MOZILLA ÖFFNET SELBSTÄNDIG WERBESEITE(n) am liebsten "ads01-atmgroup.rhcloud.com"

manu1909 · 11.05.2016, 14:08

Liebe PC-Retter,

ich habe mir gestern das Converter-Programm "Super" heruntergeladen und installiert.
Wegen der Warnungen vor Malware habe ich genau aufgepasst, was ich anklicke.
Trotzdem haben ich mir vermutlich etwas eingefangen. Mozilla öffnet automatisch in gewissen Zeitabständen Werbeseiten, vorzugsweise "https://www.google.de/#q=ads01-atmgroup.rhcloud.com"
Ich habe meinen PC bereits checken lassen von Malwarebytes, Avira Systemscanner, Adware-Cleaner, Trojan-Hunter und Eset. Ausgenommen ESET haben alle anderen nichts gefunden.
Ich habe hier noch Logdateien von Farbar und DDS.
(Ich hab vergessen wie man sie postet.)

Ich bitte Euch um Hilfe.

Vielen Dank im Voraus

Manu

cosinus · 11.05.2016, 16:31

Hallo und

Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die mal fündig geworden?

Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs in CODE-Tags posten!
Relevant sind nur Logs der letzten 7 Tage bzw. seitdem das Problem besteht!

Zudem bitte auch ein Log mit Farbars Tool machen:

Scan mit Farbar's Recovery Scan Tool (FRST)

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit.
Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten.
Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

manu1909 · 11.05.2016, 17:21

Hallo Cosinus,

vielen Dank, dass Du Dich um mich kümmerst:-)
Malwarebytes, Adware-Cleaner und alle anderen Scanner haben ja nichts gefunden. Daher habe ich auch keine Logdateien.
ESET hat seine Funde gleich gelöscht.
Spätestens nach einer viertel Stunde habe ich ein neues Mozilla-Tab offen mit Werbung.

Hier aber erst mal die Log-Dateien. Zuerst von DDSDDS Logfile:

Code:

ATTFilter

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.10586.20
Run by Kathrin at 12:32:31 on 2016-05-11
Microsoft Windows 10 Home  10.0.10586.0.1252.49.1031.18.16297.13720 [GMT 2:00]
.
AV: Avira Antivirus *Enabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Avira Antivirus *Enabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k RPCSS
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\dwm.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\system32\nvvsvc.exe
C:\WINDOWS\system32\igfxCUIService.exe
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\WINDOWS\system32\nvvsvc.exe
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
C:\WINDOWS\system32\IntelSSTAPO\ParameterService\ParameterService.exe
C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
C:\WINDOWS\System32\spoolsv.exe
C:\Program Files (x86)\Avira\Antivirus\sched.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\WINDOWS\System32\svchost.exe -k utcsvc
C:\Program Files (x86)\Avira\Antivirus\avguard.exe
C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe
C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe
C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\WINDOWS\system32\svchost.exe -k appmodel
C:\WINDOWS\system32\sihost.exe
C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
C:\WINDOWS\system32\igfxEM.exe
C:\WINDOWS\system32\igfxHK.exe
C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Windows\System32\RuntimeBroker.exe
C:\WINDOWS\SysWOW64\cmd.exe
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
C:\WINDOWS\SysWOW64\timeout.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Dolby\Dolby DAX2\DAX2_APP\DolbyDAX2TrayIcon.exe
C:\Users\Kathrin\AppData\Local\Microsoft\OneDrive\OneDrive.exe
C:\Users\Kathrin\AppData\Local\Microsoft\BingSvc\BingSvc.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Works Shared\WksCal.exe
C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe
C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
C:\Program Files (x86)\Microsoft Office\Office\WINWORD.EXE
C:\WINDOWS\splwow64.exe
C:\WINDOWS\system32\ApplicationFrameHost.exe
C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Secunia\PSI\PSI_TRAY.exe
C:\WINDOWS\system32\fontdrvhost.exe
svchost.exe
C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe
C:\Users\Kathrin\AppData\Local\Temp\~nsuA.tmp\Au_.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = Google
uLocal Page = %11%\blank.htm
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
uRun: [OneDrive] "C:\Users\Kathrin\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [BlueStacks Agent] C:\Program Files (x86)\BlueStacks\HD-Agent.exe
uRun: [SpybotPostWindows10UpgradeReInstall] "C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe"
uRun: [BingSvc] C:\Users\Kathrin\AppData\Local\Microsoft\BingSvc\BingSvc.exe
uRun: [lstrmn] rundll32.exe "C:\Users\Kathrin\AppData\Local\lstrmn.dll",lstrmn
uRunOnce: [Uninstall C:\Users\Kathrin\AppData\Local\Microsoft\OneDrive\17.3.6302.0225_1\amd64] C:\WINDOWS\System32\cmd.exe /q /c rmdir /s /q "C:\Users\Kathrin\AppData\Local\Microsoft\OneDrive\17.3.6302.0225_1\amd64"
mRun: [ProductUpdater] C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe
mRun: [PE2CKFNT SE] C:\Program Files (x86)\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe
mRun: [Avira SystrayStartTrigger] C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe
mRun: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
mRun: [avgnt] "C:\Program Files (x86)\Avira\Antivirus\avgnt.exe" /min
mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
mRun: [RealDownloader] C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe
mRun: [NBAgent] "C:\Program Files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe" /WinStart
mRunOnce: [AdBlock] "AdBlock.exe"
mRunOnce: [systwin] "systwin.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\ADOBEG~1.LNK - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\ERINNE~1.LNK - C:\Program Files (x86)\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\MICROS~1.LNK - C:\Program Files (x86)\Microsoft Office\Office\OSA9.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\PHOTOE~1.LNK - C:\Program Files (x86)\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\REALTI~1.LNK - C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpsystray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\WINZIP~1.LNK - C:\Program Files (x86)\WinZip\WZQKPICK.EXE
mPolicies-System: DSCAutomationHostEnabled = dword:2
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{792f63f7-9151-471c-8bd0-abcb5295e54b} : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{792f63f7-9151-471c-8bd0-abcb5295e54b}\64259445A51224F68702733333030235C4 : DHCPNameServer = 192.168.178.1
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
SSODL: WebCheck - <orphaned>
LSA: Security Packages =  ""
CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
x64-BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll
x64-BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Run: [RTHDVCPL] "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
x64-Run: [RtHDVBg_Dolby] "C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /FORPCEE4
x64-Run: [DAX2_APP] C:\Program Files\Dolby\Dolby DAX2\DAX2_APP\DolbyDAX2TrayIcon.exe -Hide
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
x64-Run: [ShadowPlay] "C:\WINDOWS\System32\rundll32.exe" C:\WINDOWS\System32\nvspcap64.dll,ShadowPlayOnSystemStart
x64-Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
x64-Run: [IDSCCOMBW4] "C:\Program Files (x86)\EasyHotspot\idsccom_BW4.exe"
x64-mPolicies-System: DSCAutomationHostEnabled = dword:2
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - /UserInstall
x64-mASetup: {89820200-ECBD-11cf-8B85-00AA005B4340} - U
x64-CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Kathrin\AppData\Roaming\Mozilla\Firefox\Profiles\8eidfwps.default-1462958608074\
FF - plugin: C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\npBrowserPlugin.dll
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_213.dll
.
============= SERVICES / DRIVERS ===============
.
R0 NBVol;Nero Backup Volume Filter Driver;C:\WINDOWS\System32\drivers\NBVol.sys [2016-4-8 72240]
R0 NBVolUp;Nero Backup Volume Upper Filter Driver;C:\WINDOWS\System32\drivers\NBVolUp.sys [2016-4-8 15920]
R0 WindowsTrustedRT;Windows Trusted Execution Environment Class Extension;C:\WINDOWS\System32\drivers\WindowsTrustedRT.sys [2015-10-30 106520]
R0 WindowsTrustedRTProxy;Microsoft Windows Trusted Runtime – Sicherer Dienst;C:\WINDOWS\System32\drivers\WindowsTrustedRTProxy.sys [2015-10-30 17944]
R0 Wof;Windows Overlay File System Filter Driver;C:\WINDOWS\System32\drivers\wof.sys [2015-10-30 199008]
R1 ahcache;Application Compatibility Cache;C:\WINDOWS\System32\drivers\ahcache.sys [2015-10-30 218624]
R1 avkmgr;avkmgr;C:\WINDOWS\System32\drivers\avkmgr.sys [2016-4-7 35488]
R1 FileCrypt;FileCrypt;C:\WINDOWS\System32\drivers\filecrypt.sys [2015-10-30 87040]
R1 GpuEnergyDrv;GPU Energy Driver;C:\WINDOWS\System32\drivers\gpuenergydrv.sys [2015-10-30 8192]
R2 AntiVirSchedulerService;Avira Planer;C:\Program Files (x86)\Avira\Antivirus\sched.exe [2016-4-7 466504]
R2 AntiVirService;Avira Echtzeit-Scanner;C:\Program Files (x86)\Avira\Antivirus\avguard.exe [2016-4-7 466504]
R2 avgntflt;avgntflt;C:\WINDOWS\System32\drivers\avgntflt.sys [2016-4-7 128664]
R2 Avira.ServiceHost;Avira Service Host;C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [2016-3-30 272304]
R2 avnetflt;avnetflt;C:\WINDOWS\System32\drivers\avnetflt.sys [2016-4-7 68936]
R2 CCDMonitorService;CCDMonitorService;C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe [2015-8-31 2860760]
R2 CoreMessagingRegistrar;CoreMessaging;C:\WINDOWS\System32\svchost.exe -k LocalServiceNoNetwork [2015-10-30 43944]
R2 DAX2API;Dolby DAX2 API Service;C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe [2015-9-15 176640]
R2 DiagTrack;Benutzererfahrung und Telemetrie im verbundenen Modus;C:\WINDOWS\System32\svchost.exe -k utcsvc [2015-10-30 43944]
R2 GfExperienceService;NVIDIA GeForce Experience Service;C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [2016-1-29 1163200]
R2 igfxCUIService2.0.0.0;Intel(R) HD Graphics Control Panel Service;C:\WINDOWS\System32\igfxCUIService.exe [2015-9-7 350312]
R2 IntelSSTSvc;Intel SST Parameter Service;C:\WINDOWS\System32\IntelSSTAPO\ParameterService\ParameterService.exe [2015-9-3 25928]
R2 isaHelperSvc;Intel(R) Security Assist Helper;C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [2015-5-19 7680]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2015-8-7 207648]
R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2016-1-29 1879488]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2016-1-29 2521024]
R2 storqosflt;QoS-Filter für Speicher – Treiber;C:\WINDOWS\System32\drivers\storqosflt.sys [2015-10-30 78848]
R2 tiledatamodelsvc;Kacheldaten-Modellserver;C:\WINDOWS\System32\svchost.exe -k appmodel [2015-10-30 43944]
R2 UserManager;Benutzer-Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
R3 AppXSvc;AppX-Bereitstellungsdienst (AppXSVC);C:\WINDOWS\System32\svchost.exe -k wsappx [2015-10-30 43944]
R3 BtFilter;BtFilter;C:\WINDOWS\System32\drivers\btfilter.sys [2015-8-31 592464]
R3 BthLEEnum;Treiber für energiearme Bluetooth-Geräte;C:\WINDOWS\System32\drivers\BthLEEnum.sys [2016-4-17 245760]
R3 ClipSVC;Clientlizenzdienst (ClipSVC);C:\WINDOWS\System32\svchost.exe -k wsappx [2015-10-30 43944]
R3 iaLPSS2i_I2C;Intel(R) Serial IO I2C Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_I2C.sys [2015-10-30 165888]
R3 IntcAudioBus;Intel(R) Smart Sound Technologie-Bus;C:\WINDOWS\System32\drivers\IntcAudioBus.sys [2016-1-29 188200]
R3 IntcDAud;Intel(R) Display-Audio;C:\WINDOWS\System32\drivers\IntcDAud.sys [2015-9-7 789768]
R3 IntcDMic;Intel® Smart Sound Technologie;C:\WINDOWS\System32\drivers\IntcDMic.sys [2016-1-29 585024]
R3 IntcOED;Intel(R) Smart Sound Technologie-OED;C:\WINDOWS\System32\drivers\IntcOED.sys [2016-1-29 580904]
R3 LMDriver;Launch Manager Wireless Driver;C:\WINDOWS\System32\drivers\LMDriver.sys [2015-9-4 21344]
R3 NcbService;Netzwerkverbindungsbroker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
R3 NdisVirtualBus;Enumerator für virtuelle Microsoft-Netzwerkadapter;C:\WINDOWS\System32\drivers\NdisVirtualBus.sys [2015-10-30 20480]
R3 NvStreamKms;NvStreamKms;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2016-1-29 26560]
R3 NvStreamNetworkSvc;NVIDIA Streamer Network Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [2016-1-29 3632576]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\WINDOWS\System32\drivers\nvvad64v.sys [2016-4-9 56384]
R3 Qcamain10x64;Qualcomm Atheros – erweiterbarer WLAN 11AC-Gerätetreiber;C:\WINDOWS\System32\drivers\Qcamain10x64.sys [2015-10-30 2327040]
R3 RadioShim;Shim for HID-KMDF Interface layer;C:\WINDOWS\System32\drivers\RadioShim.sys [2015-9-4 14688]
R3 rt640x64;Realtek RT640 NT Driver;C:\WINDOWS\System32\drivers\rt640x64.sys [2016-1-29 895256]
R3 RTSUER;Realtek USB Card Reader - UER;C:\WINDOWS\System32\drivers\RtsUer.sys [2016-1-29 411712]
R3 SensorService;Sensordienst;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
R3 StateRepository;StateRepository-Dienst;C:\WINDOWS\System32\svchost.exe -k appmodel [2015-10-30 43944]
R3 SynRMIHID;Synaptics HID Service;C:\WINDOWS\System32\drivers\SynRMIHID.sys [2015-11-3 47784]
R3 UEFI;UEFI-Treiber von Microsoft;C:\WINDOWS\System32\drivers\uefi.sys [2015-10-30 28512]
R3 wdiwifi;WDI Driver Framework;C:\WINDOWS\System32\drivers\WdiWiFi.sys [2016-4-17 694784]
S2 AntiVirMailService;Avira Email-Schutz;C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [2016-4-7 955736]
S2 AntiVirWebService;Avira Webschutz;C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [2016-4-7 1424880]
S2 BstHdDrv;BlueStacks Hypervisor;C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [2016-3-22 154680]
S2 DoSvc;Übermittlungsoptimierung;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S2 MapsBroker;Manager für heruntergeladene Karten;C:\WINDOWS\System32\svchost.exe -k NetworkService [2015-10-30 43944]
S3 ADP80XX;ADP80XX;C:\WINDOWS\System32\drivers\adp80xx.sys [2015-10-30 1135456]
S3 AJRouter;AllJoyn-Routerdienst;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-10-30 43944]
S3 AppReadiness;App-Vorbereitung;C:\WINDOWS\System32\svchost.exe -k AppReadiness [2015-10-30 43944]
S3 bcmfn;bcmfn Service;C:\WINDOWS\System32\drivers\bcmfn.sys [2015-10-30 9728]
S3 bcmfn2;bcmfn2 Service;C:\WINDOWS\System32\drivers\bcmfn2.sys [2015-10-30 9728]
S3 BthA2DP;Bluetooth-Stereo;C:\WINDOWS\System32\drivers\BthA2DP.sys [2015-10-30 165376]
S3 BthHFAud;Bluetooth-Freisprechen;C:\WINDOWS\System32\drivers\BthHfAud.sys [2015-10-30 36864]
S3 buttonconverter;Dienst für PDC (Portable Device Control)-Geräte;C:\WINDOWS\System32\drivers\buttonconverter.sys [2015-10-30 37376]
S3 CapImg;HID-Treiber für CapImg-Touchscreen;C:\WINDOWS\System32\drivers\capimg.sys [2016-2-13 117248]
S3 cplspcon;Intel(R) Content Protection HDCP Service;C:\WINDOWS\System32\IntelCpHDCPSvc.exe [2015-9-7 595560]
S3 DcpSvc;DataCollectionPublishingService;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S3 DevQueryBroker;Broker für DevQuery-Hintergrundermittlung;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\WINDOWS\System32\drivers\ssudbus.sys [2016-4-3 122160]
S3 diagnosticshub.standardcollector.service;Standardsammlungsdienst des Microsoft(R)-Diagnose-Hubs;C:\WINDOWS\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe [2015-10-30 31744]
S3 DmEnrollmentSvc;Registrierungsdienst für die Geräteverwaltung;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S3 dmwappushservice;dmwappushsvc;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S3 DsSvc;Datenfreigabedienst;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
S3 embeddedmode;embeddedmode;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
S3 EntAppSvc;Verwaltungsdienst für Unternehmens-Apps;C:\WINDOWS\System32\svchost.exe -k appmodel [2015-10-30 43944]
S3 ePowerSvc;ePower Service;C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [2015-5-14 2573568]
S3 EsgScanner;EsgScanner;C:\WINDOWS\System32\drivers\EsgScanner.sys [2016-5-10 22704]
S3 genericusbfn;Allgemeine Funktionsklasse (USB);C:\WINDOWS\System32\drivers\genericusbfn.sys [2015-10-30 20992]
S3 hidinterrupt;Allgemeiner Treiber für HID-Tasten mit Interruptimplementierung;C:\WINDOWS\System32\drivers\hidinterrupt.sys [2015-10-30 50016]
S3 iai2c;Intel(R) Serial IO I2C Host Controller;C:\WINDOWS\System32\drivers\iai2c.sys [2015-10-30 81408]
S3 iaLPSSi_GPIO;Intel(R) Serial IO GPIO-Controllertreiber;C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys [2015-10-30 38128]
S3 iaLPSSi_I2C;Intel(R)-I2C-Controllertreiber für serielle E/A;C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys [2015-10-30 113152]
S3 iaStorAV;Intel(R) SATA-RAID-Controller Windows;C:\WINDOWS\System32\drivers\iaStorAV.sys [2015-10-30 673120]
S3 ibbus;Mellanox InfiniBand Bus/AL (Filtertreiber);C:\WINDOWS\System32\drivers\ibbus.sys [2015-10-30 424800]
S3 icssvc;Windows-Dienst für mobile Hotspots;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2015-10-30 43944]
S3 IEEtwCollectorService;Internet Explorer ETW-Sammlungsdienst;C:\WINDOWS\System32\ieetwcollector.exe [2015-10-30 117760]
S3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2015-5-22 881152]
S3 Intel(R) Security Assist;Intel(R) Security Assist;C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [2015-5-19 335872]
S3 intelpep;Treiber für Intel(R)-Energiemodul-Plug-In;C:\WINDOWS\System32\drivers\intelpep.sys [2015-10-30 46432]
S3 IoQos;IoQos;C:\WINDOWS\System32\drivers\ioqos.sys [2015-10-30 26624]
S3 lfsvc;Geolocation-Dienst;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S3 LicenseManager;Windows-Lizenz-Manager-Dienst;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-10-30 43944]
S3 LSI_SAS2i;LSI_SAS2i;C:\WINDOWS\System32\drivers\lsi_sas2i.sys [2015-10-30 104800]
S3 LSI_SAS3i;LSI_SAS3i;C:\WINDOWS\System32\drivers\lsi_sas3i.sys [2015-10-30 99168]
S3 mlx4_bus;Mellanox ConnectX-Busenumerator;C:\WINDOWS\System32\drivers\mlx4_bus.sys [2015-10-30 705376]
S3 ndfltr;NetworkDirect-Dienst;C:\WINDOWS\System32\drivers\ndfltr.sys [2015-10-30 76128]
S3 NetSetupSvc;Netzwerkeinrichtungsdienst;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S3 netvsc;netvsc;C:\WINDOWS\System32\drivers\netvsc.sys [2015-10-30 108032]
S3 NgcCtnrSvc;Microsoft Passport-Container;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2015-10-30 43944]
S3 NgcSvc;Microsoft Passport;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
S3 percsas2i;percsas2i;C:\WINDOWS\System32\drivers\percsas2i.sys [2015-10-30 58208]
S3 percsas3i;percsas3i;C:\WINDOWS\System32\drivers\percsas3i.sys [2015-10-30 58720]
S3 PhoneSvc;Telefondienst;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-10-30 43944]
S3 QALSvc;Quick Access Local Service;C:\Program Files\Acer\Acer Quick Access\QALSvc.exe [2015-9-4 401248]
S3 QASvc;Quick Access Service;C:\Program Files\Acer\Acer Quick Access\QASvc.exe [2015-9-4 453984]
S3 Qcamain;Qualcomm Atheros Extensible Wireless LAN 11AC device driver;C:\WINDOWS\System32\drivers\Qcamainx64.sys [2015-7-10 2276352]
S3 ReFSv1;ReFSv1;C:\WINDOWS\System32\drivers\refsv1.sys [2015-10-30 930656]
S3 RetailDemo;Dienst für Einzelhandelsdemos;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S3 ScDeviceEnum;Smartcard-Geräteaufzählungsdienst;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
S3 SensorDataService;Sensordatendienst;C:\WINDOWS\System32\SensorDataService.exe [2015-10-30 1297408]
S3 SerCx2;Serial UART Support Library;C:\WINDOWS\System32\drivers\SerCx2.sys [2015-10-30 155488]
S3 smphost;Microsoft-SMP für Speicherplätze;C:\WINDOWS\System32\svchost.exe -k smphost [2015-10-30 43944]
S3 SmsRouter;Microsoft Windows SMS-Routerdienst.;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);C:\WINDOWS\System32\drivers\ssudmdm.sys [2016-4-3 214832]
S3 stornvme;Standardmäßiger NVM Express-Treiber von Microsoft;C:\WINDOWS\System32\drivers\stornvme.sys [2015-10-30 79200]
S3 storufs;Microsoft Universal Flash Storage (UFS)-Treiber;C:\WINDOWS\System32\drivers\storufs.sys [2015-10-30 34144]
S3 ThunderboltService;Thunderbolt(TM) Service;C:\Program Files (x86)\Intel\Thunderbolt Software\tbtsvc.exe [2015-8-4 1770136]
S3 TieringEngineService;Storage Tiers Management;C:\WINDOWS\System32\TieringEngineService.exe [2015-10-30 290304]
S3 UcmCx0101;USB Connector Manager KMDF Class Extension;C:\WINDOWS\System32\drivers\UcmCx.sys [2015-10-30 61952]
S3 UcmUcsi;USB-Connector-Manager-UCSI-Client;C:\WINDOWS\System32\drivers\UcmUcsi.sys [2015-10-30 46592]
S3 UdeCx;USB Device Emulation Support Library;C:\WINDOWS\System32\drivers\Udecx.sys [2015-10-30 45056]
S3 UEIPSvc;User Experience Improvement Program;C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe [2015-5-27 247040]
S3 Ufx01000;USB Function Class Extension;C:\WINDOWS\System32\drivers\ufx01000.sys [2016-4-17 258912]
S3 UfxChipidea;Chipidea-Controller (USB);C:\WINDOWS\System32\drivers\UfxChipidea.sys [2015-10-30 94048]
S3 ufxsynopsys;Synopsys-Controller (USB);C:\WINDOWS\System32\drivers\ufxsynopsys.sys [2015-10-30 131424]
S3 UrsChipidea;Chipidea USB Role-Switch-Treiber;C:\WINDOWS\System32\drivers\urschipidea.sys [2015-10-30 28512]
S3 UrsCx01000;USB Role-Switch Support Library;C:\WINDOWS\System32\drivers\urscx01000.sys [2015-10-30 57696]
S3 UrsSynopsys;Synopsys USB Role-Switch-Treiber;C:\WINDOWS\System32\drivers\urssynopsys.sys [2015-10-30 27488]
S3 UsoSvc;Orchestrator Service aktualisieren;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S3 vhf;Virtual HID Framework (VHF)-Treiber;C:\WINDOWS\System32\drivers\vhf.sys [2015-10-30 31744]
S3 vmicguestinterface;Hyper-V-Gastdienstschnittstelle;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
S3 vmicvmsession;Hyper-V-VM-Sitzungsdienst;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
S3 WalletService;WalletService;C:\WINDOWS\System32\svchost.exe -k appmodel [2015-10-30 43944]
S3 WdNisDrv;Treiber für Windows Defender-Netzwerkinspektionssystem;C:\WINDOWS\System32\drivers\WdNisDrv.sys [2015-10-30 118112]
S3 WdNisSvc;Windows Defender-Netzwerkinspektionsdienst;C:\Program Files\Windows Defender\NisSrv.exe [2015-10-30 364464]
S3 WEPHOSTSVC;Hostdienst für Windows Encryption Provider;C:\WINDOWS\System32\svchost.exe -k WepHostSvcGroup [2015-10-30 43944]
S3 WinMad;WinMad-Dienst;C:\WINDOWS\System32\drivers\winmad.sys [2015-10-30 26976]
S3 WinVerbs;WinVerbs-Dienst;C:\WINDOWS\System32\drivers\winverbs.sys [2015-10-30 59232]
S3 workfolderssvc;Arbeitsordner;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-10-30 43944]
S3 WpnService;Windows-Pushbenachrichtigungsdienst;C:\WINDOWS\System32\svchost.exe -k wswpnservice [2015-10-30 43944]
S3 WUDFWpdMtp;WUDFWpdMtp;C:\WINDOWS\System32\drivers\WUDFRd.sys [2015-10-30 216064]
S3 XblAuthManager;Xbox Live Authentifizierungs-Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S3 XblGameSave;Xbox Live-Spiele speichern;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S3 xboxgip;Xbox Game Input Protocol Driver;C:\WINDOWS\System32\drivers\xboxgip.sys [2016-4-17 238592]
S3 XboxNetApiSvc;Xbox Live-Netzwerkservice;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S3 xinputhid;XINPUT HID Filter Driver;C:\WINDOWS\System32\drivers\xinputhid.sys [2016-4-17 26112]
S4 Amazon 1Button App Service;Amazon 1Button App Service;C:\Program Files (x86)\Amazon\Amazon1ButtonApp\Amazon1ButtonService64.Exe [2016-2-17 436032]
S4 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe [2015-8-31 309328]
S4 BstHdAndroidSvc;BlueStacks Android Service;C:\Program Files (x86)\BlueStacks\HD-Service.exe [2016-3-22 437784]
S4 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [2016-3-22 417304]
S4 BstHdUpdaterSvc;BlueStacks Updater Service;C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [2016-3-22 917016]
S4 BthHFSrv;Bluetooth-Freisprechdienst;C:\WINDOWS\System32\svchost.exe -k LocalServiceAndNoImpersonation [2015-10-30 43944]
S4 c2cautoupdatesvc;Skype Click to Call Updater;C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2016-4-29 1433216]
S4 c2cpnrsvc;Skype Click to Call PNR Service;C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2016-4-29 1773696]
S4 CDPSvc;Plattformdienst für verbundene Geräte;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-10-30 43944]
S4 CLKMSVC10_99E320F5;CyberLink Product - 2016/01/29 04:51:45;C:\Program Files (x86)\CyberLink\PowerDVD12\Common\NavFilter\kmsvc.exe [2015-7-31 303544]
S4 DigitalWave.Update.Service;Digital Wave Update Service;C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe [2016-3-29 388968]
S4 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2016-3-4 210288]
S4 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2016-1-28 792944]
S4 Origin Client Service;Origin Client Service;D:\Programme\NFS\Origin\OriginClientService.exe [2016-4-22 2120712]
S4 RealPlayerUpdateSvc;RealPlayer Update Service;C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [2016-2-3 32544]
S4 RealTimes Desktop Service;RealTimes Desktop Service;C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe [2016-4-7 1095440]
S4 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2016-3-23 327808]
S4 tzautoupdate;Automatische Zeitzonenaktualisierung;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-10-30 43944]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=C:\WINDOWS\System32\NOTEPAD.EXE %1 [UserChoice]
.
=============== Created Last 30 ================
.
2016-05-11 10:32:18	688992	------r-	C:\Users\Kathrin\dds.exe
2016-05-11 10:26:41	--------	d-----w-	C:\Program Files (x86)\Secunia
2016-05-11 10:26:05	4002104	----a-w-	C:\Users\Kathrin\PSISetup005.exe
2016-05-11 05:48:50	--------	d-----w-	C:\Program Files (x86)\Spybot - Search & Destroy 2
2016-05-10 18:06:28	22704	----a-w-	C:\WINDOWS\System32\drivers\EsgScanner.sys
2016-05-10 17:06:40	303226	----a-w-	C:\WINDOWS\AdBlock.exe
2016-05-10 17:06:29	--------	d-----w-	C:\Users\Kathrin\AppData\Local\Tempfolder
2016-05-10 17:06:25	305980	----a-w-	C:\WINDOWS\systwin.exe
2016-05-10 17:06:25	--------	d-----w-	C:\Program Files\VamisUn
2016-05-10 17:06:24	--------	d-----w-	C:\Program Files\Vamis
2016-05-10 17:05:55	--------	d-----w-	C:\Users\Kathrin\AppData\Roaming\Brotsoft
2016-05-10 17:05:23	--------	d-----w-	C:\Program Files\Caster
2016-05-10 17:04:48	187904	----a-w-	C:\WINDOWS\rsrcs.dll
2016-05-10 17:03:33	764416	--sh--w-	C:\WINDOWS\SysWow64\devil.dll
2016-05-10 17:03:32	415744	--sh--w-	C:\WINDOWS\SysWow64\avisynth.dll
2016-05-10 17:03:32	32256	--sh--w-	C:\WINDOWS\SysWow64\AVSredirect.dll
2016-05-10 17:03:31	70656	--sh--w-	C:\WINDOWS\SysWow64\yv12vfw.dll
2016-05-10 17:03:30	70656	--sh--w-	C:\WINDOWS\SysWow64\i420vfw.dll
2016-04-25 10:55:35	180	----a-w-	C:\WINDOWS\System32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2016-04-18 17:55:30	--------	d-----w-	C:\ProgramData\vsosdk
2016-04-18 17:15:15	--------	d-----w-	C:\Users\Kathrin\AppData\Roaming\21629
2016-04-18 15:07:53	--------	d-----w-	C:\WINDOWS\System32\SleepStudy
2016-04-17 14:59:24	--------	d-----w-	C:\Users\Kathrin\AppData\Local\Diagnostics
2016-04-17 14:57:43	--------	d-----w-	C:\Users\Kathrin\AppData\Roaming\NVIDIA
2016-04-17 14:54:11	--------	dc----w-	C:\WINDOWS\Panther
2016-04-17 14:53:21	--------	d-----w-	C:\Users\Kathrin\AppData\Roaming\DVDFab9
2016-04-17 14:52:39	--------	d-----w-	C:\Windows.old
2016-04-17 14:48:29	--------	d-----w-	C:\WINDOWS\SysWow64\XPSViewer
2016-04-17 14:48:12	778936	----a-w-	C:\WINDOWS\SysWow64\PresentationNative_v0300.dll
2016-04-17 14:48:12	35480	----a-w-	C:\WINDOWS\SysWow64\TsWpfWrp.exe
2016-04-17 14:48:12	103120	----a-w-	C:\WINDOWS\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2016-04-17 14:48:11	35480	----a-w-	C:\WINDOWS\System32\TsWpfWrp.exe
2016-04-17 14:48:11	124624	----a-w-	C:\WINDOWS\System32\PresentationCFFRasterizerNative_v0300.dll
2016-04-17 14:48:11	1166520	----a-w-	C:\WINDOWS\System32\PresentationNative_v0300.dll
2016-04-17 14:48:06	304752	----a-w-	C:\WINDOWS\System32\systemreset.exe
2016-04-17 14:48:06	1087488	----a-w-	C:\WINDOWS\System32\reseteng.dll
2016-04-17 14:41:10	--------	d--h--w-	C:\ProgramData\tks
2016-04-17 14:40:50	--------	d-----w-	C:\Users\Kathrin\AppData\Roaming\log
2016-04-17 14:04:20	--------	d-----w-	C:\Users\Kathrin\AppData\Local\ActiveSync
2016-04-17 13:55:55	--------	d-----w-	C:\ProgramData\Dolby
2016-04-17 13:54:55	--------	d-----w-	C:\Program Files (x86)\Common Files\Intel
2016-04-17 13:30:55	--------	d-----w-	C:\ProgramData\VSO
2016-04-16 10:44:45	--------	d-----w-	C:\Users\Kathrin\AppData\Roaming\LibreOffice
2016-04-14 16:12:06	--------	d--h--w-	C:\Program Files (x86)\Common Files\EAInstaller
2016-04-14 15:44:49	--------	d-----w-	C:\Users\Kathrin\AppData\Roaming\Origin
2016-04-14 15:44:45	--------	d-----w-	C:\Users\Kathrin\AppData\Local\Origin
2016-04-14 15:38:33	--------	d-----w-	C:\ProgramData\Origin
2016-04-14 15:38:33	--------	d-----w-	C:\ProgramData\Electronic Arts
.
==================== Find3M  ====================
.
2016-05-10 20:42:05	190664	------w-	C:\WINDOWS\System32\drivers\rikvm_99E320F5.sys
2016-04-17 13:55:48	1148427	----a-w-	C:\WINDOWS\System32\drivers\rtkhdasetting.zip
2016-04-17 13:55:29	200	----a-w-	C:\WINDOWS\System32\{EC94D02F-D200-4428-9531-05AF7F9799CB}.bat
2016-04-07 12:42:50	505584	----a-w-	C:\WINDOWS\SysWow64\msvcp71.dll
2016-04-07 12:42:50	354032	----a-w-	C:\WINDOWS\SysWow64\msvcr71.dll
2016-04-03 17:09:36	716928	----a-w-	C:\WINDOWS\System32\WinUSBCoInstaller.dll
2016-04-03 17:09:36	1499408	----a-w-	C:\WINDOWS\System32\WdfCoInstaller01007.dll
2016-04-03 17:09:32	214832	----a-w-	C:\WINDOWS\System32\drivers\ssudmdm.sys
2016-04-03 17:09:20	122160	----a-w-	C:\WINDOWS\System32\drivers\ssudbus.sys
2016-03-30 01:06:04	1373680	----a-w-	C:\WINDOWS\SysWow64\nvspcap.dll
2016-03-30 01:06:04	1316000	----a-w-	C:\WINDOWS\SysWow64\nvspbridge.dll
2016-03-30 01:05:35	1767248	----a-w-	C:\WINDOWS\System32\nvspcap64.dll
2016-03-30 01:05:35	1756424	----a-w-	C:\WINDOWS\System32\nvspbridge64.dll
2016-03-30 01:05:35	112216	----a-w-	C:\WINDOWS\System32\NvRtmpStreamer64.dll
2016-03-29 22:55:58	16148	----a-w-	C:\WINDOWS\System32\LAPTOP-6F6KLGRQ_defaultuser0_HistoryPrediction.bin
2016-03-21 20:01:36	56384	----a-w-	C:\WINDOWS\System32\drivers\nvvad64v.sys
2016-03-21 20:01:28	109632	----a-w-	C:\WINDOWS\System32\nvaudcap64v.dll
2016-03-21 20:01:28	100416	----a-w-	C:\WINDOWS\SysWow64\nvaudcap32v.dll
2016-02-22 14:44:45	68936	----a-w-	C:\WINDOWS\System32\drivers\avnetflt.sys
2016-02-22 14:44:44	35488	----a-w-	C:\WINDOWS\System32\drivers\avkmgr.sys
2016-02-22 14:44:41	128664	----a-w-	C:\WINDOWS\System32\drivers\avgntflt.sys
2016-02-13 17:11:57	38912	----a-w-	C:\WINDOWS\System32\rfxvmt.dll
2016-02-13 17:11:56	512512	----a-w-	C:\WINDOWS\System32\SnippingTool.exe
2016-02-13 17:11:56	24576	----a-w-	C:\WINDOWS\System32\inetppui.dll
2016-02-13 17:11:56	21504	----a-w-	C:\WINDOWS\System32\wpnpinst.exe
2016-02-13 17:11:56	167936	----a-w-	C:\WINDOWS\System32\inetpp.dll
2016-02-13 17:11:55	78848	----a-w-	C:\WINDOWS\System32\DFDWiz.exe
2016-02-13 17:11:55	3608064	----a-w-	C:\WINDOWS\System32\InkAnalysis.dll
2016-02-13 17:03:00	2088960	----a-w-	C:\WINDOWS\System32\NlsData0007.dll
2016-02-13 17:03:00	12039680	----a-w-	C:\WINDOWS\SysWow64\NlsLexicons0007.dll
2016-02-13 17:03:00	12039680	----a-w-	C:\WINDOWS\System32\NlsLexicons0007.dll
2016-02-13 16:58:12	14848	----a-w-	C:\WINDOWS\SysWow64\drivers\de-DE\NdisImPlatform.sys.mui
2016-02-13 16:58:11	8704	----a-w-	C:\WINDOWS\SysWow64\drivers\en-US\fwpkclnt.sys.mui
2016-02-13 16:58:11	7680	----a-w-	C:\WINDOWS\SysWow64\drivers\de-DE\ndiscap.sys.mui
2016-02-13 16:58:11	4096	----a-w-	C:\WINDOWS\SysWow64\drivers\de-DE\wfplwfs.sys.mui
2016-02-13 16:58:11	3072	----a-w-	C:\WINDOWS\SysWow64\drivers\UMDF\de-DE\SensorsCx.dll.mui
2014-03-07 10:03:58	293888	--sha-r-	C:\WINDOWS\SysWOW64\avcodec-lav-1321.dll
2014-03-07 10:03:58	3109520	--sha-r-	C:\WINDOWS\SysWOW64\avcodec-lav-55.dll
2014-03-07 10:03:58	98960	--sha-r-	C:\WINDOWS\SysWOW64\avfilter-lav-4.dll
2014-03-07 10:03:58	550032	--sha-r-	C:\WINDOWS\SysWOW64\avformat-lav-55.dll
2009-09-27 07:39:26	415744	--sh--w-	C:\WINDOWS\SysWOW64\avisynth.dll
2014-03-07 10:03:58	59536	--sha-r-	C:\WINDOWS\SysWOW64\avresample-lav-1.dll
2005-07-14 10:31:20	32256	--sh--w-	C:\WINDOWS\SysWOW64\AVSredirect.dll
2014-03-07 10:03:58	181392	--sha-r-	C:\WINDOWS\SysWOW64\avutil-lav-52.dll
2004-02-22 08:11:08	764416	--sh--w-	C:\WINDOWS\SysWOW64\devil.dll
2014-03-07 10:03:58	122512	--sha-r-	C:\WINDOWS\SysWOW64\HLaudio.dll
2014-03-07 10:03:58	203408	--sha-r-	C:\WINDOWS\SysWOW64\HLsplit.dll
2014-03-07 10:03:58	313520	--sha-r-	C:\WINDOWS\SysWOW64\HLvideo.dll
2004-01-24 22:00:00	70656	--sh--w-	C:\WINDOWS\SysWOW64\i420vfw.dll
2014-03-07 10:03:58	166544	--sha-r-	C:\WINDOWS\SysWOW64\IntelQuickSyncDecoder.dll
2014-03-07 10:03:58	109712	--sha-r-	C:\WINDOWS\SysWOW64\libbluray.dll
2011-02-11 09:26:20	112128	--sha-r-	C:\WINDOWS\SysWOW64\OptimFROG.dll
2014-03-07 10:03:58	118416	--sha-r-	C:\WINDOWS\SysWOW64\swscale-lav-2.dll
2010-01-06 23:00:00	107520	--sha-r-	C:\WINDOWS\SysWOW64\TAKDSDecoder.dll
2012-10-05 18:54:00	188416	--sha-r-	C:\WINDOWS\SysWOW64\winDCE32.dll
2004-01-24 22:00:00	70656	--sh--w-	C:\WINDOWS\SysWOW64\yv12vfw.dll
.
============= FINISH: 12:32:43,87 ===============

