Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Trojan:Win32/Xadupi (https://www.trojaner-board.de/179353-trojan-win32-xadupi.html)

Caroblue 07.06.2016 10:35
Trojan:Win32/Xadupi
 
Schönen guten Tag,
ich habe gestern festgestellt, dass mein Kaspersky nicht mehr Funktioniert.
Daraufhin habe ich den Windows Schutz aktiviert und ein Scan laufen lassen.
Dort wurde dann der Trojaner Win32/Xadupi gefunden.
Ich habe diesen dann entfernen lassen.
Ich habe auch Kaspersky deinstalliert und neu Installiert, da kam dann die Fehlermeldung "Interner Fehler 2771" daraufhin holte ich ein Clean Programm von Kaspersky, da die Fehlermeldung besagte, dass Kaspersky nicht komplett deinstalliert sei.
So weit so gut, dann Installierte ich wieder Kaspersky aber es öffnet nur das Fenster "Programm wird gestartet" und nichts passiert.
Dann lies ich nochmal den Windows defender laufen und er meldet wieder 2 Probleme
1. Trojan:Win32/Xadupi
2. Software Bundler: Win32/Bervisec

Nun bin ich am Ende und hoffe das Ihr mir helfen könnt.:crazy:

burningice 07.06.2016 11:26
:hallo:
Mein Name ist Rafael und ich werde dir bei der Bereinigung helfen.

Damit ich dir optimal helfen kann, halte dich bitte an folgende Regeln:
  • Bitte lies meine Posts komplett durch bevor du sie abarbeitest
  • Wenn ein Problem auftauchen sollte oder dir etwas unklar ist, unterbreche deine Arbeit und beschreibe es so genau wie möglich.
  • Bitte kein Crossposting
  • Installiere oder Deinstalliere keine Software ohne Aufforderung
  • Bitte verwende nur die Tools, welche hier im Thread erwähnt werden und führe sie nur gemäß Anweisung aus
  • Bitte antworte innerhalb von 24h um eine sinnvolle Bereinigung zu ermöglichen
  • Poste die Logs immer in CODE-Tags (#-Button), zur Not die Logs einfach aufteilen
  • Wichtig: Nur weil dein Problem mit einem Schritt plötzlich behoben ist, bedeutet das nicht, dass dein PC auch sauber ist. Mache solange weiter, bis ich dir sage, dass dein PC "clean" ist
  • Wenn ich dir nicht binnen 36h antworte, sende mir bitte eine persönliche Nachricht!
Los geht's :abklatsch:

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


Caroblue 07.06.2016 12:12
dieses Farbar's Recovery Scan Tool ist das von Pconverter?
Sorry aber ich bin jetzt etwas vorsichtig mit dem runterladen


FRST Logfile:
Code:
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:06-06-2016
durchgeführt von lucted (Administrator) auf LUCTED-PC (07-06-2016 13:07:27)
Gestartet von C:\Users\lucted\Desktop
Geladene Profile: lucted & DefaultAppPool (Verfügbare Profile: UpdatusUser & lucted & DefaultAppPool)
Platform: Windows 10 Home Version 1511 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: "C:\Program Files (x86)\jIxmRfR\jIxmRfR\chrome.exe" "%1")
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Elex do Brasil Participações Ltda) C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Elex do Brasil Participações Ltda) C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc2.exe
() C:\Program Files\3d4c000a04d89a4d691861923d3e00f8\e9742494fa779e0581f6d306d5edf2e8.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
() C:\Windows\System32\FspService.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
konnte nicht auf den Prozess zugreifen -> obexsrv.exe
konnte nicht auf den Prozess zugreifen -> devmonsrv.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Elex do Brasil Participações Ltda) C:\Program Files (x86)\Elex-tech\YAC\iSafeTray.exe
() C:\Program Files\3d4c000a04d89a4d691861923d3e00f8\6ebedf5d2812a7dc37b6e9cca08c7cfe.exe
() C:\Program Files\3d4c000a04d89a4d691861923d3e00f8\e9742494fa779e0581f6d306d5edf2e8.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
(Sony) C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
() C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
(Wistron) C:\Program Files (x86)\Launch Manager\HotkeyApp.exe
(Wistron Corp.) C:\Program Files (x86)\Launch Manager\OSD.exe
(Wistron Corp.) C:\Program Files (x86)\Launch Manager\WisLMSvc.exe
(Wistron Corp.) C:\Program Files (x86)\Launch Manager\WButton.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
() C:\Program Files (x86)\watchmi\TvdTray.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Geek Software GmbH) C:\Users\lucted\Mama Strom\Sonja\PDF24\pdf24.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
() C:\ProgramData\jIxmRfR\protect\protect.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\inetsrv\w3wp.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_21_0_0_242.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_21_0_0_242.exe


==================== Registry (Nicht auf der Ausnahmeliste) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [fspuip] => C:\Program Files\FSP\fspuip.exe [6319440 2015-05-29] (Sentelic Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12661352 2011-08-01] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2264168 2011-07-13] (Realtek Semiconductor)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
HKLM-x32\...\Run: [HotkeyApp] => C:\Program Files (x86)\Launch Manager\HotkeyApp.exe [207400 2011-08-06] (Wistron)
HKLM-x32\...\Run: [LMgrVolOSD] => C:\Program Files (x86)\Launch Manager\OSD.exe [348960 2011-08-06] (Wistron Corp.)
HKLM-x32\...\Run: [LMgrOSD] => "C:\Program Files (x86)\Launch Manager\OSDCtrl.exe"
HKLM-x32\...\Run: [Wbutton] => C:\Program Files (x86)\Launch Manager\Wbutton.exe [447016 2011-08-13] (Wistron Corp.)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [107816 2010-08-04] (CyberLink)
HKLM-x32\...\Run: [Dolby Advanced Audio v2] => C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe [506712 2011-02-03] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67384 2016-03-18] (Apple Inc.)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [310280 2012-12-20] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [PDFPrint] => C:\Users\lucted\Mama Strom\Sonja\PDF24\pdf24.exe [221216 2015-11-18] (Geek Software GmbH)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-689365640-92009327-2566536619-1001\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-12-18] (Google Inc.)
HKU\S-1-5-21-689365640-92009327-2566536619-1001\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1476104 2012-12-20] (Samsung)
HKU\S-1-5-21-689365640-92009327-2566536619-1001\...\Run: [] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844296 2012-12-20] (Samsung)
HKU\S-1-5-21-689365640-92009327-2566536619-1001\...\Run: [Sony PC Companion] => C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe [457088 2015-09-23] (Sony)
HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [517632 2015-10-30] (Microsoft Corporation)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [176904 2015-07-23] (NVIDIA Corporation)
AppInit_DLLs: ,C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [176904 2015-07-23] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [155280 2015-07-23] (NVIDIA Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\lucted\AppData\Local\Microsoft\OneDrive\17.3.5892.0626_1\amd64\FileSyncShell64.dll [2016-01-06] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\lucted\AppData\Local\Microsoft\OneDrive\17.3.5892.0626_1\amd64\FileSyncShell64.dll [2016-01-06] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\lucted\AppData\Local\Microsoft\OneDrive\17.3.5892.0626_1\amd64\FileSyncShell64.dll [2016-01-06] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\lucted\AppData\Local\Microsoft\OneDrive\17.3.5892.0626_1\FileSyncShell.dll [2016-01-06] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\lucted\AppData\Local\Microsoft\OneDrive\17.3.5892.0626_1\FileSyncShell.dll [2016-01-06] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\lucted\AppData\Local\Microsoft\OneDrive\17.3.5892.0626_1\FileSyncShell.dll [2016-01-06] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2015-12-28]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\watchmi tray.lnk [2010-12-02]
ShortcutTarget: watchmi tray.lnk -> C:\Windows\Installer\{AA4D1C5E-116A-4FF4-AA91-28F526868203}\SHCT_TRAY_PROGRAMG_A10D8603999C4E9488776EF2533C58C9.exe (Acresso Software Inc.)
GroupPolicy: Beschränkung - Chrome <======= ACHTUNG

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1
Tcpip\Parameters: [NameServer] 82.163.142.7 95.211.158.134
Tcpip\..\Interfaces\{03825670-e143-4a1c-9d66-6b83c604caab}: [NameServer] 82.163.142.7 95.211.158.134
Tcpip\..\Interfaces\{03825670-e143-4a1c-9d66-6b83c604caab}: [DhcpNameServer] 192.168.2.1 192.168.2.1
Tcpip\..\Interfaces\{5327d1c1-1dac-4479-9385-c34c11de559b}: [NameServer] 82.163.142.7 95.211.158.134
Tcpip\..\Interfaces\{5327d1c1-1dac-4479-9385-c34c11de559b}: [DhcpNameServer] 82.163.142.7
Tcpip\..\Interfaces\{848e4150-98c3-4bc5-8ac9-bd77e8cead6a}: [NameServer] 82.163.142.7 95.211.158.134

Internet Explorer:
==================
HKU\S-1-5-21-689365640-92009327-2566536619-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.softonic.com/INF1205T01/tb_v1?SearchSource=10&cc=
HKU\S-1-5-21-689365640-92009327-2566536619-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com
SearchScopes: HKLM -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKLM -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKLM-x32 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKLM-x32 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-689365640-92009327-2566536619-1001 -> DefaultScope {4BB7C960-1C70-484C-B979-2CCADBE00A6F} URL =
SearchScopes: HKU\S-1-5-21-689365640-92009327-2566536619-1001 -> {4BB7C960-1C70-484C-B979-2CCADBE00A6F} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2016-04-12] (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-27] (Google Inc.)
BHO: Kaspersky Protection plugin -> {C66D064F-82FE-4E1A-B06A-B2490BA48B18} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\x64\IEExt\ie_plugin.dll [2015-12-08] (AO Kaspersky Lab)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-04-12] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll => Keine Datei
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll [2014-12-12] (Oracle Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-27] (Google Inc.)
BHO-x32: Kaspersky Protection plugin -> {C66D064F-82FE-4E1A-B06A-B2490BA48B18} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\IEExt\ie_plugin.dll [2015-12-08] (AO Kaspersky Lab)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-12-12] (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-27] (Google Inc.)
Toolbar: HKLM - Kaspersky Protection toolbar - {3507FA00-ADA2-4A02-99B9-51AD26CA9120} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\x64\IEExt\ie_plugin.dll [2015-12-08] (AO Kaspersky Lab)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-27] (Google Inc.)
Toolbar: HKLM-x32 - Kaspersky Protection toolbar - {3507FA00-ADA2-4A02-99B9-51AD26CA9120} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\IEExt\ie_plugin.dll [2015-12-08] (AO Kaspersky Lab)
Toolbar: HKU\S-1-5-21-689365640-92009327-2566536619-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-27] (Google Inc.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1
FF NewTab: hxxp://www.nicesearches.com?type=hp&ts=1462807746&from=87640509&uid=hitachixhts547575a9e384_j2540054ca75yeca75yex&z=addf052d28676756fb7e802g0z2q4oabfe0m8m3c7b
FF DefaultSearchEngine: yessearches
FF DefaultSearchEngine.US: data:text/plain,browser.search.defaultenginename.US=yessearches
FF SelectedSearchEngine: nice
FF Homepage: hxxp://www.web.de/
FF Keyword.URL: hxxp://www.yessearches.com/chrome.php?uid=04CF7FDFC4A179AD46422513D05566BE&ptid=cos1&ts=AHEpC3YsAHItBE..&v=20160323&mode=ffexttoolbar&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_21_0_0_242.dll [2016-05-13] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_242.dll [2016-05-13] ()
FF Plugin-x32: @java.com/DTPlugin,version=10.9.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2012-11-24] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-12-12] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-12-27] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-14] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-14] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2011-07-25] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2011-07-25] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin HKU\S-1-5-21-689365640-92009327-2566536619-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\lucted\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2013-06-06] (Unity Technologies ApS)
FF user.js: detected! => C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\8hxidemf.default\user.js [2015-03-05]
FF user.js: detected! => C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\user.js [2015-03-05]
FF SearchPlugin: C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\8hxidemf.default\searchplugins\11-suche.xml [2013-03-22]
FF SearchPlugin: C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\8hxidemf.default\searchplugins\ask-web-search.xml [2014-06-14]
FF SearchPlugin: C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\8hxidemf.default\searchplugins\englische-ergebnisse.xml [2013-03-22]
FF SearchPlugin: C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\8hxidemf.default\searchplugins\gmx-suche.xml [2013-03-22]
FF SearchPlugin: C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\8hxidemf.default\searchplugins\lastminute.xml [2013-03-22]
FF SearchPlugin: C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\8hxidemf.default\searchplugins\piesearch.xml [2016-04-15]
FF SearchPlugin: C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\8hxidemf.default\searchplugins\webde-suche.xml [2013-03-22]
FF SearchPlugin: C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\searchplugins\11-suche.xml [2013-03-22]
FF SearchPlugin: C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\searchplugins\ask-web-search.xml [2014-06-14]
FF SearchPlugin: C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\searchplugins\DD1B66D4.xml [2016-03-26]
FF SearchPlugin: C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\searchplugins\englische-ergebnisse.xml [2013-03-22]
FF SearchPlugin: C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\searchplugins\gmx-suche.xml [2013-03-22]
FF SearchPlugin: C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\searchplugins\lastminute.xml [2013-03-22]
FF SearchPlugin: C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\searchplugins\webde-suche.xml [2013-03-22]
FF Extension: WEB.DE MailCheck - C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\extensions\browser-mailcheck@web.de [2016-03-26]
FF Extension: xRocket Toolbar - C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\extensions\arthurj8283@gmail.com [2016-05-09] [ist nicht signiert]
FF Extension: LottaDeals - C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\8hxidemf.default\Extensions\@lottadealsun.xpi [2016-02-02]
FF Extension: WEB.DE MailCheck - C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\8hxidemf.default\Extensions\browser-mailcheck@web.de [2016-03-26]
FF Extension: GsearchFinder - C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\Extensions\@E9438230-A7DF-4D1F-8F2D-CA1D0F0F7924.xpi [2016-03-24]
FF Extension: LottaDeals - C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\Extensions\@lottadealsun.xpi [2016-02-02]
FF Extension: Gooding Toolbar - C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\Extensions\gooding-toolbar@gooding.de.xpi [2016-04-09]
FF Extension: PConverter - C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\Extensions\_dzMembers_@www.pconverter.com [2016-06-07]
FF Extension: Anti-Banner - C:\Program Files (x86)\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak2 [2016-03-19] [ist nicht signiert]
FF Extension: Modul zur Link-Untersuchung - C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak2 [2016-03-19] [ist nicht signiert]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2016-03-19] [ist nicht signiert]
FF HKLM-x32\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru => nicht gefunden
FF HKLM-x32\...\Firefox\Extensions: [arthurj8283@gmail.com] - C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\extensions\arthurj8283@gmail.com
FF HKLM-x32\...\Firefox\Extensions: [light_plugin_D772DC8D6FAF43A29B25C4EBAA5AD1DE@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\FFExt\light_plugin_firefox
FF Extension: Kaspersky Protection - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\FFExt\light_plugin_firefox [2016-06-07]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.nicesearches.com?type=hp&ts=1462807746&from=87640509&uid=hitachixhts547575a9e384_j2540054ca75yeca75yex&z=addf052d28676756fb7e802g0z2q4oabfe0m8m3c7b
CHR StartupUrls: Default -> "hxxp://www.nicesearches.com?type=hp&ts=1462807746&from=87640509&uid=hitachixhts547575a9e384_j2540054ca75yeca75yex&z=addf052d28676756fb7e802g0z2q4oabfe0m8m3c7b"
CHR DefaultSearchURL: Default -> hxxp://www.nicesearches.com/search.php?type=ds&ts=1462807746&from=87640509&uid=hitachixhts547575a9e384_j2540054ca75yeca75yex&z=addf052d28676756fb7e802g0z2q4oabfe0m8m3c7b&q={searchTerms}
CHR DefaultSearchKeyword: Default -> nice
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.112\gcswf32.dll => Keine Datei
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll => Keine Datei
CHR Plugin: (Java Deployment Toolkit 6.0.260.3) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll => Keine Datei
CHR Plugin: (Java(TM) Platform SE 6 U26) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll => Keine Datei
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll => Keine Datei
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll => Keine Datei
CHR Plugin: (Chrome NaCl) - C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.112\ppGoogleNaClPluginChrome.dll => Keine Datei
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.112\pdf.dll => Keine Datei
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll => Keine Datei
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Profile: C:\Users\lucted\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Kaspersky Protection) - C:\Users\lucted\AppData\Local\Google\Chrome\User Data\Default\Extensions\eahebamiopdhefndnmappcihfajigkka [2016-04-21]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\lucted\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-21]

==================== Dienste (Nicht auf der Ausnahmeliste) ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
S2 AVP16.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\avp.exe [194000 2015-12-08] (Kaspersky Lab ZAO)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3009264 2016-05-17] (Microsoft Corporation)
S2 DeskTop_F; C:\ProgramData\desktopfind\desktop154.exe [236728 2016-03-16] (DeskTopService)
R2 FspSvc; C:\Windows\System32\FspService.exe [2178896 2015-05-29] ()
R2 iSafeService; C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe [118048 2016-05-24] (Elex do Brasil Participações Ltda)
R2 jIxmRfR_protect; C:\ProgramData\jIxmRfR\protect\protect.exe [303016 2016-04-21] ()
S2 jIxmRfR_update; C:\Program Files (x86)\jIxmRfR\jIxmRfR\bin\jIxmRfR_server.exe [473000 2016-04-21] ()
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [Datei ist nicht signiert]
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [Datei ist nicht signiert]
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2010-12-14] () [Datei ist nicht signiert]
S3 vssbrigde64; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\x64\vssbridge64.exe [144640 2015-07-09] (AO Kaspersky Lab)
S2 watchmi; C:\Program Files (x86)\watchmi\TvdService.exe [62464 2010-12-06] () [Datei ist nicht signiert]
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
R3 WisLMSvc; C:\Program Files (x86)\Launch Manager\WisLMSvc.exe [118560 2011-08-06] (Wistron Corp.)
R2 55844b3475394b0a6d1d222018827763; c:\program files\3d4c000a04d89a4d691861923d3e00f8\e9742494fa779e0581f6d306d5edf2e8.exe [X]
S3 PrintNotify; C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll [X]

===================== Treiber (Nicht auf der Ausnahmeliste) ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [389816 2015-07-06] (Kaspersky Lab ZAO)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)
R3 fspad_win764; C:\Windows\system32\DRIVERS\fspad_win764.sys [209232 2015-05-29] (Sentelic Corporation)
R1 iSafeKrnl; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnl.sys [262344 2016-05-24] (Elex do Brasil Participações Ltda)
S3 iSafeKrnlBoot; C:\Windows\System32\DRIVERS\iSafeKrnlBoot.sys [55056 2016-05-24] (Elex do Brasil Participações Ltda)
S1 iSafeKrnlKit; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlKit.sys [110112 2016-05-24] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlMon; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlMon.sys [52440 2016-05-24] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlR3; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlR3.sys [103904 2016-05-24] (Elex do Brasil Participações Ltda)
R1 iSafeNetFilter; C:\Windows\System32\DRIVERS\iSafeNetFilter.sys [52392 2016-05-19] (Elex do Brasil Participações Ltda)
S3 IT9135BDA; C:\Windows\System32\Drivers\IT9135BDA.sys [165504 2011-08-10] (ITE                      )
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [478392 2015-06-22] (Kaspersky Lab ZAO)
S0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [53432 2015-06-06] (Kaspersky Lab ZAO)
S1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [70512 2015-06-27] (Kaspersky Lab ZAO)
R2 kldisk; C:\Windows\system32\DRIVERS\kldisk.sys [68280 2015-06-06] (Kaspersky Lab ZAO)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [30328 2015-06-24] (Kaspersky Lab)
R3 klflt; C:\Windows\system32\DRIVERS\klflt.sys [181640 2015-12-08] (AO Kaspersky Lab)
R1 klhk; C:\Windows\system32\DRIVERS\klhk.sys [227512 2015-12-08] (AO Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [934272 2015-12-08] (AO Kaspersky Lab)
R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [39608 2015-06-11] (Kaspersky Lab ZAO)
S3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [41656 2015-06-06] (Kaspersky Lab ZAO)
R4 klkbdflt2; C:\Windows\system32\DRIVERS\klkbdflt2.sys [33456 2015-06-09] (Kaspersky Lab ZAO)
S3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [41656 2015-06-07] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [41352 2015-12-08] (AO Kaspersky Lab)
R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [87944 2015-12-08] (Kaspersky Lab ZAO)
R1 Klwtp; C:\Windows\system32\DRIVERS\klwtp.sys [102584 2015-06-16] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [187056 2015-06-23] (Kaspersky Lab ZAO)
S3 mod7764; C:\Windows\System32\DRIVERS\mod77-64.sys [1077416 2010-09-16] (DiBcom SA)
R3 RTSUER; C:\Windows\system32\Drivers\RtsUer.sys [402960 2015-05-14] (Realsil Semiconductor Corporation)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
R1 9bbd853a1cc743e00bcc1b20a5622ae6; system32\DRIVERS\9bbd853a1cc743e00bcc1b20a5622ae6.sys [X]
U3 idsvc; kein ImagePath

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-06-07 13:07 - 2016-06-07 13:08 - 00030321 _____ C:\Users\lucted\Desktop\FRST.txt
2016-06-07 13:07 - 2016-06-07 13:07 - 00000000 ____D C:\FRST
2016-06-07 13:03 - 2016-06-07 13:05 - 02385408 _____ (Farbar) C:\Users\lucted\Desktop\FRST64.exe
2016-06-07 12:27 - 2016-06-07 12:42 - 00000000 ____D C:\Users\lucted\Trojaner-Board#
2016-06-07 10:45 - 2016-06-07 10:45 - 00002196 _____ C:\Users\Public\Desktop\Kaspersky Total Security.lnk
2016-06-07 10:45 - 2016-06-07 10:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Total Security
2016-06-07 10:45 - 2013-05-06 08:13 - 00110176 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\klfphc.dll
2016-06-07 10:44 - 2016-06-07 10:44 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab
2016-06-07 10:43 - 2015-12-08 21:34 - 00934272 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klif.sys
2016-06-07 10:43 - 2015-12-08 21:34 - 00227512 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klhk.sys
2016-06-07 10:43 - 2015-12-08 21:34 - 00181640 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klflt.sys
2016-06-07 10:41 - 2016-06-07 10:42 - 162961416 _____ (Kaspersky Lab) C:\Users\lucted\Downloads\kts16.0.0.614abcdde_9994(1).exe
2016-06-06 22:44 - 2016-06-06 23:00 - 00000000 ____D C:\KVRT_Data
2016-06-06 22:43 - 2016-06-06 22:43 - 94947664 _____ (Kaspersky Lab ZAO) C:\Users\lucted\Downloads\KVRT (3).exe
2016-06-06 22:40 - 2016-06-06 22:40 - 94947664 _____ (Kaspersky Lab ZAO) C:\Users\lucted\Downloads\KVRT (2).exe
2016-06-06 22:39 - 2016-06-06 22:44 - 94947664 _____ (Kaspersky Lab ZAO) C:\Users\lucted\Downloads\KVRT.exe
2016-06-06 22:39 - 2016-06-06 22:40 - 94947664 _____ (Kaspersky Lab ZAO) C:\Users\lucted\Downloads\KVRT (1).exe
2016-06-06 22:30 - 2016-06-06 22:33 - 162961416 _____ (Kaspersky Lab) C:\Users\lucted\Downloads\kts16.0.0.614abcdde_9994.exe
2016-06-06 22:17 - 2016-06-06 22:27 - 00000000 ____D C:\WINDOWS\Minidump
2016-06-01 08:40 - 2016-06-06 20:26 - 00000000 ____D C:\ProgramData\ywinpy
2016-06-01 08:40 - 2016-06-01 08:40 - 00000000 ____D C:\Users\lucted\AppData\Roaming\qksee
2016-06-01 08:40 - 2016-06-01 08:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\qksee
2016-06-01 08:40 - 2016-06-01 08:40 - 00000000 ____D C:\Program Files (x86)\TXQQBrowser
2016-05-27 10:29 - 2016-05-27 10:29 - 00000000 _____ C:\Users\Public\Documents\report.dat
2016-05-22 19:17 - 2016-05-22 19:17 - 00004336 _____ C:\Users\lucted\Downloads\MitteilungForm(1).pdf
2016-05-22 19:12 - 2016-05-22 19:12 - 00004394 _____ C:\Users\lucted\Downloads\MitteilungForm.pdf
2016-05-20 17:10 - 2016-05-20 17:10 - 00036153 _____ C:\Users\lucted\Downloads\Kontoumsaetze_848_031412000_20160520_171027.pdf
2016-05-11 10:32 - 2016-05-11 10:32 - 00984352 _____ ( ) C:\Users\lucted\Downloads\JavaSetup(1).exe
2016-05-11 10:27 - 2016-04-23 07:28 - 01542816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2016-05-11 10:27 - 2016-04-23 07:24 - 07474528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-05-11 10:27 - 2016-04-23 07:24 - 01819208 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-05-11 10:27 - 2016-04-23 07:10 - 03673424 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-05-11 10:27 - 2016-04-23 07:10 - 02919832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-05-11 10:27 - 2016-04-23 07:09 - 22561256 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-05-11 10:27 - 2016-04-23 07:09 - 21123320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-05-11 10:27 - 2016-04-23 07:09 - 05240960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2016-05-11 10:27 - 2016-04-23 07:08 - 06605504 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2016-05-11 10:27 - 2016-04-23 06:31 - 13018112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-05-11 10:27 - 2016-04-23 06:30 - 22379008 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-05-11 10:27 - 2016-04-23 06:28 - 16984576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-05-11 10:27 - 2016-04-23 06:26 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosStorage.dll
2016-05-11 10:27 - 2016-04-23 06:25 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll
2016-05-11 10:27 - 2016-04-23 06:23 - 11545088 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-05-11 10:27 - 2016-04-23 06:22 - 09918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-05-11 10:27 - 2016-04-23 06:22 - 00460800 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2016-05-11 10:27 - 2016-04-23 06:20 - 19344384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-05-11 10:27 - 2016-04-23 06:20 - 18676224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-05-11 10:27 - 2016-04-23 06:19 - 07977472 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2016-05-11 10:27 - 2016-04-23 06:19 - 01056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2016-05-11 10:27 - 2016-04-23 06:19 - 00970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2016-05-11 10:27 - 2016-04-23 06:19 - 00853504 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2016-05-11 10:27 - 2016-04-23 06:19 - 00440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
2016-05-11 10:27 - 2016-04-23 06:18 - 24604672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-05-11 10:27 - 2016-04-23 06:18 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2016-05-11 10:27 - 2016-04-23 06:18 - 00939520 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2016-05-11 10:27 - 2016-04-23 06:18 - 00870400 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2016-05-11 10:27 - 2016-04-23 06:18 - 00349696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2016-05-11 10:27 - 2016-04-23 06:16 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2016-05-11 10:27 - 2016-04-23 06:15 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2016-05-11 10:27 - 2016-04-23 06:15 - 00784896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
2016-05-11 10:27 - 2016-04-23 06:15 - 00348672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll
2016-05-11 10:27 - 2016-04-23 06:14 - 13383168 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-05-11 10:27 - 2016-04-23 06:14 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2016-05-11 10:27 - 2016-04-23 06:13 - 07200256 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2016-05-11 10:27 - 2016-04-23 06:13 - 06295552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2016-05-11 10:27 - 2016-04-23 06:10 - 12125696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-05-11 10:27 - 2016-04-23 06:08 - 02061824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2016-05-11 10:27 - 2016-04-23 06:07 - 05205504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2016-05-11 10:27 - 2016-04-23 06:06 - 06974464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-05-11 10:27 - 2016-04-23 06:03 - 05660160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-05-11 10:27 - 2016-04-23 06:02 - 07832576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-05-11 10:26 - 2016-05-06 06:53 - 00095072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdport.sys
2016-05-11 10:26 - 2016-05-06 06:03 - 00649216 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2016-05-11 10:26 - 2016-05-06 05:53 - 00351232 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnr.dll
2016-05-11 10:26 - 2016-05-06 05:49 - 00289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnrSvc.dll
2016-05-11 10:26 - 2016-05-06 05:44 - 00582656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngccredprov.dll
2016-05-11 10:26 - 2016-04-30 08:42 - 01387520 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-05-11 10:26 - 2016-04-30 08:31 - 03591168 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-05-11 10:26 - 2016-04-23 08:12 - 01401024 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-05-11 10:26 - 2016-04-23 08:12 - 01184960 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-05-11 10:26 - 2016-04-23 08:12 - 00713920 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2016-05-11 10:26 - 2016-04-23 08:12 - 00514752 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-05-11 10:26 - 2016-04-23 08:12 - 00294592 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-05-11 10:26 - 2016-04-23 08:12 - 00190144 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2016-05-11 10:26 - 2016-04-23 08:12 - 00092352 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-05-11 10:26 - 2016-04-23 08:12 - 00046784 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2016-05-11 10:26 - 2016-04-23 07:28 - 01557768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2016-05-11 10:26 - 2016-04-23 07:26 - 00707608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2016-05-11 10:26 - 2016-04-23 07:24 - 01997328 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2016-05-11 10:26 - 2016-04-23 07:24 - 00754664 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2016-05-11 10:26 - 2016-04-23 07:22 - 01161120 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2016-05-11 10:26 - 2016-04-23 07:12 - 00925064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2016-05-11 10:26 - 2016-04-23 07:12 - 00451928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll
2016-05-11 10:26 - 2016-04-23 07:12 - 00413536 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifitask.exe
2016-05-11 10:26 - 2016-04-23 07:11 - 01092464 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2016-05-11 10:26 - 2016-04-23 07:11 - 00498960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2016-05-11 10:26 - 2016-04-23 07:11 - 00390496 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll
2016-05-11 10:26 - 2016-04-23 07:10 - 00330072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2016-05-11 10:26 - 2016-04-23 07:09 - 04074160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2016-05-11 10:26 - 2016-04-23 07:09 - 00569744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll
2016-05-11 10:26 - 2016-04-23 07:09 - 00303216 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe
2016-05-11 10:26 - 2016-04-23 07:09 - 00255168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe
2016-05-11 10:26 - 2016-04-23 07:08 - 04515256 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2016-05-11 10:26 - 2016-04-23 07:08 - 00725776 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll
2016-05-11 10:26 - 2016-04-23 07:07 - 01848072 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2016-05-11 10:26 - 2016-04-23 07:07 - 01536088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2016-05-11 10:26 - 2016-04-23 07:06 - 00291360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininit.exe
2016-05-11 10:26 - 2016-04-23 07:02 - 00188256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2016-05-11 10:26 - 2016-04-23 07:01 - 01996640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-05-11 10:26 - 2016-04-23 07:01 - 00650304 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2016-05-11 10:26 - 2016-04-23 07:01 - 00619296 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10level9.dll
2016-05-11 10:26 - 2016-04-23 07:01 - 00577368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-05-11 10:26 - 2016-04-23 07:01 - 00522176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2016-05-11 10:26 - 2016-04-23 07:01 - 00513368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10level9.dll
2016-05-11 10:26 - 2016-04-23 07:01 - 00393568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2016-05-11 10:26 - 2016-04-23 07:01 - 00217440 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2016-05-11 10:26 - 2016-04-23 07:00 - 01776768 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2016-05-11 10:26 - 2016-04-23 07:00 - 01594920 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2016-05-11 10:26 - 2016-04-23 07:00 - 01522152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2016-05-11 10:26 - 2016-04-23 07:00 - 01399224 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2016-05-11 10:26 - 2016-04-23 07:00 - 01372304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2016-05-11 10:26 - 2016-04-23 07:00 - 01337240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2016-05-11 10:26 - 2016-04-23 07:00 - 00550656 _____ (Microsoft Corporation) C:\WINDOWS\system32\directmanipulation.dll
2016-05-11 10:26 - 2016-04-23 06:56 - 00534872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2016-05-11 10:26 - 2016-04-23 06:39 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsCSP.dll
2016-05-11 10:26 - 2016-04-23 06:35 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosHostClient.dll
2016-05-11 10:26 - 2016-04-23 06:32 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseDesktopAppMgmtCSP.dll
2016-05-11 10:26 - 2016-04-23 06:32 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapsupdatetask.dll
2016-05-11 10:26 - 2016-04-23 06:31 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll
2016-05-11 10:26 - 2016-04-23 06:30 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2016-05-11 10:26 - 2016-04-23 06:29 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe
2016-05-11 10:26 - 2016-04-23 06:29 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll
2016-05-11 10:26 - 2016-04-23 06:26 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2016-05-11 10:26 - 2016-04-23 06:25 - 00617984 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2016-05-11 10:26 - 2016-04-23 06:25 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2016-05-11 10:26 - 2016-04-23 06:24 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2016-05-11 10:26 - 2016-04-23 06:24 - 00292864 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2016-05-11 10:26 - 2016-04-23 06:24 - 00287232 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll
2016-05-11 10:26 - 2016-04-23 06:24 - 00181248 _____ (Microsoft Corporation) C:\WINDOWS\system32\shacct.dll
2016-05-11 10:26 - 2016-04-23 06:24 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\SubscriptionMgr.dll
2016-05-11 10:26 - 2016-04-23 06:21 - 00479232 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2016-05-11 10:26 - 2016-04-23 06:21 - 00314880 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
2016-05-11 10:26 - 2016-04-23 06:20 - 00606720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2016-05-11 10:26 - 2016-04-23 06:20 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2016-05-11 10:26 - 2016-04-23 06:20 - 00484352 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataSenseHandlers.dll
2016-05-11 10:26 - 2016-04-23 06:20 - 00356864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2016-05-11 10:26 - 2016-04-23 06:20 - 00307200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2016-05-11 10:26 - 2016-04-23 06:20 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shacct.dll
2016-05-11 10:26 - 2016-04-23 06:18 - 00988672 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2016-05-11 10:26 - 2016-04-23 06:18 - 00804352 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2016-05-11 10:26 - 2016-04-23 06:18 - 00605184 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2016-05-11 10:26 - 2016-04-23 06:18 - 00585728 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2016-05-11 10:26 - 2016-04-23 06:18 - 00515072 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2016-05-11 10:26 - 2016-04-23 06:18 - 00471552 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2016-05-11 10:26 - 2016-04-23 06:17 - 01213440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2016-05-11 10:26 - 2016-04-23 06:17 - 00529920 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2016-05-11 10:26 - 2016-04-23 06:17 - 00388608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2016-05-11 10:26 - 2016-04-23 06:16 - 01319424 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2016-05-11 10:26 - 2016-04-23 06:16 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2016-05-11 10:26 - 2016-04-23 06:15 - 01073152 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2016-05-11 10:26 - 2016-04-23 06:15 - 00865792 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2016-05-11 10:26 - 2016-04-23 06:15 - 00673280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2016-05-11 10:26 - 2016-04-23 06:14 - 00870912 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2016-05-11 10:26 - 2016-04-23 06:14 - 00821760 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2016-05-11 10:26 - 2016-04-23 06:14 - 00647680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2016-05-11 10:26 - 2016-04-23 06:14 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2016-05-11 10:26 - 2016-04-23 06:14 - 00354304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
2016-05-11 10:26 - 2016-04-23 06:14 - 00342528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2016-05-11 10:26 - 2016-04-23 06:13 - 00705536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2016-05-11 10:26 - 2016-04-23 06:13 - 00489984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2016-05-11 10:26 - 2016-04-23 06:13 - 00434688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2016-05-11 10:26 - 2016-04-23 06:12 - 00667648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2016-05-11 10:26 - 2016-04-23 06:10 - 00639488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2016-05-11 10:26 - 2016-04-23 06:09 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-05-11 10:26 - 2016-04-23 06:09 - 02582016 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2016-05-11 10:26 - 2016-04-23 06:08 - 05324288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2016-05-11 10:26 - 2016-04-23 06:07 - 02598912 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2016-05-11 10:26 - 2016-04-23 06:07 - 01500160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-05-11 10:26 - 2016-04-23 06:07 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2016-05-11 10:26 - 2016-04-23 06:05 - 05502976 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2016-05-11 10:26 - 2016-04-23 06:05 - 02166784 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-05-11 10:26 - 2016-04-23 06:05 - 02066432 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2016-05-11 10:26 - 2016-04-23 06:05 - 01946112 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2016-05-11 10:26 - 2016-04-23 06:05 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2016-05-11 10:26 - 2016-04-23 06:05 - 00613376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
2016-05-11 10:26 - 2016-04-23 06:04 - 04759040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2016-05-11 10:26 - 2016-04-23 06:04 - 01731072 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-05-11 10:26 - 2016-04-23 06:03 - 04894208 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-05-11 10:26 - 2016-04-23 06:03 - 02280960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-05-11 10:26 - 2016-04-23 06:03 - 02000896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2016-05-11 10:26 - 2016-04-23 06:03 - 00754176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2016-05-11 10:26 - 2016-04-23 06:03 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll
2016-05-11 10:26 - 2016-04-23 06:02 - 02444288 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2016-05-11 10:26 - 2016-04-23 06:01 - 04775424 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2016-05-11 10:26 - 2016-04-23 06:00 - 01390080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-05-11 10:26 - 2016-04-23 06:00 - 00984576 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2016-05-11 10:26 - 2016-04-23 04:10 - 00215040 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2016-05-11 10:25 - 2016-05-06 06:05 - 00241664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll
2016-05-11 10:25 - 2016-05-06 05:43 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll
2016-05-11 10:25 - 2016-05-06 05:23 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcpopkeysrv.dll
2016-05-11 10:25 - 2016-04-23 07:24 - 00638816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2016-05-11 10:25 - 2016-04-23 07:24 - 00335712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
2016-05-11 10:25 - 2016-04-23 07:24 - 00099680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2016-05-11 10:25 - 2016-04-23 07:18 - 00026408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2016-05-11 10:25 - 2016-04-23 07:13 - 00502104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2016-05-11 10:25 - 2016-04-23 07:13 - 00306832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanapi.dll
2016-05-11 10:25 - 2016-04-23 07:13 - 00084832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2016-05-11 10:25 - 2016-04-23 07:11 - 00696672 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2016-05-11 10:25 - 2016-04-23 07:11 - 00131424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ufxsynopsys.sys
2016-05-11 10:25 - 2016-04-23 07:11 - 00115040 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2016-05-11 10:25 - 2016-04-23 07:09 - 00565600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2016-05-11 10:25 - 2016-04-23 07:09 - 00465760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2016-05-11 10:25 - 2016-04-23 07:07 - 00204048 _____ (Microsoft Corporation) C:\WINDOWS\system32\rsaenh.dll
2016-05-11 10:25 - 2016-04-23 07:07 - 00183904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rsaenh.dll
2016-05-11 10:25 - 2016-04-23 07:00 - 00453472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\directmanipulation.dll
2016-05-11 10:25 - 2016-04-23 07:00 - 00058208 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwminit.dll
2016-05-11 10:25 - 2016-04-23 06:34 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbser.sys
2016-05-11 10:25 - 2016-04-23 06:34 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\hmkd.dll
2016-05-11 10:25 - 2016-04-23 06:34 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2016-05-11 10:25 - 2016-04-23 06:33 - 00089600 _____ (Microsoft Corporation) C:\WINDOWS\system32\NFCProvisioningPlugin.dll
2016-05-11 10:25 - 2016-04-23 06:33 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshbth.dll
2016-05-11 10:25 - 2016-04-23 06:33 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmCx.sys
2016-05-11 10:25 - 2016-04-23 06:33 - 00038400 _____ (Microsoft Corporation) C:\WINDOWS\system32\ByteCodeGenerator.exe
2016-05-11 10:25 - 2016-04-23 06:32 - 00134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wificonnapi.dll
2016-05-11 10:25 - 2016-04-23 06:30 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosHostClient.dll
2016-05-11 10:25 - 2016-04-23 06:29 - 00192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
2016-05-11 10:25 - 2016-04-23 06:29 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll
2016-05-11 10:25 - 2016-04-23 06:29 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\filecrypt.sys
2016-05-11 10:25 - 2016-04-23 06:29 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hmkd.dll
2016-05-11 10:25 - 2016-04-23 06:29 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ByteCodeGenerator.exe
2016-05-11 10:25 - 2016-04-23 06:29 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2016-05-11 10:25 - 2016-04-23 06:28 - 00130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudDomainJoinDataModelServer.dll
2016-05-11 10:25 - 2016-04-23 06:28 - 00127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEDataLayerHelpers.dll
2016-05-11 10:25 - 2016-04-23 06:28 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll
2016-05-11 10:25 - 2016-04-23 06:28 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2016-05-11 10:25 - 2016-04-23 06:28 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshbth.dll
2016-05-11 10:25 - 2016-04-23 06:27 - 00155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidclass.sys
2016-05-11 10:25 - 2016-04-23 06:27 - 00039424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wfdprov.dll
2016-05-11 10:25 - 2016-04-23 06:26 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdbusenum.dll
2016-05-11 10:25 - 2016-04-23 06:25 - 00630784 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll
2016-05-11 10:25 - 2016-04-23 06:25 - 00207360 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2016-05-11 10:25 - 2016-04-23 06:24 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-05-11 10:25 - 2016-04-23 06:24 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEDataLayerHelpers.dll
2016-05-11 10:25 - 2016-04-23 06:23 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2016-05-11 10:25 - 2016-04-23 06:23 - 00279040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ListSvc.dll
2016-05-11 10:25 - 2016-04-23 06:23 - 00179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\BrowserSettingSync.dll
2016-05-11 10:25 - 2016-04-23 06:23 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BluetoothApis.dll
2016-05-11 10:25 - 2016-04-23 06:22 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll
2016-05-11 10:25 - 2016-04-23 06:19 - 00395264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlansec.dll
2016-05-11 10:25 - 2016-04-23 06:19 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BrowserSettingSync.dll
2016-05-11 10:25 - 2016-04-23 06:18 - 00436736 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2016-05-11 10:25 - 2016-04-23 06:18 - 00219648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2016-05-11 10:25 - 2016-04-23 06:17 - 00337920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanmsm.dll
2016-05-11 10:25 - 2016-04-23 06:15 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2016-05-11 10:25 - 2016-04-23 06:05 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2016-05-11 10:25 - 2016-04-23 06:05 - 00103936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2016-05-11 10:25 - 2016-04-23 06:03 - 02193408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2016-05-11 10:25 - 2016-04-23 05:45 - 00461824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2016-05-11 10:25 - 2016-04-23 04:10 - 00002186 _____ C:\WINDOWS\system32\AppxProvisioning.xml
2016-05-11 10:25 - 2016-04-19 00:30 - 00002186 _____ C:\WINDOWS\SysWOW64\AppxProvisioning.xml

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-06-07 12:46 - 2012-12-05 19:45 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-06-07 12:41 - 2011-12-18 00:08 - 00001138 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-06-07 12:31 - 2016-04-21 13:26 - 00014824 _____ C:\WINDOWS\System32\Tasks\jIxmRfRBrowserUpdateUA
2016-06-07 12:31 - 2016-04-21 13:26 - 00014802 _____ C:\WINDOWS\System32\Tasks\jIxmRfRCheckTask
2016-06-07 12:31 - 2016-04-21 13:26 - 00003888 _____ C:\WINDOWS\System32\Tasks\jIxmRfRBrowserUpdateCore
2016-06-07 12:31 - 2016-04-21 13:25 - 00000000 ____D C:\Program Files (x86)\jIxmRfR
2016-06-07 12:27 - 2016-01-06 13:40 - 00000000 ____D C:\Users\lucted
2016-06-07 10:57 - 2015-12-28 14:36 - 00004156 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{845ECAD7-6284-46CB-831F-F26619A16307}
2016-06-07 10:46 - 2015-10-30 09:21 - 00000000 ____D C:\WINDOWS\INF
2016-06-07 10:46 - 2012-01-19 23:47 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2016-06-07 10:45 - 2015-10-30 08:28 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2016-06-07 10:44 - 2015-10-30 09:24 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2016-06-07 10:41 - 2011-12-18 00:08 - 00001134 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-06-07 10:38 - 2011-12-18 00:08 - 00002163 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-06-07 10:38 - 2011-12-18 00:08 - 00002087 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-06-07 10:31 - 2016-01-06 14:04 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-06-07 10:31 - 2015-10-03 13:08 - 00000496 _____ C:\WINDOWS\Tasks\ParetoLogic Update Version3 Startup Task.job
2016-06-07 10:27 - 2016-01-06 13:36 - 00000000 ____D C:\ProgramData\NVIDIA
2016-06-07 10:27 - 2015-10-30 08:28 - 00786432 ___SH C:\WINDOWS\system32\config\BBI
2016-06-07 07:50 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-06-06 22:17 - 2014-05-17 20:56 - 597610651 _____ C:\WINDOWS\MEMORY.DMP
2016-06-06 22:15 - 2015-10-30 09:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-06-06 22:15 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-06-06 21:09 - 2016-04-15 14:40 - 00000000 ____D C:\Program Files (x86)\QQBrowser
2016-06-01 08:40 - 2016-04-15 14:40 - 00009424 _____ C:\WINDOWS\System32\Tasks\Browser Updater Task(Core)
2016-05-27 12:34 - 2016-04-21 13:26 - 00002179 _____ C:\Users\lucted\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-05-27 09:49 - 2015-10-30 09:24 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-05-27 09:48 - 2014-12-24 15:23 - 00000000 ____D C:\Program Files\Microsoft Office 15
2016-05-24 18:41 - 2015-12-30 14:28 - 00000000 ____D C:\Users\lucted\Documents\Carola DAK
2016-05-24 18:00 - 2015-10-03 13:08 - 00000470 _____ C:\WINDOWS\Tasks\ParetoLogic Registration3.job
2016-05-24 08:54 - 2016-04-21 13:26 - 00055056 _____ (Elex do Brasil Participações Ltda) C:\WINDOWS\system32\Drivers\iSafeKrnlBoot.sys
2016-05-20 18:35 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\rescache
2016-05-20 17:20 - 2015-10-30 09:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-05-19 08:42 - 2016-04-21 13:26 - 00052392 _____ (Elex do Brasil Participações Ltda) C:\WINDOWS\system32\Drivers\iSafeNetFilter.sys
2016-05-19 07:26 - 2015-09-10 07:37 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-05-15 14:14 - 2015-10-30 20:44 - 00000000 ____D C:\Program Files\Windows Journal
2016-05-15 14:14 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-05-15 14:14 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-05-15 14:14 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\Provisioning
2016-05-15 14:14 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-05-15 14:13 - 2015-10-30 09:24 - 00015703 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
2016-05-15 11:54 - 2013-07-14 22:06 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-05-15 11:31 - 2011-08-10 17:28 - 139319312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-05-13 08:44 - 2015-10-11 14:37 - 00000000 ____D C:\Users\lucted\AppData\Local\Packages
2016-05-11 21:57 - 2015-10-30 09:26 - 00829944 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-05-11 21:57 - 2015-10-30 09:26 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-05-11 10:36 - 2011-12-18 00:08 - 00004196 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-05-11 10:36 - 2011-12-18 00:08 - 00003964 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2012-03-18 21:30 - 2012-03-18 21:30 - 0017408 _____ () C:\Users\lucted\AppData\Local\WebpageIcons.db
2015-12-28 14:29 - 2016-03-30 18:12 - 0002385 _____ () C:\ProgramData\hpzinstall.log

