Error: (01/01/2016 03:25:03 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Sync Host_30162" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Restart the service.

Error: (01/01/2016 03:25:03 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (01/01/2016 03:24:46 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "NVIDIA Update Service Daemon" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (01/01/2016 03:24:46 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) Rapid Storage Technology" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (01/01/2016 03:24:45 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Restart the service.

Error: (01/01/2016 03:24:45 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Presentation Foundation Font Cache 3.0.0.0" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Restart the service.


CodeIntegrity:
===================================
  Date: 2016-01-01 13:29:43.278
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-01-01 13:29:43.235
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-12-31 18:53:20.491
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-12-31 18:53:20.358
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-12-31 18:34:16.643
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-12-31 18:34:16.540
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-12-30 20:49:44.717
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-12-30 15:10:27.125
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-12-30 15:10:27.054
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-12-30 14:40:28.775
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\BubbleSound\BubbleSound.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i5-4200M CPU @ 2.50GHz
Percentage of memory in use: 22%
Total physical RAM: 8116.36 MB
Available physical RAM: 6272.47 MB
Total Virtual: 9396.36 MB
Available Virtual: 7705.85 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.32 GB) (Free:267.86 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:465.76 GB) (Free:465.6 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: D9FA2484)
Partition 1: (Active) - (Size=465.3 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=450 MB) - (Type=27)
Partition 3: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================
         

Alt 01.01.2016, 16:13   #8
M-K-D-B
/// TB-Ausbilder
 
Problem beim Starten von .dll - Das angebene Modul wurde nicht gefunden - Standard

Problem beim Starten von .dll - Das angebene Modul wurde nicht gefunden



Servus,





Schritt 1
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument


Code:
ATTFilter
start
CloseProcesses:
HKLM-x32\...\Run: [] => [X]
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\432D46648BB2740E3F334A083E170B17432D [2015-12-30] <==== ATTENTION
Task: {00DEA9D6-20C6-4A26-9F0A-999DBC169F51} - \SwiftSearch Auto Updater 1.10.0.25 Core -> No File <==== ATTENTION
Task: {08587A3B-B281-462F-8FBF-CC0BDF89BEDF} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {1064874A-9833-4123-B88A-35523B9C1165} - \SwiftSearch Auto Updater 1.10.0.25 Pending Update -> No File <==== ATTENTION
Task: {148DDEA2-8EDA-4C25-8538-8A054424C3C2} - System32\Tasks\Sunrise => C:\WINDOWS\TEMP\CUpdater\s37o..exe
C:\WINDOWS\TEMP\CUpdater
Task: {1D06BC2C-9B6F-425C-A0F5-E3159C4647DD} - System32\Tasks\Video Call2 => Rundll32.exe "C:\Users\Imre\AppData\Local\Video Call\{1DEB4D14-D28A-014F-C7DA-C125519B84F0}\bdyp.dll",#1 <==== ATTENTION
C:\Users\Imre\AppData\Local\Video Call
Task: {2EC557EF-EC10-47AC-BB23-4D6BAA8FD147} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {34629B12-29E5-486E-85B4-A7A4343F4201} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {62141068-451E-450C-BD86-EB2954B73E1F} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {7056FB29-CF72-47EE-A11E-1B676D9F503E} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {7C631AD8-A9B4-4AF8-9B89-3796E25FC422} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {84D4F724-F90D-44B9-A286-078AFA2739D4} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {97C703A7-4DBC-4E7F-AD7E-D2E1DE934C14} - \Run_Bobby_Browser -> No File <==== ATTENTION
Task: {999DB9B9-7B0F-44D6-BB79-5A5C4C93E0DE} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {9BF957EE-E5FF-4C8A-9F17-B4172B6B7270} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {A18E9C7F-12E0-4EEF-8F9E-FB4546D865F5} - \crash_service -> No File <==== ATTENTION
Task: {B1013309-EC6F-41C3-8E37-AB1F7BF47178} - \IBUpd2 -> No File <==== ATTENTION
Task: {D48CC34D-B817-4736-9220-8BA549AF25B7} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {E7CDD728-A539-4DD9-9207-7E514326E840} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: C:\WINDOWS\Tasks\DataFront.job => c:\programdata\{17500a68-0a28-ed62-1750-00a680a229a0}\wcw vs. nwo - world tour.7z.exe <==== ATTENTION
c:\programdata\{17500a68-0a28-ed62-1750-00a680a229a0}
Task: {A6E5BA1A-A413-4E60-AAA5-66E0E654DD6B} - System32\Tasks\Video Call => Rundll32.exe "C:\Users\Imre\AppData\Local\Video Call\{1DEB4D14-D28A-014F-C7DA-C125519B84F0}\VideoCall.dll",#1 <==== ATTENTION
Task: {0823CBBB-67BB-4826-9EAD-6075A009B4E9} - System32\Tasks\DataFront => c:\programdata\{17500a68-0a28-ed62-1750-00a680a229a0}\wcw vs. nwo - world tour.7z.exe <==== 
C:\Users\Public\Documents\Baidu
Folder: C:\Users\Imre\AppData\Local\Omrkics
File: C:\WINDOWS\system32\Drivers\sdfhgdf.sys
RemoveProxy:
Reboot:
end
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.







Schritt 2
  • Deaktiviere dein Anti-Viren-Programm.
  • Gehe zum Ordner C:\FRST\Quarantine.
  • Rechtsklicke auf den Ordner Quarantine und wähle > Senden an > Zip-komprimierter Ordner.
  • Es wird eine zip-Datei mit dem Namen Quarantine.zip im Ordner FRST erstellt.
  • Lade die Quarantine.zip im Upload-Channel hoch.
  • Klicke dazu auf Durchsuchen, navigiere zu der zip-Datei ( C:\FRST\Quarantine.zip ) und klicke auf Öffnen.
  • Klicke abschließend auf Hochladen.
  • Vielen Dank für deine Hilfe.
  • Aktiviere dein Anti-Viren-Programm wieder.





Schritt 3
Lade dir die passende Version von SystemLook vom folgenden Spiegel herunter und speichere das Tool auf dem Desktop:
SystemLook (32 bit) | SystemLook (64 bit)
  • Doppelklicke auf die SystemLook.exe, um das Tool zu starten.
  • Kopiere den Inhalt der folgenden Codebox in das Textfeld des Tools:

    Code:
    ATTFilter
    :regfind
    SwiftSearch
    VideoCall
    DataFront
             
  • Klicke nun auf den Button Look, um den Scan zu starten.
  • Der Suchlauf kann einige Zeit dauern.
  • Wenn der Suchlauf beendet ist, wird sich dein Editor mit den Ergebnissen öffnen, poste diese in deinen Thread.
  • Die Ergebnisse werden auch auf dem Desktop als SystemLook.txt gespeichert.







Schritt 4
  • Starte die FRST.exe erneut. Setze einen Haken vor Addition.txt und drücke auf Scan.
  • FRST erstellt wieder zwei Logdateien (FRST.txt und Addition.txt).
  • Poste mir beide Logdateien mit deiner nächsten Antwort.






Bitte poste mit deiner nächsten Antwort
  • die Logdatei des FRST-Fix,
  • eine Rückmeldung bezüglich des Uploads,
  • die Logdatei von SystemLook,
  • die beiden neuen Logdateien von FRST.
__________________
Grüße aus Bayern
M-K-D-B

______________________________________

Das Trojaner-Board unterstützen

Geändert von M-K-D-B (01.01.2016 um 16:21 Uhr)

Alt 01.01.2016, 16:42   #9
akakesios
 
Problem beim Starten von .dll - Das angebene Modul wurde nicht gefunden - Standard

Problem beim Starten von .dll - Das angebene Modul wurde nicht gefunden



Hallo Matthias,

diesmal hat sich ein Problem ergeben. Ich habe wie beschrieben den Text in Notepad kopiert und abgespeichert. Danach den Fixlist im FRST Ordner abgespeichert. Danach konnte ich allerdings nicht den Entfernen Button in FRST klicken, da dieser nicht vorhanden ist bzw. ich ihn nicht finden konnte. Dort steht nur: Scan, Search Files, Search Registry und Fix..Kannst du mir sagen, was ich falsch mache??

Sorry

Alt 02.01.2016, 11:07   #10
M-K-D-B
/// TB-Ausbilder
 
Problem beim Starten von .dll - Das angebene Modul wurde nicht gefunden - Standard

Problem beim Starten von .dll - Das angebene Modul wurde nicht gefunden



Servus,


ich habe nicht gesagt, dass du die fixlist im FRST-Ordner abspeichern sollst.


Die FRST.exe sollte sich (laut dem letzten Scan) auf dem Desktop befinden:
Zitat:
Running from C:\Users\Imre\Desktop
Und genau dort speicherst du bitte die fixlist auch ab.

Dann klappt das auch.


Noch ein Hinweis:
Du brauchst die Datei nur als "fixlist" abspeichern, die Endung .txt wird von Notepad automatisch erzeugt, da es ja ein Texteditor ist.
__________________
Grüße aus Bayern
M-K-D-B

______________________________________

Das Trojaner-Board unterstützen

Alt 02.01.2016, 13:09   #11
akakesios
 
Problem beim Starten von .dll - Das angebene Modul wurde nicht gefunden - Standard

Problem beim Starten von .dll - Das angebene Modul wurde nicht gefunden



Es tut mir wirklich leid, ich habe es jetzt genauso gemacht wie beschrieben. Es taucht in FRST kein Entfernen Button auf. Die fixlist ist auf dem Desktop abgespeichert. Die Optionen in dem Programm haben sich nicht geändert. Muss ich vorher einen Scan durchführen oder auf Search Files gehen?? Ich will deine Geduld nicht strapazieren, aber ich weiß nicht was ich falsch mache...

Ich glaube, dass ich es hinbekommen habe..

Hier das Fixlog

Code:
ATTFilter
Fix result of Farbar Recovery Scan Tool (x64) Version:31-12-2015
Ran by Imre (2016-01-02 12:56:34) Run:1
Running from C:\Users\Imre\Desktop
Loaded Profiles: Imre & UpdatusUser (Available Profiles: Imre & UpdatusUser)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
CloseProcesses:
HKLM-x32\...\Run: [] => [X]
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\432D46648BB2740E3F334A083E170B17432D [2015-12-30] <==== ATTENTION
Task: {00DEA9D6-20C6-4A26-9F0A-999DBC169F51} - \SwiftSearch Auto Updater 1.10.0.25 Core -> No File <==== ATTENTION
Task: {08587A3B-B281-462F-8FBF-CC0BDF89BEDF} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {1064874A-9833-4123-B88A-35523B9C1165} - \SwiftSearch Auto Updater 1.10.0.25 Pending Update -> No File <==== ATTENTION
Task: {148DDEA2-8EDA-4C25-8538-8A054424C3C2} - System32\Tasks\Sunrise => C:\WINDOWS\TEMP\CUpdater\s37o..exe
C:\WINDOWS\TEMP\CUpdater
Task: {1D06BC2C-9B6F-425C-A0F5-E3159C4647DD} - System32\Tasks\Video Call2 => Rundll32.exe "C:\Users\Imre\AppData\Local\Video Call\{1DEB4D14-D28A-014F-C7DA-C125519B84F0}\bdyp.dll",#1 <==== ATTENTION
C:\Users\Imre\AppData\Local\Video Call
Task: {2EC557EF-EC10-47AC-BB23-4D6BAA8FD147} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {34629B12-29E5-486E-85B4-A7A4343F4201} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {62141068-451E-450C-BD86-EB2954B73E1F} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {7056FB29-CF72-47EE-A11E-1B676D9F503E} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {7C631AD8-A9B4-4AF8-9B89-3796E25FC422} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {84D4F724-F90D-44B9-A286-078AFA2739D4} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {97C703A7-4DBC-4E7F-AD7E-D2E1DE934C14} - \Run_Bobby_Browser -> No File <==== ATTENTION
Task: {999DB9B9-7B0F-44D6-BB79-5A5C4C93E0DE} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {9BF957EE-E5FF-4C8A-9F17-B4172B6B7270} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {A18E9C7F-12E0-4EEF-8F9E-FB4546D865F5} - \crash_service -> No File <==== ATTENTION
Task: {B1013309-EC6F-41C3-8E37-AB1F7BF47178} - \IBUpd2 -> No File <==== ATTENTION
Task: {D48CC34D-B817-4736-9220-8BA549AF25B7} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {E7CDD728-A539-4DD9-9207-7E514326E840} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: C:\WINDOWS\Tasks\DataFront.job => c:\programdata\{17500a68-0a28-ed62-1750-00a680a229a0}\wcw vs. nwo - world tour.7z.exe <==== ATTENTION
c:\programdata\{17500a68-0a28-ed62-1750-00a680a229a0}
Task: {A6E5BA1A-A413-4E60-AAA5-66E0E654DD6B} - System32\Tasks\Video Call => Rundll32.exe "C:\Users\Imre\AppData\Local\Video Call\{1DEB4D14-D28A-014F-C7DA-C125519B84F0}\VideoCall.dll",#1 <==== ATTENTION
Task: {0823CBBB-67BB-4826-9EAD-6075A009B4E9} - System32\Tasks\DataFront => c:\programdata\{17500a68-0a28-ed62-1750-00a680a229a0}\wcw vs. nwo - world tour.7z.exe <==== 
C:\Users\Public\Documents\Baidu
Folder: C:\Users\Imre\AppData\Local\Omrkics
File: C:\WINDOWS\system32\Drivers\sdfhgdf.sys
RemoveProxy:
Reboot:
end
*****************

Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
C:\Program Files (x86)\mozilla firefox\432D46648BB2740E3F334A083E170B17432D => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{00DEA9D6-20C6-4A26-9F0A-999DBC169F51}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{00DEA9D6-20C6-4A26-9F0A-999DBC169F51}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SwiftSearch Auto Updater 1.10.0.25 Core => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{08587A3B-B281-462F-8FBF-CC0BDF89BEDF}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{08587A3B-B281-462F-8FBF-CC0BDF89BEDF}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{1064874A-9833-4123-B88A-35523B9C1165}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1064874A-9833-4123-B88A-35523B9C1165}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SwiftSearch Auto Updater 1.10.0.25 Pending Update => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{148DDEA2-8EDA-4C25-8538-8A054424C3C2}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{148DDEA2-8EDA-4C25-8538-8A054424C3C2}" => key removed successfully
C:\WINDOWS\System32\Tasks\Sunrise => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Sunrise" => key removed successfully
C:\WINDOWS\TEMP\CUpdater => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{1D06BC2C-9B6F-425C-A0F5-E3159C4647DD}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1D06BC2C-9B6F-425C-A0F5-E3159C4647DD}" => key removed successfully
C:\WINDOWS\System32\Tasks\Video Call2 => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Video Call2" => key removed successfully
"C:\Users\Imre\AppData\Local\Video Call" => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2EC557EF-EC10-47AC-BB23-4D6BAA8FD147}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2EC557EF-EC10-47AC-BB23-4D6BAA8FD147}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{34629B12-29E5-486E-85B4-A7A4343F4201}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{34629B12-29E5-486E-85B4-A7A4343F4201}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{62141068-451E-450C-BD86-EB2954B73E1F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{62141068-451E-450C-BD86-EB2954B73E1F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7056FB29-CF72-47EE-A11E-1B676D9F503E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7056FB29-CF72-47EE-A11E-1B676D9F503E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7C631AD8-A9B4-4AF8-9B89-3796E25FC422}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7C631AD8-A9B4-4AF8-9B89-3796E25FC422}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{84D4F724-F90D-44B9-A286-078AFA2739D4}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{84D4F724-F90D-44B9-A286-078AFA2739D4}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{97C703A7-4DBC-4E7F-AD7E-D2E1DE934C14}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{97C703A7-4DBC-4E7F-AD7E-D2E1DE934C14}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Run_Bobby_Browser => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{999DB9B9-7B0F-44D6-BB79-5A5C4C93E0DE}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{999DB9B9-7B0F-44D6-BB79-5A5C4C93E0DE}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9BF957EE-E5FF-4C8A-9F17-B4172B6B7270}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9BF957EE-E5FF-4C8A-9F17-B4172B6B7270}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A18E9C7F-12E0-4EEF-8F9E-FB4546D865F5}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A18E9C7F-12E0-4EEF-8F9E-FB4546D865F5}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\crash_service => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B1013309-EC6F-41C3-8E37-AB1F7BF47178}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B1013309-EC6F-41C3-8E37-AB1F7BF47178}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\IBUpd2 => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D48CC34D-B817-4736-9220-8BA549AF25B7}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D48CC34D-B817-4736-9220-8BA549AF25B7}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E7CDD728-A539-4DD9-9207-7E514326E840}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E7CDD728-A539-4DD9-9207-7E514326E840}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => key removed successfully
C:\WINDOWS\Tasks\DataFront.job => moved successfully
"c:\programdata\{17500a68-0a28-ed62-1750-00a680a229a0}" => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A6E5BA1A-A413-4E60-AAA5-66E0E654DD6B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A6E5BA1A-A413-4E60-AAA5-66E0E654DD6B}" => key removed successfully
C:\WINDOWS\System32\Tasks\Video Call => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Video Call" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0823CBBB-67BB-4826-9EAD-6075A009B4E9}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0823CBBB-67BB-4826-9EAD-6075A009B4E9}" => key removed successfully
C:\WINDOWS\System32\Tasks\DataFront => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DataFront" => key removed successfully
C:\Users\Public\Documents\Baidu => moved successfully

========================= Folder: C:\Users\Imre\AppData\Local\Omrkics ========================

2015-12-30 14:20 - 2015-12-30 14:20 - 0000000 _____ () C:\Users\Imre\AppData\Local\Omrkics\{F1AA362C-0A98-F32D-AFEC-66B52AE8F00E}
2015-12-30 14:20 - 2015-12-30 14:20 - 0063508 _____ () C:\Users\Imre\AppData\Local\Omrkics\VkdevNotifier.0
2015-12-30 14:20 - 2015-12-30 14:20 - 0046592 _____ () C:\Users\Imre\AppData\Local\Omrkics\VkdevNotifier.dll

====== End of Folder: ======


========================= File: C:\WINDOWS\system32\Drivers\sdfhgdf.sys ========================

File is digitally signed
MD5: 6AF193C544CDF03BD2D2F4A8C45A85E9
Creation and modification date: 2015-12-30 14:26 - 2015-12-30 14:29
Size: 0023712
Attributes: ----A
Company Name: Corporation
Internal Name: sdfhgdf.sys
Original Name: sdfhgdf.sys
Product: Mini-Filter Driver
Description: Activity Filter
File Version: 1.00.00.0000 built by: WinDDK
Product Version: 1.00.00.0000
Copyright: Copyright (C) 2015

====== End of File: ======


========= RemoveProxy: =========

HKU\S-1-5-21-253609680-664229831-636946120-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-253609680-664229831-636946120-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully


========= End of RemoveProxy: =========



The system needed a reboot.