--- --- ---

Code:

ATTFilter

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 10 Home
Boot Device: \Device\HarddiskVolume1
Install Date: 17.04.2016 16:02:17
System Uptime: 11.05.2016 12:16:19 (0 hours ago)
.
Motherboard: Acer |  | Aspire VN7-792G
Processor: Intel(R) Core(TM) i7-6700HQ CPU @ 2.60GHz | U3E1 | 2600/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 238 GiB total, 149,026 GiB free.
D: is FIXED (NTFS) - 932 GiB total, 917,976 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1: 11.05.2016 12:03:31 - JRT Pre-Junkware Removal
.
==== Installed Programs ======================
.
 DriverSetupUtility
12 Labours of Hercules III: Girl Power
abFiles
abPhoto
Acer Care Center
Acer Explorer Agent
Acer Portal
Acer Power Management
Acer Quick Access
Acer UEIP Framework
Adobe Acrobat Reader DC - Deutsch
Adobe Flash Player 21 NPAPI
Adobe Photoshop 6.0
Adobe SVG Viewer
AnyDVD
AOP Framework
Avira Antivirus
Avira Launcher
BlueStacks App Player
Canon Easy-PhotoPrint EX
Canon iP4800 series Benutzerregistrierung
Canon iP4800 series Printer Driver
Canon My Printer
Canon Solution Menu EX
Caster
CD-LabelPrint
CIB pdf brewer
CloneDVD2
Counter-Strike: Global Offensive
CyberLink PowerDVD 12
Dolby Audio X2 Windows API SDK
Dolby Audio X2 Windows APP
Exact Audio Copy 1.0beta3
Game Explorer Categories - genres
Game Explorer Categories - main
High-Definition Video Playback
Home Makeover
Intel(R) Chipset Device Software
Intel(R) Management Engine Components
Intel(R) ME UninstallLegacy
Intel(R) Processor Graphics
Intel(R) Serial IO
Intel® Chipsatz-Gerätesoftware
Intel® Security Assist
Intel® Trusted Connect Service Client
Jewel Match 3
Jewel Match Snowscapes
LibreOffice 5.0.5.2
Magic Academy
Microsoft PowerPoint Viewer 97
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005
Microsoft Word 2000
Microsoft Works 2000
MixPad Audiodatei-Mixer
Mozilla Firefox 46.0.1 (x86 de)
Mozilla Maintenance Service
Mozilla Thunderbird 38.7.1 (x86 de)
Need for Speed™ Most Wanted
Need for Speed™ Rivals
Nero 11
Nero 11 Cliparts
Nero 11 Disc Menus 1
Nero 11 Disc Menus 2
Nero 11 Disc Menus 3
Nero 11 Image Samples
Nero 11 Kwik Themes 1
Nero 11 Kwik Themes 2
Nero 2016
Nero Audio Pack 1
Nero BackItUp 11
Nero BackItUp 11 Help (CHM)
Nero Backup Drivers
Nero Burning Core
Nero Burning ROM
Nero Burning ROM 11
Nero Burning ROM 11 Help (CHM)
Nero ControlCenter
Nero ControlCenter 11 Help (CHM)
Nero Core Components
Nero CoverDesigner
Nero CoverDesigner 11
Nero CoverDesigner 11 Help (CHM)
Nero Device Updates
Nero Disc Menus Basic
Nero Disc to Device
Nero Effects Basic
Nero Express
Nero Express 11
Nero Express 11 Help (CHM)
Nero Info
Nero Kwik Media Help (CHM)
Nero Kwik Themes Basic
Nero Launcher
Nero MediaHome
Nero PiP Effects Basic
Nero Recode
Nero Recode 11
Nero Recode 11 Help (CHM)
Nero RescueAgent
Nero RescueAgent 11
Nero RescueAgent 11 Help (CHM)
Nero SharedVideoCodecs
Nero SoundTrax 11
Nero SoundTrax 11 Help (CHM)
Nero Update
Nero Video
Nero Video 11
Nero Video 11 Help (CHM)
Nero Video Samples
Nero WaveEditor 11
Nero WaveEditor 11 Help (CHM)
nero.prerequisites.msi
NetStream 1.0
NVIDIA GeForce Experience 2.11.2.55
NVIDIA GeForce Experience Service
NVIDIA Grafiktreiber 353.62
NVIDIA Install Application
NVIDIA LED Visualizer 1.0
NVIDIA Network Service
NVIDIA Optimus Update 2.11.2.55
NVIDIA PhysX-Systemsoftware 9.15.0428
NVIDIA ShadowPlay 2.11.2.55
NVIDIA Systemsteuerung 353.62
NVIDIA Update 2.11.2.55
NVIDIA Update Core
NVIDIA Virtual Audio 1.2.37
OpenOffice 4.0.1
Origin
Polar Bowler 1st Frame
Prerequisite installer
Qualcomm Atheros 11ac Wireless LAN&Bluetooth Installer
RealDownloader
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealNetworks - Microsoft Visual C++ 2010 Runtime
RealPlayer (RealTimes)
Realtek Card Reader
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
RealUpgrade 1.1
Revo Uninstaller 1.95
Rory's Restaurant
Runefall
SHIELD Streaming
SHIELD Wireless Controller Driver
Skype Click to Call
Skype™ 7.22
Stashimi Stub Installer
Steam
TeamSpeak 3 Client
Thunderbolt(TM) Software
Ulead Photo Express 2.0 SE
Unlocker 1.9.1-x64
Update Installer for WildTangent Games App
UpdateService
Vegas World
Video Downloader
Villagers and Heroes
VLC media player
WavePad Audio-Editor
welcome
WildTangent Games
WildTangent Games App
WinRAR archiver
WinZip
.
==== End Of File ===========================

manu1909 · 11.05.2016, 17:28

und jetzt das von Farbar

Code:

ATTFilter

Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:09-05-2016
durchgeführt von Kathrin (Administrator) auf LAPTOP-6F6KLGRQ (11-05-2016 14:44:29)
Gestartet von C:\Users\Kathrin
Geladene Profile: Kathrin (Verfügbare Profile: Kathrin & Administrator)
Platform: Windows 10 Home Version 1511 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: Edge)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\IntelSSTAPO\ParameterService\ParameterService.exe
(Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
() C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
() C:\Program Files\Dolby\Dolby DAX2\DAX2_APP\DolbyDAX2TrayIcon.exe
(© 2015 Microsoft Corporation) C:\Users\Kathrin\AppData\Local\Microsoft\BingSvc\BingSvc.exe
(Microsoft® Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
(Microsoft® Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Works Shared\WksCal.exe
() C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe
(Mischel Internet Security) C:\Program Files (x86)\TrojanHunter\THGuard.exe
(Microsoft Corporation) C:\Windows\SysWOW64\timeout.exe


==================== Registry (Nicht auf der Ausnahmeliste) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16404224 2015-09-23] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1407744 2015-09-23] (Realtek Semiconductor)
HKLM\...\Run: [DAX2_APP] => C:\Program Files\Dolby\Dolby DAX2\DAX2_APP\DolbyDAX2TrayIcon.exe [628736 2015-06-16] ()
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2396096 2016-03-30] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2726728 2010-03-25] (CANON INC.)
HKLM\...\Run: [IDSCCOMBW4] => "C:\Program Files (x86)\EasyHotspot\idsccom_BW4.exe"
HKLM-x32\...\Run: [ProductUpdater] => C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe [75264 2016-03-29] ()
HKLM-x32\...\Run: [PE2CKFNT SE] => C:\Program Files (x86)\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe [25088 1998-07-03] ()
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [66328 2016-03-04] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [CanonSolutionMenuEx] => C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1185112 2010-04-02] (CANON INC.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [807392 2016-02-22] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe [286960 2016-04-07] (RealNetworks, Inc.)
HKLM-x32\...\Run: [RealDownloader] => C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe [712432 2016-02-03] ()
HKLM-x32\...\Run: [NBAgent] => C:\Program Files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe [1485096 2011-07-15] (Nero AG)
HKLM-x32\...\Run: [THGuard] => C:\Program Files (x86)\TrojanHunter\THGuard.exe [1082832 2015-06-18] (Mischel Internet Security)
HKLM-x32\...\RunOnce: [AdBlock] => "AdBlock.exe"
HKLM-x32\...\RunOnce: [systwin] => "systwin.exe"
HKU\S-1-5-21-2111153517-3428240612-1731616733-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3077712 2016-04-30] (Valve Corporation)
HKU\S-1-5-21-2111153517-3428240612-1731616733-1001\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [949784 2016-03-22] (BlueStack Systems, Inc.)
HKU\S-1-5-21-2111153517-3428240612-1731616733-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-2111153517-3428240612-1731616733-1001\...\Run: [BingSvc] => C:\Users\Kathrin\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2016-03-31] (© 2015 Microsoft Corporation)
HKU\S-1-5-21-2111153517-3428240612-1731616733-1001\...\Run: [lstrmn] => rundll32.exe "C:\Users\Kathrin\AppData\Local\lstrmn.dll",lstrmn <===== ACHTUNG
HKU\S-1-5-21-2111153517-3428240612-1731616733-1001\...\RunOnce: [Uninstall C:\Users\Kathrin\AppData\Local\Microsoft\OneDrive\17.3.6302.0225_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Kathrin\AppData\Local\Microsoft\OneDrive\17.3.6302.0225_1\amd64"
ShellIconOverlayIdentifiers: [ ACloudSynced] -> {5CCE71FA-9F61-4F24-9CD1-98D819B40D68} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2016-04-20] (Acer Incorporated)
ShellIconOverlayIdentifiers: [ ACloudSyncing] -> {C1E1456F-C2D8-4C96-870D-35F1E13941EE} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2016-04-20] (Acer Incorporated)
ShellIconOverlayIdentifiers: [ ACloudToBeSynced] -> {307523FA-DDC0-4068-983F-2A6B34627744} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2016-04-20] (Acer Incorporated)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk [2016-03-29]
ShortcutTarget: Adobe Gamma Loader.exe.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Erinnerungen für Microsoft Works-Kalender.lnk [2016-04-07]
ShortcutTarget: Erinnerungen für Microsoft Works-Kalender.lnk -> C:\Program Files (x86)\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe (Microsoft® Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk [2016-04-07]
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Photo Express Calendar Checker SE.lnk [2016-03-29]
ShortcutTarget: Photo Express Calendar Checker SE.lnk -> C:\Program Files (x86)\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe (Ulead Systems, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealTimes.lnk [2016-04-07]
ShortcutTarget: RealTimes.lnk -> C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpsystray.exe (RealNetworks, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk [2016-03-29]
ShortcutTarget: WinZip Quick Pick.lnk -> C:\Program Files (x86)\WinZip\WZQKPICK.EXE (WinZip Computing LP)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{792f63f7-9151-471c-8bd0-abcb5295e54b}: [DhcpNameServer] 192.168.2.1