Einige Dateien in TEMP:
====================
C:\Users\lucted\AppData\Local\Temp\768db308-080f-47ae-b0fa-78df70620d31.exe
C:\Users\lucted\AppData\Local\Temp\ACLMInstaller.exe


==================== Bamital & volsnap =================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert


LastRegBack: 2016-06-06 20:32

==================== Ende von FRST.txt ============================
--- --- ---

Caroblue 07.06.2016 12:16
FRST Additions Logfile:
Code:
Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:06-06-2016
durchgeführt von lucted (2016-06-07 13:09:25)
Gestartet von C:\Users\lucted\Desktop
Windows 10 Home Version 1511 (X64) (2016-01-06 12:10:54)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-689365640-92009327-2566536619-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-689365640-92009327-2566536619-503 - Limited - Disabled)
Gast (S-1-5-21-689365640-92009327-2566536619-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-689365640-92009327-2566536619-1005 - Limited - Enabled)
lucted (S-1-5-21-689365640-92009327-2566536619-1001 - Administrator - Enabled) => C:\Users\lucted
UpdatusUser (S-1-5-21-689365640-92009327-2566536619-1000 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

4500_Help (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.7.1.19610 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.242 - Adobe Systems Incorporated)
AMI VR-pulse OS Switcher (HKLM\...\{69A90894-D54A-4657-8172-6B0FCE93414E}) (Version: 1.2 - American Megatrends Inc.)
Apple Application Support (32-Bit) (HKLM-x32\...\{FE5C2FAA-118D-4509-B51D-3F71CC9E1B3E}) (Version: 4.3 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{2937FD88-C9D6-4B82-B539-37CD0A572F42}) (Version: 4.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Ashampoo Burning Studio (HKLM-x32\...\Ashampoo Burning Studio_is1) (Version: 10.0.10 - Ashampoo GmbH & Co. KG)
Ashampoo Photo Commander (HKLM-x32\...\Ashampoo Photo Commander_is1) (Version: 9.2.0 - Ashampoo GmbH & Co. KG)
Ashampoo Photo Optimizer (HKLM-x32\...\Ashampoo Photo Optimizer_is1) (Version: 4.0.0 - Ashampoo GmbH & Co. KG)
Ashampoo Snap (HKLM-x32\...\Ashampoo Snap_is1) (Version: 4.3.0 - Ashampoo GmbH & Co. KG)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.39 - Atheros Communications Inc.)
bpd_scan (x32 Version: 3.00.0000 - Hewlett-Packard) Hidden
BPDSoftware (x32 Version: 140.0.001.000 - Hewlett-Packard) Hidden
BPDSoftware_Ini (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
BufferChm (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
Control ActiveX de Windows Live Mesh para conexiones remotas (HKLM-x32\...\{04668DF2-D32F-4555-9C7E-35523DCD6544}) (Version: 15.4.5722.2 - Microsoft Corporation)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation)
Corel Graphics - Windows Shell Extension (HKLM-x32\...\_{B6BFCD02-BA0E-41A9-9C9C-6624C4BB475F}) (Version: 15.2.0.686 - Corel Corporation)
Corel Graphics - Windows Shell Extension (x32 Version: 15.2.686 - Corel Corporation) Hidden
Corel Graphics - Windows Shell Extension 64 Bit (Version: 15.2.686 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Common (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Connect (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Custom Data (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - DE (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Draw (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - EN (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - ES (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Extra Content (HKLM-x32\...\_{5A10CFDA-FA2B-453C-B561-AE864E62EAC8}) (Version:  - Corel Corporation)
CorelDRAW Essentials X5 - Extra Content (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Filters (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - FR (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - IPM (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - IT (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - PHOTO-PAINT (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Redist (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Setup Files (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - WT (x32 Version: 15.3 -  Corel Corporation) Hidden
CorelDRAW Essentials X5 (HKLM-x32\...\_{EDBEBF07-F880-48FB-9AA5-0E8E71E02D83}) (Version: 15.2.0.686 - Corel Corporation)
CorelDRAW Essentials X5 (x32 Version: 15.3 - Corel Corporation) Hidden
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3624 - CyberLink Corp.)
CyberLink MediaEspresso (HKLM-x32\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 6.5.1508_36229 - CyberLink Corp.)
CyberLink MediaShow (HKLM-x32\...\InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}) (Version: 5.1.2414 - CyberLink Corp.)
CyberLink PhotoNow (HKLM-x32\...\InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.0.6904 - CyberLink Corp.)
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 7.0.0.1327 - CyberLink Corp.)
CyberLink PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.4020 - CyberLink Corp.)
CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.2930.52 - CyberLink Corp.)
CyberLink PowerDVD Copy (HKLM-x32\...\InstallShield_{E3D04529-6EDB-11D8-A372-0050BAE317E1}) (Version: 1.5.1306 - CyberLink Corp.)
CyberLink PowerProducer (HKLM-x32\...\InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}) (Version: 5.0.2.3503 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.1.4013 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Destinations (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
DNS Unlocker version 1.4 (HKLM-x32\...\{E1527582-8509-4011-B922-29E3FB548882}_is1) (Version: 1.4 - DNS Unlocker) <==== ACHTUNG
DocProc (x32 Version: 140.0.185.000 - Hewlett-Packard) Hidden
Dolby Advanced Audio v2 (HKLM-x32\...\{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}) (Version: 7.2.7000.4 - Dolby Laboratories Inc)
Dropbox (HKU\S-1-5-21-689365640-92009327-2566536619-1001\...\Dropbox) (Version: 3.0.5 - Dropbox, Inc.)
Fax (x32 Version: 140.0.307.000 - Hewlett-Packard) Hidden
Finger Sensing Pad Driver (HKLM\...\{E86906FF-C63D-4EAF-ACE7-5F8D55FBEA9A}) (Version: 9.4.9.5 - Sentelic)
Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsługę połączeń zdalnych (HKLM-x32\...\{B04A0E2F-1E4C-4E61-B18E-3B2BD6779CA7}) (Version: 15.4.5722.2 - Microsoft Corporation)
Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 51.0.2704.63 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7619.1252 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Officejet J4500 Series 14.0 Rel. 6 (HKLM\...\{EACF146B-01D2-4185-B773-9604A0E5902A}) (Version: 14.0 - HP)
HPSSupply (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
Intel PROSet Wireless (x32 Version:  - ) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2462 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{006B5C65-3938-4246-B182-994A7E415EDE}) (Version: 1.1.0.0537 - Intel Corporation)
Intel(R) WiDi (HKLM-x32\...\{781A93CD-1608-427D-B7F0-D05C07795B25}) (Version: 2.1.41.0 - Intel Corporation)
Intel(R) Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version:  - )
IT9130 Driver v11.4.26.1 (HKLM-x32\...\IT9130 DriverInstaller_11.4.26.1) (Version:  - )
J4500 (x32 Version: 140.0.001.000 - Hewlett-Packard) Hidden
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kaspersky Total Security (HKLM-x32\...\InstallWIX_{77E7AE5C-181C-4CAF-ADBF-946F11C1CE26}) (Version: 16.0.0.614 - Kaspersky Lab)
Kaspersky Total Security (x32 Version: 16.0.0.614 - Kaspersky Lab) Hidden
Kontrolnik Windows Live Mesh ActiveX za oddaljene povezave (HKLM-x32\...\{CA227A9D-09BE-4BFB-9764-48FED2DA5454}) (Version: 15.4.5722.2 - Microsoft Corporation)
Launch Manager (HKLM-x32\...\{D0846526-66DD-4DC9-A02C-98F9A2806812}) (Version: 1.5.1.4 - Wistron Corp.)
MarketResearch (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Medion Home Cinema (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 8.0.2608 - CyberLink Corp.)
Medion Home Cinema (x32 Version: 8.0.2608 - CyberLink Corp.) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft Mathematics (64-Bit) (HKLM\...\{E57B7E0A-8BE5-42E2-BE60-C07ED680A063}) (Version: 4.0 - Microsoft Corporation)
Microsoft Office Professional 2013 - de-de (HKLM\...\ProfessionalRetail - de-de) (Version: 15.0.4823.1004 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 45.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 45.0.1 (x86 de)) (Version: 45.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 45.0.1.5918 - Mozilla)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyFreeCodec (HKU\S-1-5-21-689365640-92009327-2566536619-1001\...\MyFreeCodec) (Version:  - )
NVIDIA 3D Vision Driver 269.24 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 269.24 - NVIDIA Corporation)
NVIDIA Graphics Driver 269.24 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 269.24 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}) (Version: 9.10.0513 - NVIDIA Corporation)
OCR Software by I.R.I.S. 14.0 (HKLM\...\HPOCR) (Version: 14.0 - HP)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4823.1004 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4823.1004 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4823.1004 - Microsoft Corporation) Hidden
PDF24 Creator 7.4.1 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Pošta Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
ProductContext (x32 Version: 140.0.001.000 - Hewlett-Packard) Hidden
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6428 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Reader Driver (HKLM-x32\...\{62BBB2F0-E220-4821-A564-730807D2C34D}) (Version: 6.1.7600.10010 - Realtek Semiconductor Corp.)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.5.1.12123_2 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.5.1.12123_2 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.16.0 - SAMSUNG Electronics Co., Ltd.)
Scan (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
Sony Ericsson Update Engine (HKLM-x32\...\Update Engine) (Version: 2.13.8.201307151333 - Sony Ericsson Communications AB)
Sony PC Companion 2.10.303 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.303 - Sony)
Spelling Dictionaries Support For Adobe Reader X (HKLM-x32\...\{AC76BA86-7AD7-5464-3428-A00000000004}) (Version: 10.0.0 - Adobe Systems Incorporated)
Status (x32 Version: 140.0.342.000 - Hewlett-Packard) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.1.12.0 - Synaptics Incorporated)
Telekom Fotoservice (HKLM-x32\...\Telekom Fotoservice) (Version:  - )
TI USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{B1EB7FFF-6E44-43D8-869D-B78E44CD3E0F}) (Version: 1.12.14.0 - Texas Instruments Inc.)
TI USB3 Host Driver (x32 Version: 1.12.14.0 - Texas Instruments Inc.) Hidden
TomTom HOME (HKLM-x32\...\{5DCB2EB3-87AD-426E-8D74-8B92C9D731C4}) (Version: 2.9.8 - Ihr Firmenname)
TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
T-Online 6.0 (HKLM-x32\...\{B1275E23-717A-4D52-997A-1AD1E24BC7F3}) (Version:  - )
T-Online WLAN-Access Finder (HKLM-x32\...\{295C31E5-3F91-498E-9623-DA24D2FA2B6A}) (Version:  - )
Toolbox (x32 Version: 140.0.596.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
Unity Web Player (HKU\S-1-5-21-689365640-92009327-2566536619-1001\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
VR-pulse Installer (HKLM\...\{E3725525-DE3E-48C1-9B81-D5FF1BFA23BC}) (Version: 1.4.0 - American Megatrends Inc.)
Wajam (HKLM-x32\...\3d4c000a04d89a4d691861923d3e00f8) (Version: 1.67.12.16 - Wajam) <==== ACHTUNG
watchmi (HKLM-x32\...\{AA4D1C5E-116A-4FF4-AA91-28F526868203}) (Version: 2.5.0 - Axel Springer Digital TV Guide GmbH)
WebReg (x32 Version: 140.0.297.017 - Hewlett-Packard) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen (HKLM-x32\...\{C32CE55C-12BA-4951-8797-0967FDEF556F}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX-objekt til fjernforbindelser (HKLM-x32\...\{57220148-3B2B-412A-A2E0-82B9DF423696}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX-vezérlő távoli kapcsolatokhoz (HKLM-x32\...\{6E29C4F7-C2C2-4B18-A15C-E09B92065F15}) (Version: 15.4.5722.2 - Microsoft Corporation)
YAC(Yet Another Cleaner!) (HKLM-x32\...\iSafe) (Version:  - ELEX DO BRASIL PARTICIPAÇÕES LTDA) <==== ACHTUNG

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

CustomCLSID: HKU\S-1-5-21-689365640-92009327-2566536619-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\lucted\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-689365640-92009327-2566536619-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\lucted\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-689365640-92009327-2566536619-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\lucted\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-689365640-92009327-2566536619-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\lucted\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-689365640-92009327-2566536619-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\lucted\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-689365640-92009327-2566536619-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\lucted\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-689365640-92009327-2566536619-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\lucted\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-689365640-92009327-2566536619-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\lucted\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-689365640-92009327-2566536619-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\lucted\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {04BCB11B-17F1-4955-9C00-69977B36C809} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe
Task: {0AE78D91-A7DE-4F65-A9CD-E369C3479F09} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Keine Datei <==== ACHTUNG
Task: {117783BD-65A6-4DC1-9E57-4D81CD732B70} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe
Task: {197BFA21-9421-417A-A970-70146ABD8F06} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe
Task: {2175C1B2-482A-4A54-BB55-0CDD42FCACD7} - System32\Tasks\{F1346FE0-48B9-405C-B428-32C2807A08ED} => Chrome.exe
Task: {282EB8E8-1E85-4C65-8674-346BAA7E4F34} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {2B86DFC6-EB5D-4BD8-8398-CA427629B14B} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe
Task: {319EB23E-559C-4E9E-9F0B-AAFDA9B7421D} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Keine Datei <==== ACHTUNG
Task: {38AA2FB8-8B16-40F2-8BCB-03E9CE71BEC6} - System32\Tasks\jIxmRfRBrowserUpdateUA => C:\Program Files (x86)\jIxmRfR\jIxmRfR\bin\jIxmRfR_server.exe [2016-04-21] () <==== ACHTUNG
Task: {44B93389-5249-4E2B-A9B5-3D65E2BFAC17} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe
Task: {471E3170-56D4-4523-86A6-1464157ACD0A} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {4AFB5D0A-7DF4-46BE-A82E-5241D88C8C60} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Keine Datei <==== ACHTUNG
Task: {5057AEF1-568D-4FBC-AC9E-4A78E653BFA6} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe
Task: {62A99E50-A0D9-4911-8AF5-1C78217849C2} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe
Task: {62F1DEF1-2EE7-46AC-9183-887B0B9A4311} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe
Task: {63C3E556-7059-4370-9A2A-470323E2C382} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe
Task: {670DEE14-CBDC-42E9-91D0-0552EE63E821} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {6A11C2BB-548A-4972-B321-955CC4F3952E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-04] (Google Inc.)
Task: {6D585D27-5627-4974-BE14-99479A641455} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {6E491ED6-FE8B-4B32-BF70-135C535CF8BE} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
Task: {75230950-0B37-4462-B7BA-CA2735954A56} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Keine Datei <==== ACHTUNG
Task: {79523EC8-DECC-43B3-AA31-7B484566FFEF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-04] (Google Inc.)
Task: {7A6B14B7-677B-4BD6-917D-DC58503BCBFF} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Keine Datei <==== ACHTUNG
Task: {7B04EE90-A8D1-4A8A-A32B-B09B2F6C57D1} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Keine Datei <==== ACHTUNG
Task: {7B995869-C825-446D-8392-BEB8EAD525B3} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-05-13] (Adobe Systems Incorporated)
Task: {887344DF-D754-4FF4-8651-860705AE50A3} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Keine Datei <==== ACHTUNG
Task: {8C3D5683-CCAD-40F5-9375-5E6E1C5DDD73} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-05-15] (Microsoft Corporation)
Task: {8CFCAFD0-C275-46BC-A536-D43A3EE24B92} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Keine Datei <==== ACHTUNG
Task: {962D96D8-D3AC-4B8E-98AE-A1E01A0E23A9} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe
Task: {97EAAE54-1A62-46E4-B3AA-F891A2C3005A} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Keine Datei <==== ACHTUNG
Task: {980027FC-1320-46C9-8285-64016C8A1EDC} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe
Task: {98AEBF90-5EB1-421C-9E42-26684E7AE786} - System32\Tasks\jIxmRfRBrowserUpdateCore => C:\Program Files (x86)\jIxmRfR\jIxmRfR\bin\jIxmRfR_server.exe [2016-04-21] () <==== ACHTUNG
Task: {9B6E932B-A2D6-47F1-AA14-73C659390FEB} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {9EA3565B-7083-457F-BA2C-621D696820F8} - System32\Tasks\ParetoLogic Update Version3 => C:\Program Files (x86)\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2014-12-08] ()
Task: {ABB5E909-9D2C-47F4-9D50-CDE3BB3B99C4} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe
Task: {B6C0D3A0-A79D-49C8-AF6A-727CCD1839BC} - System32\Tasks\jIxmRfRCheckTask => C:\Program Files (x86)\jIxmRfR\jIxmRfR\bin\jIxmRfR_server.exe [2016-04-21] () <==== ACHTUNG
Task: {B6D99E2F-9D9F-4969-9B47-65031077E91C} - System32\Tasks\irMonitor => C:\Windows\system32 [2016-06-07] ()
Task: {B734A849-9ACF-48C9-884A-AC06215E37B0} - System32\Tasks\ParetoLogic Registration3 => Rundll32.exe "C:\Program Files (x86)\Common Files\ParetoLogic\UUS3\UUS3.dll" RunUns
Task: {C0321B77-96D0-43CC-B354-B8D4F1D0D429} - System32\Tasks\ParetoLogic Update Version3 Startup Task => C:\Program Files (x86)\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2014-12-08] ()
Task: {C921D49D-10A4-4118-A3F9-3CF0397FB61A} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {D0DC9FC0-A8BF-49B3-89FD-EE03766974EF} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-04-12] (Microsoft Corporation)
Task: {DEE673F8-F516-4176-963D-56B3DE107736} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {DF2F5D2A-F185-46FA-9084-4DC72EA2D69D} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-04-12] (Microsoft Corporation)
Task: {E176CB0E-448D-419C-8D66-55ACC957272F} - System32\Tasks\Browser Updater Task(Core) => C:\Program Files (x86)\TXQQBrowser\Update\04CF7FDFC4A179AD46422513D05566BE\Update\BrowserUpdate.exe [2016-04-25] (Tencent) <==== ACHTUNG
Task: {E729A9E5-95D1-4339-8989-78C278042C83} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Keine Datei <==== ACHTUNG
Task: {EA754882-3285-4AAC-834C-D4D4E2B6A4B4} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe
Task: {F7E02F74-F9B2-404B-9F09-BF7D0D44E431} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe
Task: {FA04D949-46B9-4BC1-A25D-12C4EBBDFDCC} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {FA059BAD-6409-4CF3-AEF4-B1A8C3BFBD8C} - System32\Tasks\{400F534C-CAAB-4BDF-87FF-62FCA9FD66B8} => Chrome.exe
Task: {FDB06D6C-0F7A-4090-8C38-2EE877AAFA29} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe
Task: {FFDF00CD-C356-471E-BF42-9F6DAA5DFD8E} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> Keine Datei <==== ACHTUNG
Task: {FFEFB20A-382A-4C14-B8B0-62EB3660DF5E} - \WinTaske -> Keine Datei <==== ACHTUNG

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\ParetoLogic Registration3.job => rundll32.exe  C:\Program Files (x86)\Common Files\ParetoLogic\UUS3\UUS3.dll
Task: C:\WINDOWS\Tasks\ParetoLogic Update Version3 Startup Task.job => C:\Program Files (x86)\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe
Task: C:\WINDOWS\Tasks\ParetoLogic Update Version3.job => C:\Program Files (x86)\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe

==================== Verknüpfungen =============================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)

Shortcut: C:\Users\lucted\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\jIxmRfR\jIxmRfR\chrome.exe (The jIxmRfR Authors)

ShortcutWithArgument: C:\Users\lucted\Desktop\Medion\MEDIONhome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.medion.com/de --disable-quic
ShortcutWithArgument: C:\Users\lucted\Desktop\Medion\MEDIONplay.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.medion.com/de/electronics/cat/MEDIONplay/gaming_browsergames_88 --disable-quic
ShortcutWithArgument: C:\Users\lucted\Desktop\Aldi\ALDI Nord Blumen Service.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www1.aldi-blumenservice.de --disable-quic
ShortcutWithArgument: C:\Users\lucted\Desktop\Aldi\ALDI Nord Reisen.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://nord.aldi-reisen.de/html_nord --disable-quic
ShortcutWithArgument: C:\Users\lucted\Desktop\Aldi\ALDI Nord Startseite.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.aldi-essen.de --disable-quic
ShortcutWithArgument: C:\Users\lucted\Desktop\Aldi\ALDI Talk.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.medionmobile.de --disable-quic
ShortcutWithArgument: C:\Users\lucted\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\jIxmRfR\jIxmRfR\chrome.exe (The jIxmRfR Authors) -> --disable-quic
ShortcutWithArgument: C:\Users\lucted\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Google Chrome.lnk -> C:\Program Files (x86)\jIxmRfR\jIxmRfR\chrome.exe (The jIxmRfR Authors) -> --disable-quic
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\jIxmRfR\jIxmRfR\chrome.exe (The jIxmRfR Authors) -> --disable-quic
ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\jIxmRfR\jIxmRfR\chrome.exe (The jIxmRfR Authors) -> --disable-quic

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2015-10-30 09:18 - 2015-10-30 09:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-01-06 13:36 - 2015-07-23 03:10 - 00116552 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-12-25 20:49 - 2015-10-13 05:34 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2015-05-29 07:29 - 2015-05-29 07:29 - 02178896 _____ () C:\Windows\System32\FspService.exe
2016-03-18 23:56 - 2016-03-18 23:56 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-03-18 23:56 - 2016-03-18 23:56 - 01329936 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2011-08-17 14:26 - 2010-12-14 11:39 - 00244904 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2016-04-13 12:49 - 2016-03-29 12:20 - 02656952 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-04-13 12:49 - 2016-03-29 12:20 - 02656952 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-04-21 08:47 - 2016-04-21 08:48 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2016-06-07 10:28 - 2016-06-07 10:28 - 12279808 _____ () c:\program files\3d4c000a04d89a4d691861923d3e00f8\566cb656917de96f4831dcd93d5642d3\kqpzes.dll
2016-01-06 16:43 - 2015-12-07 06:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-05-11 10:25 - 2016-04-23 06:25 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-06-01 21:00 - 2015-06-01 21:00 - 00102912 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-07-27 21:45 - 2015-06-10 11:13 - 00113024 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
2010-12-06 13:52 - 2010-12-06 13:52 - 01070080 _____ () C:\Program Files (x86)\watchmi\TvdTray.exe
2010-12-06 13:52 - 2010-12-06 13:52 - 00004608 _____ () C:\Program Files (x86)\watchmi\de\TvdTray.resources.dll
2016-01-06 13:43 - 2016-01-06 13:43 - 00061952 _____ () C:\WINDOWS\assembly\GAC_MSIL\Tvd.Remote\2.5.0.5__f722db7bec59a14b\Tvd.Remote.dll
2016-04-21 13:25 - 2016-04-21 11:04 - 00303016 _____ () C:\ProgramData\jIxmRfR\protect\protect.exe
2016-05-11 10:26 - 2016-04-23 06:02 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-05-11 10:26 - 2016-04-23 05:58 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-05-11 10:26 - 2016-04-23 05:58 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-05-11 10:27 - 2016-04-23 06:01 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-10-30 09:18 - 2015-10-30 09:18 - 00218456 _____ () c:\windows\system32\WerEtw.dll
2016-04-21 13:26 - 2016-05-24 08:47 - 00065696 _____ () C:\Program Files (x86)\Elex-tech\YAC\zlib1.dll
2016-04-21 08:47 - 2016-04-21 08:48 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-04-21 08:47 - 2016-04-21 08:48 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2016-04-21 13:26 - 2016-05-24 08:47 - 00179200 _____ () C:\Program Files (x86)\Elex-tech\YAC\libpng.dll
2016-06-07 10:28 - 2016-06-07 10:28 - 19378176 _____ () c:\program files\3d4c000a04d89a4d691861923d3e00f8\566cb656917de96f4831dcd93d5642d3\bnnkah.dll
2013-07-27 21:45 - 2012-04-30 11:57 - 00039936 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\TMonitorAPI.dll
2013-07-27 21:45 - 2015-10-20 18:44 - 00242176 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\MExplorer.dll
2011-07-07 14:54 - 2011-07-07 14:54 - 00233984 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\Report.dll
2013-05-14 09:38 - 2013-05-14 09:38 - 00607744 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\PhoneUpdate.dll
2010-08-04 00:39 - 2010-08-04 00:39 - 00619816 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
2010-08-04 00:39 - 2010-08-04 00:39 - 00013096 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
2016-01-04 14:02 - 2015-11-18 14:04 - 00074272 _____ () C:\Users\lucted\Mama Strom\Sonja\PDF24\zlib.dll
2016-01-04 14:02 - 2015-11-18 14:04 - 00052256 _____ () C:\Users\lucted\Mama Strom\Sonja\PDF24\OperationUI.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)


==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)


==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)


==================== Hosts Inhalt: ===============================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts


==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-689365640-92009327-2566536619-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Desktop-Hintergrund.bmp
HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 82.163.142.7 - 95.211.158.134
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)


==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808
FirewallRules: [{C59151D1-7438-4CDC-876A-DB62AD37122E}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [{E7067E1E-E8E1-4432-ABBA-8782D7AB663C}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [{EE6A52BE-2D30-4997-A0D7-A23E594417F3}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{3FCF51C9-F2DB-47AB-8D72-AEC83275C08F}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{32898F3D-8893-43B8-9BFA-0064D4085B27}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{820AEF7B-8D24-46AE-AFA1-6A90FFBE946B}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqfxt08.exe
FirewallRules: [{35320FA6-CBBB-4579-9515-59091B8A7C28}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxs08.exe
FirewallRules: [{5B9439B8-3BA7-4E0B-9983-8A089882248B}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{58F29F08-83AF-4CCD-BDD0-929A86F366D0}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{986D1FD6-5279-4E3D-A63D-C85DC1FE7B1D}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpzwiz01.exe
FirewallRules: [{39E89A1C-E0E7-4F2A-A537-6CF75B0B6F47}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{3FA40793-3956-4AD1-B6D2-03FDCB040C68}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{FA692561-CD09-4CB8-B535-6D45719D3374}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{E7DAA948-9C3F-4104-BC8D-619C8F1D29A3}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposfx08.exe
FirewallRules: [{78A5C2F7-533F-4548-9CE2-E72263131BD9}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxm08.exe
FirewallRules: [{1DAFD66C-B77E-422B-90C1-14DC7ABE36C7}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{669D6B49-D269-423F-AC57-0BB6E1E48C80}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{C9AA2C88-29A5-4104-B366-EFD59E2BD98B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{F614D191-EA5E-449E-9505-C7A3EC2C44F2}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{9C9EC504-17B1-4C47-BB36-FCF5E3D2E86C}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{AF6B72BA-D090-40DF-98EB-F86E0F449231}] => (Allow) LPort=2869
FirewallRules: [{E837ABE2-F877-4178-8B2E-2D30E71331C3}] => (Allow) LPort=1900
FirewallRules: [{78415ED0-ED22-46B5-8CF6-6330A38D9667}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{98730647-519B-40EA-AE33-AA5CB53581C6}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{C5686880-17D2-4944-9F78-78EFE22B0A7C}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
FirewallRules: [{6F384575-BDEB-47D8-A16B-04950A53FF09}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
FirewallRules: [{AEBF5336-40F2-45D9-8748-06C8EAB61AF2}] => (Allow) C:\Program Files (x86)\Intel Corporation\Intel WiDi\WiDiApp.exe
FirewallRules: [{51E9A207-6589-4FC7-9C95-4C2EB8644335}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector\PDR8.EXE
FirewallRules: [{AD026405-E962-4384-B5E3-5E989E8CB3AE}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{64B140A0-8BFF-409B-876B-DB99F0A4B6CC}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{083DB4A0-AF82-4EEF-9414-77E8D4A89D91}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{CA6BC9E5-E136-433B-A373-844BFD421588}] => (Allow) C:\Program Files (x86)\Sony Ericsson\Update Engine\Sony Ericsson Update Engine.exe
FirewallRules: [{73EEFB9D-525E-4777-AEA6-36E5F61E7344}] => (Allow) C:\Program Files (x86)\Sony Ericsson\Update Engine\Sony Ericsson Update Engine.exe
FirewallRules: [{05D77498-21A2-46B7-9385-1DBBD1C342B3}] => (Allow) C:\Users\lucted\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{177BC7C4-05B2-49F0-B9BF-BA9190DCFCBB}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{4D74C715-7AA0-47A7-816E-16C37BC869E5}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{5C10B5C9-42EE-4B9B-A629-699482688139}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{37079CCD-0E6D-4D78-9DFA-613DC7B7BC57}] => (Allow) C:\Users\lucted\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{F544B605-B131-4B1B-9F16-B5B9E1FA50D1}] => (Allow) C:\Users\lucted\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{1889C13E-D3A8-4CEC-8420-4B358562DE90}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{2300AEA3-0835-4074-A3D5-D0EA56678BB3}] => (Allow) C:\ProgramData\jIxmRfR\protect\protect.exe
FirewallRules: [{71632226-476E-4A69-B5D1-95AC366F6F1C}] => (Allow) C:\Program Files (x86)\jIxmRfR\jIxmRfR\chrome.exe
FirewallRules: [{50DA791C-302C-414A-8C8F-F23D6885926C}] => (Allow) C:\Program Files (x86)\jIxmRfR\jIxmRfR\bin\jIxmRfR_server.exe

==================== Wiederherstellungspunkte =========================

20-05-2016 17:19:06 Windows Update
07-06-2016 09:38:05 Geplanter Prüfpunkt

==================== Fehlerhafte Geräte im Gerätemanager =============


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (06/07/2016 01:06:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: devmonsrv.exe, Version: 1.1.0.51, Zeitstempel: 0x4d6e5bd3
Name des fehlerhaften Moduls: devmonsrv.exe, Version: 1.1.0.51, Zeitstempel: 0x4d6e5bd3
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00043c86
ID des fehlerhaften Prozesses: 0x1380
Startzeit der fehlerhaften Anwendung: 0xdevmonsrv.exe0
Pfad der fehlerhaften Anwendung: devmonsrv.exe1
Pfad des fehlerhaften Moduls: devmonsrv.exe2
Berichtskennung: devmonsrv.exe3
Vollständiger Name des fehlerhaften Pakets: devmonsrv.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: devmonsrv.exe5

Error: (06/07/2016 12:49:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: devmonsrv.exe, Version: 1.1.0.51, Zeitstempel: 0x4d6e5bd3
Name des fehlerhaften Moduls: devmonsrv.exe, Version: 1.1.0.51, Zeitstempel: 0x4d6e5bd3
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00043c86
ID des fehlerhaften Prozesses: 0xa4c
Startzeit der fehlerhaften Anwendung: 0xdevmonsrv.exe0
Pfad der fehlerhaften Anwendung: devmonsrv.exe1
Pfad des fehlerhaften Moduls: devmonsrv.exe2
Berichtskennung: devmonsrv.exe3
Vollständiger Name des fehlerhaften Pakets: devmonsrv.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: devmonsrv.exe5

Error: (06/07/2016 12:43:16 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest.

Error: (06/07/2016 10:46:56 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: avp.exe, Version: 16.0.0.625, Zeitstempel: 0x55b134f0
Name des fehlerhaften Moduls: bl.ppl, Version: 16.0.0.661, Zeitstempel: 0x5654b61c
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0012aa71
ID des fehlerhaften Prozesses: 0x80c
Startzeit der fehlerhaften Anwendung: 0xavp.exe0
Pfad der fehlerhaften Anwendung: avp.exe1
Pfad des fehlerhaften Moduls: avp.exe2
Berichtskennung: avp.exe3
Vollständiger Name des fehlerhaften Pakets: avp.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: avp.exe5

Error: (06/07/2016 10:46:43 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: avp.exe, Version: 16.0.0.625, Zeitstempel: 0x55b134f0
Name des fehlerhaften Moduls: bl.ppl, Version: 16.0.0.661, Zeitstempel: 0x5654b61c
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0012aa71
ID des fehlerhaften Prozesses: 0x16f4
Startzeit der fehlerhaften Anwendung: 0xavp.exe0
Pfad der fehlerhaften Anwendung: avp.exe1
Pfad des fehlerhaften Moduls: avp.exe2
Berichtskennung: avp.exe3
Vollständiger Name des fehlerhaften Pakets: avp.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: avp.exe5

Error: (06/07/2016 10:46:27 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: avp.exe, Version: 16.0.0.625, Zeitstempel: 0x55b134f0
Name des fehlerhaften Moduls: bl.ppl, Version: 16.0.0.661, Zeitstempel: 0x5654b61c
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0012aa71
ID des fehlerhaften Prozesses: 0x1e24
Startzeit der fehlerhaften Anwendung: 0xavp.exe0
Pfad der fehlerhaften Anwendung: avp.exe1
Pfad des fehlerhaften Moduls: avp.exe2
Berichtskennung: avp.exe3
Vollständiger Name des fehlerhaften Pakets: avp.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: avp.exe5

Error: (06/07/2016 10:31:33 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Fehler beim Planen des Softwareschutzdiensts für den erneuten Start bei 2116-05-14T08:31:33Z. Fehlercode: 0x80040154.

Error: (06/07/2016 10:29:56 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: desktop154.exe, Version: 1.0.0.10, Zeitstempel: 0x56e96567
Name des fehlerhaften Moduls: desktop154.exe, Version: 1.0.0.10, Zeitstempel: 0x56e96567
Ausnahmecode: 0xc0000409
Fehleroffset: 0x00013ce7
ID des fehlerhaften Prozesses: 0xadc
Startzeit der fehlerhaften Anwendung: 0xdesktop154.exe0
Pfad der fehlerhaften Anwendung: desktop154.exe1
Pfad des fehlerhaften Moduls: desktop154.exe2
Berichtskennung: desktop154.exe3
Vollständiger Name des fehlerhaften Pakets: desktop154.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: desktop154.exe5

Error: (06/07/2016 10:29:25 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: obexsrv.exe, Version: 1.1.0.51, Zeitstempel: 0x4d6e5ab8
Name des fehlerhaften Moduls: obexsrv.exe, Version: 1.1.0.51, Zeitstempel: 0x4d6e5ab8
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0005225c
ID des fehlerhaften Prozesses: 0x1ab4
Startzeit der fehlerhaften Anwendung: 0xobexsrv.exe0
Pfad der fehlerhaften Anwendung: obexsrv.exe1
Pfad des fehlerhaften Moduls: obexsrv.exe2
Berichtskennung: obexsrv.exe3
Vollständiger Name des fehlerhaften Pakets: obexsrv.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: obexsrv.exe5

Error: (06/07/2016 10:29:24 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: mediasrv.exe, Version: 1.1.0.51, Zeitstempel: 0x4d6e5b7d
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x7f194cd3
ID des fehlerhaften Prozesses: 0x1aac
Startzeit der fehlerhaften Anwendung: 0xmediasrv.exe0
Pfad der fehlerhaften Anwendung: mediasrv.exe1
Pfad des fehlerhaften Moduls: mediasrv.exe2
Berichtskennung: mediasrv.exe3
Vollständiger Name des fehlerhaften Pakets: mediasrv.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: mediasrv.exe5


Systemfehler:
=============
Error: (06/07/2016 01:06:49 PM) (Source: DCOM) (EventID: 10005) (User: LUCTED-PC)
Description: 1053Bluetooth Device MonitorNicht verfügbar{DABF28BE-F6B4-4E40-8F40-C4FB26F3116C}

Error: (06/07/2016 01:06:49 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Bluetooth Device Monitor" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error: (06/07/2016 01:06:49 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Bluetooth Device Monitor erreicht.

Error: (06/07/2016 12:49:13 PM) (Source: DCOM) (EventID: 10005) (User: LUCTED-PC)
Description: 1053Bluetooth Device MonitorNicht verfügbar{DABF28BE-F6B4-4E40-8F40-C4FB26F3116C}

Error: (06/07/2016 12:49:13 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Bluetooth Device Monitor" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error: (06/07/2016 12:49:13 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Bluetooth Device Monitor erreicht.

Error: (06/07/2016 12:21:47 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "AppX-Bereitstellungsdienst (AppXSVC)" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error: (06/07/2016 12:21:47 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst AppX-Bereitstellungsdienst (AppXSVC) erreicht.

Error: (06/07/2016 10:46:57 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Kaspersky Anti-Virus Service 16.0.0" wurde unerwartet beendet. Dies ist bereits 3 Mal passiert.

Error: (06/07/2016 10:46:43 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Kaspersky Anti-Virus Service 16.0.0" wurde unerwartet beendet. Dies ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.


CodeIntegrity:
===================================
  Date: 2016-06-07 12:22:16.264
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.

  Date: 2016-06-07 10:17:32.570
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.

  Date: 2016-06-07 10:16:15.595
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-06-07 10:16:15.491
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-06-07 10:16:15.294
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-06-07 10:16:15.195
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-06-07 10:16:15.082
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-06-07 10:16:14.988
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-06-07 10:16:14.875
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-06-07 10:16:14.775
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Speicherinformationen ===========================

Prozessor: Intel(R) Core(TM) i3-2330M CPU @ 2.20GHz
Prozentuale Nutzung des RAM: 57%
Installierter physikalischer RAM: 4001.87 MB
Verfügbarer physikalischer RAM: 1682.53 MB
Summe virtueller Speicher: 8097.87 MB
Verfügbarer virtueller Speicher: 5510.9 MB

==================== Laufwerke ================================

Drive c: (Boot) (Fixed) (Total:647.54 GB) (Free:574.02 GB) NTFS
Drive d: (Recover) (Fixed) (Total:48 GB) (Free:22.11 GB) NTFS

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: 2BD2C32A)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=647.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=50 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=1 GB) - (Type=12)

==================== Ende von Addition.txt ============================
--- --- ---

burningice 07.06.2016 13:28
Nein ist es nicht - dein PC ist ziemlich versucht aber das bekommen wir wieder hin :daumenhoc:

Schritt: 1
Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

Caroblue 07.06.2016 14:03
das programm hat 2 sachen gefunden, ich kann es aber nicht kopieren, daher schreibe ich es hier per Hand rein.
1. Hidden file
Service:55844b3475394b0a6d1d222018827763
Suspicious objekt,medium risk
2.Hidden file
Service:9bbd853a1cc743e00bcc1b20a5622ae6
Suspicious objekt,medium risk

unter Laufwerk C finde ich nichts abgespeichertes.

burningice 07.06.2016 15:38
Schritt 1
Lade dir folgendes Programm herunter und installiere es: http://filepony.de/icon/tiny/malware...ti_malware.png Malwarebytes Anti-Malware Hier findest du dazu eine bebilderte Anleitung
  • Klicke auf die Einstellungen / Erkennung und Schutz und setze dabei den Haken bei "Nach Rootkits suchen"
  • Klicke im Anschluss auf Durchsuchen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Suchlaufprotokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Schritt 2
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).


Schritt 3
Bitte starte wieder FRST, setze den Haken bei Addition und drücke auf Untersuchen. Poste bitte wieder die beiden Textdateien, die so entstehen.

Bitte poste in deiner nächsten Antwort also:
  • Logfile von AdwCleaner
  • Logfile von Malwarebytes
  • Frst.txt
  • Addition.txt

Caroblue 08.06.2016 08:45
Code:
# AdwCleaner v5.119 - Bericht erstellt am 08/06/2016 um 09:16:30
# Aktualisiert am 30/05/2016 von Xplode
# Datenbank : 2016-06-07.1 [Server]
# Betriebssystem : Windows 10 Home  (X64)
# Benutzername : lucted - LUCTED-PC
# Gestartet von : C:\Users\lucted\Trojaner-Board#\AdwCleaner_5.119.exe
# Option : Löschen
# Unterstützung : hxxp://toolslib.net/forum

***** [ Dienste ] *****

[-] Dienst gelöscht : iSafeKrnl
[-] Dienst gelöscht : iSafeKrnlBoot
[-] Dienst gelöscht : iSafeKrnlKit
[-] Dienst gelöscht : iSafeKrnlMon
[-] Dienst gelöscht : iSafeKrnlR3
[-] Dienst gelöscht : iSafeNetFilter
[-] Dienst gelöscht : iSafeService
[-] Dienst gelöscht : DeskTop_F
[-] Dienst gelöscht : jIxmRfR_update
[-] Dienst gelöscht : 55844b3475394b0a6d1d222018827763
[-] Dienst gelöscht : 9bbd853a1cc743e00bcc1b20a5622ae6
Code:
***** [ Ordner ] *****

[-] Ordner gelöscht : C:\ProgramData\ParetoLogic
[-] Ordner gelöscht : C:\ProgramData\Partner
[-] Ordner gelöscht : C:\ProgramData\desktopfind
[-] Ordner gelöscht : C:\ProgramData\jIxmRfR
[-] Ordner gelöscht : C:\ProgramData\01e35309-72c5-0
[-] Ordner gelöscht : C:\ProgramData\01e35309-7d47-1
[-] Ordner gelöscht : C:\ProgramData\470d9b99
[-] Ordner gelöscht : C:\ProgramData\awinpa
[-] Ordner gelöscht : C:\ProgramData\cf14cd7d-0655-0
[-] Ordner gelöscht : C:\ProgramData\cf14cd7d-4481-1
[-] Ordner gelöscht : C:\ProgramData\ywinpy
[-] Ordner gelöscht : C:\ProgramData\{03f45a08-412c-1}
[-] Ordner gelöscht : C:\ProgramData\{05ee50c5-412c-0}
[-] Ordner gelöscht : C:\ProgramData\{0b3bcfbf-112c-0}
[-] Ordner gelöscht : C:\ProgramData\{19172eba-012c-1}
[-] Ordner gelöscht : C:\ProgramData\{2c957668-512c-0}
[-] Ordner gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverWhiz
[-] Ordner gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\myfree codec
[-] Ordner gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\qksee
[-] Ordner gelöscht : C:\Users\Public\Documents\jIxmRfR
[-] Ordner gelöscht : C:\Program Files (x86)\DNS Unlocker
[-] Ordner gelöscht : C:\Program Files (x86)\DriverWhiz
[#] Ordner gelöscht : C:\Program Files (x86)\Elex-tech
[-] Ordner gelöscht : C:\Program Files (x86)\myfree codec
[-] Ordner gelöscht : C:\Program Files (x86)\QQBrowser
[-] Ordner gelöscht : C:\Program Files (x86)\jIxmRfR
[-] Ordner gelöscht : C:\Program Files (x86)\Common Files\ParetoLogic
[-] Ordner gelöscht : C:\Users\lucted\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108
[-] Ordner gelöscht : C:\Users\lucted\AppData\Local\jIxmRfR
[-] Ordner gelöscht : C:\Users\lucted\AppData\Roaming\DriverCure
[-] Ordner gelöscht : C:\Users\lucted\AppData\Roaming\eCyber
[#] Ordner gelöscht : C:\Users\lucted\AppData\Roaming\Elex-tech
[-] Ordner gelöscht : C:\Users\lucted\AppData\Roaming\ParetoLogic
[-] Ordner gelöscht : C:\Users\lucted\AppData\Roaming\qksee
[-] Ordner gelöscht : C:\Users\lucted\AppData\Roaming\WinZiper
[-] Ordner gelöscht : C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\PConverter_dz
[-] Ordner gelöscht : C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\YourGSearchFinder_br
[-] Ordner gelöscht : C:\Users\Public\Documents\dmp
Code:
***** [ Dateien ] *****

[-] Datei gelöscht : C:\Users\lucted\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\qksee.lnk
[-] Datei gelöscht : C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\8hxidemf.default\extensions\@lottadealsun.xpi
[-] Datei gelöscht : C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\8hxidemf.default\searchplugins\11-suche.xml
[-] Datei gelöscht : C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\8hxidemf.default\searchplugins\ask-web-search.xml
[-] Datei gelöscht : C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\8hxidemf.default\searchplugins\piesearch.xml
[-] Datei gelöscht : C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\extensions\@lottadealsun.xpi
[-] Datei gelöscht : C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\searchplugins\11-suche.xml
[-] Datei gelöscht : C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\searchplugins\ask-web-search.xml
[-] Datei gelöscht : C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\searchplugins\dd1b66d4.xml
[-] Datei gelöscht : C:\Users\lucted\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage
[-] Datei gelöscht : C:\Users\lucted\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.piesearch.com_0.localstorage
[-] Datei gelöscht : C:\Users\lucted\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.piesearch.com_0.localstorage-journal
[-] Datei gelöscht : C:\WINDOWS\SysNative\log\iSafeKrnlCall.log
[-] Datei gelöscht : C:\WINDOWS\SysNative\drivers\iSafeKrnlBoot.sys
[-] Datei gelöscht : C:\WINDOWS\SysNative\drivers\iSafeNetFilter.sys
[-] Datei gelöscht : C:\user.js

***** [ DLLs ] *****
Code:
***** [ WMI ] *****


***** [ Verknüpfungen ] *****


***** [ Aufgabenplanung ] *****

[-] Geplante Aufgabe gelöscht : paretologic registration3
[-] Geplante Aufgabe gelöscht : paretologic update version3
[-] Geplante Aufgabe gelöscht : ParetoLogic Update Version3 Startup Task
[-] Geplante Aufgabe gelöscht : WinTaske
[-] Geplante Aufgabe gelöscht : Browser Updater Task(Core)