==== End of Fixlog 12:56:38 ====
         

Ich konnte allerdings den zweiten Schritt nicht ausführen und keinen Zip Ordner vom Quarantäne Ordner erstellen. Obwohl ich den Virenschutz, in meinem Fall Defender deaktiviert habe, wird angezeigt, dass die Datei nicht vorhanden oder ich keine Leseberechtigung habe. Kann ich den Ordner so hochladen?

Alt 02.01.2016, 16:34   #12
M-K-D-B
/// TB-Ausbilder
 
Problem beim Starten von .dll - Das angebene Modul wurde nicht gefunden - Standard

Problem beim Starten von .dll - Das angebene Modul wurde nicht gefunden



Servus,



FRST nochmal ausführen:

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument


Code:
ATTFilter
start
Unlock: C:\FRST
end
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.






Jetzt solltest du Zugriff haben und eine .zip vom Quaranine-Ordner erstellen können.
__________________
Grüße aus Bayern
M-K-D-B

______________________________________

Das Trojaner-Board unterstützen

Alt 02.01.2016, 16:58   #13
akakesios
 
Problem beim Starten von .dll - Das angebene Modul wurde nicht gefunden - Standard

Problem beim Starten von .dll - Das angebene Modul wurde nicht gefunden



Hallo Matthias,

der Ordner ist hochgeladen. Hier das Ergebnis vom SystemLook:

Code:
ATTFilter
SystemLook 30.07.11 by jpshortstuff
Log created at 16:56 on 02/01/2016 by Imre
Administrator - Elevation successful

========== regfind ==========

Searching for "SwiftSearch"
No data found.