Internet Explorer:
==================
HKU\S-1-5-21-2111153517-3428240612-1731616733-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer15.msn.com/?pc=ACTE
SearchScopes: HKU\S-1-5-21-2111153517-3428240612-1731616733-1001 -> DefaultScope {D540B3BD-01A8-4223-BC5B-7AF2D3302DFA} URL = hxxp://www.bing.com/search?FORM=SK2MDF&PC=SK2M&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2111153517-3428240612-1731616733-1001 -> {D540B3BD-01A8-4223-BC5B-7AF2D3302DFA} URL = hxxp://www.bing.com/search?FORM=SK2MDF&PC=SK2M&q={searchTerms}&src=IE-SearchBox
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll [2016-02-03] (RealDownloader)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-04-29] (Microsoft Corporation)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2016-02-03] (RealDownloader)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-04-29] (Microsoft Corporation)
Handler-x32: http - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: http - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: https - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: https - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: ipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-04-29] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-04-29] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Kathrin\AppData\Roaming\Mozilla\Firefox\Profiles\8eidfwps.default-1462958608074
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_213.dll [2016-04-16] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_213.dll [2016-04-16] ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2010-04-15] (CANON INC.)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [Keine Datei]
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [Keine Datei]
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2016-02-29] (Nero AG)
FF Plugin-x32: @real.com/nppl3260;version=18.1.3.100 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll [2016-04-07] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=18.1.3.100 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll [2016-04-07] (RealPlayer)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2016-03-04] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-02-26] (Adobe Systems Inc.)
FF Extension: Deutsch (DE) Language Pack - C:\Users\Kathrin\AppData\Roaming\Mozilla\Firefox\Profiles\8eidfwps.default-1462958608074\Extensions\langpack-de@firefox.mozilla.org.xpi [2016-05-11]
FF Extension: Mozilla Partner Defaults - C:\Users\Kathrin\AppData\Roaming\Mozilla\Firefox\Profiles\8eidfwps.default-1462958608074\Extensions\partnerdefaults@mozilla.com [2016-05-11]
FF Extension: Adblock Plus - C:\Users\Kathrin\AppData\Roaming\Mozilla\Firefox\Profiles\8eidfwps.default-1462958608074\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-05-11]
FF Extension: Skype - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2016-04-29]

Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx

==================== Dienste (Nicht auf der Ausnahmeliste) ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S4 Amazon 1Button App Service; c:\Program Files (x86)\Amazon\Amazon1ButtonApp\Amazon1ButtonService64.Exe [436032 2016-02-17] (Amazon Inc.)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [955736 2016-02-22] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [466504 2016-02-22] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [466504 2016-02-22] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1424880 2016-02-22] (Avira Operations GmbH & Co. KG)
S4 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [309328 2015-08-31] (Qualcomm Atheros)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [272304 2016-03-30] (Avira Operations GmbH & Co. KG)
S4 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [437784 2016-03-22] (BlueStack Systems, Inc.)
S4 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [417304 2016-03-22] (BlueStack Systems, Inc.)
S4 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [917016 2016-03-22] (BlueStack Systems, Inc.)
S4 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2016-04-29] (Microsoft Corporation)
S4 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2016-04-29] (Microsoft Corporation)
R2 CCDMonitorService; C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe [2860760 2016-04-18] (Acer Incorporated)
S4 CLKMSVC10_99E320F5; C:\Program Files (x86)\CyberLink\PowerDVD12\Common\NavFilter\kmsvc.exe [303544 2015-07-31] (CyberLink)
S3 cplspcon; C:\Windows\system32\IntelCpHDCPSvc.exe [595560 2015-09-05] (Intel Corporation)
R2 DAX2API; C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe [176640 2015-09-15] () [Datei ist nicht signiert]
S4 DigitalWave.Update.Service; C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe [388968 2016-03-28] (Digital Wave Ltd.)
S3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [2573568 2015-05-14] (Acer Incorporated)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1163200 2016-03-30] (NVIDIA Corporation)
R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [350312 2015-09-05] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel(R) Corporation)
R3 Intel(R) Security Assist; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [Datei ist nicht signiert]
R2 IntelSSTSvc; C:\WINDOWS\system32\IntelSSTAPO\ParameterService\ParameterService.exe [25928 2015-09-03] (Intel Corporation)
S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [7680 2015-05-19] () [Datei ist nicht signiert]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [207648 2015-08-07] (Intel Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-03-30] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3632576 2016-03-30] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2521024 2016-03-30] (NVIDIA Corporation)
S4 Origin Client Service; D:\Programme\NFS\Origin\OriginClientService.exe [2120712 2016-04-22] (Electronic Arts)
S3 QALSvc; C:\Program Files\Acer\Acer Quick Access\QALSvc.exe [401248 2015-09-04] (Acer Incorporated)
S3 QASvc; C:\Program Files\Acer\Acer Quick Access\QASvc.exe [453984 2015-09-04] (Acer Incorporated)
S4 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [32544 2016-02-03] ()
S4 RealTimes Desktop Service; C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe [1095440 2016-04-07] (RealNetworks, Inc.)
S3 ThunderboltService; C:\Program Files (x86)\Intel\Thunderbolt Software\tbtsvc.exe [1770136 2015-08-04] (Intel Corporation)
S3 UEIPSvc; C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe [247040 2015-05-27] (acer)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)