***** [ Registrierungsdatenbank ] *****

[-] Schlüssel gelöscht : HKCU\SOFTWARE\Mozilla\Firefox\{EB52F1AB-3C2B-424F-9794-833C687025CF}
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\{EB52F1AB-3C2B-424F-9794-833C687025CF}
[-] Schlüssel gelöscht : HKLM\SOFTWARE\5da059a482fd494db3f252126fbc3d5b
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\3d4c000a04d89a4d691861923d3e00f8
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{470d9b99}
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\WinZippers.001
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\WinZippers.7z
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\WinZippers.arj
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\WinZippers.bz2
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\WinZippers.bzip2
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\WinZippers.cab
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\WinZippers.cpio
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\WinZippers.deb
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\WinZippers.dmg
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\WinZippers.fat
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\WinZippers.gz
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\WinZippers.gzip
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\WinZippers.hfs
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\WinZippers.iso
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\WinZippers.lha
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\WinZippers.lzh
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\WinZippers.lzma
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\WinZippers.ntfs
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\WinZippers.rar
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\WinZippers.rpm
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\WinZippers.squashfs
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\WinZippers.swm
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\WinZippers.tar
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\WinZippers.taz
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\WinZippers.tbz
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\WinZippers.tbz2
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\WinZippers.tgz
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\WinZippers.tpz
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\WinZippers.txz
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\WinZippers.vhd
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\WinZippers.wim
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\WinZippers.xar
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\WinZippers.xz
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\WinZippers.z
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\WinZippers.zip
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\protector_dll.Protector
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\protector_dll.Protector.1
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho.1
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\uus3url-pl
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\AppID\{7ABBFE1C-E485-44AA-8F36-353751B4124D}
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\AppID\3045035B-3C14-4698-8AC4-ADB18CC42C1E
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5C3B5DAA-0AFF-4808-90FB-0F2F2D760E36}
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\Interface\{94952EC4-DB66-3F32-BE4C-F0BB875EA98E}
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
[-] Wert gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{58124A0B-DC32-4180-9BFF-E0E21AE34026}]
[-] Wert gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{977AE9CC-AF83-45E8-9E03-E2798216E2D5}]
[-] Wert gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}]
[-] Schlüssel gelöscht : HKCU\Software\Browser
Code:
[-] Schlüssel gelöscht : HKCU\Software\DriverWhiz
[-] Schlüssel gelöscht : HKCU\Software\eSupport.com
[-] Schlüssel gelöscht : HKCU\Software\Iminent
[-] Schlüssel gelöscht : HKCU\Software\Myfree Codec
[-] Schlüssel gelöscht : HKCU\Software\One System Care
[-] Schlüssel gelöscht : HKCU\Software\ParetoLogic
[-] Schlüssel gelöscht : HKCU\Software\Softonic
[-] Schlüssel gelöscht : HKCU\Software\System Healer
[-] Schlüssel gelöscht : HKCU\Software\WajIEnhance
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Elex-tech
[-] Schlüssel gelöscht : HKLM\SOFTWARE\hdcode
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Iminent
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Myfree Codec
[-] Schlüssel gelöscht : HKLM\SOFTWARE\ParetoLogic
[-] Schlüssel gelöscht : HKLM\SOFTWARE\yessearchesSoftware
[-] Schlüssel gelöscht : HKLM\SOFTWARE\qkseeSvc
[-] Schlüssel gelöscht : HKLM\SOFTWARE\qksee
[-] Schlüssel gelöscht : HKLM\SOFTWARE\{A16B1AF7-982D-40C3-B5C1-633E1A6A6678}
[-] Schlüssel gelöscht : HKLM\SOFTWARE\{E6276374-DE18-4AA5-A365-9016A2F98A2D}
[-] Schlüssel gelöscht : HKLM\SOFTWARE\{G6276374-DEEE-4AAA-A355-9016A2F98A2D}
[-] Schlüssel gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyFreeCodec
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E1527582-8509-4011-B922-29E3FB548882}_is1
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iSafe
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\11598763487076930564
[-] Schlüssel gelöscht : [x64] HKLM\SOFTWARE\{A16B1AF7-982D-40C3-B5C1-633E1A6A6678}
[-] Schlüssel gelöscht : [x64] HKLM\SOFTWARE\5da059a482fd494db3f252126fbc3d5b
[-] Schlüssel gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E1527582-8509-4011-B922-29E3FB548882}_is1
[-] Schlüssel gelöscht : HKU\.DEFAULT\Software\Elex-tech
[-] Schlüssel gelöscht : HKU\.DEFAULT\Software\{A16B1AF7-982D-40C3-B5C1-633E1A6A6678}
[-] Schlüssel gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
[-] Schlüssel gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
[-] Schlüssel gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\43C098337DB065A49B665D4EA7F16D1C
[-] Schlüssel gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A71991503412AEB42838B02C5ED9F9CD
[-] Schlüssel gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F7652513C62FF63448CFF05163719DB7
[-] Schlüssel gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\18C9E3869A16248439FE3FF9EB02207A
[-] Schlüssel gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5D8011310B2622942868A458964FFDC5
[-] Schlüssel gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6C63F7979DCC2154CB9591969A5CB89D
[-] Schlüssel gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6DD31E6C1A73B334383DF186676F4D20
[-] Schlüssel gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AB3204F747B20694B8D49EF92D8DC94B
[-] Schlüssel gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C81E33A400B6F814E90C7A3354E2A3A5
[-] Schlüssel gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EDBF68C5F16790341B7C6FD7C7F8E4FC
[-] Schlüssel gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FFA531D0F3A71504DA7AC6A11CE33739
[-] Daten wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
[-] Daten wiederhergestellt : HKU\S-1-5-21-689365640-92009327-2566536619-1001\Software\Microsoft\Internet Explorer\Main [Start Page]
[-] Daten wiederhergestellt : HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{03825670-e143-4a1c-9d66-6b83c604caab} [NameServer]
[-] Daten wiederhergestellt : HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{5327d1c1-1dac-4479-9385-c34c11de559b} [NameServer]
[-] Daten wiederhergestellt : HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{848e4150-98c3-4bc5-8ac9-bd77e8cead6a} [NameServer]
[-] Schlüssel gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\winzipersvc
[-] Schlüssel gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\WdMan
[-] Schlüssel gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\qkseeService

***** [ Internetbrowser ] *****

[-] [C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\8hxidemf.default\prefs.js] gelöscht : user_pref("browser.newtab.url", "hxxp://www.nicesearches.com?type=hp&ts=1462807746&from=87640509&uid=hitachixhts547575a9e384_j2540054ca75yeca75yex&z=addf052d28676756fb7e802g0z2q4oabfe0m8m3c7b");
[-] [C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\8hxidemf.default\prefs.js] gelöscht : user_pref("browser.search.searchengine.alias", "");
[-] [C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\8hxidemf.default\prefs.js] gelöscht : user_pref("browser.search.searchengine.iconURL", "hxxp://www.nicesearches.com/favicon.ico?t=1");
[-] [C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\8hxidemf.default\prefs.js] gelöscht : user_pref("browser.search.searchengine.name", "nice ");
[-] [C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\8hxidemf.default\prefs.js] gelöscht : user_pref("browser.search.searchengine.ref", "");
[-] [C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\8hxidemf.default\prefs.js] gelöscht : user_pref("browser.search.searchengine.ts", "1462807746");
[-] [C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\8hxidemf.default\prefs.js] gelöscht : user_pref("browser.search.searchengine.type", "");
[-] [C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\8hxidemf.default\prefs.js] gelöscht : user_pref("browser.search.searchengine.uid", "hitachixhts547575a9e384_j2540054ca75yeca75yex");
[-] [C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\8hxidemf.default\prefs.js] gelöscht : user_pref("browser.search.searchengine.url", "hxxp://www.nicesearches.com/search.php?type=ds&ts=1462807746&from=87640509&uid=hitachixhts547575a9e384_j2540054ca75yeca75yex&z=addf052d28676756fb7e802g0z2[...]
[-] [C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\8hxidemf.default\prefs.js] gelöscht : user_pref("browser.startup.homepage", "hxxp://www.nicesearches.com?type=hp&ts=1462807746&from=87640509&uid=hitachixhts547575a9e384_j2540054ca75yeca75yex&z=addf052d28676756fb7e802g0z2q4oabfe0m8m3c7b");
[-] [C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\8hxidemf.default\prefs.js] gelöscht : user_pref("extensions.Softonic.admin", false);
[-] [C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\8hxidemf.default\prefs.js] gelöscht : user_pref("extensions.Softonic.aflt", "SD");
[-] [C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\8hxidemf.default\prefs.js] gelöscht : user_pref("extensions.Softonic.autoRvrt", "false");
[-] [C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\8hxidemf.default\prefs.js] gelöscht : user_pref("extensions.Softonic.cntry", "DE");
[-] [C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\8hxidemf.default\prefs.js] gelöscht : user_pref("extensions.Softonic.cv", "cv5");
[-] [C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\8hxidemf.default\prefs.js] gelöscht : user_pref("extensions.Softonic.dfltLng", "de");
[-] [C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\8hxidemf.default\prefs.js] gelöscht : user_pref("extensions.Softonic.dfltSrch", true);
[-] [C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\8hxidemf.default\prefs.js] gelöscht : user_pref("extensions.Softonic.dspNew", "Search the web (Softonic)");
[-] [C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\8hxidemf.default\prefs.js] gelöscht : user_pref("extensions.Softonic.dspOld", "");
[-] [C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\8hxidemf.default\prefs.js] gelöscht : user_pref("extensions.Softonic.envrmnt", "production");
[-] [C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\8hxidemf.default\prefs.js] gelöscht : user_pref("extensions.Softonic.excTlbr", false);
[-] [C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\8hxidemf.default\prefs.js] gelöscht : user_pref("extensions.Softonic.hdrMd5", "8DED195CFCADDB4380BFB393F5B9968D");
[-] [C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\8hxidemf.default\prefs.js] gelöscht : user_pref("extensions.Softonic.hmpg", true);
[-] [C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\8hxidemf.default\prefs.js] gelöscht : user_pref("extensions.Softonic.hmpgUrl", "hxxp://search.softonic.com/INF1205T01/tb_v1?SearchSource=13&cc=");
[-] [C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\8hxidemf.default\prefs.js] gelöscht : user_pref("extensions.Softonic.hpNew", "hxxp://search.softonic.com/INF1205T01/tb_v1?SearchSource=13&cc=");
[-] [C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\8hxidemf.default\prefs.js] gelöscht : user_pref("extensions.Softonic.hpOld", "about:home");
[-] [C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\8hxidemf.default\prefs.js] gelöscht : user_pref("extensions.Softonic.id", "9604b995000000000000ac7289632497");
[-] [C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\8hxidemf.default\prefs.js] gelöscht : user_pref("extensions.Softonic.instlDay", "15562");
[-] [C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\8hxidemf.default\prefs.js] gelöscht : user_pref("extensions.Softonic.instlRef", "INF1205T01");
[-] [C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\8hxidemf.default\prefs.js] gelöscht : user_pref("extensions.Softonic.keyWordUrl", "hxxp://search.softonic.com/INF1205T01/tb_v1?SearchSource=2&cc=&q=");
[-] [C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\8hxidemf.default\prefs.js] gelöscht : user_pref("extensions.Softonic.lastVrsnTs", "1.6.7.46:32:59");
[-] [C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\8hxidemf.default\prefs.js] gelöscht : user_pref("extensions.Softonic.mntrvrsn", "1.3.0");
[-] [C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\8hxidemf.default\prefs.js] gelöscht : user_pref("extensions.Softonic.newTab", true);
[-] [C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\8hxidemf.default\prefs.js] gelöscht : user_pref("extensions.Softonic.newTabUrl", "hxxp://search.softonic.com/INF1205T01/tb_v1?SearchSource=15&cc=");
[-] [C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\8hxidemf.default\prefs.js] gelöscht : user_pref("extensions.Softonic.prdct", "Softonic");
[-] [C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\8hxidemf.default\prefs.js] gelöscht : user_pref("extensions.Softonic.prtnrId", "softonic");
[-] [C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\8hxidemf.default\prefs.js] gelöscht : user_pref("extensions.Softonic.rvrtMsg", "Click Yes to keep current home page and default search settings, Click No to restore original settings");
[-] [C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\8hxidemf.default\prefs.js] gelöscht : user_pref("extensions.Softonic.sg", "az");
[-] [C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\8hxidemf.default\prefs.js] gelöscht : user_pref("extensions.Softonic.smplGrp", "none");
[-] [C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\8hxidemf.default\prefs.js] gelöscht : user_pref("extensions.Softonic.srchPrvdr", "Search the web (Softonic)");
[-] [C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\8hxidemf.default\prefs.js] gelöscht : user_pref("extensions.Softonic.tlbrId", "base");
[-] [C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\8hxidemf.default\prefs.js] gelöscht : user_pref("extensions.Softonic.tlbrSrchUrl", "hxxp://search.softonic.com/INF1205T01/tb_v1?SearchSource=1&cc=&q=");
[-] [C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\8hxidemf.default\prefs.js] gelöscht : user_pref("extensions.Softonic.vrsn", "1.6.7.4");
[-] [C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\8hxidemf.default\prefs.js] gelöscht : user_pref("extensions.Softonic.vrsnTs", "1.6.7.46:32:59");
[-] [C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\8hxidemf.default\prefs.js] gelöscht : user_pref("extensions.Softonic.vrsni", "1.6.7.4");
[-] [C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\8hxidemf.default\prefs.js] gelöscht : user_pref("extensions.Softonic_i.dnsErr", true);
[-] [C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\8hxidemf.default\prefs.js] gelöscht : user_pref("extensions.Softonic_i.hmpg", true);
[-] [C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\8hxidemf.default\prefs.js] gelöscht : user_pref("extensions.Softonic_i.newTab", true);
[-] [C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\8hxidemf.default\prefs.js] gelöscht : user_pref("extensions.Softonic_i.smplGrp", "none");
[-] [C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\8hxidemf.default\prefs.js] gelöscht : user_pref("extensions.Softonic_i.vrsnTs", "1.6.7.46:32:59");
[-] [C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\8hxidemf.default\prefs.js] gelöscht : user_pref("extensions.toolbar.mindspark.hp.enabled", false);
[-] [C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\8hxidemf.default\prefs.js] gelöscht : user_pref("extensions.toolbar.mindspark.hp.enabled.guid", "");
[-] [C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\8hxidemf.default\prefs.js] gelöscht : user_pref("extensions.toolbar.mindspark.lastInstalled", "allin1convert@mindspark.com");
[-] [C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\8hxidemf.default\user.js] gelöscht : user_pref("extensions.Softonic.rvrtMsg", "Click Yes to keep current home page and default search settings, Click No to restore original settings");
[-] [C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\8hxidemf.default\user.js] gelöscht : user_pref("extensions.Softonic.autoRvrt", "false");
[-] [C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\8hxidemf.default\user.js] gelöscht : user_pref("extensions.Softonic_i.hmpg", true);
[-] [C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\8hxidemf.default\user.js] gelöscht : user_pref("extensions.Softonic.hmpgUrl", "hxxp://search.softonic.com/INF1205T01/tb_v1?SearchSource=13&cc=");
[-] [C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\8hxidemf.default\user.js] gelöscht : user_pref("extensions.Softonic.hpOld", "about:home");
[-] [C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\8hxidemf.default\user.js] gelöscht : user_pref("extensions.Softonic.hpNew", "hxxp://search.softonic.com/INF1205T01/tb_v1?SearchSource=13&cc=");
[-] [C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\8hxidemf.default\user.js] gelöscht : user_pref("extensions.Softonic.dfltSrch", true);
[-] [C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\8hxidemf.default\user.js] gelöscht : user_pref("extensions.Softonic.srchPrvdr", "Search the web (Softonic)");
[-] [C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\8hxidemf.default\user.js] gelöscht : user_pref("extensions.Softonic.keyWordUrl", "hxxp://search.softonic.com/INF1205T01/tb_v1?SearchSource=2&cc=&q=");
[-] [C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\8hxidemf.default\user.js] gelöscht : user_pref("extensions.Softonic.dspOld", "");
[-] [C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\8hxidemf.default\user.js] gelöscht : user_pref("extensions.Softonic.dspNew", "Search the web (Softonic)");
[-] [C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\8hxidemf.default\user.js] gelöscht : user_pref("extensions.Softonic_i.dnsErr", true);
[-] [C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\8hxidemf.default\user.js] gelöscht : user_pref("extensions.Softonic_i.newTab", true);
[-] [C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\8hxidemf.default\user.js] gelöscht : user_pref("extensions.Softonic.newTabUrl", "hxxp://search.softonic.com/INF1205T01/tb_v1?SearchSource=15&cc=");
[-] [C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\8hxidemf.default\user.js] gelöscht : user_pref("extensions.Softonic.tlbrSrchUrl", "hxxp://search.softonic.com/INF1205T01/tb_v1?SearchSource=1&cc=&q=");
[-] [C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\8hxidemf.default\user.js] gelöscht : user_pref("extensions.Softonic.id", "9604b995000000000000ac7289632497");
[-] [C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\8hxidemf.default\user.js] gelöscht : user_pref("extensions.Softonic.instlDay", "15562");
[-] [C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\8hxidemf.default\user.js] gelöscht : user_pref("extensions.Softonic.vrsn", "1.6.7.4");
[-] [C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\8hxidemf.default\user.js] gelöscht : user_pref("extensions.Softonic.vrsni", "1.6.7.4");
[-] [C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\8hxidemf.default\user.js] gelöscht : user_pref("extensions.Softonic_i.vrsnTs", "1.6.7.46:32:59");
[-] [C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\8hxidemf.default\user.js] gelöscht : user_pref("extensions.Softonic.prtnrId", "softonic");
[-] [C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\8hxidemf.default\user.js] gelöscht : user_pref("extensions.Softonic.prdct", "Softonic");
[-] [C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\8hxidemf.default\user.js] gelöscht : user_pref("extensions.Softonic.aflt", "SD");
[-] [C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\8hxidemf.default\user.js] gelöscht : user_pref("extensions.Softonic_i.smplGrp", "none");
[-] [C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\8hxidemf.default\user.js] gelöscht : user_pref("extensions.Softonic.tlbrId", "base");
[-] [C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\8hxidemf.default\user.js] gelöscht : user_pref("extensions.Softonic.instlRef", "INF1205T01");
[-] [C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\8hxidemf.default\user.js] gelöscht : user_pref("extensions.Softonic.dfltLng", "de");
[-] [C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\8hxidemf.default\user.js] gelöscht : user_pref("extensions.Softonic.excTlbr", false);
[-] [C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\8hxidemf.default\user.js] gelöscht : user_pref("extensions.Softonic.admin", false);
[-] [C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\prefs.js] gelöscht : user_pref("browser.newtab.url", "hxxp://www.nicesearches.com?type=hp&ts=1462807746&from=87640509&uid=hitachixhts547575a9e384_j2540054ca75yeca75yex&z=addf052d28676756fb7e802g0z2q4oabfe0m8m3c7b");
[-] [C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\prefs.js] gelöscht : user_pref("browser.search.defaultenginename", "yessearches");
[-] [C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\prefs.js] gelöscht : user_pref("browser.search.defaultenginename.US", "data:text/plain,browser.search.defaultenginename.US=yessearches");
[-] [C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\prefs.js] gelöscht : user_pref("browser.search.searchengine.alias", "");
[-] [C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\prefs.js] gelöscht : user_pref("browser.search.searchengine.hp", "hxxp://www.yessearches.com/?ts=AHEpC3YsAHItBE..&v=20160323&uid=04CF7FDFC4A179AD46422513D05566BE&ptid=cos1&mode=ffsengext");
[-] [C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\prefs.js] gelöscht : user_pref("browser.search.searchengine.iconURL", "hxxp://www.nicesearches.com/favicon.ico?t=1");
[-] [C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\prefs.js] gelöscht : user_pref("browser.search.searchengine.name", "nice ");
[-] [C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\prefs.js] gelöscht : user_pref("browser.search.searchengine.ref", "");
[-] [C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\prefs.js] gelöscht : user_pref("browser.search.searchengine.sp", "hxxp://www.yessearches.com/chrome.php?mode=ffsengext&ptid=cos1&q={searchTerms}&ts=AHEpC3YsAHItBE..&uid=04CF7FDFC4A179AD46422513D05566BE&v=20160323");
[-] [C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\prefs.js] gelöscht : user_pref("browser.search.searchengine.ts", "1462807746");
[-] [C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\prefs.js] gelöscht : user_pref("browser.search.searchengine.type", "");
[-] [C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\prefs.js] gelöscht : user_pref("browser.search.searchengine.uid", "hitachixhts547575a9e384_j2540054ca75yeca75yex");
[-] [C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\prefs.js] gelöscht : user_pref("browser.search.searchengine.url", "hxxp://www.nicesearches.com/search.php?type=ds&ts=1462807746&from=87640509&uid=hitachixhts547575a9e384_j2540054ca75yeca75yex&z=addf052d28676756fb7e802g0z2[...]
[-] [C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\prefs.js] gelöscht : user_pref("extensions.Softonic.admin", false);
[-] [C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\prefs.js] gelöscht : user_pref("extensions.Softonic.aflt", "SD");
[-] [C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\prefs.js] gelöscht : user_pref("extensions.Softonic.autoRvrt", "false");
[-] [C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\prefs.js] gelöscht : user_pref("extensions.Softonic.cntry", "DE");
[-] [C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\prefs.js] gelöscht : user_pref("extensions.Softonic.cv", "cv5");
[-] [C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\prefs.js] gelöscht : user_pref("extensions.Softonic.dfltLng", "de");
[-] [C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\prefs.js] gelöscht : user_pref("extensions.Softonic.dfltSrch", true);
[-] [C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\prefs.js] gelöscht : user_pref("extensions.Softonic.dspNew", "Search the web (Softonic)");
[-] [C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\prefs.js] gelöscht : user_pref("extensions.Softonic.dspOld", "");
[-] [C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\prefs.js] gelöscht : user_pref("extensions.Softonic.envrmnt", "production");
[-] [C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\prefs.js] gelöscht : user_pref("extensions.Softonic.excTlbr", false);
[-] [C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\prefs.js] gelöscht : user_pref("extensions.Softonic.hdrMd5", "8DED195CFCADDB4380BFB393F5B9968D");
[-] [C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\prefs.js] gelöscht : user_pref("extensions.Softonic.hmpg", true);
[-] [C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\prefs.js] gelöscht : user_pref("extensions.Softonic.hmpgUrl", "hxxp://search.softonic.com/INF1205T01/tb_v1?SearchSource=13&cc=");
[-] [C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\prefs.js] gelöscht : user_pref("extensions.Softonic.hpNew", "hxxp://search.softonic.com/INF1205T01/tb_v1?SearchSource=13&cc=");
[-] [C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\prefs.js] gelöscht : user_pref("extensions.Softonic.hpOld", "about:home");
[-] [C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\prefs.js] gelöscht : user_pref("extensions.Softonic.id", "9604b995000000000000ac7289632497");
[-] [C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\prefs.js] gelöscht : user_pref("extensions.Softonic.instlDay", "15562");
[-] [C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\prefs.js] gelöscht : user_pref("extensions.Softonic.instlRef", "INF1205T01");
[-] [C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\prefs.js] gelöscht : user_pref("extensions.Softonic.keyWordUrl", "hxxp://search.softonic.com/INF1205T01/tb_v1?SearchSource=2&cc=&q=");
[-] [C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\prefs.js] gelöscht : user_pref("extensions.Softonic.lastVrsnTs", "1.6.7.46:32:59");
[-] [C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\prefs.js] gelöscht : user_pref("extensions.Softonic.mntrvrsn", "1.3.0");
[-] [C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\prefs.js] gelöscht : user_pref("extensions.Softonic.newTab", true);
[-] [C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\prefs.js] gelöscht : user_pref("extensions.Softonic.newTabUrl", "hxxp://search.softonic.com/INF1205T01/tb_v1?SearchSource=15&cc=");
[-] [C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\prefs.js] gelöscht : user_pref("extensions.Softonic.prdct", "Softonic");
[-] [C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\prefs.js] gelöscht : user_pref("extensions.Softonic.prtnrId", "softonic");
[-] [C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\prefs.js] gelöscht : user_pref("extensions.Softonic.rvrtMsg", "Click Yes to keep current home page and default search settings, Click No to restore original settings");
[-] [C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\prefs.js] gelöscht : user_pref("extensions.Softonic.sg", "az");
[-] [C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\prefs.js] gelöscht : user_pref("extensions.Softonic.smplGrp", "none");
[-] [C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\prefs.js] gelöscht : user_pref("extensions.Softonic.srchPrvdr", "Search the web (Softonic)");
[-] [C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\prefs.js] gelöscht : user_pref("extensions.Softonic.tlbrId", "base");
[-] [C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\prefs.js] gelöscht : user_pref("extensions.Softonic.tlbrSrchUrl", "hxxp://search.softonic.com/INF1205T01/tb_v1?SearchSource=1&cc=&q=");
[-] [C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\prefs.js] gelöscht : user_pref("extensions.Softonic.vrsn", "1.6.7.4");
[-] [C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\prefs.js] gelöscht : user_pref("extensions.Softonic.vrsnTs", "1.6.7.46:32:59");
[-] [C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\prefs.js] gelöscht : user_pref("extensions.Softonic.vrsni", "1.6.7.4");
[-] [C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\prefs.js] gelöscht : user_pref("extensions.Softonic_i.dnsErr", true);
[-] [C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\prefs.js] gelöscht : user_pref("extensions.Softonic_i.hmpg", true);
[-] [C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\prefs.js] gelöscht : user_pref("extensions.Softonic_i.newTab", true);
[-] [C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\prefs.js] gelöscht : user_pref("extensions.Softonic_i.smplGrp", "none");
[-] [C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\prefs.js] gelöscht : user_pref("extensions.Softonic_i.vrsnTs", "1.6.7.46:32:59");
[-] [C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\prefs.js] gelöscht : user_pref("extensions.toolbar.mindspark._brMembers_.BUTTON_STRUCTURE", "[{\"b\":224520315,\"c\":\"mindspark.magnify\",\"p\":\"L.0\"},{\"b\":224520316,\"c\":\"mindspark.entersearchterms\",\"p\":\"L.0.0[...]
[-] [C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\prefs.js] gelöscht : user_pref("extensions.toolbar.mindspark._brMembers_.browser.version.last", "45.0");
[-] [C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\prefs.js] gelöscht : user_pref("extensions.toolbar.mindspark._brMembers_.firstKnownVersion", "7.38.8.45986");
[-] [C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\prefs.js] gelöscht : user_pref("extensions.toolbar.mindspark._brMembers_.homepage", "/index.jhtml?n=782a3761");
[-] [C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\prefs.js] gelöscht : user_pref("extensions.toolbar.mindspark._brMembers_.hp.enabled", true);
[-] [C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\prefs.js] gelöscht : user_pref("extensions.toolbar.mindspark._brMembers_.hp.guardType", "HPR");
[-] [C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\prefs.js] gelöscht : user_pref("extensions.toolbar.mindspark._brMembers_.initialized", true);
[-] [C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\prefs.js] gelöscht : user_pref("extensions.toolbar.mindspark._brMembers_.installation.installDate", "2016032609");
[-] [C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\prefs.js] gelöscht : user_pref("extensions.toolbar.mindspark._brMembers_.installation.success", true);
[-] [C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\prefs.js] gelöscht : user_pref("extensions.toolbar.mindspark._brMembers_.lastActivePing", "1465364506403");
[-] [C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\prefs.js] gelöscht : user_pref("extensions.toolbar.mindspark._brMembers_.lastKnownVersion", "7.38.8.45986");
[-] [C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\prefs.js] gelöscht : user_pref("extensions.toolbar.mindspark._brMembers_.lssState", "{\"previousLocales\":[\"de\",\"en-US\",\"en\"],\"supportedLocales\":[\"de\",\"es\",\"pt\",\"ja\",\"en\"],\"defaultLocale\":\"en\",\"supp[...]
[-] [C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\prefs.js] gelöscht : user_pref("extensions.toolbar.mindspark._brMembers_.options.defaultSearch", false);
[-] [C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\prefs.js] gelöscht : user_pref("extensions.toolbar.mindspark._brMembers_.options.homePageEnabled", false);
[-] [C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\prefs.js] gelöscht : user_pref("extensions.toolbar.mindspark._brMembers_.options.keywordEnabled", true);
[-] [C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\prefs.js] gelöscht : user_pref("extensions.toolbar.mindspark._brMembers_.options.tabEnabled", false);
[-] [C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\prefs.js] gelöscht : user_pref("extensions.toolbar.mindspark._brMembers_.productDeliveryOption.language", "en");
[-] [C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\prefs.js] gelöscht : user_pref("extensions.toolbar.mindspark._brMembers_.productDeliveryOption.type", "Toolbar");
[-] [C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\prefs.js] gelöscht : user_pref("extensions.toolbar.mindspark._brMembers_.searchHistory", "itunes findet mein ipad nicht mehrrasenmäher benzinOsram bewegungssensorosram duled 8wosram duled 8w 827 e27rasenm&#[...]
[-] [C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\prefs.js] gelöscht : user_pref("extensions.toolbar.mindspark._brMembers_.successUrl", "hxxp://www.yessearches.com/chrome.php?uid=04CF7FDFC4A179AD46422513D05566BE&ptid=cos1&ts=AHEpC3YsAHItBE..&v=20160323&mode=ffexttoolbar&[...]
[-] [C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\prefs.js] gelöscht : user_pref("extensions.toolbar.mindspark._brMembers_.toolbarCollapsed", true);
[-] [C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\prefs.js] gelöscht : user_pref("extensions.toolbar.mindspark._brMembers_.uninstallTasks", "{\"prefBranchesToDelete\":[\"extensions.toolbar.mindspark._brMembers_.\"],\"filesToDelete\":[\"C:\\\\Users\\\\lucted\\\\AppData\\\[...]
[-] [C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\prefs.js] gelöscht : user_pref("extensions.toolbar.mindspark._dzMembers_.lastActivePing", "1465307885318");
[-] [C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\prefs.js] gelöscht : user_pref("extensions.toolbar.mindspark.hp.enabled", true);
[-] [C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\prefs.js] gelöscht : user_pref("extensions.toolbar.mindspark.hp.enabled.guid", "yourGSearchfinder@GSearch.com");
[-] [C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\prefs.js] gelöscht : user_pref("extensions.toolbar.mindspark.lastInstalled", "pconverter@mindspark.com");
[-] [C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\prefs.js] gelöscht : user_pref("keyword.URL", "hxxp://www.yessearches.com/chrome.php?uid=04CF7FDFC4A179AD46422513D05566BE&ptid=cos1&ts=AHEpC3YsAHItBE..&v=20160323&mode=ffexttoolbar&q=");
[-] [C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\user.js] gelöscht : user_pref("extensions.Softonic.rvrtMsg", "Click Yes to keep current home page and default search settings, Click No to restore original settings");
[-] [C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\user.js] gelöscht : user_pref("extensions.Softonic.autoRvrt", "false");
[-] [C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\user.js] gelöscht : user_pref("extensions.Softonic_i.hmpg", true);
[-] [C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\user.js] gelöscht : user_pref("extensions.Softonic.hmpgUrl", "hxxp://search.softonic.com/INF1205T01/tb_v1?SearchSource=13&cc=");
[-] [C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\user.js] gelöscht : user_pref("extensions.Softonic.hpOld", "about:home");
[-] [C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\user.js] gelöscht : user_pref("extensions.Softonic.hpNew", "hxxp://search.softonic.com/INF1205T01/tb_v1?SearchSource=13&cc=");
[-] [C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\user.js] gelöscht : user_pref("extensions.Softonic.dfltSrch", true);
[-] [C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\user.js] gelöscht : user_pref("extensions.Softonic.srchPrvdr", "Search the web (Softonic)");
[-] [C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\user.js] gelöscht : user_pref("extensions.Softonic.keyWordUrl", "hxxp://search.softonic.com/INF1205T01/tb_v1?SearchSource=2&cc=&q=");
[-] [C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\user.js] gelöscht : user_pref("extensions.Softonic.dspOld", "");
[-] [C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\user.js] gelöscht : user_pref("extensions.Softonic.dspNew", "Search the web (Softonic)");
[-] [C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\user.js] gelöscht : user_pref("extensions.Softonic_i.dnsErr", true);
[-] [C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\user.js] gelöscht : user_pref("extensions.Softonic_i.newTab", true);
[-] [C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\user.js] gelöscht : user_pref("extensions.Softonic.newTabUrl", "hxxp://search.softonic.com/INF1205T01/tb_v1?SearchSource=15&cc=");
[-] [C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\user.js] gelöscht : user_pref("extensions.Softonic.tlbrSrchUrl", "hxxp://search.softonic.com/INF1205T01/tb_v1?SearchSource=1&cc=&q=");
[-] [C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\user.js] gelöscht : user_pref("extensions.Softonic.id", "9604b995000000000000ac7289632497");
[-] [C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\user.js] gelöscht : user_pref("extensions.Softonic.instlDay", "15562");
[-] [C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\user.js] gelöscht : user_pref("extensions.Softonic.vrsn", "1.6.7.4");
[-] [C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\user.js] gelöscht : user_pref("extensions.Softonic.vrsni", "1.6.7.4");
[-] [C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\user.js] gelöscht : user_pref("extensions.Softonic_i.vrsnTs", "1.6.7.46:32:59");
[-] [C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\user.js] gelöscht : user_pref("extensions.Softonic.prtnrId", "softonic");
[-] [C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\user.js] gelöscht : user_pref("extensions.Softonic.prdct", "Softonic");
[-] [C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\user.js] gelöscht : user_pref("extensions.Softonic.aflt", "SD");
[-] [C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\user.js] gelöscht : user_pref("extensions.Softonic_i.smplGrp", "none");
[-] [C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\user.js] gelöscht : user_pref("extensions.Softonic.tlbrId", "base");
[-] [C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\user.js] gelöscht : user_pref("extensions.Softonic.instlRef", "INF1205T01");
[-] [C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\user.js] gelöscht : user_pref("extensions.Softonic.dfltLng", "de");
[-] [C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\user.js] gelöscht : user_pref("extensions.Softonic.excTlbr", false);
[-] [C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\user.js] gelöscht : user_pref("extensions.Softonic.admin", false);
[-] [C:\Users\lucted\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] gelöscht : google
[-] [C:\Users\lucted\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Startup_URLs] gelöscht : hxxp://www.nicesearches.com?type=hp&ts=1462807746&from=87640509&uid=hitachixhts547575a9e384_j2540054ca75yeca75yex&z=addf052d28676756fb7e802g0z2q4oabfe0m8m3c7b
[-] [C:\Users\lucted\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Homepage] gelöscht : hxxp://www.nicesearches.com?type=hp&ts=1462807746&from=87640509&uid=hitachixhts547575a9e384_j2540054ca75yeca75yex&z=addf052d28676756fb7e802g0z2q4oabfe0m8m3c7b

*************************

:: "Tracing" Schlüssel gelöscht
:: Proxy Einstellungen zurückgesetzt
:: Winsock Einstellungen zurückgesetzt
:: Internet Explorer Richtlinien gelöscht
:: Chrome Richtlinien gelöscht

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [53695 Bytes] - [08/06/2016 09:16:30]
C:\AdwCleaner\AdwCleaner[S1].txt - [53061 Bytes] - [08/06/2016 09:13:41]

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [53843 Bytes] ##########
Code:
Malwarebytes Anti-Malware
www.malwarebytes.org


Update, 08.06.2016 07:53, SYSTEM, LUCTED-PC, Manual, Remediation Database, 2016.2.12.1, 2016.5.25.1,
Update, 08.06.2016 07:53, SYSTEM, LUCTED-PC, Manual, Rootkit Database, 2016.2.8.1, 2016.5.27.1,
Update, 08.06.2016 07:53, SYSTEM, LUCTED-PC, Manual, IP Database, 2016.2.8.1, 2016.6.7.2,
Update, 08.06.2016 07:53, SYSTEM, LUCTED-PC, Manual, Domain Database, 2016.2.16.8, 2016.6.7.2,
Update, 08.06.2016 07:53, SYSTEM, LUCTED-PC, Manual, Malware Database, 2016.2.16.6, 2016.6.8.2,

(end)
Code:
Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:06-06-2016
durchgeführt von lucted (2016-06-07 13:09:25)
Gestartet von C:\Users\lucted\Desktop
Windows 10 Home Version 1511 (X64) (2016-01-06 12:10:54)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-689365640-92009327-2566536619-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-689365640-92009327-2566536619-503 - Limited - Disabled)
Gast (S-1-5-21-689365640-92009327-2566536619-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-689365640-92009327-2566536619-1005 - Limited - Enabled)
lucted (S-1-5-21-689365640-92009327-2566536619-1001 - Administrator - Enabled) => C:\Users\lucted
UpdatusUser (S-1-5-21-689365640-92009327-2566536619-1000 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

4500_Help (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.7.1.19610 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.242 - Adobe Systems Incorporated)
AMI VR-pulse OS Switcher (HKLM\...\{69A90894-D54A-4657-8172-6B0FCE93414E}) (Version: 1.2 - American Megatrends Inc.)
Apple Application Support (32-Bit) (HKLM-x32\...\{FE5C2FAA-118D-4509-B51D-3F71CC9E1B3E}) (Version: 4.3 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{2937FD88-C9D6-4B82-B539-37CD0A572F42}) (Version: 4.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Ashampoo Burning Studio (HKLM-x32\...\Ashampoo Burning Studio_is1) (Version: 10.0.10 - Ashampoo GmbH & Co. KG)
Ashampoo Photo Commander (HKLM-x32\...\Ashampoo Photo Commander_is1) (Version: 9.2.0 - Ashampoo GmbH & Co. KG)
Ashampoo Photo Optimizer (HKLM-x32\...\Ashampoo Photo Optimizer_is1) (Version: 4.0.0 - Ashampoo GmbH & Co. KG)
Ashampoo Snap (HKLM-x32\...\Ashampoo Snap_is1) (Version: 4.3.0 - Ashampoo GmbH & Co. KG)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.39 - Atheros Communications Inc.)
bpd_scan (x32 Version: 3.00.0000 - Hewlett-Packard) Hidden
BPDSoftware (x32 Version: 140.0.001.000 - Hewlett-Packard) Hidden
BPDSoftware_Ini (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
BufferChm (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
Control ActiveX de Windows Live Mesh para conexiones remotas (HKLM-x32\...\{04668DF2-D32F-4555-9C7E-35523DCD6544}) (Version: 15.4.5722.2 - Microsoft Corporation)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation)
Corel Graphics - Windows Shell Extension (HKLM-x32\...\_{B6BFCD02-BA0E-41A9-9C9C-6624C4BB475F}) (Version: 15.2.0.686 - Corel Corporation)
Corel Graphics - Windows Shell Extension (x32 Version: 15.2.686 - Corel Corporation) Hidden
Corel Graphics - Windows Shell Extension 64 Bit (Version: 15.2.686 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Common (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Connect (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Custom Data (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - DE (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Draw (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - EN (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - ES (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Extra Content (HKLM-x32\...\_{5A10CFDA-FA2B-453C-B561-AE864E62EAC8}) (Version:  - Corel Corporation)
CorelDRAW Essentials X5 - Extra Content (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Filters (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - FR (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - IPM (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - IT (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - PHOTO-PAINT (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Redist (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Setup Files (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - WT (x32 Version: 15.3 -  Corel Corporation) Hidden
CorelDRAW Essentials X5 (HKLM-x32\...\_{EDBEBF07-F880-48FB-9AA5-0E8E71E02D83}) (Version: 15.2.0.686 - Corel Corporation)
CorelDRAW Essentials X5 (x32 Version: 15.3 - Corel Corporation) Hidden
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3624 - CyberLink Corp.)
CyberLink MediaEspresso (HKLM-x32\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 6.5.1508_36229 - CyberLink Corp.)
CyberLink MediaShow (HKLM-x32\...\InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}) (Version: 5.1.2414 - CyberLink Corp.)
CyberLink PhotoNow (HKLM-x32\...\InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.0.6904 - CyberLink Corp.)
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 7.0.0.1327 - CyberLink Corp.)
CyberLink PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.4020 - CyberLink Corp.)
CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.2930.52 - CyberLink Corp.)
CyberLink PowerDVD Copy (HKLM-x32\...\InstallShield_{E3D04529-6EDB-11D8-A372-0050BAE317E1}) (Version: 1.5.1306 - CyberLink Corp.)
CyberLink PowerProducer (HKLM-x32\...\InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}) (Version: 5.0.2.3503 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.1.4013 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Destinations (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
DNS Unlocker version 1.4 (HKLM-x32\...\{E1527582-8509-4011-B922-29E3FB548882}_is1) (Version: 1.4 - www.dnsunlocker.com) <==== ACHTUNG
DocProc (x32 Version: 140.0.185.000 - Hewlett-Packard) Hidden
Dolby Advanced Audio v2 (HKLM-x32\...\{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}) (Version: 7.2.7000.4 - Dolby Laboratories Inc)
Dropbox (HKU\S-1-5-21-689365640-92009327-2566536619-1001\...\Dropbox) (Version: 3.0.5 - Dropbox, Inc.)
Fax (x32 Version: 140.0.307.000 - Hewlett-Packard) Hidden
Finger Sensing Pad Driver (HKLM\...\{E86906FF-C63D-4EAF-ACE7-5F8D55FBEA9A}) (Version: 9.4.9.5 - Sentelic)
Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsługę połączeń zdalnych (HKLM-x32\...\{B04A0E2F-1E4C-4E61-B18E-3B2BD6779CA7}) (Version: 15.4.5722.2 - Microsoft Corporation)
Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 51.0.2704.63 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7619.1252 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Officejet J4500 Series 14.0 Rel. 6 (HKLM\...\{EACF146B-01D2-4185-B773-9604A0E5902A}) (Version: 14.0 - HP)
HPSSupply (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
Intel PROSet Wireless (x32 Version:  - ) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2462 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{006B5C65-3938-4246-B182-994A7E415EDE}) (Version: 1.1.0.0537 - Intel Corporation)
Intel(R) WiDi (HKLM-x32\...\{781A93CD-1608-427D-B7F0-D05C07795B25}) (Version: 2.1.41.0 - Intel Corporation)
Intel(R) Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version:  - )
IT9130 Driver v11.4.26.1 (HKLM-x32\...\IT9130 DriverInstaller_11.4.26.1) (Version:  - )
J4500 (x32 Version: 140.0.001.000 - Hewlett-Packard) Hidden
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kaspersky Total Security (HKLM-x32\...\InstallWIX_{77E7AE5C-181C-4CAF-ADBF-946F11C1CE26}) (Version: 16.0.0.614 - Kaspersky Lab)
Kaspersky Total Security (x32 Version: 16.0.0.614 - Kaspersky Lab) Hidden
Kontrolnik Windows Live Mesh ActiveX za oddaljene povezave (HKLM-x32\...\{CA227A9D-09BE-4BFB-9764-48FED2DA5454}) (Version: 15.4.5722.2 - Microsoft Corporation)
Launch Manager (HKLM-x32\...\{D0846526-66DD-4DC9-A02C-98F9A2806812}) (Version: 1.5.1.4 - Wistron Corp.)
MarketResearch (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Medion Home Cinema (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 8.0.2608 - CyberLink Corp.)
Medion Home Cinema (x32 Version: 8.0.2608 - CyberLink Corp.) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft Mathematics (64-Bit) (HKLM\...\{E57B7E0A-8BE5-42E2-BE60-C07ED680A063}) (Version: 4.0 - Microsoft Corporation)
Microsoft Office Professional 2013 - de-de (HKLM\...\ProfessionalRetail - de-de) (Version: 15.0.4823.1004 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 45.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 45.0.1 (x86 de)) (Version: 45.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 45.0.1.5918 - Mozilla)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyFreeCodec (HKU\S-1-5-21-689365640-92009327-2566536619-1001\...\MyFreeCodec) (Version:  - )
NVIDIA 3D Vision Driver 269.24 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 269.24 - NVIDIA Corporation)
NVIDIA Graphics Driver 269.24 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 269.24 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}) (Version: 9.10.0513 - NVIDIA Corporation)
OCR Software by I.R.I.S. 14.0 (HKLM\...\HPOCR) (Version: 14.0 - HP)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4823.1004 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4823.1004 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4823.1004 - Microsoft Corporation) Hidden
PDF24 Creator 7.4.1 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Pošta Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
ProductContext (x32 Version: 140.0.001.000 - Hewlett-Packard) Hidden
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6428 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Reader Driver (HKLM-x32\...\{62BBB2F0-E220-4821-A564-730807D2C34D}) (Version: 6.1.7600.10010 - Realtek Semiconductor Corp.)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.5.1.12123_2 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.5.1.12123_2 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.16.0 - SAMSUNG Electronics Co., Ltd.)
Scan (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
Sony Ericsson Update Engine (HKLM-x32\...\Update Engine) (Version: 2.13.8.201307151333 - Sony Ericsson Communications AB)
Sony PC Companion 2.10.303 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.303 - Sony)
Spelling Dictionaries Support For Adobe Reader X (HKLM-x32\...\{AC76BA86-7AD7-5464-3428-A00000000004}) (Version: 10.0.0 - Adobe Systems Incorporated)
Status (x32 Version: 140.0.342.000 - Hewlett-Packard) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.1.12.0 - Synaptics Incorporated)
Telekom Fotoservice (HKLM-x32\...\Telekom Fotoservice) (Version:  - )
TI USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{B1EB7FFF-6E44-43D8-869D-B78E44CD3E0F}) (Version: 1.12.14.0 - Texas Instruments Inc.)
TI USB3 Host Driver (x32 Version: 1.12.14.0 - Texas Instruments Inc.) Hidden
TomTom HOME (HKLM-x32\...\{5DCB2EB3-87AD-426E-8D74-8B92C9D731C4}) (Version: 2.9.8 - Ihr Firmenname)
TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
T-Online 6.0 (HKLM-x32\...\{B1275E23-717A-4D52-997A-1AD1E24BC7F3}) (Version:  - )
T-Online WLAN-Access Finder (HKLM-x32\...\{295C31E5-3F91-498E-9623-DA24D2FA2B6A}) (Version:  - )
Toolbox (x32 Version: 140.0.596.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
Unity Web Player (HKU\S-1-5-21-689365640-92009327-2566536619-1001\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
VR-pulse Installer (HKLM\...\{E3725525-DE3E-48C1-9B81-D5FF1BFA23BC}) (Version: 1.4.0 - American Megatrends Inc.)
Wajam (HKLM-x32\...\3d4c000a04d89a4d691861923d3e00f8) (Version: 1.67.12.16 - Wajam) <==== ACHTUNG
watchmi (HKLM-x32\...\{AA4D1C5E-116A-4FF4-AA91-28F526868203}) (Version: 2.5.0 - Axel Springer Digital TV Guide GmbH)
WebReg (x32 Version: 140.0.297.017 - Hewlett-Packard) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen (HKLM-x32\...\{C32CE55C-12BA-4951-8797-0967FDEF556F}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX-objekt til fjernforbindelser (HKLM-x32\...\{57220148-3B2B-412A-A2E0-82B9DF423696}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX-vezérlő távoli kapcsolatokhoz (HKLM-x32\...\{6E29C4F7-C2C2-4B18-A15C-E09B92065F15}) (Version: 15.4.5722.2 - Microsoft Corporation)
YAC(Yet Another Cleaner!) (HKLM-x32\...\iSafe) (Version:  - ELEX DO BRASIL PARTICIPAÇÕES LTDA) <==== ACHTUNG