Searching for "VideoCall"
[HKEY_CURRENT_USER\SOFTWARE\Classes\AppX1xc6v8wxp3svbz8hgqwrkn12rvf2xs5r\Application]
"ApplicationIcon"="@{Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.Messaging/Files/SkypeApp/Assets/SkypeVideoCallAppList.png}"
[HKEY_CURRENT_USER\SOFTWARE\Classes\AppX1xc6v8wxp3svbz8hgqwrkn12rvf2xs5r\DefaultIcon]
@="@{Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.Messaging/Files/SkypeApp/Assets/SkypeVideoCallAppList.png}"
[HKEY_CURRENT_USER\SOFTWARE\Classes\AppX69c8a1j9yncvz2jebamz35gnr8ajzw1a\Application]
"ApplicationIcon"="@{Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.Messaging/Files/SkypeApp/Assets/SkypeVideoCallAppList.png}"
[HKEY_CURRENT_USER\SOFTWARE\Classes\AppX69c8a1j9yncvz2jebamz35gnr8ajzw1a\DefaultIcon]
@="@{Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.Messaging/Files/SkypeApp/Assets/SkypeVideoCallAppList.png}"
[HKEY_CURRENT_USER\SOFTWARE\Classes\AppX8baeedgbp5w6b9pgcfry6z6r3837ra57\Application]
"ApplicationIcon"="@{Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.Messaging/Files/SkypeApp/Assets/SkypeVideoCallAppList.png}"
[HKEY_CURRENT_USER\SOFTWARE\Classes\AppX8baeedgbp5w6b9pgcfry6z6r3837ra57\DefaultIcon]
@="@{Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.Messaging/Files/SkypeApp/Assets/SkypeVideoCallAppList.png}"
[HKEY_CURRENT_USER\SOFTWARE\Classes\AppXjqbn1mcz1c1k21352e3m25bp3e4dn1fn\Application]
"ApplicationIcon"="@{Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.Messaging/Files/SkypeApp/Assets/SkypeVideoCallAppList.png}"
[HKEY_CURRENT_USER\SOFTWARE\Classes\AppXjqbn1mcz1c1k21352e3m25bp3e4dn1fn\DefaultIcon]
@="@{Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.Messaging/Files/SkypeApp/Assets/SkypeVideoCallAppList.png}"
[HKEY_CURRENT_USER\SOFTWARE\Classes\AppXmg6dxek82gvh4t1j65ev11j62b1557as\Application]
"ApplicationIcon"="@{Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.Messaging/Files/SkypeApp/Assets/SkypeVideoCallAppList.png}"
[HKEY_CURRENT_USER\SOFTWARE\Classes\AppXmg6dxek82gvh4t1j65ev11j62b1557as\DefaultIcon]
@="@{Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.Messaging/Files/SkypeApp/Assets/SkypeVideoCallAppList.png}"
[HKEY_CURRENT_USER\SOFTWARE\Classes\Extensions\ContractId\Windows.AppService\PackageId\Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe\ActivatableClassId\App.AppXxn983psjcksd662y1se0gwaq3fxdh96b.mca]
"Icon"="@{Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.Messaging/Files/SkypeApp/Assets/SkypeVideoCallMedTile.png}"
[HKEY_CURRENT_USER\SOFTWARE\Classes\Extensions\ContractId\Windows.BackgroundTasks\PackageId\Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe\ActivatableClassId\App.AppX2gh66qnf13k8hd987ggawehhqpyh9faw.mca]
"Icon"="@{Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.Messaging/Files/SkypeApp/Assets/SkypeVideoCallMedTile.png}"
[HKEY_CURRENT_USER\SOFTWARE\Classes\Extensions\ContractId\Windows.BackgroundTasks\PackageId\Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe\ActivatableClassId\App.AppX2y8c6f2bz2tae4wecy12jenhqb03xf5q.mca]
"Icon"="@{Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.Messaging/Files/SkypeApp/Assets/SkypeVideoCallMedTile.png}"
[HKEY_CURRENT_USER\SOFTWARE\Classes\Extensions\ContractId\Windows.BackgroundTasks\PackageId\Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe\ActivatableClassId\App.AppXck5aaxyarfx8gxrgfk6pvakmmxeqvepc.mca]
"Icon"="@{Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.Messaging/Files/SkypeApp/Assets/SkypeVideoCallMedTile.png}"
[HKEY_CURRENT_USER\SOFTWARE\Classes\Extensions\ContractId\Windows.BackgroundTasks\PackageId\Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe\ActivatableClassId\App.AppXpjb489y363mrpj1sfytqdxp8r6dagq2r.mca]
"Icon"="@{Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.Messaging/Files/SkypeApp/Assets/SkypeVideoCallMedTile.png}"
[HKEY_CURRENT_USER\SOFTWARE\Classes\Extensions\ContractId\Windows.BackgroundTasks\PackageId\Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe\ActivatableClassId\App.AppXtjcey7sh4wvcw7hy21b0nmp0bq18dyzd.mca]
"Icon"="@{Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.Messaging/Files/SkypeApp/Assets/SkypeVideoCallMedTile.png}"
[HKEY_CURRENT_USER\SOFTWARE\Classes\Extensions\ContractId\Windows.Launch\PackageId\Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe\ActivatableClassId\App]
"Icon"="@{Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.Messaging/Files/SkypeApp/Assets/SkypeVideoCallMedTile.png}"
[HKEY_CURRENT_USER\SOFTWARE\Classes\Extensions\ContractId\Windows.PreInstalledConfigTask\PackageId\Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe\ActivatableClassId\App.AppXrt7v1y091r1kb6h2w0bc5ehbv419tja5.mca]
"Icon"="@{Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.Messaging/Files/SkypeApp/Assets/SkypeVideoCallMedTile.png}"
[HKEY_CURRENT_USER\SOFTWARE\Classes\Extensions\ContractId\Windows.Protocol\PackageId\Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe\ActivatableClassId\App.AppX1kpnxft10gkjvc8x17ckv96c46egh5mm.mca]
"Icon"="@{Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.Messaging/Files/SkypeApp/Assets/SkypeVideoCallMedTile.png}"
[HKEY_CURRENT_USER\SOFTWARE\Classes\Extensions\ContractId\Windows.Protocol\PackageId\Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe\ActivatableClassId\App.AppX1sqv9bmzjz9x7077rbb98ngv135ydsmm.mca]
"Icon"="@{Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.Messaging/Files/SkypeApp/Assets/SkypeVideoCallMedTile.png}"
[HKEY_CURRENT_USER\SOFTWARE\Classes\Extensions\ContractId\Windows.Protocol\PackageId\Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe\ActivatableClassId\App.AppXf1e8dc5ps33phm3x2chs7kqbamh8vr90.mca]
"Icon"="@{Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.Messaging/Files/SkypeApp/Assets/SkypeVideoCallMedTile.png}"
[HKEY_CURRENT_USER\SOFTWARE\Classes\Extensions\ContractId\Windows.Protocol\PackageId\Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe\ActivatableClassId\App.AppXverx2qgbg0n25jzacv8bb0a7dp8trxmj.mca]
"Icon"="@{Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.Messaging/Files/SkypeApp/Assets/SkypeVideoCallMedTile.png}"
[HKEY_CURRENT_USER\SOFTWARE\Classes\Extensions\ContractId\Windows.Protocol\PackageId\Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe\ActivatableClassId\App.AppXy3cnz33z7gfzyns3tx9ej050t089d2te.mca]
"Icon"="@{Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.Messaging/Files/SkypeApp/Assets/SkypeVideoCallMedTile.png}"
[HKEY_CURRENT_USER\SOFTWARE\Classes\Extensions\ContractId\Windows.UpdateTask\PackageId\Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe\ActivatableClassId\App.AppX252gkwh43s0kmsmjkzdj6mfsef581ce3.mca]
"Icon"="@{Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.Messaging/Files/SkypeApp/Assets/SkypeVideoCallMedTile.png}"
[HKEY_CURRENT_USER\SOFTWARE\Classes\Local Settings\MrtCache\C:%5CProgram Files%5CWindowsApps%5CMicrosoft.Messaging_1.10.22012.0_x86__8wekyb3d8bbwe%5CMicrosoft.System.Package.Metadata%5CS-1-5-21-253609680-664229831-636946120-1001-MergedResources-0.pri\1d12d80da4e4529\8f29c914]
"@{Microsoft.Messaging_1.10.22012.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.Messaging/Files/SkypeApp/Assets/SkypeVideoCallAppList.png}"="C:\Program Files\WindowsApps\Microsoft.Messaging_1.10.22012.0_neutral_split.scale-150_8wekyb3d8bbwe\SkypeApp\Assets\SkypeVideoCallAppList.scale-150.png"
[HKEY_CURRENT_USER\SOFTWARE\Classes\Local Settings\MrtCache\C:%5CProgram Files%5CWindowsApps%5CMicrosoft.Messaging_1.11.19004.0_x86__8wekyb3d8bbwe%5CMicrosoft.System.Package.Metadata%5CS-1-5-21-253609680-664229831-636946120-1001-MergedResources-1.pri\1d12dacd34bbf3e\460ed952]
"@{Microsoft.Messaging_1.11.19004.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.Messaging/Files/SkypeApp/Assets/SkypeVideoCallAppList.png}"="C:\Program Files\WindowsApps\Microsoft.Messaging_1.11.19004.0_neutral_split.scale-100_8wekyb3d8bbwe\SkypeApp\Assets\SkypeVideoCallAppList.scale-100.png"
[HKEY_CURRENT_USER\SOFTWARE\Classes\Local Settings\MrtCache\C:%5CProgram Files%5CWindowsApps%5CMicrosoft.Messaging_2.12.11012.0_x86__8wekyb3d8bbwe%5CMicrosoft.System.Package.Metadata%5CS-1-5-21-253609680-664229831-636946120-1001-MergedResources-2.pri\1d137fbbdb72faf\460ed952]
"@{Microsoft.Messaging_2.12.11012.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.Messaging/Files/SkypeApp/Assets/SkypeVideoCallAppList.png}"="C:\Program Files\WindowsApps\Microsoft.Messaging_2.12.11012.0_neutral_split.scale-100_8wekyb3d8bbwe\SkypeApp\Assets\SkypeVideoCallAppList.scale-100.png"
[HKEY_CURRENT_USER\SOFTWARE\Classes\Local Settings\MrtCache\C:%5CProgram Files%5CWindowsApps%5CMicrosoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe%5CMicrosoft.System.Package.Metadata%5CS-1-5-21-253609680-664229831-636946120-1001-MergedResources-3.pri\1d138d67daf725f\460ed952]
"@{Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.Messaging/Files/SkypeApp/Assets/SkypeVideoCallAppList.png}"="C:\Program Files\WindowsApps\Microsoft.Messaging_2.12.15004.0_neutral_split.scale-100_8wekyb3d8bbwe\SkypeApp\Assets\SkypeVideoCallAppList.scale-100.png"
[HKEY_CURRENT_USER\SOFTWARE\Classes\videocall-messenger]
[HKEY_CURRENT_USER\SOFTWARE\Classes\videocall-messenger]
@="URL:videocall-messenger"
[HKEY_CURRENT_USER\SOFTWARE\Classes\videocall-skype-com]
[HKEY_CURRENT_USER\SOFTWARE\Classes\videocall-skype-com]
@="URL:videocall-skype-com"
[HKEY_CURRENT_USER\SOFTWARE\Classes\Wow6432Node\CLSID\{739654FE-8E59-36F3-C924-FF6F1EDFCF7F}]
@="601A07D4F26E866729987896DAC4C7A4 6f91010f718e08d38761cf6d5d33de65 78C0A2EFB5813E4CB5F68DD74B968D3E "Video Call" "Builder Cooking corp" "bdyp" 0 "VideoCall" 003389"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{61079DB8-E3E7-4B4F-858D-5C63A96EF684}]
@="__x_Windows_CApplicationModel_CActivation_CIContactVideoCallActivatedEventArgs"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{61079DB8-E3E7-4B4F-858D-5C63A96EF684}]
@="__x_Windows_CApplicationModel_CActivation_CIContactVideoCallActivatedEventArgs"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Phone\Settings]
"VideoCallingChargesMessage"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Phone\Settings]
"VideoCallingChargesTitle"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Phone\Settings]
"VideoCallingDescription"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Phone\Settings]
"VideoCallingLabel"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Phone\Settings]
"VideoCallingChargesMessage"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Phone\Settings]
"VideoCallingChargesTitle"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Phone\Settings]
"VideoCallingDescription"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Phone\Settings]
"VideoCallingLabel"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Classes\Interface\{61079DB8-E3E7-4B4F-858D-5C63A96EF684}]
@="__x_Windows_CApplicationModel_CActivation_CIContactVideoCallActivatedEventArgs"
[HKEY_USERS\S-1-5-21-253609680-664229831-636946120-1001\SOFTWARE\Classes\AppX1xc6v8wxp3svbz8hgqwrkn12rvf2xs5r\Application]
"ApplicationIcon"="@{Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.Messaging/Files/SkypeApp/Assets/SkypeVideoCallAppList.png}"
[HKEY_USERS\S-1-5-21-253609680-664229831-636946120-1001\SOFTWARE\Classes\AppX1xc6v8wxp3svbz8hgqwrkn12rvf2xs5r\DefaultIcon]
@="@{Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.Messaging/Files/SkypeApp/Assets/SkypeVideoCallAppList.png}"
[HKEY_USERS\S-1-5-21-253609680-664229831-636946120-1001\SOFTWARE\Classes\AppX69c8a1j9yncvz2jebamz35gnr8ajzw1a\Application]
"ApplicationIcon"="@{Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.Messaging/Files/SkypeApp/Assets/SkypeVideoCallAppList.png}"
[HKEY_USERS\S-1-5-21-253609680-664229831-636946120-1001\SOFTWARE\Classes\AppX69c8a1j9yncvz2jebamz35gnr8ajzw1a\DefaultIcon]
@="@{Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.Messaging/Files/SkypeApp/Assets/SkypeVideoCallAppList.png}"
[HKEY_USERS\S-1-5-21-253609680-664229831-636946120-1001\SOFTWARE\Classes\AppX8baeedgbp5w6b9pgcfry6z6r3837ra57\Application]
"ApplicationIcon"="@{Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.Messaging/Files/SkypeApp/Assets/SkypeVideoCallAppList.png}"
[HKEY_USERS\S-1-5-21-253609680-664229831-636946120-1001\SOFTWARE\Classes\AppX8baeedgbp5w6b9pgcfry6z6r3837ra57\DefaultIcon]
@="@{Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.Messaging/Files/SkypeApp/Assets/SkypeVideoCallAppList.png}"
[HKEY_USERS\S-1-5-21-253609680-664229831-636946120-1001\SOFTWARE\Classes\AppXjqbn1mcz1c1k21352e3m25bp3e4dn1fn\Application]
"ApplicationIcon"="@{Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.Messaging/Files/SkypeApp/Assets/SkypeVideoCallAppList.png}"
[HKEY_USERS\S-1-5-21-253609680-664229831-636946120-1001\SOFTWARE\Classes\AppXjqbn1mcz1c1k21352e3m25bp3e4dn1fn\DefaultIcon]
@="@{Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.Messaging/Files/SkypeApp/Assets/SkypeVideoCallAppList.png}"
[HKEY_USERS\S-1-5-21-253609680-664229831-636946120-1001\SOFTWARE\Classes\AppXmg6dxek82gvh4t1j65ev11j62b1557as\Application]
"ApplicationIcon"="@{Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.Messaging/Files/SkypeApp/Assets/SkypeVideoCallAppList.png}"
[HKEY_USERS\S-1-5-21-253609680-664229831-636946120-1001\SOFTWARE\Classes\AppXmg6dxek82gvh4t1j65ev11j62b1557as\DefaultIcon]
@="@{Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.Messaging/Files/SkypeApp/Assets/SkypeVideoCallAppList.png}"
[HKEY_USERS\S-1-5-21-253609680-664229831-636946120-1001\SOFTWARE\Classes\Extensions\ContractId\Windows.AppService\PackageId\Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe\ActivatableClassId\App.AppXxn983psjcksd662y1se0gwaq3fxdh96b.mca]
"Icon"="@{Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.Messaging/Files/SkypeApp/Assets/SkypeVideoCallMedTile.png}"
[HKEY_USERS\S-1-5-21-253609680-664229831-636946120-1001\SOFTWARE\Classes\Extensions\ContractId\Windows.BackgroundTasks\PackageId\Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe\ActivatableClassId\App.AppX2gh66qnf13k8hd987ggawehhqpyh9faw.mca]
"Icon"="@{Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.Messaging/Files/SkypeApp/Assets/SkypeVideoCallMedTile.png}"
[HKEY_USERS\S-1-5-21-253609680-664229831-636946120-1001\SOFTWARE\Classes\Extensions\ContractId\Windows.BackgroundTasks\PackageId\Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe\ActivatableClassId\App.AppX2y8c6f2bz2tae4wecy12jenhqb03xf5q.mca]
"Icon"="@{Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.Messaging/Files/SkypeApp/Assets/SkypeVideoCallMedTile.png}"
[HKEY_USERS\S-1-5-21-253609680-664229831-636946120-1001\SOFTWARE\Classes\Extensions\ContractId\Windows.BackgroundTasks\PackageId\Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe\ActivatableClassId\App.AppXck5aaxyarfx8gxrgfk6pvakmmxeqvepc.mca]
"Icon"="@{Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.Messaging/Files/SkypeApp/Assets/SkypeVideoCallMedTile.png}"
[HKEY_USERS\S-1-5-21-253609680-664229831-636946120-1001\SOFTWARE\Classes\Extensions\ContractId\Windows.BackgroundTasks\PackageId\Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe\ActivatableClassId\App.AppXpjb489y363mrpj1sfytqdxp8r6dagq2r.mca]
"Icon"="@{Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.Messaging/Files/SkypeApp/Assets/SkypeVideoCallMedTile.png}"
[HKEY_USERS\S-1-5-21-253609680-664229831-636946120-1001\SOFTWARE\Classes\Extensions\ContractId\Windows.BackgroundTasks\PackageId\Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe\ActivatableClassId\App.AppXtjcey7sh4wvcw7hy21b0nmp0bq18dyzd.mca]
"Icon"="@{Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.Messaging/Files/SkypeApp/Assets/SkypeVideoCallMedTile.png}"
[HKEY_USERS\S-1-5-21-253609680-664229831-636946120-1001\SOFTWARE\Classes\Extensions\ContractId\Windows.Launch\PackageId\Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe\ActivatableClassId\App]
"Icon"="@{Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.Messaging/Files/SkypeApp/Assets/SkypeVideoCallMedTile.png}"
[HKEY_USERS\S-1-5-21-253609680-664229831-636946120-1001\SOFTWARE\Classes\Extensions\ContractId\Windows.PreInstalledConfigTask\PackageId\Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe\ActivatableClassId\App.AppXrt7v1y091r1kb6h2w0bc5ehbv419tja5.mca]
"Icon"="@{Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.Messaging/Files/SkypeApp/Assets/SkypeVideoCallMedTile.png}"
[HKEY_USERS\S-1-5-21-253609680-664229831-636946120-1001\SOFTWARE\Classes\Extensions\ContractId\Windows.Protocol\PackageId\Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe\ActivatableClassId\App.AppX1kpnxft10gkjvc8x17ckv96c46egh5mm.mca]
"Icon"="@{Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.Messaging/Files/SkypeApp/Assets/SkypeVideoCallMedTile.png}"
[HKEY_USERS\S-1-5-21-253609680-664229831-636946120-1001\SOFTWARE\Classes\Extensions\ContractId\Windows.Protocol\PackageId\Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe\ActivatableClassId\App.AppX1sqv9bmzjz9x7077rbb98ngv135ydsmm.mca]
"Icon"="@{Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.Messaging/Files/SkypeApp/Assets/SkypeVideoCallMedTile.png}"
[HKEY_USERS\S-1-5-21-253609680-664229831-636946120-1001\SOFTWARE\Classes\Extensions\ContractId\Windows.Protocol\PackageId\Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe\ActivatableClassId\App.AppXf1e8dc5ps33phm3x2chs7kqbamh8vr90.mca]
"Icon"="@{Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.Messaging/Files/SkypeApp/Assets/SkypeVideoCallMedTile.png}"
[HKEY_USERS\S-1-5-21-253609680-664229831-636946120-1001\SOFTWARE\Classes\Extensions\ContractId\Windows.Protocol\PackageId\Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe\ActivatableClassId\App.AppXverx2qgbg0n25jzacv8bb0a7dp8trxmj.mca]
"Icon"="@{Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.Messaging/Files/SkypeApp/Assets/SkypeVideoCallMedTile.png}"
[HKEY_USERS\S-1-5-21-253609680-664229831-636946120-1001\SOFTWARE\Classes\Extensions\ContractId\Windows.Protocol\PackageId\Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe\ActivatableClassId\App.AppXy3cnz33z7gfzyns3tx9ej050t089d2te.mca]
"Icon"="@{Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.Messaging/Files/SkypeApp/Assets/SkypeVideoCallMedTile.png}"
[HKEY_USERS\S-1-5-21-253609680-664229831-636946120-1001\SOFTWARE\Classes\Extensions\ContractId\Windows.UpdateTask\PackageId\Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe\ActivatableClassId\App.AppX252gkwh43s0kmsmjkzdj6mfsef581ce3.mca]
"Icon"="@{Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.Messaging/Files/SkypeApp/Assets/SkypeVideoCallMedTile.png}"
[HKEY_USERS\S-1-5-21-253609680-664229831-636946120-1001\SOFTWARE\Classes\Local Settings\MrtCache\C:%5CProgram Files%5CWindowsApps%5CMicrosoft.Messaging_1.10.22012.0_x86__8wekyb3d8bbwe%5CMicrosoft.System.Package.Metadata%5CS-1-5-21-253609680-664229831-636946120-1001-MergedResources-0.pri\1d12d80da4e4529\8f29c914]
"@{Microsoft.Messaging_1.10.22012.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.Messaging/Files/SkypeApp/Assets/SkypeVideoCallAppList.png}"="C:\Program Files\WindowsApps\Microsoft.Messaging_1.10.22012.0_neutral_split.scale-150_8wekyb3d8bbwe\SkypeApp\Assets\SkypeVideoCallAppList.scale-150.png"
[HKEY_USERS\S-1-5-21-253609680-664229831-636946120-1001\SOFTWARE\Classes\Local Settings\MrtCache\C:%5CProgram Files%5CWindowsApps%5CMicrosoft.Messaging_1.11.19004.0_x86__8wekyb3d8bbwe%5CMicrosoft.System.Package.Metadata%5CS-1-5-21-253609680-664229831-636946120-1001-MergedResources-1.pri\1d12dacd34bbf3e\460ed952]
"@{Microsoft.Messaging_1.11.19004.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.Messaging/Files/SkypeApp/Assets/SkypeVideoCallAppList.png}"="C:\Program Files\WindowsApps\Microsoft.Messaging_1.11.19004.0_neutral_split.scale-100_8wekyb3d8bbwe\SkypeApp\Assets\SkypeVideoCallAppList.scale-100.png"
[HKEY_USERS\S-1-5-21-253609680-664229831-636946120-1001\SOFTWARE\Classes\Local Settings\MrtCache\C:%5CProgram Files%5CWindowsApps%5CMicrosoft.Messaging_2.12.11012.0_x86__8wekyb3d8bbwe%5CMicrosoft.System.Package.Metadata%5CS-1-5-21-253609680-664229831-636946120-1001-MergedResources-2.pri\1d137fbbdb72faf\460ed952]
"@{Microsoft.Messaging_2.12.11012.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.Messaging/Files/SkypeApp/Assets/SkypeVideoCallAppList.png}"="C:\Program Files\WindowsApps\Microsoft.Messaging_2.12.11012.0_neutral_split.scale-100_8wekyb3d8bbwe\SkypeApp\Assets\SkypeVideoCallAppList.scale-100.png"
[HKEY_USERS\S-1-5-21-253609680-664229831-636946120-1001\SOFTWARE\Classes\Local Settings\MrtCache\C:%5CProgram Files%5CWindowsApps%5CMicrosoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe%5CMicrosoft.System.Package.Metadata%5CS-1-5-21-253609680-664229831-636946120-1001-MergedResources-3.pri\1d138d67daf725f\460ed952]
"@{Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.Messaging/Files/SkypeApp/Assets/SkypeVideoCallAppList.png}"="C:\Program Files\WindowsApps\Microsoft.Messaging_2.12.15004.0_neutral_split.scale-100_8wekyb3d8bbwe\SkypeApp\Assets\SkypeVideoCallAppList.scale-100.png"
[HKEY_USERS\S-1-5-21-253609680-664229831-636946120-1001\SOFTWARE\Classes\videocall-messenger]
[HKEY_USERS\S-1-5-21-253609680-664229831-636946120-1001\SOFTWARE\Classes\videocall-messenger]
@="URL:videocall-messenger"
[HKEY_USERS\S-1-5-21-253609680-664229831-636946120-1001\SOFTWARE\Classes\videocall-skype-com]
[HKEY_USERS\S-1-5-21-253609680-664229831-636946120-1001\SOFTWARE\Classes\videocall-skype-com]
@="URL:videocall-skype-com"
[HKEY_USERS\S-1-5-21-253609680-664229831-636946120-1001\SOFTWARE\Classes\Wow6432Node\CLSID\{739654FE-8E59-36F3-C924-FF6F1EDFCF7F}]
@="601A07D4F26E866729987896DAC4C7A4 6f91010f718e08d38761cf6d5d33de65 78C0A2EFB5813E4CB5F68DD74B968D3E "Video Call" "Builder Cooking corp" "bdyp" 0 "VideoCall" 003389"
[HKEY_USERS\S-1-5-21-253609680-664229831-636946120-1001_Classes\AppX1xc6v8wxp3svbz8hgqwrkn12rvf2xs5r\Application]
"ApplicationIcon"="@{Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.Messaging/Files/SkypeApp/Assets/SkypeVideoCallAppList.png}"
[HKEY_USERS\S-1-5-21-253609680-664229831-636946120-1001_Classes\AppX1xc6v8wxp3svbz8hgqwrkn12rvf2xs5r\DefaultIcon]
@="@{Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.Messaging/Files/SkypeApp/Assets/SkypeVideoCallAppList.png}"
[HKEY_USERS\S-1-5-21-253609680-664229831-636946120-1001_Classes\AppX69c8a1j9yncvz2jebamz35gnr8ajzw1a\Application]
"ApplicationIcon"="@{Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.Messaging/Files/SkypeApp/Assets/SkypeVideoCallAppList.png}"
[HKEY_USERS\S-1-5-21-253609680-664229831-636946120-1001_Classes\AppX69c8a1j9yncvz2jebamz35gnr8ajzw1a\DefaultIcon]
@="@{Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.Messaging/Files/SkypeApp/Assets/SkypeVideoCallAppList.png}"
[HKEY_USERS\S-1-5-21-253609680-664229831-636946120-1001_Classes\AppX8baeedgbp5w6b9pgcfry6z6r3837ra57\Application]
"ApplicationIcon"="@{Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.Messaging/Files/SkypeApp/Assets/SkypeVideoCallAppList.png}"
[HKEY_USERS\S-1-5-21-253609680-664229831-636946120-1001_Classes\AppX8baeedgbp5w6b9pgcfry6z6r3837ra57\DefaultIcon]
@="@{Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.Messaging/Files/SkypeApp/Assets/SkypeVideoCallAppList.png}"
[HKEY_USERS\S-1-5-21-253609680-664229831-636946120-1001_Classes\AppXjqbn1mcz1c1k21352e3m25bp3e4dn1fn\Application]
"ApplicationIcon"="@{Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.Messaging/Files/SkypeApp/Assets/SkypeVideoCallAppList.png}"
[HKEY_USERS\S-1-5-21-253609680-664229831-636946120-1001_Classes\AppXjqbn1mcz1c1k21352e3m25bp3e4dn1fn\DefaultIcon]
@="@{Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.Messaging/Files/SkypeApp/Assets/SkypeVideoCallAppList.png}"
[HKEY_USERS\S-1-5-21-253609680-664229831-636946120-1001_Classes\AppXmg6dxek82gvh4t1j65ev11j62b1557as\Application]
"ApplicationIcon"="@{Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.Messaging/Files/SkypeApp/Assets/SkypeVideoCallAppList.png}"
[HKEY_USERS\S-1-5-21-253609680-664229831-636946120-1001_Classes\AppXmg6dxek82gvh4t1j65ev11j62b1557as\DefaultIcon]
@="@{Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.Messaging/Files/SkypeApp/Assets/SkypeVideoCallAppList.png}"
[HKEY_USERS\S-1-5-21-253609680-664229831-636946120-1001_Classes\Extensions\ContractId\Windows.AppService\PackageId\Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe\ActivatableClassId\App.AppXxn983psjcksd662y1se0gwaq3fxdh96b.mca]
"Icon"="@{Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.Messaging/Files/SkypeApp/Assets/SkypeVideoCallMedTile.png}"
[HKEY_USERS\S-1-5-21-253609680-664229831-636946120-1001_Classes\Extensions\ContractId\Windows.BackgroundTasks\PackageId\Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe\ActivatableClassId\App.AppX2gh66qnf13k8hd987ggawehhqpyh9faw.mca]
"Icon"="@{Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.Messaging/Files/SkypeApp/Assets/SkypeVideoCallMedTile.png}"
[HKEY_USERS\S-1-5-21-253609680-664229831-636946120-1001_Classes\Extensions\ContractId\Windows.BackgroundTasks\PackageId\Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe\ActivatableClassId\App.AppX2y8c6f2bz2tae4wecy12jenhqb03xf5q.mca]
"Icon"="@{Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.Messaging/Files/SkypeApp/Assets/SkypeVideoCallMedTile.png}"
[HKEY_USERS\S-1-5-21-253609680-664229831-636946120-1001_Classes\Extensions\ContractId\Windows.BackgroundTasks\PackageId\Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe\ActivatableClassId\App.AppXck5aaxyarfx8gxrgfk6pvakmmxeqvepc.mca]
"Icon"="@{Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.Messaging/Files/SkypeApp/Assets/SkypeVideoCallMedTile.png}"
[HKEY_USERS\S-1-5-21-253609680-664229831-636946120-1001_Classes\Extensions\ContractId\Windows.BackgroundTasks\PackageId\Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe\ActivatableClassId\App.AppXpjb489y363mrpj1sfytqdxp8r6dagq2r.mca]
"Icon"="@{Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.Messaging/Files/SkypeApp/Assets/SkypeVideoCallMedTile.png}"
[HKEY_USERS\S-1-5-21-253609680-664229831-636946120-1001_Classes\Extensions\ContractId\Windows.BackgroundTasks\PackageId\Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe\ActivatableClassId\App.AppXtjcey7sh4wvcw7hy21b0nmp0bq18dyzd.mca]
"Icon"="@{Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.Messaging/Files/SkypeApp/Assets/SkypeVideoCallMedTile.png}"
[HKEY_USERS\S-1-5-21-253609680-664229831-636946120-1001_Classes\Extensions\ContractId\Windows.Launch\PackageId\Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe\ActivatableClassId\App]
"Icon"="@{Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.Messaging/Files/SkypeApp/Assets/SkypeVideoCallMedTile.png}"
[HKEY_USERS\S-1-5-21-253609680-664229831-636946120-1001_Classes\Extensions\ContractId\Windows.PreInstalledConfigTask\PackageId\Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe\ActivatableClassId\App.AppXrt7v1y091r1kb6h2w0bc5ehbv419tja5.mca]
"Icon"="@{Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.Messaging/Files/SkypeApp/Assets/SkypeVideoCallMedTile.png}"
[HKEY_USERS\S-1-5-21-253609680-664229831-636946120-1001_Classes\Extensions\ContractId\Windows.Protocol\PackageId\Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe\ActivatableClassId\App.AppX1kpnxft10gkjvc8x17ckv96c46egh5mm.mca]
"Icon"="@{Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.Messaging/Files/SkypeApp/Assets/SkypeVideoCallMedTile.png}"
[HKEY_USERS\S-1-5-21-253609680-664229831-636946120-1001_Classes\Extensions\ContractId\Windows.Protocol\PackageId\Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe\ActivatableClassId\App.AppX1sqv9bmzjz9x7077rbb98ngv135ydsmm.mca]
"Icon"="@{Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.Messaging/Files/SkypeApp/Assets/SkypeVideoCallMedTile.png}"
[HKEY_USERS\S-1-5-21-253609680-664229831-636946120-1001_Classes\Extensions\ContractId\Windows.Protocol\PackageId\Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe\ActivatableClassId\App.AppXf1e8dc5ps33phm3x2chs7kqbamh8vr90.mca]
"Icon"="@{Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.Messaging/Files/SkypeApp/Assets/SkypeVideoCallMedTile.png}"
[HKEY_USERS\S-1-5-21-253609680-664229831-636946120-1001_Classes\Extensions\ContractId\Windows.Protocol\PackageId\Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe\ActivatableClassId\App.AppXverx2qgbg0n25jzacv8bb0a7dp8trxmj.mca]
"Icon"="@{Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.Messaging/Files/SkypeApp/Assets/SkypeVideoCallMedTile.png}"
[HKEY_USERS\S-1-5-21-253609680-664229831-636946120-1001_Classes\Extensions\ContractId\Windows.Protocol\PackageId\Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe\ActivatableClassId\App.AppXy3cnz33z7gfzyns3tx9ej050t089d2te.mca]
"Icon"="@{Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.Messaging/Files/SkypeApp/Assets/SkypeVideoCallMedTile.png}"
[HKEY_USERS\S-1-5-21-253609680-664229831-636946120-1001_Classes\Extensions\ContractId\Windows.UpdateTask\PackageId\Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe\ActivatableClassId\App.AppX252gkwh43s0kmsmjkzdj6mfsef581ce3.mca]
"Icon"="@{Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.Messaging/Files/SkypeApp/Assets/SkypeVideoCallMedTile.png}"
[HKEY_USERS\S-1-5-21-253609680-664229831-636946120-1001_Classes\Local Settings\MrtCache\C:%5CProgram Files%5CWindowsApps%5CMicrosoft.Messaging_1.10.22012.0_x86__8wekyb3d8bbwe%5CMicrosoft.System.Package.Metadata%5CS-1-5-21-253609680-664229831-636946120-1001-MergedResources-0.pri\1d12d80da4e4529\8f29c914]
"@{Microsoft.Messaging_1.10.22012.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.Messaging/Files/SkypeApp/Assets/SkypeVideoCallAppList.png}"="C:\Program Files\WindowsApps\Microsoft.Messaging_1.10.22012.0_neutral_split.scale-150_8wekyb3d8bbwe\SkypeApp\Assets\SkypeVideoCallAppList.scale-150.png"
[HKEY_USERS\S-1-5-21-253609680-664229831-636946120-1001_Classes\Local Settings\MrtCache\C:%5CProgram Files%5CWindowsApps%5CMicrosoft.Messaging_1.11.19004.0_x86__8wekyb3d8bbwe%5CMicrosoft.System.Package.Metadata%5CS-1-5-21-253609680-664229831-636946120-1001-MergedResources-1.pri\1d12dacd34bbf3e\460ed952]
"@{Microsoft.Messaging_1.11.19004.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.Messaging/Files/SkypeApp/Assets/SkypeVideoCallAppList.png}"="C:\Program Files\WindowsApps\Microsoft.Messaging_1.11.19004.0_neutral_split.scale-100_8wekyb3d8bbwe\SkypeApp\Assets\SkypeVideoCallAppList.scale-100.png"
[HKEY_USERS\S-1-5-21-253609680-664229831-636946120-1001_Classes\Local Settings\MrtCache\C:%5CProgram Files%5CWindowsApps%5CMicrosoft.Messaging_2.12.11012.0_x86__8wekyb3d8bbwe%5CMicrosoft.System.Package.Metadata%5CS-1-5-21-253609680-664229831-636946120-1001-MergedResources-2.pri\1d137fbbdb72faf\460ed952]
"@{Microsoft.Messaging_2.12.11012.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.Messaging/Files/SkypeApp/Assets/SkypeVideoCallAppList.png}"="C:\Program Files\WindowsApps\Microsoft.Messaging_2.12.11012.0_neutral_split.scale-100_8wekyb3d8bbwe\SkypeApp\Assets\SkypeVideoCallAppList.scale-100.png"
[HKEY_USERS\S-1-5-21-253609680-664229831-636946120-1001_Classes\Local Settings\MrtCache\C:%5CProgram Files%5CWindowsApps%5CMicrosoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe%5CMicrosoft.System.Package.Metadata%5CS-1-5-21-253609680-664229831-636946120-1001-MergedResources-3.pri\1d138d67daf725f\460ed952]
"@{Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.Messaging/Files/SkypeApp/Assets/SkypeVideoCallAppList.png}"="C:\Program Files\WindowsApps\Microsoft.Messaging_2.12.15004.0_neutral_split.scale-100_8wekyb3d8bbwe\SkypeApp\Assets\SkypeVideoCallAppList.scale-100.png"
[HKEY_USERS\S-1-5-21-253609680-664229831-636946120-1001_Classes\videocall-messenger]
[HKEY_USERS\S-1-5-21-253609680-664229831-636946120-1001_Classes\videocall-messenger]
@="URL:videocall-messenger"
[HKEY_USERS\S-1-5-21-253609680-664229831-636946120-1001_Classes\videocall-skype-com]
[HKEY_USERS\S-1-5-21-253609680-664229831-636946120-1001_Classes\videocall-skype-com]
@="URL:videocall-skype-com"
[HKEY_USERS\S-1-5-21-253609680-664229831-636946120-1001_Classes\Wow6432Node\CLSID\{739654FE-8E59-36F3-C924-FF6F1EDFCF7F}]
@="601A07D4F26E866729987896DAC4C7A4 6f91010f718e08d38761cf6d5d33de65 78C0A2EFB5813E4CB5F68DD74B968D3E "Video Call" "Builder Cooking corp" "bdyp" 0 "VideoCall" 003389"