===================== Treiber (Nicht auf der Ausnahmeliste) ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [150440 2015-12-28] (SlySoft, Inc.)
R3 AnyDVD; C:\Windows\SysWOW64\Drivers\AnyDVD.sys [150440 2015-12-28] (SlySoft, Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [128664 2016-02-22] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [137952 2016-02-22] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [35488 2016-02-22] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [68936 2016-02-22] (Avira Operations GmbH & Co. KG)
S2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [154680 2016-03-22] (BlueStack Systems)
S3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [165376 2015-10-30] (Microsoft Corporation)
S3 BthHFAud; C:\Windows\system32\DRIVERS\BthHfAud.sys [36864 2015-10-30] (Microsoft Corporation)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2016-05-10] ()
R3 IntcAudioBus; C:\Windows\System32\drivers\IntcAudioBus.sys [188200 2015-09-05] (Intel(R) Corporation)
R3 IntcDMic; C:\Windows\system32\DRIVERS\IntcDMic.sys [585024 2015-09-14] (Intel(R) Corporation)
R3 IntcOED; C:\Windows\System32\drivers\IntcOED.sys [580904 2015-09-05] (Intel(R) Corporation)
R3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21344 2015-09-04] (Acer Incorporated)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverW8x64.sys [184608 2015-07-28] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-03-30] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [56384 2016-03-21] (NVIDIA Corporation)
S3 Qcamain; C:\Windows\System32\drivers\Qcamainx64.sys [2276352 2015-07-10] (Qualcomm Atheros, Inc.) [Datei ist nicht signiert]
R3 Qcamain10x64; C:\Windows\System32\drivers\Qcamain10x64.sys [2327040 2015-10-30] (Qualcomm Atheros, Inc.)
R3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [14688 2015-09-04] (Acer Incorporated)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [895256 2015-06-23] (Realtek                                            )
R3 RTSUER; C:\Windows\system32\Drivers\RtsUer.sys [411712 2015-05-19] (Realsil Semiconductor Corporation)
R3 SynRMIHID; C:\Windows\system32\DRIVERS\SynRMIHID.sys [47784 2015-07-29] (Synaptics Incorporated)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-05-11 14:44 - 2016-05-11 14:44 - 00024266 _____ C:\Users\Kathrin\FRST.txt
2016-05-11 14:44 - 2016-05-11 14:44 - 00000000 ____D C:\FRST
2016-05-11 14:42 - 2016-05-11 14:42 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Kathrin\revosetup95.exe
2016-05-11 14:42 - 2016-05-11 14:42 - 00001345 _____ C:\Users\Kathrin\Desktop\Revo Uninstaller.lnk
2016-05-11 14:42 - 2016-05-11 14:42 - 00000000 ____D C:\Users\Kathrin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2016-05-11 14:40 - 2016-05-11 14:44 - 02381312 _____ (Farbar) C:\Users\Kathrin\FRST64.exe
2016-05-11 13:38 - 2016-05-11 13:38 - 00001132 _____ C:\Users\Kathrin\Desktop\TrojanHunter.lnk
2016-05-11 13:38 - 2016-05-11 13:38 - 00000000 ____D C:\ProgramData\TrojanHunter
2016-05-11 13:38 - 2016-05-11 13:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TrojanHunter
2016-05-11 13:38 - 2016-05-11 13:38 - 00000000 ____D C:\Program Files (x86)\TrojanHunter
2016-05-11 13:32 - 2016-05-11 13:34 - 00000000 ____D C:\Users\Kathrin\AppData\Roaming\AVAST Software
2016-05-11 12:51 - 2016-05-11 13:38 - 04069672 _____ (Bytelayer AB ) C:\Users\Kathrin\TrojanHunterSetup.exe
2016-05-11 12:38 - 2016-05-11 12:38 - 02870984 _____ (ESET) C:\Users\Kathrin\esetsmartinstaller_deu.exe
2016-05-11 12:38 - 2016-05-11 12:38 - 00000000 ____D C:\Program Files (x86)\ESET
2016-05-11 12:32 - 2016-05-11 12:32 - 00037941 _____ C:\Users\Kathrin\Desktop\dds.txt
2016-05-11 12:32 - 2016-05-11 12:32 - 00005641 _____ C:\Users\Kathrin\Desktop\attach.txt
2016-05-11 12:26 - 2016-05-11 12:26 - 00000000 ____D C:\Program Files (x86)\Secunia
2016-05-11 11:48 - 2016-05-11 11:48 - 00001242 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-05-11 11:48 - 2016-05-11 11:48 - 00001230 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-05-11 11:44 - 2016-05-11 11:44 - 00004130 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{BDC482B3-08DE-4C14-B5A3-3AA2DB359EF2}
2016-05-11 07:48 - 2016-05-11 11:08 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2016-05-10 20:09 - 2016-05-10 20:09 - 00000000 _____ C:\autoexec.bat
2016-05-10 20:06 - 2016-05-10 20:06 - 00022704 _____ C:\WINDOWS\system32\Drivers\EsgScanner.sys
2016-05-10 19:10 - 2016-05-10 19:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-05-10 19:10 - 2016-05-10 19:10 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-05-10 19:06 - 2016-05-11 13:22 - 00000000 ____D C:\Program Files\Vamis
2016-05-10 19:06 - 2016-05-10 19:58 - 00000000 ____D C:\Program Files\VamisUn
2016-05-10 19:06 - 2016-05-10 19:06 - 00000000 ____D C:\Users\Kathrin\AppData\Local\Tempfolder
2016-05-10 19:06 - 2016-05-07 13:33 - 00305980 _____ ( ) C:\WINDOWS\systwin.exe
2016-05-10 19:06 - 2016-05-07 00:14 - 00303226 _____ ( ) C:\WINDOWS\AdBlock.exe
2016-05-10 19:05 - 2016-05-10 21:25 - 00000000 ____D C:\Program Files\Caster
2016-05-10 19:05 - 2016-05-10 19:05 - 00000000 ____D C:\Users\Kathrin\AppData\Roaming\Brotsoft
2016-05-10 19:04 - 2016-05-10 19:04 - 00187904 _____ C:\WINDOWS\rsrcs.dll
2016-05-10 19:03 - 2009-09-27 09:39 - 00415744 ___SH (The Public) C:\WINDOWS\SysWOW64\avisynth.dll
2016-05-10 19:03 - 2005-07-14 12:31 - 00032256 ___SH C:\WINDOWS\SysWOW64\AVSredirect.dll
2016-05-10 19:03 - 2004-02-22 10:11 - 00764416 ___SH (Abysmal Software) C:\WINDOWS\SysWOW64\devil.dll
2016-05-10 19:03 - 2004-01-25 00:00 - 00070656 ___SH (www.helixcommunity.org) C:\WINDOWS\SysWOW64\yv12vfw.dll
2016-05-10 19:03 - 2004-01-25 00:00 - 00070656 ___SH (www.helixcommunity.org) C:\WINDOWS\SysWOW64\i420vfw.dll
2016-05-10 19:02 - 2016-05-10 19:02 - 00000000 ____D C:\Users\Kathrin\Documents\eRightSoft
2016-05-10 19:01 - 2016-05-10 19:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPER © - by eRightSoft
2016-05-10 19:01 - 2016-05-10 19:01 - 00000000 ____D C:\Program Files (x86)\eRightSoft
2016-05-10 19:01 - 2014-03-07 12:03 - 03109520 __RSH (FFmpeg Project) C:\WINDOWS\SysWOW64\avcodec-lav-55.dll
2016-05-10 19:01 - 2014-03-07 12:03 - 00550032 __RSH (FFmpeg Project) C:\WINDOWS\SysWOW64\avformat-lav-55.dll
2016-05-10 19:01 - 2014-03-07 12:03 - 00313520 __RSH (1f0.de - Hendrik Leppkes) C:\WINDOWS\SysWOW64\HLvideo.dll
2016-05-10 19:01 - 2014-03-07 12:03 - 00293888 __RSH C:\WINDOWS\SysWOW64\avcodec-lav-1321.dll
2016-05-10 19:01 - 2014-03-07 12:03 - 00203408 __RSH (1f0.de - Hendrik Leppkes) C:\WINDOWS\SysWOW64\HLsplit.dll
2016-05-10 19:01 - 2014-03-07 12:03 - 00181392 __RSH (FFmpeg Project) C:\WINDOWS\SysWOW64\avutil-lav-52.dll
2016-05-10 19:01 - 2014-03-07 12:03 - 00166544 __RSH (Intel Corp.) C:\WINDOWS\SysWOW64\IntelQuickSyncDecoder.dll
2016-05-10 19:01 - 2014-03-07 12:03 - 00122512 __RSH (1f0.de - Hendrik Leppkes) C:\WINDOWS\SysWOW64\HLaudio.dll
2016-05-10 19:01 - 2014-03-07 12:03 - 00118416 __RSH (FFmpeg Project) C:\WINDOWS\SysWOW64\swscale-lav-2.dll
2016-05-10 19:01 - 2014-03-07 12:03 - 00109712 __RSH C:\WINDOWS\SysWOW64\libbluray.dll
2016-05-10 19:01 - 2014-03-07 12:03 - 00098960 __RSH (FFmpeg Project) C:\WINDOWS\SysWOW64\avfilter-lav-4.dll
2016-05-10 19:01 - 2014-03-07 12:03 - 00059536 __RSH (FFmpeg Project) C:\WINDOWS\SysWOW64\avresample-lav-1.dll
2016-05-10 19:01 - 2014-01-31 17:20 - 00000493 __RSH C:\WINDOWS\SysWOW64\LAVFilters.Dependencies.manifest
2016-05-10 19:01 - 2012-10-05 20:54 - 00188416 __RSH C:\WINDOWS\SysWOW64\winDCE32.dll
2016-05-10 19:01 - 2012-07-12 00:00 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Olepau32.ax
2016-05-10 19:01 - 2011-06-14 21:05 - 00121344 __RSH C:\WINDOWS\SysWOW64\TAKDSDecoder.ax
2016-05-10 19:01 - 2011-02-11 11:26 - 00112128 __RSH C:\WINDOWS\SysWOW64\OptimFROG.dll
2016-05-10 19:01 - 2010-01-07 01:00 - 00107520 __RSH C:\WINDOWS\SysWOW64\TAKDSDecoder.dll
2016-05-10 19:01 - 2009-08-11 00:00 - 00352768 __RSH C:\WINDOWS\SysWOW64\ac3DX.ax
2016-05-10 19:01 - 2005-02-22 18:55 - 00081920 __RSH C:\WINDOWS\SysWOW64\aac_parser.ax
2016-05-10 19:01 - 2004-07-02 18:33 - 00327749 _____ (RealNetworks, Inc.) C:\WINDOWS\SysWOW64\drvc.dll
2016-05-10 19:01 - 2004-04-27 17:03 - 00017408 __RSH (RadLight) C:\WINDOWS\SysWOW64\RLOFRDec.ax
2016-05-10 16:52 - 2016-05-10 16:52 - 00003388 _____ C:\WINDOWS\System32\Tasks\AcerCloud
2016-05-02 13:49 - 2016-05-02 13:50 - 00322700 _____ C:\WINDOWS\Minidump\050216-6500-01.dmp
2016-05-02 13:49 - 2016-05-02 13:49 - 723340756 _____ C:\WINDOWS\MEMORY.DMP
2016-05-02 13:49 - 2016-05-02 13:49 - 00000000 ____D C:\WINDOWS\Minidump
2016-04-25 12:55 - 2016-05-11 12:16 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2016-04-25 12:54 - 2016-05-11 11:08 - 00000000 ____D C:\Users\Administrator
2016-04-25 12:54 - 2016-04-25 12:54 - 00000020 ___SH C:\Users\Administrator\ntuser.ini
2016-04-25 12:54 - 2016-04-25 12:54 - 00000000 _SHDL C:\Users\Administrator\Vorlagen
2016-04-25 12:54 - 2016-04-25 12:54 - 00000000 _SHDL C:\Users\Administrator\Startmenü
2016-04-25 12:54 - 2016-04-25 12:54 - 00000000 _SHDL C:\Users\Administrator\Netzwerkumgebung
2016-04-25 12:54 - 2016-04-25 12:54 - 00000000 _SHDL C:\Users\Administrator\Lokale Einstellungen
2016-04-25 12:54 - 2016-04-25 12:54 - 00000000 _SHDL C:\Users\Administrator\Eigene Dateien
2016-04-25 12:54 - 2016-04-25 12:54 - 00000000 _SHDL C:\Users\Administrator\Druckumgebung
2016-04-25 12:54 - 2016-04-25 12:54 - 00000000 _SHDL C:\Users\Administrator\Documents\Eigene Videos
2016-04-25 12:54 - 2016-04-25 12:54 - 00000000 _SHDL C:\Users\Administrator\Documents\Eigene Musik
2016-04-25 12:54 - 2016-04-25 12:54 - 00000000 _SHDL C:\Users\Administrator\Documents\Eigene Bilder
2016-04-25 12:54 - 2016-04-25 12:54 - 00000000 _SHDL C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2016-04-25 12:54 - 2016-04-25 12:54 - 00000000 _SHDL C:\Users\Administrator\AppData\Local\Verlauf
2016-04-25 12:54 - 2016-04-25 12:54 - 00000000 _SHDL C:\Users\Administrator\AppData\Local\Anwendungsdaten
2016-04-25 12:54 - 2016-04-25 12:54 - 00000000 _SHDL C:\Users\Administrator\Anwendungsdaten
2016-04-25 12:54 - 2016-04-25 12:54 - 00000000 __SHD C:\Users\Administrator\IntelGraphicsProfiles
2016-04-25 12:54 - 2016-04-25 12:54 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Adobe
2016-04-25 12:54 - 2016-04-25 12:54 - 00000000 ____D C:\Users\Administrator\AppData\Local\TileDataLayer
2016-04-25 12:54 - 2016-04-25 12:54 - 00000000 ____D C:\Users\Administrator\AppData\Local\Publishers
2016-04-25 12:54 - 2016-04-25 12:54 - 00000000 ____D C:\Users\Administrator\AppData\Local\Packages
2016-04-25 12:54 - 2016-04-25 12:54 - 00000000 ____D C:\Users\Administrator\AppData\Local\NVIDIA Corporation
2016-04-25 12:54 - 2016-04-25 12:54 - 00000000 ____D C:\Users\Administrator\AppData\Local\NVIDIA
2016-04-25 12:54 - 2016-04-25 12:54 - 00000000 ____D C:\Users\Administrator\AppData\Local\AOP SDK
2016-04-25 12:54 - 2015-03-21 02:28 - 00003236 _____ C:\Users\Administrator\Desktop\App Explorer.lnk
2016-04-18 19:55 - 2016-04-18 19:55 - 00000000 ____D C:\ProgramData\vsosdk
2016-04-18 19:15 - 2016-04-18 19:15 - 00000000 ____D C:\Users\Kathrin\AppData\Roaming\21629
2016-04-18 17:17 - 2016-04-18 17:17 - 00000000 ____D C:\Users\Kathrin\AppData\Roaming\vlc
2016-04-18 17:07 - 2016-04-18 17:07 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2016-04-18 13:38 - 2016-04-18 19:13 - 00000000 ____D C:\Users\Kathrin\Documents\DVDFabCommon
2016-04-18 11:48 - 2016-04-18 11:48 - 00000000 ____D C:\Users\Kathrin\Documents\NeroVideo
2016-04-18 11:47 - 2016-04-18 13:37 - 00000000 ____D C:\Users\Kathrin\Documents\DVDFab9
2016-04-17 16:57 - 2016-04-17 16:57 - 00000000 ____D C:\Users\Kathrin\AppData\Roaming\NVIDIA
2016-04-17 16:54 - 2016-04-17 16:02 - 00000000 ___DC C:\WINDOWS\Panther
2016-04-17 16:53 - 2016-04-17 16:53 - 00000759 _____ C:\Users\Public\Desktop\DVDFab 9.lnk
2016-04-17 16:53 - 2016-04-17 16:53 - 00000000 ____D C:\Users\Kathrin\AppData\Roaming\DVDFab9
2016-04-17 16:52 - 2016-04-17 16:52 - 00000000 ____D C:\Windows.old
2016-04-17 16:51 - 2016-04-17 16:51 - 24602112 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 22564328 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 22378496 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 21124344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 19340800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 18673664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 16985600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 14252544 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 13382656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 13018624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 12586496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 12125184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 11545600 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 09918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 08705672 _____ (Microsoft Corp.) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 07979008 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 07836160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 07533568 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 07474016 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-04-17 16:51 - 2016-04-17 16:51 - 07199232 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 06972416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 06952088 _____ (Microsoft Corp.) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 06740992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 06607080 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 06297088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 05662208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 05321728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 05242496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 05202944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 04894208 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 04827136 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 04774912 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 04412928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 03994624 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 03671888 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 03671040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 03592704 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-04-17 16:51 - 2016-04-17 16:51 - 03575296 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 03449168 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSService.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 03428864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 03351040 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 03078144 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 02919320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 02912256 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnroll.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 02798080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 02773096 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 02755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 02722816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esent.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 02656952 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 02635776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 02624512 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 02604032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnroll.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 02581504 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 02544264 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 02403680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2016-04-17 16:51 - 2016-04-17 16:51 - 02295808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 02275328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 02229760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 02193408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 02186864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 02180136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 02158592 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 02152280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2016-04-17 16:51 - 2016-04-17 16:51 - 02061312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 01997328 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 01997152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-04-17 16:51 - 2016-04-17 16:51 - 01996288 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 01946112 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 01944576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 01902592 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 01862008 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 01847808 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPDMC.exe
2016-04-17 16:51 - 2016-04-17 16:51 - 01832448 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 01818696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 01799680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 01731584 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 01714688 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 01707520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 01613664 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 01588224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 01575936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 01557768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 01542816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 01500672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 01497088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPDMC.exe
2016-04-17 16:51 - 2016-04-17 16:51 - 01490432 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataService.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 01444352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRHInproc.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 01410560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Http.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 01395712 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 01390080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 01388544 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-04-17 16:51 - 2016-04-17 16:51 - 01388032 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 01322248 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 01318912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 01317640 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-04-17 16:51 - 2016-04-17 16:51 - 01297752 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 01239552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 01224704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 01213440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 01211904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Cred.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 01173344 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 01152864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2016-04-17 16:51 - 2016-04-17 16:51 - 01152328 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 01141504 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-04-17 16:51 - 2016-04-17 16:51 - 01139712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 01139712 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblGameSave.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 01131520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Audio.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 01118208 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 01117184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 01105920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Audio.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 01098240 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 01090048 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 01089888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2016-04-17 16:51 - 2016-04-17 16:51 - 01072128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.Http.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 01062480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 01056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 01052160 _____ (Microsoft Corporation) C:\WINDOWS\system32\MsSpellCheckingFacility.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 01030416 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2016-04-17 16:51 - 2016-04-17 16:51 - 01017032 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00997376 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00990720 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00989536 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2016-04-17 16:51 - 2016-04-17 16:51 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00986976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00982016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00980352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00965632 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00958976 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemoteNaturalLanguage.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00957952 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2016-04-17 16:51 - 2016-04-17 16:51 - 00957608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00954368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2016-04-17 16:51 - 2016-04-17 16:51 - 00949248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00948736 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManager.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00938496 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00938496 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContactApis.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00915456 _____ (Microsoft Corporation) C:\WINDOWS\system32\configurationclient.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00895080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00890368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00888320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00882720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00881664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00874968 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2016-04-17 16:51 - 2016-04-17 16:51 - 00870912 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00870400 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00859136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00854528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Bluetooth.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00852480 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00848168 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00847360 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00841216 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00838144 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00828928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.AccountsControl.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00821760 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00821248 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvewiz.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00819648 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00808800 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2016-04-17 16:51 - 2016-04-17 16:51 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00799744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00794888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00794112 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2016-04-17 16:51 - 2016-04-17 16:51 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00791744 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00790528 _____ (Microsoft Corporation) C:\WINDOWS\system32\EmailApis.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00787456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00784896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00779384 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskschd.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00777728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MsSpellCheckingFacility.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00770640 _____ (Microsoft Corporation) C:\WINDOWS\system32\iuilp.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00769536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ContactApis.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00765952 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Cred.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00755712 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe
2016-04-17 16:51 - 2016-04-17 16:51 - 00754176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00730344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ChatApis.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00713824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00713728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00713568 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00712704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RemoteNaturalLanguage.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00709688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00708608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00705536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00703840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2016-04-17 16:51 - 2016-04-17 16:51 - 00700416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppointmentApis.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00696664 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00694784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2016-04-17 16:51 - 2016-04-17 16:51 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Connectivity.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00686976 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00686592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00685568 _____ (Microsoft Corporation) C:\WINDOWS\system32\scapi.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00682496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00676352 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSDApi.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00673792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00670928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00652392 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00649728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00649216 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00641536 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00640472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00638464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00638464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00630632 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2016-04-17 16:51 - 2016-04-17 16:51 - 00630272 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00628736 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00625000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00617984 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00613376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00606720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00605440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-04-17 16:51 - 2016-04-17 16:51 - 00592384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00591872 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmsRouterSvc.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00587776 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00585216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.AccountsControl.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00576864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-04-17 16:51 - 2016-04-17 16:51 - 00575488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EmailApis.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00572272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\taskschd.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00567808 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00564224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSDApi.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00563552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpi.sys
2016-04-17 16:51 - 2016-04-17 16:51 - 00558080 _____ (Microsoft Corporation) C:\WINDOWS\system32\MBMediaManager.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00556032 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00555520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncController.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00552960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppointmentApis.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00550912 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00541304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2016-04-17 16:51 - 2016-04-17 16:51 - 00540160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ChatApis.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00538736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00536256 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00535080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00534368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2016-04-17 16:51 - 2016-04-17 16:51 - 00530432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2016-04-17 16:51 - 2016-04-17 16:51 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\system32\FirewallAPI.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00523752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00521728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Connectivity.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00517632 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2016-04-17 16:51 - 2016-04-17 16:51 - 00513888 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00502104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00498688 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00498448 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00498176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MessagingDataModel2.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00496128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00493568 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmkvsrcsnk.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00489984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00480256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MCRecvSrc.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00476728 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00471552 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00463360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00460288 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00456704 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00451584 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00450912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00450560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncController.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00450560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00438784 _____ (Microsoft Corporation) C:\WINDOWS\system32\AccountsRt.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00436736 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00430944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2016-04-17 16:51 - 2016-04-17 16:51 - 00420928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00415232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2016-04-17 16:51 - 2016-04-17 16:51 - 00412672 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanmsm.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleacc.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00408120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00402432 _____ (Microsoft Corporation) C:\WINDOWS\system32\FWPUCLNT.DLL
2016-04-17 16:51 - 2016-04-17 16:51 - 00401408 _____ (Microsoft Corporation) C:\WINDOWS\system32\sharemediacpl.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2016-04-17 16:51 - 2016-04-17 16:51 - 00394752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00394080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2016-04-17 16:51 - 2016-04-17 16:51 - 00389992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00382464 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00379392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00378208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2016-04-17 16:51 - 2016-04-17 16:51 - 00376536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MediaControl.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00374008 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2016-04-17 16:51 - 2016-04-17 16:51 - 00372224 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDEServer.exe
2016-04-17 16:51 - 2016-04-17 16:51 - 00369912 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2016-04-17 16:51 - 2016-04-17 16:51 - 00369664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00365568 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00361472 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdesvc.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\vaultsvc.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00358752 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AccountsRt.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00354304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00350720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00346624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00342528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00339968 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00338432 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncbservice.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00334736 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00333824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\portcls.sys
2016-04-17 16:51 - 2016-04-17 16:51 - 00330240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00328192 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvecpl.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleacc.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSFlacDecoder.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00318976 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00315904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Bluetooth.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00307712 _____ (Microsoft Corporation) C:\WINDOWS\system32\usbmon.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00306176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00305664 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifiprofilessettinghandler.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00303104 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00300104 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe
2016-04-17 16:51 - 2016-04-17 16:51 - 00297472 _____ (Microsoft Corporation) C:\WINDOWS\system32\thumbcache.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00296488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00294752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00288768 _____ (Microsoft Corporation) C:\WINDOWS\system32\vaultcli.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00288256 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveui.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00287712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MediaControl.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00286720 _____ (Microsoft Corporation) C:\WINDOWS\system32\deviceaccess.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2016-04-17 16:51 - 2016-04-17 16:51 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00278528 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationObjFactory.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00277856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2016-04-17 16:51 - 2016-04-17 16:51 - 00275456 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExSMime.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\DisplayManager.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FWPUCLNT.DLL
2016-04-17 16:51 - 2016-04-17 16:51 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00266752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSFlacDecoder.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00261376 _____ (Microsoft Corporation) C:\WINDOWS\system32\LsaIso.exe
2016-04-17 16:51 - 2016-04-17 16:51 - 00258912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ufx01000.sys
2016-04-17 16:51 - 2016-04-17 16:51 - 00258560 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataAccountApis.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00258280 _____ (Microsoft Corporation) C:\WINDOWS\system32\sqmapi.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00256000 _____ (Microsoft Corporation) C:\WINDOWS\system32\accountaccessor.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00253088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe
2016-04-17 16:51 - 2016-04-17 16:51 - 00252928 _____ (Microsoft Corporation) C:\WINDOWS\system32\PimIndexMaintenance.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BthLEEnum.sys
2016-04-17 16:51 - 2016-04-17 16:51 - 00243712 _____ (Microsoft Corporation) C:\WINDOWS\system32\cemapi.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00239616 _____ (Microsoft Corporation) C:\WINDOWS\system32\credprovhost.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00239104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NotificationObjFactory.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00238592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xboxgip.sys
2016-04-17 16:51 - 2016-04-17 16:51 - 00237056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\thumbcache.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00235008 _____ C:\WINDOWS\system32\MTF.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\system32\DAFWSD.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00228352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\deviceaccess.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00228352 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe
2016-04-17 16:51 - 2016-04-17 16:51 - 00224256 _____ (Microsoft Corporation) C:\WINDOWS\system32\PackageStateRoaming.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00223744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExSMime.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneCallHistoryApis.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00220064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sqmapi.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00219648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00216576 _____ (Microsoft Corporation) C:\WINDOWS\system32\QuickActionsDataModel.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00216416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00214528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Scanners.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00207360 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DisplayManager.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cemapi.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2016-04-17 16:51 - 2016-04-17 16:51 - 00196608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataAccountApis.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00196608 _____ (Microsoft Corporation) C:\WINDOWS\system32\fwpolicyiomgr.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00195072 _____ (Microsoft Corporation) C:\WINDOWS\system32\VCardParser.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00193024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credprovhost.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiDisplay.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00187744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00185184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2016-04-17 16:51 - 2016-04-17 16:51 - 00184832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PackageStateRoaming.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\fwbase.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00181248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rfcomm.sys
2016-04-17 16:51 - 2016-04-17 16:51 - 00178176 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00176128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.DeviceEncryptionHandlers.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00174592 _____ (Microsoft Corporation) C:\WINDOWS\system32\easwrt.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00169984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhoneCallHistoryApis.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00169472 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmmigrator.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00168448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Scanners.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafBth.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\AboveLockAppHost.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fwpolicyiomgr.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\system32\TimeBrokerServer.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00163328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fwbase.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00162816 _____ C:\WINDOWS\SysWOW64\MTF.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00161792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msorcl32.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00161792 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSip.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2016-04-17 16:51 - 2016-04-17 16:51 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\system32\CallHistoryClient.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00159232 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2016-04-17 16:51 - 2016-04-17 16:51 - 00157184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WiFiDisplay.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00150528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VCardParser.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00148480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dfsc.sys
2016-04-17 16:51 - 2016-04-17 16:51 - 00147808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2016-04-17 16:51 - 2016-04-17 16:51 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mtxoci.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthBroker.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00146272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\appid.sys
2016-04-17 16:51 - 2016-04-17 16:51 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00144896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Devices.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00141824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\easwrt.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00141664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2016-04-17 16:51 - 2016-04-17 16:51 - 00141560 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthHost.exe
2016-04-17 16:51 - 2016-04-17 16:51 - 00135168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxSip.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00129536 _____ (Microsoft Corporation) C:\WINDOWS\system32\flvprophandler.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00129024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CallHistoryClient.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00129024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AboveLockAppHost.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcsps.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00127840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBSTOR.SYS
2016-04-17 16:51 - 2016-04-17 16:51 - 00127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEDataLayerHelpers.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00121856 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppointmentActivation.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\BitLockerDeviceEncryption.exe
2016-04-17 16:51 - 2016-04-17 16:51 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mtxoci.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00116224 _____ (Microsoft Corporation) C:\WINDOWS\system32\FontProvider.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\srpapi.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00115040 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bridge.sys
2016-04-17 16:51 - 2016-04-17 16:51 - 00112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthenum.sys
2016-04-17 16:51 - 2016-04-17 16:51 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00110584 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvcli.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\BdeHdCfgLib.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00104960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rasl2tp.sys
2016-04-17 16:51 - 2016-04-17 16:51 - 00103936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Devices.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00100232 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmapi.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngckeyenum.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00098304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppointmentActivation.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\samlib.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00093184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpninprc.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.V2.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanagerprecheck.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\system32\asycfilt.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsCSP.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzautoupdate.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe
2016-04-17 16:51 - 2016-04-17 16:51 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2016-04-17 16:51 - 2016-04-17 16:51 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BTHUSB.SYS
2016-04-17 16:51 - 2016-04-17 16:51 - 00084832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEDataLayerHelpers.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\serial.sys
2016-04-17 16:51 - 2016-04-17 16:51 - 00083456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputLocaleManager.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00081144 _____ (Microsoft Corporation) C:\WINDOWS\system32\netapi32.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsNativeApi.V2.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00078848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\asycfilt.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00078040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wkscli.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\provpackageapidll.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetCfgNotifyObjectHost.exe
2016-04-17 16:51 - 2016-04-17 16:51 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00074424 _____ (Microsoft Corporation) C:\WINDOWS\system32\easinvoker.exe
2016-04-17 16:51 - 2016-04-17 16:51 - 00074240 _____ (Microsoft Corporation) C:\WINDOWS\system32\SMSRouter.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00073872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srvcli.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\POSyncServices.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00069744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netapi32.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininetlui.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveskybackup.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseDesktopAppMgmtCSP.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataPlatformHelperUtil.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00067584 _____ (Microsoft Corporation) C:\WINDOWS\system32\profext.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\OnDemandConnRouteHelper.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininetlui.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\system32\basesrv.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\samlib.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\PimIndexMaintenanceClient.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosStorage.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00058400 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\browcli.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wkscli.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataPlatformHelperUtil.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\POSyncServices.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\profext.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OnDemandConnRouteHelper.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00051128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsNativeApi.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wfdprov.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PimIndexMaintenanceClient.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTypeHelperUtil.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00045568 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00045056 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataLanguageUtil.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\browcli.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\system32\TimeBrokerClient.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTypeHelperUtil.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataLanguageUtil.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2016-04-17 16:51 - 2016-04-17 16:51 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\tbauth.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenterprisediagnostics.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuautoappupdate.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00031744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TimeBrokerClient.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsdchngr.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\seclogon.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tbauth.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
2016-04-17 16:51 - 2016-04-17 16:51 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapsupdatetask.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00027648 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiConfigSP.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00027648 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManagerShellext.exe
2016-04-17 16:51 - 2016-04-17 16:51 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsdchngr.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvcpal.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerCookies.exe
2016-04-17 16:51 - 2016-04-17 16:51 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xinputhid.sys
2016-04-17 16:51 - 2016-04-17 16:51 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\wfapigp.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\system32\irmon.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExtrasXmlParser.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00022528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBrokerCookies.exe
2016-04-17 16:51 - 2016-04-17 16:51 - 00020480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wfapigp.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExtrasXmlParser.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleacchooks.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleacchooks.dll
2016-04-17 16:49 - 2016-04-17 16:49 - 00008192 _____ C:\WINDOWS\system32\config\userdiff
2016-04-17 16:48 - 2016-04-17 16:48 - 01087488 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2016-04-17 16:48 - 2016-04-17 16:48 - 00304752 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemreset.exe
2016-04-17 16:48 - 2016-04-17 16:48 - 00000000 ____D C:\WINDOWS\SysWOW64\XPSViewer
2016-04-17 16:48 - 2016-04-17 16:48 - 00000000 ____D C:\Program Files\Reference Assemblies
2016-04-17 16:48 - 2016-04-17 16:48 - 00000000 ____D C:\Program Files\MSBuild
2016-04-17 16:48 - 2016-04-17 16:48 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2016-04-17 16:48 - 2016-04-17 16:48 - 00000000 ____D C:\Program Files (x86)\MSBuild
2016-04-17 16:48 - 2015-10-23 18:47 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2016-04-17 16:48 - 2015-10-23 18:47 - 00103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2016-04-17 16:48 - 2015-10-23 18:47 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2016-04-17 16:48 - 2015-10-23 18:46 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2016-04-17 16:48 - 2015-10-23 18:46 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2016-04-17 16:48 - 2015-10-23 18:45 - 00124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2016-04-17 16:41 - 2016-04-17 16:41 - 00000000 ___HD C:\ProgramData\tks
2016-04-17 16:40 - 2016-04-17 16:41 - 00000000 ____D C:\Users\Kathrin\AppData\Roaming\log
2016-04-17 16:29 - 2016-04-17 16:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SlySoft
2016-04-17 16:04 - 2016-04-17 16:04 - 00000000 ____D C:\Users\Kathrin\AppData\Local\ActiveSync
2016-04-17 16:02 - 2016-04-17 16:02 - 00000020 ___SH C:\Users\Kathrin\ntuser.ini
2016-04-17 16:02 - 2016-04-17 16:02 - 00000000 _SHDL C:\Users\Default\Vorlagen
2016-04-17 16:02 - 2016-04-17 16:02 - 00000000 _SHDL C:\Users\Default\Startmenü
2016-04-17 16:02 - 2016-04-17 16:02 - 00000000 _SHDL C:\Users\Default\Netzwerkumgebung
2016-04-17 16:02 - 2016-04-17 16:02 - 00000000 _SHDL C:\Users\Default\Lokale Einstellungen
2016-04-17 16:02 - 2016-04-17 16:02 - 00000000 _SHDL C:\Users\Default\Eigene Dateien
2016-04-17 16:02 - 2016-04-17 16:02 - 00000000 _SHDL C:\Users\Default\Druckumgebung
2016-04-17 16:02 - 2016-04-17 16:02 - 00000000 _SHDL C:\Users\Default\Documents\Eigene Videos
2016-04-17 16:02 - 2016-04-17 16:02 - 00000000 _SHDL C:\Users\Default\Documents\Eigene Musik
2016-04-17 16:02 - 2016-04-17 16:02 - 00000000 _SHDL C:\Users\Default\Documents\Eigene Bilder
2016-04-17 16:02 - 2016-04-17 16:02 - 00000000 _SHDL C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2016-04-17 16:02 - 2016-04-17 16:02 - 00000000 _SHDL C:\Users\Default\AppData\Local\Verlauf
2016-04-17 16:02 - 2016-04-17 16:02 - 00000000 _SHDL C:\Users\Default\AppData\Local\Anwendungsdaten
2016-04-17 16:02 - 2016-04-17 16:02 - 00000000 _SHDL C:\Users\Default\Anwendungsdaten
2016-04-17 16:02 - 2016-04-17 16:02 - 00000000 _SHDL C:\Users\Default User\Documents\Eigene Videos
2016-04-17 16:02 - 2016-04-17 16:02 - 00000000 _SHDL C:\Users\Default User\Documents\Eigene Musik
2016-04-17 16:02 - 2016-04-17 16:02 - 00000000 _SHDL C:\Users\Default User\Documents\Eigene Bilder
2016-04-17 16:02 - 2016-04-17 16:02 - 00000000 _SHDL C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2016-04-17 16:02 - 2016-04-17 16:02 - 00000000 _SHDL C:\Users\Default User\AppData\Local\Verlauf
2016-04-17 16:02 - 2016-04-17 16:02 - 00000000 _SHDL C:\Users\Default User\AppData\Local\Anwendungsdaten
2016-04-17 16:00 - 2016-04-17 16:00 - 00022960 _____ C:\WINDOWS\system32\emptyregdb.dat
2016-04-17 15:58 - 2016-04-17 15:58 - 00001576 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-04-17 15:58 - 2016-04-17 15:58 - 00000000 ____D C:\Users\Default\AppData\Local\Host App Service
2016-04-17 15:58 - 2016-04-17 15:58 - 00000000 ____D C:\Users\Default User\AppData\Local\Host App Service
2016-04-17 15:57 - 2016-04-17 15:58 - 00000000 ____D C:\WINDOWS\system32\config\bbimigrate
2016-04-17 15:56 - 2016-05-11 14:44 - 00000000 ____D C:\Users\Kathrin
2016-04-17 15:56 - 2016-04-17 15:56 - 00000000 _SHDL C:\Users\Kathrin\Vorlagen
2016-04-17 15:56 - 2016-04-17 15:56 - 00000000 _SHDL C:\Users\Kathrin\Startmenü
2016-04-17 15:56 - 2016-04-17 15:56 - 00000000 _SHDL C:\Users\Kathrin\Netzwerkumgebung
2016-04-17 15:56 - 2016-04-17 15:56 - 00000000 _SHDL C:\Users\Kathrin\Lokale Einstellungen
2016-04-17 15:56 - 2016-04-17 15:56 - 00000000 _SHDL C:\Users\Kathrin\Eigene Dateien
2016-04-17 15:56 - 2016-04-17 15:56 - 00000000 _SHDL C:\Users\Kathrin\Druckumgebung
2016-04-17 15:56 - 2016-04-17 15:56 - 00000000 _SHDL C:\Users\Kathrin\Documents\Eigene Videos
2016-04-17 15:56 - 2016-04-17 15:56 - 00000000 _SHDL C:\Users\Kathrin\Documents\Eigene Musik
2016-04-17 15:56 - 2016-04-17 15:56 - 00000000 _SHDL C:\Users\Kathrin\Documents\Eigene Bilder
2016-04-17 15:56 - 2016-04-17 15:56 - 00000000 _SHDL C:\Users\Kathrin\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2016-04-17 15:56 - 2016-04-17 15:56 - 00000000 _SHDL C:\Users\Kathrin\AppData\Local\Verlauf
2016-04-17 15:56 - 2016-04-17 15:56 - 00000000 _SHDL C:\Users\Kathrin\AppData\Local\Anwendungsdaten
2016-04-17 15:56 - 2016-04-17 15:56 - 00000000 _SHDL C:\Users\Kathrin\Anwendungsdaten
2016-04-17 15:55 - 2016-04-17 15:57 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2016-04-17 15:55 - 2016-04-17 15:57 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2016-04-17 15:55 - 2016-04-17 15:57 - 00000000 ____D C:\Program Files (x86)\Realtek
2016-04-17 15:55 - 2016-04-17 15:55 - 01148427 _____ C:\WINDOWS\system32\Drivers\rtkhdasetting.zip
2016-04-17 15:55 - 2016-04-17 15:55 - 00000200 _____ C:\WINDOWS\system32\{EC94D02F-D200-4428-9531-05AF7F9799CB}.bat
2016-04-17 15:55 - 2016-04-17 15:55 - 00000102 _____ C:\ProgramData\Microsoft.SqlServer.Compact.400.64.bc
2016-04-17 15:55 - 2016-04-17 15:55 - 00000000 ____D C:\WINDOWS\SysWOW64\sda
2016-04-17 15:55 - 2016-04-17 15:55 - 00000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2016-04-17 15:55 - 2016-04-17 15:55 - 00000000 ____D C:\WINDOWS\system32\IntelSSTAPO
2016-04-17 15:55 - 2016-04-17 15:55 - 00000000 ____D C:\WINDOWS\system32\DAX2
2016-04-17 15:55 - 2016-04-17 15:55 - 00000000 ____D C:\ProgramData\rtkSSTSetting
2016-04-17 15:55 - 2016-04-17 15:55 - 00000000 ____D C:\ProgramData\NVIDIA
2016-04-17 15:55 - 2016-04-17 15:55 - 00000000 ____D C:\ProgramData\Dolby
2016-04-17 15:55 - 2016-04-17 15:55 - 00000000 ____D C:\Program Files\Realtek
2016-04-17 15:55 - 2016-04-17 15:55 - 00000000 ____D C:\Program Files\Dolby
2016-04-17 15:55 - 2015-09-23 21:03 - 03196455 _____ C:\WINDOWS\system32\Drivers\rtkSSTSetting.zip
2016-04-17 15:55 - 2015-09-05 17:16 - 00086528 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.DLL
2016-04-17 15:55 - 2015-09-05 17:16 - 00082432 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.DLL
2016-04-17 15:55 - 2015-07-23 03:10 - 06873928 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2016-04-17 15:55 - 2015-07-23 03:10 - 03493008 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2016-04-17 15:55 - 2015-07-23 03:10 - 02558608 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2016-04-17 15:55 - 2015-07-23 03:10 - 01059984 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2016-04-17 15:55 - 2015-07-23 03:10 - 00937800 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
2016-04-17 15:55 - 2015-07-23 03:10 - 00385168 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2016-04-17 15:55 - 2015-07-23 03:10 - 00074896 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2016-04-17 15:55 - 2015-07-23 03:10 - 00062608 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2016-04-17 15:55 - 2015-07-22 06:29 - 05121613 _____ C:\WINDOWS\system32\nvcoproc.bin
2016-04-17 15:54 - 2016-04-17 15:57 - 00000000 ____D C:\Program Files\Intel
2016-04-17 15:30 - 2016-04-17 16:33 - 00000000 ____D C:\ProgramData\VSO
2016-04-16 12:44 - 2016-04-17 15:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 5.0
2016-04-16 12:44 - 2016-04-16 12:44 - 00000852 _____ C:\Users\Public\Desktop\LibreOffice.lnk
2016-04-16 12:44 - 2016-04-16 12:44 - 00000000 ____D C:\Users\Kathrin\AppData\Roaming\LibreOffice
2016-04-15 18:00 - 2016-04-15 18:00 - 00000000 ____D C:\Users\Kathrin\Documents\Ghost Games
2016-04-14 18:12 - 2016-04-17 15:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Need for Speed™ Rivals
2016-04-14 18:12 - 2016-04-15 15:12 - 00000888 _____ C:\Users\Public\Desktop\NFSR.lnk
2016-04-14 17:44 - 2016-04-14 20:09 - 00000000 ____D C:\Users\Kathrin\AppData\Roaming\Origin
2016-04-14 17:44 - 2016-04-14 18:38 - 00000000 ____D C:\Users\Kathrin\AppData\Local\Origin
2016-04-14 17:38 - 2016-05-09 14:46 - 00000000 ____D C:\ProgramData\Origin
2016-04-14 17:38 - 2016-04-17 15:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
2016-04-14 17:38 - 2016-04-14 18:38 - 00000000 ____D C:\ProgramData\Electronic Arts
2016-04-14 17:38 - 2016-04-14 17:38 - 00000773 _____ C:\Users\Public\Desktop\Origin.lnk