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

CustomCLSID: HKU\S-1-5-21-689365640-92009327-2566536619-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\lucted\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-689365640-92009327-2566536619-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\lucted\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-689365640-92009327-2566536619-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\lucted\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-689365640-92009327-2566536619-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\lucted\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-689365640-92009327-2566536619-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\lucted\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-689365640-92009327-2566536619-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\lucted\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-689365640-92009327-2566536619-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\lucted\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-689365640-92009327-2566536619-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\lucted\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-689365640-92009327-2566536619-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\lucted\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {04BCB11B-17F1-4955-9C00-69977B36C809} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe
Task: {0AE78D91-A7DE-4F65-A9CD-E369C3479F09} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Keine Datei <==== ACHTUNG
Task: {117783BD-65A6-4DC1-9E57-4D81CD732B70} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe
Task: {197BFA21-9421-417A-A970-70146ABD8F06} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe
Task: {2175C1B2-482A-4A54-BB55-0CDD42FCACD7} - System32\Tasks\{F1346FE0-48B9-405C-B428-32C2807A08ED} => Chrome.exe
Task: {282EB8E8-1E85-4C65-8674-346BAA7E4F34} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {2B86DFC6-EB5D-4BD8-8398-CA427629B14B} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe
Task: {319EB23E-559C-4E9E-9F0B-AAFDA9B7421D} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Keine Datei <==== ACHTUNG
Task: {38AA2FB8-8B16-40F2-8BCB-03E9CE71BEC6} - System32\Tasks\jIxmRfRBrowserUpdateUA => C:\Program Files (x86)\jIxmRfR\jIxmRfR\bin\jIxmRfR_server.exe [2016-04-21] () <==== ACHTUNG
Task: {44B93389-5249-4E2B-A9B5-3D65E2BFAC17} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe
Task: {471E3170-56D4-4523-86A6-1464157ACD0A} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {4AFB5D0A-7DF4-46BE-A82E-5241D88C8C60} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Keine Datei <==== ACHTUNG
Task: {5057AEF1-568D-4FBC-AC9E-4A78E653BFA6} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe
Task: {62A99E50-A0D9-4911-8AF5-1C78217849C2} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe
Task: {62F1DEF1-2EE7-46AC-9183-887B0B9A4311} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe
Task: {63C3E556-7059-4370-9A2A-470323E2C382} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe
Task: {670DEE14-CBDC-42E9-91D0-0552EE63E821} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {6A11C2BB-548A-4972-B321-955CC4F3952E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-04] (Google Inc.)
Task: {6D585D27-5627-4974-BE14-99479A641455} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {6E491ED6-FE8B-4B32-BF70-135C535CF8BE} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
Task: {75230950-0B37-4462-B7BA-CA2735954A56} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Keine Datei <==== ACHTUNG
Task: {79523EC8-DECC-43B3-AA31-7B484566FFEF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-04] (Google Inc.)
Task: {7A6B14B7-677B-4BD6-917D-DC58503BCBFF} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Keine Datei <==== ACHTUNG
Task: {7B04EE90-A8D1-4A8A-A32B-B09B2F6C57D1} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Keine Datei <==== ACHTUNG
Task: {7B995869-C825-446D-8392-BEB8EAD525B3} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-05-13] (Adobe Systems Incorporated)
Task: {887344DF-D754-4FF4-8651-860705AE50A3} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Keine Datei <==== ACHTUNG
Task: {8C3D5683-CCAD-40F5-9375-5E6E1C5DDD73} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-05-15] (Microsoft Corporation)
Task: {8CFCAFD0-C275-46BC-A536-D43A3EE24B92} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Keine Datei <==== ACHTUNG
Task: {962D96D8-D3AC-4B8E-98AE-A1E01A0E23A9} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe
Task: {97EAAE54-1A62-46E4-B3AA-F891A2C3005A} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Keine Datei <==== ACHTUNG
Task: {980027FC-1320-46C9-8285-64016C8A1EDC} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe
Task: {98AEBF90-5EB1-421C-9E42-26684E7AE786} - System32\Tasks\jIxmRfRBrowserUpdateCore => C:\Program Files (x86)\jIxmRfR\jIxmRfR\bin\jIxmRfR_server.exe [2016-04-21] () <==== ACHTUNG
Task: {9B6E932B-A2D6-47F1-AA14-73C659390FEB} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {9EA3565B-7083-457F-BA2C-621D696820F8} - System32\Tasks\ParetoLogic Update Version3 => C:\Program Files (x86)\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2014-12-08] ()
Task: {ABB5E909-9D2C-47F4-9D50-CDE3BB3B99C4} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe
Task: {B6C0D3A0-A79D-49C8-AF6A-727CCD1839BC} - System32\Tasks\jIxmRfRCheckTask => C:\Program Files (x86)\jIxmRfR\jIxmRfR\bin\jIxmRfR_server.exe [2016-04-21] () <==== ACHTUNG
Task: {B6D99E2F-9D9F-4969-9B47-65031077E91C} - System32\Tasks\irMonitor => C:\Windows\system32 [2016-06-07] ()
Task: {B734A849-9ACF-48C9-884A-AC06215E37B0} - System32\Tasks\ParetoLogic Registration3 => Rundll32.exe "C:\Program Files (x86)\Common Files\ParetoLogic\UUS3\UUS3.dll" RunUns
Task: {C0321B77-96D0-43CC-B354-B8D4F1D0D429} - System32\Tasks\ParetoLogic Update Version3 Startup Task => C:\Program Files (x86)\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2014-12-08] ()
Task: {C921D49D-10A4-4118-A3F9-3CF0397FB61A} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {D0DC9FC0-A8BF-49B3-89FD-EE03766974EF} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-04-12] (Microsoft Corporation)
Task: {DEE673F8-F516-4176-963D-56B3DE107736} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {DF2F5D2A-F185-46FA-9084-4DC72EA2D69D} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-04-12] (Microsoft Corporation)
Task: {E176CB0E-448D-419C-8D66-55ACC957272F} - System32\Tasks\Browser Updater Task(Core) => C:\Program Files (x86)\TXQQBrowser\Update\04CF7FDFC4A179AD46422513D05566BE\Update\BrowserUpdate.exe [2016-04-25] (Tencent) <==== ACHTUNG
Task: {E729A9E5-95D1-4339-8989-78C278042C83} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Keine Datei <==== ACHTUNG
Task: {EA754882-3285-4AAC-834C-D4D4E2B6A4B4} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe
Task: {F7E02F74-F9B2-404B-9F09-BF7D0D44E431} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe
Task: {FA04D949-46B9-4BC1-A25D-12C4EBBDFDCC} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {FA059BAD-6409-4CF3-AEF4-B1A8C3BFBD8C} - System32\Tasks\{400F534C-CAAB-4BDF-87FF-62FCA9FD66B8} => Chrome.exe
Task: {FDB06D6C-0F7A-4090-8C38-2EE877AAFA29} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe
Task: {FFDF00CD-C356-471E-BF42-9F6DAA5DFD8E} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> Keine Datei <==== ACHTUNG
Task: {FFEFB20A-382A-4C14-B8B0-62EB3660DF5E} - \WinTaske -> Keine Datei <==== ACHTUNG

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\ParetoLogic Registration3.job => rundll32.exe  C:\Program Files (x86)\Common Files\ParetoLogic\UUS3\UUS3.dll
Task: C:\WINDOWS\Tasks\ParetoLogic Update Version3 Startup Task.job => C:\Program Files (x86)\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe
Task: C:\WINDOWS\Tasks\ParetoLogic Update Version3.job => C:\Program Files (x86)\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe

==================== Verknüpfungen =============================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)

Shortcut: C:\Users\lucted\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\jIxmRfR\jIxmRfR\chrome.exe (The jIxmRfR Authors)

ShortcutWithArgument: C:\Users\lucted\Desktop\Medion\MEDIONhome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.medion.com/de --disable-quic
ShortcutWithArgument: C:\Users\lucted\Desktop\Medion\MEDIONplay.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.medion.com/de/electronics/cat/MEDIONplay/gaming_browsergames_88 --disable-quic
ShortcutWithArgument: C:\Users\lucted\Desktop\Aldi\ALDI Nord Blumen Service.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www1.aldi-blumenservice.de --disable-quic
ShortcutWithArgument: C:\Users\lucted\Desktop\Aldi\ALDI Nord Reisen.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://nord.aldi-reisen.de/html_nord --disable-quic
ShortcutWithArgument: C:\Users\lucted\Desktop\Aldi\ALDI Nord Startseite.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.aldi-essen.de --disable-quic
ShortcutWithArgument: C:\Users\lucted\Desktop\Aldi\ALDI Talk.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.medionmobile.de --disable-quic
ShortcutWithArgument: C:\Users\lucted\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\jIxmRfR\jIxmRfR\chrome.exe (The jIxmRfR Authors) -> --disable-quic
ShortcutWithArgument: C:\Users\lucted\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Google Chrome.lnk -> C:\Program Files (x86)\jIxmRfR\jIxmRfR\chrome.exe (The jIxmRfR Authors) -> --disable-quic
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\jIxmRfR\jIxmRfR\chrome.exe (The jIxmRfR Authors) -> --disable-quic
ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\jIxmRfR\jIxmRfR\chrome.exe (The jIxmRfR Authors) -> --disable-quic

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2015-10-30 09:18 - 2015-10-30 09:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-01-06 13:36 - 2015-07-23 03:10 - 00116552 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-12-25 20:49 - 2015-10-13 05:34 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2015-05-29 07:29 - 2015-05-29 07:29 - 02178896 _____ () C:\Windows\System32\FspService.exe
2016-03-18 23:56 - 2016-03-18 23:56 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-03-18 23:56 - 2016-03-18 23:56 - 01329936 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2011-08-17 14:26 - 2010-12-14 11:39 - 00244904 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2016-04-13 12:49 - 2016-03-29 12:20 - 02656952 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-04-13 12:49 - 2016-03-29 12:20 - 02656952 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-04-21 08:47 - 2016-04-21 08:48 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2016-06-07 10:28 - 2016-06-07 10:28 - 12279808 _____ () c:\program files\3d4c000a04d89a4d691861923d3e00f8\566cb656917de96f4831dcd93d5642d3\kqpzes.dll
2016-01-06 16:43 - 2015-12-07 06:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-05-11 10:25 - 2016-04-23 06:25 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-06-01 21:00 - 2015-06-01 21:00 - 00102912 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-07-27 21:45 - 2015-06-10 11:13 - 00113024 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
2010-12-06 13:52 - 2010-12-06 13:52 - 01070080 _____ () C:\Program Files (x86)\watchmi\TvdTray.exe
2010-12-06 13:52 - 2010-12-06 13:52 - 00004608 _____ () C:\Program Files (x86)\watchmi\de\TvdTray.resources.dll
2016-01-06 13:43 - 2016-01-06 13:43 - 00061952 _____ () C:\WINDOWS\assembly\GAC_MSIL\Tvd.Remote\2.5.0.5__f722db7bec59a14b\Tvd.Remote.dll
2016-04-21 13:25 - 2016-04-21 11:04 - 00303016 _____ () C:\ProgramData\jIxmRfR\protect\protect.exe
2016-05-11 10:26 - 2016-04-23 06:02 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-05-11 10:26 - 2016-04-23 05:58 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-05-11 10:26 - 2016-04-23 05:58 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-05-11 10:27 - 2016-04-23 06:01 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-10-30 09:18 - 2015-10-30 09:18 - 00218456 _____ () c:\windows\system32\WerEtw.dll
2016-04-21 13:26 - 2016-05-24 08:47 - 00065696 _____ () C:\Program Files (x86)\Elex-tech\YAC\zlib1.dll
2016-04-21 08:47 - 2016-04-21 08:48 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-04-21 08:47 - 2016-04-21 08:48 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2016-04-21 13:26 - 2016-05-24 08:47 - 00179200 _____ () C:\Program Files (x86)\Elex-tech\YAC\libpng.dll
2016-06-07 10:28 - 2016-06-07 10:28 - 19378176 _____ () c:\program files\3d4c000a04d89a4d691861923d3e00f8\566cb656917de96f4831dcd93d5642d3\bnnkah.dll
2013-07-27 21:45 - 2012-04-30 11:57 - 00039936 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\TMonitorAPI.dll
2013-07-27 21:45 - 2015-10-20 18:44 - 00242176 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\MExplorer.dll
2011-07-07 14:54 - 2011-07-07 14:54 - 00233984 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\Report.dll
2013-05-14 09:38 - 2013-05-14 09:38 - 00607744 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\PhoneUpdate.dll
2010-08-04 00:39 - 2010-08-04 00:39 - 00619816 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
2010-08-04 00:39 - 2010-08-04 00:39 - 00013096 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
2016-01-04 14:02 - 2015-11-18 14:04 - 00074272 _____ () C:\Users\lucted\Mama Strom\Sonja\PDF24\zlib.dll
2016-01-04 14:02 - 2015-11-18 14:04 - 00052256 _____ () C:\Users\lucted\Mama Strom\Sonja\PDF24\OperationUI.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)


==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)


==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)


==================== Hosts Inhalt: ===============================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts


==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-689365640-92009327-2566536619-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Desktop-Hintergrund.bmp
HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 82.163.142.7 - 95.211.158.134
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)


==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808
FirewallRules: [{C59151D1-7438-4CDC-876A-DB62AD37122E}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [{E7067E1E-E8E1-4432-ABBA-8782D7AB663C}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [{EE6A52BE-2D30-4997-A0D7-A23E594417F3}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{3FCF51C9-F2DB-47AB-8D72-AEC83275C08F}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{32898F3D-8893-43B8-9BFA-0064D4085B27}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{820AEF7B-8D24-46AE-AFA1-6A90FFBE946B}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqfxt08.exe
FirewallRules: [{35320FA6-CBBB-4579-9515-59091B8A7C28}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxs08.exe
FirewallRules: [{5B9439B8-3BA7-4E0B-9983-8A089882248B}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{58F29F08-83AF-4CCD-BDD0-929A86F366D0}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{986D1FD6-5279-4E3D-A63D-C85DC1FE7B1D}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpzwiz01.exe
FirewallRules: [{39E89A1C-E0E7-4F2A-A537-6CF75B0B6F47}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{3FA40793-3956-4AD1-B6D2-03FDCB040C68}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{FA692561-CD09-4CB8-B535-6D45719D3374}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{E7DAA948-9C3F-4104-BC8D-619C8F1D29A3}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposfx08.exe
FirewallRules: [{78A5C2F7-533F-4548-9CE2-E72263131BD9}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxm08.exe
FirewallRules: [{1DAFD66C-B77E-422B-90C1-14DC7ABE36C7}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{669D6B49-D269-423F-AC57-0BB6E1E48C80}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{C9AA2C88-29A5-4104-B366-EFD59E2BD98B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{F614D191-EA5E-449E-9505-C7A3EC2C44F2}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{9C9EC504-17B1-4C47-BB36-FCF5E3D2E86C}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{AF6B72BA-D090-40DF-98EB-F86E0F449231}] => (Allow) LPort=2869
FirewallRules: [{E837ABE2-F877-4178-8B2E-2D30E71331C3}] => (Allow) LPort=1900
FirewallRules: [{78415ED0-ED22-46B5-8CF6-6330A38D9667}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{98730647-519B-40EA-AE33-AA5CB53581C6}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{C5686880-17D2-4944-9F78-78EFE22B0A7C}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
FirewallRules: [{6F384575-BDEB-47D8-A16B-04950A53FF09}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
FirewallRules: [{AEBF5336-40F2-45D9-8748-06C8EAB61AF2}] => (Allow) C:\Program Files (x86)\Intel Corporation\Intel WiDi\WiDiApp.exe
FirewallRules: [{51E9A207-6589-4FC7-9C95-4C2EB8644335}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector\PDR8.EXE
FirewallRules: [{AD026405-E962-4384-B5E3-5E989E8CB3AE}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{64B140A0-8BFF-409B-876B-DB99F0A4B6CC}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{083DB4A0-AF82-4EEF-9414-77E8D4A89D91}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{CA6BC9E5-E136-433B-A373-844BFD421588}] => (Allow) C:\Program Files (x86)\Sony Ericsson\Update Engine\Sony Ericsson Update Engine.exe
FirewallRules: [{73EEFB9D-525E-4777-AEA6-36E5F61E7344}] => (Allow) C:\Program Files (x86)\Sony Ericsson\Update Engine\Sony Ericsson Update Engine.exe
FirewallRules: [{05D77498-21A2-46B7-9385-1DBBD1C342B3}] => (Allow) C:\Users\lucted\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{177BC7C4-05B2-49F0-B9BF-BA9190DCFCBB}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{4D74C715-7AA0-47A7-816E-16C37BC869E5}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{5C10B5C9-42EE-4B9B-A629-699482688139}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{37079CCD-0E6D-4D78-9DFA-613DC7B7BC57}] => (Allow) C:\Users\lucted\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{F544B605-B131-4B1B-9F16-B5B9E1FA50D1}] => (Allow) C:\Users\lucted\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{1889C13E-D3A8-4CEC-8420-4B358562DE90}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{2300AEA3-0835-4074-A3D5-D0EA56678BB3}] => (Allow) C:\ProgramData\jIxmRfR\protect\protect.exe
FirewallRules: [{71632226-476E-4A69-B5D1-95AC366F6F1C}] => (Allow) C:\Program Files (x86)\jIxmRfR\jIxmRfR\chrome.exe
FirewallRules: [{50DA791C-302C-414A-8C8F-F23D6885926C}] => (Allow) C:\Program Files (x86)\jIxmRfR\jIxmRfR\bin\jIxmRfR_server.exe

==================== Wiederherstellungspunkte =========================

20-05-2016 17:19:06 Windows Update
07-06-2016 09:38:05 Geplanter Prüfpunkt

==================== Fehlerhafte Geräte im Gerätemanager =============


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (06/07/2016 01:06:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: devmonsrv.exe, Version: 1.1.0.51, Zeitstempel: 0x4d6e5bd3
Name des fehlerhaften Moduls: devmonsrv.exe, Version: 1.1.0.51, Zeitstempel: 0x4d6e5bd3
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00043c86
ID des fehlerhaften Prozesses: 0x1380
Startzeit der fehlerhaften Anwendung: 0xdevmonsrv.exe0
Pfad der fehlerhaften Anwendung: devmonsrv.exe1
Pfad des fehlerhaften Moduls: devmonsrv.exe2
Berichtskennung: devmonsrv.exe3
Vollständiger Name des fehlerhaften Pakets: devmonsrv.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: devmonsrv.exe5

Error: (06/07/2016 12:49:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: devmonsrv.exe, Version: 1.1.0.51, Zeitstempel: 0x4d6e5bd3
Name des fehlerhaften Moduls: devmonsrv.exe, Version: 1.1.0.51, Zeitstempel: 0x4d6e5bd3
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00043c86
ID des fehlerhaften Prozesses: 0xa4c
Startzeit der fehlerhaften Anwendung: 0xdevmonsrv.exe0
Pfad der fehlerhaften Anwendung: devmonsrv.exe1
Pfad des fehlerhaften Moduls: devmonsrv.exe2
Berichtskennung: devmonsrv.exe3
Vollständiger Name des fehlerhaften Pakets: devmonsrv.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: devmonsrv.exe5

Error: (06/07/2016 12:43:16 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest.

Error: (06/07/2016 10:46:56 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: avp.exe, Version: 16.0.0.625, Zeitstempel: 0x55b134f0
Name des fehlerhaften Moduls: bl.ppl, Version: 16.0.0.661, Zeitstempel: 0x5654b61c
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0012aa71
ID des fehlerhaften Prozesses: 0x80c
Startzeit der fehlerhaften Anwendung: 0xavp.exe0
Pfad der fehlerhaften Anwendung: avp.exe1
Pfad des fehlerhaften Moduls: avp.exe2
Berichtskennung: avp.exe3
Vollständiger Name des fehlerhaften Pakets: avp.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: avp.exe5

Error: (06/07/2016 10:46:43 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: avp.exe, Version: 16.0.0.625, Zeitstempel: 0x55b134f0
Name des fehlerhaften Moduls: bl.ppl, Version: 16.0.0.661, Zeitstempel: 0x5654b61c
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0012aa71
ID des fehlerhaften Prozesses: 0x16f4
Startzeit der fehlerhaften Anwendung: 0xavp.exe0
Pfad der fehlerhaften Anwendung: avp.exe1
Pfad des fehlerhaften Moduls: avp.exe2
Berichtskennung: avp.exe3
Vollständiger Name des fehlerhaften Pakets: avp.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: avp.exe5

Error: (06/07/2016 10:46:27 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: avp.exe, Version: 16.0.0.625, Zeitstempel: 0x55b134f0
Name des fehlerhaften Moduls: bl.ppl, Version: 16.0.0.661, Zeitstempel: 0x5654b61c
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0012aa71
ID des fehlerhaften Prozesses: 0x1e24
Startzeit der fehlerhaften Anwendung: 0xavp.exe0
Pfad der fehlerhaften Anwendung: avp.exe1
Pfad des fehlerhaften Moduls: avp.exe2
Berichtskennung: avp.exe3
Vollständiger Name des fehlerhaften Pakets: avp.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: avp.exe5

Error: (06/07/2016 10:31:33 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Fehler beim Planen des Softwareschutzdiensts für den erneuten Start bei 2116-05-14T08:31:33Z. Fehlercode: 0x80040154.

Error: (06/07/2016 10:29:56 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: desktop154.exe, Version: 1.0.0.10, Zeitstempel: 0x56e96567
Name des fehlerhaften Moduls: desktop154.exe, Version: 1.0.0.10, Zeitstempel: 0x56e96567
Ausnahmecode: 0xc0000409
Fehleroffset: 0x00013ce7
ID des fehlerhaften Prozesses: 0xadc
Startzeit der fehlerhaften Anwendung: 0xdesktop154.exe0
Pfad der fehlerhaften Anwendung: desktop154.exe1
Pfad des fehlerhaften Moduls: desktop154.exe2
Berichtskennung: desktop154.exe3
Vollständiger Name des fehlerhaften Pakets: desktop154.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: desktop154.exe5

Error: (06/07/2016 10:29:25 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: obexsrv.exe, Version: 1.1.0.51, Zeitstempel: 0x4d6e5ab8
Name des fehlerhaften Moduls: obexsrv.exe, Version: 1.1.0.51, Zeitstempel: 0x4d6e5ab8
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0005225c
ID des fehlerhaften Prozesses: 0x1ab4
Startzeit der fehlerhaften Anwendung: 0xobexsrv.exe0
Pfad der fehlerhaften Anwendung: obexsrv.exe1
Pfad des fehlerhaften Moduls: obexsrv.exe2
Berichtskennung: obexsrv.exe3
Vollständiger Name des fehlerhaften Pakets: obexsrv.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: obexsrv.exe5

Error: (06/07/2016 10:29:24 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: mediasrv.exe, Version: 1.1.0.51, Zeitstempel: 0x4d6e5b7d
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x7f194cd3
ID des fehlerhaften Prozesses: 0x1aac
Startzeit der fehlerhaften Anwendung: 0xmediasrv.exe0
Pfad der fehlerhaften Anwendung: mediasrv.exe1
Pfad des fehlerhaften Moduls: mediasrv.exe2
Berichtskennung: mediasrv.exe3
Vollständiger Name des fehlerhaften Pakets: mediasrv.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: mediasrv.exe5


Systemfehler:
=============
Error: (06/07/2016 01:06:49 PM) (Source: DCOM) (EventID: 10005) (User: LUCTED-PC)
Description: 1053Bluetooth Device MonitorNicht verfügbar{DABF28BE-F6B4-4E40-8F40-C4FB26F3116C}

Error: (06/07/2016 01:06:49 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Bluetooth Device Monitor" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error: (06/07/2016 01:06:49 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Bluetooth Device Monitor erreicht.

Error: (06/07/2016 12:49:13 PM) (Source: DCOM) (EventID: 10005) (User: LUCTED-PC)
Description: 1053Bluetooth Device MonitorNicht verfügbar{DABF28BE-F6B4-4E40-8F40-C4FB26F3116C}

Error: (06/07/2016 12:49:13 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Bluetooth Device Monitor" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error: (06/07/2016 12:49:13 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Bluetooth Device Monitor erreicht.

Error: (06/07/2016 12:21:47 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "AppX-Bereitstellungsdienst (AppXSVC)" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error: (06/07/2016 12:21:47 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst AppX-Bereitstellungsdienst (AppXSVC) erreicht.

Error: (06/07/2016 10:46:57 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Kaspersky Anti-Virus Service 16.0.0" wurde unerwartet beendet. Dies ist bereits 3 Mal passiert.

Error: (06/07/2016 10:46:43 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Kaspersky Anti-Virus Service 16.0.0" wurde unerwartet beendet. Dies ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.


CodeIntegrity:
===================================
  Date: 2016-06-07 12:22:16.264
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.

  Date: 2016-06-07 10:17:32.570
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.

  Date: 2016-06-07 10:16:15.595
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-06-07 10:16:15.491
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-06-07 10:16:15.294
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-06-07 10:16:15.195
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-06-07 10:16:15.082
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-06-07 10:16:14.988
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-06-07 10:16:14.875
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-06-07 10:16:14.775
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Speicherinformationen ===========================

Prozessor: Intel(R) Core(TM) i3-2330M CPU @ 2.20GHz
Prozentuale Nutzung des RAM: 57%
Installierter physikalischer RAM: 4001.87 MB
Verfügbarer physikalischer RAM: 1682.53 MB
Summe virtueller Speicher: 8097.87 MB
Verfügbarer virtueller Speicher: 5510.9 MB

==================== Laufwerke ================================

Drive c: (Boot) (Fixed) (Total:647.54 GB) (Free:574.02 GB) NTFS
Drive d: (Recover) (Fixed) (Total:48 GB) (Free:22.11 GB) NTFS

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: 2BD2C32A)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=647.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=50 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=1 GB) - (Type=12)

==================== Ende von Addition.txt ============================

Caroblue 08.06.2016 08:51
Code:
Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:07-06-2016
durchgeführt von lucted (2016-06-08 09:48:27)
Gestartet von C:\Users\lucted\Trojaner-Board#
Windows 10 Home Version 1511 (X64) (2016-01-06 12:10:54)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-689365640-92009327-2566536619-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-689365640-92009327-2566536619-503 - Limited - Disabled)
Gast (S-1-5-21-689365640-92009327-2566536619-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-689365640-92009327-2566536619-1005 - Limited - Enabled)
lucted (S-1-5-21-689365640-92009327-2566536619-1001 - Administrator - Enabled) => C:\Users\lucted
UpdatusUser (S-1-5-21-689365640-92009327-2566536619-1000 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Kaspersky Total Security (Disabled - Up to date) {B41C7598-35F6-4D89-7D0E-7ADE69B4047B}
AS: Kaspersky Total Security (Disabled - Up to date) {0F7D947C-13CC-4207-47BE-41AC12334EC6}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Total Security (Disabled) {8C27F4BD-7F99-4CD1-5651-D3EB97674300}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

4500_Help (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.7.1.19610 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.242 - Adobe Systems Incorporated)
AMI VR-pulse OS Switcher (HKLM\...\{69A90894-D54A-4657-8172-6B0FCE93414E}) (Version: 1.2 - American Megatrends Inc.)
Apple Application Support (32-Bit) (HKLM-x32\...\{FE5C2FAA-118D-4509-B51D-3F71CC9E1B3E}) (Version: 4.3 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{2937FD88-C9D6-4B82-B539-37CD0A572F42}) (Version: 4.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Ashampoo Burning Studio (HKLM-x32\...\Ashampoo Burning Studio_is1) (Version: 10.0.10 - Ashampoo GmbH & Co. KG)
Ashampoo Photo Commander (HKLM-x32\...\Ashampoo Photo Commander_is1) (Version: 9.2.0 - Ashampoo GmbH & Co. KG)
Ashampoo Photo Optimizer (HKLM-x32\...\Ashampoo Photo Optimizer_is1) (Version: 4.0.0 - Ashampoo GmbH & Co. KG)
Ashampoo Snap (HKLM-x32\...\Ashampoo Snap_is1) (Version: 4.3.0 - Ashampoo GmbH & Co. KG)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.39 - Atheros Communications Inc.)
bpd_scan (x32 Version: 3.00.0000 - Hewlett-Packard) Hidden
BPDSoftware (x32 Version: 140.0.001.000 - Hewlett-Packard) Hidden
BPDSoftware_Ini (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
BufferChm (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
Control ActiveX de Windows Live Mesh para conexiones remotas (HKLM-x32\...\{04668DF2-D32F-4555-9C7E-35523DCD6544}) (Version: 15.4.5722.2 - Microsoft Corporation)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation)
Corel Graphics - Windows Shell Extension (HKLM-x32\...\_{B6BFCD02-BA0E-41A9-9C9C-6624C4BB475F}) (Version: 15.2.0.686 - Corel Corporation)
Corel Graphics - Windows Shell Extension (x32 Version: 15.2.686 - Corel Corporation) Hidden
Corel Graphics - Windows Shell Extension 64 Bit (Version: 15.2.686 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Common (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Connect (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Custom Data (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - DE (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Draw (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - EN (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - ES (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Extra Content (HKLM-x32\...\_{5A10CFDA-FA2B-453C-B561-AE864E62EAC8}) (Version:  - Corel Corporation)
CorelDRAW Essentials X5 - Extra Content (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Filters (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - FR (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - IPM (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - IT (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - PHOTO-PAINT (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Redist (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Setup Files (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - WT (x32 Version: 15.3 -  Corel Corporation) Hidden
CorelDRAW Essentials X5 (HKLM-x32\...\_{EDBEBF07-F880-48FB-9AA5-0E8E71E02D83}) (Version: 15.2.0.686 - Corel Corporation)
CorelDRAW Essentials X5 (x32 Version: 15.3 - Corel Corporation) Hidden
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3624 - CyberLink Corp.)
CyberLink MediaEspresso (HKLM-x32\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 6.5.1508_36229 - CyberLink Corp.)
CyberLink MediaShow (HKLM-x32\...\InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}) (Version: 5.1.2414 - CyberLink Corp.)
CyberLink PhotoNow (HKLM-x32\...\InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.0.6904 - CyberLink Corp.)
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 7.0.0.1327 - CyberLink Corp.)
CyberLink PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.4020 - CyberLink Corp.)
CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.2930.52 - CyberLink Corp.)
CyberLink PowerDVD Copy (HKLM-x32\...\InstallShield_{E3D04529-6EDB-11D8-A372-0050BAE317E1}) (Version: 1.5.1306 - CyberLink Corp.)
CyberLink PowerProducer (HKLM-x32\...\InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}) (Version: 5.0.2.3503 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.1.4013 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Destinations (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
DocProc (x32 Version: 140.0.185.000 - Hewlett-Packard) Hidden
Dolby Advanced Audio v2 (HKLM-x32\...\{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}) (Version: 7.2.7000.4 - Dolby Laboratories Inc)
Dropbox (HKU\S-1-5-21-689365640-92009327-2566536619-1001\...\Dropbox) (Version: 3.0.5 - Dropbox, Inc.)
Fax (x32 Version: 140.0.307.000 - Hewlett-Packard) Hidden
Finger Sensing Pad Driver (HKLM\...\{E86906FF-C63D-4EAF-ACE7-5F8D55FBEA9A}) (Version: 9.4.9.5 - Sentelic)
Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsługę połączeń zdalnych (HKLM-x32\...\{B04A0E2F-1E4C-4E61-B18E-3B2BD6779CA7}) (Version: 15.4.5722.2 - Microsoft Corporation)
Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 51.0.2704.84 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7619.1252 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Officejet J4500 Series 14.0 Rel. 6 (HKLM\...\{EACF146B-01D2-4185-B773-9604A0E5902A}) (Version: 14.0 - HP)
HPSSupply (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
Intel PROSet Wireless (x32 Version:  - ) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2462 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{006B5C65-3938-4246-B182-994A7E415EDE}) (Version: 1.1.0.0537 - Intel Corporation)
Intel(R) WiDi (HKLM-x32\...\{781A93CD-1608-427D-B7F0-D05C07795B25}) (Version: 2.1.41.0 - Intel Corporation)
Intel(R) Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version:  - )
IT9130 Driver v11.4.26.1 (HKLM-x32\...\IT9130 DriverInstaller_11.4.26.1) (Version:  - )
J4500 (x32 Version: 140.0.001.000 - Hewlett-Packard) Hidden
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kaspersky Total Security (HKLM-x32\...\InstallWIX_{77E7AE5C-181C-4CAF-ADBF-946F11C1CE26}) (Version: 16.0.0.614 - Kaspersky Lab)
Kaspersky Total Security (x32 Version: 16.0.0.614 - Kaspersky Lab) Hidden
Kontrolnik Windows Live Mesh ActiveX za oddaljene povezave (HKLM-x32\...\{CA227A9D-09BE-4BFB-9764-48FED2DA5454}) (Version: 15.4.5722.2 - Microsoft Corporation)
Launch Manager (HKLM-x32\...\{D0846526-66DD-4DC9-A02C-98F9A2806812}) (Version: 1.5.1.4 - Wistron Corp.)
Malwarebytes Anti-Malware Version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
MarketResearch (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Medion Home Cinema (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 8.0.2608 - CyberLink Corp.)
Medion Home Cinema (x32 Version: 8.0.2608 - CyberLink Corp.) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft Mathematics (64-Bit) (HKLM\...\{E57B7E0A-8BE5-42E2-BE60-C07ED680A063}) (Version: 4.0 - Microsoft Corporation)
Microsoft Office Professional 2013 - de-de (HKLM\...\ProfessionalRetail - de-de) (Version: 15.0.4823.1004 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 45.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 45.0.1 (x86 de)) (Version: 45.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 45.0.1.5918 - Mozilla)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NVIDIA 3D Vision Driver 269.24 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 269.24 - NVIDIA Corporation)
NVIDIA Graphics Driver 269.24 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 269.24 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}) (Version: 9.10.0513 - NVIDIA Corporation)
OCR Software by I.R.I.S. 14.0 (HKLM\...\HPOCR) (Version: 14.0 - HP)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4823.1004 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4823.1004 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4823.1004 - Microsoft Corporation) Hidden
PDF24 Creator 7.4.1 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Pošta Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
ProductContext (x32 Version: 140.0.001.000 - Hewlett-Packard) Hidden
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6428 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Reader Driver (HKLM-x32\...\{62BBB2F0-E220-4821-A564-730807D2C34D}) (Version: 6.1.7600.10010 - Realtek Semiconductor Corp.)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.5.1.12123_2 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.5.1.12123_2 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.16.0 - SAMSUNG Electronics Co., Ltd.)
Scan (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
Sony Ericsson Update Engine (HKLM-x32\...\Update Engine) (Version: 2.13.8.201307151333 - Sony Ericsson Communications AB)
Sony PC Companion 2.10.303 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.303 - Sony)
Spelling Dictionaries Support For Adobe Reader X (HKLM-x32\...\{AC76BA86-7AD7-5464-3428-A00000000004}) (Version: 10.0.0 - Adobe Systems Incorporated)
Status (x32 Version: 140.0.342.000 - Hewlett-Packard) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.1.12.0 - Synaptics Incorporated)
Telekom Fotoservice (HKLM-x32\...\Telekom Fotoservice) (Version:  - )
TI USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{B1EB7FFF-6E44-43D8-869D-B78E44CD3E0F}) (Version: 1.12.14.0 - Texas Instruments Inc.)
TI USB3 Host Driver (x32 Version: 1.12.14.0 - Texas Instruments Inc.) Hidden
TomTom HOME (HKLM-x32\...\{5DCB2EB3-87AD-426E-8D74-8B92C9D731C4}) (Version: 2.9.8 - Ihr Firmenname)
TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
T-Online 6.0 (HKLM-x32\...\{B1275E23-717A-4D52-997A-1AD1E24BC7F3}) (Version:  - )
T-Online WLAN-Access Finder (HKLM-x32\...\{295C31E5-3F91-498E-9623-DA24D2FA2B6A}) (Version:  - )
Toolbox (x32 Version: 140.0.596.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
Unity Web Player (HKU\S-1-5-21-689365640-92009327-2566536619-1001\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
VR-pulse Installer (HKLM\...\{E3725525-DE3E-48C1-9B81-D5FF1BFA23BC}) (Version: 1.4.0 - American Megatrends Inc.)
watchmi (HKLM-x32\...\{AA4D1C5E-116A-4FF4-AA91-28F526868203}) (Version: 2.5.0 - Axel Springer Digital TV Guide GmbH)
WebReg (x32 Version: 140.0.297.017 - Hewlett-Packard) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen (HKLM-x32\...\{C32CE55C-12BA-4951-8797-0967FDEF556F}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX-objekt til fjernforbindelser (HKLM-x32\...\{57220148-3B2B-412A-A2E0-82B9DF423696}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX-vezérlő távoli kapcsolatokhoz (HKLM-x32\...\{6E29C4F7-C2C2-4B18-A15C-E09B92065F15}) (Version: 15.4.5722.2 - Microsoft Corporation)
YAC(Yet Another Cleaner!) (HKLM-x32\...\iSafe) (Version:  - ELEX DO BRASIL PARTICIPAÇÕES LTDA) <==== ACHTUNG

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

CustomCLSID: HKU\S-1-5-21-689365640-92009327-2566536619-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\lucted\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-689365640-92009327-2566536619-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\lucted\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-689365640-92009327-2566536619-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\lucted\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-689365640-92009327-2566536619-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\lucted\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-689365640-92009327-2566536619-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\lucted\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-689365640-92009327-2566536619-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\lucted\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-689365640-92009327-2566536619-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\lucted\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-689365640-92009327-2566536619-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\lucted\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-689365640-92009327-2566536619-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\lucted\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {04BCB11B-17F1-4955-9C00-69977B36C809} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe
Task: {0AE78D91-A7DE-4F65-A9CD-E369C3479F09} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Keine Datei <==== ACHTUNG
Task: {117783BD-65A6-4DC1-9E57-4D81CD732B70} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe
Task: {197BFA21-9421-417A-A970-70146ABD8F06} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe
Task: {2175C1B2-482A-4A54-BB55-0CDD42FCACD7} - System32\Tasks\{F1346FE0-48B9-405C-B428-32C2807A08ED} => Chrome.exe
Task: {282EB8E8-1E85-4C65-8674-346BAA7E4F34} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {2B86DFC6-EB5D-4BD8-8398-CA427629B14B} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe
Task: {319EB23E-559C-4E9E-9F0B-AAFDA9B7421D} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Keine Datei <==== ACHTUNG
Task: {44B93389-5249-4E2B-A9B5-3D65E2BFAC17} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe
Task: {471E3170-56D4-4523-86A6-1464157ACD0A} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {4AFB5D0A-7DF4-46BE-A82E-5241D88C8C60} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Keine Datei <==== ACHTUNG
Task: {5057AEF1-568D-4FBC-AC9E-4A78E653BFA6} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe
Task: {62A99E50-A0D9-4911-8AF5-1C78217849C2} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe
Task: {62F1DEF1-2EE7-46AC-9183-887B0B9A4311} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe
Task: {63C3E556-7059-4370-9A2A-470323E2C382} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe
Task: {670DEE14-CBDC-42E9-91D0-0552EE63E821} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {6A11C2BB-548A-4972-B321-955CC4F3952E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-04] (Google Inc.)
Task: {6D585D27-5627-4974-BE14-99479A641455} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {6E491ED6-FE8B-4B32-BF70-135C535CF8BE} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
Task: {75230950-0B37-4462-B7BA-CA2735954A56} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Keine Datei <==== ACHTUNG
Task: {79523EC8-DECC-43B3-AA31-7B484566FFEF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-04] (Google Inc.)
Task: {7A6B14B7-677B-4BD6-917D-DC58503BCBFF} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Keine Datei <==== ACHTUNG
Task: {7B04EE90-A8D1-4A8A-A32B-B09B2F6C57D1} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Keine Datei <==== ACHTUNG
Task: {7B995869-C825-446D-8392-BEB8EAD525B3} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-05-13] (Adobe Systems Incorporated)
Task: {7E6C1EA1-F6F2-41F3-BD59-51B43EA13E44} - System32\Tasks\jIxmRfRBrowserUpdateUA => C:\Program Files (x86)\jIxmRfR\jIxmRfR\bin\jIxmRfR_server.exe <==== ACHTUNG
Task: {887344DF-D754-4FF4-8651-860705AE50A3} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Keine Datei <==== ACHTUNG
Task: {8C3D5683-CCAD-40F5-9375-5E6E1C5DDD73} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-05-15] (Microsoft Corporation)
Task: {8CFCAFD0-C275-46BC-A536-D43A3EE24B92} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Keine Datei <==== ACHTUNG
Task: {962D96D8-D3AC-4B8E-98AE-A1E01A0E23A9} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe
Task: {97EAAE54-1A62-46E4-B3AA-F891A2C3005A} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Keine Datei <==== ACHTUNG
Task: {980027FC-1320-46C9-8285-64016C8A1EDC} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe
Task: {9B6E932B-A2D6-47F1-AA14-73C659390FEB} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {ABB5E909-9D2C-47F4-9D50-CDE3BB3B99C4} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe
Task: {B6D99E2F-9D9F-4969-9B47-65031077E91C} - System32\Tasks\irMonitor => C:\Windows\system32 [2016-06-08] ()
Task: {BEB05DFD-8F3D-4045-B1A5-BF088E87EF92} - System32\Tasks\jIxmRfRCheckTask => C:\Program Files (x86)\jIxmRfR\jIxmRfR\bin\jIxmRfR_server.exe <==== ACHTUNG
Task: {C921D49D-10A4-4118-A3F9-3CF0397FB61A} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {D0DC9FC0-A8BF-49B3-89FD-EE03766974EF} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-04-12] (Microsoft Corporation)
Task: {DEE673F8-F516-4176-963D-56B3DE107736} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {DF2F5D2A-F185-46FA-9084-4DC72EA2D69D} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-04-12] (Microsoft Corporation)
Task: {DF49E67D-237B-4E9C-BE76-38CBDCA26153} - System32\Tasks\jIxmRfRBrowserUpdateCore => C:\Program Files (x86)\jIxmRfR\jIxmRfR\bin\jIxmRfR_server.exe <==== ACHTUNG
Task: {E729A9E5-95D1-4339-8989-78C278042C83} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Keine Datei <==== ACHTUNG
Task: {EA754882-3285-4AAC-834C-D4D4E2B6A4B4} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe
Task: {F7E02F74-F9B2-404B-9F09-BF7D0D44E431} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe
Task: {FA04D949-46B9-4BC1-A25D-12C4EBBDFDCC} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {FA059BAD-6409-4CF3-AEF4-B1A8C3BFBD8C} - System32\Tasks\{400F534C-CAAB-4BDF-87FF-62FCA9FD66B8} => Chrome.exe
Task: {FDB06D6C-0F7A-4090-8C38-2EE877AAFA29} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe
Task: {FFDF00CD-C356-471E-BF42-9F6DAA5DFD8E} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> Keine Datei <==== ACHTUNG

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\jIxmRfRBrowserUpdateCore.job => C:\Program Files (x86)\jIxmRfR\jIxmRfR\bin\jIxmRfR_server.exe <==== ACHTUNG
Task: C:\WINDOWS\Tasks\jIxmRfRCheckTask.job => C:\Program Files (x86)\jIxmRfR\jIxmRfR\bin\jIxmRfR_server.exe <==== ACHTUNG

==================== Verknüpfungen =============================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)

ShortcutWithArgument: C:\Users\lucted\Desktop\Medion\MEDIONhome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.medion.com/de --disable-quic
ShortcutWithArgument: C:\Users\lucted\Desktop\Medion\MEDIONplay.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.medion.com/de/electronics/cat/MEDIONplay/gaming_browsergames_88 --disable-quic
ShortcutWithArgument: C:\Users\lucted\Desktop\Aldi\ALDI Nord Blumen Service.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www1.aldi-blumenservice.de --disable-quic
ShortcutWithArgument: C:\Users\lucted\Desktop\Aldi\ALDI Nord Reisen.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://nord.aldi-reisen.de/html_nord --disable-quic
ShortcutWithArgument: C:\Users\lucted\Desktop\Aldi\ALDI Nord Startseite.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.aldi-essen.de --disable-quic
ShortcutWithArgument: C:\Users\lucted\Desktop\Aldi\ALDI Talk.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.medionmobile.de --disable-quic

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2015-10-30 09:18 - 2015-10-30 09:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-01-06 13:36 - 2015-07-23 03:10 - 00116552 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-05-29 07:29 - 2015-05-29 07:29 - 02178896 _____ () C:\Windows\System32\FspService.exe
2014-12-25 20:49 - 2015-10-13 05:34 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2011-08-17 14:26 - 2010-12-14 11:39 - 00244904 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2016-03-18 23:56 - 2016-03-18 23:56 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-03-18 23:56 - 2016-03-18 23:56 - 01329936 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-04-13 12:49 - 2016-03-29 12:20 - 02656952 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-04-13 12:49 - 2016-03-29 12:20 - 02656952 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-01-06 16:43 - 2015-12-07 06:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-05-11 10:25 - 2016-04-23 06:25 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-05-11 10:26 - 2016-04-23 06:02 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-05-11 10:26 - 2016-04-23 05:58 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-05-11 10:26 - 2016-04-23 05:58 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-05-11 10:27 - 2016-04-23 06:01 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-06-01 21:00 - 2015-06-01 21:00 - 00102912 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-07-27 21:45 - 2015-06-10 11:13 - 00113024 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
2010-12-06 13:52 - 2010-12-06 13:52 - 01070080 _____ () C:\Program Files (x86)\watchmi\TvdTray.exe
2010-12-06 13:52 - 2010-12-06 13:52 - 00004608 _____ () C:\Program Files (x86)\watchmi\de\TvdTray.resources.dll
2016-01-06 13:43 - 2016-01-06 13:43 - 00061952 _____ () C:\WINDOWS\assembly\GAC_MSIL\Tvd.Remote\2.5.0.5__f722db7bec59a14b\Tvd.Remote.dll
2016-04-21 08:47 - 2016-04-21 08:48 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2016-04-21 13:26 - 2016-05-24 08:47 - 00065696 _____ () C:\Program Files (x86)\Elex-tech\YAC\zlib1.dll
2015-07-08 23:18 - 2015-07-08 23:18 - 00794920 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\kpcengine.2.3.dll
2016-04-21 13:26 - 2016-05-24 08:47 - 00179200 _____ () C:\Program Files (x86)\Elex-tech\YAC\libpng.dll
2013-07-27 21:45 - 2012-04-30 11:57 - 00039936 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\TMonitorAPI.dll
2013-07-27 21:45 - 2015-10-20 18:44 - 00242176 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\MExplorer.dll
2011-07-07 14:54 - 2011-07-07 14:54 - 00233984 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\Report.dll
2013-05-14 09:38 - 2013-05-14 09:38 - 00607744 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\PhoneUpdate.dll
2010-08-04 00:39 - 2010-08-04 00:39 - 00619816 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
2010-08-04 00:39 - 2010-08-04 00:39 - 00013096 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
2016-01-04 14:02 - 2015-11-18 14:04 - 00074272 _____ () C:\Users\lucted\Mama Strom\Sonja\PDF24\zlib.dll
2016-01-04 14:02 - 2015-11-18 14:04 - 00052256 _____ () C:\Users\lucted\Mama Strom\Sonja\PDF24\OperationUI.dll
2016-04-21 08:47 - 2016-04-21 08:48 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-04-21 08:47 - 2016-04-21 08:48 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)


==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)


==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)


==================== Hosts Inhalt: ===============================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts


==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-689365640-92009327-2566536619-1000\Control Panel\Desktop\\Wallpaper ->
HKU\S-1-5-21-689365640-92009327-2566536619-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Desktop-Hintergrund.bmp
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)