Searching for "DataFront"
No data found.

-= EOF =-
         

Alt 02.01.2016, 17:05   #14
akakesios
 
Problem beim Starten von .dll - Das angebene Modul wurde nicht gefunden - Standard

Problem beim Starten von .dll - Das angebene Modul wurde nicht gefunden



und die FRST Files


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:31-12-2015
Ran by Imre (administrator) on LENOVO-G710 (02-01-2016 17:02:22)
Running from C:\Users\Imre\Desktop
Loaded Profiles: Imre & UpdatusUser (Available Profiles: Imre & UpdatusUser)
Platform: Windows 10 Pro Version 1511 (X64) Language: Englisch (Vereinigte Staaten)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\acrotray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
() C:\Program Files (x86)\SoulseekQt\SoulseekQt.exe
(Microsoft Corporation) C:\Windows\HelpPane.exe
() C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1512.54020.0_x64__8wekyb3d8bbwe\Calculator.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.1208.10480.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\NetworkUXBroker.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtsFT] => C:\WINDOWS\RTFTrack.exe [6340312 2013-09-03] (Realtek semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [286056 2013-09-24] (Intel Corporation)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161728 2015-08-09] (IvoSoft)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500936 2015-03-30] (Adobe Systems Incorporated)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1703424 2013-08-12] (IDT, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3944136 2015-06-03] (Synaptics Incorporated)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [707984 2014-11-19] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe [1856184 2015-09-30] (Adobe Systems Inc.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-11-09] (Oracle Corporation)
HKU\S-1-5-21-253609680-664229831-636946120-1001\...\Run: [Lync] => C:\Program Files\Microsoft Office\Office15\lync.exe [27888296 2015-11-18] (Microsoft Corporation)
HKU\S-1-5-21-253609680-664229831-636946120-1001\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [465920 2015-10-30] (Microsoft Corporation)
HKU\S-1-5-21-253609680-664229831-636946120-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8590760 2015-12-08] (Piriform Ltd)
HKU\S-1-5-21-253609680-664229831-636946120-1002\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [517632 2015-10-30] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2015-08-09] (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2015-08-09] (IvoSoft)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\..\Interfaces\{8a330995-3d46-434b-845d-143a4014b084}: [NameServer] 134.95.127.1,134.95.9.74
Tcpip\..\Interfaces\{e4711dd0-76b8-4f0d-9a42-dbf93871a84c}: [DhcpNameServer] 80.69.100.108 80.69.100.204

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\S-1-5-21-253609680-664229831-636946120-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.de/?gws_rd=ssl
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-11-18] (Microsoft Corporation)
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2015-08-09] (IvoSoft)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-09-30] (Adobe Systems Incorporated)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-11-10] (Microsoft Corporation)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2015-08-09] (IvoSoft)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-09-30] (Adobe Systems Incorporated)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2015-11-18] (Microsoft Corporation)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2015-08-09] (IvoSoft)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2015-11-27] (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-09-30] (Adobe Systems Incorporated)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-11-10] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-11-27] (Oracle Corporation)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2015-08-09] (IvoSoft)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-09-30] (Adobe Systems Incorporated)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2015-08-09] (IvoSoft)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-09-30] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2015-08-09] (IvoSoft)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-09-30] (Adobe Systems Incorporated)
DPF: HKLM-x32 {538793D5-659C-4639-A56C-A179AD87ED44} hxxps://vpngate.uni-koeln.de/CACHE/stc/1/binaries/vpnweb.cab
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2015-02-17] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\Imre\AppData\Roaming\Mozilla\Firefox\Profiles\civ9thwh.default
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_20_0_0_267.dll [2015-12-29] ()
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-03-09] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_267.dll [2015-12-29] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-11-27] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-11-27] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-11-18] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-03-09] (Adobe Systems)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-11-18] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat DC - Create PDF - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn [2015-09-13] [not signed]
StartMenuInternet: FIREFOX.EXE - firefox.exe