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-05-11 14:42 - 2016-04-08 07:55 - 00000000 ____D C:\Program Files (x86)\VS Revo Group
2016-05-11 14:42 - 2016-03-30 13:23 - 00000000 ____D C:\Users\Kathrin\AppData\Local\CrashDumps
2016-05-11 12:23 - 2016-02-13 18:59 - 00776766 _____ C:\WINDOWS\system32\perfh007.dat
2016-05-11 12:23 - 2016-02-13 18:59 - 00155544 _____ C:\WINDOWS\system32\perfc007.dat
2016-05-11 12:23 - 2015-10-30 09:21 - 00000000 ____D C:\WINDOWS\INF
2016-05-11 12:23 - 2015-08-31 13:01 - 01799166 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-05-11 12:16 - 2016-03-30 00:56 - 00000000 __SHD C:\Users\Kathrin\IntelGraphicsProfiles
2016-05-11 12:16 - 2016-02-13 19:25 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-05-11 12:16 - 2015-10-30 08:28 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2016-05-11 12:16 - 2015-08-31 12:51 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-05-11 12:08 - 2016-03-29 23:06 - 00000000 ____D C:\AdwCleaner
2016-05-11 12:00 - 2016-04-08 07:16 - 00000000 ____D C:\Users\Kathrin\Adressen
2016-05-11 11:48 - 2015-08-31 12:51 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-05-11 11:07 - 2016-03-31 10:51 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2016-05-11 07:33 - 2016-03-30 00:56 - 00000000 ____D C:\Users\Kathrin\AppData\Local\Packages
2016-05-11 07:33 - 2015-10-30 09:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-05-11 07:33 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-05-11 06:31 - 2016-03-30 18:09 - 00000000 ____D C:\ProgramData\BlueStacksSetup
2016-05-10 22:42 - 2016-01-29 05:51 - 00190664 ____N (CyberLink Corp.) C:\WINDOWS\system32\Drivers\rikvm_99E320F5.sys
2016-05-10 19:12 - 2016-03-30 12:27 - 00000000 ____D C:\Program Files (x86)\Steam
2016-05-10 18:23 - 2016-04-09 17:37 - 00000000 ____D C:\Users\Kathrin\AppData\Roaming\TS3Client
2016-05-10 17:04 - 2016-03-31 12:27 - 00000000 ____D C:\Users\Kathrin\AppData\Roaming\Skype
2016-05-10 16:52 - 2015-08-31 12:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer
2016-05-10 16:52 - 2015-08-31 12:50 - 00000000 ____D C:\Program Files (x86)\Acer
2016-05-10 16:51 - 2016-03-30 00:57 - 00000000 ____D C:\Users\Kathrin\AppData\Local\clear.fi
2016-05-08 12:58 - 2016-03-31 12:27 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-05-02 14:00 - 2016-03-29 20:39 - 00000000 ____D C:\Users\Kathrin\AppData\Local\ElevatedDiagnostics
2016-04-30 12:32 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-04-27 12:10 - 2016-03-29 23:20 - 00003508 _____ C:\WINDOWS\System32\Tasks\BacKGroundAgent
2016-04-27 12:10 - 2015-08-31 13:43 - 00000000 ___HD C:\OEM
2016-04-25 12:54 - 2016-02-13 19:30 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-04-24 16:01 - 2015-10-30 09:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-04-23 17:48 - 2016-03-31 12:26 - 00000000 ____D C:\ProgramData\Skype
2016-04-21 17:36 - 2016-03-30 00:57 - 00002397 _____ C:\Users\Kathrin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-04-18 17:15 - 2016-03-29 21:17 - 00000125 ___SH C:\ProgramData\.zreglib
2016-04-18 10:21 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\appcompat
2016-04-17 16:54 - 2015-10-30 09:24 - 00028672 _____ C:\WINDOWS\system32\config\BCD-Template
2016-04-17 16:52 - 2016-02-13 19:12 - 00000000 ____D C:\Program Files\Windows Journal
2016-04-17 16:52 - 2015-10-30 09:24 - 00000000 __RSD C:\WINDOWS\Media
2016-04-17 16:52 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2016-04-17 16:52 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2016-04-17 16:52 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-04-17 16:52 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2016-04-17 16:52 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-04-17 16:52 - 2015-10-30 09:24 - 00000000 ____D C:\Program Files\Windows Portable Devices
2016-04-17 16:52 - 2015-10-30 09:24 - 00000000 ____D C:\Program Files\Windows Multimedia Platform
2016-04-17 16:52 - 2015-10-30 09:24 - 00000000 ____D C:\Program Files (x86)\Windows Portable Devices
2016-04-17 16:52 - 2015-10-30 09:24 - 00000000 ____D C:\Program Files (x86)\Windows Multimedia Platform
2016-04-17 16:52 - 2015-10-30 08:28 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
2016-04-17 16:52 - 2015-10-30 08:28 - 00000000 ____D C:\WINDOWS\system32\Dism
2016-04-17 16:48 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\SysWOW64\MUI
2016-04-17 16:48 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\system32\MUI
2016-04-17 16:02 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\rescache
2016-04-17 16:02 - 2015-10-30 09:24 - 00000000 ____D C:\Program Files\Windows NT
2016-04-17 16:01 - 2016-01-29 06:26 - 00024768 _____ C:\WINDOWS\diagwrn.xml
2016-04-17 16:01 - 2016-01-29 06:26 - 00024768 _____ C:\WINDOWS\diagerr.xml
2016-04-17 16:01 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase
2016-04-17 16:01 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\Registration
2016-04-17 16:00 - 2016-04-07 15:03 - 00002736 _____ C:\WINDOWS\System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-2111153517-3428240612-1731616733-1001
2016-04-17 16:00 - 2016-04-07 14:50 - 00002496 _____ C:\WINDOWS\System32\Tasks\RealDownloader Update Check
2016-04-17 16:00 - 2016-04-07 14:43 - 00002718 _____ C:\WINDOWS\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2111153517-3428240612-1731616733-1001
2016-04-17 16:00 - 2016-04-07 14:43 - 00002612 _____ C:\WINDOWS\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2111153517-3428240612-1731616733-1001
2016-04-17 16:00 - 2016-03-30 19:08 - 00002876 _____ C:\WINDOWS\System32\Tasks\ZhangWoZheC12-TaskPlan
2016-04-17 16:00 - 2016-03-29 23:06 - 00003014 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2016-04-17 16:00 - 2016-03-29 20:30 - 00002182 _____ C:\WINDOWS\System32\Tasks\{A586A34D-4734-4CE2-B202-318FB2B878E2}
2016-04-17 16:00 - 2016-01-29 05:58 - 00002074 _____ C:\WINDOWS\System32\Tasks\FUBTrackingByPLD
2016-04-17 16:00 - 2016-01-29 05:50 - 00002180 _____ C:\WINDOWS\System32\Tasks\Quick Access
2016-04-17 16:00 - 2016-01-29 05:48 - 00002264 _____ C:\WINDOWS\System32\Tasks\Power Button
2016-04-17 16:00 - 2016-01-29 05:48 - 00002222 _____ C:\WINDOWS\System32\Tasks\Power Management
2016-04-17 16:00 - 2015-10-30 09:24 - 00000000 __RHD C:\Users\Public\Libraries
2016-04-17 16:00 - 2015-08-31 12:52 - 00002706 _____ C:\WINDOWS\System32\Tasks\UbtFrameworkService
2016-04-17 16:00 - 2015-08-31 12:50 - 00004302 _____ C:\WINDOWS\System32\Tasks\Software Update Application
2016-04-17 16:00 - 2015-08-31 12:50 - 00003854 _____ C:\WINDOWS\System32\Tasks\ACCAgent
2016-04-17 16:00 - 2015-08-31 12:50 - 00002328 _____ C:\WINDOWS\System32\Tasks\ACCBackgroundApplication
2016-04-17 15:59 - 2016-02-13 10:21 - 00352248 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-04-17 15:58 - 2016-04-08 10:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 2016
2016-04-17 15:58 - 2016-04-08 09:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero
2016-04-17 15:58 - 2016-04-08 09:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2016-04-17 15:58 - 2016-04-08 07:45 - 00000000 ___SD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.0.1
2016-04-17 15:58 - 2016-04-07 14:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks
2016-04-17 15:58 - 2016-03-30 19:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZELOTES MOUSE (C-12)
2016-04-17 15:58 - 2016-03-30 12:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2016-04-17 15:58 - 2016-03-30 11:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon iP4800 series Benutzerregistrierung
2016-04-17 15:58 - 2016-03-30 11:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CD-LabelPrint
2016-04-17 15:58 - 2016-03-30 11:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon iP4800 series Manual
2016-04-17 15:58 - 2016-03-30 11:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon iP4800 series
2016-04-17 15:58 - 2016-03-29 23:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
2016-04-17 15:58 - 2016-03-29 23:19 - 00000000 ____D C:\Users\Kathrin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2016-04-17 15:58 - 2016-03-29 23:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2016-04-17 15:58 - 2016-03-29 22:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2016-04-17 15:58 - 2016-03-29 22:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
2016-04-17 15:58 - 2016-03-29 22:26 - 00000000 ____D C:\Users\Kathrin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unlocker
2016-04-17 15:58 - 2016-03-29 22:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ulead Photo Express 2.0 SE
2016-04-17 15:58 - 2016-03-29 22:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MGI PhotoSuite 4
2016-04-17 15:58 - 2016-03-29 22:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MGI Photovista
2016-04-17 15:58 - 2016-03-29 21:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2016-04-17 15:58 - 2016-03-29 21:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freemake
2016-04-17 15:58 - 2016-03-29 21:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Exact Audio Copy
2016-04-17 15:58 - 2016-03-29 20:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works
2016-04-17 15:58 - 2016-03-29 20:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Clip Gallery
2016-04-17 15:58 - 2016-03-29 20:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
2016-04-17 15:58 - 2016-01-29 05:51 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 12
2016-04-17 15:58 - 2016-01-29 05:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Thunderbolt(TM) Software
2016-04-17 15:58 - 2016-01-29 05:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2016-04-17 15:58 - 2016-01-29 05:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dolby
2016-04-17 15:58 - 2016-01-29 05:25 - 00000000 ____D C:\WINDOWS\system32\ihvmanager
2016-04-17 15:58 - 2015-10-30 08:28 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2016-04-17 15:58 - 2015-07-10 11:05 - 00000000 ____D C:\Users\Default.migrated
2016-04-17 15:57 - 2016-04-08 19:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES
2016-04-17 15:57 - 2016-04-07 13:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CIB software GmbH
2016-04-17 15:57 - 2016-03-31 12:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2016-04-17 15:57 - 2016-03-30 11:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Elaborate Bytes
2016-04-17 15:57 - 2016-03-30 11:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
2016-04-17 15:57 - 2016-03-30 11:37 - 00000000 ___HD C:\WINDOWS\system32\CanonIJ Uninstaller Information
2016-04-17 15:57 - 2016-03-29 21:56 - 00000000 ____D C:\WINDOWS\SysWOW64\Adobe
2016-04-17 15:57 - 2016-03-29 21:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
2016-04-17 15:57 - 2016-02-13 19:12 - 00000000 ____D C:\WINDOWS\ShellNew
2016-04-17 15:57 - 2015-10-30 09:24 - 00000000 ___RD C:\WINDOWS\PurchaseDialog
2016-04-17 15:57 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-04-17 15:57 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2016-04-17 15:57 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\Help
2016-04-17 15:57 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\Cursors
2016-04-17 15:57 - 2015-10-30 09:24 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-04-17 15:57 - 2015-08-31 12:50 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-04-17 15:56 - 2016-03-29 21:30 - 00000000 ____D C:\Users\Kathrin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freemake
2016-04-17 15:56 - 2015-10-30 08:28 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2016-04-17 15:43 - 2016-02-13 20:35 - 00000000 ___HD C:\$WINDOWS.~BT
2016-04-16 17:24 - 2016-03-29 22:23 - 00000000 ____D C:\Users\Kathrin\AppData\Local\Adobe
2016-04-16 13:28 - 2016-03-31 11:00 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-04-16 13:27 - 2016-03-31 11:00 - 135176864 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2016-03-29 21:17 - 2016-04-18 17:15 - 0000125 ___SH () C:\ProgramData\.zreglib
2016-04-17 15:55 - 2016-04-17 15:55 - 0000102 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.64.bc

Dateien, die verschoben oder gelöscht werden sollten:
====================
C:\Users\Kathrin\esetsmartinstaller_deu.exe
C:\Users\Kathrin\FRST64.exe
C:\Users\Kathrin\revosetup95.exe
C:\Users\Kathrin\TrojanHunterSetup.exe


Einige Dateien in TEMP:
====================
C:\Users\Kathrin\AppData\Local\Temp\avgnt.exe
C:\Users\Kathrin\AppData\Local\Temp\libeay32.dll
C:\Users\Kathrin\AppData\Local\Temp\msvcr120.dll
C:\Users\Kathrin\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert


LastRegBack: 2016-05-05 14:29

==================== Ende von FRST.txt ============================

manu1909 · 11.05.2016, 17:31

Code:

ATTFilter

Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:09-05-2016
durchgeführt von Kathrin (2016-05-11 14:45:03)
Gestartet von C:\Users\Kathrin
Windows 10 Home Version 1511 (X64) (2016-04-17 14:02:17)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-2111153517-3428240612-1731616733-500 - Administrator - Enabled) => C:\Users\Administrator
DefaultAccount (S-1-5-21-2111153517-3428240612-1731616733-503 - Limited - Disabled)
Gast (S-1-5-21-2111153517-3428240612-1731616733-501 - Limited - Disabled)
Kathrin (S-1-5-21-2111153517-3428240612-1731616733-1001 - Administrator - Enabled) => C:\Users\Kathrin

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

12 Labours of Hercules III: Girl Power (x32 Version: 3.0.2.118 - WildTangent) Hidden
abFiles (HKLM-x32\...\{13885028-098C-4799-9B71-27DAC96502D5}) (Version: 2.03.2003 - Acer Incorporated)
abPhoto (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 3.07.2001.5 - Acer Incorporated)
Acer Care Center (HKLM\...\{1AF41E84-3408-499A-8C93-8891F0612719}) (Version: 2.00.3005 - Acer Incorporated)
Acer Explorer Agent (HKLM\...\{4D0F42CF-1693-43D9-BDC8-19141D023EE0}) (Version: 2.00.3001 - Acer Incorporated)
Acer Portal (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 3.10.2001 - Acer Incorporated)
Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.8109 - Acer Incorporated)
Acer Quick Access (HKLM\...\{E3678E72-78E3-4F91-A9FB-913876FF6DA2}) (Version: 2.00.3008 - Acer Incorporated)
Acer UEIP Framework (HKLM\...\{12A718F2-2357-4D41-9E1F-18583A4745F7}) (Version: 2.01.3002 - Acer Incorporated)
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.010.20060 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.213 - Adobe Systems Incorporated)
Adobe Photoshop 6.0 (HKLM-x32\...\Adobe Photoshop 6.0) (Version: 6.0 - Adobe Systems, Inc.)
Adobe SVG Viewer (HKLM-x32\...\Adobe SVG Viewer) (Version: 1.0 - Adobe Systems, Inc.)
AnyDVD (HKLM-x32\...\AnyDVD) (Version: 7.6.9.5 - RedFox)
AOP Framework (HKLM-x32\...\{4A37A114-702F-4055-A4B6-16571D4A5353}) (Version: 3.17.2002.1 - Acer Incorporated)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.16.282 - Avira Operations GmbH & Co. KG)
Avira Launcher (HKLM-x32\...\{74d1ef14-dd39-4749-b051-e183a1e27f5e}) (Version: 1.1.58.35540 - Avira Operations GmbH & Co. KG)
Avira Launcher (x32 Version: 1.1.58.35540 - Avira Operations GmbH & Co. KG) Hidden
BlueStacks App Player (HKLM-x32\...\{52A51D7F-6731-45B6-AE77-0D4B0ECC70B5}) (Version: 2.1.8.5663 - BlueStack Systems, Inc.)
Canon Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version:  - )
Canon iP4800 series Benutzerregistrierung (HKLM-x32\...\Canon iP4800 series Benutzerregistrierung) (Version:  - )
Canon iP4800 series Printer Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4800_series) (Version:  - )
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version:  - )
Canon Solution Menu EX (HKLM-x32\...\CanonSolutionMenuEX) (Version:  - )
CD-LabelPrint (HKLM-x32\...\MediaNavigation.CDLabelPrint) (Version:  - )
CIB pdf brewer (HKLM\...\{15439BAB-541B-4E26-9C75-291F7EEBEF8A}) (Version: 2.10.0002 - CIB software GmbH)
CloneDVD2 (HKLM-x32\...\CloneDVD2) (Version: 2.9.2.8 - Elaborate Bytes)
Counter-Strike: Global Offensive (HKLM\...\Steam App 730) (Version:  - Valve)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.5427.02 - CyberLink Corp.)
Dolby Audio X2 Windows API SDK (HKLM\...\{6A478BF2-F67F-4ABC-A7F1-B6B5BA862371}) (Version: 0.5.2.32 - Dolby Laboratories, Inc.)
Dolby Audio X2 Windows APP (HKLM\...\{7DA57EF8-9D20-4126-AF15-D0CC97D0C017}) (Version: 0.4.0.22 - Dolby Laboratories, Inc.)
DriverSetupUtility (HKLM\...\{2B51C83A-465D-4EA9-9CDC-1ED95ED09AC6}) (Version: 1.00.3011 - Acer Incorporated)
Exact Audio Copy 1.0beta3 (HKLM-x32\...\Exact Audio Copy) (Version: 1.0beta3 - Andre Wiethoff)
Game Explorer Categories - genres (HKLM-x32\...\WildTangentGameProvider-acer-genres) (Version: 13.0.0.6 - WildTangent, Inc.)
Game Explorer Categories - main (HKLM-x32\...\WildTangentGameProvider-acer-main) (Version: 13.0.0.6 - WildTangent, Inc.)
High-Definition Video Playback (x32 Version: 11.0.12200.1.158 - Nero AG) Hidden
Home Makeover (x32 Version: 3.0.2.59 - WildTangent) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1162 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.15.4279 - Intel Corporation)
Intel(R) Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.100.1519.7 - Intel Corporation)
Intel® Chipsatz-Gerätesoftware (x32 Version: 10.1.1.9 - Intel(R) Corporation) Hidden
Intel® Security Assist (HKLM-x32\...\{4B230374-6475-4A73-BA6E-41015E9C5013}) (Version: 1.0.0.532 - Intel Corporation)
Jewel Match 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Jewel Match Snowscapes (x32 Version: 3.0.2.118 - WildTangent) Hidden
LibreOffice 5.0.5.2 (HKLM-x32\...\{43D862C3-739D-4FF6-91C0-25612368CC81}) (Version: 5.0.5.2 - The Document Foundation)
Magic Academy (x32 Version: 2.2.0.97 - WildTangent) Hidden
Microsoft PowerPoint Viewer 97 (HKLM-x32\...\PPTView97) (Version:  - )
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Word 2000 (HKLM-x32\...\{00170407-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2816 - Microsoft Corporation)
Microsoft Works 2000 (HKLM-x32\...\{56364334-9530-11D2-BFFC-00C04FA329AA}) (Version: 1.0.0.0000 - Microsoft Corporation)
MixPad Audiodatei-Mixer (HKLM-x32\...\MixPad) (Version: 3.90 - NCH Software)
Mozilla Firefox 46.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 46.0.1 (x86 de)) (Version: 46.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 46.0.1 - Mozilla)
Mozilla Thunderbird 38.7.1 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 38.7.1 (x86 de)) (Version: 38.7.1 - Mozilla)
Need for Speed™ Most Wanted (HKLM-x32\...\{A48B9CD8-C2BA-4EC9-0081-7260D238C7CF}) (Version:  - )
Need for Speed™ Rivals (HKLM-x32\...\{E0A32336-AA27-4053-99B2-C3380B7B95AC}) (Version: 1.4.0.0 - Electronic Arts)
Nero 11 (HKLM-x32\...\{EB475D31-14C0-4DC3-8E0A-8AE1711399B3}) (Version: 11.0.10100 - Nero AG)
Nero 2016 (HKLM-x32\...\{381DEEC4-636E-4494-99B5-7891DD3AE1CC}) (Version: 17.0.04000 - Nero AG)
Nero Backup Drivers (HKLM\...\{D600D357-5CB9-4DE9-8FD4-14E208BD1970}) (Version: 1.0.10000.1.0 - Nero AG)
Nero Info (HKLM-x32\...\{F030BFE8-8476-4C08-A553-233DE80A2BE1}) (Version: 16.0.2003 - Nero AG)
NVIDIA GeForce Experience 2.11.2.55 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.11.2.55 - NVIDIA Corporation)
NVIDIA Grafiktreiber 353.62 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 353.62 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
OpenOffice 4.0.1 (HKLM-x32\...\{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}) (Version: 4.01.9714 - Apache Software Foundation)
Origin (HKLM-x32\...\Origin) (Version: 9.3.10.4710 - Electronic Arts, Inc.)
Polar Bowler 1st Frame (x32 Version: 3.0.2.59 - WildTangent) Hidden
Prerequisite installer (x32 Version: 17.0.0002 - Nero AG) Hidden
Qualcomm Atheros 11ac Wireless LAN&Bluetooth Installer (HKLM-x32\...\{3241744A-BA36-41F0-B4AA-EF3946D00632}) (Version: 11.0.0.0099 - Qualcomm Atheros)
RealDownloader (x32 Version: 18.1.3.103 - RealNetworks, Inc.) Hidden
RealDownloader (x32 Version: 18.1.3.104 - RealNetworks) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (RealTimes) (HKLM-x32\...\RealPlayer 18.1) (Version: 18.1.3 - RealNetworks)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.31213 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.1.505.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7621 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Rory's Restaurant (x32 Version: 3.0.2.126 - WildTangent) Hidden
Runefall (x32 Version: 3.0.2.126 - WildTangent) Hidden
SHIELD Streaming (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.11.2.55 - NVIDIA Corporation) Hidden
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.1.0.9134 - Microsoft Corporation)
Skype™ 7.22 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.22.109 - Skype Technologies S.A.)
Stashimi Stub Installer (x32 Version: 18.001.1 - Nero AG) Hidden
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.19 - TeamSpeak Systems GmbH)
Thunderbolt(TM) Software (HKLM-x32\...\{5B88BE64-93E7-4D6B-83D0-37B911166FF2}) (Version: 15.2.35.250 - Intel Corporation)
TrojanHunter 6.0 (HKLM-x32\...\TrojanHunter_is1) (Version: 6.0 - Bytelayer AB)
Ulead Photo Express 2.0 SE (HKLM-x32\...\Ulead Photo Express 2.0 SE) (Version:  - )
Unlocker 1.9.1-x64 (HKLM\...\Unlocker) (Version: 1.9.1 - Cedrick Collomb)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
UpdateService (x32 Version: 1.0.0 - RealNetworks, Inc.) Hidden
Vegas World (x32 Version: 13.0.0.6 - WildTangent) Hidden
Video Downloader (x32 Version: 1.0.0 - RealNetworks) Hidden
Villagers and Heroes (x32 Version: 13.0.0.6 - WildTangent) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.2 - VideoLAN)
WavePad Audio-Editor (HKLM-x32\...\WavePad) (Version: 6.12 - NCH Software)
welcome (x32 Version: 11.0.20000.0.0 - Nero AG) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (x32 Version: 4.0.11.16 - WildTangent) Hidden
WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version:  - )
WinZip (HKLM-x32\...\WinZip) (Version:  10.0  (6699g) - WinZip Computing LP)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

CustomCLSID: HKU\S-1-5-21-2111153517-3428240612-1731616733-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Kathrin\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\FileCoAuth.exe (Microsoft Corporation)