==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808
FirewallRules: [{C59151D1-7438-4CDC-876A-DB62AD37122E}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [{E7067E1E-E8E1-4432-ABBA-8782D7AB663C}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [{EE6A52BE-2D30-4997-A0D7-A23E594417F3}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{3FCF51C9-F2DB-47AB-8D72-AEC83275C08F}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{32898F3D-8893-43B8-9BFA-0064D4085B27}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{820AEF7B-8D24-46AE-AFA1-6A90FFBE946B}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqfxt08.exe
FirewallRules: [{35320FA6-CBBB-4579-9515-59091B8A7C28}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxs08.exe
FirewallRules: [{5B9439B8-3BA7-4E0B-9983-8A089882248B}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{58F29F08-83AF-4CCD-BDD0-929A86F366D0}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{986D1FD6-5279-4E3D-A63D-C85DC1FE7B1D}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpzwiz01.exe
FirewallRules: [{39E89A1C-E0E7-4F2A-A537-6CF75B0B6F47}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{3FA40793-3956-4AD1-B6D2-03FDCB040C68}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{FA692561-CD09-4CB8-B535-6D45719D3374}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{E7DAA948-9C3F-4104-BC8D-619C8F1D29A3}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposfx08.exe
FirewallRules: [{78A5C2F7-533F-4548-9CE2-E72263131BD9}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxm08.exe
FirewallRules: [{1DAFD66C-B77E-422B-90C1-14DC7ABE36C7}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{669D6B49-D269-423F-AC57-0BB6E1E48C80}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{C9AA2C88-29A5-4104-B366-EFD59E2BD98B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{F614D191-EA5E-449E-9505-C7A3EC2C44F2}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{9C9EC504-17B1-4C47-BB36-FCF5E3D2E86C}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{AF6B72BA-D090-40DF-98EB-F86E0F449231}] => (Allow) LPort=2869
FirewallRules: [{E837ABE2-F877-4178-8B2E-2D30E71331C3}] => (Allow) LPort=1900
FirewallRules: [{78415ED0-ED22-46B5-8CF6-6330A38D9667}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{98730647-519B-40EA-AE33-AA5CB53581C6}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{C5686880-17D2-4944-9F78-78EFE22B0A7C}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
FirewallRules: [{6F384575-BDEB-47D8-A16B-04950A53FF09}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
FirewallRules: [{AEBF5336-40F2-45D9-8748-06C8EAB61AF2}] => (Allow) C:\Program Files (x86)\Intel Corporation\Intel WiDi\WiDiApp.exe
FirewallRules: [{51E9A207-6589-4FC7-9C95-4C2EB8644335}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector\PDR8.EXE
FirewallRules: [{AD026405-E962-4384-B5E3-5E989E8CB3AE}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{64B140A0-8BFF-409B-876B-DB99F0A4B6CC}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{083DB4A0-AF82-4EEF-9414-77E8D4A89D91}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{CA6BC9E5-E136-433B-A373-844BFD421588}] => (Allow) C:\Program Files (x86)\Sony Ericsson\Update Engine\Sony Ericsson Update Engine.exe
FirewallRules: [{73EEFB9D-525E-4777-AEA6-36E5F61E7344}] => (Allow) C:\Program Files (x86)\Sony Ericsson\Update Engine\Sony Ericsson Update Engine.exe
FirewallRules: [{05D77498-21A2-46B7-9385-1DBBD1C342B3}] => (Allow) C:\Users\lucted\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{177BC7C4-05B2-49F0-B9BF-BA9190DCFCBB}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{4D74C715-7AA0-47A7-816E-16C37BC869E5}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{5C10B5C9-42EE-4B9B-A629-699482688139}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{37079CCD-0E6D-4D78-9DFA-613DC7B7BC57}] => (Allow) C:\Users\lucted\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{F544B605-B131-4B1B-9F16-B5B9E1FA50D1}] => (Allow) C:\Users\lucted\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{FBFEAA35-416F-41A8-A8FA-6A7117E66A1B}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{89C3D9B3-C937-47C6-B68D-4B98A106A023}] => (Allow) C:\Program Files (x86)\jIxmRfR\jIxmRfR\chrome.exe
FirewallRules: [{A4F0DB59-7443-437E-9FA6-5308DE692F5C}] => (Allow) C:\Program Files (x86)\jIxmRfR\jIxmRfR\bin\jIxmRfR_server.exe
FirewallRules: [{68096047-A42E-4D7A-A3D4-F57FF681E452}] => (Allow) C:\ProgramData\jIxmRfR\protect\protect.exe

==================== Wiederherstellungspunkte =========================

20-05-2016 17:19:06 Windows Update
07-06-2016 09:38:05 Geplanter Prüfpunkt

==================== Fehlerhafte Geräte im Gerätemanager =============


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (06/08/2016 09:33:47 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: mediasrv.exe, Version: 1.1.0.51, Zeitstempel: 0x4d6e5b7d
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x7f194cd3
ID des fehlerhaften Prozesses: 0x1b30
Startzeit der fehlerhaften Anwendung: 0xmediasrv.exe0
Pfad der fehlerhaften Anwendung: mediasrv.exe1
Pfad des fehlerhaften Moduls: mediasrv.exe2
Berichtskennung: mediasrv.exe3
Vollständiger Name des fehlerhaften Pakets: mediasrv.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: mediasrv.exe5

Error: (06/08/2016 09:33:46 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: obexsrv.exe, Version: 1.1.0.51, Zeitstempel: 0x4d6e5ab8
Name des fehlerhaften Moduls: obexsrv.exe, Version: 1.1.0.51, Zeitstempel: 0x4d6e5ab8
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0005225c
ID des fehlerhaften Prozesses: 0x1b34
Startzeit der fehlerhaften Anwendung: 0xobexsrv.exe0
Pfad der fehlerhaften Anwendung: obexsrv.exe1
Pfad des fehlerhaften Moduls: obexsrv.exe2
Berichtskennung: obexsrv.exe3
Vollständiger Name des fehlerhaften Pakets: obexsrv.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: obexsrv.exe5

Error: (06/08/2016 09:33:42 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: devmonsrv.exe, Version: 1.1.0.51, Zeitstempel: 0x4d6e5bd3
Name des fehlerhaften Moduls: devmonsrv.exe, Version: 1.1.0.51, Zeitstempel: 0x4d6e5bd3
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00043c86
ID des fehlerhaften Prozesses: 0x9c
Startzeit der fehlerhaften Anwendung: 0xdevmonsrv.exe0
Pfad der fehlerhaften Anwendung: devmonsrv.exe1
Pfad des fehlerhaften Moduls: devmonsrv.exe2
Berichtskennung: devmonsrv.exe3
Vollständiger Name des fehlerhaften Pakets: devmonsrv.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: devmonsrv.exe5

Error: (06/08/2016 09:32:02 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: devmonsrv.exe, Version: 1.1.0.51, Zeitstempel: 0x4d6e5bd3
Name des fehlerhaften Moduls: devmonsrv.exe, Version: 1.1.0.51, Zeitstempel: 0x4d6e5bd3
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00043c86
ID des fehlerhaften Prozesses: 0x940
Startzeit der fehlerhaften Anwendung: 0xdevmonsrv.exe0
Pfad der fehlerhaften Anwendung: devmonsrv.exe1
Pfad des fehlerhaften Moduls: devmonsrv.exe2
Berichtskennung: devmonsrv.exe3
Vollständiger Name des fehlerhaften Pakets: devmonsrv.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: devmonsrv.exe5

Error: (06/08/2016 09:32:02 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: obexsrv.exe, Version: 1.1.0.51, Zeitstempel: 0x4d6e5ab8
Name des fehlerhaften Moduls: obexsrv.exe, Version: 1.1.0.51, Zeitstempel: 0x4d6e5ab8
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0005225c
ID des fehlerhaften Prozesses: 0xcb0
Startzeit der fehlerhaften Anwendung: 0xobexsrv.exe0
Pfad der fehlerhaften Anwendung: obexsrv.exe1
Pfad des fehlerhaften Moduls: obexsrv.exe2
Berichtskennung: obexsrv.exe3
Vollständiger Name des fehlerhaften Pakets: obexsrv.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: obexsrv.exe5

Error: (06/08/2016 09:30:50 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: iSafeSvc.exe, Version: 4.0.0.1, Zeitstempel: 0x53477040
Name des fehlerhaften Moduls: ipcproxy.dll_unloaded, Version: 5.5.0.1, Zeitstempel: 0x554730ef
Ausnahmecode: 0xc00001a5
Fehleroffset: 0x00014b4b
ID des fehlerhaften Prozesses: 0xb0
Startzeit der fehlerhaften Anwendung: 0xiSafeSvc.exe0
Pfad der fehlerhaften Anwendung: iSafeSvc.exe1
Pfad des fehlerhaften Moduls: iSafeSvc.exe2
Berichtskennung: iSafeSvc.exe3
Vollständiger Name des fehlerhaften Pakets: iSafeSvc.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: iSafeSvc.exe5

Error: (06/08/2016 09:00:17 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: avp.exe, Version: 16.0.0.625, Zeitstempel: 0x55b134f0
Name des fehlerhaften Moduls: bl.ppl, Version: 16.0.0.661, Zeitstempel: 0x5654b61c
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0012aa71
ID des fehlerhaften Prozesses: 0x74c
Startzeit der fehlerhaften Anwendung: 0xavp.exe0
Pfad der fehlerhaften Anwendung: avp.exe1
Pfad des fehlerhaften Moduls: avp.exe2
Berichtskennung: avp.exe3
Vollständiger Name des fehlerhaften Pakets: avp.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: avp.exe5

Error: (06/08/2016 09:00:07 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Fehler beim Planen des Softwareschutzdiensts für den erneuten Start bei 2116-05-15T07:00:07Z. Fehlercode: 0x80040154.

Error: (06/08/2016 09:00:03 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: avp.exe, Version: 16.0.0.625, Zeitstempel: 0x55b134f0
Name des fehlerhaften Moduls: bl.ppl, Version: 16.0.0.661, Zeitstempel: 0x5654b61c
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0012aa71
ID des fehlerhaften Prozesses: 0x1f84
Startzeit der fehlerhaften Anwendung: 0xavp.exe0
Pfad der fehlerhaften Anwendung: avp.exe1
Pfad des fehlerhaften Moduls: avp.exe2
Berichtskennung: avp.exe3
Vollständiger Name des fehlerhaften Pakets: avp.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: avp.exe5

Error: (06/08/2016 08:59:38 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: avp.exe, Version: 16.0.0.625, Zeitstempel: 0x55b134f0
Name des fehlerhaften Moduls: bl.ppl, Version: 16.0.0.661, Zeitstempel: 0x5654b61c
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0012aa71
ID des fehlerhaften Prozesses: 0xa40
Startzeit der fehlerhaften Anwendung: 0xavp.exe0
Pfad der fehlerhaften Anwendung: avp.exe1
Pfad des fehlerhaften Moduls: avp.exe2
Berichtskennung: avp.exe3
Vollständiger Name des fehlerhaften Pakets: avp.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: avp.exe5


Systemfehler:
=============
Error: (06/08/2016 09:35:12 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Protect Service(jIxmRfR_protect)" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (06/08/2016 09:33:49 AM) (Source: DCOM) (EventID: 10005) (User: LUCTED-PC)
Description: 1053Bluetooth Media ServiceNicht verfügbar{9AC233E9-AC75-4DB5-85C4-DAB13A484FEA}

Error: (06/08/2016 09:33:49 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Bluetooth Media Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error: (06/08/2016 09:33:49 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Bluetooth Media Service erreicht.

Error: (06/08/2016 09:33:46 AM) (Source: DCOM) (EventID: 10005) (User: LUCTED-PC)
Description: 1053Bluetooth OBEX ServiceNicht verfügbar{E9E0D51D-F407-4D91-B294-C111F721A3AF}

Error: (06/08/2016 09:33:46 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Bluetooth OBEX Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error: (06/08/2016 09:33:46 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Bluetooth OBEX Service erreicht.

Error: (06/08/2016 09:33:45 AM) (Source: DCOM) (EventID: 10005) (User: LUCTED-PC)
Description: 1053Bluetooth Device MonitorNicht verfügbar{DABF28BE-F6B4-4E40-8F40-C4FB26F3116C}

Error: (06/08/2016 09:33:45 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Bluetooth Device Monitor" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error: (06/08/2016 09:33:45 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Bluetooth Device Monitor erreicht.


CodeIntegrity:
===================================
  Date: 2016-06-08 07:42:33.125
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.

  Date: 2016-06-08 07:42:33.107
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.

  Date: 2016-06-07 16:31:21.664
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.

  Date: 2016-06-07 16:27:00.063
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.

  Date: 2016-06-07 12:22:16.264
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.

  Date: 2016-06-07 10:17:32.570
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.

  Date: 2016-06-07 10:16:15.595
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-06-07 10:16:15.491
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-06-07 10:16:15.294
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-06-07 10:16:15.195
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Speicherinformationen ===========================

Prozessor: Intel(R) Core(TM) i3-2330M CPU @ 2.20GHz
Prozentuale Nutzung des RAM: 52%
Installierter physikalischer RAM: 4001.87 MB
Verfügbarer physikalischer RAM: 1895.29 MB
Summe virtueller Speicher: 8097.87 MB
Verfügbarer virtueller Speicher: 5816.71 MB

==================== Laufwerke ================================

Drive c: (Boot) (Fixed) (Total:647.54 GB) (Free:573.54 GB) NTFS
Drive d: (Recover) (Fixed) (Total:48 GB) (Free:22.11 GB) NTFS

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: 2BD2C32A)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=647.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=50 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=1 GB) - (Type=12)

==================== Ende von Addition.txt ============================

Caroblue 08.06.2016 08:58
Code:
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:07-06-2016
durchgeführt von lucted (Administrator) auf LUCTED-PC (08-06-2016 09:46:55)
Gestartet von C:\Users\lucted\Trojaner-Board#
Geladene Profile: UpdatusUser & lucted (Verfügbare Profile: UpdatusUser & lucted & DefaultAppPool)
Platform: Windows 10 Home Version 1511 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: Edge)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Alle) =========================

(Microsoft Corporation) C:\Windows\System32\smss.exe
(Microsoft Corporation) C:\Windows\System32\csrss.exe
(Microsoft Corporation) C:\Windows\System32\wininit.exe
(Microsoft Corporation) C:\Windows\System32\csrss.exe
(Microsoft Corporation) C:\Windows\System32\winlogon.exe
(Microsoft Corporation) C:\Windows\System32\services.exe
(Microsoft Corporation) C:\Windows\System32\lsass.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(Microsoft Corporation) C:\Windows\System32\dwm.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(Elex do Brasil Participações Ltda) C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(Elex do Brasil Participações Ltda) C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc2.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(Microsoft Corporation) C:\Windows\System32\spoolsv.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
() C:\Windows\System32\FspService.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\avp.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
konnte nicht auf den Prozess zugreifen -> obexsrv.exe
konnte nicht auf den Prozess zugreifen -> devmonsrv.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Microsoft Corporation) C:\Windows\System32\sihost.exe
(Microsoft Corporation) C:\Windows\explorer.exe
(Microsoft Corporation) C:\Windows\System32\RuntimeBroker.exe
(Elex do Brasil Participações Ltda) C:\Program Files (x86)\Elex-tech\YAC\iSafeTray.exe
(Microsoft Corporation) C:\Windows\System32\taskhostw.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
(Microsoft Corporation) C:\Windows\System32\SearchIndexer.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\avpui.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
(Sony) C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe
(Microsoft Corporation) C:\Users\lucted\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
() C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
(Wistron) C:\Program Files (x86)\Launch Manager\HotkeyApp.exe
(Wistron Corp.) C:\Program Files (x86)\Launch Manager\OSD.exe
(Wistron Corp.) C:\Program Files (x86)\Launch Manager\WisLMSvc.exe
(Wistron Corp.) C:\Program Files (x86)\Launch Manager\WButton.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WmiPrvSE.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe
() C:\Program Files (x86)\watchmi\TvdTray.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Geek Software GmbH) C:\Users\lucted\Mama Strom\Sonja\PDF24\pdf24.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_21_0_0_242.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_21_0_0_242.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(Microsoft Corporation) C:\Windows\System32\taskeng.exe
(Microsoft Corporation) C:\Windows\System32\audiodg.exe
(Microsoft Corporation) C:\Windows\System32\SearchProtocolHost.exe
(Microsoft Corporation) C:\Windows\System32\SearchFilterHost.exe
(Farbar) C:\Users\lucted\Trojaner-Board#\FRST64.exe

==================== Registry (Alle) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [fspuip] => C:\Program Files\FSP\fspuip.exe [6319440 2015-05-29] (Sentelic Corporation)
HKLM\...\Run: [IgfxTray] => C:\WINDOWS\system32\igfxtray.exe [183216 2015-06-01] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] => C:\WINDOWS\system32\hkcmd.exe [411056 2015-06-01] (Intel Corporation)
HKLM\...\Run: [Persistence] => C:\WINDOWS\system32\igfxpers.exe [453552 2015-06-01] (Intel Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12661352 2011-08-01] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2264168 2011-07-13] (Realtek Semiconductor)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
HKLM-x32\...\Run: [HotkeyApp] => C:\Program Files (x86)\Launch Manager\HotkeyApp.exe [207400 2011-08-06] (Wistron)
HKLM-x32\...\Run: [LMgrVolOSD] => C:\Program Files (x86)\Launch Manager\OSD.exe [348960 2011-08-06] (Wistron Corp.)
HKLM-x32\...\Run: [LMgrOSD] => "C:\Program Files (x86)\Launch Manager\OSDCtrl.exe"
HKLM-x32\...\Run: [Wbutton] => C:\Program Files (x86)\Launch Manager\Wbutton.exe [447016 2011-08-13] (Wistron Corp.)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [107816 2010-08-04] (CyberLink)
HKLM-x32\...\Run: [Dolby Advanced Audio v2] => C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe [506712 2011-02-03] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67384 2016-03-18] (Apple Inc.)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [310280 2012-12-20] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [PDFPrint] => C:\Users\lucted\Mama Strom\Sonja\PDF24\pdf24.exe [221216 2015-11-18] (Geek Software GmbH)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe, [30720 2015-10-30] (Microsoft Corporation)
HKLM\...\Winlogon: [Shell] explorer.exe [4515256 2016-04-23] (Microsoft Corporation)
HKLM-x32\...\Winlogon: [Shell] explorer.exe [4074160 2016-04-23] (Microsoft Corporation)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [ForceActiveDesktopOn] 0
HKLM\...\Policies\Explorer: [NoActiveDesktop] 1
HKLM\...\Policies\Explorer: [NoActiveDesktopChanges] 1
HKLM\...\Policies\Explorer: [NoRecentDocsHistory] 0
HKLM\...\Policies\Explorer: [NoDriveTypeAutoRun] 60
HKU\S-1-5-19\...\Run: [OneDriveSetup] => C:\Windows\SysWOW64\OneDriveSetup.exe [7805120 2015-10-30] (Microsoft Corporation)
HKU\S-1-5-20\...\Run: [OneDriveSetup] => C:\Windows\SysWOW64\OneDriveSetup.exe [7805120 2015-10-30] (Microsoft Corporation)
HKU\S-1-5-21-689365640-92009327-2566536619-1000\...\Run: [OneDriveSetup] => C:\Windows\SysWOW64\OneDriveSetup.exe [7805120 2015-10-30] (Microsoft Corporation)
HKU\S-1-5-21-689365640-92009327-2566536619-1000\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [517632 2015-10-30] (Microsoft Corporation)
HKU\S-1-5-21-689365640-92009327-2566536619-1000\...\Policies\Explorer: [NoDriveTypeAutoRun] 145
HKU\S-1-5-21-689365640-92009327-2566536619-1001\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-12-18] (Google Inc.)
HKU\S-1-5-21-689365640-92009327-2566536619-1001\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1476104 2012-12-20] (Samsung)
HKU\S-1-5-21-689365640-92009327-2566536619-1001\...\Run: [] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844296 2012-12-20] (Samsung)
HKU\S-1-5-21-689365640-92009327-2566536619-1001\...\Run: [Sony PC Companion] => C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe [457088 2015-09-23] (Sony)
HKU\S-1-5-21-689365640-92009327-2566536619-1001\...\Run: [OneDrive] => C:\Users\lucted\AppData\Local\Microsoft\OneDrive\OneDrive.exe [382144 2016-01-06] (Microsoft Corporation)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [176904 2015-07-23] (NVIDIA Corporation)
AppInit_DLLs: ,C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [176904 2015-07-23] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [155280 2015-07-23] (NVIDIA Corporation)
Lsa: [Authentication Packages] msv1_0
Lsa: [Notification Packages] scecli
SecurityProviders: credssp.dll
SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} -  Keine Datei
SSODL-x32: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} -  Keine Datei
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\lucted\AppData\Local\Microsoft\OneDrive\17.3.5892.0626_1\amd64\FileSyncShell64.dll [2016-01-06] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Users\lucted\AppData\Local\Microsoft\OneDrive\17.3.5892.0626_1\amd64\FileSyncShell64.dll [2016-01-06] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Users\lucted\AppData\Local\Microsoft\OneDrive\17.3.5892.0626_1\amd64\FileSyncShell64.dll [2016-01-06] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\lucted\AppData\Local\Microsoft\OneDrive\17.3.5892.0626_1\amd64\FileSyncShell64.dll [2016-01-06] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\lucted\AppData\Local\Microsoft\OneDrive\17.3.5892.0626_1\amd64\FileSyncShell64.dll [2016-01-06] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\lucted\AppData\Local\Microsoft\OneDrive\17.3.5892.0626_1\amd64\FileSyncShell64.dll [2016-01-06] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\lucted\AppData\Local\Microsoft\OneDrive\17.3.5892.0626_1\amd64\FileSyncShell64.dll [2016-01-06] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\lucted\AppData\Local\Microsoft\OneDrive\17.3.5892.0626_1\amd64\FileSyncShell64.dll [2016-01-06] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-04-12] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-04-12] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-04-12] (Microsoft Corporation)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\lucted\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll [2015-01-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\lucted\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll [2015-01-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\lucted\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll [2015-01-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\lucted\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll [2015-01-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\lucted\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll [2015-01-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\lucted\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll [2015-01-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\lucted\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll [2015-01-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\lucted\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll [2015-01-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [EnhancedStorageShell] -> {D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D} => C:\Windows\System32\EhStorShell.dll [2015-10-30] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\lucted\AppData\Local\Microsoft\OneDrive\17.3.5892.0626_1\FileSyncShell.dll [2016-01-06] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Users\lucted\AppData\Local\Microsoft\OneDrive\17.3.5892.0626_1\FileSyncShell.dll [2016-01-06] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Users\lucted\AppData\Local\Microsoft\OneDrive\17.3.5892.0626_1\FileSyncShell.dll [2016-01-06] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\lucted\AppData\Local\Microsoft\OneDrive\17.3.5892.0626_1\FileSyncShell.dll [2016-01-06] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\lucted\AppData\Local\Microsoft\OneDrive\17.3.5892.0626_1\FileSyncShell.dll [2016-01-06] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\lucted\AppData\Local\Microsoft\OneDrive\17.3.5892.0626_1\FileSyncShell.dll [2016-01-06] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\lucted\AppData\Local\Microsoft\OneDrive\17.3.5892.0626_1\FileSyncShell.dll [2016-01-06] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\lucted\AppData\Local\Microsoft\OneDrive\17.3.5892.0626_1\FileSyncShell.dll [2016-01-06] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2015-12-28]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\watchmi tray.lnk [2010-12-02]
ShortcutTarget: watchmi tray.lnk -> C:\Windows\Installer\{AA4D1C5E-116A-4FF4-AA91-28F526868203}\SHCT_TRAY_PROGRAMG_A10D8603999C4E9488776EF2533C58C9.exe (Acresso Software Inc.)
BootExecute: autocheck autochk *
AlternateShell: cmd.exe

==================== Internet (Alle) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Winsock: Catalog5 01 C:\WINDOWS\SysWOW64\NLAapi.dll [65024 2015-10-30] (Microsoft Corporation)
Winsock: Catalog5 02 C:\WINDOWS\SysWOW64\napinsp.dll [55808 2015-10-30] (Microsoft Corporation)
Winsock: Catalog5 03 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70656 2015-10-30] (Microsoft Corporation)
Winsock: Catalog5 04 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70656 2015-10-30] (Microsoft Corporation)
Winsock: Catalog5 05 C:\WINDOWS\SysWOW64\mswsock.dll [312160 2015-10-30] (Microsoft Corporation)
Winsock: Catalog5 06 C:\WINDOWS\SysWOW64\winrnr.dll [23552 2015-10-30] (Microsoft Corporation)
Winsock: Catalog9 01 C:\WINDOWS\SysWOW64\mswsock.dll [312160 2015-10-30] (Microsoft Corporation)
Winsock: Catalog9 02 C:\WINDOWS\SysWOW64\mswsock.dll [312160 2015-10-30] (Microsoft Corporation)
Winsock: Catalog9 03 C:\WINDOWS\SysWOW64\mswsock.dll [312160 2015-10-30] (Microsoft Corporation)
Winsock: Catalog9 04 C:\WINDOWS\SysWOW64\mswsock.dll [312160 2015-10-30] (Microsoft Corporation)
Winsock: Catalog9 05 C:\WINDOWS\SysWOW64\mswsock.dll [312160 2015-10-30] (Microsoft Corporation)
Winsock: Catalog9 06 C:\WINDOWS\SysWOW64\mswsock.dll [312160 2015-10-30] (Microsoft Corporation)
Winsock: Catalog9 07 C:\WINDOWS\SysWOW64\mswsock.dll [312160 2015-10-30] (Microsoft Corporation)
Winsock: Catalog9 08 C:\WINDOWS\SysWOW64\mswsock.dll [312160 2015-10-30] (Microsoft Corporation)
Winsock: Catalog9 09 C:\WINDOWS\SysWOW64\mswsock.dll [312160 2015-10-30] (Microsoft Corporation)
Winsock: Catalog9 10 C:\WINDOWS\SysWOW64\mswsock.dll [312160 2015-10-30] (Microsoft Corporation)
Winsock: Catalog9 11 C:\WINDOWS\SysWOW64\mswsock.dll [312160 2015-10-30] (Microsoft Corporation)
Winsock: Catalog5-x64 01 C:\Windows\system32\NLAapi.dll [80896 2015-10-30] (Microsoft Corporation)
Winsock: Catalog5-x64 02 C:\Windows\system32\napinsp.dll [68096 2015-10-30] (Microsoft Corporation)
Winsock: Catalog5-x64 03 C:\Windows\system32\pnrpnsp.dll [87040 2015-10-30] (Microsoft Corporation)
Winsock: Catalog5-x64 04 C:\Windows\system32\pnrpnsp.dll [87040 2015-10-30] (Microsoft Corporation)
Winsock: Catalog5-x64 05 C:\Windows\System32\mswsock.dll [357216 2015-10-30] (Microsoft Corporation)
Winsock: Catalog5-x64 06 C:\Windows\System32\winrnr.dll [31744 2015-10-30] (Microsoft Corporation)
Winsock: Catalog9-x64 01 C:\Windows\system32\mswsock.dll [357216 2015-10-30] (Microsoft Corporation)
Winsock: Catalog9-x64 02 C:\Windows\system32\mswsock.dll [357216 2015-10-30] (Microsoft Corporation)
Winsock: Catalog9-x64 03 C:\Windows\system32\mswsock.dll [357216 2015-10-30] (Microsoft Corporation)
Winsock: Catalog9-x64 04 C:\Windows\system32\mswsock.dll [357216 2015-10-30] (Microsoft Corporation)
Winsock: Catalog9-x64 05 C:\Windows\system32\mswsock.dll [357216 2015-10-30] (Microsoft Corporation)
Winsock: Catalog9-x64 06 C:\Windows\system32\mswsock.dll [357216 2015-10-30] (Microsoft Corporation)
Winsock: Catalog9-x64 07 C:\Windows\system32\mswsock.dll [357216 2015-10-30] (Microsoft Corporation)
Winsock: Catalog9-x64 08 C:\Windows\system32\mswsock.dll [357216 2015-10-30] (Microsoft Corporation)
Winsock: Catalog9-x64 09 C:\Windows\system32\mswsock.dll [357216 2015-10-30] (Microsoft Corporation)
Winsock: Catalog9-x64 10 C:\Windows\system32\mswsock.dll [357216 2015-10-30] (Microsoft Corporation)
Winsock: Catalog9-x64 11 C:\Windows\system32\mswsock.dll [357216 2015-10-30] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1
Tcpip\Parameters: [NameServer] 82.163.142.7 95.211.158.134
Tcpip\..\Interfaces\{03825670-e143-4a1c-9d66-6b83c604caab}: [DhcpNameServer] 192.168.2.1 192.168.2.1
Tcpip\..\Interfaces\{5327d1c1-1dac-4479-9385-c34c11de559b}: [DhcpNameServer] 82.163.142.7

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKU\S-1-5-21-689365640-92009327-2566536619-1000\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
HKU\S-1-5-21-689365640-92009327-2566536619-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKU\S-1-5-21-689365640-92009327-2566536619-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
HKU\S-1-5-21-689365640-92009327-2566536619-1001\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
HKU\S-1-5-21-689365640-92009327-2566536619-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKU\S-1-5-21-689365640-92009327-2566536619-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKU\S-1-5-21-689365640-92009327-2566536619-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com
URLSearchHook: HKU\S-1-5-21-689365640-92009327-2566536619-1000 - Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
URLSearchHook: HKU\S-1-5-21-689365640-92009327-2566536619-1000 - Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
URLSearchHook: HKU\S-1-5-21-689365640-92009327-2566536619-1001 - Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
URLSearchHook: HKU\S-1-5-21-689365640-92009327-2566536619-1001 - Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
SearchScopes: HKLM -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKLM -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKLM-x32 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKLM-x32 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-689365640-92009327-2566536619-1001 -> DefaultScope {4BB7C960-1C70-484C-B979-2CCADBE00A6F} URL =
SearchScopes: HKU\S-1-5-21-689365640-92009327-2566536619-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02
SearchScopes: HKU\S-1-5-21-689365640-92009327-2566536619-1001 -> {4BB7C960-1C70-484C-B979-2CCADBE00A6F} URL =
SearchScopes: HKU\S-1-5-21-689365640-92009327-2566536619-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
SearchScopes: HKU\S-1-5-21-689365640-92009327-2566536619-1001 -> {C8248A10-9872-4FE1-9CAB-4F01C176BA4C} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MDNE_enDE393
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2016-04-12] (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-27] (Google Inc.)
BHO: Kaspersky Protection plugin -> {C66D064F-82FE-4E1A-B06A-B2490BA48B18} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\x64\IEExt\ie_plugin.dll [2015-12-08] (AO Kaspersky Lab)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-04-12] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll => Keine Datei
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll [2014-12-12] (Oracle Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-27] (Google Inc.)
BHO-x32: Kaspersky Protection plugin -> {C66D064F-82FE-4E1A-B06A-B2490BA48B18} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\IEExt\ie_plugin.dll [2015-12-08] (AO Kaspersky Lab)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-12-12] (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-27] (Google Inc.)
Toolbar: HKLM - Kaspersky Protection toolbar - {3507FA00-ADA2-4A02-99B9-51AD26CA9120} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\x64\IEExt\ie_plugin.dll [2015-12-08] (AO Kaspersky Lab)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-27] (Google Inc.)
Toolbar: HKLM-x32 - Kaspersky Protection toolbar - {3507FA00-ADA2-4A02-99B9-51AD26CA9120} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\IEExt\ie_plugin.dll [2015-12-08] (AO Kaspersky Lab)
Toolbar: HKU\S-1-5-21-689365640-92009327-2566536619-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-27] (Google Inc.)
DPF: HKLM-x32 {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: HKLM-x32 {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: HKLM-x32 {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
Handler: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll [2016-04-23] (Microsoft Corporation)
Handler-x32: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll [2016-04-23] (Microsoft Corporation)
Handler: cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll [2016-04-23] (Microsoft Corporation)
Handler-x32: cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll [2016-04-23] (Microsoft Corporation)
Handler: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\msvidctl.dll [2015-10-30] (Microsoft Corporation)
Handler-x32: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\msvidctl.dll [2015-10-30] (Microsoft Corporation)
Handler: file - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll [2016-04-23] (Microsoft Corporation)
Handler-x32: file - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll [2016-04-23] (Microsoft Corporation)
Handler: ftp - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll [2016-04-23] (Microsoft Corporation)
Handler-x32: ftp - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll [2016-04-23] (Microsoft Corporation)
Handler: http - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll [2016-04-23] (Microsoft Corporation)
Handler-x32: http - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll [2016-04-23] (Microsoft Corporation)
Handler: https - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll [2016-04-23] (Microsoft Corporation)
Handler-x32: https - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll [2016-04-23] (Microsoft Corporation)
Handler: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll [2015-10-30] (Microsoft Corporation)
Handler-x32: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll [2015-10-30] (Microsoft Corporation)
Handler: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll [2016-04-23] (Microsoft Corporation)
Handler-x32: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll [2016-04-23] (Microsoft Corporation)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll [2011-05-14] (Microsoft Corporation)
Handler: local - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll [2016-04-23] (Microsoft Corporation)
Handler-x32: local - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll [2016-04-23] (Microsoft Corporation)
Handler: mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll [2016-04-23] (Microsoft Corporation)
Handler-x32: mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll [2016-04-23] (Microsoft Corporation)
Handler: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll [2015-10-30] (Microsoft Corporation)
Handler-x32: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll [2015-10-30] (Microsoft Corporation)
Handler: mk - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll [2016-04-23] (Microsoft Corporation)
Handler-x32: mk - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll [2016-04-23] (Microsoft Corporation)
Handler: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll [2015-10-30] (Microsoft Corporation)
Handler-x32: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll [2015-10-30] (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll [2011-05-14] (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Handler: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll [2016-04-23] (Microsoft Corporation)
Handler-x32: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll [2016-04-23] (Microsoft Corporation)
Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\System32\tbauth.dll [2016-03-29] (Microsoft Corporation)
Handler-x32: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll [2016-03-29] (Microsoft Corporation)
Handler: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\msvidctl.dll [2015-10-30] (Microsoft Corporation)
Handler-x32: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\msvidctl.dll [2015-10-30] (Microsoft Corporation)
Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll [2016-04-23] (Microsoft Corporation)
Handler-x32: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll [2016-04-23] (Microsoft Corporation)
Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\System32\tbauth.dll [2016-03-29] (Microsoft Corporation)
Handler-x32: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll [2016-03-29] (Microsoft Corporation)
Handler-x32: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll [2011-05-14] (Microsoft Corporation)
Handler-x32: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll [2011-05-14] (Microsoft Corporation)
Filter: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll [2015-10-30] (Microsoft Corporation)
Filter-x32: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWOW64\mscoree.dll [2015-10-30] (Microsoft Corporation)
Filter: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll [2015-10-30] (Microsoft Corporation)
Filter-x32: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWOW64\mscoree.dll [2015-10-30] (Microsoft Corporation)
Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll [2015-10-30] (Microsoft Corporation)
Filter-x32: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWOW64\mscoree.dll [2015-10-30] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - "c:\program files\internet explorer\iexplore.exe"

FireFox:
========
FF ProfilePath: C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1
FF DefaultSearchEngine: v9
FF SelectedSearchEngine: v9
FF Homepage: hxxp://www.web.de/
FF Keyword.URL: undefined://undefined/
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_21_0_0_242.dll [2016-05-13] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_242.dll [2016-05-13] ()
FF Plugin-x32: @java.com/DTPlugin,version=10.9.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2012-11-24] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-12-12] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-12-27] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-14] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-14] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2011-07-25] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2011-07-25] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin HKU\S-1-5-21-689365640-92009327-2566536619-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\lucted\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2013-06-06] (Unity Technologies ApS)
FF user.js: detected! => C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\8hxidemf.default\user.js [2016-06-08]
FF user.js: detected! => C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\user.js [2016-06-08]
FF SearchPlugin: C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\8hxidemf.default\searchplugins\englische-ergebnisse.xml [2013-03-22]
FF SearchPlugin: C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\8hxidemf.default\searchplugins\gmx-suche.xml [2013-03-22]
FF SearchPlugin: C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\8hxidemf.default\searchplugins\lastminute.xml [2013-03-22]
FF SearchPlugin: C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\8hxidemf.default\searchplugins\webde-suche.xml [2013-03-22]
FF SearchPlugin: C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\searchplugins\englische-ergebnisse.xml [2013-03-22]
FF SearchPlugin: C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\searchplugins\gmx-suche.xml [2013-03-22]
FF SearchPlugin: C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\searchplugins\lastminute.xml [2013-03-22]
FF SearchPlugin: C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\searchplugins\webde-suche.xml [2013-03-22]
FF Extension: WEB.DE MailCheck - C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\extensions\browser-mailcheck@web.de [2016-03-26]
FF Extension: xRocket Toolbar - C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\extensions\arthurj8283@gmail.com [2016-05-09] [ist nicht signiert]
FF Extension: WEB.DE MailCheck - C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\8hxidemf.default\Extensions\browser-mailcheck@web.de [2016-03-26]
FF Extension: GsearchFinder - C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\Extensions\@E9438230-A7DF-4D1F-8F2D-CA1D0F0F7924.xpi [2016-03-24]
FF Extension: Gooding Toolbar - C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\Extensions\gooding-toolbar@gooding.de.xpi [2016-04-09]
FF Extension: Anti-Banner - C:\Program Files (x86)\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak2 [2016-03-19] [ist nicht signiert]
FF Extension: Modul zur Link-Untersuchung - C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak2 [2016-03-19] [ist nicht signiert]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2016-03-19] [ist nicht signiert]
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi [2016-03-19] [ist nicht signiert]
FF HKLM-x32\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru => nicht gefunden
FF HKLM-x32\...\Firefox\Extensions: [arthurj8283@gmail.com] - C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\extensions\arthurj8283@gmail.com
FF HKLM-x32\...\Firefox\Extensions: [light_plugin_D772DC8D6FAF43A29B25C4EBAA5AD1DE@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\FFExt\light_plugin_firefox
FF Extension: Kaspersky Protection - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\FFExt\light_plugin_firefox [2016-06-07]
FF HKLM-x32\...\Mozilla Firefox 45.0.1\Extensions: [Components] - C:\Program Files (x86)\Mozilla Firefox\components => nicht gefunden
FF HKLM-x32\...\Mozilla Firefox 45.0.1\Extensions: [Plugins] - C:\Program Files (x86)\Mozilla Firefox\plugins => nicht gefunden
FF HKU\S-1-5-21-689365640-92009327-2566536619-1001\...\Mozilla Firefox 45.0.1\Extensions: [Components] - C:\Program Files (x86)\Mozilla Firefox\components => nicht gefunden
FF HKU\S-1-5-21-689365640-92009327-2566536619-1001\...\Mozilla Firefox 45.0.1\Extensions: [Plugins] - C:\Program Files (x86)\Mozilla Firefox\plugins => nicht gefunden
StartMenuInternet: FIREFOX.EXE - "c:\program files (x86)\mozilla firefox\firefox.exe"
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\channel-prefs.js [2015-02-23]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR DefaultSearchURL: Default -> hxxp://www.nicesearches.com/search.php?type=ds&ts=1462807746&from=87640509&uid=hitachixhts547575a9e384_j2540054ca75yeca75yex&z=addf052d28676756fb7e802g0z2q4oabfe0m8m3c7b&q={searchTerms}
CHR DefaultSearchKeyword: Default -> nice
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.112\gcswf32.dll => Keine Datei
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll => Keine Datei
CHR Plugin: (Java Deployment Toolkit 6.0.260.3) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll => Keine Datei
CHR Plugin: (Java(TM) Platform SE 6 U26) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll => Keine Datei
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll => Keine Datei
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll => Keine Datei
CHR Plugin: (Chrome NaCl) - C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.112\ppGoogleNaClPluginChrome.dll => Keine Datei
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.112\pdf.dll => Keine Datei
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll => Keine Datei
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Profile: C:\Users\lucted\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Kaspersky Protection) - C:\Users\lucted\AppData\Local\Google\Chrome\User Data\Default\Extensions\eahebamiopdhefndnmappcihfajigkka [2016-04-21]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\lucted\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-21]
StartMenuInternet: Google Chrome - "c:\program files (x86)\google\chrome\application\chrome.exe"