Chrome: 
=======
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2251992 2015-03-27] (Broadcom Corporation.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [14696 2013-09-24] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [351120 2015-07-17] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [338944 2013-08-12] (IDT, Inc.) [File not signed]
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [249032 2015-06-03] (Synaptics Incorporated)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [173312 2015-03-27] (Broadcom Corporation.)
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [7585280 2015-10-30] (Broadcom Corporation)
S3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30264 2015-08-16] (Disc Soft Ltd)
R0 IntelHSWPcc; C:\Windows\System32\drivers\IntelPcc.sys [74344 2013-07-03] (Intel Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-01-01] (Malwarebytes)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverW8x64.sys [193336 2015-09-04] (Intel Corporation)
R3 rtsuvc; C:\Windows\system32\DRIVERS\rtsuvc.sys [8874712 2013-09-03] (Realtek Semiconductor Corp.)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [42696 2015-06-03] (Synaptics Incorporated)
R3 vpnva; C:\Windows\System32\drivers\vpnva64-6.sys [52592 2014-11-19] (Cisco Systems, Inc.)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-02 17:02 - 2016-01-02 17:02 - 00016641 _____ C:\Users\Imre\Desktop\FRST.txt
2016-01-02 16:39 - 2016-01-02 16:40 - 00000000 ____D C:\Users\Imre\Desktop\Mündliche Prüfung
2016-01-02 16:39 - 2016-01-02 16:38 - 02910188 _____ C:\Users\Imre\Desktop\Thomas Szanto - Bewusstsein, Intentionalität und mentale Repräsentation.pdf
2016-01-02 16:25 - 2016-01-02 16:25 - 00000000 ____D C:\Users\Imre\Desktop\Hörspiele
2016-01-02 13:10 - 2016-01-02 13:10 - 00165376 _____ C:\Users\Imre\Desktop\SystemLook_x64.exe
2016-01-02 12:56 - 2016-01-02 16:53 - 00000441 _____ C:\Users\Imre\Desktop\Fixlog.txt
2016-01-01 15:51 - 2016-01-01 15:51 - 11454792 _____ (Gillmeister Software ) C:\Users\Imre\Desktop\rename_expert-setup.exe
2016-01-01 15:28 - 2016-01-01 15:28 - 00001167 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2016-01-01 15:09 - 2016-01-01 15:09 - 01599336 _____ (Malwarebytes) C:\Users\Imre\Desktop\JRT.exe
2016-01-01 15:06 - 2016-01-01 15:06 - 01745920 _____ C:\Users\Imre\Desktop\AdwCleaner_5.027.exe
2016-01-01 14:30 - 2016-01-02 17:02 - 00000000 ____D C:\FRST
2016-01-01 14:29 - 2016-01-01 14:29 - 04727984 _____ (Kaspersky Lab ZAO) C:\Users\Imre\Desktop\tdsskiller.exe
2016-01-01 14:28 - 2016-01-01 14:28 - 02370560 _____ (Farbar) C:\Users\Imre\Desktop\FRST64.exe
2015-12-31 18:17 - 2016-01-01 15:24 - 00000000 ____D C:\AdwCleaner
2015-12-30 14:38 - 2015-12-30 14:38 - 00002860 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2015-12-30 14:38 - 2015-12-30 14:38 - 00000000 ____D C:\Program Files\CCleaner
2015-12-30 14:26 - 2015-12-30 14:29 - 00023712 _____ (Corporation) C:\WINDOWS\system32\Drivers\sdfhgdf.sys
2015-12-30 14:26 - 2015-12-30 14:26 - 00187904 _____ C:\WINDOWS\rsrcs.dll
2015-12-30 14:24 - 2015-12-30 14:23 - 00001886 _____ C:\WINDOWS\system32\Drivers\etc\hp.bak
2015-12-30 14:20 - 2015-12-30 14:42 - 00000000 ____D C:\Users\Imre\AppData\Local\Omrkics
2015-12-30 14:16 - 2015-12-30 20:43 - 00000000 ____D C:\Program Files (x86)\Microsoft Toolkit Final
2015-12-29 14:06 - 2015-12-29 14:06 - 00026058 _____ C:\Users\Imre\Desktop\Schreiben Vermieter.pdf
2015-12-29 13:12 - 2015-12-30 14:48 - 00000000 ____D C:\WINDOWS\Minidump
2015-12-18 16:24 - 2015-12-07 05:57 - 00973664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2015-12-18 16:24 - 2015-12-07 05:55 - 01281376 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2015-12-18 16:24 - 2015-12-07 05:48 - 02544256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2015-12-18 16:24 - 2015-12-07 05:48 - 02180136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2015-12-18 16:24 - 2015-12-07 05:48 - 01299504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
2015-12-18 16:24 - 2015-12-07 05:48 - 01155944 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2015-12-18 16:24 - 2015-12-07 05:48 - 01118208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2015-12-18 16:24 - 2015-12-07 05:48 - 01092456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2015-12-18 16:24 - 2015-12-07 05:48 - 01065080 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2015-12-18 16:24 - 2015-12-07 05:48 - 01020096 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
2015-12-18 16:24 - 2015-12-07 05:48 - 00983464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2015-12-18 16:24 - 2015-12-07 05:48 - 00884256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2015-12-18 16:24 - 2015-12-07 05:48 - 00823264 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2015-12-18 16:24 - 2015-12-07 05:48 - 00794888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
2015-12-18 16:24 - 2015-12-07 05:48 - 00696160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2015-12-18 16:24 - 2015-12-07 05:48 - 00670928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
2015-12-18 16:24 - 2015-12-07 05:48 - 00526856 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfreadwrite.dll
2015-12-18 16:24 - 2015-12-07 05:48 - 00502112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2015-12-18 16:24 - 2015-12-07 05:48 - 00498448 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2015-12-18 16:24 - 2015-12-07 05:48 - 00462760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfreadwrite.dll
2015-12-18 16:24 - 2015-12-07 05:48 - 00450904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll
2015-12-18 16:24 - 2015-12-07 05:48 - 00337840 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFPlay.dll
2015-12-18 16:24 - 2015-12-07 05:48 - 00289248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFPlay.dll
2015-12-18 16:24 - 2015-12-07 05:48 - 00245848 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2015-12-18 16:24 - 2015-12-07 05:47 - 00925064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2015-12-18 16:24 - 2015-12-07 05:47 - 00898184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll
2015-12-18 16:24 - 2015-12-07 05:47 - 00716928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2015-12-18 16:24 - 2015-12-07 05:46 - 03671888 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-12-18 16:24 - 2015-12-07 05:46 - 02919320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-12-18 16:24 - 2015-12-07 05:45 - 00264544 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll
2015-12-18 16:24 - 2015-12-07 05:15 - 01035776 _____ (Microsoft Corporation) C:\WINDOWS\system32\XboxNetApiSvc.dll
2015-12-18 16:24 - 2015-12-07 05:10 - 00824320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2015-12-18 16:24 - 2015-12-07 05:07 - 16984064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2015-12-18 16:24 - 2015-12-07 05:06 - 00572928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2015-12-18 16:24 - 2015-12-07 05:06 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2015-12-18 16:24 - 2015-12-07 05:03 - 13017600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2015-12-18 16:24 - 2015-12-07 05:02 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2015-12-18 16:24 - 2015-12-07 05:01 - 00543232 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2015-12-18 16:24 - 2015-12-07 05:00 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSFlacDecoder.dll
2015-12-18 16:24 - 2015-12-07 05:00 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2015-12-18 16:24 - 2015-12-07 04:59 - 00558080 _____ (Microsoft Corporation) C:\WINDOWS\system32\MBMediaManager.dll
2015-12-18 16:24 - 2015-12-07 04:59 - 00292352 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2015-12-18 16:24 - 2015-12-07 04:59 - 00286208 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll
2015-12-18 16:24 - 2015-12-07 04:58 - 24601600 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-12-18 16:24 - 2015-12-07 04:58 - 00459776 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2015-12-18 16:24 - 2015-12-07 04:56 - 00607232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2015-12-18 16:24 - 2015-12-07 04:56 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmkvsrcsnk.dll
2015-12-18 16:24 - 2015-12-07 04:53 - 19339264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-12-18 16:24 - 2015-12-07 04:53 - 00381952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll
2015-12-18 16:24 - 2015-12-07 04:51 - 01318912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2015-12-18 16:24 - 2015-12-07 04:50 - 01131520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Audio.dll
2015-12-18 16:24 - 2015-12-07 04:49 - 01105920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Audio.dll
2015-12-18 16:24 - 2015-12-07 04:47 - 03428864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2015-12-18 16:24 - 2015-12-07 04:45 - 02582016 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2015-12-18 16:24 - 2015-12-07 04:45 - 00900608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.dll
2015-12-18 16:24 - 2015-12-07 04:45 - 00683008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.dll
2015-12-18 16:24 - 2015-12-07 04:44 - 02796032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2015-12-18 16:24 - 2015-12-07 04:43 - 02598400 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2015-12-18 16:24 - 2015-12-07 04:43 - 00931328 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSMPEG2ENC.DLL
2015-12-18 16:24 - 2015-12-07 04:41 - 02061824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2015-12-18 16:24 - 2015-12-07 04:40 - 01995776 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2015-12-18 16:24 - 2015-12-07 04:40 - 01706496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
2015-12-18 16:23 - 2015-12-07 05:49 - 00412512 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifitask.exe
2015-12-18 16:23 - 2015-12-07 05:48 - 00115040 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2015-12-18 16:23 - 2015-12-07 05:48 - 00084832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2015-12-18 16:23 - 2015-12-07 05:47 - 00116720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2015-12-18 16:23 - 2015-12-07 05:15 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.XboxLive.ProxyStub.dll
2015-12-18 16:23 - 2015-12-07 05:09 - 00133120 _____ (Microsoft Corporation) C:\WINDOWS\system32\flvprophandler.dll
2015-12-18 16:23 - 2015-12-07 05:09 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanagerprecheck.dll
2015-12-18 16:23 - 2015-12-07 05:09 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorageUsage.dll
2015-12-18 16:23 - 2015-12-07 05:07 - 00134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wificonnapi.dll
2015-12-18 16:23 - 2015-12-07 05:07 - 00077312 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvPluginEng.dll
2015-12-18 16:23 - 2015-12-07 05:06 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCore.dll
2015-12-18 16:23 - 2015-12-07 05:05 - 00192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
2015-12-18 16:23 - 2015-12-07 05:05 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\BackgroundTransferHost.exe
2015-12-18 16:23 - 2015-12-07 05:04 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll
2015-12-18 16:23 - 2015-12-07 05:04 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\provtool.exe
2015-12-18 16:23 - 2015-12-07 05:02 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2015-12-18 16:23 - 2015-12-07 05:01 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BackgroundTransferHost.exe
2015-12-18 16:23 - 2015-12-07 05:00 - 00618496 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2015-12-18 16:23 - 2015-12-07 05:00 - 00203776 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2015-12-18 16:23 - 2015-12-07 04:59 - 00165376 _____ (Microsoft Corporation) C:\WINDOWS\system32\provdatastore.dll
2015-12-18 16:23 - 2015-12-07 04:57 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2015-12-18 16:23 - 2015-12-07 04:57 - 00387072 _____ (Microsoft Corporation) C:\WINDOWS\system32\qdvd.dll
2015-12-18 16:23 - 2015-12-07 04:57 - 00270848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSFlacDecoder.dll
2015-12-18 16:23 - 2015-12-07 04:55 - 07979008 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2015-12-18 16:23 - 2015-12-07 04:55 - 00346112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2015-12-18 16:23 - 2015-12-07 04:54 - 00850432 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2015-12-18 16:23 - 2015-12-07 04:54 - 00569856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qdvd.dll
2015-12-18 16:23 - 2015-12-07 04:51 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll
2015-12-18 16:23 - 2015-12-07 04:48 - 06297088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2015-12-18 16:23 - 2015-12-07 04:40 - 03593216 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2015-12-18 16:23 - 2015-12-07 04:39 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2015-12-18 16:23 - 2015-12-07 04:38 - 00871936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSMPEG2ENC.DLL
2015-12-18 16:23 - 2015-12-07 04:33 - 00375296 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDEServer.exe
2015-12-18 16:23 - 2015-12-07 04:32 - 00126464 _____ (Microsoft Corporation) C:\WINDOWS\system32\dialserver.dll
2015-12-15 23:06 - 2015-12-15 23:06 - 00000000 ____D C:\Users\Imre\AppData\Roaming\IDT
2015-12-15 22:59 - 2015-12-15 22:59 - 00000000 ____D C:\Users\Imre\AppData\Local\ElevatedDiagnostics
2015-12-15 21:03 - 2016-01-02 12:56 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-12-12 14:25 - 2015-12-12 14:38 - 00000000 ____D C:\Users\Imre\Desktop\Bloch Wörterbuch
2015-12-09 22:48 - 2015-12-09 22:48 - 00899384 _____ C:\Users\Imre\Desktop\[Dan_Zahavi]_The_Oxford_Handbook_of_Contemporary_P(BookZZ.org).zip
2015-12-08 20:19 - 2015-12-31 19:03 - 00000000 ____D C:\WINDOWS\PCHEALTH
2015-12-08 19:42 - 2015-12-08 19:42 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2015-12-08 19:30 - 2015-12-01 08:12 - 02152800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2015-12-08 19:30 - 2015-11-24 13:07 - 01817160 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-12-08 19:30 - 2015-11-24 12:06 - 01540768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-12-08 19:30 - 2015-11-24 11:26 - 01399224 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2015-12-08 19:30 - 2015-11-24 11:01 - 02756096 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2015-12-08 19:30 - 2015-11-24 10:54 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\readingviewresources.dll
2015-12-08 19:30 - 2015-11-24 10:53 - 00115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-12-08 19:30 - 2015-11-24 10:45 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshrm.dll
2015-12-08 19:30 - 2015-11-24 10:37 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rmcast.sys
2015-12-08 19:30 - 2015-11-24 10:26 - 01337240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2015-12-08 19:30 - 2015-11-24 10:19 - 00182784 _____ (Microsoft Corporation) C:\WINDOWS\system32\shutdownux.dll
2015-12-08 19:30 - 2015-11-24 10:12 - 00523776 _____ (Microsoft Corporation) C:\WINDOWS\system32\catsrvut.dll
2015-12-08 19:30 - 2015-11-24 09:58 - 00604672 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-12-08 19:30 - 2015-11-24 09:55 - 01393664 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2015-12-08 19:30 - 2015-11-24 09:54 - 02756096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2015-12-08 19:30 - 2015-11-24 09:52 - 01717248 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2015-12-08 19:30 - 2015-11-24 09:49 - 01648640 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll
2015-12-08 19:30 - 2015-11-24 09:14 - 00415744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\catsrvut.dll
2015-12-08 19:30 - 2015-11-24 09:03 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-12-08 19:30 - 2015-11-24 08:59 - 01467392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2015-12-08 19:30 - 2015-11-24 08:57 - 01328128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comsvcs.dll
2015-12-08 19:30 - 2015-11-24 08:35 - 22393856 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2015-12-08 19:30 - 2015-11-24 08:29 - 02352128 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2015-12-08 19:30 - 2015-11-24 08:23 - 13381120 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-12-08 19:30 - 2015-11-24 08:11 - 18678272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2015-12-08 19:30 - 2015-11-24 08:08 - 12125184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-12-08 19:30 - 2015-11-24 08:04 - 02155008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2015-12-03 14:01 - 2015-11-22 11:47 - 07476576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-12-03 14:01 - 2015-11-22 11:47 - 02653816 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2015-12-03 14:01 - 2015-11-22 11:41 - 01859448 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2015-12-03 14:01 - 2015-11-22 11:41 - 00026408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-12-03 14:01 - 2015-11-22 11:35 - 00538632 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWanAPI.dll
2015-12-03 14:01 - 2015-11-22 11:34 - 00080600 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwapi.dll
2015-12-03 14:01 - 2015-11-22 11:33 - 00095072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdstor.sys
2015-12-03 14:01 - 2015-11-22 11:33 - 00058408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.dll
2015-12-03 14:01 - 2015-11-22 11:33 - 00051680 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsUtilsV2.dll
2015-12-03 14:01 - 2015-11-22 11:30 - 00604928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-12-03 14:01 - 2015-11-22 11:30 - 00161632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2015-12-03 14:01 - 2015-11-22 11:26 - 00431232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWanAPI.dll
2015-12-03 14:01 - 2015-11-22 11:25 - 00063528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wwapi.dll
2015-12-03 14:01 - 2015-11-22 11:24 - 02772584 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2015-12-03 14:01 - 2015-11-22 11:20 - 00795840 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-12-03 14:01 - 2015-11-22 11:19 - 00440160 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2015-12-03 14:01 - 2015-11-22 11:14 - 02185840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2015-12-03 14:01 - 2015-11-22 10:55 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManagerProxy.dll
2015-12-03 14:01 - 2015-11-22 10:54 - 00138240 _____ (Microsoft Corporation) C:\WINDOWS\system32\ETWCoreUIComponentsResources.dll
2015-12-03 14:01 - 2015-11-22 10:49 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2015-12-03 14:01 - 2015-11-22 10:45 - 00638464 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2015-12-03 14:01 - 2015-11-22 10:43 - 00342016 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2015-12-03 14:01 - 2015-11-22 10:42 - 00589312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApi.dll
2015-12-03 14:01 - 2015-11-22 10:42 - 00138240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ETWCoreUIComponentsResources.dll
2015-12-03 14:01 - 2015-11-22 10:41 - 00948224 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManager.dll
2015-12-03 14:01 - 2015-11-22 10:39 - 02126848 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-12-03 14:01 - 2015-11-22 10:39 - 00938496 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2015-12-03 14:01 - 2015-11-22 10:39 - 00870400 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2015-12-03 14:01 - 2015-11-22 10:39 - 00783360 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-12-03 14:01 - 2015-11-22 10:38 - 01223168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2015-12-03 14:01 - 2015-11-22 10:38 - 01212928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2015-12-03 14:01 - 2015-11-22 10:38 - 00912384 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll
2015-12-03 14:01 - 2015-11-22 10:38 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll
2015-12-03 14:01 - 2015-11-22 10:38 - 00060928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssign32.dll
2015-12-03 14:01 - 2015-11-22 10:37 - 02624512 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2015-12-03 14:01 - 2015-11-22 10:37 - 01395200 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2015-12-03 14:01 - 2015-11-22 10:37 - 00515584 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2015-12-03 14:01 - 2015-11-22 10:36 - 01042432 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingOnlineServices.dll
2015-12-03 14:01 - 2015-11-22 10:34 - 02843136 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2015-12-03 14:01 - 2015-11-22 10:34 - 00345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2015-12-03 14:01 - 2015-11-22 10:32 - 00340480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToDevice.dll
2015-12-03 14:01 - 2015-11-22 10:31 - 00470528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApi.dll
2015-12-03 14:01 - 2015-11-22 10:31 - 00416768 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2015-12-03 14:01 - 2015-11-22 10:28 - 01734656 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-12-03 14:01 - 2015-11-22 10:28 - 01387008 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-12-03 14:01 - 2015-11-22 10:28 - 00948224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
2015-12-03 14:01 - 2015-11-22 10:28 - 00870400 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2015-12-03 14:01 - 2015-11-22 10:28 - 00686592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-12-03 14:01 - 2015-11-22 10:27 - 03993600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2015-12-03 14:01 - 2015-11-22 10:27 - 02049024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-12-03 14:01 - 2015-11-22 10:27 - 01944576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2015-12-03 14:01 - 2015-11-22 10:27 - 00241664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll
2015-12-03 14:01 - 2015-11-22 10:26 - 03355136 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2015-12-03 14:01 - 2015-11-22 10:26 - 01139200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2015-12-03 14:01 - 2015-11-22 10:26 - 00709120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingOnlineServices.dll
2015-12-03 14:01 - 2015-11-22 10:26 - 00421888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2015-12-03 14:01 - 2015-11-22 10:25 - 02280448 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-12-03 14:01 - 2015-11-22 10:24 - 02647552 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-12-03 14:01 - 2015-11-22 10:24 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2015-12-03 14:01 - 2015-11-22 10:20 - 01860096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2015-12-03 14:01 - 2015-11-22 10:18 - 01505280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-12-03 14:01 - 2015-11-22 10:18 - 00697856 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToManager.dll
2015-12-03 14:01 - 2015-11-22 10:18 - 00458752 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToDevice.dll
2015-12-03 14:01 - 2015-11-22 10:17 - 02680320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2015-12-03 14:01 - 2015-11-22 10:17 - 02121216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-12-03 14:01 - 2015-11-22 10:11 - 00517632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToManager.dll
2015-12-03 14:00 - 2015-11-22 11:00 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsCSP.dll
2015-12-03 14:00 - 2015-11-22 11:00 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosResource.dll
2015-12-03 14:00 - 2015-11-22 10:57 - 00110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft-Windows-MapControls.dll
2015-12-03 14:00 - 2015-11-22 10:57 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCoreRes.dll
2015-12-03 14:00 - 2015-11-22 10:57 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft-Windows-MosTrace.dll
2015-12-03 14:00 - 2015-11-22 10:57 - 00009728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft-Windows-MosHost.dll
2015-12-03 14:00 - 2015-11-22 10:56 - 01268736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2015-12-03 14:00 - 2015-11-22 10:56 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosHostClient.dll
2015-12-03 14:00 - 2015-11-22 10:56 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ihvrilproxy.dll
2015-12-03 14:00 - 2015-11-22 10:56 - 00055808 _____ (Microsoft Corporation) C:\WINDOWS\system32\rilproxy.dll
2015-12-03 14:00 - 2015-11-22 10:55 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvcProxy.dll
2015-12-03 14:00 - 2015-11-22 10:54 - 00117248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\capimg.sys
2015-12-03 14:00 - 2015-11-22 10:54 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.V2.dll
2015-12-03 14:00 - 2015-11-22 10:54 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanprotdim.dll
2015-12-03 14:00 - 2015-11-22 10:54 - 00044032 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsplib.dll
2015-12-03 14:00 - 2015-11-22 10:54 - 00032256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2015-12-03 14:00 - 2015-11-22 10:54 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\WordBreakers.dll
2015-12-03 14:00 - 2015-11-22 10:54 - 00028160 _____ (Microsoft Corporation) C:\WINDOWS\system32\nativemap.dll
2015-12-03 14:00 - 2015-11-22 10:54 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlStringsRes.dll
2015-12-03 14:00 - 2015-11-22 10:52 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininetlui.dll
2015-12-03 14:00 - 2015-11-22 10:52 - 00060928 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthTokenBrokerExt.dll
2015-12-03 14:00 - 2015-11-22 10:52 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2015-12-03 14:00 - 2015-11-22 10:52 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapsupdatetask.dll
2015-12-03 14:00 - 2015-11-22 10:51 - 00157184 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcertinst.exe
2015-12-03 14:00 - 2015-11-22 10:51 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2015-12-03 14:00 - 2015-11-22 10:51 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll
2015-12-03 14:00 - 2015-11-22 10:51 - 00042496 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapstoasttask.dll
2015-12-03 14:00 - 2015-11-22 10:51 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2015-12-03 14:00 - 2015-11-22 10:50 - 00074240 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssign32.dll
2015-12-03 14:00 - 2015-11-22 10:49 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2015-12-03 14:00 - 2015-11-22 10:49 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wwanpref.dll
2015-12-03 14:00 - 2015-11-22 10:48 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosResource.dll
2015-12-03 14:00 - 2015-11-22 10:46 - 00248832 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserMgrProxy.dll
2015-12-03 14:00 - 2015-11-22 10:45 - 06572032 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanmm.dll
2015-12-03 14:00 - 2015-11-22 10:45 - 00264192 _____ (Nokia) C:\WINDOWS\system32\NmaDirect.dll
2015-12-03 14:00 - 2015-11-22 10:45 - 00220672 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-12-03 14:00 - 2015-11-22 10:45 - 00110592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft-Windows-MapControls.dll
2015-12-03 14:00 - 2015-11-22 10:45 - 00073728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwancfg.dll
2015-12-03 14:00 - 2015-11-22 10:45 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCoreRes.dll
2015-12-03 14:00 - 2015-11-22 10:45 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft-Windows-MosTrace.dll
2015-12-03 14:00 - 2015-11-22 10:45 - 00009728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft-Windows-MosHost.dll
2015-12-03 14:00 - 2015-11-22 10:44 - 01268736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2015-12-03 14:00 - 2015-11-22 10:44 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosHostClient.dll
2015-12-03 14:00 - 2015-11-22 10:43 - 00704000 _____ (Microsoft Corporation) C:\WINDOWS\system32\CellularAPI.dll
2015-12-03 14:00 - 2015-11-22 10:43 - 00382464 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-12-03 14:00 - 2015-11-22 10:43 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XblAuthManagerProxy.dll
2015-12-03 14:00 - 2015-11-22 10:42 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmmigrator.dll
2015-12-03 14:00 - 2015-11-22 10:42 - 00024064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WordBreakers.dll
2015-12-03 14:00 - 2015-11-22 10:42 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlStringsRes.dll
2015-12-03 14:00 - 2015-11-22 10:41 - 01814528 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnidui.dll
2015-12-03 14:00 - 2015-11-22 10:40 - 01056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2015-12-03 14:00 - 2015-11-22 10:40 - 00465920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanconn.dll
2015-12-03 14:00 - 2015-11-22 10:40 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininetlui.dll
2015-12-03 14:00 - 2015-11-22 10:40 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XblAuthTokenBrokerExt.dll
2015-12-03 14:00 - 2015-11-22 10:39 - 01713664 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2015-12-03 14:00 - 2015-11-22 10:39 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2015-12-03 14:00 - 2015-11-22 10:39 - 00957440 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2015-12-03 14:00 - 2015-11-22 10:39 - 00114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinelsa.dll
2015-12-03 14:00 - 2015-11-22 10:39 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll
2015-12-03 14:00 - 2015-11-22 10:39 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosStorage.dll
2015-12-03 14:00 - 2015-11-22 10:39 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2015-12-03 14:00 - 2015-11-22 10:34 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2015-12-03 14:00 - 2015-11-22 10:34 - 00166912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserMgrProxy.dll
2015-12-03 14:00 - 2015-11-22 10:34 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
2015-12-03 14:00 - 2015-11-22 10:34 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditBufferTestHook.dll
2015-12-03 14:00 - 2015-11-22 10:33 - 00205824 _____ (Nokia) C:\WINDOWS\SysWOW64\NmaDirect.dll
2015-12-03 14:00 - 2015-11-22 10:32 - 00334848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-12-03 14:00 - 2015-11-22 10:31 - 07199232 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2015-12-03 14:00 - 2015-11-22 10:29 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2015-12-03 14:00 - 2015-11-22 10:28 - 01443328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRHInproc.dll
2015-12-03 14:00 - 2015-11-22 10:28 - 00793600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2015-12-03 14:00 - 2015-11-22 10:28 - 00784896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
2015-12-03 14:00 - 2015-11-22 10:28 - 00100864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinelsa.dll
2015-12-03 14:00 - 2015-11-22 10:27 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2015-12-03 14:00 - 2015-11-22 10:27 - 00160768 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
2015-12-03 14:00 - 2015-11-22 10:25 - 00133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2015-12-03 14:00 - 2015-11-22 10:24 - 00083456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputLocaleManager.dll
2015-12-03 14:00 - 2015-11-22 10:24 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EditBufferTestHook.dll
2015-12-03 14:00 - 2015-11-22 10:23 - 05202944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2015-12-03 13:12 - 2015-12-30 14:48 - 00000000 ___DC C:\WINDOWS\Panther
2015-12-03 13:08 - 2015-12-03 13:08 - 00000000 ____D C:\Windows.old
2015-12-03 13:07 - 2015-12-03 13:07 - 22572632 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2015-12-03 13:07 - 2015-12-03 13:07 - 21125408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2015-12-03 13:07 - 2015-12-03 13:07 - 11545088 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2015-12-03 13:07 - 2015-12-03 13:07 - 09918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2015-12-03 13:07 - 2015-12-03 13:07 - 02444288 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2015-12-03 13:07 - 2015-12-03 13:07 - 02001408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2015-12-03 13:07 - 2015-12-03 13:07 - 01063424 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-12-03 13:07 - 2015-12-03 13:07 - 00969728 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2015-12-03 13:07 - 2015-12-03 13:07 - 00911648 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcomp.dll
2015-12-03 13:07 - 2015-12-03 13:07 - 00809312 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2015-12-03 13:07 - 2015-12-03 13:07 - 00803840 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-12-03 13:07 - 2015-12-03 13:07 - 00791552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2015-12-03 13:07 - 2015-12-03 13:07 - 00704352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2015-12-03 13:07 - 2015-12-03 13:07 - 00698208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimgapi.dll
2015-12-03 13:07 - 2015-12-03 13:07 - 00675064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dcomp.dll
2015-12-03 13:07 - 2015-12-03 13:07 - 00674816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2015-12-03 13:07 - 2015-12-03 13:07 - 00647168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-12-03 13:07 - 2015-12-03 13:07 - 00630632 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2015-12-03 13:07 - 2015-12-03 13:07 - 00623616 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll
2015-12-03 13:07 - 2015-12-03 13:07 - 00586208 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2015-12-03 13:07 - 2015-12-03 13:07 - 00586080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wimgapi.dll
2015-12-03 13:07 - 2015-12-03 13:07 - 00578912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2015-12-03 13:07 - 2015-12-03 13:07 - 00540752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2015-12-03 13:07 - 2015-12-03 13:07 - 00536768 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2015-12-03 13:07 - 2015-12-03 13:07 - 00523616 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimserv.exe
2015-12-03 13:07 - 2015-12-03 13:07 - 00517632 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2015-12-03 13:07 - 2015-12-03 13:07 - 00516544 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2015-12-03 13:07 - 2015-12-03 13:07 - 00511320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf.dll
2015-12-03 13:07 - 2015-12-03 13:07 - 00490496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2015-12-03 13:07 - 2015-12-03 13:07 - 00454056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2015-12-03 13:07 - 2015-12-03 13:07 - 00450560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll
2015-12-03 13:07 - 2015-12-03 13:07 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2015-12-03 13:07 - 2015-12-03 13:07 - 00408128 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2015-12-03 13:07 - 2015-12-03 13:07 - 00405048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2015-12-03 13:07 - 2015-12-03 13:07 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2015-12-03 13:07 - 2015-12-03 13:07 - 00369912 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2015-12-03 13:07 - 2015-12-03 13:07 - 00366224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2015-12-03 13:07 - 2015-12-03 13:07 - 00365568 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2015-12-03 13:07 - 2015-12-03 13:07 - 00334736 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2015-12-03 13:07 - 2015-12-03 13:07 - 00334336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe
2015-12-03 13:07 - 2015-12-03 13:07 - 00315904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Bluetooth.dll
2015-12-03 13:07 - 2015-12-03 13:07 - 00303104 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2015-12-03 13:07 - 2015-12-03 13:07 - 00296488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2015-12-03 13:07 - 2015-12-03 13:07 - 00286720 _____ (Microsoft Corporation) C:\WINDOWS\system32\deviceaccess.dll
2015-12-03 13:07 - 2015-12-03 13:07 - 00275456 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2015-12-03 13:07 - 2015-12-03 13:07 - 00227840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\deviceaccess.dll
2015-12-03 13:07 - 2015-12-03 13:07 - 00204800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft-Windows-AppModelExecEvents.dll
2015-12-03 13:07 - 2015-12-03 13:07 - 00163328 _____ (Microsoft Corporation) C:\WINDOWS\system32\provops.dll
2015-12-03 13:07 - 2015-12-03 13:07 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringservice.dll
2015-12-03 13:07 - 2015-12-03 13:07 - 00122368 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCsp.dll
2015-12-03 13:07 - 2015-12-03 13:07 - 00118624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2015-12-03 13:07 - 2015-12-03 13:07 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2015-12-03 13:07 - 2015-12-03 13:07 - 00110032 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll
2015-12-03 13:07 - 2015-12-03 13:07 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2015-12-03 13:07 - 2015-12-03 13:07 - 00092352 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-12-03 13:07 - 2015-12-03 13:07 - 00089600 _____ (Microsoft Corporation) C:\WINDOWS\system32\NFCProvisioningPlugin.dll
2015-12-03 13:07 - 2015-12-03 13:07 - 00088392 _____ (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll
2015-12-03 13:07 - 2015-12-03 13:07 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzautoupdate.dll
2015-12-03 13:07 - 2015-12-03 13:07 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2015-12-03 13:07 - 2015-12-03 13:07 - 00078336 _____ (Microsoft Corporation) C:\WINDOWS\system32\BarcodeProvisioningPlugin.dll
2015-12-03 13:07 - 2015-12-03 13:07 - 00073360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\remoteaudioendpoint.dll
2015-12-03 13:07 - 2015-12-03 13:07 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppCapture.dll
2015-12-03 13:07 - 2015-12-03 13:07 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringclient.dll
2015-12-03 13:07 - 2015-12-03 13:07 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemovableMediaProvisioningPlugin.dll
2015-12-03 13:07 - 2015-12-03 13:07 - 00045568 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2015-12-03 13:07 - 2015-12-03 13:07 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.proxy.dll
2015-12-03 13:07 - 2015-12-03 13:07 - 00037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2015-12-03 13:07 - 2015-12-03 13:07 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2015-12-03 13:07 - 2015-12-03 13:07 - 00035680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wimmount.sys
2015-12-03 13:07 - 2015-12-03 13:07 - 00035656 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfpmp.exe
2015-12-03 13:07 - 2015-12-03 13:07 - 00032040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfpmp.exe
2015-12-03 13:07 - 2015-12-03 13:07 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringconfigsp.dll
2015-12-03 13:07 - 2015-12-03 13:07 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
2015-12-03 13:07 - 2015-12-03 13:07 - 00028160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.Provisioning.ProxyStub.dll
2015-12-03 13:07 - 2015-12-03 13:07 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.proxy.dll
2015-12-03 13:07 - 2015-12-03 13:07 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\IcsEntitlementHost.exe
2015-12-03 13:07 - 2015-12-03 13:07 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\dciman32.dll
2015-12-03 13:07 - 2015-12-03 13:07 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dciman32.dll
2015-12-03 13:07 - 2015-12-03 13:07 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\lpk.dll
2015-12-03 13:07 - 2015-12-03 13:07 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpk.dll
2015-12-03 13:04 - 2016-01-02 14:50 - 00775644 _____ C:\WINDOWS\system32\perfh007.dat
2015-12-03 13:04 - 2016-01-02 14:50 - 00155748 _____ C:\WINDOWS\system32\perfc007.dat
2015-12-03 13:04 - 2015-12-03 13:03 - 00305634 _____ C:\WINDOWS\system32\perfi007.dat
2015-12-03 13:04 - 2015-12-03 13:03 - 00040390 _____ C:\WINDOWS\system32\perfd007.dat
2015-12-03 13:04 - 2015-10-30 04:43 - 12039680 _____ (Microsoft Corporation) C:\WINDOWS\system32\NlsLexicons0007.dll
2015-12-03 13:04 - 2015-10-30 04:43 - 11602944 _____ (Microsoft Corporation) C:\WINDOWS\system32\prm0007.dll
2015-12-03 13:04 - 2015-10-30 04:41 - 12039680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NlsLexicons0007.dll
2015-12-03 13:04 - 2015-10-30 04:28 - 02088960 _____ (Microsoft Corporation) C:\WINDOWS\system32\NlsData0007.dll
2015-12-03 13:04 - 2015-10-30 04:26 - 01996800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NlsData0007.dll
2015-12-03 13:03 - 2015-12-03 13:03 - 00000000 ____D C:\WINDOWS\SysWOW64\XPSViewer
2015-12-03 13:03 - 2015-12-03 13:03 - 00000000 ____D C:\WINDOWS\SysWOW64\de
2015-12-03 13:03 - 2015-12-03 13:03 - 00000000 ____D C:\WINDOWS\system32\de
2015-12-03 12:54 - 2015-12-03 12:54 - 00008192 _____ C:\WINDOWS\system32\config\userdiff
2015-12-03 12:51 - 2015-12-03 12:51 - 00000000 ____D C:\Program Files\Reference Assemblies
2015-12-03 12:51 - 2015-12-03 12:51 - 00000000 ____D C:\Program Files\MSBuild
2015-12-03 12:51 - 2015-12-03 12:51 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2015-12-03 12:51 - 2015-12-03 12:51 - 00000000 ____D C:\Program Files (x86)\MSBuild
2015-12-03 12:50 - 2015-10-24 02:47 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2015-12-03 12:50 - 2015-10-24 02:47 - 00103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-12-03 12:50 - 2015-10-24 02:47 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2015-12-03 12:50 - 2015-10-24 02:46 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2015-12-03 12:50 - 2015-10-24 02:46 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2015-12-03 12:50 - 2015-10-24 02:45 - 00124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2015-12-03 12:36 - 2015-12-03 12:36 - 00000000 ____H C:\$WINRE_BACKUP_PARTITION.MARKER
2015-12-03 11:03 - 2015-12-03 11:03 - 00313120 _____ C:\Users\Imre\Desktop\Masterarbeit.pdf
2015-12-03 04:55 - 2015-12-03 04:55 - 00000000 ____D C:\Users\Imre\AppData\Local\ActiveSync
2015-12-03 04:52 - 2015-12-03 04:52 - 00000020 ___SH C:\Users\Imre\ntuser.ini
2015-12-03 04:51 - 2015-12-03 04:51 - 00000000 _SHDL C:\Users\Default\My Documents
2015-12-03 04:51 - 2015-12-03 04:51 - 00000000 _SHDL C:\Users\Default\Documents\My Videos
2015-12-03 04:51 - 2015-12-03 04:51 - 00000000 _SHDL C:\Users\Default\Documents\My Pictures
2015-12-03 04:51 - 2015-12-03 04:51 - 00000000 _SHDL C:\Users\Default\Documents\My Music
2015-12-03 04:51 - 2015-12-03 04:51 - 00000000 _SHDL C:\Users\Default User\Documents\My Videos
2015-12-03 04:51 - 2015-12-03 04:51 - 00000000 _SHDL C:\Users\Default User\Documents\My Pictures
2015-12-03 04:51 - 2015-12-03 04:51 - 00000000 _SHDL C:\Users\Default User\Documents\My Music
2015-12-03 04:44 - 2016-01-02 14:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-12-03 04:39 - 2015-12-03 04:39 - 00000020 ___SH C:\Users\UpdatusUser\ntuser.ini
2015-12-03 04:33 - 2015-12-30 20:47 - 00001540 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-12-03 04:33 - 2015-12-03 04:33 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2015-12-03 04:33 - 2015-12-03 04:33 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
2015-12-03 04:29 - 2015-12-03 04:34 - 00000000 ____D C:\WINDOWS\system32\config\bbimigrate
2015-12-03 04:26 - 2016-01-02 14:47 - 00000000 ____D C:\Users\UpdatusUser
2015-12-03 04:26 - 2015-12-31 18:11 - 00000000 ____D C:\Users\Imre
2015-12-03 04:26 - 2015-12-03 04:26 - 00000000 _SHDL C:\Users\UpdatusUser\My Documents
2015-12-03 04:26 - 2015-12-03 04:26 - 00000000 _SHDL C:\Users\UpdatusUser\Documents\My Videos
2015-12-03 04:26 - 2015-12-03 04:26 - 00000000 _SHDL C:\Users\UpdatusUser\Documents\My Pictures
2015-12-03 04:26 - 2015-12-03 04:26 - 00000000 _SHDL C:\Users\UpdatusUser\Documents\My Music
2015-12-03 04:26 - 2015-12-03 04:26 - 00000000 _SHDL C:\Users\Imre\My Documents
2015-12-03 04:26 - 2015-12-03 04:26 - 00000000 _SHDL C:\Users\Imre\Documents\My Videos
2015-12-03 04:26 - 2015-12-03 04:26 - 00000000 _SHDL C:\Users\Imre\Documents\My Pictures
2015-12-03 04:26 - 2015-12-03 04:26 - 00000000 _SHDL C:\Users\Imre\Documents\My Music
2015-12-03 04:22 - 2015-12-03 04:38 - 00000000 ____D C:\ProgramData\NVIDIA
2015-12-03 04:22 - 2015-07-23 02:10 - 06873928 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2015-12-03 04:22 - 2015-07-23 02:10 - 03493008 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2015-12-03 04:22 - 2015-07-23 02:10 - 02558608 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2015-12-03 04:22 - 2015-07-23 02:10 - 01059984 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2015-12-03 04:22 - 2015-07-23 02:10 - 00937800 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
2015-12-03 04:22 - 2015-07-23 02:10 - 00579912 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\oemdspif.dll
2015-12-03 04:22 - 2015-07-23 02:10 - 00385168 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2015-12-03 04:22 - 2015-07-23 02:10 - 00074896 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2015-12-03 04:22 - 2015-07-23 02:10 - 00062608 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2015-12-03 04:22 - 2015-07-22 05:29 - 05121613 _____ C:\WINDOWS\system32\nvcoproc.bin
2015-12-03 04:21 - 2016-01-02 14:45 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2015-12-03 04:21 - 2015-12-03 04:29 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2015-12-03 04:21 - 2015-12-03 04:21 - 00000200 _____ C:\WINDOWS\system32\{EC94D02F-D200-4428-9531-05AF7F9799CB}.bat
2015-12-03 04:21 - 2015-12-03 04:21 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_SynTP_01011.Wdf
2015-12-03 04:21 - 2015-12-03 04:21 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2015-12-03 04:21 - 2015-07-17 22:58 - 00082432 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.DLL
2015-12-03 04:20 - 2015-12-03 04:29 - 00000000 ____D C:\Program Files\Intel
2015-12-03 04:20 - 2015-12-03 04:20 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2015-12-03 04:20 - 2015-12-03 04:20 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_Smb_driver_Intel_01011.Wdf
2015-12-03 04:19 - 2015-12-03 04:19 - 00000000 ____D C:\Program Files\Synaptics
2015-12-03 04:18 - 2015-10-30 08:17 - 02718208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2015-12-03 04:14 - 2015-12-30 14:51 - 04957184 _____ C:\WINDOWS\system32\FNTCACHE.DAT