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

"{01C7C80F-DA6A-4698-BA70-4DA27991C5A9}" task wurde entsperrt. <===== ACHTUNG
Task: {030BB56B-AA24-4A37-BD3C-AEE0BC65B587} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt application when hardware is detected => Thunderbolt.exe
"{08629A58-75ED-46AA-8646-8C7015698215}" task wurde entsperrt. <===== ACHTUNG
"{0A493256-4ADB-4CF2-8AB5-8CCBEFDFC5FE}" task wurde entsperrt. <===== ACHTUNG
"{0C20E8DB-DCF0-4C48-B9B9-482E02BD9F1F}" task wurde entsperrt. <===== ACHTUNG
"{0CFE2E40-6A97-48C5-9F38-DE82315CF1B0}" task wurde entsperrt. <===== ACHTUNG
Task: {0EC0FA23-0CD1-4DEB-9B7C-C908D664DC3D} - System32\Tasks\AcerCloud => C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe [2016-04-20] (Acer)
"{11406457-2C26-401D-B271-B7393CAD7F85}" task wurde entsperrt. <===== ACHTUNG
"{181EF958-CF2C-45C1-BFE2-0048458E3EFC}" task wurde entsperrt. <===== ACHTUNG
"{1A289232-BCB9-4599-A894-898D820255F8}" task wurde entsperrt. <===== ACHTUNG
"{1A438DBA-6F47-44D6-8207-124A92E1597E}" task wurde entsperrt. <===== ACHTUNG
"{1A8A1750-6B60-430B-A914-E01C395D222E}" task wurde entsperrt. <===== ACHTUNG
"{1F0B1B6D-6FB8-495E-8D1D-0B6BA27883EB}" task wurde entsperrt. <===== ACHTUNG
"{216D44FB-2DD3-4478-8395-49C0E0D2D767}" task wurde entsperrt. <===== ACHTUNG
"{22DF95EE-A3BC-4A00-8468-0FF46BF970FC}" task wurde entsperrt. <===== ACHTUNG
"{2300B6D1-D409-499E-92DF-030662B73A6B}" task wurde entsperrt. <===== ACHTUNG
"{27A7ABEB-AF7C-40F4-BAD4-95630EB0C1FA}" task wurde entsperrt. <===== ACHTUNG
"{2B307AD0-33EA-4DB6-81B3-05FEADBE1140}" task wurde entsperrt. <===== ACHTUNG
"{2C389306-244A-4110-97CB-594D5A467287}" task wurde entsperrt. <===== ACHTUNG
"{2CCA2563-023C-4159-8011-59C6C9E1973A}" task wurde entsperrt. <===== ACHTUNG
Task: {2D1BDF40-7AB5-488F-9D1E-6DA8713F70B8} - System32\Tasks\Power Button => C:\Program Files\Acer\Acer Power Management\ePowerButton_NB.exe [2015-05-14] (Acer Incorporated)
"{317107BF-13F6-48B4-AA5A-BA0B03A02F4B}" task wurde entsperrt. <===== ACHTUNG
"{33046BDC-2974-457F-A198-055760713D46}" task wurde entsperrt. <===== ACHTUNG
"{330DDC8E-A32D-4363-9C85-527F2673DDF7}" task wurde entsperrt. <===== ACHTUNG
"{3627755F-6629-4D94-850A-FBE43D28BEB8}" task wurde entsperrt. <===== ACHTUNG
"{37307B43-41DC-4BBE-BF3B-9B1631BEE311}" task wurde entsperrt. <===== ACHTUNG
"{3788B008-08AE-42A1-AECB-404EE0EFEAA5}" task wurde entsperrt. <===== ACHTUNG
"{4208A7BF-D622-476E-A1A3-F9EB2719ECD4}" task wurde entsperrt. <===== ACHTUNG
"{43744BF4-03F7-4B73-87FC-2BA232F6D655}" task wurde entsperrt. <===== ACHTUNG
"{44AF46C9-4AA6-4851-959E-023D755ED880}" task wurde entsperrt. <===== ACHTUNG
"{44EA678F-7E08-4531-92E2-587CA13B5D2C}" task wurde entsperrt. <===== ACHTUNG
"{45A1E736-EAAA-4735-ABBA-A9C5CF2BDAEF}" task wurde entsperrt. <===== ACHTUNG
"{48A98229-5C8E-4DDD-8139-CF35F7262A95}" task wurde entsperrt. <===== ACHTUNG
"{48E4EF46-2962-499E-B496-FD87DEFA9D4D}" task wurde entsperrt. <===== ACHTUNG
"{4A944005-EAD7-4E3D-A0CB-E36A03948234}" task wurde entsperrt. <===== ACHTUNG
"{4ADD02F8-8A80-4037-93AF-01F0D391A8D4}" task wurde entsperrt. <===== ACHTUNG
"{4BC5D02D-368A-405A-B471-F9CAB6666731}" task wurde entsperrt. <===== ACHTUNG
"{4C5A8A03-2384-464F-AEAA-F58928D854D8}" task wurde entsperrt. <===== ACHTUNG
"{4E3CB8C2-8A0C-4570-A32E-7319C6E8E432}" task wurde entsperrt. <===== ACHTUNG
"{4E4954A6-C22F-4537-87FE-9A696B7BF9C4}" task wurde entsperrt. <===== ACHTUNG
Task: {4F117C79-2706-4FBF-A748-C0259F51CEFA} - System32\Tasks\Software Update Application => C:\ProgramData\OEM\UpgradeTool\ListCheck.exe [2015-09-04] (Acer Incorporated)
"{511CB694-F6BB-49BA-AC20-E2916B05BD90}" task wurde entsperrt. <===== ACHTUNG
"{52362630-34B3-46AA-8508-9857D8B13B4F}" task wurde entsperrt. <===== ACHTUNG
"{5587F1DC-15D0-4331-A673-6EF75E5CD9C0}" task wurde entsperrt. <===== ACHTUNG
"{57ED60D2-6B0B-4069-90B4-50B067491212}" task wurde entsperrt. <===== ACHTUNG
"{59CBDFB9-8D90-4443-9AF8-5C3B45220F5E}" task wurde entsperrt. <===== ACHTUNG
"{59CE74C9-886F-4121-8052-508A4B829DC6}" task wurde entsperrt. <===== ACHTUNG
Task: {5A6BA245-17BC-4E96-ABF4-B6C6FC1A20B1} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt application on login if service is up => Thunderbolt.exe
"{5B4C02FF-5C7C-42FB-877E-4F57C6198A71}" task wurde entsperrt. <===== ACHTUNG
"{5E8CC375-A631-401B-A83D-65F729771F42}" task wurde entsperrt. <===== ACHTUNG
Task: {5F42BC55-0519-41BD-A50A-324BAA22AEB5} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTrayLauncher.exe [2015-05-14] (Acer Incorporated)
"{61E97BCB-528E-4B3C-A43A-CDFC978E48E7}" task wurde entsperrt. <===== ACHTUNG
"{62C6204C-B449-4C2C-B915-D8E513C8D2DC}" task wurde entsperrt. <===== ACHTUNG
Task: {6453D384-14C0-4ECA-929F-5CA5BF96C252} - System32\Tasks\ZhangWoZheC12-TaskPlan => C:\Program Files\ZELOTES MOUSE (C-12)\ZELOTES(C-12).exe [2015-08-03] (Shenzhen Master Electronic Technology Co., Ltd.)
Task: {64C2DCE7-706C-46B5-9E69-23CED5D6BB3B} - System32\Tasks\Nero\Nero Info => C:\Program Files (x86)\Common Files\Nero\Nero Info\NeroInfo.exe [2016-03-01] (Nero AG)
"{64EFDCE4-067E-45AD-80B7-9ACADBA7145A}" task wurde entsperrt. <===== ACHTUNG
"{669B944E-926D-4382-AB83-710022AE3EA2}" task wurde entsperrt. <===== ACHTUNG
"{66FE0026-8E27-493D-BED2-EF4ACF50814C}" task wurde entsperrt. <===== ACHTUNG
"{679EB820-C80C-4B8C-81EB-D3B5A83C3BF3}" task wurde entsperrt. <===== ACHTUNG
"{697E18DD-943C-470A-B9E3-6E5DDCB42D05}" task wurde entsperrt. <===== ACHTUNG
Task: {6A1AECEC-0766-473B-AE79-EAAA31DE758F} - System32\Tasks\ACCAgent => C:\Program Files (x86)\Acer\Care Center\LiveUpdateAgent.exe [2015-07-10] ()
Task: {6A250F7B-4F8A-4FEA-8CAE-31F28DA85202} - System32\Tasks\ACCBackgroundApplication => C:\Program Files (x86)\Acer\Care Center\ACCStd.exe [2015-07-10] ()
"{6B0D6754-588A-4B5C-95F7-7F39A9780F7E}" task wurde entsperrt. <===== ACHTUNG
"{6B696BCF-C866-41CA-B4E4-3D19FB1E9250}" task wurde entsperrt. <===== ACHTUNG
"{6BA02DD2-FC59-4F60-9427-42EA1A59DDE1}" task wurde entsperrt. <===== ACHTUNG
Task: {6BEE4BC9-04AC-425A-BA59-90FFD7149FA4} - System32\Tasks\{A586A34D-4734-4CE2-B202-318FB2B878E2} => pcalua.exe -a E:\SETUP.EXE -d E:\
"{6CBA2464-1DAD-4F1D-919F-4E6DFC499277}" task wurde entsperrt. <===== ACHTUNG
"{6D88DE84-0813-4C51-99FC-12A9A98DD1D9}" task wurde entsperrt. <===== ACHTUNG
"{70CF17D8-ACB3-4DBF-B283-6A71C9BF3D0E}" task wurde entsperrt. <===== ACHTUNG
"{71E53243-3A2D-47EE-9DAB-6D71B2366657}" task wurde entsperrt. <===== ACHTUNG
Task: {72107D7E-C498-43D0-B9B3-F8EADD73AF4B} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt service on boot if driver is up => tbtsvc.exe
"{73F84A2E-E267-44CD-AE43-26F5FADC07BC}" task wurde entsperrt. <===== ACHTUNG
"{7464E64D-F916-44C4-8B4D-8285C95325A1}" task wurde entsperrt. <===== ACHTUNG
Task: {74D305A2-A1EE-4F14-871E-62042546112B} - System32\Tasks\FUBTrackingByPLD => C:\OEM\Preload\FubTracking\FubTracking.exe [2015-05-14] ()
"{7506EE3F-10D4-4FCF-9DDD-77B8FF1182D4}" task wurde entsperrt. <===== ACHTUNG
"{75336275-E3E0-4BC0-B373-3CFB8C1E4130}" task wurde entsperrt. <===== ACHTUNG
"{75EEC801-5298-41FE-BD51-F07E4178CA3E}" task wurde entsperrt. <===== ACHTUNG
Task: {78DFDCB9-D748-4EA9-875E-7A0E605A808E} - System32\Tasks\UbtFrameworkService => C:\Program Files\Acer\User Experience Improvement Program\Framework\TriggerFramework.exe [2014-03-13] (TODO: <Company name>)
"{7A6FA6EC-ED66-42B8-B9D7-06523FB6E039}" task wurde entsperrt. <===== ACHTUNG
"{7AE1BCAC-061D-4672-BACB-88BC74CE1D7A}" task wurde entsperrt. <===== ACHTUNG
"{7BC12C89-A012-46EA-B9EB-052EB5CD4326}" task wurde entsperrt. <===== ACHTUNG
"{7BD8F44E-530D-41CF-B1D0-B9BB0B0C1C73}" task wurde entsperrt. <===== ACHTUNG
"{7F64EAF9-FFE6-49DB-90DD-80D2B8774614}" task wurde entsperrt. <===== ACHTUNG
"{7FAF6FA5-8557-4C4D-9206-7460555EAB06}" task wurde entsperrt. <===== ACHTUNG
"{830038A6-9046-42E5-B03C-1455E6BDFBAF}" task wurde entsperrt. <===== ACHTUNG
"{84E4A8CF-CE13-47C4-ABC1-BC5DD42C6C83}" task wurde entsperrt. <===== ACHTUNG
"{860F596C-A1D8-4651-B747-D134041D80AD}" task wurde entsperrt. <===== ACHTUNG
"{8865CC07-3C24-475C-896D-8ABA96F2471A}" task wurde entsperrt. <===== ACHTUNG
"{90D79106-3D12-40AF-A9BA-231F2327770C}" task wurde entsperrt. <===== ACHTUNG
"{94582C27-CA52-4593-9A48-A317C4D361E3}" task wurde entsperrt. <===== ACHTUNG
"{955E8D5B-0718-411A-9D8F-83454788272B}" task wurde entsperrt. <===== ACHTUNG
"{97601E9E-9C9C-415D-B81D-9F86ACA7CDC5}" task wurde entsperrt. <===== ACHTUNG
"{9A58602B-2D48-4E55-BA94-672A29521C76}" task wurde entsperrt. <===== ACHTUNG
"{9B3A6CD7-4CDE-4432-BE99-B316D2296C86}" task wurde entsperrt. <===== ACHTUNG
"{9FFB29C5-38ED-47CB-B89B-EA84708EBA65}" task wurde entsperrt. <===== ACHTUNG
"{A483A62A-BEE2-43EF-B43D-C4B6555D6F1E}" task wurde entsperrt. <===== ACHTUNG
"{A4D1B478-9D9D-489F-98BF-846F21D1EA6C}" task wurde entsperrt. <===== ACHTUNG
Task: {A6855426-A3BC-4213-953A-376210D25D56} - System32\Tasks\RealDownloader Update Check => C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe [2016-02-03] ()
"{A6D9FF76-0705-4B3D-9D8E-0BB183A7D3E9}" task wurde entsperrt. <===== ACHTUNG
"{AE229047-6634-45F4-A0F4-6A9522659F2D}" task wurde entsperrt. <===== ACHTUNG
"{AF8621E4-DD0A-4E22-AEBD-D252114A7D89}" task wurde entsperrt. <===== ACHTUNG
"{AFD4A8A3-508B-4785-8271-CDEBAEED3F46}" task wurde entsperrt. <===== ACHTUNG
Task: {B3DBB9A5-4D78-48BC-AB9A-3A8E2D07CC7F} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt service when hardware is detected => start ThunderboltService
"{B3DD4C81-C4AC-4263-806F-E5B540C1B26A}" task wurde entsperrt. <===== ACHTUNG
"{B4A5B97B-E0F1-4984-ADA4-432088751E1B}" task wurde entsperrt. <===== ACHTUNG
"{BA3388B9-C9D3-47A9-A9B5-E79B50DD0270}" task wurde entsperrt. <===== ACHTUNG
Task: {BB54BA6C-5DD8-4F70-A161-46492DE54740} - System32\Tasks\BacKGroundAgent => C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe [2016-04-18] (Acer Incorporated)
"{BB94B31D-4FE5-42FB-A144-A393F6C54A6F}" task wurde entsperrt. <===== ACHTUNG
"{BD62F7BB-7242-4904-A8A8-4E358ED75D6B}" task wurde entsperrt. <===== ACHTUNG
"{BF589992-F6BB-4FFC-8766-FB138C7DE18D}" task wurde entsperrt. <===== ACHTUNG
"{C0A4DF9B-B00D-4626-8994-BF17C88860B0}" task wurde entsperrt. <===== ACHTUNG
Task: {C1A2D393-4F8E-4843-9BBB-D95607425981} - System32\Tasks\Quick Access => C:\Program Files\Acer\Acer Quick Access\QALauncher.exe [2015-09-04] (Acer Incorporated)
"{C1E1F555-5EEC-4D6B-98FB-9934616F00E9}" task wurde entsperrt. <===== ACHTUNG
"{C349BB67-3672-4975-AE02-517BAD9318EE}" task wurde entsperrt. <===== ACHTUNG
"{C4E89737-E6D8-4D86-B15E-50A93654BBC1}" task wurde entsperrt. <===== ACHTUNG
"{C7752DC6-148D-4AB0-93E1-D84AEB7AA014}" task wurde entsperrt. <===== ACHTUNG
"{C881A742-1A15-4EAC-96B9-9C6EA38AC7FA}" task wurde entsperrt. <===== ACHTUNG
"{C8DB9D2B-AB0A-4D3F-8409-427C806748D6}" task wurde entsperrt. <===== ACHTUNG
Task: {C9442A58-253C-40E7-9B5D-B0528B3D79E3} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2111153517-3428240612-1731616733-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\RealUpgrade.exe [2016-02-03] (RealNetworks, Inc.)
"{CA1E905A-B064-48AF-9F06-68C7E71498B9}" task wurde entsperrt. <===== ACHTUNG
"{CA4BE44E-107E-4B2D-91AF-FC3B077B02FC}" task wurde entsperrt. <===== ACHTUNG
"{CC8236FF-A055-4083-A37E-D0F85E135DE3}" task wurde entsperrt. <===== ACHTUNG
Task: {CD7CA8C2-ACFB-4248-8AFB-43F023244AD6} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2111153517-3428240612-1731616733-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\RealUpgrade.exe [2016-02-03] (RealNetworks, Inc.)
"{CFC77F13-E27C-4C44-8D9B-CB2163D27C89}" task wurde entsperrt. <===== ACHTUNG
"{D7F0F250-0978-4FFA-BA28-A14C0AB462FF}" task wurde entsperrt. <===== ACHTUNG
"{DAAFAEC3-BC03-44D7-A77D-05760FE578AD}" task wurde entsperrt. <===== ACHTUNG
"{DB458018-DEBA-4577-AB8B-EA1506110FB8}" task wurde entsperrt. <===== ACHTUNG
"{DE9EF05D-D131-41FC-87C9-ABF449872934}" task wurde entsperrt. <===== ACHTUNG
"{E03596C8-B2A4-4553-B379-B678F0EBCA95}" task wurde entsperrt. <===== ACHTUNG
"{E15B0834-C96C-40E1-8995-12FE38D52648}" task wurde entsperrt. <===== ACHTUNG
"{E506F4C9-20BB-40AE-AD65-2304E5EF9B80}" task wurde entsperrt. <===== ACHTUNG
"{E5217668-D921-4907-8CE1-276EABA44515}" task wurde entsperrt. <===== ACHTUNG
"{E6010D43-6AE7-4B59-8E67-EC78FD8E8E96}" task wurde entsperrt. <===== ACHTUNG
"{E7D61507-58B7-44DC-8D1E-932F96FC2D62}" task wurde entsperrt. <===== ACHTUNG
"{EA5D5FA7-79F4-4BC8-8C91-CA1A24F86527}" task wurde entsperrt. <===== ACHTUNG
"{EC59CC4E-A8CB-476D-8421-92558446E9A3}" task wurde entsperrt. <===== ACHTUNG
"{EF3EC7C4-1CB5-43F1-A074-D1D74BB07D7A}" task wurde entsperrt. <===== ACHTUNG
"{EFB2C913-BFA0-4FB9-8130-48BEE6BD1B12}" task wurde entsperrt. <===== ACHTUNG
Task: {EFCCC435-3590-491C-BD58-9DE55FAFB230} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-2111153517-3428240612-1731616733-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe [2016-02-03] (RealNetworks, Inc.)
"{F120A436-C215-4927-87AA-934387AF5782}" task wurde entsperrt. <===== ACHTUNG
"{F2341244-5F02-41C5-BA40-4FBADCD67206}" task wurde entsperrt. <===== ACHTUNG
"{F35162BA-CDE7-4746-A368-D590640A3FA9}" task wurde entsperrt. <===== ACHTUNG
"{F4BF89A9-8488-4988-B163-F7F0341D521B}" task wurde entsperrt. <===== ACHTUNG
Task: {F51818C6-4B1C-4F4C-9549-AB22A6598207} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-14] (Adobe Systems Incorporated)
"{F6734075-627C-47CE-918F-B51866D629BB}" task wurde entsperrt. <===== ACHTUNG
"{F775C69D-FE09-4105-8F98-5DC6D956FA4E}" task wurde entsperrt. <===== ACHTUNG
"{F98BB314-575B-453F-A9F9-A13B9D088426}" task wurde entsperrt. <===== ACHTUNG
"{F98C81FF-D786-4067-AAFB-D67F2BA8542A}" task wurde entsperrt. <===== ACHTUNG
"{FA625267-66E0-464A-AE95-8754007E78AD}" task wurde entsperrt. <===== ACHTUNG
"{FB1868EE-5CA8-4DE9-A8B1-6171EB0EDB5A}" task wurde entsperrt. <===== ACHTUNG
"{FC52F032-45F0-4B04-99DA-5A5F43CB0392}" task wurde entsperrt. <===== ACHTUNG
"{FC5681F1-C930-414C-8049-16F7B32D0FEF}" task wurde entsperrt. <===== ACHTUNG
"{FEF85651-4DD3-461C-AB7B-44FC3276E219}" task wurde entsperrt. <===== ACHTUNG

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)


==================== Verknüpfungen =============================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2015-10-30 09:18 - 2015-10-30 09:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-04-17 15:55 - 2015-07-23 03:10 - 00116552 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-04-17 17:20 - 2016-04-17 17:20 - 04566016 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.Devices\5d25fa294951102ab2493101f5aca75d\Windows.Devices.ni.dll
2016-04-17 17:20 - 2016-04-17 17:20 - 00497664 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.Foundation\a55d1aa8413de7ec76aab7958a344629\Windows.Foundation.ni.dll
2015-09-03 14:48 - 2015-09-03 14:48 - 05570064 _____ () C:\WINDOWS\system32\IntelSSTAPO\ParameterService\libxml2-2.dll
2016-04-09 16:46 - 2016-03-30 03:21 - 00366528 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\MessageBus.dll
2016-04-09 16:46 - 2016-03-30 03:21 - 00288192 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll
2016-04-09 16:46 - 2016-03-30 03:21 - 01147328 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\libprotobuf.dll
2016-04-09 16:46 - 2016-03-30 03:22 - 03611584 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Poco.dll
2015-09-15 01:58 - 2015-09-15 01:58 - 00176640 _____ () C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe
2016-04-17 16:51 - 2016-04-17 16:51 - 02656952 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 02656952 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-04-21 17:36 - 2016-04-21 17:36 - 00959176 _____ () C:\Users\Kathrin\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64\ClientTelemetry.dll
2015-08-31 12:56 - 2015-05-08 19:41 - 00111872 _____ () C:\Program Files (x86)\Acer\clear.fi plug-in\Clearfishellext_x64.dll
2016-04-17 16:55 - 2016-04-17 16:55 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2016-02-13 19:02 - 2016-02-13 19:02 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00674816 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\MtcUvc.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-04-17 16:51 - 2016-04-17 16:51 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-04-09 16:46 - 2016-03-30 03:21 - 01988544 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvPortForwardPlugin.dll
2016-04-09 16:46 - 2016-03-30 03:21 - 02665920 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvMdnsPlugin.dll
2016-04-09 16:46 - 2016-03-30 03:22 - 01840576 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\RtspPlugin.dll
2016-04-09 16:46 - 2016-03-30 03:22 - 00207296 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\RtspServer.dll
2016-04-09 16:46 - 2016-03-30 03:20 - 00034240 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_system-vc120-mt-1_58.dll
2016-04-09 16:46 - 2016-03-30 03:20 - 00920000 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_regex-vc120-mt-1_58.dll
2015-06-16 04:53 - 2015-06-16 04:53 - 00628736 _____ () C:\Program Files\Dolby\Dolby DAX2\DAX2_APP\DolbyDAX2TrayIcon.exe
2016-03-29 21:30 - 2016-03-29 07:32 - 00075264 _____ () C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe
2015-10-30 09:18 - 2015-10-30 09:18 - 00218456 _____ () c:\windows\system32\WerEtw.dll
2016-04-17 16:55 - 2016-04-17 16:55 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-04-17 16:55 - 2016-04-17 16:56 - 22330368 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2016-01-29 05:40 - 2016-03-30 03:28 - 00018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2016-04-21 17:36 - 2016-04-21 17:36 - 00679624 _____ () C:\Users\Kathrin\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\ClientTelemetry.dll
2015-08-07 02:09 - 2015-08-07 02:09 - 01243936 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)


==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)


==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)


==================== Hosts Inhalt: ===============================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2015-07-10 13:04 - 2015-07-10 13:02 - 00000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts


==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-2111153517-3428240612-1731616733-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\acer01.jpg
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

MSCONFIG\Services: Amazon 1Button App Service => 2
MSCONFIG\Services: AtherosSvc => 2
MSCONFIG\Services: BstHdAndroidSvc => 3
MSCONFIG\Services: BstHdLogRotatorSvc => 2
MSCONFIG\Services: BstHdUpdaterSvc => 2
MSCONFIG\Services: BthHFSrv => 3
MSCONFIG\Services: bthserv => 3
MSCONFIG\Services: c2cautoupdatesvc => 2
MSCONFIG\Services: c2cpnrsvc => 2
MSCONFIG\Services: CLKMSVC10_99E320F5 => 2
MSCONFIG\Services: DigitalWave.Update.Service => 2
MSCONFIG\Services: GamesAppService => 3
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: NAUpdate => 2
MSCONFIG\Services: Origin Client Service => 3
MSCONFIG\Services: RealPlayerUpdateSvc => 2
MSCONFIG\Services: RealTimes Desktop Service => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: Steam Client Service => 3
HKLM\...\StartupApproved\StartupFolder: => "Adobe Gamma Loader.exe.lnk"
HKLM\...\StartupApproved\StartupFolder: => "Photo Express Calendar Checker SE.lnk"
HKLM\...\StartupApproved\StartupFolder: => "RealTimes.lnk"
HKLM\...\StartupApproved\StartupFolder: => "WinZip Quick Pick.lnk"
HKLM\...\StartupApproved\Run: => "CanonMyPrinter"
HKLM\...\StartupApproved\Run32: => "CanonSolutionMenuEx"
HKLM\...\StartupApproved\Run32: => "NBAgent"
HKLM\...\StartupApproved\Run32: => "RealDownloader"
HKLM\...\StartupApproved\Run32: => "TkBellExe"
HKU\S-1-5-21-2111153517-3428240612-1731616733-1001\...\StartupApproved\Run: => "BlueStacks Agent"
HKU\S-1-5-21-2111153517-3428240612-1731616733-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-2111153517-3428240612-1731616733-1001\...\StartupApproved\Run: => "SpybotPostWindows10UpgradeReInstall"
HKU\S-1-5-21-2111153517-3428240612-1731616733-1001\...\StartupApproved\Run: => "Steam"

==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{D7F8FD19-361F-4EFF-8C7C-E09A09689D9A}] => (Allow) D:\Programme\NFSR\Need for Speed(TM) Rivals\NFS14.exe
FirewallRules: [{DB2FB8A6-DB08-4A24-A333-FB556BF6DA37}] => (Allow) D:\Programme\NFSR\Need for Speed(TM) Rivals\NFS14.exe
FirewallRules: [{9C821721-E5AE-45B3-BB0E-8FBF40D24169}] => (Allow) D:\Programme\NFSR\Need for Speed(TM) Rivals\NFS14_x86.exe
FirewallRules: [{168E7C62-E7AD-4E38-AB3B-B5F7C958A3A9}] => (Allow) D:\Programme\NFSR\Need for Speed(TM) Rivals\NFS14_x86.exe
FirewallRules: [{7E9988FF-982C-42F7-9899-DB42A8D31D04}] => (Allow) C:\Program Files (x86)\Nero\Nero 2016\Nero Burning ROM\nero.exe
FirewallRules: [{56A0FC0D-5786-4EB7-A7BC-29041DF1B54D}] => (Allow) C:\Program Files (x86)\Nero\KM\MediaHome.exe
FirewallRules: [{501FD0EE-9793-4501-84C6-03748D4D6B8C}] => (Allow) C:\Program Files (x86)\Nero\KM\NMDllHost.exe
FirewallRules: [{50EAD749-8B9E-4133-AE06-773D5C2C6408}] => (Allow) C:\Program Files (x86)\Nero\Nero 2016\Nero Burning ROM\StartNBR.exe
FirewallRules: [{1C099AF7-6C6A-4148-B3AE-CB515EA50091}] => (Allow) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
FirewallRules: [{6EFA02B6-F438-440A-80F1-30A780FA9A62}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{FB6463A4-7CA8-4F31-A965-5285E6B44B63}] => (Allow) C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe
FirewallRules: [{649A575D-7524-401F-9882-784A197BE0DD}] => (Allow) C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe
FirewallRules: [{55829A5E-8069-4435-96AA-D01ECD7DD84D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{F8FF2EDA-A71F-4DC8-95FF-1A2FB706FCFE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{235F03A9-0179-4C06-9E00-D271D8CC4B4B}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{DD370A20-BF88-45F1-BD9B-8E99D97B023A}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{A0826ACF-269F-4E95-912D-8DC28B7415C8}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{1139FE35-986E-4E61-9DB8-80644B5B1621}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{F0EA1D65-612E-4CB6-8F2E-E83F258E3941}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe
FirewallRules: [{54851D17-8042-4A84-BBFF-6036D8A61AE0}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe
FirewallRules: [{9E867FF9-D73B-40D4-8D32-9B8D58F96E52}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe
FirewallRules: [{93464C45-9D34-475A-AD52-C51B2C7AFC16}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{765F7C97-BCF5-456F-84AE-D72C88139E7A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{FF5E6496-87CC-4193-8348-07216D7CDF29}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{773346A4-7AD1-4F53-8C8A-C59E7DA50D01}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{C953F4B2-C5F5-47B5-8FB2-6BCDAEAF47FE}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{D5EC7592-83C5-48A8-BDA5-863C4E1F28AD}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{CD3E1DBA-2BB3-4D14-9E44-035113800A34}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{BA76611A-53EA-4E98-9240-01D77C34D7E0}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
FirewallRules: [{9374E55F-F31F-454E-8D92-4D68414A5ACB}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
FirewallRules: [{05EBF720-9C08-4032-9F83-DDB35AB3D67E}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
FirewallRules: [{D1449E72-5288-4FF3-88B1-34F6AC527BFF}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
FirewallRules: [{153D9351-68F9-4CE6-AE66-5419EB374260}] => (Allow) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
FirewallRules: [{227DE642-B4A4-40DB-B65D-741AF59B20FE}] => (Allow) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
FirewallRules: [{DA225F5C-C571-418A-9132-30223D45C585}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{BC66F07E-D889-4415-B8A1-E44240D1B3D0}] => (Allow) C:\WINDOWS\system32\rundll32.exe
FirewallRules: [{CA80CFF3-9AE3-4D07-9827-80A64BF607AA}] => (Allow) C:\Users\Kathrin\AppData\Local\Temp\MPCOnline\MPCDownload.exe
FirewallRules: [{00861CF1-6486-4368-A463-2A54C21AD108}] => (Allow) C:\Users\Kathrin\AppData\Local\Temp\MPCOnline\MPCDownload.exe

==================== Wiederherstellungspunkte =========================

11-05-2016 12:03:31 JRT Pre-Junkware Removal

==================== Fehlerhafte Geräte im Gerätemanager =============


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (05/11/2016 02:45:00 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Fehler beim Planen des Softwareschutzdiensts für den erneuten Start bei 2116-04-17T12:45:00Z. Fehlercode: 0x80070005.