==================== Dienste (Alle) ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S3 AdobeFlashPlayerUpdateSvc; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [269504 2016-05-13] (Adobe Systems Incorporated)
S3 AJRouter; C:\Windows\System32\AJRouter.dll [23040 2015-10-30] (Microsoft Corporation)
S3 ALG; C:\Windows\System32\alg.exe [97792 2015-10-30] (Microsoft Corporation)
R2 AppHostSvc; C:\Windows\system32\inetsrv\apphostsvc.dll [64512 2016-01-06] (Microsoft Corporation)
R2 AppHostSvc; C:\WINDOWS\SysWOW64\inetsrv\apphostsvc.dll [56832 2016-01-06] (Microsoft Corporation)
S3 AppIDSvc; C:\Windows\System32\appidsvc.dll [45056 2015-10-30] (Microsoft Corporation)
R3 Appinfo; C:\Windows\System32\appinfo.dll [94720 2015-10-30] (Microsoft Corporation)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
S3 AppReadiness; C:\Windows\system32\AppReadiness.dll [504320 2015-10-30] (Microsoft Corporation)
S3 AppXSvc; C:\Windows\system32\appxdeploymentserver.dll [2166784 2016-04-23] (Microsoft Corporation)
S4 aspnet_state; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [51376 2015-10-30] (Microsoft Corporation)
R2 AudioEndpointBuilder; C:\Windows\System32\AudioEndpointBuilder.dll [275456 2016-02-23] (Microsoft Corporation)
R2 Audiosrv; C:\Windows\System32\Audiosrv.dll [1054208 2016-04-02] (Microsoft Corporation)
R2 AVP16.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\avp.exe [194000 2015-12-08] (Kaspersky Lab ZAO)
S3 AxInstSV; C:\Windows\System32\AxInstSV.dll [114176 2015-10-30] (Microsoft Corporation)
S3 BDESVC; C:\Windows\System32\bdesvc.dll [361472 2016-03-29] (Microsoft Corporation)
R2 BFE; C:\Windows\System32\bfe.dll [794112 2016-03-29] (Microsoft Corporation)
R2 BITS; C:\Windows\System32\qmgr.dll [1144320 2015-10-30] (Microsoft Corporation)
S2 Bluetooth Device Monitor; C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [923984 2011-03-30] (Intel Corporation)
S3 Bluetooth Media Service; C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [1321296 2011-03-30] (Intel Corporation)
S2 Bluetooth OBEX Service; C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [1001808 2011-03-30] (Intel Corporation)
R2 BrokerInfrastructure; C:\Windows\System32\bisrv.dll [587776 2016-03-29] (Microsoft Corporation)
R3 Browser; C:\Windows\System32\browser.dll [134656 2016-03-29] (Microsoft Corporation)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [326144 2015-10-30] (Microsoft Corporation)
R3 bthserv; C:\Windows\system32\bthserv.dll [91136 2015-10-30] (Microsoft Corporation)
S4 CDPSvc; C:\Windows\System32\CDPSvc.dll [287744 2015-10-30] (Microsoft Corporation)
S3 CertPropSvc; C:\Windows\System32\certprop.dll [192000 2015-10-30] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3009264 2016-05-17] (Microsoft Corporation)
S3 ClipSVC; C:\Windows\System32\ClipSVC.dll [625000 2016-02-24] (Microsoft Corporation)
R2 CoreMessagingRegistrar; C:\Windows\system32\coremessaging.dll [754664 2016-04-23] (Microsoft Corporation)
R2 CoreMessagingRegistrar; C:\WINDOWS\SysWOW64\coremessaging.dll [461824 2016-04-23] (Microsoft Corporation)
S3 cphs; C:\Windows\SysWow64\IntelCpHeciSvc.exe [290224 2015-06-01] (Intel Corporation)
R2 CryptSvc; C:\Windows\system32\cryptsvc.dll [78848 2015-10-30] (Microsoft Corporation)
R2 DcomLaunch; C:\Windows\system32\rpcss.dll [904704 2015-10-30] (Microsoft Corporation)
S3 DcpSvc; C:\Windows\system32\dcpsvc.dll [186880 2015-10-30] (Microsoft Corporation)
S3 defragsvc; C:\Windows\System32\defragsvc.dll [527872 2015-10-30] (Microsoft Corporation)
R3 DeviceAssociationService; C:\Windows\system32\das.dll [444928 2015-10-30] (Microsoft Corporation)
S3 DeviceInstall; C:\Windows\system32\umpnpmgr.dll [111616 2015-10-30] (Microsoft Corporation)
S3 DevQueryBroker; C:\Windows\system32\DevQueryBroker.dll [34304 2015-10-30] (Microsoft Corporation)
R2 Dhcp; C:\Windows\system32\dhcpcore.dll [355840 2015-10-30] (Microsoft Corporation)
R2 Dhcp; C:\WINDOWS\SysWOW64\dhcpcore.dll [293888 2015-10-30] (Microsoft Corporation)
S3 diagnosticshub.standardcollector.service; C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe [31744 2015-10-30] (Microsoft Corporation)
R2 DiagTrack; C:\Windows\system32\diagtrack.dll [1613664 2016-02-24] (Microsoft Corporation)
S3 DmEnrollmentSvc; C:\Windows\system32\Windows.Internal.Management.dll [278016 2015-10-30] (Microsoft Corporation)
S3 DmEnrollmentSvc; C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll [200192 2015-10-30] (Microsoft Corporation)
S3 dmwappushservice; C:\Windows\system32\dmwappushsvc.dll [57856 2015-10-30] (Microsoft Corporation)
R2 Dnscache; C:\Windows\System32\dnsrslvr.dll [284672 2016-03-29] (Microsoft Corporation)
R2 DoSvc; C:\Windows\system32\dosvc.dll [1098240 2016-03-29] (Microsoft Corporation)
S3 dot3svc; C:\Windows\System32\dot3svc.dll [264704 2015-10-30] (Microsoft Corporation)
R2 DPS; C:\Windows\system32\dps.dll [170496 2015-10-30] (Microsoft Corporation)
S3 DsmSvc; C:\Windows\System32\DeviceSetupManager.dll [205824 2015-10-30] (Microsoft Corporation)
S3 DsSvc; C:\Windows\System32\DsSvc.dll [145408 2016-02-24] (Microsoft Corporation)
S3 Eaphost; C:\Windows\System32\eapsvc.dll [112640 2015-10-30] (Microsoft Corporation)
S3 EFS; C:\Windows\system32\efssvc.dll [60416 2015-10-30] (Microsoft Corporation)
S3 embeddedmode; C:\Windows\System32\embeddedmodesvc.dll [111616 2015-10-30] (Microsoft Corporation)
S3 EntAppSvc; C:\Windows\system32\EnterpriseAppMgmtSvc.dll [313856 2015-10-30] (Microsoft Corporation)
R2 EventLog; C:\Windows\System32\wevtsvc.dll [1743872 2015-10-30] (Microsoft Corporation)
R2 EventSystem; C:\Windows\system32\es.dll [473088 2015-10-30] (Microsoft Corporation)
R2 EventSystem; C:\WINDOWS\SysWOW64\es.dll [345600 2015-10-30] (Microsoft Corporation)
S3 Fax; C:\Windows\system32\fxssvc.exe [651776 2015-10-30] (Microsoft Corporation)
R3 fdPHost; C:\Windows\system32\fdPHost.dll [21504 2015-10-30] (Microsoft Corporation)
R3 FDResPub; C:\Windows\system32\fdrespub.dll [35840 2015-10-30] (Microsoft Corporation)
S3 fhsvc; C:\Windows\system32\fhsvc.dll [118784 2015-10-30] (Microsoft Corporation)
R2 FontCache; C:\Windows\system32\FntCache.dll [1671168 2015-10-30] (Microsoft Corporation)
S3 FontCache3.0.0.0; C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [43696 2015-10-23] (Microsoft Corporation)
R2 FspSvc; C:\Windows\System32\FspService.exe [2178896 2015-05-29] ()
S2 gpsvc; C:\Windows\System32\gpsvc.dll [1338368 2015-10-30] (Microsoft Corporation)
S2 gupdate; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-09-04] (Google Inc.)
S3 gupdatem; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-09-04] (Google Inc.)
S3 gusvc; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [194032 2012-08-22] (Google)
R3 hidserv; C:\Windows\system32\hidserv.dll [36864 2015-10-30] (Microsoft Corporation)
R3 hidserv; C:\WINDOWS\SysWOW64\hidserv.dll [31744 2015-10-30] (Microsoft Corporation)
S3 HomeGroupListener; C:\Windows\system32\ListSvc.dll [279040 2016-04-23] (Microsoft Corporation)
R3 HomeGroupProvider; C:\Windows\system32\provsvc.dll [464384 2015-10-30] (Microsoft Corporation)
R3 HomeGroupProvider; C:\WINDOWS\SysWOW64\provsvc.dll [381440 2015-10-30] (Microsoft Corporation)
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [254824 2011-09-20] (Hewlett-Packard Co.)
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [138600 2011-04-29] (Hewlett-Packard Co.)
S3 icssvc; C:\Windows\System32\tetheringservice.dll [162304 2016-01-06] (Microsoft Corporation)
S3 IEEtwCollectorService; C:\Windows\system32\IEEtwCollector.exe [117760 2015-10-30] (Microsoft Corporation)
R2 IKEEXT; C:\Windows\System32\ikeext.dll [957952 2016-03-29] (Microsoft Corporation)
R2 iphlpsvc; C:\Windows\System32\iphlpsvc.dll [958464 2015-10-30] (Microsoft Corporation)
R2 iSafeService; C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe [118048 2016-05-24] (Elex do Brasil Participações Ltda)
R3 KeyIso; C:\Windows\system32\keyiso.dll [97792 2015-10-30] (Microsoft Corporation)
R3 KeyIso; C:\WINDOWS\SysWOW64\keyiso.dll [70656 2015-10-30] (Microsoft Corporation)
S3 KtmRm; C:\Windows\system32\msdtckrm.dll [378880 2015-10-30] (Microsoft Corporation)
R2 LanmanServer; C:\Windows\system32\srvsvc.dll [283136 2015-10-30] (Microsoft Corporation)
R2 LanmanWorkstation; C:\Windows\System32\wkssvc.dll [274432 2015-10-30] (Microsoft Corporation)
R3 lfsvc; C:\Windows\System32\lfsvc.dll [27136 2015-10-30] (Microsoft Corporation)
R3 lfsvc; C:\WINDOWS\SysWOW64\lfsvc.dll [22528 2015-10-30] (Microsoft Corporation)
S3 LicenseManager; C:\Windows\system32\LicenseManagerSvc.dll [22528 2015-10-30] (Microsoft Corporation)
S3 lltdsvc; C:\Windows\System32\lltdsvc.dll [280576 2015-10-30] (Microsoft Corporation)
R3 lmhosts; C:\Windows\System32\lmhsvc.dll [24576 2015-10-30] (Microsoft Corporation)
R2 LMS; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [325656 2010-12-28] (Intel Corporation)
R2 LSM; C:\Windows\System32\lsm.dll [729600 2015-10-30] (Microsoft Corporation)
S2 MapsBroker; C:\Windows\System32\moshost.dll [72704 2016-04-23] (Microsoft Corporation)
S3 MessagingService; C:\Windows\System32\MessagingService.dll [52736 2015-10-30] (Microsoft Corporation)
U3 MessagingService_3e5da; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 MessagingService_3e5da; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
S3 MessagingService_42eec; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
S3 MessagingService_42eec; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 MessagingService_434a2; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 MessagingService_434a2; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 MessagingService_45f36; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 MessagingService_45f36; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
S3 MozillaMaintenance; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [146888 2016-03-19] (Mozilla Foundation)
R2 MpsSvc; C:\Windows\system32\mpssvc.dll [870912 2016-04-23] (Microsoft Corporation)
S3 MSDTC; C:\Windows\System32\msdtc.exe [147968 2015-10-30] (Microsoft Corporation)
S3 MSiSCSI; C:\Windows\system32\iscsiexe.dll [151040 2015-10-30] (Microsoft Corporation)
S3 msiserver; C:\Windows\System32\msiexec.exe [66048 2015-10-30] (Microsoft Corporation)
S3 msiserver; C:\WINDOWS\SysWOW64\msiexec.exe [58368 2015-10-30] (Microsoft Corporation)
R2 MSMQ; C:\Windows\system32\mqsvc.exe [26624 2016-01-06] (Microsoft Corporation)
S3 NcaSvc; C:\Windows\System32\ncasvc.dll [168960 2015-10-30] (Microsoft Corporation)
R3 NcbService; C:\Windows\System32\ncbservice.dll [338432 2016-03-29] (Microsoft Corporation)
R3 NcdAutoSetup; C:\Windows\System32\NcdAutoSetup.dll [81408 2015-10-30] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [Datei ist nicht signiert]
S3 Netlogon; C:\Windows\system32\netlogon.dll [847360 2016-02-23] (Microsoft Corporation)
S3 Netlogon; C:\WINDOWS\SysWOW64\netlogon.dll [713728 2016-02-23] (Microsoft Corporation)
S3 Netman; C:\Windows\System32\netman.dll [265728 2015-10-30] (Microsoft Corporation)
R2 NetMsmqActivator; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [135848 2015-10-30] (Microsoft Corporation)
S2 NetPipeActivator; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [135848 2015-10-30] (Microsoft Corporation)
R3 netprofm; C:\Windows\System32\netprofmsvc.dll [547840 2015-10-30] (Microsoft Corporation)
S3 NetSetupSvc; C:\Windows\System32\NetSetupSvc.dll [207360 2016-04-23] (Microsoft Corporation)
S2 NetTcpActivator; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [135848 2015-10-30] (Microsoft Corporation)
S4 NetTcpPortSharing; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [135848 2015-10-30] (Microsoft Corporation)
S3 NgcCtnrSvc; C:\Windows\System32\NgcCtnrSvc.dll [289792 2016-05-06] (Microsoft Corporation)
S3 NgcSvc; C:\Windows\system32\ngcsvc.dll [649216 2016-05-06] (Microsoft Corporation)
R2 NlaSvc; C:\Windows\System32\nlasvc.dll [371712 2015-10-30] (Microsoft Corporation)
R2 nsi; C:\Windows\system32\nsisvc.dll [30720 2015-10-30] (Microsoft Corporation)
R2 nvsvc; C:\WINDOWS\system32\nvvsvc.exe [937800 2015-07-23] (NVIDIA Corporation)
R2 nvUpdatusService; C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [1997416 2011-07-25] (NVIDIA Corporation)
S2 OneSyncSvc; C:\Windows\System32\APHostService.dll [342016 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_3e5da; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_3e5da; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
R2 OneSyncSvc_42eec; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
R2 OneSyncSvc_42eec; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_434a2; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_434a2; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_45f36; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_45f36; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
S3 ose; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [150600 2014-12-13] (Microsoft Corporation)
S3 osppsvc; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [5132888 2012-11-22] (Microsoft Corporation)
S3 p2pimsvc; C:\Windows\system32\pnrpsvc.dll [351232 2015-10-30] (Microsoft Corporation)
S3 p2psvc; C:\Windows\system32\p2psvc.dll [434176 2015-10-30] (Microsoft Corporation)
R2 PcaSvc; C:\Windows\System32\pcasvc.dll [528736 2015-10-30] (Microsoft Corporation)
S3 PerfHost; C:\Windows\SysWow64\perfhost.exe [21504 2015-10-30] (Microsoft Corporation)
S3 PhoneSvc; C:\Windows\System32\PhoneService.dll [749056 2016-01-05] (Microsoft Corporation)
S3 PimIndexMaintenanceSvc; C:\Windows\System32\PimIndexMaintenance.dll [252928 2016-02-24] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_3e5da; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_3e5da; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
R3 PimIndexMaintenanceSvc_42eec; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
R3 PimIndexMaintenanceSvc_42eec; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_434a2; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_434a2; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_45f36; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_45f36; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
S3 pla; C:\Windows\system32\pla.dll [1487360 2015-10-30] (Microsoft Corporation)
S3 pla; C:\WINDOWS\SysWOW64\pla.dll [1537024 2015-10-30] (Microsoft Corporation)
R3 PlugPlay; C:\Windows\system32\umpnpmgr.dll [111616 2015-10-30] (Microsoft Corporation)
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [Datei ist nicht signiert]
S3 PNRPAutoReg; C:\Windows\system32\pnrpauto.dll [27648 2015-10-30] (Microsoft Corporation)
S3 PNRPsvc; C:\Windows\system32\pnrpsvc.dll [351232 2015-10-30] (Microsoft Corporation)
R3 PolicyAgent; C:\Windows\System32\ipsecsvc.dll [390656 2015-10-30] (Microsoft Corporation)
R2 Power; C:\Windows\system32\umpo.dll [113664 2015-10-30] (Microsoft Corporation)
S3 PrintNotify; C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll [3337728 2015-10-30] (Microsoft Corporation)
R2 ProfSvc; C:\Windows\system32\profsvc.dll [328192 2016-03-29] (Microsoft Corporation)
R2 PSI_SVC_2; c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe [189728 2010-03-10] (Protexis Inc.)
S3 QWAVE; C:\Windows\system32\qwave.dll [286720 2015-10-30] (Microsoft Corporation)
S3 QWAVE; C:\WINDOWS\SysWOW64\qwave.dll [246784 2015-10-30] (Microsoft Corporation)
S3 RasAuto; C:\Windows\System32\rasauto.dll [106496 2016-01-16] (Microsoft Corporation)
S3 RasMan; C:\Windows\System32\rasmans.dll [696320 2015-10-30] (Microsoft Corporation)
S4 RemoteAccess; C:\Windows\System32\mprdim.dll [507904 2015-10-30] (Microsoft Corporation)
S4 RemoteAccess; C:\WINDOWS\SysWOW64\mprdim.dll [436224 2015-10-30] (Microsoft Corporation)
S4 RemoteRegistry; C:\Windows\system32\regsvc.dll [156160 2015-10-30] (Microsoft Corporation)
S3 RetailDemo; C:\Windows\system32\RDXService.dll [1073152 2016-04-23] (Microsoft Corporation)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2010-12-14] () [Datei ist nicht signiert]
R2 RpcEptMapper; C:\Windows\System32\RpcEpMap.dll [79360 2015-10-30] (Microsoft Corporation)
S3 RpcLocator; C:\Windows\system32\locator.exe [10752 2015-10-30] (Microsoft Corporation)
R2 RpcSs; C:\Windows\system32\rpcss.dll [904704 2015-10-30] (Microsoft Corporation)
R2 SamSs; C:\Windows\system32\lsass.exe [57912 2015-10-30] (Microsoft Corporation)
S4 SCardSvr; C:\Windows\System32\SCardSvr.dll [235520 2015-10-30] (Microsoft Corporation)
S3 ScDeviceEnum; C:\Windows\System32\ScDeviceEnum.dll [181760 2015-10-30] (Microsoft Corporation)
R2 Schedule; C:\Windows\system32\schedsvc.dll [997376 2016-02-23] (Microsoft Corporation)
S3 SCPolicySvc; C:\Windows\System32\certprop.dll [192000 2015-10-30] (Microsoft Corporation)
R3 SDRSVC; C:\Windows\System32\SDRSVC.dll [150528 2015-10-30] (Microsoft Corporation)
S3 seclogon; C:\Windows\system32\seclogon.dll [31232 2016-02-24] (Microsoft Corporation)
R2 SENS; C:\Windows\System32\sens.dll [73216 2015-10-30] (Microsoft Corporation)
S3 SensorDataService; C:\Windows\System32\SensorDataService.exe [1297408 2015-10-30] (Microsoft Corporation)
S3 SensorService; C:\Windows\system32\SensorService.dll [339968 2016-03-29] (Microsoft Corporation)
S3 SensrSvc; C:\Windows\system32\sensrsvc.dll [180224 2015-10-30] (Microsoft Corporation)
S3 SessionEnv; C:\Windows\system32\sessenv.dll [372736 2015-10-30] (Microsoft Corporation)
S3 SessionEnv; C:\WINDOWS\SysWOW64\sessenv.dll [313344 2015-10-30] (Microsoft Corporation)
S3 SharedAccess; C:\Windows\System32\ipnathlp.dll [456704 2016-02-23] (Microsoft Corporation)
R2 ShellHWDetection; C:\Windows\System32\shsvcs.dll [608768 2015-10-30] (Microsoft Corporation)
R2 ShellHWDetection; C:\WINDOWS\SysWOW64\shsvcs.dll [559616 2015-10-30] (Microsoft Corporation)
S3 smphost; C:\Windows\System32\smphost.dll [23552 2015-10-30] (Microsoft Corporation)
S3 smphost; C:\WINDOWS\SysWOW64\smphost.dll [20992 2015-10-30] (Microsoft Corporation)
S3 SmsRouter; C:\Windows\system32\SmsRouterSvc.dll [591872 2016-02-23] (Microsoft Corporation)
S3 SNMPTRAP; C:\Windows\System32\snmptrap.exe [15872 2015-10-30] (Microsoft Corporation)
S3 Sony PC Companion; C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe [155520 2015-06-10] (Avanquest Software)
R2 Spooler; C:\Windows\System32\spoolsv.exe [755712 2016-02-23] (Microsoft Corporation)
S2 sppsvc; C:\Windows\system32\sppsvc.exe [6536248 2015-10-30] (Microsoft Corporation)
R3 SSDPSRV; C:\Windows\System32\ssdpsrv.dll [239616 2015-10-30] (Microsoft Corporation)
S3 SstpSvc; C:\Windows\system32\sstpsvc.dll [212480 2015-10-30] (Microsoft Corporation)
R3 StateRepository; C:\Windows\system32\windows.staterepository.dll [2745856 2015-10-30] (Microsoft Corporation)
R3 StateRepository; C:\WINDOWS\SysWOW64\windows.staterepository.dll [2179584 2015-10-30] (Microsoft Corporation)
R2 Stereo Service; C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [378472 2011-07-25] (NVIDIA Corporation)
R2 stisvc; C:\Windows\System32\wiaservc.dll [643584 2015-10-30] (Microsoft Corporation)
S3 StorSvc; C:\Windows\system32\storsvc.dll [617984 2016-04-23] (Microsoft Corporation)
S3 svsvc; C:\Windows\system32\svsvc.dll [13824 2015-10-30] (Microsoft Corporation)
S3 swprv; C:\Windows\System32\swprv.dll [467456 2015-10-30] (Microsoft Corporation)
R2 SysMain; C:\Windows\system32\sysmain.dll [1088512 2015-10-30] (Microsoft Corporation)
R2 SystemEventsBroker; C:\Windows\System32\SystemEventsBrokerServer.dll [380416 2015-10-30] (Microsoft Corporation)
S3 TabletInputService; C:\Windows\System32\TabSvc.dll [151040 2015-10-30] (Microsoft Corporation)
S3 TapiSrv; C:\Windows\System32\tapisrv.dll [311808 2015-10-30] (Microsoft Corporation)
S3 TapiSrv; C:\WINDOWS\SysWOW64\tapisrv.dll [254976 2015-10-30] (Microsoft Corporation)
S3 TermService; C:\Windows\System32\termsrv.dll [1033216 2015-10-30] (Microsoft Corporation)
R2 Themes; C:\Windows\system32\themeservice.dll [59392 2015-10-30] (Microsoft Corporation)
S3 TieringEngineService; C:\Windows\system32\TieringEngineService.exe [290304 2015-10-30] (Microsoft Corporation)
R2 tiledatamodelsvc; C:\Windows\system32\tileobjserver.dll [497152 2016-04-23] (Microsoft Corporation)
R3 TimeBroker; C:\Windows\System32\TimeBrokerServer.dll [163840 2016-02-23] (Microsoft Corporation)
R2 TrkWks; C:\Windows\System32\trkwks.dll [115200 2015-10-30] (Microsoft Corporation)
S3 TrustedInstaller; C:\Windows\servicing\TrustedInstaller.exe [121856 2015-10-30] (Microsoft Corporation)
S4 tzautoupdate; C:\Windows\system32\tzautoupdate.dll [87040 2016-03-29] (Microsoft Corporation)
S3 UI0Detect; C:\Windows\system32\UI0Detect.exe [43008 2015-10-30] (Microsoft Corporation)
S3 UmRdpService; C:\Windows\System32\umrdp.dll [278016 2015-10-30] (Microsoft Corporation)
S3 UnistoreSvc; C:\Windows\System32\unistore.dll [1224704 2016-02-24] (Microsoft Corporation)
S3 UnistoreSvc; C:\WINDOWS\SysWOW64\unistore.dll [949248 2016-02-24] (Microsoft Corporation)
U3 UnistoreSvc_3e5da; C:\WINDOWS\System32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_3e5da; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
R3 UnistoreSvc_42eec; C:\WINDOWS\System32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
R3 UnistoreSvc_42eec; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_434a2; C:\WINDOWS\System32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_434a2; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_45f36; C:\WINDOWS\System32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_45f36; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
R2 UNS; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2656280 2010-12-28] (Intel Corporation)
R3 upnphost; C:\Windows\System32\upnphost.dll [452608 2015-10-30] (Microsoft Corporation)
R3 upnphost; C:\WINDOWS\SysWOW64\upnphost.dll [329216 2015-10-30] (Microsoft Corporation)
S3 UserDataSvc; C:\Windows\System32\userdataservice.dll [1490432 2016-02-24] (Microsoft Corporation)
U3 UserDataSvc_3e5da; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_3e5da; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
R3 UserDataSvc_42eec; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
R3 UserDataSvc_42eec; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_434a2; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_434a2; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_45f36; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_45f36; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
R2 UserManager; C:\Windows\System32\usermgr.dll [912384 2016-01-05] (Microsoft Corporation)
S3 UsoSvc; C:\Windows\system32\usocore.dll [360960 2015-10-30] (Microsoft Corporation)
R3 VaultSvc; C:\Windows\System32\vaultsvc.dll [360448 2016-02-24] (Microsoft Corporation)
S3 vds; C:\Windows\System32\vds.exe [667136 2015-10-30] (Microsoft Corporation)
S3 vmicguestinterface; C:\Windows\System32\ICSvc.dll [511488 2015-10-30] (Microsoft Corporation)
S3 vmicheartbeat; C:\Windows\System32\ICSvc.dll [511488 2015-10-30] (Microsoft Corporation)
S3 vmickvpexchange; C:\Windows\System32\ICSvc.dll [511488 2015-10-30] (Microsoft Corporation)
S3 vmicrdv; C:\Windows\System32\ICSvc.dll [511488 2015-10-30] (Microsoft Corporation)
S3 vmicshutdown; C:\Windows\System32\ICSvc.dll [511488 2015-10-30] (Microsoft Corporation)
S3 vmictimesync; C:\Windows\System32\ICSvc.dll [511488 2015-10-30] (Microsoft Corporation)
S3 vmicvmsession; C:\Windows\System32\ICSvc.dll [511488 2015-10-30] (Microsoft Corporation)
S3 vmicvss; C:\Windows\System32\ICSvc.dll [511488 2015-10-30] (Microsoft Corporation)
S3 VSS; C:\Windows\system32\vssvc.exe [1465344 2015-10-30] (Microsoft Corporation)
S3 vssbrigde64; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\x64\vssbridge64.exe [144640 2015-07-09] (AO Kaspersky Lab)
S3 W32Time; C:\Windows\system32\w32time.dll [526848 2015-10-30] (Microsoft Corporation)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [84480 2016-01-06] (Microsoft Corporation)
S3 w3logsvc; C:\WINDOWS\SysWOW64\inetsrv\w3logsvc.dll [72192 2016-01-06] (Microsoft Corporation)
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [579072 2016-01-06] (Microsoft Corporation)
R2 W3SVC; C:\WINDOWS\SysWOW64\inetsrv\iisw3adm.dll [504320 2016-01-06] (Microsoft Corporation)
S3 WalletService; C:\Windows\system32\WalletService.dll [497664 2015-10-30] (Microsoft Corporation)
R3 WAS; C:\Windows\system32\inetsrv\iisw3adm.dll [579072 2016-01-06] (Microsoft Corporation)
R3 WAS; C:\WINDOWS\SysWOW64\inetsrv\iisw3adm.dll [504320 2016-01-06] (Microsoft Corporation)
S2 watchmi; C:\Program Files (x86)\watchmi\TvdService.exe [62464 2010-12-06] () [Datei ist nicht signiert]
S3 wbengine; C:\Windows\system32\wbengine.exe [1570816 2015-10-30] (Microsoft Corporation)
S2 WbioSrvc; C:\Windows\System32\wbiosrvc.dll [621568 2016-01-16] (Microsoft Corporation)
R2 Wcmsvc; C:\Windows\System32\wcmsvc.dll [606720 2016-04-23] (Microsoft Corporation)
S3 wcncsvc; C:\Windows\System32\wcncsvc.dll [471040 2015-10-30] (Microsoft Corporation)
S3 WcsPlugInService; C:\Windows\System32\WcsPlugInService.dll [43008 2015-10-30] (Microsoft Corporation)
S3 WcsPlugInService; C:\WINDOWS\SysWOW64\WcsPlugInService.dll [33792 2015-10-30] (Microsoft Corporation)
R3 WdiServiceHost; C:\Windows\system32\wdi.dll [100352 2015-10-30] (Microsoft Corporation)
R3 WdiServiceHost; C:\WINDOWS\SysWOW64\wdi.dll [89600 2015-10-30] (Microsoft Corporation)
R3 WdiSystemHost; C:\Windows\system32\wdi.dll [100352 2015-10-30] (Microsoft Corporation)
R3 WdiSystemHost; C:\WINDOWS\SysWOW64\wdi.dll [89600 2015-10-30] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WebClient; C:\Windows\System32\webclnt.dll [228864 2015-10-30] (Microsoft Corporation)
S3 WebClient; C:\WINDOWS\SysWOW64\webclnt.dll [199680 2015-10-30] (Microsoft Corporation)
S3 Wecsvc; C:\Windows\system32\wecsvc.dll [211456 2015-10-30] (Microsoft Corporation)
S3 WEPHOSTSVC; C:\Windows\system32\wephostsvc.dll [27648 2015-10-30] (Microsoft Corporation)
S3 wercplsupport; C:\Windows\System32\wercplsupport.dll [96256 2015-10-30] (Microsoft Corporation)
S3 WerSvc; C:\Windows\System32\WerSvc.dll [143360 2015-10-30] (Microsoft Corporation)
S3 WiaRpc; C:\Windows\System32\wiarpc.dll [75264 2015-10-30] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
R3 WinHttpAutoProxySvc; C:\Windows\system32\winhttp.dll [794112 2016-01-16] (Microsoft Corporation)
R3 WinHttpAutoProxySvc; C:\WINDOWS\SysWOW64\winhttp.dll [613888 2016-01-16] (Microsoft Corporation)
R2 Winmgmt; C:\Windows\system32\wbem\WMIsvc.dll [225280 2015-10-30] (Microsoft Corporation)
S3 WinRM; C:\Windows\system32\WsmSvc.dll [2573824 2015-10-30] (Microsoft Corporation)
S3 WinRM; C:\WINDOWS\SysWOW64\WsmSvc.dll [2177024 2015-10-30] (Microsoft Corporation)
R3 WisLMSvc; C:\Program Files (x86)\Launch Manager\WisLMSvc.exe [118560 2011-08-06] (Wistron Corp.)
R2 WlanSvc; C:\Windows\System32\wlansvc.dll [2295808 2016-02-23] (Microsoft Corporation)
S4 wlcrasvc; C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [57184 2010-09-23] (Microsoft Corporation)
R3 wlidsvc; C:\Windows\system32\wlidsvc.dll [2057216 2016-01-16] (Microsoft Corporation)
S3 wmiApSrv; C:\Windows\system32\wbem\WmiApSrv.exe [202752 2015-10-30] (Microsoft Corporation)
S3 WMPNetworkSvc; C:\Program Files\Windows Media Player\wmpnetwk.exe [1474560 2016-02-24] (Microsoft Corporation)
S3 workfolderssvc; C:\Windows\system32\workfolderssvc.dll [1872896 2015-10-30] (Microsoft Corporation)
S3 WPDBusEnum; C:\Windows\system32\wpdbusenum.dll [86528 2016-04-23] (Microsoft Corporation)
S3 WpnService; C:\Windows\system32\WpnService.dll [49152 2015-10-30] (Microsoft Corporation)
R2 wscsvc; C:\Windows\System32\wscsvc.dll [190464 2016-01-16] (Microsoft Corporation)
R2 WSearch; C:\Windows\system32\SearchIndexer.exe [938496 2015-10-30] (Microsoft Corporation)
R2 WSearch; C:\WINDOWS\SysWOW64\SearchIndexer.exe [759808 2015-10-30] (Microsoft Corporation)
S3 WSService; C:\Windows\System32\WSService.dll [3449168 2016-02-24] (Microsoft Corporation)
R3 wuauserv; C:\Windows\system32\wuaueng.dll [2280960 2016-04-23] (Microsoft Corporation)
R3 wudfsvc; C:\Windows\System32\WUDFSvc.dll [104448 2015-10-30] (Microsoft Corporation)
S3 WwanSvc; C:\Windows\System32\wwansvc.dll [1213440 2016-04-23] (Microsoft Corporation)
S3 XblAuthManager; C:\Windows\System32\XblAuthManager.dll [948736 2016-03-29] (Microsoft Corporation)
S3 XblGameSave; C:\Windows\System32\XblGameSave.dll [1139712 2016-02-23] (Microsoft Corporation)
S3 XboxNetApiSvc; C:\Windows\system32\XboxNetApiSvc.dll [1035776 2015-12-07] (Microsoft Corporation)
S3 COMSysApp; %SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
S2 jIxmRfR_protect; "C:\ProgramData\jIxmRfR\protect\protect.exe" [X]

===================== Treiber (Nicht auf der Ausnahmeliste) ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [389816 2015-07-06] (Kaspersky Lab ZAO)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)
R3 fspad_win764; C:\Windows\system32\DRIVERS\fspad_win764.sys [209232 2015-05-29] (Sentelic Corporation)
R1 iSafeKrnl; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnl.sys [262344 2016-05-24] (Elex do Brasil Participações Ltda)
S1 iSafeKrnlKit; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlKit.sys [110112 2016-05-24] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlMon; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlMon.sys [52440 2016-05-24] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlR3; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlR3.sys [103904 2016-05-24] (Elex do Brasil Participações Ltda)
R1 iSafeNetFilter; C:\Windows\System32\DRIVERS\iSafeNetFilter.sys [52392 2016-05-19] (Elex do Brasil Participações Ltda)
S3 IT9135BDA; C:\Windows\System32\Drivers\IT9135BDA.sys [165504 2011-08-10] (ITE                      )
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [478392 2015-06-22] (Kaspersky Lab ZAO)
R0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [53432 2015-06-06] (Kaspersky Lab ZAO)
R1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [70512 2015-06-27] (Kaspersky Lab ZAO)
R2 kldisk; C:\Windows\system32\DRIVERS\kldisk.sys [68280 2015-06-06] (Kaspersky Lab ZAO)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [30328 2015-06-24] (Kaspersky Lab)
R3 klflt; C:\Windows\system32\DRIVERS\klflt.sys [181640 2015-12-08] (AO Kaspersky Lab)
R1 klhk; C:\Windows\system32\DRIVERS\klhk.sys [227512 2015-12-08] (AO Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [934272 2015-12-08] (AO Kaspersky Lab)
R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [39608 2015-06-11] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [41656 2015-06-06] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [41656 2015-06-07] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [41352 2015-12-08] (AO Kaspersky Lab)
R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [87944 2015-12-08] (Kaspersky Lab ZAO)
R1 Klwtp; C:\Windows\system32\DRIVERS\klwtp.sys [102584 2015-06-16] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [187056 2015-06-23] (Kaspersky Lab ZAO)
S3 mod7764; C:\Windows\System32\DRIVERS\mod77-64.sys [1077416 2010-09-16] (DiBcom SA)
R3 RTSUER; C:\Windows\system32\Drivers\RtsUer.sys [402960 2015-05-14] (Realsil Semiconductor Corporation)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
U3 idsvc; kein ImagePath
U4 klkbdflt2; \SystemRoot\system32\DRIVERS\klkbdflt2.sys [X]

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-06-08 09:33 - 2016-06-08 09:33 - 00002492 _____ C:\Users\lucted\Desktop\Sicherer Zahlungsverkehr.lnk
2016-06-08 09:32 - 2016-06-08 09:32 - 00000000 ____D C:\Users\lucted\AppData\Roaming\Elex-tech
2016-06-08 09:32 - 2016-05-19 08:42 - 00052392 _____ (Elex do Brasil Participações Ltda) C:\WINDOWS\system32\Drivers\iSafeNetFilter.sys
2016-06-08 09:03 - 2016-06-08 09:03 - 00000548 _____ C:\Users\lucted\Desktop\mbam.txt
2016-06-08 08:59 - 2016-06-08 08:59 - 00001684 _____ C:\WINDOWS\Tasks\jIxmRfRCheckTask.job
2016-06-08 08:59 - 2016-06-08 08:59 - 00000580 _____ C:\WINDOWS\Tasks\jIxmRfRBrowserUpdateCore.job
2016-06-08 08:39 - 2016-06-08 09:16 - 00000000 ____D C:\AdwCleaner
2016-06-08 07:53 - 2016-06-08 09:09 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-06-08 07:52 - 2016-06-08 07:52 - 00000919 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-06-08 07:52 - 2016-06-08 07:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-06-08 07:52 - 2016-06-08 07:52 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-06-08 07:52 - 2016-06-08 07:52 - 00000000 ____D C:\Benutzer
2016-06-08 07:52 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-06-08 07:52 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-06-08 07:52 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-06-08 07:49 - 2016-06-08 07:49 - 00001653 _____ C:\Users\lucted\Desktop\mbam-setup-2.2.1.1043.exe - Verknüpfung.lnk
2016-06-07 14:48 - 2016-06-07 14:48 - 00000000 ____D C:\TDSSKiller_Quarantine
2016-06-07 14:37 - 2016-06-07 15:03 - 00822490 _____ C:\TDSSKiller.3.1.0.9_07.06.2016_14.37.08_log.txt
2016-06-07 13:09 - 2016-06-07 13:11 - 00058934 _____ C:\Users\lucted\Desktop\Addition.txt
2016-06-07 13:07 - 2016-06-08 09:46 - 00000000 ____D C:\FRST
2016-06-07 13:07 - 2016-06-07 13:11 - 00066138 _____ C:\Users\lucted\Desktop\FRST.txt
2016-06-07 12:27 - 2016-06-08 09:46 - 00000000 ____D C:\Users\lucted\Trojaner-Board#
2016-06-07 10:45 - 2016-06-07 10:45 - 00002196 _____ C:\Users\Public\Desktop\Kaspersky Total Security.lnk
2016-06-07 10:45 - 2016-06-07 10:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Total Security
2016-06-07 10:45 - 2013-05-06 08:13 - 00110176 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\klfphc.dll
2016-06-07 10:44 - 2016-06-07 10:44 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab
2016-06-07 10:43 - 2015-12-08 21:34 - 00934272 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klif.sys
2016-06-07 10:43 - 2015-12-08 21:34 - 00227512 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klhk.sys
2016-06-07 10:43 - 2015-12-08 21:34 - 00181640 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klflt.sys
2016-06-07 10:41 - 2016-06-07 10:42 - 162961416 _____ (Kaspersky Lab) C:\Users\lucted\Downloads\kts16.0.0.614abcdde_9994(1).exe
2016-06-06 22:44 - 2016-06-06 23:00 - 00000000 ____D C:\KVRT_Data
2016-06-06 22:43 - 2016-06-06 22:43 - 94947664 _____ (Kaspersky Lab ZAO) C:\Users\lucted\Downloads\KVRT (3).exe
2016-06-06 22:40 - 2016-06-06 22:40 - 94947664 _____ (Kaspersky Lab ZAO) C:\Users\lucted\Downloads\KVRT (2).exe
2016-06-06 22:39 - 2016-06-06 22:44 - 94947664 _____ (Kaspersky Lab ZAO) C:\Users\lucted\Downloads\KVRT.exe
2016-06-06 22:39 - 2016-06-06 22:40 - 94947664 _____ (Kaspersky Lab ZAO) C:\Users\lucted\Downloads\KVRT (1).exe
2016-06-06 22:30 - 2016-06-06 22:33 - 162961416 _____ (Kaspersky Lab) C:\Users\lucted\Downloads\kts16.0.0.614abcdde_9994.exe
2016-06-06 22:17 - 2016-06-06 22:27 - 00000000 ____D C:\WINDOWS\Minidump
2016-06-01 08:40 - 2016-06-01 08:40 - 00000000 ____D C:\Program Files (x86)\TXQQBrowser
2016-05-27 10:29 - 2016-05-27 10:29 - 00000000 _____ C:\Users\Public\Documents\report.dat
2016-05-22 19:17 - 2016-05-22 19:17 - 00004336 _____ C:\Users\lucted\Downloads\MitteilungForm(1).pdf
2016-05-22 19:12 - 2016-05-22 19:12 - 00004394 _____ C:\Users\lucted\Downloads\MitteilungForm.pdf
2016-05-22 17:32 - 2016-05-22 17:32 - 00000000 ____D C:\Program Files\3d4c000a04d89a4d691861923d3e00f8
2016-05-22 17:31 - 2016-05-22 17:31 - 00079944 _____ C:\WINDOWS\system32\Drivers\9bbd853a1cc743e00bcc1b20a5622ae6.sys
2016-05-20 17:10 - 2016-05-20 17:10 - 00036153 _____ C:\Users\lucted\Downloads\Kontoumsaetze_848_031412000_20160520_171027.pdf
2016-05-11 10:32 - 2016-05-11 10:32 - 00984352 _____ ( ) C:\Users\lucted\Downloads\JavaSetup(1).exe
2016-05-11 10:27 - 2016-04-23 07:28 - 01542816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2016-05-11 10:27 - 2016-04-23 07:24 - 07474528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-05-11 10:27 - 2016-04-23 07:24 - 01819208 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-05-11 10:27 - 2016-04-23 07:10 - 03673424 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-05-11 10:27 - 2016-04-23 07:10 - 02919832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-05-11 10:27 - 2016-04-23 07:09 - 22561256 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-05-11 10:27 - 2016-04-23 07:09 - 21123320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-05-11 10:27 - 2016-04-23 07:09 - 05240960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2016-05-11 10:27 - 2016-04-23 07:08 - 06605504 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2016-05-11 10:27 - 2016-04-23 06:31 - 13018112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-05-11 10:27 - 2016-04-23 06:30 - 22379008 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-05-11 10:27 - 2016-04-23 06:28 - 16984576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-05-11 10:27 - 2016-04-23 06:26 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosStorage.dll
2016-05-11 10:27 - 2016-04-23 06:25 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll
2016-05-11 10:27 - 2016-04-23 06:23 - 11545088 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-05-11 10:27 - 2016-04-23 06:22 - 09918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-05-11 10:27 - 2016-04-23 06:22 - 00460800 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2016-05-11 10:27 - 2016-04-23 06:20 - 19344384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-05-11 10:27 - 2016-04-23 06:20 - 18676224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-05-11 10:27 - 2016-04-23 06:19 - 07977472 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2016-05-11 10:27 - 2016-04-23 06:19 - 01056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2016-05-11 10:27 - 2016-04-23 06:19 - 00970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2016-05-11 10:27 - 2016-04-23 06:19 - 00853504 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2016-05-11 10:27 - 2016-04-23 06:19 - 00440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
2016-05-11 10:27 - 2016-04-23 06:18 - 24604672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-05-11 10:27 - 2016-04-23 06:18 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2016-05-11 10:27 - 2016-04-23 06:18 - 00939520 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2016-05-11 10:27 - 2016-04-23 06:18 - 00870400 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2016-05-11 10:27 - 2016-04-23 06:18 - 00349696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2016-05-11 10:27 - 2016-04-23 06:16 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2016-05-11 10:27 - 2016-04-23 06:15 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2016-05-11 10:27 - 2016-04-23 06:15 - 00784896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
2016-05-11 10:27 - 2016-04-23 06:15 - 00348672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll
2016-05-11 10:27 - 2016-04-23 06:14 - 13383168 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-05-11 10:27 - 2016-04-23 06:14 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2016-05-11 10:27 - 2016-04-23 06:13 - 07200256 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2016-05-11 10:27 - 2016-04-23 06:13 - 06295552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2016-05-11 10:27 - 2016-04-23 06:10 - 12125696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-05-11 10:27 - 2016-04-23 06:08 - 02061824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2016-05-11 10:27 - 2016-04-23 06:07 - 05205504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2016-05-11 10:27 - 2016-04-23 06:06 - 06974464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-05-11 10:27 - 2016-04-23 06:03 - 05660160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-05-11 10:27 - 2016-04-23 06:02 - 07832576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-05-11 10:26 - 2016-05-06 06:53 - 00095072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdport.sys
2016-05-11 10:26 - 2016-05-06 06:03 - 00649216 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2016-05-11 10:26 - 2016-05-06 05:53 - 00351232 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnr.dll
2016-05-11 10:26 - 2016-05-06 05:49 - 00289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnrSvc.dll
2016-05-11 10:26 - 2016-05-06 05:44 - 00582656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngccredprov.dll
2016-05-11 10:26 - 2016-04-30 08:42 - 01387520 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-05-11 10:26 - 2016-04-30 08:31 - 03591168 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-05-11 10:26 - 2016-04-23 08:12 - 01401024 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-05-11 10:26 - 2016-04-23 08:12 - 01184960 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-05-11 10:26 - 2016-04-23 08:12 - 00713920 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2016-05-11 10:26 - 2016-04-23 08:12 - 00514752 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-05-11 10:26 - 2016-04-23 08:12 - 00294592 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-05-11 10:26 - 2016-04-23 08:12 - 00190144 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2016-05-11 10:26 - 2016-04-23 08:12 - 00092352 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-05-11 10:26 - 2016-04-23 08:12 - 00046784 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2016-05-11 10:26 - 2016-04-23 07:28 - 01557768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2016-05-11 10:26 - 2016-04-23 07:26 - 00707608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2016-05-11 10:26 - 2016-04-23 07:24 - 01997328 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2016-05-11 10:26 - 2016-04-23 07:24 - 00754664 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2016-05-11 10:26 - 2016-04-23 07:22 - 01161120 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2016-05-11 10:26 - 2016-04-23 07:12 - 00925064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2016-05-11 10:26 - 2016-04-23 07:12 - 00451928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll
2016-05-11 10:26 - 2016-04-23 07:12 - 00413536 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifitask.exe
2016-05-11 10:26 - 2016-04-23 07:11 - 01092464 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2016-05-11 10:26 - 2016-04-23 07:11 - 00498960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2016-05-11 10:26 - 2016-04-23 07:11 - 00390496 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll
2016-05-11 10:26 - 2016-04-23 07:10 - 00330072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2016-05-11 10:26 - 2016-04-23 07:09 - 04074160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2016-05-11 10:26 - 2016-04-23 07:09 - 00569744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll
2016-05-11 10:26 - 2016-04-23 07:09 - 00303216 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe
2016-05-11 10:26 - 2016-04-23 07:09 - 00255168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe
2016-05-11 10:26 - 2016-04-23 07:08 - 04515256 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2016-05-11 10:26 - 2016-04-23 07:08 - 00725776 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll
2016-05-11 10:26 - 2016-04-23 07:07 - 01848072 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2016-05-11 10:26 - 2016-04-23 07:07 - 01536088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2016-05-11 10:26 - 2016-04-23 07:06 - 00291360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininit.exe
2016-05-11 10:26 - 2016-04-23 07:02 - 00188256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2016-05-11 10:26 - 2016-04-23 07:01 - 01996640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-05-11 10:26 - 2016-04-23 07:01 - 00650304 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2016-05-11 10:26 - 2016-04-23 07:01 - 00619296 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10level9.dll
2016-05-11 10:26 - 2016-04-23 07:01 - 00577368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-05-11 10:26 - 2016-04-23 07:01 - 00522176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2016-05-11 10:26 - 2016-04-23 07:01 - 00513368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10level9.dll
2016-05-11 10:26 - 2016-04-23 07:01 - 00393568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2016-05-11 10:26 - 2016-04-23 07:01 - 00217440 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2016-05-11 10:26 - 2016-04-23 07:00 - 01776768 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2016-05-11 10:26 - 2016-04-23 07:00 - 01594920 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2016-05-11 10:26 - 2016-04-23 07:00 - 01522152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2016-05-11 10:26 - 2016-04-23 07:00 - 01399224 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2016-05-11 10:26 - 2016-04-23 07:00 - 01372304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2016-05-11 10:26 - 2016-04-23 07:00 - 01337240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2016-05-11 10:26 - 2016-04-23 07:00 - 00550656 _____ (Microsoft Corporation) C:\WINDOWS\system32\directmanipulation.dll
2016-05-11 10:26 - 2016-04-23 06:56 - 00534872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2016-05-11 10:26 - 2016-04-23 06:39 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsCSP.dll
2016-05-11 10:26 - 2016-04-23 06:35 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosHostClient.dll
2016-05-11 10:26 - 2016-04-23 06:32 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseDesktopAppMgmtCSP.dll
2016-05-11 10:26 - 2016-04-23 06:32 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapsupdatetask.dll
2016-05-11 10:26 - 2016-04-23 06:31 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll
2016-05-11 10:26 - 2016-04-23 06:30 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2016-05-11 10:26 - 2016-04-23 06:29 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe
2016-05-11 10:26 - 2016-04-23 06:29 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll
2016-05-11 10:26 - 2016-04-23 06:26 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2016-05-11 10:26 - 2016-04-23 06:25 - 00617984 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2016-05-11 10:26 - 2016-04-23 06:25 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2016-05-11 10:26 - 2016-04-23 06:24 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2016-05-11 10:26 - 2016-04-23 06:24 - 00292864 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2016-05-11 10:26 - 2016-04-23 06:24 - 00287232 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll
2016-05-11 10:26 - 2016-04-23 06:24 - 00181248 _____ (Microsoft Corporation) C:\WINDOWS\system32\shacct.dll
2016-05-11 10:26 - 2016-04-23 06:24 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\SubscriptionMgr.dll
2016-05-11 10:26 - 2016-04-23 06:21 - 00479232 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2016-05-11 10:26 - 2016-04-23 06:21 - 00314880 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
2016-05-11 10:26 - 2016-04-23 06:20 - 00606720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2016-05-11 10:26 - 2016-04-23 06:20 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2016-05-11 10:26 - 2016-04-23 06:20 - 00484352 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataSenseHandlers.dll
2016-05-11 10:26 - 2016-04-23 06:20 - 00356864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2016-05-11 10:26 - 2016-04-23 06:20 - 00307200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2016-05-11 10:26 - 2016-04-23 06:20 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shacct.dll
2016-05-11 10:26 - 2016-04-23 06:18 - 00988672 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2016-05-11 10:26 - 2016-04-23 06:18 - 00804352 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2016-05-11 10:26 - 2016-04-23 06:18 - 00605184 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2016-05-11 10:26 - 2016-04-23 06:18 - 00585728 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2016-05-11 10:26 - 2016-04-23 06:18 - 00515072 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2016-05-11 10:26 - 2016-04-23 06:18 - 00471552 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2016-05-11 10:26 - 2016-04-23 06:17 - 01213440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2016-05-11 10:26 - 2016-04-23 06:17 - 00529920 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2016-05-11 10:26 - 2016-04-23 06:17 - 00388608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2016-05-11 10:26 - 2016-04-23 06:16 - 01319424 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2016-05-11 10:26 - 2016-04-23 06:16 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2016-05-11 10:26 - 2016-04-23 06:15 - 01073152 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2016-05-11 10:26 - 2016-04-23 06:15 - 00865792 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2016-05-11 10:26 - 2016-04-23 06:15 - 00673280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2016-05-11 10:26 - 2016-04-23 06:14 - 00870912 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2016-05-11 10:26 - 2016-04-23 06:14 - 00821760 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2016-05-11 10:26 - 2016-04-23 06:14 - 00647680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2016-05-11 10:26 - 2016-04-23 06:14 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2016-05-11 10:26 - 2016-04-23 06:14 - 00354304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
2016-05-11 10:26 - 2016-04-23 06:14 - 00342528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2016-05-11 10:26 - 2016-04-23 06:13 - 00705536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2016-05-11 10:26 - 2016-04-23 06:13 - 00489984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2016-05-11 10:26 - 2016-04-23 06:13 - 00434688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2016-05-11 10:26 - 2016-04-23 06:12 - 00667648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2016-05-11 10:26 - 2016-04-23 06:10 - 00639488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2016-05-11 10:26 - 2016-04-23 06:09 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-05-11 10:26 - 2016-04-23 06:09 - 02582016 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2016-05-11 10:26 - 2016-04-23 06:08 - 05324288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2016-05-11 10:26 - 2016-04-23 06:07 - 02598912 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2016-05-11 10:26 - 2016-04-23 06:07 - 01500160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-05-11 10:26 - 2016-04-23 06:07 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2016-05-11 10:26 - 2016-04-23 06:05 - 05502976 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2016-05-11 10:26 - 2016-04-23 06:05 - 02166784 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-05-11 10:26 - 2016-04-23 06:05 - 02066432 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2016-05-11 10:26 - 2016-04-23 06:05 - 01946112 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2016-05-11 10:26 - 2016-04-23 06:05 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2016-05-11 10:26 - 2016-04-23 06:05 - 00613376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
2016-05-11 10:26 - 2016-04-23 06:04 - 04759040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2016-05-11 10:26 - 2016-04-23 06:04 - 01731072 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-05-11 10:26 - 2016-04-23 06:03 - 04894208 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-05-11 10:26 - 2016-04-23 06:03 - 02280960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-05-11 10:26 - 2016-04-23 06:03 - 02000896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2016-05-11 10:26 - 2016-04-23 06:03 - 00754176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2016-05-11 10:26 - 2016-04-23 06:03 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll
2016-05-11 10:26 - 2016-04-23 06:02 - 02444288 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2016-05-11 10:26 - 2016-04-23 06:01 - 04775424 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2016-05-11 10:26 - 2016-04-23 06:00 - 01390080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-05-11 10:26 - 2016-04-23 06:00 - 00984576 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2016-05-11 10:26 - 2016-04-23 04:10 - 00215040 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2016-05-11 10:25 - 2016-05-06 06:05 - 00241664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll
2016-05-11 10:25 - 2016-05-06 05:43 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll
2016-05-11 10:25 - 2016-05-06 05:23 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcpopkeysrv.dll
2016-05-11 10:25 - 2016-04-23 07:24 - 00638816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2016-05-11 10:25 - 2016-04-23 07:24 - 00335712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
2016-05-11 10:25 - 2016-04-23 07:24 - 00099680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2016-05-11 10:25 - 2016-04-23 07:18 - 00026408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2016-05-11 10:25 - 2016-04-23 07:13 - 00502104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2016-05-11 10:25 - 2016-04-23 07:13 - 00306832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanapi.dll
2016-05-11 10:25 - 2016-04-23 07:13 - 00084832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2016-05-11 10:25 - 2016-04-23 07:11 - 00696672 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2016-05-11 10:25 - 2016-04-23 07:11 - 00131424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ufxsynopsys.sys
2016-05-11 10:25 - 2016-04-23 07:11 - 00115040 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2016-05-11 10:25 - 2016-04-23 07:09 - 00565600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2016-05-11 10:25 - 2016-04-23 07:09 - 00465760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2016-05-11 10:25 - 2016-04-23 07:07 - 00204048 _____ (Microsoft Corporation) C:\WINDOWS\system32\rsaenh.dll
2016-05-11 10:25 - 2016-04-23 07:07 - 00183904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rsaenh.dll
2016-05-11 10:25 - 2016-04-23 07:00 - 00453472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\directmanipulation.dll
2016-05-11 10:25 - 2016-04-23 07:00 - 00058208 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwminit.dll
2016-05-11 10:25 - 2016-04-23 06:34 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbser.sys
2016-05-11 10:25 - 2016-04-23 06:34 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\hmkd.dll
2016-05-11 10:25 - 2016-04-23 06:34 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2016-05-11 10:25 - 2016-04-23 06:33 - 00089600 _____ (Microsoft Corporation) C:\WINDOWS\system32\NFCProvisioningPlugin.dll
2016-05-11 10:25 - 2016-04-23 06:33 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshbth.dll
2016-05-11 10:25 - 2016-04-23 06:33 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmCx.sys
2016-05-11 10:25 - 2016-04-23 06:33 - 00038400 _____ (Microsoft Corporation) C:\WINDOWS\system32\ByteCodeGenerator.exe
2016-05-11 10:25 - 2016-04-23 06:32 - 00134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wificonnapi.dll
2016-05-11 10:25 - 2016-04-23 06:30 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosHostClient.dll
2016-05-11 10:25 - 2016-04-23 06:29 - 00192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
2016-05-11 10:25 - 2016-04-23 06:29 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll
2016-05-11 10:25 - 2016-04-23 06:29 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\filecrypt.sys
2016-05-11 10:25 - 2016-04-23 06:29 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hmkd.dll
2016-05-11 10:25 - 2016-04-23 06:29 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ByteCodeGenerator.exe
2016-05-11 10:25 - 2016-04-23 06:29 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2016-05-11 10:25 - 2016-04-23 06:28 - 00130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudDomainJoinDataModelServer.dll
2016-05-11 10:25 - 2016-04-23 06:28 - 00127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEDataLayerHelpers.dll
2016-05-11 10:25 - 2016-04-23 06:28 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll
2016-05-11 10:25 - 2016-04-23 06:28 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2016-05-11 10:25 - 2016-04-23 06:28 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshbth.dll
2016-05-11 10:25 - 2016-04-23 06:27 - 00155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidclass.sys
2016-05-11 10:25 - 2016-04-23 06:27 - 00039424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wfdprov.dll
2016-05-11 10:25 - 2016-04-23 06:26 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdbusenum.dll
2016-05-11 10:25 - 2016-04-23 06:25 - 00630784 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll
2016-05-11 10:25 - 2016-04-23 06:25 - 00207360 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2016-05-11 10:25 - 2016-04-23 06:24 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-05-11 10:25 - 2016-04-23 06:24 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEDataLayerHelpers.dll
2016-05-11 10:25 - 2016-04-23 06:23 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2016-05-11 10:25 - 2016-04-23 06:23 - 00279040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ListSvc.dll
2016-05-11 10:25 - 2016-04-23 06:23 - 00179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\BrowserSettingSync.dll
2016-05-11 10:25 - 2016-04-23 06:23 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BluetoothApis.dll
2016-05-11 10:25 - 2016-04-23 06:22 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll
2016-05-11 10:25 - 2016-04-23 06:19 - 00395264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlansec.dll
2016-05-11 10:25 - 2016-04-23 06:19 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BrowserSettingSync.dll
2016-05-11 10:25 - 2016-04-23 06:18 - 00436736 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2016-05-11 10:25 - 2016-04-23 06:18 - 00219648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2016-05-11 10:25 - 2016-04-23 06:17 - 00337920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanmsm.dll
2016-05-11 10:25 - 2016-04-23 06:15 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2016-05-11 10:25 - 2016-04-23 06:05 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2016-05-11 10:25 - 2016-04-23 06:05 - 00103936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2016-05-11 10:25 - 2016-04-23 06:03 - 02193408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2016-05-11 10:25 - 2016-04-23 05:45 - 00461824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2016-05-11 10:25 - 2016-04-23 04:10 - 00002186 _____ C:\WINDOWS\system32\AppxProvisioning.xml
2016-05-11 10:25 - 2016-04-19 00:30 - 00002186 _____ C:\WINDOWS\SysWOW64\AppxProvisioning.xml