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-02 16:50 - 2015-11-15 00:09 - 00000000 ____D C:\Users\Imre\Desktop\Husserls Einstellungsbegriff
2016-01-02 16:37 - 2015-10-06 21:28 - 00000000 ____D C:\Users\Imre\Desktop\Tusculum
2016-01-02 16:29 - 2015-08-16 00:33 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-01-02 16:29 - 2015-07-23 15:04 - 00000000 ___RD C:\Users\Imre\Desktop\Uni Köln
2016-01-02 16:29 - 2015-07-23 12:39 - 00000000 ___RD C:\Users\Imre\Desktop\Dokumente
2016-01-02 16:22 - 2015-07-23 15:15 - 00000000 ___RD C:\Users\Imre\Desktop\Fachliteratur
2016-01-02 16:21 - 2015-10-16 23:35 - 00000000 ____D C:\Users\Imre\Desktop\Klassiker auslegen
2016-01-02 16:08 - 2015-07-24 09:32 - 00000000 ____D C:\Users\Imre\AppData\Local\ClassicShell
2016-01-02 14:50 - 2015-10-30 08:21 - 00000000 ____D C:\WINDOWS\INF
2016-01-02 14:50 - 2015-08-16 21:52 - 01802588 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-01-02 14:45 - 2015-07-24 01:12 - 00000000 __SHD C:\Users\Imre\IntelGraphicsProfiles
2016-01-02 12:56 - 2015-10-30 07:28 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2016-01-02 12:51 - 2015-10-30 07:28 - 00000000 ____D C:\Windows
2016-01-02 12:42 - 2015-07-24 01:29 - 00004152 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{8F7F6C12-9793-4221-8796-83E53881D2F5}
2016-01-01 22:53 - 2015-07-23 15:46 - 00000000 ___RD C:\Users\Imre\Desktop\De Gruyter Studienbuch
2016-01-01 22:35 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-01-01 15:28 - 2015-08-09 14:31 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-01-01 15:28 - 2015-08-09 14:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2016-01-01 15:28 - 2015-08-09 14:31 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-12-31 18:24 - 2015-10-30 08:24 - 00000000 ___HD C:\Program Files\WindowsApps
2015-12-30 20:55 - 2015-07-24 16:21 - 00000000 ____D C:\Users\Imre\AppData\Roaming\vlc
2015-12-30 20:47 - 2015-11-15 16:04 - 00001152 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS6 (64 Bit).lnk
2015-12-30 20:47 - 2015-11-15 16:03 - 00001264 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS6.lnk
2015-12-30 20:47 - 2015-11-15 16:02 - 00001114 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS6 (64bit).lnk
2015-12-30 20:47 - 2015-11-15 16:01 - 00001226 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS6.lnk
2015-12-30 20:47 - 2015-11-15 15:59 - 00001580 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS6.lnk
2015-12-30 20:47 - 2015-11-15 15:59 - 00001410 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS6.lnk
2015-12-30 20:47 - 2015-11-15 15:56 - 00001393 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Application Manager.lnk
2015-12-30 20:47 - 2015-11-10 16:05 - 00002239 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Digital Editions 4.5.lnk
2015-12-30 20:47 - 2015-09-17 10:54 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat DC.lnk
2015-12-30 20:47 - 2015-09-17 10:54 - 00002102 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller DC.lnk
2015-12-30 20:47 - 2015-07-24 09:32 - 00002248 _____ C:\Users\Imre\AppData\Roaming\Microsoft\Windows\Start Menu\startscreen.lnk
2015-12-30 20:45 - 2015-10-30 08:24 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2015-12-30 14:49 - 2015-11-27 17:24 - 00000000 ____D C:\Users\Imre\AppData\Roaming\BitTorrent
2015-12-30 14:46 - 2015-08-16 00:10 - 00000000 ____D C:\Users\Imre\.mediathek3
2015-12-30 14:38 - 2015-07-24 01:02 - 00000000 ____D C:\Users\Imre\AppData\Local\Packages
2015-12-30 14:37 - 2015-07-24 15:37 - 00001034 _____ C:\Users\UpdatusUser\Desktop\Digitale Bibliothek 5.lnk
2015-12-30 14:29 - 2015-07-24 01:05 - 00000000 __RHD C:\Users\Public\AccountPictures
2015-12-30 14:01 - 2015-10-30 08:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-12-29 14:13 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2015-12-27 22:10 - 2015-10-30 08:26 - 00826872 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-12-27 22:10 - 2015-10-30 08:26 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-12-22 03:30 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-12-22 03:30 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\Provisioning
2015-12-22 03:30 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\bcastdvr
2015-12-15 23:04 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-12-15 22:54 - 2015-09-12 14:52 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-12-15 08:23 - 2015-08-16 22:13 - 00000000 ___RD C:\Users\Imre\3D Objects
2015-12-14 08:28 - 2015-08-16 22:02 - 00000000 ___RD C:\Users\Imre\OneDrive
2015-12-12 13:13 - 2015-10-30 10:03 - 00000000 ____D C:\WINDOWS\OCR
2015-12-12 01:04 - 2015-11-27 19:20 - 00000000 ____D C:\Users\Imre\Desktop\epub
2015-12-11 22:32 - 2015-10-07 21:36 - 00000000 ____D C:\Users\Imre\Desktop\Zeitschrift für philosophische Forschung
2015-12-11 14:37 - 2015-11-30 17:36 - 00000000 ____D C:\Users\Imre\Desktop\Phänomenologische Forschungen
2015-12-11 00:35 - 2015-07-24 16:54 - 00000000 ____D C:\Users\Imre\.Zettelkasten
2015-12-09 20:29 - 2015-08-16 00:33 - 00003870 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-12-09 04:39 - 2015-07-24 01:44 - 00301728 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2015-12-08 21:29 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\oobe
2015-12-08 20:20 - 2015-07-24 14:24 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-12-08 20:20 - 2015-07-24 01:11 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-12-08 20:19 - 2013-08-22 14:25 - 00000167 _____ C:\WINDOWS\win.ini
2015-12-08 20:15 - 2015-07-24 01:23 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-12-08 20:14 - 2015-07-24 01:23 - 140158008 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-12-08 19:45 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\rescache
2015-12-04 15:36 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2015-12-04 08:20 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\appcompat
2015-12-03 13:59 - 2015-08-16 00:11 - 00000000 ____D C:\Users\Imre\MediathekView
2015-12-03 13:30 - 2015-08-16 22:02 - 00000000 ____D C:\Users\Imre\AppData\Local\Comms
2015-12-03 13:12 - 2015-10-30 08:24 - 00028672 _____ C:\WINDOWS\system32\config\BCD-Template
2015-12-03 13:07 - 2015-10-30 07:28 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
2015-12-03 13:07 - 2015-10-30 07:28 - 00000000 ____D C:\WINDOWS\system32\Dism
2015-12-03 13:03 - 2015-10-30 10:07 - 00000000 ____D C:\Program Files\Windows Journal
2015-12-03 13:03 - 2015-10-30 10:02 - 00000000 ____D C:\WINDOWS\SysWOW64\winrm
2015-12-03 13:03 - 2015-10-30 10:02 - 00000000 ____D C:\WINDOWS\SysWOW64\WCN
2015-12-03 13:03 - 2015-10-30 10:02 - 00000000 ____D C:\WINDOWS\SysWOW64\slmgr
2015-12-03 13:03 - 2015-10-30 10:02 - 00000000 ____D C:\WINDOWS\SysWOW64\Printing_Admin_Scripts
2015-12-03 13:03 - 2015-10-30 10:02 - 00000000 ____D C:\WINDOWS\system32\winrm
2015-12-03 13:03 - 2015-10-30 10:02 - 00000000 ____D C:\WINDOWS\system32\WCN
2015-12-03 13:03 - 2015-10-30 10:02 - 00000000 ____D C:\WINDOWS\system32\slmgr
2015-12-03 13:03 - 2015-10-30 10:02 - 00000000 ____D C:\WINDOWS\system32\Printing_Admin_Scripts
2015-12-03 13:03 - 2015-10-30 08:24 - 00000000 ___SD C:\WINDOWS\SysWOW64\F12
2015-12-03 13:03 - 2015-10-30 08:24 - 00000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2015-12-03 13:03 - 2015-10-30 08:24 - 00000000 ___SD C:\WINDOWS\system32\F12
2015-12-03 13:03 - 2015-10-30 08:24 - 00000000 ___SD C:\WINDOWS\system32\dsc
2015-12-03 13:03 - 2015-10-30 08:24 - 00000000 ___SD C:\WINDOWS\system32\DiagSvcs
2015-12-03 13:03 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\SysWOW64\oobe
2015-12-03 13:03 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\SysWOW64\MUI
2015-12-03 13:03 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\SysWOW64\Com
2015-12-03 13:03 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\MUI
2015-12-03 13:03 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\migwiz
2015-12-03 13:03 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\Com
2015-12-03 13:03 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\IME
2015-12-03 13:03 - 2015-10-30 08:24 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2015-12-03 13:03 - 2015-10-30 08:24 - 00000000 ____D C:\Program Files\Windows Defender
2015-12-03 13:03 - 2015-10-30 08:24 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2015-12-03 13:03 - 2015-10-30 08:24 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2015-12-03 13:03 - 2015-10-30 07:28 - 00000000 ____D C:\WINDOWS\servicing
2015-12-03 05:11 - 2015-10-30 08:24 - 00000000 ___RD C:\WINDOWS\DevicesFlow
2015-12-03 04:53 - 2015-10-30 08:24 - 00000000 ___RD C:\WINDOWS\PrintDialog
2015-12-03 04:53 - 2015-10-30 08:24 - 00000000 ___RD C:\WINDOWS\MiracastView
2015-12-03 04:51 - 2015-10-30 07:28 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2015-12-03 04:50 - 2015-08-16 20:43 - 00026673 _____ C:\WINDOWS\diagwrn.xml
2015-12-03 04:50 - 2015-08-16 20:43 - 00026673 _____ C:\WINDOWS\diagerr.xml
2015-12-03 04:47 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase
2015-12-03 04:47 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\Registration
2015-12-03 04:45 - 2015-09-13 18:08 - 00002954 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2015-12-03 04:45 - 2015-08-16 21:59 - 00022840 _____ C:\WINDOWS\system32\emptyregdb.dat
2015-12-03 04:45 - 2015-07-24 01:09 - 00002934 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-253609680-664229831-636946120-1001
2015-12-03 04:41 - 2015-10-30 08:24 - 00000000 __RHD C:\Users\Public\Libraries
2015-12-03 04:39 - 2015-07-24 16:18 - 01827030 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI
2015-12-03 04:34 - 2015-11-27 19:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre 64bit - E-book Management
2015-12-03 04:34 - 2015-11-23 21:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Neuro-Programmer 3
2015-12-03 04:34 - 2015-10-30 10:07 - 00000000 ____D C:\WINDOWS\ShellNew
2015-12-03 04:34 - 2015-10-30 08:24 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2015-12-03 04:34 - 2015-09-13 17:49 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2015-12-03 04:34 - 2015-08-16 23:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Classic Shell
2015-12-03 04:34 - 2015-07-24 16:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2015-12-03 04:34 - 2015-07-24 16:18 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2015-12-03 04:34 - 2015-07-24 16:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-12-03 04:34 - 2015-07-24 15:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Digitale Bibliothek 5
2015-12-03 04:34 - 2015-07-24 15:08 - 00000000 ____D C:\Program Files\Dolby Digital Plus
2015-12-03 04:34 - 2015-07-24 10:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco
2015-12-03 04:33 - 2015-07-10 10:05 - 00000000 ____D C:\Users\Default.migrated
2015-12-03 04:31 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\spool
2015-12-03 04:31 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\InputMethod
2015-12-03 04:31 - 2015-07-24 16:19 - 00000000 ____D C:\WINDOWS\SysWOW64\Atheros_L1e
2015-12-03 04:31 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\WindowsInternal.Inbox.Shared
2015-12-03 04:31 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\WindowsInternal.Inbox.Media.Shared
2015-12-03 04:30 - 2015-07-24 11:13 - 00000000 ____D C:\WINDOWS\system32\appmgmt
2015-12-03 04:29 - 2015-11-10 16:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
2015-12-03 04:29 - 2015-10-30 08:24 - 00000000 ___SD C:\WINDOWS\Downloaded Program Files
2015-12-03 04:29 - 2015-10-30 08:24 - 00000000 ___RD C:\WINDOWS\PurchaseDialog
2015-12-03 04:29 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2015-12-03 04:29 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\InputMethod
2015-12-03 04:29 - 2015-10-30 08:24 - 00000000 ____D C:\ProgramData\USOPrivate
2015-12-03 04:29 - 2015-10-30 08:24 - 00000000 ____D C:\Program Files\Common Files\System
2015-12-03 04:29 - 2015-10-30 08:24 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2015-12-03 04:29 - 2015-09-14 19:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Propellerhead
2015-12-03 04:29 - 2015-09-09 09:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rosetta Stone
2015-12-03 04:29 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\ADFS
2015-12-03 04:25 - 2015-10-30 07:28 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2015-12-03 04:22 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\Help
2015-12-03 04:14 - 2015-10-30 10:14 - 00000000 ____D C:\WINDOWS\ServiceProfiles
2015-12-03 03:34 - 2015-07-24 10:52 - 00008192 __RSH C:\BOOTSECT.BAK
2015-12-03 03:30 - 2015-10-30 10:42 - 00000000 ___HD C:\$WINDOWS.~BT