Error: (05/11/2016 02:44:30 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Fehler beim Planen des Softwareschutzdiensts für den erneuten Start bei 2116-04-17T12:44:30Z. Fehlercode: 0x80070005.

Error: (05/11/2016 02:44:00 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Fehler beim Planen des Softwareschutzdiensts für den erneuten Start bei 2116-04-17T12:44:00Z. Fehlercode: 0x80070005.

Error: (05/11/2016 02:43:30 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Fehler beim Planen des Softwareschutzdiensts für den erneuten Start bei 2116-04-17T12:43:30Z. Fehlercode: 0x80070005.

Error: (05/11/2016 02:43:00 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Fehler beim Planen des Softwareschutzdiensts für den erneuten Start bei 2116-04-17T12:43:00Z. Fehlercode: 0x80070005.

Error: (05/11/2016 02:42:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: backgroundTaskHost.exe, Version: 10.0.10586.0, Zeitstempel: 0x5632d8f0
Name des fehlerhaften Moduls: Cortana.BackgroundTask.dll, Version: 0.0.0.0, Zeitstempel: 0x56ff3588
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000046ab5
ID des fehlerhaften Prozesses: 0x1430
Startzeit der fehlerhaften Anwendung: 0xbackgroundTaskHost.exe0
Pfad der fehlerhaften Anwendung: backgroundTaskHost.exe1
Pfad des fehlerhaften Moduls: backgroundTaskHost.exe2
Berichtskennung: backgroundTaskHost.exe3
Vollständiger Name des fehlerhaften Pakets: backgroundTaskHost.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: backgroundTaskHost.exe5

Error: (05/11/2016 02:42:30 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Fehler beim Planen des Softwareschutzdiensts für den erneuten Start bei 2116-04-17T12:42:30Z. Fehlercode: 0x80070005.

Error: (05/11/2016 02:42:00 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Fehler beim Planen des Softwareschutzdiensts für den erneuten Start bei 2116-04-17T12:42:00Z. Fehlercode: 0x80070005.

Error: (05/11/2016 02:41:30 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Fehler beim Planen des Softwareschutzdiensts für den erneuten Start bei 2116-04-17T12:41:30Z. Fehlercode: 0x80070005.

Error: (05/11/2016 02:41:00 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Fehler beim Planen des Softwareschutzdiensts für den erneuten Start bei 2116-04-17T12:41:00Z. Fehlercode: 0x80070005.


Systemfehler:
=============
Error: (05/11/2016 02:45:04 PM) (Source: DCOM) (EventID: 10001) (User: LAPTOP-6F6KLGRQ)
Description: C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding740{9AA46009-3CE0-458A-A354-715610A075E6}Nicht verfügbarNicht verfügbar

Error: (05/11/2016 02:45:04 PM) (Source: DCOM) (EventID: 10001) (User: LAPTOP-6F6KLGRQ)
Description: C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding740{9AA46009-3CE0-458A-A354-715610A075E6}Nicht verfügbarNicht verfügbar

Error: (05/11/2016 02:45:04 PM) (Source: DCOM) (EventID: 10001) (User: LAPTOP-6F6KLGRQ)
Description: C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding740{9AA46009-3CE0-458A-A354-715610A075E6}Nicht verfügbarNicht verfügbar

Error: (05/11/2016 02:44:57 PM) (Source: DCOM) (EventID: 10001) (User: LAPTOP-6F6KLGRQ)
Description: C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding740{9AA46009-3CE0-458A-A354-715610A075E6}Nicht verfügbarNicht verfügbar

Error: (05/11/2016 02:44:31 PM) (Source: DCOM) (EventID: 10001) (User: LAPTOP-6F6KLGRQ)
Description: C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding740{9AA46009-3CE0-458A-A354-715610A075E6}Nicht verfügbarNicht verfügbar

Error: (05/11/2016 02:44:31 PM) (Source: DCOM) (EventID: 10001) (User: LAPTOP-6F6KLGRQ)
Description: C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding740{9AA46009-3CE0-458A-A354-715610A075E6}Nicht verfügbarNicht verfügbar

Error: (05/11/2016 02:44:30 PM) (Source: DCOM) (EventID: 10001) (User: LAPTOP-6F6KLGRQ)
Description: C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding740{9AA46009-3CE0-458A-A354-715610A075E6}Nicht verfügbarNicht verfügbar

Error: (05/11/2016 02:44:16 PM) (Source: DCOM) (EventID: 10001) (User: LAPTOP-6F6KLGRQ)
Description: C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding740{9AA46009-3CE0-458A-A354-715610A075E6}Nicht verfügbarNicht verfügbar

Error: (05/11/2016 02:44:03 PM) (Source: DCOM) (EventID: 10001) (User: LAPTOP-6F6KLGRQ)
Description: C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding740{9AA46009-3CE0-458A-A354-715610A075E6}Nicht verfügbarNicht verfügbar

Error: (05/11/2016 02:43:49 PM) (Source: DCOM) (EventID: 10001) (User: LAPTOP-6F6KLGRQ)
Description: C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding740{9AA46009-3CE0-458A-A354-715610A075E6}Nicht verfügbarNicht verfügbar


CodeIntegrity:
===================================
  Date: 2016-05-10 19:54:05.829
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows.old\Windows\WinSxS\x86_microsoft-windows-utilman_31bf3856ad364e35_10.0.10240.16384_none_ae8b861a138d2840\Utilman.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-05-10 19:54:05.821
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows.old\Windows\WinSxS\x86_microsoft-windows-utilman_31bf3856ad364e35_10.0.10240.16384_none_ae8b861a138d2840\Utilman.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-05-10 19:54:05.814
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows.old\Windows\WinSxS\x86_microsoft-windows-utilman_31bf3856ad364e35_10.0.10240.16384_none_ae8b861a138d2840\Utilman.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-05-10 19:53:25.241
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows.old\Windows\WinSxS\wow64_windows-devices-perception_31bf3856ad364e35_10.0.10240.16384_none_d7cab6266329c783\Windows.Devices.Perception.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-05-10 19:53:25.223
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows.old\Windows\WinSxS\wow64_windows-devices-perception_31bf3856ad364e35_10.0.10240.16384_none_d7cab6266329c783\Windows.Devices.Perception.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-05-10 19:53:25.211
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows.old\Windows\WinSxS\wow64_windows-devices-perception_31bf3856ad364e35_10.0.10240.16384_none_d7cab6266329c783\Windows.Devices.Perception.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-05-10 19:53:22.711
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows.old\Windows\WinSxS\wow64_microsoft-xbox-gameoverlay_31bf3856ad364e35_10.0.10240.16431_none_510c5232f65d3fa4\GamePanel.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-05-10 19:53:22.699
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows.old\Windows\WinSxS\wow64_microsoft-xbox-gameoverlay_31bf3856ad364e35_10.0.10240.16431_none_510c5232f65d3fa4\GamePanel.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-05-10 19:53:22.691
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows.old\Windows\WinSxS\wow64_microsoft-xbox-gameoverlay_31bf3856ad364e35_10.0.10240.16431_none_510c5232f65d3fa4\GamePanel.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-05-10 19:52:54.489
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows.old\Windows\WinSxS\wow64_microsoft-windows-edp-audit_31bf3856ad364e35_10.0.10240.16384_none_7777f253b03d948e\edpauditapi.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Speicherinformationen =========================== 

Prozessor: Intel(R) Core(TM) i7-6700HQ CPU @ 2.60GHz
Prozentuale Nutzung des RAM: 24%
Installierter physikalischer RAM: 16296.78 MB
Verfügbarer physikalischer RAM: 12350.37 MB
Summe virtueller Speicher: 18728.78 MB
Verfügbarer virtueller Speicher: 15012.32 MB

==================== Laufwerke ================================

Drive c: (Acer) (Fixed) (Total:237.87 GB) (Free:148.06 GB) NTFS
Drive d: (Data) (Fixed) (Total:931.51 GB) (Free:917.98 GB) NTFS

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (Size: 238.5 GB) (Disk ID: F438BC24)

Partition: GPT.

========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: F438BC36)

Partition: GPT.

==================== Ende von Addition.txt ============================

Ich hoffe das hilft erst mal weiter

Bis dann Manu

cosinus · 12.05.2016, 07:24

Log von ESET fehlt

manu1909 · 12.05.2016, 09:57

Hallo Cosinus,
ich hab die ESET Logdatei gefunden:

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=082bd71720985d4abe5203d6fe8f774e
# end=init
# utc_time=2016-05-11 01:17:21
# local_time=2016-05-11 03:17:21 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.2.9200 NT 
Update Init
Update Download
Update Finalize
Updated modules version: 29439
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=082bd71720985d4abe5203d6fe8f774e
# end=updated
# utc_time=2016-05-11 01:22:47
# local_time=2016-05-11 03:22:47 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.2.9200 NT 
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=082bd71720985d4abe5203d6fe8f774e
# engine=29439
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2016-05-11 02:02:02
# local_time=2016-05-11 04:02:02 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT 
# compatibility_mode_1='Avira Antivirus'
# compatibility_mode=1815 16777213 100 100 5114 6826645 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 2951498 16789465 0 0
# scanned=404849
# found=0
# cleaned=0
# scan_time=2354
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=082bd71720985d4abe5203d6fe8f774e
# end=init
# utc_time=2016-05-12 08:03:22
# local_time=2016-05-12 10:03:22 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.2.9200 NT 
Update Init
Update Download
Update Finalize
Updated modules version: 29447
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=082bd71720985d4abe5203d6fe8f774e
# end=updated
# utc_time=2016-05-12 08:04:08
# local_time=2016-05-12 10:04:08 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.2.9200 NT

Diese Web-Seiten öffnen sich in viertel Stunden Abstand:

ads01-atmgroup.rhcloud.com
algocashmaster.net
bet-at-home.com/de/landingpage/sportfirst/3?random=1eb4f3cfac
424xdyfnasy.tech/3gib4ml/frey/585/17546/67o

Ich habe für Mozilla "Addblock plus" installiert.
Ich habe keine Toolbars, keine Suchmaschinen und bis auf "Shockwave flash" keine aktivierten Add-ons.

Viele Grüße

Manu

cosinus · 12.05.2016, 12:54

Das Log bringt so nix. Du hast geschrieben, ESET hätte Funde gehabt, ist im Log aber nix von zu sehen

manu1909 · 12.05.2016, 12:58

ESET hat einen Fund gehabt und sofort gelöscht. Danach habe ich ESET erneut durchlaufen lassen. Die Logdatei ist vermutlich von dem 2. Scan.
Eine andere hab ich nicht mehr.

Auf jeden Fall bin ich aktuell noch infiziert. Irgendein Scanner muß doch was finden ?!

Grüße

Manu

cosinus · 12.05.2016, 13:03

Bitte Avira deinstallieren. Das Teil empfehlen wir schon seit Jahren aus mehreren Gründen nicht mehr. Ein Grund ist ne rel. hohe Fehlalarmquote, der zweite Hauptgrund ist, dass die immer noch mit ASK zusammenarbeiten (Avira Suchfunktion geht über ASK). Auch andere Freewareanbieter wie AVG, Avast oder Panda sprangen auf diesen Zug auf; so was ist bei Sicherheitssoftware einfach inakzeptabel. Vgl. Antivirensoftware: Schutz Für Ihre Dateien, Aber Auf Kosten Ihrer Privatsphäre? | Emsisoft Blog

Gib Bescheid wenn Avira weg ist; wenn wir hier durch sind, kannst du auf einen anderen Virenscanner umsteigen, Infos folgen dann im Abschlussposting. Bitte JETZT nix mehr ohne Absprache installieren!

manu1909 · 12.05.2016, 13:08

Avira ist weg.

cosinus · 12.05.2016, 13:08

Malwarebytes Anti-Rootkit (MBAR)

Downloade dir bitte

Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.

Starte bitte die mbar.exe.
Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
Klicke auf den CleanUp Button und erlaube den Neustart.
Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
Nach dem Neustart starte die mbar.exe erneut.
Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.

Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit.
Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten.
Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

manu1909 · 12.05.2016, 13:21

Alles klar, Scan läuft.
Ich mach jetzt alles andere aus und melde mich mit dem Ergebnis.

Der Scan ging schneller als ich dachte. Hier die Logdatei

Code:

ATTFilter

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.09.3.1001

(c) Malwarebytes Corporation 2011-2012

OS version: 10.0.9200 Windows 10 x64

Account is Administrative

Internet Explorer version: 11.212.10586.0

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.592000 GHz
Memory total: 17088413696, free: 14862286848

Downloaded database version: v2016.05.12.04
Downloaded database version: v2016.05.06.01
Downloaded database version: v2016.05.11.01
=======================================
Initializing...
Driver version: 0.3.0.4
------------ Kernel report ------------
     05/12/2016 14:12:02
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kd.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\System32\drivers\werkernel.sys
\SystemRoot\System32\drivers\CLFS.SYS
\SystemRoot\System32\drivers\tm.sys
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\System32\drivers\cmimcext.sys
\SystemRoot\System32\drivers\ntosext.sys
\SystemRoot\system32\CI.dll
\SystemRoot\System32\drivers\msrpc.sys
\SystemRoot\System32\drivers\FLTMGR.SYS
\SystemRoot\System32\drivers\ksecdd.sys
\SystemRoot\System32\drivers\clipsp.sys
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\System32\Drivers\acpiex.sys
\SystemRoot\System32\Drivers\WppRecorder.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\ACPI.sys
\SystemRoot\System32\drivers\WMILIB.SYS
\SystemRoot\System32\drivers\msisadrv.sys
\SystemRoot\System32\drivers\pci.sys
\SystemRoot\System32\drivers\tpm.sys
\SystemRoot\system32\drivers\WindowsTrustedRT.sys
\SystemRoot\System32\drivers\WindowsTrustedRTProxy.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\pdc.sys
\SystemRoot\system32\drivers\CEA.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\System32\drivers\spaceport.sys
\SystemRoot\System32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\System32\drivers\storahci.sys
\SystemRoot\System32\drivers\storport.sys
\SystemRoot\System32\drivers\EhStorClass.sys
\SystemRoot\System32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Wof.sys
\SystemRoot\System32\Drivers\NTFS.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\System32\drivers\wfplwfs.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\System32\drivers\volsnap.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\system32\DRIVERS\NBVolUp.sys
\SystemRoot\system32\DRIVERS\NBVol.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\disk.sys
\SystemRoot\System32\drivers\CLASSPNP.SYS
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\drivers\cdrom.sys
\SystemRoot\system32\drivers\filecrypt.sys
\SystemRoot\system32\drivers\tbs.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\BasicDisplay.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\BasicRender.sys
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\drivers\vwififlt.sys
\SystemRoot\System32\drivers\pacer.sys
\SystemRoot\system32\drivers\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\drivers\npsvctrig.sys
\SystemRoot\System32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\gpuenergydrv.sys
\SystemRoot\System32\Drivers\ElbyCDIO.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\ahcache.sys
\SystemRoot\System32\DriverStore\FileRepository\compositebus.inf_amd64_912dfdedc3d2f520\CompositeBus.sys
\SystemRoot\System32\drivers\kdnic.sys
\SystemRoot\System32\drivers\umbus.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\System32\drivers\USBXHCI.SYS
\SystemRoot\system32\drivers\ucx01000.sys
\SystemRoot\System32\drivers\iaLPSS2i_I2C.sys
\SystemRoot\system32\drivers\SpbCx.sys
\SystemRoot\System32\drivers\TeeDriverW8x64.sys
\SystemRoot\System32\Drivers\AnyDVD.sys
\SystemRoot\System32\drivers\Qcamain10x64.sys
\SystemRoot\system32\DRIVERS\wdiwifi.sys
\SystemRoot\System32\drivers\vwifibus.sys
\SystemRoot\System32\drivers\rt640x64.sys
\SystemRoot\System32\drivers\CmBatt.sys
\SystemRoot\System32\drivers\BATTC.SYS
\SystemRoot\System32\drivers\i8042prt.sys
\SystemRoot\System32\drivers\kbdclass.sys
\SystemRoot\System32\drivers\IntcAudioBus.sys
\SystemRoot\System32\drivers\portcls.sys
\SystemRoot\System32\drivers\drmk.sys
\SystemRoot\System32\drivers\ks.sys
\SystemRoot\System32\drivers\wmiacpi.sys
\SystemRoot\System32\drivers\intelppm.sys
\SystemRoot\System32\drivers\acpipagr.sys
\SystemRoot\System32\drivers\UEFI.sys
\SystemRoot\system32\drivers\nvvad64v.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\System32\drivers\NdisVirtualBus.sys
\SystemRoot\System32\drivers\swenum.sys
\SystemRoot\System32\drivers\LMDriver.sys
\SystemRoot\System32\drivers\RadioShim.sys
\SystemRoot\System32\drivers\HIDCLASS.SYS
\SystemRoot\System32\drivers\HIDPARSE.SYS
\SystemRoot\System32\drivers\rdpbus.sys
\SystemRoot\System32\drivers\UsbHub3.sys
\SystemRoot\System32\drivers\USBD.SYS
\SystemRoot\System32\drivers\IntcOED.sys
\SystemRoot\System32\drivers\hidi2c.sys
\SystemRoot\System32\drivers\mshidkmdf.sys
\SystemRoot\system32\DRIVERS\IntcDMic.sys
\SystemRoot\System32\drivers\mouhid.sys
\SystemRoot\System32\drivers\mouclass.sys
\SystemRoot\System32\drivers\MTConfig.sys
\SystemRoot\system32\DRIVERS\SynRMIHID.sys
\SystemRoot\System32\drivers\hidusb.sys
\SystemRoot\System32\drivers\usbccgp.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\system32\DRIVERS\btfilter.sys
\SystemRoot\system32\DRIVERS\BTHUSB.sys
\SystemRoot\system32\DRIVERS\bthport.sys
\SystemRoot\system32\Drivers\RtsUer.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\system32\DRIVERS\BthLEEnum.sys
\SystemRoot\System32\drivers\rfcomm.sys
\SystemRoot\System32\drivers\BthEnum.sys
\SystemRoot\System32\drivers\bthpan.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\win32kfull.sys
\SystemRoot\System32\win32kbase.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_storahci.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\System32\drivers\dxgmms2.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\drivers\monitor.sys
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\DRIVERS\IntcDAud.sys
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\drivers\storqosflt.sys
\SystemRoot\system32\drivers\lltdio.sys
\SystemRoot\system32\drivers\mslldp.sys
\SystemRoot\system32\drivers\rspndr.sys
\SystemRoot\System32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\ndisuio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\drivers\vwifimp.sys
\SystemRoot\system32\drivers\Ndu.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\system32\drivers\mmcss.sys
\SystemRoot\System32\drivers\condrv.sys
\??\C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys
\SystemRoot\System32\drivers\tunnel.sys
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
----------- End -----------
Done!

Scan started
Database versions:
  main:    v2016.05.12.04
  rootkit: v2016.05.06.01

<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffe000fd185060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffe000fd0b2870, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffe000fd185060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xffffe000fcf08e40, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffffe000fcf04060, DeviceName: \Device\00000038\, DriverName: \Driver\storahci\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
This drive is a GPT Drive.
MBR Signature: 55AA
Disk Signature: F438BC24

GPT Protective MBR Partition information:

    Partition 0 type is EFI-GPT (0xee)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 1  Numsec = 4294967295

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

GPT Partition information:

    GPT Header Signature 4546492050415254
    GPT Header Revision 65536 Size 92 CRC 2566382319
    GPT Header CurrentLba = 1 BackupLba 500118191
    GPT Header FirstUsableLba 34  LastUsableLba 500118158
    GPT Header Guid 10df0de0-ebd1-4a57-b9d2-e6d5c18d5be7
    GPT Header Contains 128 partition entries starting at LBA 2
    GPT Header Partition entry size = 128

    Backup GPT header Signature 4546492050415254
    Backup GPT header Revision 65536 Size 92 CRC 2566382319
    Backup GPT header CurrentLba = 500118191 BackupLba 1
    Backup GPT header FirstUsableLba 34  LastUsableLba 500118158
    Backup GPT header Guid 10df0de0-ebd1-4a57-b9d2-e6d5c18d5be7
    Backup GPT header Contains 128 partition entries starting at LBA 500118159
    Backup GPT header Partition entry size = 128

    Partition 0 Type c12a7328-f81f-11d2-ba4b-0a0c93ec93b
    Partition ID e696c50b-b09a-4903-bc14-266093707c0
    FirstLBA 2048  Last LBA 206847
    Attributes 0
    Partition Name                 EFI system partition

    GPT Partition 0 is bootable
    Partition 1 Type e3c9e316-b5c-4db8-817d-f92df0215ae
    Partition ID ce7ac280-f650-41e1-9254-fb50aeeb9855
    FirstLBA 206848  Last LBA 239615
    Attributes 0
    Partition Name         Microsoft reserved partition

    Partition 2 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
    Partition ID f736d6f9-e925-4c72-b586-855db86dadfb
    FirstLBA 239616  Last LBA 499093503
    Attributes 0
    Partition Name                 Basic data partition

    Partition 3 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
    Partition ID e1e6eb5a-c09e-43ce-b7c9-3bf06a504a8d
    FirstLBA 499093504  Last LBA 500117503
    Attributes 1
    Partition Name                 Basic data partition

Disk Size: 256060514304 bytes
Sector size: 512 bytes

Done!
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xffffe000fd184060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffe000fd0b0b10, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffe000fd184060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
DevicePointer: 0xffffe000fcf07390, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffffe000fcf02060, DeviceName: \Device\00000039\, DriverName: \Driver\storahci\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
This drive is a GPT Drive.
MBR Signature: 55AA
Disk Signature: F438BC36

GPT Protective MBR Partition information:

    Partition 0 type is EFI-GPT (0xee)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 1  Numsec = 4294967295

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

GPT Partition information:

    GPT Header Signature 4546492050415254
    GPT Header Revision 65536 Size 92 CRC 1573548300
    GPT Header CurrentLba = 1 BackupLba 1953525167
    GPT Header FirstUsableLba 34  LastUsableLba 1953525134
    GPT Header Guid f283071e-5dd0-401c-8373-416fd1534e55
    GPT Header Contains 128 partition entries starting at LBA 2
    GPT Header Partition entry size = 128

    Backup GPT header Signature 4546492050415254
    Backup GPT header Revision 65536 Size 92 CRC 1573548300
    Backup GPT header CurrentLba = 1953525167 BackupLba 1
    Backup GPT header FirstUsableLba 34  LastUsableLba 1953525134
    Backup GPT header Guid f283071e-5dd0-401c-8373-416fd1534e55
    Backup GPT header Contains 128 partition entries starting at LBA 1953525135
    Backup GPT header Partition entry size = 128

    Partition 0 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
    Partition ID b4676464-f1c9-4619-86c9-3cabab23ecd
    FirstLBA 2048  Last LBA 1953523711
    Attributes 0
    Partition Name                 Basic data partition