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-06-08 09:46 - 2012-12-05 19:45 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-06-08 09:44 - 2012-01-19 23:47 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2016-06-08 09:41 - 2011-12-18 00:08 - 00001138 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-06-08 09:33 - 2011-12-18 00:08 - 00001134 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-06-08 09:31 - 2016-01-06 14:04 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-06-08 09:31 - 2016-01-06 13:36 - 00000000 ____D C:\ProgramData\NVIDIA
2016-06-08 09:31 - 2015-10-30 08:28 - 00786432 ___SH C:\WINDOWS\system32\config\BBI
2016-06-08 09:17 - 2016-04-21 13:26 - 00000000 ____D C:\WINDOWS\system32\log
2016-06-08 09:17 - 2016-03-26 10:41 - 00000008 __RSH C:\ProgramData\ntuser.pol
2016-06-08 08:41 - 2016-04-21 13:26 - 00014824 _____ C:\WINDOWS\System32\Tasks\jIxmRfRBrowserUpdateUA
2016-06-08 08:41 - 2016-04-21 13:26 - 00014802 _____ C:\WINDOWS\System32\Tasks\jIxmRfRCheckTask
2016-06-08 08:41 - 2016-04-21 13:26 - 00003888 _____ C:\WINDOWS\System32\Tasks\jIxmRfRBrowserUpdateCore
2016-06-08 07:48 - 2015-10-30 09:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-06-08 07:48 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-06-08 07:47 - 2011-12-18 00:08 - 00002298 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-06-08 07:47 - 2011-12-18 00:08 - 00002286 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-06-08 07:44 - 2015-12-28 14:36 - 00004156 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{845ECAD7-6284-46CB-831F-F26619A16307}
2016-06-07 12:27 - 2016-01-06 13:40 - 00000000 ____D C:\Users\lucted
2016-06-07 10:46 - 2015-10-30 09:21 - 00000000 ____D C:\WINDOWS\INF
2016-06-07 10:45 - 2015-10-30 08:28 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2016-06-07 10:44 - 2015-10-30 09:24 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2016-06-07 07:50 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-06-06 22:17 - 2014-05-17 20:56 - 597610651 _____ C:\WINDOWS\MEMORY.DMP
2016-05-27 12:34 - 2016-04-21 13:26 - 00002179 _____ C:\Users\lucted\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-05-27 09:49 - 2015-10-30 09:24 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-05-27 09:48 - 2014-12-24 15:23 - 00000000 ____D C:\Program Files\Microsoft Office 15
2016-05-24 18:41 - 2015-12-30 14:28 - 00000000 ____D C:\Users\lucted\Documents\Carola DAK
2016-05-24 13:47 - 2016-03-26 10:41 - 00000000 ____D C:\Program Files\43479b7a0f48684bb2a08ceca5cd1e79
2016-05-22 17:31 - 2016-03-24 07:07 - 00649728 _____ C:\WINDOWS\185a19c9f926fa9d8c455bcb810deb50.exe
2016-05-20 18:35 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\rescache
2016-05-20 17:20 - 2015-10-30 09:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-05-19 07:26 - 2015-09-10 07:37 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-05-15 14:14 - 2015-10-30 20:44 - 00000000 ____D C:\Program Files\Windows Journal
2016-05-15 14:14 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-05-15 14:14 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-05-15 14:14 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\Provisioning
2016-05-15 14:14 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-05-15 14:13 - 2015-10-30 09:24 - 00015703 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
2016-05-15 11:54 - 2013-07-14 22:06 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-05-15 11:31 - 2011-08-10 17:28 - 139319312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-05-13 08:44 - 2015-10-11 14:37 - 00000000 ____D C:\Users\lucted\AppData\Local\Packages
2016-05-11 21:57 - 2015-10-30 09:26 - 00829944 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-05-11 21:57 - 2015-10-30 09:26 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-05-11 10:36 - 2011-12-18 00:08 - 00004196 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-05-11 10:36 - 2011-12-18 00:08 - 00003964 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2012-03-18 21:30 - 2012-03-18 21:30 - 0017408 _____ () C:\Users\lucted\AppData\Local\WebpageIcons.db
2015-12-28 14:29 - 2016-03-30 18:12 - 0002385 _____ () C:\ProgramData\hpzinstall.log

Einige Dateien in TEMP:
====================
C:\Users\lucted\AppData\Local\Temp\768db308-080f-47ae-b0fa-78df70620d31.exe
C:\Users\lucted\AppData\Local\Temp\ACLMInstaller.exe
C:\Users\lucted\AppData\Local\Temp\libeay32.dll
C:\Users\lucted\AppData\Local\Temp\msvcr120.dll
C:\Users\lucted\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert


LastRegBack: 2016-06-06 20:32

==================== Ende von FRST.txt ============================
Hallo man mit soviel Info kommt man voll durcheinander, ich hoffe ich habe alles geschickt.
Ich ziehe den Hut vor Ihrer ( Euer ) Wissen. Auf diesen Gebiet bin ich ein Laie.

burningice 08.06.2016 08:59
Du hast erstens einen falschen Malwarebytes-Bericht gepostet (hier eine Anleitung: Malwarebytes Anti-Malware Logfile finden - Anleitungen)

Zweitens eine falsche Addition.txt (von gestern) und allgemein hast du nicht die Whitelist aktiviert...

Bitte starte wieder FRST, setze den Haken bei Addition und stelle sicher, dass alle Haken bei Whitelist gesetzt sind und drücke auf Untersuchen. Poste bitte wieder die beiden Textdateien, die so entstehen.


Bitte poste in deiner nächsten Antwort also:
  • Logfile von Malwarebytes
  • Frst.txt
  • Addition.txt

Caroblue 08.06.2016 09:48
Hallo Rafael,
was den Malwarebytes-Bericht betrift, wenn ich auf den Button Anwendungsprotokolle
klicke, erscheint nur unter dem begriff Typ "Schutzprotokoll" und wenn ich dort raufklicke
erscheint das was ich geschickt habe. Bei mir erscheint kein Scan Log welches ich anklicken könnte.

Code:
Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:07-06-2016
durchgeführt von lucted (2016-06-08 10:46:09)
Gestartet von C:\Users\lucted\Trojaner-Board#
Windows 10 Home Version 1511 (X64) (2016-01-06 12:10:54)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-689365640-92009327-2566536619-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-689365640-92009327-2566536619-503 - Limited - Disabled)
Gast (S-1-5-21-689365640-92009327-2566536619-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-689365640-92009327-2566536619-1005 - Limited - Enabled)
lucted (S-1-5-21-689365640-92009327-2566536619-1001 - Administrator - Enabled) => C:\Users\lucted
UpdatusUser (S-1-5-21-689365640-92009327-2566536619-1000 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Kaspersky Total Security (Disabled - Up to date) {B41C7598-35F6-4D89-7D0E-7ADE69B4047B}
AS: Kaspersky Total Security (Disabled - Up to date) {0F7D947C-13CC-4207-47BE-41AC12334EC6}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Total Security (Disabled) {8C27F4BD-7F99-4CD1-5651-D3EB97674300}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

4500_Help (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.7.1.19610 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.242 - Adobe Systems Incorporated)
AMI VR-pulse OS Switcher (HKLM\...\{69A90894-D54A-4657-8172-6B0FCE93414E}) (Version: 1.2 - American Megatrends Inc.)
Apple Application Support (32-Bit) (HKLM-x32\...\{FE5C2FAA-118D-4509-B51D-3F71CC9E1B3E}) (Version: 4.3 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{2937FD88-C9D6-4B82-B539-37CD0A572F42}) (Version: 4.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Ashampoo Burning Studio (HKLM-x32\...\Ashampoo Burning Studio_is1) (Version: 10.0.10 - Ashampoo GmbH & Co. KG)
Ashampoo Photo Commander (HKLM-x32\...\Ashampoo Photo Commander_is1) (Version: 9.2.0 - Ashampoo GmbH & Co. KG)
Ashampoo Photo Optimizer (HKLM-x32\...\Ashampoo Photo Optimizer_is1) (Version: 4.0.0 - Ashampoo GmbH & Co. KG)
Ashampoo Snap (HKLM-x32\...\Ashampoo Snap_is1) (Version: 4.3.0 - Ashampoo GmbH & Co. KG)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.39 - Atheros Communications Inc.)
bpd_scan (x32 Version: 3.00.0000 - Hewlett-Packard) Hidden
BPDSoftware (x32 Version: 140.0.001.000 - Hewlett-Packard) Hidden
BPDSoftware_Ini (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
BufferChm (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
Control ActiveX de Windows Live Mesh para conexiones remotas (HKLM-x32\...\{04668DF2-D32F-4555-9C7E-35523DCD6544}) (Version: 15.4.5722.2 - Microsoft Corporation)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation)
Corel Graphics - Windows Shell Extension (HKLM-x32\...\_{B6BFCD02-BA0E-41A9-9C9C-6624C4BB475F}) (Version: 15.2.0.686 - Corel Corporation)
Corel Graphics - Windows Shell Extension (x32 Version: 15.2.686 - Corel Corporation) Hidden
Corel Graphics - Windows Shell Extension 64 Bit (Version: 15.2.686 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Common (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Connect (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Custom Data (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - DE (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Draw (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - EN (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - ES (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Extra Content (HKLM-x32\...\_{5A10CFDA-FA2B-453C-B561-AE864E62EAC8}) (Version:  - Corel Corporation)
CorelDRAW Essentials X5 - Extra Content (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Filters (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - FR (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - IPM (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - IT (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - PHOTO-PAINT (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Redist (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Setup Files (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - WT (x32 Version: 15.3 -  Corel Corporation) Hidden
CorelDRAW Essentials X5 (HKLM-x32\...\_{EDBEBF07-F880-48FB-9AA5-0E8E71E02D83}) (Version: 15.2.0.686 - Corel Corporation)
CorelDRAW Essentials X5 (x32 Version: 15.3 - Corel Corporation) Hidden
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3624 - CyberLink Corp.)
CyberLink MediaEspresso (HKLM-x32\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 6.5.1508_36229 - CyberLink Corp.)
CyberLink MediaShow (HKLM-x32\...\InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}) (Version: 5.1.2414 - CyberLink Corp.)
CyberLink PhotoNow (HKLM-x32\...\InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.0.6904 - CyberLink Corp.)
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 7.0.0.1327 - CyberLink Corp.)
CyberLink PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.4020 - CyberLink Corp.)
CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.2930.52 - CyberLink Corp.)
CyberLink PowerDVD Copy (HKLM-x32\...\InstallShield_{E3D04529-6EDB-11D8-A372-0050BAE317E1}) (Version: 1.5.1306 - CyberLink Corp.)
CyberLink PowerProducer (HKLM-x32\...\InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}) (Version: 5.0.2.3503 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.1.4013 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Destinations (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
DocProc (x32 Version: 140.0.185.000 - Hewlett-Packard) Hidden
Dolby Advanced Audio v2 (HKLM-x32\...\{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}) (Version: 7.2.7000.4 - Dolby Laboratories Inc)
Dropbox (HKU\S-1-5-21-689365640-92009327-2566536619-1001\...\Dropbox) (Version: 3.0.5 - Dropbox, Inc.)
Dropbox (HKU\S-1-5-21-689365640-92009327-2566536619-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Dropbox) (Version: 3.0.5 - Dropbox, Inc.)
Fax (x32 Version: 140.0.307.000 - Hewlett-Packard) Hidden
Finger Sensing Pad Driver (HKLM\...\{E86906FF-C63D-4EAF-ACE7-5F8D55FBEA9A}) (Version: 9.4.9.5 - Sentelic)
Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsługę połączeń zdalnych (HKLM-x32\...\{B04A0E2F-1E4C-4E61-B18E-3B2BD6779CA7}) (Version: 15.4.5722.2 - Microsoft Corporation)
Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 51.0.2704.84 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7619.1252 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Officejet J4500 Series 14.0 Rel. 6 (HKLM\...\{EACF146B-01D2-4185-B773-9604A0E5902A}) (Version: 14.0 - HP)
HPSSupply (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
Intel PROSet Wireless (x32 Version:  - ) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2462 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{006B5C65-3938-4246-B182-994A7E415EDE}) (Version: 1.1.0.0537 - Intel Corporation)
Intel(R) WiDi (HKLM-x32\...\{781A93CD-1608-427D-B7F0-D05C07795B25}) (Version: 2.1.41.0 - Intel Corporation)
Intel(R) Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version:  - )
IT9130 Driver v11.4.26.1 (HKLM-x32\...\IT9130 DriverInstaller_11.4.26.1) (Version:  - )
J4500 (x32 Version: 140.0.001.000 - Hewlett-Packard) Hidden
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kaspersky Total Security (HKLM-x32\...\InstallWIX_{77E7AE5C-181C-4CAF-ADBF-946F11C1CE26}) (Version: 16.0.0.614 - Kaspersky Lab)
Kaspersky Total Security (x32 Version: 16.0.0.614 - Kaspersky Lab) Hidden
Kontrolnik Windows Live Mesh ActiveX za oddaljene povezave (HKLM-x32\...\{CA227A9D-09BE-4BFB-9764-48FED2DA5454}) (Version: 15.4.5722.2 - Microsoft Corporation)
Launch Manager (HKLM-x32\...\{D0846526-66DD-4DC9-A02C-98F9A2806812}) (Version: 1.5.1.4 - Wistron Corp.)
Malwarebytes Anti-Malware Version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
MarketResearch (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Medion Home Cinema (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 8.0.2608 - CyberLink Corp.)
Medion Home Cinema (x32 Version: 8.0.2608 - CyberLink Corp.) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft Mathematics (64-Bit) (HKLM\...\{E57B7E0A-8BE5-42E2-BE60-C07ED680A063}) (Version: 4.0 - Microsoft Corporation)
Microsoft Office Professional 2013 - de-de (HKLM\...\ProfessionalRetail - de-de) (Version: 15.0.4823.1004 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 45.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 45.0.1 (x86 de)) (Version: 45.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 45.0.1.5918 - Mozilla)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NVIDIA 3D Vision Driver 269.24 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 269.24 - NVIDIA Corporation)
NVIDIA Graphics Driver 269.24 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 269.24 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}) (Version: 9.10.0513 - NVIDIA Corporation)
OCR Software by I.R.I.S. 14.0 (HKLM\...\HPOCR) (Version: 14.0 - HP)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4823.1004 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4823.1004 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4823.1004 - Microsoft Corporation) Hidden
PDF24 Creator 7.4.1 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Pošta Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
ProductContext (x32 Version: 140.0.001.000 - Hewlett-Packard) Hidden
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6428 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Reader Driver (HKLM-x32\...\{62BBB2F0-E220-4821-A564-730807D2C34D}) (Version: 6.1.7600.10010 - Realtek Semiconductor Corp.)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.5.1.12123_2 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.5.1.12123_2 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.16.0 - SAMSUNG Electronics Co., Ltd.)
Scan (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
Sony Ericsson Update Engine (HKLM-x32\...\Update Engine) (Version: 2.13.8.201307151333 - Sony Ericsson Communications AB)
Sony PC Companion 2.10.303 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.303 - Sony)
Spelling Dictionaries Support For Adobe Reader X (HKLM-x32\...\{AC76BA86-7AD7-5464-3428-A00000000004}) (Version: 10.0.0 - Adobe Systems Incorporated)
Status (x32 Version: 140.0.342.000 - Hewlett-Packard) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.1.12.0 - Synaptics Incorporated)
Telekom Fotoservice (HKLM-x32\...\Telekom Fotoservice) (Version:  - )
TI USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{B1EB7FFF-6E44-43D8-869D-B78E44CD3E0F}) (Version: 1.12.14.0 - Texas Instruments Inc.)
TI USB3 Host Driver (x32 Version: 1.12.14.0 - Texas Instruments Inc.) Hidden
TomTom HOME (HKLM-x32\...\{5DCB2EB3-87AD-426E-8D74-8B92C9D731C4}) (Version: 2.9.8 - Ihr Firmenname)
TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
T-Online 6.0 (HKLM-x32\...\{B1275E23-717A-4D52-997A-1AD1E24BC7F3}) (Version:  - )
T-Online WLAN-Access Finder (HKLM-x32\...\{295C31E5-3F91-498E-9623-DA24D2FA2B6A}) (Version:  - )
Toolbox (x32 Version: 140.0.596.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
Unity Web Player (HKU\S-1-5-21-689365640-92009327-2566536619-1001\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Unity Web Player (HKU\S-1-5-21-689365640-92009327-2566536619-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
VR-pulse Installer (HKLM\...\{E3725525-DE3E-48C1-9B81-D5FF1BFA23BC}) (Version: 1.4.0 - American Megatrends Inc.)
watchmi (HKLM-x32\...\{AA4D1C5E-116A-4FF4-AA91-28F526868203}) (Version: 2.5.0 - Axel Springer Digital TV Guide GmbH)
WebReg (x32 Version: 140.0.297.017 - Hewlett-Packard) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen (HKLM-x32\...\{C32CE55C-12BA-4951-8797-0967FDEF556F}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX-objekt til fjernforbindelser (HKLM-x32\...\{57220148-3B2B-412A-A2E0-82B9DF423696}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX-vezérlő távoli kapcsolatokhoz (HKLM-x32\...\{6E29C4F7-C2C2-4B18-A15C-E09B92065F15}) (Version: 15.4.5722.2 - Microsoft Corporation)
YAC(Yet Another Cleaner!) (HKLM-x32\...\iSafe) (Version:  - ELEX DO BRASIL PARTICIPAÇÕES LTDA) <==== ACHTUNG

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

CustomCLSID: HKU\S-1-5-21-689365640-92009327-2566536619-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\lucted\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-689365640-92009327-2566536619-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\lucted\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-689365640-92009327-2566536619-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\lucted\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-689365640-92009327-2566536619-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\lucted\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-689365640-92009327-2566536619-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\lucted\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-689365640-92009327-2566536619-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\lucted\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-689365640-92009327-2566536619-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\lucted\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-689365640-92009327-2566536619-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\lucted\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-689365640-92009327-2566536619-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\lucted\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-689365640-92009327-2566536619-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\lucted\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-689365640-92009327-2566536619-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\lucted\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-689365640-92009327-2566536619-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\lucted\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-689365640-92009327-2566536619-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\lucted\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-689365640-92009327-2566536619-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\lucted\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-689365640-92009327-2566536619-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\lucted\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-689365640-92009327-2566536619-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\lucted\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-689365640-92009327-2566536619-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\lucted\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-689365640-92009327-2566536619-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\lucted\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {04BCB11B-17F1-4955-9C00-69977B36C809} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe
Task: {0AE78D91-A7DE-4F65-A9CD-E369C3479F09} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Keine Datei <==== ACHTUNG
Task: {117783BD-65A6-4DC1-9E57-4D81CD732B70} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe
Task: {197BFA21-9421-417A-A970-70146ABD8F06} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe
Task: {2175C1B2-482A-4A54-BB55-0CDD42FCACD7} - System32\Tasks\{F1346FE0-48B9-405C-B428-32C2807A08ED} => Chrome.exe
Task: {282EB8E8-1E85-4C65-8674-346BAA7E4F34} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {2B86DFC6-EB5D-4BD8-8398-CA427629B14B} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe
Task: {319EB23E-559C-4E9E-9F0B-AAFDA9B7421D} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Keine Datei <==== ACHTUNG
Task: {44B93389-5249-4E2B-A9B5-3D65E2BFAC17} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe
Task: {471E3170-56D4-4523-86A6-1464157ACD0A} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {4AFB5D0A-7DF4-46BE-A82E-5241D88C8C60} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Keine Datei <==== ACHTUNG
Task: {5057AEF1-568D-4FBC-AC9E-4A78E653BFA6} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe
Task: {62A99E50-A0D9-4911-8AF5-1C78217849C2} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe
Task: {62F1DEF1-2EE7-46AC-9183-887B0B9A4311} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe
Task: {63C3E556-7059-4370-9A2A-470323E2C382} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe
Task: {670DEE14-CBDC-42E9-91D0-0552EE63E821} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {6A11C2BB-548A-4972-B321-955CC4F3952E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-04] (Google Inc.)
Task: {6D585D27-5627-4974-BE14-99479A641455} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {6E491ED6-FE8B-4B32-BF70-135C535CF8BE} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
Task: {75230950-0B37-4462-B7BA-CA2735954A56} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Keine Datei <==== ACHTUNG
Task: {79523EC8-DECC-43B3-AA31-7B484566FFEF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-04] (Google Inc.)
Task: {7A6B14B7-677B-4BD6-917D-DC58503BCBFF} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Keine Datei <==== ACHTUNG
Task: {7B04EE90-A8D1-4A8A-A32B-B09B2F6C57D1} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Keine Datei <==== ACHTUNG
Task: {7B995869-C825-446D-8392-BEB8EAD525B3} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-05-13] (Adobe Systems Incorporated)
Task: {7E6C1EA1-F6F2-41F3-BD59-51B43EA13E44} - System32\Tasks\jIxmRfRBrowserUpdateUA => C:\Program Files (x86)\jIxmRfR\jIxmRfR\bin\jIxmRfR_server.exe <==== ACHTUNG
Task: {887344DF-D754-4FF4-8651-860705AE50A3} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Keine Datei <==== ACHTUNG
Task: {8C3D5683-CCAD-40F5-9375-5E6E1C5DDD73} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-05-15] (Microsoft Corporation)
Task: {8CFCAFD0-C275-46BC-A536-D43A3EE24B92} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Keine Datei <==== ACHTUNG
Task: {962D96D8-D3AC-4B8E-98AE-A1E01A0E23A9} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe
Task: {97EAAE54-1A62-46E4-B3AA-F891A2C3005A} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Keine Datei <==== ACHTUNG
Task: {980027FC-1320-46C9-8285-64016C8A1EDC} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe
Task: {9B6E932B-A2D6-47F1-AA14-73C659390FEB} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {ABB5E909-9D2C-47F4-9D50-CDE3BB3B99C4} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe
Task: {B6D99E2F-9D9F-4969-9B47-65031077E91C} - System32\Tasks\irMonitor => C:\Windows\system32 [2016-06-08] ()
Task: {BEB05DFD-8F3D-4045-B1A5-BF088E87EF92} - System32\Tasks\jIxmRfRCheckTask => C:\Program Files (x86)\jIxmRfR\jIxmRfR\bin\jIxmRfR_server.exe <==== ACHTUNG
Task: {C921D49D-10A4-4118-A3F9-3CF0397FB61A} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {D0DC9FC0-A8BF-49B3-89FD-EE03766974EF} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-04-12] (Microsoft Corporation)
Task: {DEE673F8-F516-4176-963D-56B3DE107736} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {DF2F5D2A-F185-46FA-9084-4DC72EA2D69D} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-04-12] (Microsoft Corporation)
Task: {DF49E67D-237B-4E9C-BE76-38CBDCA26153} - System32\Tasks\jIxmRfRBrowserUpdateCore => C:\Program Files (x86)\jIxmRfR\jIxmRfR\bin\jIxmRfR_server.exe <==== ACHTUNG
Task: {E729A9E5-95D1-4339-8989-78C278042C83} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Keine Datei <==== ACHTUNG
Task: {EA754882-3285-4AAC-834C-D4D4E2B6A4B4} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe
Task: {F7E02F74-F9B2-404B-9F09-BF7D0D44E431} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe
Task: {FA04D949-46B9-4BC1-A25D-12C4EBBDFDCC} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {FA059BAD-6409-4CF3-AEF4-B1A8C3BFBD8C} - System32\Tasks\{400F534C-CAAB-4BDF-87FF-62FCA9FD66B8} => Chrome.exe
Task: {FDB06D6C-0F7A-4090-8C38-2EE877AAFA29} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe
Task: {FFDF00CD-C356-471E-BF42-9F6DAA5DFD8E} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> Keine Datei <==== ACHTUNG

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\jIxmRfRBrowserUpdateCore.job => C:\Program Files (x86)\jIxmRfR\jIxmRfR\bin\jIxmRfR_server.exe <==== ACHTUNG
Task: C:\WINDOWS\Tasks\jIxmRfRCheckTask.job => C:\Program Files (x86)\jIxmRfR\jIxmRfR\bin\jIxmRfR_server.exe <==== ACHTUNG

==================== Verknüpfungen =============================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)

ShortcutWithArgument: C:\Users\lucted\Desktop\Medion\MEDIONhome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.medion.com/de --disable-quic
ShortcutWithArgument: C:\Users\lucted\Desktop\Medion\MEDIONplay.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.medion.com/de/electronics/cat/MEDIONplay/gaming_browsergames_88 --disable-quic
ShortcutWithArgument: C:\Users\lucted\Desktop\Aldi\ALDI Nord Blumen Service.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www1.aldi-blumenservice.de --disable-quic
ShortcutWithArgument: C:\Users\lucted\Desktop\Aldi\ALDI Nord Reisen.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://nord.aldi-reisen.de/html_nord --disable-quic
ShortcutWithArgument: C:\Users\lucted\Desktop\Aldi\ALDI Nord Startseite.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.aldi-essen.de --disable-quic
ShortcutWithArgument: C:\Users\lucted\Desktop\Aldi\ALDI Talk.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.medionmobile.de --disable-quic

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2015-10-30 09:18 - 2015-10-30 09:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-01-06 13:36 - 2015-07-23 03:10 - 00116552 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-05-29 07:29 - 2015-05-29 07:29 - 02178896 _____ () C:\Windows\System32\FspService.exe
2014-12-25 20:49 - 2015-10-13 05:34 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2011-08-17 14:26 - 2010-12-14 11:39 - 00244904 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2016-03-18 23:56 - 2016-03-18 23:56 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-03-18 23:56 - 2016-03-18 23:56 - 01329936 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-04-13 12:49 - 2016-03-29 12:20 - 02656952 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-04-13 12:49 - 2016-03-29 12:20 - 02656952 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-01-06 16:43 - 2015-12-07 06:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-05-11 10:25 - 2016-04-23 06:25 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-05-11 10:26 - 2016-04-23 06:02 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-05-11 10:26 - 2016-04-23 05:58 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-05-11 10:26 - 2016-04-23 05:58 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-05-11 10:27 - 2016-04-23 06:01 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-06-01 21:00 - 2015-06-01 21:00 - 00102912 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-07-27 21:45 - 2015-06-10 11:13 - 00113024 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
2010-12-06 13:52 - 2010-12-06 13:52 - 01070080 _____ () C:\Program Files (x86)\watchmi\TvdTray.exe
2010-12-06 13:52 - 2010-12-06 13:52 - 00004608 _____ () C:\Program Files (x86)\watchmi\de\TvdTray.resources.dll
2016-01-06 13:43 - 2016-01-06 13:43 - 00061952 _____ () C:\WINDOWS\assembly\GAC_MSIL\Tvd.Remote\2.5.0.5__f722db7bec59a14b\Tvd.Remote.dll
2016-04-21 08:47 - 2016-04-21 08:48 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2016-04-21 13:26 - 2016-05-24 08:47 - 00065696 _____ () C:\Program Files (x86)\Elex-tech\YAC\zlib1.dll
2015-07-08 23:18 - 2015-07-08 23:18 - 00794920 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\kpcengine.2.3.dll
2016-04-21 13:26 - 2016-05-24 08:47 - 00179200 _____ () C:\Program Files (x86)\Elex-tech\YAC\libpng.dll
2013-07-27 21:45 - 2012-04-30 11:57 - 00039936 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\TMonitorAPI.dll
2013-07-27 21:45 - 2015-10-20 18:44 - 00242176 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\MExplorer.dll
2011-07-07 14:54 - 2011-07-07 14:54 - 00233984 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\Report.dll
2013-05-14 09:38 - 2013-05-14 09:38 - 00607744 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\PhoneUpdate.dll
2010-08-04 00:39 - 2010-08-04 00:39 - 00619816 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
2010-08-04 00:39 - 2010-08-04 00:39 - 00013096 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
2016-01-04 14:02 - 2015-11-18 14:04 - 00074272 _____ () C:\Users\lucted\Mama Strom\Sonja\PDF24\zlib.dll
2016-01-04 14:02 - 2015-11-18 14:04 - 00052256 _____ () C:\Users\lucted\Mama Strom\Sonja\PDF24\OperationUI.dll
2016-04-21 08:47 - 2016-04-21 08:48 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-04-21 08:47 - 2016-04-21 08:48 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)


==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)


==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)


==================== Hosts Inhalt: ===============================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts


==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-689365640-92009327-2566536619-1000\Control Panel\Desktop\\Wallpaper ->
HKU\S-1-5-21-689365640-92009327-2566536619-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper ->
HKU\S-1-5-21-689365640-92009327-2566536619-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Desktop-Hintergrund.bmp
HKU\S-1-5-21-689365640-92009327-2566536619-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Desktop-Hintergrund.bmp
HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)


==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808
FirewallRules: [{C59151D1-7438-4CDC-876A-DB62AD37122E}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [{E7067E1E-E8E1-4432-ABBA-8782D7AB663C}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [{EE6A52BE-2D30-4997-A0D7-A23E594417F3}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{3FCF51C9-F2DB-47AB-8D72-AEC83275C08F}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{32898F3D-8893-43B8-9BFA-0064D4085B27}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{820AEF7B-8D24-46AE-AFA1-6A90FFBE946B}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqfxt08.exe
FirewallRules: [{35320FA6-CBBB-4579-9515-59091B8A7C28}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxs08.exe
FirewallRules: [{5B9439B8-3BA7-4E0B-9983-8A089882248B}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{58F29F08-83AF-4CCD-BDD0-929A86F366D0}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{986D1FD6-5279-4E3D-A63D-C85DC1FE7B1D}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpzwiz01.exe
FirewallRules: [{39E89A1C-E0E7-4F2A-A537-6CF75B0B6F47}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{3FA40793-3956-4AD1-B6D2-03FDCB040C68}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{FA692561-CD09-4CB8-B535-6D45719D3374}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{E7DAA948-9C3F-4104-BC8D-619C8F1D29A3}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposfx08.exe
FirewallRules: [{78A5C2F7-533F-4548-9CE2-E72263131BD9}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxm08.exe
FirewallRules: [{1DAFD66C-B77E-422B-90C1-14DC7ABE36C7}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{669D6B49-D269-423F-AC57-0BB6E1E48C80}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{C9AA2C88-29A5-4104-B366-EFD59E2BD98B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{F614D191-EA5E-449E-9505-C7A3EC2C44F2}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{9C9EC504-17B1-4C47-BB36-FCF5E3D2E86C}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{AF6B72BA-D090-40DF-98EB-F86E0F449231}] => (Allow) LPort=2869
FirewallRules: [{E837ABE2-F877-4178-8B2E-2D30E71331C3}] => (Allow) LPort=1900
FirewallRules: [{78415ED0-ED22-46B5-8CF6-6330A38D9667}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{98730647-519B-40EA-AE33-AA5CB53581C6}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{C5686880-17D2-4944-9F78-78EFE22B0A7C}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
FirewallRules: [{6F384575-BDEB-47D8-A16B-04950A53FF09}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
FirewallRules: [{AEBF5336-40F2-45D9-8748-06C8EAB61AF2}] => (Allow) C:\Program Files (x86)\Intel Corporation\Intel WiDi\WiDiApp.exe
FirewallRules: [{51E9A207-6589-4FC7-9C95-4C2EB8644335}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector\PDR8.EXE
FirewallRules: [{AD026405-E962-4384-B5E3-5E989E8CB3AE}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{64B140A0-8BFF-409B-876B-DB99F0A4B6CC}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{083DB4A0-AF82-4EEF-9414-77E8D4A89D91}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{CA6BC9E5-E136-433B-A373-844BFD421588}] => (Allow) C:\Program Files (x86)\Sony Ericsson\Update Engine\Sony Ericsson Update Engine.exe
FirewallRules: [{73EEFB9D-525E-4777-AEA6-36E5F61E7344}] => (Allow) C:\Program Files (x86)\Sony Ericsson\Update Engine\Sony Ericsson Update Engine.exe
FirewallRules: [{05D77498-21A2-46B7-9385-1DBBD1C342B3}] => (Allow) C:\Users\lucted\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{177BC7C4-05B2-49F0-B9BF-BA9190DCFCBB}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{4D74C715-7AA0-47A7-816E-16C37BC869E5}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{5C10B5C9-42EE-4B9B-A629-699482688139}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{37079CCD-0E6D-4D78-9DFA-613DC7B7BC57}] => (Allow) C:\Users\lucted\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{F544B605-B131-4B1B-9F16-B5B9E1FA50D1}] => (Allow) C:\Users\lucted\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{FBFEAA35-416F-41A8-A8FA-6A7117E66A1B}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{89C3D9B3-C937-47C6-B68D-4B98A106A023}] => (Allow) C:\Program Files (x86)\jIxmRfR\jIxmRfR\chrome.exe
FirewallRules: [{A4F0DB59-7443-437E-9FA6-5308DE692F5C}] => (Allow) C:\Program Files (x86)\jIxmRfR\jIxmRfR\bin\jIxmRfR_server.exe
FirewallRules: [{68096047-A42E-4D7A-A3D4-F57FF681E452}] => (Allow) C:\ProgramData\jIxmRfR\protect\protect.exe

==================== Wiederherstellungspunkte =========================

20-05-2016 17:19:06 Windows Update
07-06-2016 09:38:05 Geplanter Prüfpunkt

==================== Fehlerhafte Geräte im Gerätemanager =============


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (06/08/2016 09:33:47 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: mediasrv.exe, Version: 1.1.0.51, Zeitstempel: 0x4d6e5b7d
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x7f194cd3
ID des fehlerhaften Prozesses: 0x1b30
Startzeit der fehlerhaften Anwendung: 0xmediasrv.exe0
Pfad der fehlerhaften Anwendung: mediasrv.exe1
Pfad des fehlerhaften Moduls: mediasrv.exe2
Berichtskennung: mediasrv.exe3
Vollständiger Name des fehlerhaften Pakets: mediasrv.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: mediasrv.exe5

Error: (06/08/2016 09:33:46 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: obexsrv.exe, Version: 1.1.0.51, Zeitstempel: 0x4d6e5ab8
Name des fehlerhaften Moduls: obexsrv.exe, Version: 1.1.0.51, Zeitstempel: 0x4d6e5ab8
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0005225c
ID des fehlerhaften Prozesses: 0x1b34
Startzeit der fehlerhaften Anwendung: 0xobexsrv.exe0
Pfad der fehlerhaften Anwendung: obexsrv.exe1
Pfad des fehlerhaften Moduls: obexsrv.exe2
Berichtskennung: obexsrv.exe3
Vollständiger Name des fehlerhaften Pakets: obexsrv.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: obexsrv.exe5

Error: (06/08/2016 09:33:42 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: devmonsrv.exe, Version: 1.1.0.51, Zeitstempel: 0x4d6e5bd3
Name des fehlerhaften Moduls: devmonsrv.exe, Version: 1.1.0.51, Zeitstempel: 0x4d6e5bd3
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00043c86
ID des fehlerhaften Prozesses: 0x9c
Startzeit der fehlerhaften Anwendung: 0xdevmonsrv.exe0
Pfad der fehlerhaften Anwendung: devmonsrv.exe1
Pfad des fehlerhaften Moduls: devmonsrv.exe2
Berichtskennung: devmonsrv.exe3
Vollständiger Name des fehlerhaften Pakets: devmonsrv.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: devmonsrv.exe5

Error: (06/08/2016 09:32:02 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: devmonsrv.exe, Version: 1.1.0.51, Zeitstempel: 0x4d6e5bd3
Name des fehlerhaften Moduls: devmonsrv.exe, Version: 1.1.0.51, Zeitstempel: 0x4d6e5bd3
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00043c86
ID des fehlerhaften Prozesses: 0x940
Startzeit der fehlerhaften Anwendung: 0xdevmonsrv.exe0
Pfad der fehlerhaften Anwendung: devmonsrv.exe1
Pfad des fehlerhaften Moduls: devmonsrv.exe2
Berichtskennung: devmonsrv.exe3
Vollständiger Name des fehlerhaften Pakets: devmonsrv.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: devmonsrv.exe5

Error: (06/08/2016 09:32:02 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: obexsrv.exe, Version: 1.1.0.51, Zeitstempel: 0x4d6e5ab8
Name des fehlerhaften Moduls: obexsrv.exe, Version: 1.1.0.51, Zeitstempel: 0x4d6e5ab8
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0005225c
ID des fehlerhaften Prozesses: 0xcb0
Startzeit der fehlerhaften Anwendung: 0xobexsrv.exe0
Pfad der fehlerhaften Anwendung: obexsrv.exe1
Pfad des fehlerhaften Moduls: obexsrv.exe2
Berichtskennung: obexsrv.exe3
Vollständiger Name des fehlerhaften Pakets: obexsrv.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: obexsrv.exe5

Error: (06/08/2016 09:30:50 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: iSafeSvc.exe, Version: 4.0.0.1, Zeitstempel: 0x53477040
Name des fehlerhaften Moduls: ipcproxy.dll_unloaded, Version: 5.5.0.1, Zeitstempel: 0x554730ef
Ausnahmecode: 0xc00001a5
Fehleroffset: 0x00014b4b
ID des fehlerhaften Prozesses: 0xb0
Startzeit der fehlerhaften Anwendung: 0xiSafeSvc.exe0
Pfad der fehlerhaften Anwendung: iSafeSvc.exe1
Pfad des fehlerhaften Moduls: iSafeSvc.exe2
Berichtskennung: iSafeSvc.exe3
Vollständiger Name des fehlerhaften Pakets: iSafeSvc.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: iSafeSvc.exe5

Error: (06/08/2016 09:00:17 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: avp.exe, Version: 16.0.0.625, Zeitstempel: 0x55b134f0
Name des fehlerhaften Moduls: bl.ppl, Version: 16.0.0.661, Zeitstempel: 0x5654b61c
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0012aa71
ID des fehlerhaften Prozesses: 0x74c
Startzeit der fehlerhaften Anwendung: 0xavp.exe0
Pfad der fehlerhaften Anwendung: avp.exe1
Pfad des fehlerhaften Moduls: avp.exe2
Berichtskennung: avp.exe3
Vollständiger Name des fehlerhaften Pakets: avp.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: avp.exe5

Error: (06/08/2016 09:00:07 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Fehler beim Planen des Softwareschutzdiensts für den erneuten Start bei 2116-05-15T07:00:07Z. Fehlercode: 0x80040154.

Error: (06/08/2016 09:00:03 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: avp.exe, Version: 16.0.0.625, Zeitstempel: 0x55b134f0
Name des fehlerhaften Moduls: bl.ppl, Version: 16.0.0.661, Zeitstempel: 0x5654b61c
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0012aa71
ID des fehlerhaften Prozesses: 0x1f84
Startzeit der fehlerhaften Anwendung: 0xavp.exe0
Pfad der fehlerhaften Anwendung: avp.exe1
Pfad des fehlerhaften Moduls: avp.exe2
Berichtskennung: avp.exe3
Vollständiger Name des fehlerhaften Pakets: avp.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: avp.exe5

Error: (06/08/2016 08:59:38 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: avp.exe, Version: 16.0.0.625, Zeitstempel: 0x55b134f0
Name des fehlerhaften Moduls: bl.ppl, Version: 16.0.0.661, Zeitstempel: 0x5654b61c
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0012aa71
ID des fehlerhaften Prozesses: 0xa40
Startzeit der fehlerhaften Anwendung: 0xavp.exe0
Pfad der fehlerhaften Anwendung: avp.exe1
Pfad des fehlerhaften Moduls: avp.exe2
Berichtskennung: avp.exe3
Vollständiger Name des fehlerhaften Pakets: avp.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: avp.exe5


Systemfehler:
=============
Error: (06/08/2016 09:35:12 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Protect Service(jIxmRfR_protect)" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (06/08/2016 09:33:49 AM) (Source: DCOM) (EventID: 10005) (User: LUCTED-PC)
Description: 1053Bluetooth Media ServiceNicht verfügbar{9AC233E9-AC75-4DB5-85C4-DAB13A484FEA}

Error: (06/08/2016 09:33:49 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Bluetooth Media Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error: (06/08/2016 09:33:49 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Bluetooth Media Service erreicht.

Error: (06/08/2016 09:33:46 AM) (Source: DCOM) (EventID: 10005) (User: LUCTED-PC)
Description: 1053Bluetooth OBEX ServiceNicht verfügbar{E9E0D51D-F407-4D91-B294-C111F721A3AF}

Error: (06/08/2016 09:33:46 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Bluetooth OBEX Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error: (06/08/2016 09:33:46 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Bluetooth OBEX Service erreicht.

Error: (06/08/2016 09:33:45 AM) (Source: DCOM) (EventID: 10005) (User: LUCTED-PC)
Description: 1053Bluetooth Device MonitorNicht verfügbar{DABF28BE-F6B4-4E40-8F40-C4FB26F3116C}

Error: (06/08/2016 09:33:45 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Bluetooth Device Monitor" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error: (06/08/2016 09:33:45 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Bluetooth Device Monitor erreicht.


CodeIntegrity:
===================================
  Date: 2016-06-08 10:15:10.093
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-06-08 10:15:09.873
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-06-08 07:42:33.125
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.

  Date: 2016-06-08 07:42:33.107
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.

  Date: 2016-06-07 16:31:21.664
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.

  Date: 2016-06-07 16:27:00.063
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.

  Date: 2016-06-07 12:22:16.264
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.

  Date: 2016-06-07 10:17:32.570
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.