==================== Files in the root of some directories =======

2015-07-24 15:08 - 2015-07-24 15:08 - 0000000 _____ () C:\ProgramData\DP45977C.lfl

Some files in TEMP:
====================
C:\Users\Imre\AppData\Local\Temp\DDLHZGAE.exe
C:\Users\Imre\AppData\Local\Temp\sqlite3.dll
C:\Users\Imre\AppData\Local\Temp\Uninstall.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-12-31 18:52

==================== End of FRST.txt ============================
         
--- --- ---




[CODE]Additional
FRST Logfile:
Code:
ATTFilter
scan result of Farbar Recovery Scan Tool (x64) Version:31-12-2015
Ran by Imre (2016-01-02 17:03:08)
Running from C:\Users\Imre\Desktop
Windows 10 Pro (X64) (2015-12-03 03:52:15)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-253609680-664229831-636946120-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-253609680-664229831-636946120-503 - Limited - Disabled)
Guest (S-1-5-21-253609680-664229831-636946120-501 - Limited - Disabled)
Imre (S-1-5-21-253609680-664229831-636946120-1001 - Administrator - Enabled) => C:\Users\Imre
UpdatusUser (S-1-5-21-253609680-664229831-636946120-1002 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 15.06 beta (x64) (HKLM\...\7-Zip) (Version: 15.06 - Igor Pavlov)
Adobe Acrobat DC (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-0C0F074E4100}) (Version: 15.009.20079 - Adobe Systems Incorporated)
Adobe Digital Editions 4.5 (HKLM-x32\...\Adobe Digital Editions 4.5) (Version: 4.5.0 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.267 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 20.2.1245.53580 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 20.2.1245.53580 - Alcor Micro Corp.) Hidden
BitTorrent (HKU\S-1-5-21-253609680-664229831-636946120-1001\...\BitTorrent) (Version: 7.9.5.41373 - BitTorrent Inc.)
calibre 64bit (HKLM\...\{54EFBCD2-A4FB-4C37-A720-9A8195EFC7B4}) (Version: 2.45.0 - Kovid Goyal)
CCleaner (HKLM\...\CCleaner) (Version: 5.13 - Piriform)
Cisco AnyConnect Secure Mobility Client  (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.06073 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.06073 - Cisco Systems, Inc.) Hidden
Classic Shell (HKLM\...\{E289B7DD-6732-4333-A47A-75A145D23EE3}) (Version: 4.2.4 - IvoSoft)
Digitale Bibliothek 5 (HKLM-x32\...\Digitale Bibliothek 5) (Version:  - )
Dolby Digital Plus Advanced Audio (HKLM\...\{B0BFC63F-EA07-419E-960B-3FB2ED5DD0B2}) (Version: 7.3.2.2 - Dolby Laboratories Inc)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6490.0 - IDT)
Intel Collaborative Processor Performance Control (HKLM-x32\...\0E7DAF70-FB54-4B91-B192-7E771C25AEEB) (Version: 1.0.0.1013 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.14.4170 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.5.1000 - Intel Corporation)
Java 8 Update 66 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218066F0}) (Version: 8.0.660.18 - Oracle Corporation)
Lenovo Bluetooth with Enhanced Data Rate Software (HKLM\...\{C6D9ED03-6FCF-4410-9CB7-45CA285F9E11}) (Version: 12.0.0.7850 - Broadcom Corporation)
Lenovo EasyCamera (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.2.9200.10245 - Realtek Semiconductor Corp.)
Malwarebytes Anti-Malware Version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 41.0.2 (x86 de) (HKLM-x32\...\Mozilla Firefox 41.0.2 (x86 de)) (Version: 41.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 41.0.2.5765 - Mozilla)
Nero 11 v11.2.4.100 (x64) (HKLM\...\Nero 11 v11.2.4.100 (x64)11.2.4.100) (Version: 11.2.4.100 - Friends in War)
Neuro-Programmer 3.3.1 (HKLM-x32\...\Neuro-Programmer 3_is1) (Version:  - Transparent Corporation)
NVIDIA PhysX-Systemsoftware 9.13.0725 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0725 - NVIDIA Corporation)
NVIDIA Update 1.14.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.14.17 - NVIDIA Corporation)
Outils de vérification linguistique 2013 de Microsoft Office*- Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Qualcomm Atheros Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.21 - Qualcomm Atheros Inc.)
Reason 5.0 (HKLM-x32\...\Reason5_is1) (Version: 5.0 - Propellerhead Software AB)
Rosetta Stone Version 3 (HKLM-x32\...\{99011A6E-5200-11DE-BDB8-7ACD56D89593}) (Version: 3.4.5.0 - Rosetta Stone Ltd.)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version:  - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version:  - Microsoft) Hidden
SoulseekQt (HKLM-x32\...\SoulseekQt) (Version:  - )
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.9.5 - Synaptics Incorporated)
Update for Skype for Business 2015 (KB3039776) 64-Bit Edition (HKLM\...\{90150000-012B-0407-1000-0000000FF1CE}_Office15.PROPLUS_{5D2260D6-DB16-41DC-915B-A39BF4F66362}) (Version:  - Microsoft)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-253609680-664229831-636946120-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Imre\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileCoAuth.exe (Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0CFE2E40-6A97-48C5-9F38-DE82315CF1B0} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
Task: {186C4F96-BCA5-45CD-B04B-0DC29C1CCBD9} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-12-08] (Microsoft Corporation)
Task: {1B3341E4-54FE-47F6-AFC1-6C219695C6ED} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {5764B183-AA5D-4C32-B20A-B7FA940E6750} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {944EC87C-BFB0-4159-935C-0D7CD9320BD2} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-12-29] (Adobe Systems Incorporated)
Task: {9C0C1A11-F24A-4B95-8B34-AF4F2CA4048B} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {A3880DBE-2741-4C96-A495-D0E52E503E5E} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {F1D4B828-0A02-4D6F-B391-8A75D263D78B} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-12-08] (Piriform Ltd)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-10-30 08:18 - 2015-10-30 08:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2015-12-03 04:22 - 2015-07-23 02:10 - 00116552 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-12-03 14:01 - 2015-11-22 11:47 - 02653816 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-12-03 14:01 - 2015-11-22 11:47 - 02653816 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2015-12-17 15:22 - 2015-12-17 15:23 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2015-12-03 14:01 - 2015-11-22 11:47 - 02653816 _____ () C:\Windows\System32\CoreUIComponents.dll
2015-07-17 23:35 - 2015-07-17 23:35 - 00396688 _____ () C:\WINDOWS\system32\igfxTray.exe
2015-12-18 16:23 - 2015-12-07 05:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2015-12-18 16:23 - 2015-12-07 05:00 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-12-18 16:24 - 2015-12-07 04:37 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2015-12-18 16:24 - 2015-12-07 04:33 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-12-18 16:24 - 2015-12-07 04:34 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2015-12-18 16:24 - 2015-12-07 04:36 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-12-08 20:25 - 2015-12-08 20:25 - 00057344 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll
2015-02-22 00:19 - 2015-02-22 00:19 - 20979200 _____ () C:\Program Files (x86)\SoulseekQt\SoulseekQt.exe
2015-12-31 18:23 - 2015-12-31 18:23 - 03682816 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1512.54020.0_x64__8wekyb3d8bbwe\Calculator.exe
2015-12-10 15:51 - 2015-12-10 15:52 - 00012800 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.1208.10480.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2015-12-10 15:51 - 2015-12-10 15:52 - 11542016 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.1208.10480.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2015-11-20 13:28 - 2015-11-20 13:28 - 00258560 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.1208.10480.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll
2014-11-19 16:36 - 2014-11-19 16:36 - 00063376 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
2015-12-17 15:22 - 2015-12-17 15:23 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2015-12-17 15:22 - 2015-12-17 15:23 - 21845504 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2015-03-17 00:34 - 2015-03-17 00:34 - 00010240 _____ () C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\locale\de_de\acrotray.deu

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\WINDOWS\system32\Drivers\sdfhgdf.sys:{6289c87f-ae25-11e5-8292-20256487a424}
AlternateDataStreams: C:\WINDOWS\system32\Drivers\sdfhgdf.sys:{6289c880-ae25-11e5-8292-20256487a424}
AlternateDataStreams: C:\WINDOWS\system32\Drivers\sdfhgdf.sys:{6289ca6b-ae25-11e5-8292-20256487a424}
AlternateDataStreams: C:\WINDOWS\system32\Drivers\sdfhgdf.sys:{6289ca6c-ae25-11e5-8292-20256487a424}
AlternateDataStreams: C:\ProgramData\TEMP:157E1AD3

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-253609680-664229831-636946120-1001\...\uni-koeln.de -> hxxps://vpngate.uni-koeln.de