Disk Size: 1000204886016 bytes
Sector size: 512 bytes

Done!
File "C:\Windows\System32\KERNELBASE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\apphelp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\psapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\user32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\gdi32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\advapi32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msvcrt.dll" is sparse (flags = 32768)
File "C:\Windows\System32\sechost.dll" is sparse (flags = 32768)
File "C:\Windows\System32\rpcrt4.dll" is sparse (flags = 32768)
File "C:\Windows\System32\sspicli.dll" is sparse (flags = 32768)
File "C:\Windows\System32\CRYPTBASE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\BCRYPTPRIMITIVES.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\imm32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\shlwapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\combase.dll" is sparse (flags = 32768)
File "C:\Windows\System32\shell32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\cfgmgr32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\version.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.STORAGE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\KERNEL.APPCORE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\SHCore.dll" is sparse (flags = 32768)
File "C:\Windows\System32\powrprof.dll" is sparse (flags = 32768)
File "C:\Windows\System32\profapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ole32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\netapi32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wintrust.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msasn1.dll" is sparse (flags = 32768)
File "C:\Windows\System32\crypt32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wininet.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ws2_32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\imagehlp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\userenv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\mpr.dll" is sparse (flags = 32768)
File "C:\Windows\System32\sfc_os.dll" is sparse (flags = 32768)
File "C:\Windows\System32\netutils.dll" is sparse (flags = 32768)
File "C:\Windows\System32\comdlg32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\FIREWALLAPI.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\oleaut32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\winmm.dll" is sparse (flags = 32768)
File "C:\Windows\System32\winspool.drv" is sparse (flags = 32768)
File "C:\Windows\System32\davhlpr.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WINMMBASE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\bcrypt.dll" is sparse (flags = 32768)
File "C:\Windows\System32\cryptsp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\rsaenh.dll" is sparse (flags = 32768)
File "C:\Windows\System32\fwbase.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wkscli.dll" is sparse (flags = 32768)
File "C:\Windows\System32\cscapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\uxtheme.dll" is sparse (flags = 32768)
File "C:\Windows\System32\iertutil.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ONDEMANDCONNROUTEHELPER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\IPHLPAPI.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\winhttp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\mswsock.dll" is sparse (flags = 32768)
File "C:\Windows\System32\nsi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\winnsi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dnsapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\urlmon.dll" is sparse (flags = 32768)
File "C:\Windows\System32\rasadhlp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\FWPUCLNT.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\msctf.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dwmapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dhcpcsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ntmarta.dll" is sparse (flags = 32768)
File "C:\Windows\System32\clbcatq.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wtsapi32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\winsta.dll" is sparse (flags = 32768)
File "C:\Windows\System32\efswrt.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WinTypes.dll" is sparse (flags = 32768)
File "C:\Windows\System32\edputil.dll" is sparse (flags = 32768)
File "C:\Windows\System32\propsys.dll" is sparse (flags = 32768)
File "C:\Windows\System32\mssprxy.dll" is sparse (flags = 32768)
File "C:\Windows\System32\smss.exe" is sparse (flags = 32768)
File "C:\Windows\System32\csrss.exe" is sparse (flags = 32768)
File "C:\Windows\System32\wininit.exe" is sparse (flags = 32768)
File "C:\Windows\System32\services.exe" is sparse (flags = 32768)
File "C:\Windows\System32\lsass.exe" is sparse (flags = 32768)
File "C:\Windows\System32\svchost.exe" is sparse (flags = 32768)
File "C:\Windows\System32\winlogon.exe" is sparse (flags = 32768)
File "C:\Windows\System32\dwm.exe" is sparse (flags = 32768)
File "C:\Windows\System32\setupapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\devobj.dll" is sparse (flags = 32768)
File "C:\Windows\System32\sxs.dll" is sparse (flags = 32768)
File "C:\Windows\System32\spoolsv.exe" is sparse (flags = 32768)
File "C:\Windows\System32\NapiNSP.dll" is sparse (flags = 32768)
File "C:\Windows\System32\pnrpnsp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\nlaapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\winrnr.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wshbth.dll" is sparse (flags = 32768)
File "C:\Windows\System32\DHCPCSVC6.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\webio.dll" is sparse (flags = 32768)
File "C:\Windows\System32\schannel.dll" is sparse (flags = 32768)
File "C:\Windows\System32\MSKEYPROTECT.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\ncrypt.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ntasn1.dll" is sparse (flags = 32768)
File "C:\Windows\System32\NCRYPTSSLP.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\dpapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wlanapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dbghelp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\conhost.exe" is sparse (flags = 32768)
File "C:\Windows\System32\sihost.exe" is sparse (flags = 32768)
File "C:\Windows\System32\TASKHOSTW.EXE" is sparse (flags = 32768)
File "C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PRESENTATIONFONTCACHE.EXE" is sparse (flags = 32768)
File "C:\Windows\explorer.exe" is sparse (flags = 32768)
File "C:\Windows\System32\TWINAPI.APPCORE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\MrmCoreR.dll" is sparse (flags = 32768)
File "C:\Windows\System32\actxprxy.dll" is sparse (flags = 32768)
File "C:\Windows\System32\biwinrt.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.SECURITY.AUTHENTICATION.ONLINEID.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.SECURITY.AUTHENTICATION.ONLINEID.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\MMDevAPI.dll" is sparse (flags = 32768)
File "C:\Windows\System32\mfplat.dll" is sparse (flags = 32768)
File "C:\Windows\System32\d3d11.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.NETWORKING.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\MFREADWRITE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\dxgi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\RTWorkQ.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.NETWORKING.CONNECTIVITY.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.NETWORKING.CONNECTIVITY.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.NETWORKING.HOSTNAME.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.NETWORKING.HOSTNAME.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\THREADPOOLWINRT.DLL" is sparse (flags = 32768)
File "C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\SHELLEXPERIENCEHOST.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\SEARCHINDEXER.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\RUNTIMEBROKER.EXE" is sparse (flags = 32768)
File "C:\Windows\SysWOW64\cmd.exe" is sparse (flags = 32768)
File "C:\Windows\System32\cmdext.dll" is sparse (flags = 32768)
File "C:\Windows\System32\secur32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\mlang.dll" is sparse (flags = 32768)
File "C:\Windows\System32\pcacli.dll" is sparse (flags = 32768)
File "C:\Windows\System32\devrtl.dll" is sparse (flags = 32768)
File "C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" is sparse (flags = 32768)
File "C:\Windows\SysWOW64\timeout.exe" is sparse (flags = 32768)
File "C:\Windows\System32\wbem\WmiPrvSE.exe" is sparse (flags = 32768)
File "C:\Windows\System32\SETTINGSYNCHOST.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\wbem\unsecapp.exe" is sparse (flags = 32768)
File "C:\Windows\System32\wsock32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wer.dll" is sparse (flags = 32768)
File "C:\Windows\System32\xmllite.dll" is sparse (flags = 32768)
File "C:\Windows\System32\cabinet.dll" is sparse (flags = 32768)
File "C:\Windows\System32\loadperf.dll" is sparse (flags = 32768)
File "C:\Windows\System32\pdh.dll" is sparse (flags = 32768)
File "C:\Windows\System32\Faultrep.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dbgcore.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msxml6.dll" is sparse (flags = 32768)
File "C:\Windows\System32\SensApi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\riched20.dll" is sparse (flags = 32768)
File "C:\Windows\System32\usp10.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msls31.dll" is sparse (flags = 32768)
File "C:\Windows\System32\mscoree.dll" is sparse (flags = 32768)
File "C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll" is sparse (flags = 32768)
File "C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll" is sparse (flags = 32768)
File "C:\Windows\System32\MSVCR120_CLR0400.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\MSVCR120_CLR0400.DLL" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System\53659adf088ea34465ba7148e260c847\System.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\13a04e6416bbbaaca12da6cbcad76c68\System.Core.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\c98bae6a53cf6b2bc173eb3db974af06\WindowsBase.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\f23d9459e7fdce36221187ea675fc624\PresentationCore.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\6562ef16de0b9951d9ee834026fdc7a5\PresentationFramework.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\da69f2d0cab254ee15b8fbf55286111d\System.Xaml.ni.dll" is sparse (flags = 32768)
File "C:\Windows\System32\DWrite.dll" is sparse (flags = 32768)
File "C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFGFX_V0400.DLL" is sparse (flags = 32768)
File "C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\PRESENTATIONNATIVE_V0400.DLL" is sparse (flags = 32768)
File "C:\Windows\Microsoft.NET\Framework\v4.0.30319\clrjit.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\206e48e6105b08574bb8e821ef9a6b4a\System.Configuration.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\21709e6e2d2b139a920a46d9caa86473\System.Xml.ni.dll" is sparse (flags = 32768)
File "C:\Windows\System32\rasapi32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\rasman.dll" is sparse (flags = 32768)
File "C:\Windows\System32\rtutils.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Numerics\1e5082b2115e78ad728a5b16fb0fe0a5\System.Numerics.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\4e88b96ea67f9c2accde6a76d15a056f\System.Runtime.Serialization.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\c00eb17fbfcf6f27038aa9fce18faf0f\System.Xml.Linq.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\7843c75dd8c3e8656edb1be5feeecf52\System.Data.ni.dll" is sparse (flags = 32768)
File "C:\Windows\System32\d3d9.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatioaec034ca#\52355744b3fdfdca37ba808ceff7beee\PresentationFramework.Aero2.ni.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWSCODECS.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\APPLICATIONFRAMEHOST.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\audiodg.exe" is sparse (flags = 32768)
File "C:\Windows\System32\msimg32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\samcli.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wbem\wbemprox.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wbemcomn.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wbem\wbemsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wbem\fastprox.dll" is sparse (flags = 32768)
File "C:\Windows\System32\DATAEXCHANGE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\dcomp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\AudioSes.dll" is sparse (flags = 32768)
File "C:\Windows\System32\Wpc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\MSVCP_WIN.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\ucrtbase.dll" is sparse (flags = 32768)
File "C:\Windows\System32\d2d1.dll" is sparse (flags = 32768)
File "C:\Windows\System32\mscms.dll" is sparse (flags = 32768)
File "C:\Windows\System32\EXPLORERFRAME.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\linkinfo.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ntshrui.dll" is sparse (flags = 32768)
File "C:\Windows\System32\srvcli.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wdmaud.drv" is sparse (flags = 32768)
File "C:\Windows\System32\ksuser.dll" is sparse (flags = 32768)
File "C:\Windows\System32\avrt.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msacm32.drv" is sparse (flags = 32768)
File "C:\Windows\System32\msacm32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\midimap.dll" is sparse (flags = 32768)
File "C:\Windows\System32\d3d10_1.dll" is sparse (flags = 32768)
File "C:\Windows\System32\D3D10_1CORE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\mf.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dxva2.dll" is sparse (flags = 32768)
File "C:\Windows\System32\evr.dll" is sparse (flags = 32768)
File "C:\Windows\System32\MSAUDDECMFT.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\MFPERFHELPER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\MSMPEG2VDEC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\twinapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\quartz.dll" is sparse (flags = 32768)
File "C:\Windows\System32\qasf.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msdmo.dll" is sparse (flags = 32768)
File "C:\Windows\System32\MP3DMOD.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\THUMBCACHE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\dui70.dll" is sparse (flags = 32768)
File "C:\Windows\System32\duser.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.GLOBALIZATION.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\BCP47LANGS.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\GLOBINPUTHOST.DLL" is sparse (flags = 32768)
File "C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\tiptsf.dll" is sparse (flags = 32768)
File "C:\Windows\System32\STRUCTUREDQUERY.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\atlthunk.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.STORAGE.SEARCH.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\samlib.dll" is sparse (flags = 32768)
File "C:\Windows\System32\oleacc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\POLICYMANAGER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\MSVCP110_WIN.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\coml2.dll" is sparse (flags = 32768)
File "C:\Windows\System32\drprov.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ntlanman.dll" is sparse (flags = 32768)
File "C:\Windows\System32\davclnt.dll" is sparse (flags = 32768)
File "C:\Windows\System32\DLNASHEXT.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\PLAYTODEVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\NETWORKEXPLORER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\DEVDISPITEMPROVIDER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\PORTABLEDEVICEAPI.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\gpapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\cryptnet.dll" is sparse (flags = 32768)
File "C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll" is sparse (flags = 32768)
File "C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9193_none_d09188224426efcd\msvcr80.dll" is sparse (flags = 32768)
File "C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsec.dll" is sparse (flags = 32768)
File "C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll" is sparse (flags = 32768)
File "C:\Windows\System32\Wldap32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\shfolder.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wuapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\UPDATEPOLICY.DLL" is sparse (flags = 32768)
File "C:\Windows\Microsoft.NET\Framework\v2.0.50727\DIASYMREADER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\oledlg.dll" is sparse (flags = 32768)
File "C:\Windows\System32\netprofm.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ieframe.dll" is sparse (flags = 32768)
File "C:\Windows\System32\npmproxy.dll" is sparse (flags = 32768)
File "C:\Windows\System32\mshtml.dll" is sparse (flags = 32768)
File "C:\Windows\System32\srpapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msimtf.dll" is sparse (flags = 32768)
File "C:\Windows\System32\jscript9.dll" is sparse (flags = 32768)
File "C:\Windows\System32\D3D10WARP.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\dxtrans.dll" is sparse (flags = 32768)
File "C:\Windows\System32\atl.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ddrawex.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ddraw.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dciman32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dciman32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dxtmsft.dll" is sparse (flags = 32768)
File "C:\Windows\System32\SEARCHPROTOCOLHOST.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\wbem\WMIADAP.exe" is sparse (flags = 32768)
File "C:\Windows\System32\SEARCHFILTERHOST.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\rundll32.exe" is sparse (flags = 32768)
File "C:\Windows\SysWOW64\ONEDRIVESETUP.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\credssp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\userinit.exe" is sparse (flags = 32768)
File "C:\Windows\System32\scecli.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msv1_0.dll" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\1394ohci.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\flpydisk.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mspclock.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\acpiex.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\acpi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mpsdrv.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\isapnp.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\acpipmi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\Locator.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\amdk8.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\acpipagr.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\acpitime.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\drmkaud.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\drmkaud.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\afd.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BthhfHid.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BthHfAud.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\asyncmac.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\srv.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\rfcomm.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\AGP440.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\sdstor.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ahcache.sys" is sparse (flags = 32768)
File "C:\Windows\System32\alg.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BASICRENDER.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BASICRENDER.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\amdppm.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\appid.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\srv2.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\atapi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BTHUSB.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BASICDISPLAY.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BASICDISPLAY.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\Ndu.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\bthenum.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\HYPERVIDEO.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\HYPERVIDEO.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\pciide.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\bowser.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\wacompen.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\WdFilter.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\scfilter.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\storufs.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BthA2DP.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BTHAVRCPTG.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BTHAVRCPTG.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\volmgr.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BUTTONCONVERTER.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BUTTONCONVERTER.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BTHLEENUM.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BTHLEENUM.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BTHHFENUM.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BTHHFENUM.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\bthmodem.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\bthpan.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\bthport.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\udfs.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\uefi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\cdfs.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\clfs.sys" is sparse (flags = 32768)
File "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSVCHOST.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\cdrom.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\circlass.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ndproxy.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\i8042prt.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mup.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\CmBatt.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\cng.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\CNGHWASSIST.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\dfsc.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\disk.sys" is sparse (flags = 32768)
File "C:\Windows\System32\dllhost.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\condrv.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hidusb.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\dam.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\errdev.sys" is sparse (flags = 32768)
File "C:\Windows\System32\DiagSvcs\DIAGNOSTICSHUB.STANDARDCOLLECTOR.SERVICE.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\DiagSvcs\DIAGNOSTICSHUB.STANDARDCOLLECTOR.SERVICE.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\dmvsc.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\serial.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\dxgkrnl.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\umpass.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\tcpip.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\EHSTORCLASS.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\EHSTORTCGDRV.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\EHSTORTCGDRV.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbvideo.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\fileinfo.sys" is sparse (flags = 32768)
File "C:\Windows\System32\FXSSVC.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\fdc.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\FILECRYPT.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vmstorfl.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ipfltdrv.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\FILETRACE.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\fltMgr.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\monitor.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\FSDEPENDS.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\STORQOSFLT.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\fvevol.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\GAGP30KX.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hidbth.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\VMGENCOUNTER.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\VMGENCOUNTER.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vhf.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ndisuio.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\MSGPIOCLX.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\GPUENERGYDRV.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hdaudbus.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hidbatt.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hidi2c.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\HIDINTERRUPT.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\HIDINTERRUPT.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hidir.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\http.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hwpolicy.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hyperkbd.sys" is sparse (flags = 32768)
File "C:\Windows\SysWOW64\perfhost.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ioqos.sys" is sparse (flags = 32768)
File "C:\Windows\System32\IEETWCOLLECTOR.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\intelide.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\intelpep.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\intelppm.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\IPMIDrv.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ipnat.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\irenum.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\netbt.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\msiscsi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\kbdclass.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\kbdhid.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ksecdd.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ksecpkg.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ksecpkg.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ksthunk.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\lltdio.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\parport.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\parport.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\luafv.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mmcss.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mskssrv.sys" is sparse (flags = 32768)
File "C:\Program Files\Windows Defender\MsMpEng.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\wimmount.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mrxdav.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\modem.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mspqm.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mouclass.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mouhid.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mountmgr.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\rasl2tp.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mrxsmb.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mrxsmb10.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mrxsmb20.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\Ucx01000.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ufx01000.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\bridge.sys" is sparse (flags = 32768)
File "C:\Windows\System32\msdtc.exe" is sparse (flags = 32768)
File "C:\Windows\System32\VSSVC.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\MSGPIOWIN32.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\MSGPIOWIN32.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\MSHIDKMDF.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\MSHIDUMDF.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\msisadrv.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mstee.sys" is sparse (flags = 32768)
File "C:\Windows\System32\msiexec.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mslldp.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mssmbios.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\MTConfig.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\nwifi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\netbios.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ndis.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ndiscap.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\NDISIMPLATFORM.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\tunnel.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ndistapi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbhub.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\NDISVIRTUALBUS.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ndiswan.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\NPSVCTRIG.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\NPSVCTRIG.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\nsiproxy.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\NV_AGP.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\vds.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\partmgr.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\pci.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\pcw.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\pdc.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\pcmcia.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\PEAuth.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\qwavedrv.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\raspptp.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\processr.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\pacer.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\rasacd.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\agilevpn.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\raspppoe.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\rassstp.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\rdbss.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\rdpbus.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\rdpdr.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\RDPVIDEOMINIPORT.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\rdyboost.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\rspndr.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vms3cap.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\sbp2port.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\sdbus.sys" is sparse (flags = 32768)
File "C:\Windows\System32\SENSORDATASERVICE.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\SerCx.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\SpbCx.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\serenum.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\serenum.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\SerCx2.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\sermouse.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\URSCX01000.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\sfloppy.sys" is sparse (flags = 32768)
File "C:\Windows\System32\snmptrap.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\SPACEPORT.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\SPACEPORT.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\sppsvc.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\srvnet.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\volmgrx.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\storahci.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\stornvme.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\storvsc.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\swenum.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\tcpipreg.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\tdx.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\tpm.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\terminpt.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vdrvroot.sys" is sparse (flags = 32768)
File "C:\Windows\System32\TIERINGENGINESERVICE.EXE" is sparse (flags = 32768)
File "C:\Windows\servicing\TRUSTEDINSTALLER.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\TsUsbFlt.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\TsUsbGD.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\UAGP35.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\uaspstor.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\UcmCx.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\Udecx.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbccgp.sys" is sparse (flags = 32768)
File "C:\Windows\System32\UI0DETECT.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ULIAGPKX.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\umbus.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbcir.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbehci.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbohci.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbuhci.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\USBXHCI.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\USBHUB3.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbprint.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbser.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\USBSTOR.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\VERIFIEREXT.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vhdmp.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vmbus.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\VMBusHID.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\volsnap.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vpci.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vsmraid.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vwifibus.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vwififlt.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vwifimp.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\WUDFRd.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\wanarp.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\winusb.sys" is sparse (flags = 32768)
File "C:\Windows\System32\wbengine.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\WdBoot.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\Wdf01000.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\WdiWiFi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\WdNisDrv.sys" is sparse (flags = 32768)
File "C:\Program Files\Windows Defender\NisSrv.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\wfplwfs.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\wfplwfs.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\WINDOWSTRUSTEDRT.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\wmiacpi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\wbem\WmiApSrv.exe" is sparse (flags = 32768)
File "C:\Program Files\Windows Media Player\wmpnetwk.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\wpcfltr.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\WPDUPFLTR.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ws2ifsl.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\WUDFPf.sys" is sparse (flags = 32768)
File "C:\Windows\System32\AJRouter.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ipnathlp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\lsm.dll" is sparse (flags = 32768)
File "C:\Windows\System32\umpnpmgr.dll" is sparse (flags = 32768)
File "C:\Windows\System32\rpcss.dll" is sparse (flags = 32768)
File "C:\Windows\System32\appinfo.dll" is sparse (flags = 32768)
File "C:\Windows\System32\MESSAGINGSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\appidsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\AxInstSv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dcpsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\APPREADINESS.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.STATEREPOSITORY.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\AUDIOENDPOINTBUILDER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WALLETSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\APPXDEPLOYMENTSERVER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\audiosrv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\RpcEpMap.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dssvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\bdesvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\BFE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\XBLAUTHMANAGER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\netman.dll" is sparse (flags = 32768)
File "C:\Windows\System32\DEVICESETUPMANAGER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\cdpsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\umpo.dll" is sparse (flags = 32768)
File "C:\Windows\System32\qmgr.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ListSvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\lltdsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\bisrv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dhcpcore.dll" is sparse (flags = 32768)
File "C:\Windows\System32\browser.dll" is sparse (flags = 32768)
File "C:\Windows\System32\BthHFSrv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\profsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\pnrpsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\bthserv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\provsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\das.dll" is sparse (flags = 32768)
File "C:\Windows\System32\LICENSEMANAGERSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\certprop.dll" is sparse (flags = 32768)
File "C:\Windows\System32\DMWAPPUSHSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\ClipSVC.dll" is sparse (flags = 32768)
File "C:\Windows\System32\COREMESSAGING.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\cryptsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\TETHERINGSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\moshost.dll" is sparse (flags = 32768)
File "C:\Windows\System32\DEFRAGSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\DEVQUERYBROKER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\wscsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WsmSvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wersvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wecsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wcmsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wkssvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dot3svc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\DIAGTRACK.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.INTERNAL.MANAGEMENT.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.INTERNAL.MANAGEMENT.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\MPSSVC.dll" is sparse (flags = 32768)
File "C:\Windows\System32\fdPHost.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dnsrslvr.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dps.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WERCPLSUPPORT.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\eapsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\efssvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\EMBEDDEDMODESVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\ENTERPRISEAPPMGMTSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\FntCache.dll" is sparse (flags = 32768)
File "C:\Windows\System32\es.dll" is sparse (flags = 32768)
File "C:\Windows\System32\sdrsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\srvsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\FDResPub.dll" is sparse (flags = 32768)
File "C:\Windows\System32\upnphost.dll" is sparse (flags = 32768)
File "C:\Windows\System32\fhsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\gpsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\hidserv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\IKEEXT.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\iphlpsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\keyiso.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msdtckrm.dll" is sparse (flags = 32768)
File "C:\Windows\System32\lfsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\lmhsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\iscsiexe.dll" is sparse (flags = 32768)
File "C:\Windows\System32\nsisvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\nlasvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ngcsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\NcaSvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\NCDAUTOSETUP.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\NCBSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\netlogon.dll" is sparse (flags = 32768)
File "C:\Windows\System32\trkwks.dll" is sparse (flags = 32768)
File "C:\Windows\System32\NETPROFMSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\NETSETUPSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\icsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\NGCCTNRSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\APHOSTSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\pcasvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\p2psvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\PHONESERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\PIMINDEXMAINTENANCE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\pla.dll" is sparse (flags = 32768)
File "C:\Windows\System32\pnrpauto.dll" is sparse (flags = 32768)
File "C:\Windows\System32\IPSECSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\qwave.dll" is sparse (flags = 32768)
File "C:\Windows\System32\rasauto.dll" is sparse (flags = 32768)
File "C:\Windows\System32\rasmans.dll" is sparse (flags = 32768)
File "C:\Windows\System32\mprdim.dll" is sparse (flags = 32768)
File "C:\Windows\System32\regsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\RDXSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\schedsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\SCardSvr.dll" is sparse (flags = 32768)
File "C:\Windows\System32\XBLGAMESAVE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\SCDEVICEENUM.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\seclogon.dll" is sparse (flags = 32768)
File "C:\Windows\System32\Sens.dll" is sparse (flags = 32768)
File "C:\Windows\System32\SENSORSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\sensrsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\SessEnv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\shsvcs.dll" is sparse (flags = 32768)
File "C:\Windows\System32\TILEOBJSERVER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\smphost.dll" is sparse (flags = 32768)
File "C:\Windows\System32\SMSROUTERSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\StorSvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\sstpsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ssdpsrv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wiaservc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\svsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\swprv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\sysmain.dll" is sparse (flags = 32768)
File "C:\Windows\System32\SYSTEMEVENTSBROKERSERVER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\SYSTEMEVENTSBROKERSERVER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\TabSvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\termsrv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\tapisrv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\THEMESERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\TIMEBROKERSERVER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\TZAUTOUPDATE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\umrdp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\Unistore.dll" is sparse (flags = 32768)
File "C:\Windows\System32\USERDATASERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\usermgr.dll" is sparse (flags = 32768)
File "C:\Windows\System32\usocore.dll" is sparse (flags = 32768)
File "C:\Windows\System32\vaultsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\w32time.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wbiosrvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wwansvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WUDFSvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wlidsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wlansvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wcncsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WebClnt.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WCSPLUGINSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\wdi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WEPHOSTSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\wiarpc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wbem\WMIsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WORKFOLDERSSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WPDBUSENUM.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WPNSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WSSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\wuaueng.dll" is sparse (flags = 32768)
File "C:\Windows\System32\XBOXNETAPISVC.DLL" is sparse (flags = 32768)
File "C:\Program Files\Windows Mail\WinMail.exe" is sparse (flags = 32768)
File "C:\Windows\System32\unregmp2.exe" is sparse (flags = 32768)
File "C:\Windows\System32\ie4uinit.exe" is sparse (flags = 32768)
File "C:\Windows\SysWOW64\rundll32.exe" is sparse (flags = 32768)
File "C:\Users\Kathrin\AppData\Local\Comms\UnistoreDB\store.vol" is sparse (flags = 32768)
File "C:\Windows\System32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.dat" is sparse (flags = 32768)
Scan finished

cosinus · 12.05.2016, 13:33

Bitte poste doch das richtige Log...

manu1909 · 12.05.2016, 13:40

Du kannst mich totschlagen, aber das ist erstens die einzige Logdatei im mbar-Ordner
und zweitens gibt es in dem Ordner keine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) !

12.05.2016, 07:24	#6
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	MOZILLA ÖFFNET SELBSTÄNDIG WERBESEITE(n) am liebsten "ads01-atmgroup.rhcloud.com" Log von ESET fehlt __________________ --> MOZILLA ÖFFNET SELBSTÄNDIG WERBESEITE(n) am liebsten "ads01-atmgroup.rhcloud.com"

12.05.2016, 12:54	#8
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	MOZILLA ÖFFNET SELBSTÄNDIG WERBESEITE(n) am liebsten "ads01-atmgroup.rhcloud.com" Das Log bringt so nix. Du hast geschrieben, ESET hätte Funde gehabt, ist im Log aber nix von zu sehen __________________ Logfiles bitte immer in CODE-Tags posten

12.05.2016, 13:33	#14
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	MOZILLA ÖFFNET SELBSTÄNDIG WERBESEITE(n) am liebsten "ads01-atmgroup.rhcloud.com" Bitte poste doch das richtige Log... __________________ Logfiles bitte immer in CODE-Tags posten

MOZILLA ÖFFNET SELBSTÄNDIG WERBESEITE(n) am liebsten "ads01-atmgroup.rhcloud.com"

Plagegeister aller Art und deren Bekämpfung: MOZILLA ÖFFNET SELBSTÄNDIG WERBESEITE(n) am liebsten "ads01-atmgroup.rhcloud.com"