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2015-12-30 14:23 - 00001886 ____A C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 lm.licenses.adobe.com
127.0.0.1 lmlicenses.wip4.adobe.com
127.0.0.1 lm-prd-da1.licenses.adobe.com
127.0.0.1 activate.adobe.com
127.0.0.1 activate.wip4.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 practivate-da1.adobe.com
127.0.0.1 na1r.services.adobe.com
127.0.0.1 hlrcv.stage.adobe.com
127.0.0.1 uds.licenses.adobe.com
127.0.0.1 licenses.adobe.com
127.0.0.1 license.adobe.com
127.0.0.1 helpexamples.com
127.0.0.1 activate-sea.adobe.com  
127.0.0.1 activate-sjc0.adobe.com
127.0.0.1 ereg.adobe.com  
127.0.0.1 activate.wip3.adobe.com  
127.0.0.1 wip3.adobe.com  
127.0.0.1 ereg.wip3.adobe.com  
127.0.0.1 wwis-dubc1-vip60.adobe.com
127.0.0.1 bild.de
127.0.0.1 www.bild.de
127.0.0.1 www.express.de
127.0.0.1 express.de
127.0.0.1       down.baidu2016.com
127.0.0.1       123.sogou.com
127.0.0.1       www.czzsyzgm.com
127.0.0.1       www.czzsyzxl.com
127.0.0.1       down.baidu2016.com
127.0.0.1       123.sogou.com

There are 1 more lines.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-253609680-664229831-636946120-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Imre\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\windows 8.png
HKU\S-1-5-21-253609680-664229831-636946120-1002\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 134.95.127.1 - 134.95.9.74
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run: => "IAStorIcon"
HKLM\...\StartupApproved\Run: => "RtsFT"
HKU\S-1-5-21-253609680-664229831-636946120-1001\...\StartupApproved\StartupFolder: => "An OneNote senden.lnk"
HKU\S-1-5-21-253609680-664229831-636946120-1001\...\StartupApproved\Run: => "Lync"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{8D4E7D3F-05DD-4E72-82E2-9AB888D95DF7}] => (Allow) C:\Users\Imre\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{E8E684B2-3F54-4BFF-B7E3-5F68FB3A23DB}] => (Allow) C:\Users\Imre\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{FEFBD5C7-9158-49BA-B5C6-B96A547E668C}] => (Allow) C:\Users\Imre\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{09F494C0-0C80-4C54-91F3-CB9EC1038AF1}] => (Allow) C:\Users\Imre\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{5E13F8A6-6651-4244-B49D-D60B74281DFA}] => (Allow) C:\Users\Imre\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{E3203284-7FC1-4CA1-9A45-1D10CD6DD051}] => (Allow) C:\Users\Imre\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [UDP Query User{5162E3C3-82F3-4C28-AD34-8A650ADC1FDE}C:\program files (x86)\soulseekqt\soulseekqt.exe] => (Allow) C:\program files (x86)\soulseekqt\soulseekqt.exe
FirewallRules: [TCP Query User{14DEBD76-4677-42CC-A290-EE342B7440F1}C:\program files (x86)\soulseekqt\soulseekqt.exe] => (Allow) C:\program files (x86)\soulseekqt\soulseekqt.exe
FirewallRules: [{C8719EC4-11FA-470D-9048-CA0F956A5CAF}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{36F7EDBC-9FD3-4FE7-B257-2502042DC8DB}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{D77488F8-6FF2-4856-9DE6-774A3A38812C}] => (Allow) C:\Program Files (x86)\Rosetta Stone\Rosetta Stone Version 3\support\bin\win\RosettaStoneLtdServices.exe
FirewallRules: [{F873506A-477B-4025-AAD5-061AE3A27D46}] => (Allow) C:\Program Files (x86)\Rosetta Stone\Rosetta Stone Version 3\support\bin\win\RosettaStoneLtdServices.exe
FirewallRules: [{C5E16228-5EFC-4313-AC67-212D9A363BD6}] => (Allow) C:\Program Files (x86)\Rosetta Stone\Rosetta Stone Version 3\RosettaStoneVersion3.exe
FirewallRules: [{A74A5CA6-053B-47DD-9186-94605A9F25A1}] => (Allow) C:\Program Files (x86)\Rosetta Stone\Rosetta Stone Version 3\RosettaStoneVersion3.exe
FirewallRules: [{FA470FA1-30BB-4B01-8545-99847B8AE539}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{D0B97454-4D39-46F3-8917-71C7F33144BB}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{D1F0B3E2-E728-4A09-81A8-FE3ABC5E3D8D}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{29EB162D-CA76-496A-91DC-1D3A49BC0746}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{110267F7-B12F-4D70-9FDA-F317C8CC7406}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{61B2B2A9-B4B1-4018-B3AB-4B48FF694695}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{6BBE8B66-8029-4ED3-B96E-52F1FC9B78B3}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{E35EB8AB-5ACD-41EB-BE8F-61919F4EDF48}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{8FCE982D-4992-4C49-AE13-75F68F256EEB}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{17314852-0735-4947-BA6A-E2785055737B}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe

==================== Restore Points =========================

21-12-2015 15:35:05 Windows Update
30-12-2015 14:00:37 Windows Update
31-12-2015 18:26:23 JRT Pre-Junkware Removal
01-01-2016 15:36:31 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/01/2016 03:36:38 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (01/01/2016 02:41:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: microsoftedgecp.exe, Version: 11.0.10586.20, Zeitstempel: 0x56540c35
Name des fehlerhaften Moduls: edgehtml.dll, Version: 11.0.10586.20, Zeitstempel: 0x56541351
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000003dcb07
ID des fehlerhaften Prozesses: 0x1340
Startzeit der fehlerhaften Anwendung: 0xmicrosoftedgecp.exe0
Pfad der fehlerhaften Anwendung: microsoftedgecp.exe1
Pfad des fehlerhaften Moduls: microsoftedgecp.exe2
Berichtskennung: microsoftedgecp.exe3
Vollständiger Name des fehlerhaften Pakets: microsoftedgecp.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: microsoftedgecp.exe5

Error: (12/31/2015 06:57:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: RootkitRevealer.exe, Version: 1.71.0.0, Zeitstempel: 0x44e255aa
Name des fehlerhaften Moduls: RootkitRevealer.exe, Version: 1.71.0.0, Zeitstempel: 0x44e255aa
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000040cd
ID des fehlerhaften Prozesses: 0x1f3c
Startzeit der fehlerhaften Anwendung: 0xRootkitRevealer.exe0
Pfad der fehlerhaften Anwendung: RootkitRevealer.exe1
Pfad des fehlerhaften Moduls: RootkitRevealer.exe2
Berichtskennung: RootkitRevealer.exe3
Vollständiger Name des fehlerhaften Pakets: RootkitRevealer.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: RootkitRevealer.exe5

Error: (12/31/2015 06:56:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: DiskView64.exe, Version: 2.40.0.0, Zeitstempel: 0x4baa7c46
Name des fehlerhaften Moduls: DiskView64.exe, Version: 2.40.0.0, Zeitstempel: 0x4baa7c46
Ausnahmecode: 0xc0000409
Fehleroffset: 0x0000000000001507
ID des fehlerhaften Prozesses: 0x1c60
Startzeit der fehlerhaften Anwendung: 0xDiskView64.exe0
Pfad der fehlerhaften Anwendung: DiskView64.exe1
Pfad des fehlerhaften Moduls: DiskView64.exe2
Berichtskennung: DiskView64.exe3
Vollständiger Name des fehlerhaften Pakets: DiskView64.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: DiskView64.exe5

Error: (12/31/2015 06:26:48 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (12/31/2015 06:26:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: SkypeHost.exe, Version: 10.1.0.2123, Zeitstempel: 0x566f6bfe
Name des fehlerhaften Moduls: SkyWrap.dll, Version: 10.1.0.2123, Zeitstempel: 0x566f6bdd
Ausnahmecode: 0xc0000005
Fehleroffset: 0x002081c8
ID des fehlerhaften Prozesses: 0x1094
Startzeit der fehlerhaften Anwendung: 0xSkypeHost.exe0
Pfad der fehlerhaften Anwendung: SkypeHost.exe1
Pfad des fehlerhaften Moduls: SkypeHost.exe2
Berichtskennung: SkypeHost.exe3
Vollständiger Name des fehlerhaften Pakets: SkypeHost.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: SkypeHost.exe5

Error: (12/30/2015 09:16:27 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm iexplore.exe, Version 11.0.10586.20 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Systemsteuerung "Sicherheit und Wartung", um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1564

Startzeit: 01d1433ca62e8922

Beendigungszeit: 19

Anwendungspfad: C:\Program Files (x86)\Internet Explorer\iexplore.exe

Berichts-ID: 32cebfeb-af32-11e5-8294-20256487a424

Vollständiger Name des fehlerhaften Pakets: 

Auf das fehlerhafte Paket bezogene Anwendungs-ID:

Error: (12/30/2015 08:53:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: vlc.exe, Version: 2.2.1.0, Zeitstempel: 0x00000000
Name des fehlerhaften Moduls: libqt4_plugin.dll, Version: 2.2.1.0, Zeitstempel: 0xa2d0a2c0
Ausnahmecode: 0x40000015
Fehleroffset: 0x000000000076310b
ID des fehlerhaften Prozesses: 0x1bd4
Startzeit der fehlerhaften Anwendung: 0xvlc.exe0
Pfad der fehlerhaften Anwendung: vlc.exe1
Pfad des fehlerhaften Moduls: vlc.exe2
Berichtskennung: vlc.exe3
Vollständiger Name des fehlerhaften Pakets: vlc.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: vlc.exe5

Error: (12/30/2015 02:37:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: MsMpEng.exe, Version: 4.9.10586.0, Zeitstempel: 0x5632d908
Name des fehlerhaften Moduls: msvcrt.dll, Version: 7.0.10586.0, Zeitstempel: 0x5632d79e
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000005d5b8
ID des fehlerhaften Prozesses: 0x8a0
Startzeit der fehlerhaften Anwendung: 0xMsMpEng.exe0
Pfad der fehlerhaften Anwendung: MsMpEng.exe1
Pfad des fehlerhaften Moduls: MsMpEng.exe2
Berichtskennung: MsMpEng.exe3
Vollständiger Name des fehlerhaften Pakets: MsMpEng.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: MsMpEng.exe5

Error: (12/30/2015 02:25:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: microsoftedgecp.exe, Version: 11.0.10586.20, Zeitstempel: 0x56540c35
Name des fehlerhaften Moduls: edgehtml.dll, Version: 11.0.10586.20, Zeitstempel: 0x56541351
Ausnahmecode: 0x8000ffff
Fehleroffset: 0x000000000049b7aa
ID des fehlerhaften Prozesses: 0xd90
Startzeit der fehlerhaften Anwendung: 0xmicrosoftedgecp.exe0
Pfad der fehlerhaften Anwendung: microsoftedgecp.exe1
Pfad des fehlerhaften Moduls: microsoftedgecp.exe2
Berichtskennung: microsoftedgecp.exe3
Vollständiger Name des fehlerhaften Pakets: microsoftedgecp.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: microsoftedgecp.exe5


System errors:
=============
Error: (01/02/2016 02:45:18 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎1/‎2/‎2016 um 2:30:48 PM unerwartet heruntergefahren.

Error: (01/02/2016 12:56:49 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "User Data Access_f506fb" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Restart the service.

Error: (01/02/2016 12:56:49 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "User Data Storage_f506fb" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Restart the service.

Error: (01/02/2016 12:56:49 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Contact Data_f506fb" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Restart the service.

Error: (01/02/2016 12:56:49 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Sync Host_f506fb" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Restart the service.

Error: (01/02/2016 12:56:49 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (01/02/2016 12:56:35 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "NVIDIA Display Driver Service" wurde unerwartet beendet. Dies ist bereits 2 Mal passiert.

Error: (01/02/2016 12:56:35 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "NVIDIA Update Service Daemon" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (01/02/2016 12:56:35 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Restart the service.

Error: (01/02/2016 12:56:35 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) Rapid Storage Technology" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.


CodeIntegrity:
===================================
  Date: 2016-01-02 16:44:53.215
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-01-02 16:44:53.181
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-01-01 13:29:43.278
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-01-01 13:29:43.235
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-12-31 18:53:20.491
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-12-31 18:53:20.358
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-12-31 18:34:16.643
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-12-31 18:34:16.540
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-12-30 20:49:44.717
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-12-30 15:10:27.125
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i5-4200M CPU @ 2.50GHz
Percentage of memory in use: 32%
Total physical RAM: 8116.36 MB
Available physical RAM: 5495.71 MB
Total Virtual: 9396.36 MB
Available Virtual: 6800.98 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.32 GB) (Free:266.84 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:465.76 GB) (Free:465.6 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: D9FA2484)
Partition 1: (Active) - (Size=465.3 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=450 MB) - (Type=27)
Partition 3: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================
         
--- --- ---

Alt 02.01.2016, 19:44   #15
M-K-D-B
/// TB-Ausbilder
 
Problem beim Starten von .dll - Das angebene Modul wurde nicht gefunden - Standard

Problem beim Starten von .dll - Das angebene Modul wurde nicht gefunden



Servus,



danke für den Upload.

Kommen die Fehlermeldungen immer noch?




Bitte lasse die Datei aus der Code-Box bei Virustotal überprüfen.
  • Klicke auf Wählen Sie eine
  • Kopiere nun folgendes in die Suchleiste
    Code:
    ATTFilter
    C:\WINDOWS\system32\Drivers\sdfhgdf.sys
             
  • und klicke auf Öffnen.
  • Klicke auf Scannen!.
  • Warte bitte bis die Datei vollständig hochgeladen wurde. Solltest Du folgende Meldung bekommen
    Zitat:
    Diese Datei wurde bereits von VirusTotal analysiert...
    klicke auf Neu analysieren.
  • Warte bis dir das Analysedatum angezeigt wird und der Scan abgeschlossen ist.
  • Kopiere den Link aus deiner Adresszeile und poste ihn hier.
__________________
Grüße aus Bayern
M-K-D-B

______________________________________

Das Trojaner-Board unterstützen

Antwort

Themen zu Problem beim Starten von .dll - Das angebene Modul wurde nicht gefunden
.dll, arten, beim starten, dll, eingefangen, erhalte, fehlermeldungen, gefangen, gefunde, gen, glaube, hochfahren, hoffe, modul, nicht, nicht gefunden, problem, run dll, starte, starten, troja, trojaner-board



Ähnliche Themen: Problem beim Starten von .dll - Das angebene Modul wurde nicht gefunden


  1. Fehlermeldung beim booten. RunDLL Problem beim starten von ... Das angegebene Modul wurde nicht gefunden.
    Plagegeister aller Art und deren Bekämpfung - 31.05.2016 (23)
  2. Problem beim starten von C:\.... .dll. Das angegebene Modul wurde nicht gefunden.
    Plagegeister aller Art und deren Bekämpfung - 10.12.2015 (28)
  3. RunDLL Problem beim Starten von C:\ Program Files (x86) \ Home Tab \ TBUpdater.dll Das angegebene Modul wurde nicht gefunden. (Windows 7)
    Log-Analyse und Auswertung - 30.01.2015 (7)
  4. Windows 7 64 Bit Trojaner! Problem beim Starten von: wgsdgsdgdsgsd.exe Das angegebene Modul wurde nicht gefunden.
    Log-Analyse und Auswertung - 24.03.2014 (16)
  5. RunDLL Problem beim starten von C:\ Program Files (x86) \ Home Tab \ TBUpdater.dll Das angegebene Modul wurde nicht gefunden.
    Log-Analyse und Auswertung - 11.03.2014 (13)
  6. RunDLL Problem beim starten von C:\ProgrammFiles\HomeTab\TBUpdater.dll Das angegebene Modul wurde nicht gefunden
    Plagegeister aller Art und deren Bekämpfung - 02.02.2014 (7)
  7. Fehlermeldung: "Problem beim Starten von: wgsdgsdgdsgsd.dll Das angegebene Modul wurde nicht gefunden.
    Plagegeister aller Art und deren Bekämpfung - 20.01.2014 (16)
  8. 2x | Fehlermeldung: "Problem beim Starten von: wgsdgsdgdsgsd.dll Das angegebene Modul wurde nicht gefunden.
    Mülltonne - 11.01.2014 (3)
  9. RunDLL Problem beim Starten von C:\Program Files(x86)\Home Tab\TBUpdater.dll Das angegebene Modul wurde nicht gefunden
    Log-Analyse und Auswertung - 10.11.2013 (7)
  10. Fehlermeldung beim booten. RunDLL Problem beim starten von C:\ProgrammFiles\HomeTab\TBUpdater.dll Das angegebene Modul wurde nicht gefunden
    Plagegeister aller Art und deren Bekämpfung - 01.11.2013 (21)
  11. Fehlermeldung: RunDLL - Problem beim Starten von C:\Users\a.....\AppData\Local\Temp\ch810.exe Das angegebene Modul wurde nicht gefunden.
    Log-Analyse und Auswertung - 05.10.2013 (10)
  12. Fehlermeldung: RunDLL - Problem beim Starten von C:\Users\C..\AppData\...\enhancedNT.dll Das angegebene Modul wurde nicht gefunden.
    Log-Analyse und Auswertung - 02.10.2013 (6)
  13. RunDLL Problem beim starten von C:\ Program Files (x86) \ Home Tab \ TBUpdater.dll Das angegebene Modul wurde nicht gefunden.
    Log-Analyse und Auswertung - 01.10.2013 (9)
  14. Fehlermeldung: RunDLL Problem beim starten von C:\ Program Files (x86) \ Home Tab \ TBUpdater.dll Das angegebene Modul wurde nicht gefunden
    Plagegeister aller Art und deren Bekämpfung - 17.09.2013 (7)
  15. RunDLL Das angebene Modul wurde nicht gefunden
    Plagegeister aller Art und deren Bekämpfung - 29.08.2013 (5)
  16. Fehlermeldung: "Problem beim Starten von: wgsdgsdgdsgsd.dll Das angegebene Modul wurde nicht gefunden.
    Plagegeister aller Art und deren Bekämpfung - 17.08.2013 (7)
  17. Problem beim starten von fest0r_ot.exe Das angegebene Modul wurde nicht gefunden
    Plagegeister aller Art und deren Bekämpfung - 21.07.2012 (15)

Zum Thema Problem beim Starten von .dll - Das angebene Modul wurde nicht gefunden - Hallo Trojaner-Board, ich glaube mir was eingefangen zu haben. Nach dem Hochfahren erhalte ich zwei ähnliche Fehlermeldungen, die Run DLL betreffen: Problem beim Starten von VideoCall.dll und bdyp.dll - Das - Problem beim Starten von .dll - Das angebene Modul wurde nicht gefunden...
Archiv
Du betrachtest: Problem beim Starten von .dll - Das angebene Modul wurde nicht gefunden auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.