  Date: 2016-06-07 10:16:15.595
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-06-07 10:16:15.491
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Speicherinformationen ===========================

Prozessor: Intel(R) Core(TM) i3-2330M CPU @ 2.20GHz
Prozentuale Nutzung des RAM: 56%
Installierter physikalischer RAM: 4001.87 MB
Verfügbarer physikalischer RAM: 1728.03 MB
Summe virtueller Speicher: 8097.87 MB
Verfügbarer virtueller Speicher: 5524.78 MB

==================== Laufwerke ================================

Drive c: (Boot) (Fixed) (Total:647.54 GB) (Free:573.52 GB) NTFS
Drive d: (Recover) (Fixed) (Total:48 GB) (Free:22.11 GB) NTFS

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: 2BD2C32A)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=647.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=50 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=1 GB) - (Type=12)

==================== Ende von Addition.txt ============================

Caroblue 08.06.2016 09:49
Code:
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:07-06-2016
durchgeführt von lucted (Administrator) auf LUCTED-PC (08-06-2016 10:45:20)
Gestartet von C:\Users\lucted\Trojaner-Board#
Geladene Profile: UpdatusUser & lucted &  (Verfügbare Profile: UpdatusUser & lucted & DefaultAppPool)
Platform: Windows 10 Home Version 1511 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: Edge)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Elex do Brasil Participações Ltda) C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Elex do Brasil Participações Ltda) C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc2.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
() C:\Windows\System32\FspService.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\avp.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
konnte nicht auf den Prozess zugreifen -> obexsrv.exe
konnte nicht auf den Prozess zugreifen -> devmonsrv.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Elex do Brasil Participações Ltda) C:\Program Files (x86)\Elex-tech\YAC\iSafeTray.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\avpui.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
(Sony) C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
() C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
(Wistron) C:\Program Files (x86)\Launch Manager\HotkeyApp.exe
(Wistron Corp.) C:\Program Files (x86)\Launch Manager\OSD.exe
(Wistron Corp.) C:\Program Files (x86)\Launch Manager\WisLMSvc.exe
(Wistron Corp.) C:\Program Files (x86)\Launch Manager\WButton.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe
() C:\Program Files (x86)\watchmi\TvdTray.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Geek Software GmbH) C:\Users\lucted\Mama Strom\Sonja\PDF24\pdf24.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_21_0_0_242.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_21_0_0_242.exe
(Malwarebytes) C:\Benutzer\lucted\Trojaner-Board\mbam.exe


==================== Registry (Nicht auf der Ausnahmeliste) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [fspuip] => C:\Program Files\FSP\fspuip.exe [6319440 2015-05-29] (Sentelic Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12661352 2011-08-01] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2264168 2011-07-13] (Realtek Semiconductor)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
HKLM-x32\...\Run: [HotkeyApp] => C:\Program Files (x86)\Launch Manager\HotkeyApp.exe [207400 2011-08-06] (Wistron)
HKLM-x32\...\Run: [LMgrVolOSD] => C:\Program Files (x86)\Launch Manager\OSD.exe [348960 2011-08-06] (Wistron Corp.)
HKLM-x32\...\Run: [LMgrOSD] => "C:\Program Files (x86)\Launch Manager\OSDCtrl.exe"
HKLM-x32\...\Run: [Wbutton] => C:\Program Files (x86)\Launch Manager\Wbutton.exe [447016 2011-08-13] (Wistron Corp.)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [107816 2010-08-04] (CyberLink)
HKLM-x32\...\Run: [Dolby Advanced Audio v2] => C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe [506712 2011-02-03] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67384 2016-03-18] (Apple Inc.)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [310280 2012-12-20] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [PDFPrint] => C:\Users\lucted\Mama Strom\Sonja\PDF24\pdf24.exe [221216 2015-11-18] (Geek Software GmbH)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-689365640-92009327-2566536619-1000\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [517632 2015-10-30] (Microsoft Corporation)
HKU\S-1-5-21-689365640-92009327-2566536619-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [517632 2015-10-30] (Microsoft Corporation)
HKU\S-1-5-21-689365640-92009327-2566536619-1001\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-12-18] (Google Inc.)
HKU\S-1-5-21-689365640-92009327-2566536619-1001\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1476104 2012-12-20] (Samsung)
HKU\S-1-5-21-689365640-92009327-2566536619-1001\...\Run: [] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844296 2012-12-20] (Samsung)
HKU\S-1-5-21-689365640-92009327-2566536619-1001\...\Run: [Sony PC Companion] => C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe [457088 2015-09-23] (Sony)
HKU\S-1-5-21-689365640-92009327-2566536619-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-12-18] (Google Inc.)
HKU\S-1-5-21-689365640-92009327-2566536619-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1476104 2012-12-20] (Samsung)
HKU\S-1-5-21-689365640-92009327-2566536619-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844296 2012-12-20] (Samsung)
HKU\S-1-5-21-689365640-92009327-2566536619-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Sony PC Companion] => C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe [457088 2015-09-23] (Sony)
HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [517632 2015-10-30] (Microsoft Corporation)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [176904 2015-07-23] (NVIDIA Corporation)
AppInit_DLLs: ,C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [176904 2015-07-23] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [155280 2015-07-23] (NVIDIA Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\lucted\AppData\Local\Microsoft\OneDrive\17.3.5892.0626_1\amd64\FileSyncShell64.dll [2016-01-06] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\lucted\AppData\Local\Microsoft\OneDrive\17.3.5892.0626_1\amd64\FileSyncShell64.dll [2016-01-06] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\lucted\AppData\Local\Microsoft\OneDrive\17.3.5892.0626_1\amd64\FileSyncShell64.dll [2016-01-06] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\lucted\AppData\Local\Microsoft\OneDrive\17.3.5892.0626_1\FileSyncShell.dll [2016-01-06] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\lucted\AppData\Local\Microsoft\OneDrive\17.3.5892.0626_1\FileSyncShell.dll [2016-01-06] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\lucted\AppData\Local\Microsoft\OneDrive\17.3.5892.0626_1\FileSyncShell.dll [2016-01-06] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2015-12-28]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\watchmi tray.lnk [2010-12-02]
ShortcutTarget: watchmi tray.lnk -> C:\Windows\Installer\{AA4D1C5E-116A-4FF4-AA91-28F526868203}\SHCT_TRAY_PROGRAMG_A10D8603999C4E9488776EF2533C58C9.exe (Acresso Software Inc.)

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1
Tcpip\Parameters: [NameServer] 82.163.142.7 95.211.158.134
Tcpip\..\Interfaces\{03825670-e143-4a1c-9d66-6b83c604caab}: [DhcpNameServer] 192.168.2.1 192.168.2.1
Tcpip\..\Interfaces\{5327d1c1-1dac-4479-9385-c34c11de559b}: [DhcpNameServer] 82.163.142.7

Internet Explorer:
==================
HKU\S-1-5-21-689365640-92009327-2566536619-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com
HKU\S-1-5-21-689365640-92009327-2566536619-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com
SearchScopes: HKLM -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKLM -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKLM-x32 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKLM-x32 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-689365640-92009327-2566536619-1001 -> DefaultScope {4BB7C960-1C70-484C-B979-2CCADBE00A6F} URL =
SearchScopes: HKU\S-1-5-21-689365640-92009327-2566536619-1001 -> {4BB7C960-1C70-484C-B979-2CCADBE00A6F} URL =
SearchScopes: HKU\S-1-5-21-689365640-92009327-2566536619-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {4BB7C960-1C70-484C-B979-2CCADBE00A6F} URL =
SearchScopes: HKU\S-1-5-21-689365640-92009327-2566536619-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {4BB7C960-1C70-484C-B979-2CCADBE00A6F} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2016-04-12] (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-27] (Google Inc.)
BHO: Kaspersky Protection plugin -> {C66D064F-82FE-4E1A-B06A-B2490BA48B18} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\x64\IEExt\ie_plugin.dll [2015-12-08] (AO Kaspersky Lab)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-04-12] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll => Keine Datei
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll [2014-12-12] (Oracle Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-27] (Google Inc.)
BHO-x32: Kaspersky Protection plugin -> {C66D064F-82FE-4E1A-B06A-B2490BA48B18} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\IEExt\ie_plugin.dll [2015-12-08] (AO Kaspersky Lab)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-12-12] (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-27] (Google Inc.)
Toolbar: HKLM - Kaspersky Protection toolbar - {3507FA00-ADA2-4A02-99B9-51AD26CA9120} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\x64\IEExt\ie_plugin.dll [2015-12-08] (AO Kaspersky Lab)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-27] (Google Inc.)
Toolbar: HKLM-x32 - Kaspersky Protection toolbar - {3507FA00-ADA2-4A02-99B9-51AD26CA9120} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\IEExt\ie_plugin.dll [2015-12-08] (AO Kaspersky Lab)
Toolbar: HKU\S-1-5-21-689365640-92009327-2566536619-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-27] (Google Inc.)
Toolbar: HKU\S-1-5-21-689365640-92009327-2566536619-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-27] (Google Inc.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1
FF DefaultSearchEngine: v9
FF SelectedSearchEngine: v9
FF Homepage: hxxp://www.web.de/
FF Keyword.URL: undefined://undefined/
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_21_0_0_242.dll [2016-05-13] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_242.dll [2016-05-13] ()
FF Plugin-x32: @java.com/DTPlugin,version=10.9.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2012-11-24] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-12-12] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-12-27] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-14] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-14] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2011-07-25] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2011-07-25] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin HKU\S-1-5-21-689365640-92009327-2566536619-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\lucted\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2013-06-06] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-689365640-92009327-2566536619-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\lucted\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2013-06-06] (Unity Technologies ApS)
FF user.js: detected! => C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\8hxidemf.default\user.js [2016-06-08]
FF user.js: detected! => C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\user.js [2016-06-08]
FF SearchPlugin: C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\8hxidemf.default\searchplugins\englische-ergebnisse.xml [2013-03-22]
FF SearchPlugin: C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\8hxidemf.default\searchplugins\gmx-suche.xml [2013-03-22]
FF SearchPlugin: C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\8hxidemf.default\searchplugins\lastminute.xml [2013-03-22]
FF SearchPlugin: C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\8hxidemf.default\searchplugins\webde-suche.xml [2013-03-22]
FF SearchPlugin: C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\searchplugins\englische-ergebnisse.xml [2013-03-22]
FF SearchPlugin: C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\searchplugins\gmx-suche.xml [2013-03-22]
FF SearchPlugin: C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\searchplugins\lastminute.xml [2013-03-22]
FF SearchPlugin: C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\searchplugins\webde-suche.xml [2013-03-22]
FF Extension: WEB.DE MailCheck - C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\extensions\browser-mailcheck@web.de [2016-03-26]
FF Extension: xRocket Toolbar - C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\extensions\arthurj8283@gmail.com [2016-05-09] [ist nicht signiert]
FF Extension: WEB.DE MailCheck - C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\8hxidemf.default\Extensions\browser-mailcheck@web.de [2016-03-26]
FF Extension: GsearchFinder - C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\Extensions\@E9438230-A7DF-4D1F-8F2D-CA1D0F0F7924.xpi [2016-03-24]
FF Extension: Gooding Toolbar - C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\Extensions\gooding-toolbar@gooding.de.xpi [2016-04-09]
FF Extension: Anti-Banner - C:\Program Files (x86)\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak2 [2016-03-19] [ist nicht signiert]
FF Extension: Modul zur Link-Untersuchung - C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak2 [2016-03-19] [ist nicht signiert]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2016-03-19] [ist nicht signiert]
FF HKLM-x32\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru => nicht gefunden
FF HKLM-x32\...\Firefox\Extensions: [arthurj8283@gmail.com] - C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\extensions\arthurj8283@gmail.com
FF HKLM-x32\...\Firefox\Extensions: [light_plugin_D772DC8D6FAF43A29B25C4EBAA5AD1DE@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\FFExt\light_plugin_firefox
FF Extension: Kaspersky Protection - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\FFExt\light_plugin_firefox [2016-06-07]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR DefaultSearchURL: Default -> hxxp://www.nicesearches.com/search.php?type=ds&ts=1462807746&from=87640509&uid=hitachixhts547575a9e384_j2540054ca75yeca75yex&z=addf052d28676756fb7e802g0z2q4oabfe0m8m3c7b&q={searchTerms}
CHR DefaultSearchKeyword: Default -> nice
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.112\gcswf32.dll => Keine Datei
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll => Keine Datei
CHR Plugin: (Java Deployment Toolkit 6.0.260.3) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll => Keine Datei
CHR Plugin: (Java(TM) Platform SE 6 U26) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll => Keine Datei
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll => Keine Datei
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll => Keine Datei
CHR Plugin: (Chrome NaCl) - C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.112\ppGoogleNaClPluginChrome.dll => Keine Datei
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.112\pdf.dll => Keine Datei
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll => Keine Datei
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Profile: C:\Users\lucted\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Kaspersky Protection) - C:\Users\lucted\AppData\Local\Google\Chrome\User Data\Default\Extensions\eahebamiopdhefndnmappcihfajigkka [2016-04-21]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\lucted\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-21]

==================== Dienste (Nicht auf der Ausnahmeliste) ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
R2 AVP16.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\avp.exe [194000 2015-12-08] (Kaspersky Lab ZAO)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3009264 2016-05-17] (Microsoft Corporation)
R2 FspSvc; C:\Windows\System32\FspService.exe [2178896 2015-05-29] ()
R2 iSafeService; C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe [118048 2016-05-24] (Elex do Brasil Participações Ltda)
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [Datei ist nicht signiert]
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [Datei ist nicht signiert]
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2010-12-14] () [Datei ist nicht signiert]
S3 vssbrigde64; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\x64\vssbridge64.exe [144640 2015-07-09] (AO Kaspersky Lab)
S2 watchmi; C:\Program Files (x86)\watchmi\TvdService.exe [62464 2010-12-06] () [Datei ist nicht signiert]
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
R3 WisLMSvc; C:\Program Files (x86)\Launch Manager\WisLMSvc.exe [118560 2011-08-06] (Wistron Corp.)
S2 jIxmRfR_protect; "C:\ProgramData\jIxmRfR\protect\protect.exe" [X]

===================== Treiber (Nicht auf der Ausnahmeliste) ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [389816 2015-07-06] (Kaspersky Lab ZAO)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)
R3 fspad_win764; C:\Windows\system32\DRIVERS\fspad_win764.sys [209232 2015-05-29] (Sentelic Corporation)
R1 iSafeKrnl; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnl.sys [262344 2016-05-24] (Elex do Brasil Participações Ltda)
S1 iSafeKrnlKit; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlKit.sys [110112 2016-05-24] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlMon; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlMon.sys [52440 2016-05-24] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlR3; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlR3.sys [103904 2016-05-24] (Elex do Brasil Participações Ltda)
R1 iSafeNetFilter; C:\Windows\System32\DRIVERS\iSafeNetFilter.sys [52392 2016-05-19] (Elex do Brasil Participações Ltda)
S3 IT9135BDA; C:\Windows\System32\Drivers\IT9135BDA.sys [165504 2011-08-10] (ITE                      )
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [478392 2015-06-22] (Kaspersky Lab ZAO)
R0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [53432 2015-06-06] (Kaspersky Lab ZAO)
R1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [70512 2015-06-27] (Kaspersky Lab ZAO)
R2 kldisk; C:\Windows\system32\DRIVERS\kldisk.sys [68280 2015-06-06] (Kaspersky Lab ZAO)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [30328 2015-06-24] (Kaspersky Lab)
R3 klflt; C:\Windows\system32\DRIVERS\klflt.sys [181640 2015-12-08] (AO Kaspersky Lab)
R1 klhk; C:\Windows\system32\DRIVERS\klhk.sys [227512 2015-12-08] (AO Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [934272 2015-12-08] (AO Kaspersky Lab)
R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [39608 2015-06-11] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [41656 2015-06-06] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [41656 2015-06-07] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [41352 2015-12-08] (AO Kaspersky Lab)
R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [87944 2015-12-08] (Kaspersky Lab ZAO)
R1 Klwtp; C:\Windows\system32\DRIVERS\klwtp.sys [102584 2015-06-16] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [187056 2015-06-23] (Kaspersky Lab ZAO)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-06-08] (Malwarebytes)
S3 mod7764; C:\Windows\System32\DRIVERS\mod77-64.sys [1077416 2010-09-16] (DiBcom SA)
R3 RTSUER; C:\Windows\system32\Drivers\RtsUer.sys [402960 2015-05-14] (Realsil Semiconductor Corporation)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
U3 idsvc; kein ImagePath
U4 klkbdflt2; \SystemRoot\system32\DRIVERS\klkbdflt2.sys [X]

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-06-08 09:33 - 2016-06-08 09:33 - 00002492 _____ C:\Users\lucted\Desktop\Sicherer Zahlungsverkehr.lnk
2016-06-08 09:32 - 2016-06-08 09:32 - 00000000 ____D C:\Users\lucted\AppData\Roaming\Elex-tech
2016-06-08 09:32 - 2016-05-19 08:42 - 00052392 _____ (Elex do Brasil Participações Ltda) C:\WINDOWS\system32\Drivers\iSafeNetFilter.sys
2016-06-08 09:03 - 2016-06-08 09:03 - 00000548 _____ C:\Users\lucted\Desktop\mbam.txt
2016-06-08 08:59 - 2016-06-08 08:59 - 00001684 _____ C:\WINDOWS\Tasks\jIxmRfRCheckTask.job
2016-06-08 08:59 - 2016-06-08 08:59 - 00000580 _____ C:\WINDOWS\Tasks\jIxmRfRBrowserUpdateCore.job
2016-06-08 08:39 - 2016-06-08 09:16 - 00000000 ____D C:\AdwCleaner
2016-06-08 07:53 - 2016-06-08 10:26 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-06-08 07:52 - 2016-06-08 07:52 - 00000919 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-06-08 07:52 - 2016-06-08 07:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-06-08 07:52 - 2016-06-08 07:52 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-06-08 07:52 - 2016-06-08 07:52 - 00000000 ____D C:\Benutzer
2016-06-08 07:52 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-06-08 07:52 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-06-08 07:52 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-06-08 07:49 - 2016-06-08 07:49 - 00001653 _____ C:\Users\lucted\Desktop\mbam-setup-2.2.1.1043.exe - Verknüpfung.lnk
2016-06-07 14:48 - 2016-06-07 14:48 - 00000000 ____D C:\TDSSKiller_Quarantine
2016-06-07 14:37 - 2016-06-07 15:03 - 00822490 _____ C:\TDSSKiller.3.1.0.9_07.06.2016_14.37.08_log.txt
2016-06-07 13:09 - 2016-06-07 13:11 - 00058934 _____ C:\Users\lucted\Desktop\Addition.txt
2016-06-07 13:07 - 2016-06-08 10:45 - 00000000 ____D C:\FRST
2016-06-07 13:07 - 2016-06-07 13:11 - 00066138 _____ C:\Users\lucted\Desktop\FRST.txt
2016-06-07 12:27 - 2016-06-08 09:48 - 00000000 ____D C:\Users\lucted\Trojaner-Board#
2016-06-07 10:45 - 2016-06-07 10:45 - 00002196 _____ C:\Users\Public\Desktop\Kaspersky Total Security.lnk
2016-06-07 10:45 - 2016-06-07 10:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Total Security
2016-06-07 10:45 - 2013-05-06 08:13 - 00110176 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\klfphc.dll
2016-06-07 10:44 - 2016-06-07 10:44 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab
2016-06-07 10:43 - 2015-12-08 21:34 - 00934272 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klif.sys
2016-06-07 10:43 - 2015-12-08 21:34 - 00227512 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klhk.sys
2016-06-07 10:43 - 2015-12-08 21:34 - 00181640 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klflt.sys
2016-06-07 10:41 - 2016-06-07 10:42 - 162961416 _____ (Kaspersky Lab) C:\Users\lucted\Downloads\kts16.0.0.614abcdde_9994(1).exe
2016-06-06 22:44 - 2016-06-06 23:00 - 00000000 ____D C:\KVRT_Data
2016-06-06 22:43 - 2016-06-06 22:43 - 94947664 _____ (Kaspersky Lab ZAO) C:\Users\lucted\Downloads\KVRT (3).exe
2016-06-06 22:40 - 2016-06-06 22:40 - 94947664 _____ (Kaspersky Lab ZAO) C:\Users\lucted\Downloads\KVRT (2).exe
2016-06-06 22:39 - 2016-06-06 22:44 - 94947664 _____ (Kaspersky Lab ZAO) C:\Users\lucted\Downloads\KVRT.exe
2016-06-06 22:39 - 2016-06-06 22:40 - 94947664 _____ (Kaspersky Lab ZAO) C:\Users\lucted\Downloads\KVRT (1).exe
2016-06-06 22:30 - 2016-06-06 22:33 - 162961416 _____ (Kaspersky Lab) C:\Users\lucted\Downloads\kts16.0.0.614abcdde_9994.exe
2016-06-06 22:17 - 2016-06-06 22:27 - 00000000 ____D C:\WINDOWS\Minidump
2016-06-01 08:40 - 2016-06-01 08:40 - 00000000 ____D C:\Program Files (x86)\TXQQBrowser
2016-05-27 10:29 - 2016-05-27 10:29 - 00000000 _____ C:\Users\Public\Documents\report.dat
2016-05-22 19:17 - 2016-05-22 19:17 - 00004336 _____ C:\Users\lucted\Downloads\MitteilungForm(1).pdf
2016-05-22 19:12 - 2016-05-22 19:12 - 00004394 _____ C:\Users\lucted\Downloads\MitteilungForm.pdf
2016-05-22 17:32 - 2016-05-22 17:32 - 00000000 ____D C:\Program Files\3d4c000a04d89a4d691861923d3e00f8
2016-05-22 17:31 - 2016-05-22 17:31 - 00079944 _____ C:\WINDOWS\system32\Drivers\9bbd853a1cc743e00bcc1b20a5622ae6.sys
2016-05-20 17:10 - 2016-05-20 17:10 - 00036153 _____ C:\Users\lucted\Downloads\Kontoumsaetze_848_031412000_20160520_171027.pdf
2016-05-11 10:32 - 2016-05-11 10:32 - 00984352 _____ ( ) C:\Users\lucted\Downloads\JavaSetup(1).exe
2016-05-11 10:27 - 2016-04-23 07:28 - 01542816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2016-05-11 10:27 - 2016-04-23 07:24 - 07474528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-05-11 10:27 - 2016-04-23 07:24 - 01819208 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-05-11 10:27 - 2016-04-23 07:10 - 03673424 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-05-11 10:27 - 2016-04-23 07:10 - 02919832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-05-11 10:27 - 2016-04-23 07:09 - 22561256 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-05-11 10:27 - 2016-04-23 07:09 - 21123320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-05-11 10:27 - 2016-04-23 07:09 - 05240960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2016-05-11 10:27 - 2016-04-23 07:08 - 06605504 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2016-05-11 10:27 - 2016-04-23 06:31 - 13018112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-05-11 10:27 - 2016-04-23 06:30 - 22379008 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-05-11 10:27 - 2016-04-23 06:28 - 16984576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-05-11 10:27 - 2016-04-23 06:26 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosStorage.dll
2016-05-11 10:27 - 2016-04-23 06:25 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll
2016-05-11 10:27 - 2016-04-23 06:23 - 11545088 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-05-11 10:27 - 2016-04-23 06:22 - 09918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-05-11 10:27 - 2016-04-23 06:22 - 00460800 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2016-05-11 10:27 - 2016-04-23 06:20 - 19344384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-05-11 10:27 - 2016-04-23 06:20 - 18676224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-05-11 10:27 - 2016-04-23 06:19 - 07977472 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2016-05-11 10:27 - 2016-04-23 06:19 - 01056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2016-05-11 10:27 - 2016-04-23 06:19 - 00970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2016-05-11 10:27 - 2016-04-23 06:19 - 00853504 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2016-05-11 10:27 - 2016-04-23 06:19 - 00440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
2016-05-11 10:27 - 2016-04-23 06:18 - 24604672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-05-11 10:27 - 2016-04-23 06:18 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2016-05-11 10:27 - 2016-04-23 06:18 - 00939520 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2016-05-11 10:27 - 2016-04-23 06:18 - 00870400 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2016-05-11 10:27 - 2016-04-23 06:18 - 00349696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2016-05-11 10:27 - 2016-04-23 06:16 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2016-05-11 10:27 - 2016-04-23 06:15 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2016-05-11 10:27 - 2016-04-23 06:15 - 00784896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
2016-05-11 10:27 - 2016-04-23 06:15 - 00348672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll
2016-05-11 10:27 - 2016-04-23 06:14 - 13383168 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-05-11 10:27 - 2016-04-23 06:14 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2016-05-11 10:27 - 2016-04-23 06:13 - 07200256 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2016-05-11 10:27 - 2016-04-23 06:13 - 06295552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2016-05-11 10:27 - 2016-04-23 06:10 - 12125696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-05-11 10:27 - 2016-04-23 06:08 - 02061824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2016-05-11 10:27 - 2016-04-23 06:07 - 05205504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2016-05-11 10:27 - 2016-04-23 06:06 - 06974464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-05-11 10:27 - 2016-04-23 06:03 - 05660160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-05-11 10:27 - 2016-04-23 06:02 - 07832576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-05-11 10:26 - 2016-05-06 06:53 - 00095072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdport.sys
2016-05-11 10:26 - 2016-05-06 06:03 - 00649216 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2016-05-11 10:26 - 2016-05-06 05:53 - 00351232 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnr.dll
2016-05-11 10:26 - 2016-05-06 05:49 - 00289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnrSvc.dll
2016-05-11 10:26 - 2016-05-06 05:44 - 00582656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngccredprov.dll
2016-05-11 10:26 - 2016-04-30 08:42 - 01387520 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-05-11 10:26 - 2016-04-30 08:31 - 03591168 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-05-11 10:26 - 2016-04-23 08:12 - 01401024 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-05-11 10:26 - 2016-04-23 08:12 - 01184960 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-05-11 10:26 - 2016-04-23 08:12 - 00713920 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2016-05-11 10:26 - 2016-04-23 08:12 - 00514752 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-05-11 10:26 - 2016-04-23 08:12 - 00294592 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-05-11 10:26 - 2016-04-23 08:12 - 00190144 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2016-05-11 10:26 - 2016-04-23 08:12 - 00092352 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-05-11 10:26 - 2016-04-23 08:12 - 00046784 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2016-05-11 10:26 - 2016-04-23 07:28 - 01557768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2016-05-11 10:26 - 2016-04-23 07:26 - 00707608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2016-05-11 10:26 - 2016-04-23 07:24 - 01997328 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2016-05-11 10:26 - 2016-04-23 07:24 - 00754664 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2016-05-11 10:26 - 2016-04-23 07:22 - 01161120 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2016-05-11 10:26 - 2016-04-23 07:12 - 00925064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2016-05-11 10:26 - 2016-04-23 07:12 - 00451928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll
2016-05-11 10:26 - 2016-04-23 07:12 - 00413536 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifitask.exe
2016-05-11 10:26 - 2016-04-23 07:11 - 01092464 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2016-05-11 10:26 - 2016-04-23 07:11 - 00498960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2016-05-11 10:26 - 2016-04-23 07:11 - 00390496 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll
2016-05-11 10:26 - 2016-04-23 07:10 - 00330072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2016-05-11 10:26 - 2016-04-23 07:09 - 04074160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2016-05-11 10:26 - 2016-04-23 07:09 - 00569744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll
2016-05-11 10:26 - 2016-04-23 07:09 - 00303216 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe
2016-05-11 10:26 - 2016-04-23 07:09 - 00255168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe
2016-05-11 10:26 - 2016-04-23 07:08 - 04515256 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2016-05-11 10:26 - 2016-04-23 07:08 - 00725776 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll
2016-05-11 10:26 - 2016-04-23 07:07 - 01848072 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2016-05-11 10:26 - 2016-04-23 07:07 - 01536088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2016-05-11 10:26 - 2016-04-23 07:06 - 00291360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininit.exe
2016-05-11 10:26 - 2016-04-23 07:02 - 00188256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2016-05-11 10:26 - 2016-04-23 07:01 - 01996640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-05-11 10:26 - 2016-04-23 07:01 - 00650304 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2016-05-11 10:26 - 2016-04-23 07:01 - 00619296 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10level9.dll
2016-05-11 10:26 - 2016-04-23 07:01 - 00577368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-05-11 10:26 - 2016-04-23 07:01 - 00522176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2016-05-11 10:26 - 2016-04-23 07:01 - 00513368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10level9.dll
2016-05-11 10:26 - 2016-04-23 07:01 - 00393568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2016-05-11 10:26 - 2016-04-23 07:01 - 00217440 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2016-05-11 10:26 - 2016-04-23 07:00 - 01776768 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2016-05-11 10:26 - 2016-04-23 07:00 - 01594920 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2016-05-11 10:26 - 2016-04-23 07:00 - 01522152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2016-05-11 10:26 - 2016-04-23 07:00 - 01399224 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2016-05-11 10:26 - 2016-04-23 07:00 - 01372304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2016-05-11 10:26 - 2016-04-23 07:00 - 01337240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2016-05-11 10:26 - 2016-04-23 07:00 - 00550656 _____ (Microsoft Corporation) C:\WINDOWS\system32\directmanipulation.dll
2016-05-11 10:26 - 2016-04-23 06:56 - 00534872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2016-05-11 10:26 - 2016-04-23 06:39 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsCSP.dll
2016-05-11 10:26 - 2016-04-23 06:35 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosHostClient.dll
2016-05-11 10:26 - 2016-04-23 06:32 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseDesktopAppMgmtCSP.dll
2016-05-11 10:26 - 2016-04-23 06:32 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapsupdatetask.dll
2016-05-11 10:26 - 2016-04-23 06:31 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll
2016-05-11 10:26 - 2016-04-23 06:30 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2016-05-11 10:26 - 2016-04-23 06:29 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe
2016-05-11 10:26 - 2016-04-23 06:29 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll
2016-05-11 10:26 - 2016-04-23 06:26 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2016-05-11 10:26 - 2016-04-23 06:25 - 00617984 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2016-05-11 10:26 - 2016-04-23 06:25 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2016-05-11 10:26 - 2016-04-23 06:24 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2016-05-11 10:26 - 2016-04-23 06:24 - 00292864 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2016-05-11 10:26 - 2016-04-23 06:24 - 00287232 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll
2016-05-11 10:26 - 2016-04-23 06:24 - 00181248 _____ (Microsoft Corporation) C:\WINDOWS\system32\shacct.dll
2016-05-11 10:26 - 2016-04-23 06:24 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\SubscriptionMgr.dll
2016-05-11 10:26 - 2016-04-23 06:21 - 00479232 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2016-05-11 10:26 - 2016-04-23 06:21 - 00314880 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
2016-05-11 10:26 - 2016-04-23 06:20 - 00606720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2016-05-11 10:26 - 2016-04-23 06:20 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2016-05-11 10:26 - 2016-04-23 06:20 - 00484352 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataSenseHandlers.dll
2016-05-11 10:26 - 2016-04-23 06:20 - 00356864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2016-05-11 10:26 - 2016-04-23 06:20 - 00307200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2016-05-11 10:26 - 2016-04-23 06:20 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shacct.dll
2016-05-11 10:26 - 2016-04-23 06:18 - 00988672 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2016-05-11 10:26 - 2016-04-23 06:18 - 00804352 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2016-05-11 10:26 - 2016-04-23 06:18 - 00605184 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2016-05-11 10:26 - 2016-04-23 06:18 - 00585728 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2016-05-11 10:26 - 2016-04-23 06:18 - 00515072 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2016-05-11 10:26 - 2016-04-23 06:18 - 00471552 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2016-05-11 10:26 - 2016-04-23 06:17 - 01213440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2016-05-11 10:26 - 2016-04-23 06:17 - 00529920 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2016-05-11 10:26 - 2016-04-23 06:17 - 00388608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2016-05-11 10:26 - 2016-04-23 06:16 - 01319424 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2016-05-11 10:26 - 2016-04-23 06:16 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2016-05-11 10:26 - 2016-04-23 06:15 - 01073152 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2016-05-11 10:26 - 2016-04-23 06:15 - 00865792 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2016-05-11 10:26 - 2016-04-23 06:15 - 00673280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2016-05-11 10:26 - 2016-04-23 06:14 - 00870912 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2016-05-11 10:26 - 2016-04-23 06:14 - 00821760 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2016-05-11 10:26 - 2016-04-23 06:14 - 00647680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2016-05-11 10:26 - 2016-04-23 06:14 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2016-05-11 10:26 - 2016-04-23 06:14 - 00354304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
2016-05-11 10:26 - 2016-04-23 06:14 - 00342528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2016-05-11 10:26 - 2016-04-23 06:13 - 00705536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2016-05-11 10:26 - 2016-04-23 06:13 - 00489984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2016-05-11 10:26 - 2016-04-23 06:13 - 00434688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2016-05-11 10:26 - 2016-04-23 06:12 - 00667648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2016-05-11 10:26 - 2016-04-23 06:10 - 00639488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2016-05-11 10:26 - 2016-04-23 06:09 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-05-11 10:26 - 2016-04-23 06:09 - 02582016 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2016-05-11 10:26 - 2016-04-23 06:08 - 05324288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2016-05-11 10:26 - 2016-04-23 06:07 - 02598912 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2016-05-11 10:26 - 2016-04-23 06:07 - 01500160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-05-11 10:26 - 2016-04-23 06:07 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2016-05-11 10:26 - 2016-04-23 06:05 - 05502976 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2016-05-11 10:26 - 2016-04-23 06:05 - 02166784 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-05-11 10:26 - 2016-04-23 06:05 - 02066432 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2016-05-11 10:26 - 2016-04-23 06:05 - 01946112 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2016-05-11 10:26 - 2016-04-23 06:05 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2016-05-11 10:26 - 2016-04-23 06:05 - 00613376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
2016-05-11 10:26 - 2016-04-23 06:04 - 04759040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2016-05-11 10:26 - 2016-04-23 06:04 - 01731072 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-05-11 10:26 - 2016-04-23 06:03 - 04894208 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-05-11 10:26 - 2016-04-23 06:03 - 02280960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-05-11 10:26 - 2016-04-23 06:03 - 02000896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2016-05-11 10:26 - 2016-04-23 06:03 - 00754176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2016-05-11 10:26 - 2016-04-23 06:03 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll
2016-05-11 10:26 - 2016-04-23 06:02 - 02444288 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2016-05-11 10:26 - 2016-04-23 06:01 - 04775424 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2016-05-11 10:26 - 2016-04-23 06:00 - 01390080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-05-11 10:26 - 2016-04-23 06:00 - 00984576 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2016-05-11 10:26 - 2016-04-23 04:10 - 00215040 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2016-05-11 10:25 - 2016-05-06 06:05 - 00241664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll
2016-05-11 10:25 - 2016-05-06 05:43 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll
2016-05-11 10:25 - 2016-05-06 05:23 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcpopkeysrv.dll
2016-05-11 10:25 - 2016-04-23 07:24 - 00638816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2016-05-11 10:25 - 2016-04-23 07:24 - 00335712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
2016-05-11 10:25 - 2016-04-23 07:24 - 00099680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2016-05-11 10:25 - 2016-04-23 07:18 - 00026408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2016-05-11 10:25 - 2016-04-23 07:13 - 00502104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2016-05-11 10:25 - 2016-04-23 07:13 - 00306832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanapi.dll
2016-05-11 10:25 - 2016-04-23 07:13 - 00084832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2016-05-11 10:25 - 2016-04-23 07:11 - 00696672 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2016-05-11 10:25 - 2016-04-23 07:11 - 00131424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ufxsynopsys.sys
2016-05-11 10:25 - 2016-04-23 07:11 - 00115040 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2016-05-11 10:25 - 2016-04-23 07:09 - 00565600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2016-05-11 10:25 - 2016-04-23 07:09 - 00465760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2016-05-11 10:25 - 2016-04-23 07:07 - 00204048 _____ (Microsoft Corporation) C:\WINDOWS\system32\rsaenh.dll
2016-05-11 10:25 - 2016-04-23 07:07 - 00183904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rsaenh.dll
2016-05-11 10:25 - 2016-04-23 07:00 - 00453472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\directmanipulation.dll
2016-05-11 10:25 - 2016-04-23 07:00 - 00058208 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwminit.dll
2016-05-11 10:25 - 2016-04-23 06:34 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbser.sys
2016-05-11 10:25 - 2016-04-23 06:34 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\hmkd.dll
2016-05-11 10:25 - 2016-04-23 06:34 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2016-05-11 10:25 - 2016-04-23 06:33 - 00089600 _____ (Microsoft Corporation) C:\WINDOWS\system32\NFCProvisioningPlugin.dll
2016-05-11 10:25 - 2016-04-23 06:33 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshbth.dll
2016-05-11 10:25 - 2016-04-23 06:33 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmCx.sys
2016-05-11 10:25 - 2016-04-23 06:33 - 00038400 _____ (Microsoft Corporation) C:\WINDOWS\system32\ByteCodeGenerator.exe
2016-05-11 10:25 - 2016-04-23 06:32 - 00134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wificonnapi.dll
2016-05-11 10:25 - 2016-04-23 06:30 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosHostClient.dll
2016-05-11 10:25 - 2016-04-23 06:29 - 00192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
2016-05-11 10:25 - 2016-04-23 06:29 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll
2016-05-11 10:25 - 2016-04-23 06:29 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\filecrypt.sys
2016-05-11 10:25 - 2016-04-23 06:29 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hmkd.dll
2016-05-11 10:25 - 2016-04-23 06:29 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ByteCodeGenerator.exe
2016-05-11 10:25 - 2016-04-23 06:29 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2016-05-11 10:25 - 2016-04-23 06:28 - 00130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudDomainJoinDataModelServer.dll
2016-05-11 10:25 - 2016-04-23 06:28 - 00127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEDataLayerHelpers.dll
2016-05-11 10:25 - 2016-04-23 06:28 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll
2016-05-11 10:25 - 2016-04-23 06:28 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2016-05-11 10:25 - 2016-04-23 06:28 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshbth.dll
2016-05-11 10:25 - 2016-04-23 06:27 - 00155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidclass.sys
2016-05-11 10:25 - 2016-04-23 06:27 - 00039424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wfdprov.dll
2016-05-11 10:25 - 2016-04-23 06:26 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdbusenum.dll
2016-05-11 10:25 - 2016-04-23 06:25 - 00630784 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll
2016-05-11 10:25 - 2016-04-23 06:25 - 00207360 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2016-05-11 10:25 - 2016-04-23 06:24 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-05-11 10:25 - 2016-04-23 06:24 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEDataLayerHelpers.dll
2016-05-11 10:25 - 2016-04-23 06:23 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2016-05-11 10:25 - 2016-04-23 06:23 - 00279040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ListSvc.dll
2016-05-11 10:25 - 2016-04-23 06:23 - 00179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\BrowserSettingSync.dll
2016-05-11 10:25 - 2016-04-23 06:23 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BluetoothApis.dll
2016-05-11 10:25 - 2016-04-23 06:22 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll
2016-05-11 10:25 - 2016-04-23 06:19 - 00395264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlansec.dll
2016-05-11 10:25 - 2016-04-23 06:19 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BrowserSettingSync.dll
2016-05-11 10:25 - 2016-04-23 06:18 - 00436736 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2016-05-11 10:25 - 2016-04-23 06:18 - 00219648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2016-05-11 10:25 - 2016-04-23 06:17 - 00337920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanmsm.dll
2016-05-11 10:25 - 2016-04-23 06:15 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2016-05-11 10:25 - 2016-04-23 06:05 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2016-05-11 10:25 - 2016-04-23 06:05 - 00103936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2016-05-11 10:25 - 2016-04-23 06:03 - 02193408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2016-05-11 10:25 - 2016-04-23 05:45 - 00461824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2016-05-11 10:25 - 2016-04-23 04:10 - 00002186 _____ C:\WINDOWS\system32\AppxProvisioning.xml
2016-05-11 10:25 - 2016-04-19 00:30 - 00002186 _____ C:\WINDOWS\SysWOW64\AppxProvisioning.xml

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-06-08 10:46 - 2012-12-05 19:45 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-06-08 10:41 - 2011-12-18 00:08 - 00001138 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-06-08 10:41 - 2011-12-18 00:08 - 00001134 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-06-08 09:44 - 2012-01-19 23:47 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2016-06-08 09:31 - 2016-01-06 14:04 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-06-08 09:31 - 2016-01-06 13:36 - 00000000 ____D C:\ProgramData\NVIDIA
2016-06-08 09:31 - 2015-10-30 08:28 - 00786432 ___SH C:\WINDOWS\system32\config\BBI
2016-06-08 09:17 - 2016-04-21 13:26 - 00000000 ____D C:\WINDOWS\system32\log
2016-06-08 09:17 - 2016-03-26 10:41 - 00000008 __RSH C:\ProgramData\ntuser.pol
2016-06-08 08:41 - 2016-04-21 13:26 - 00014824 _____ C:\WINDOWS\System32\Tasks\jIxmRfRBrowserUpdateUA
2016-06-08 08:41 - 2016-04-21 13:26 - 00014802 _____ C:\WINDOWS\System32\Tasks\jIxmRfRCheckTask
2016-06-08 08:41 - 2016-04-21 13:26 - 00003888 _____ C:\WINDOWS\System32\Tasks\jIxmRfRBrowserUpdateCore
2016-06-08 07:48 - 2015-10-30 09:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-06-08 07:48 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-06-08 07:47 - 2011-12-18 00:08 - 00002298 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-06-08 07:47 - 2011-12-18 00:08 - 00002286 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-06-08 07:44 - 2015-12-28 14:36 - 00004156 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{845ECAD7-6284-46CB-831F-F26619A16307}
2016-06-07 12:27 - 2016-01-06 13:40 - 00000000 ____D C:\Users\lucted
2016-06-07 10:46 - 2015-10-30 09:21 - 00000000 ____D C:\WINDOWS\INF
2016-06-07 10:45 - 2015-10-30 08:28 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2016-06-07 10:44 - 2015-10-30 09:24 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2016-06-07 07:50 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-06-06 22:17 - 2014-05-17 20:56 - 597610651 _____ C:\WINDOWS\MEMORY.DMP
2016-05-27 12:34 - 2016-04-21 13:26 - 00002179 _____ C:\Users\lucted\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-05-27 09:49 - 2015-10-30 09:24 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-05-27 09:48 - 2014-12-24 15:23 - 00000000 ____D C:\Program Files\Microsoft Office 15
2016-05-24 18:41 - 2015-12-30 14:28 - 00000000 ____D C:\Users\lucted\Documents\Carola DAK
2016-05-24 13:47 - 2016-03-26 10:41 - 00000000 ____D C:\Program Files\43479b7a0f48684bb2a08ceca5cd1e79
2016-05-22 17:31 - 2016-03-24 07:07 - 00649728 _____ C:\WINDOWS\185a19c9f926fa9d8c455bcb810deb50.exe
2016-05-20 18:35 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\rescache
2016-05-20 17:20 - 2015-10-30 09:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-05-19 07:26 - 2015-09-10 07:37 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-05-15 14:14 - 2015-10-30 20:44 - 00000000 ____D C:\Program Files\Windows Journal
2016-05-15 14:14 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-05-15 14:14 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-05-15 14:14 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\Provisioning
2016-05-15 14:14 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-05-15 14:13 - 2015-10-30 09:24 - 00015703 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
2016-05-15 11:54 - 2013-07-14 22:06 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-05-15 11:31 - 2011-08-10 17:28 - 139319312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-05-13 08:44 - 2015-10-11 14:37 - 00000000 ____D C:\Users\lucted\AppData\Local\Packages
2016-05-11 21:57 - 2015-10-30 09:26 - 00829944 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-05-11 21:57 - 2015-10-30 09:26 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-05-11 10:36 - 2011-12-18 00:08 - 00004196 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-05-11 10:36 - 2011-12-18 00:08 - 00003964 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2012-03-18 21:30 - 2012-03-18 21:30 - 0017408 _____ () C:\Users\lucted\AppData\Local\WebpageIcons.db
2015-12-28 14:29 - 2016-03-30 18:12 - 0002385 _____ () C:\ProgramData\hpzinstall.log

Einige Dateien in TEMP:
====================
C:\Users\lucted\AppData\Local\Temp\768db308-080f-47ae-b0fa-78df70620d31.exe
C:\Users\lucted\AppData\Local\Temp\ACLMInstaller.exe
C:\Users\lucted\AppData\Local\Temp\libeay32.dll
C:\Users\lucted\AppData\Local\Temp\msvcr120.dll
C:\Users\lucted\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert


LastRegBack: 2016-06-06 20:32

==================== Ende von FRST.txt ============================

burningice 08.06.2016 11:16
Okay besser - bitte führe einen neuen Suchlauf mit Malwarebytes durch und zeige mir dann das ergebnis:

http://filepony.de/icon/tiny/malware...ti_malware.png Starte bitte wieder Malwarebytes Anti-Malware
  • Klicke auf Dashboard und klicke unter dem Punkt Datenbankversion auf "Jetzt aktualisieren"
  • Wechsle zum Reiter Scannen und wähle den Bedrohungssuchlauf aus und klicke im Anschluss auf Suchlauf starten
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Suchlaufprotokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Caroblue 08.06.2016 13:23
Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlaufdatum: 08.06.2016
Suchlaufzeit: 12:28
Protokolldatei: mbam.txt
Administrator: Ja

Version: 2.2.1.1043
Malware-Datenbank: v2016.06.08.03
Rootkit-Datenbank: v2016.05.27.01
Lizenz: Kostenlose Version
Malware-Schutz: Deaktiviert
Schutz vor bösartigen Websites: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 10
CPU: x64
Dateisystem: NTFS
Benutzer: lucted

Suchlauftyp: Bedrohungssuchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 444834
Abgelaufene Zeit: 48 Min., 55 Sek.

Speicher: Aktiviert
Start: Aktiviert
Dateisystem: Aktiviert
Archive: Deaktiviert
Rootkits: Aktiviert
Heuristik: Deaktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(keine bösartigen Elemente erkannt)

Module: 0
(keine bösartigen Elemente erkannt)

Registrierungsschlüssel: 0
(keine bösartigen Elemente erkannt)

Registrierungswerte: 0
(keine bösartigen Elemente erkannt)

Registrierungsdaten: 0
(keine bösartigen Elemente erkannt)

Ordner: 0
(keine bösartigen Elemente erkannt)

Dateien: 0
(keine bösartigen Elemente erkannt)

Physische Sektoren: 0
(keine bösartigen Elemente erkannt)


(end)

burningice 08.06.2016 19:46
Schritt: 1
Öffne wieder FRST und kopiere das folgende in das weiße Feld:
Code:
YAC
Drücke dann auf dem Button "Registry-Suche".

Es wird eine Search.txt erstellt werden, bitte poste diese wieder hier.

Schritt: 2

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Hinweis: Dieser Scan kann schon einmal mehrere Stunden dauern...

Caroblue 09.06.2016 12:16
Schritt 1 erster Teil:

Code:
Farbar Recovery Scan Tool (x64) Version:07-06-2016
durchgeführt von lucted (2016-06-09 13:09:36)
Gestartet von C:\Users\lucted\Trojaner-Board#
Start-Modus: Normal

================== Registry-Suche: "YAC" ===========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{91f39027-217f-11da-b2a4-000e7bbb2b09}\ProgID]
""="X509Enrollment.CX509EnrollmentPolicyActiveDirectory.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{91f39027-217f-11da-b2a4-000e7bbb2b09}\VersionIndependentProgID]
""="X509Enrollment.CX509EnrollmentPolicyActiveDirectory"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\c:|Program Files (x86)|Microsoft Silverlight|5.1.30514.0|ca|Microsoft.VisualBasic.resources.dll]
"Microsoft.VisualBasic.resources,culture="ca",fileVersion="5.1.30514.0",processorArchitecture="MSIL",publicKeyToken="31bf3856ad364e35",version="5.0.5.0""="3PgDT0$gy?~Dc}DI]?&!Complete5.1.30514.0>g'{W6F'x,9vJe7OsknI%
3PgDT0$gy?~Dc}DI]?&!Complete5.1.30514.0>YaC`T(JW09yvA,gZ?G}c"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0220BB94-AF33-412C-A1AC-B1C0489198D8}]
""="INVPropertyActionList"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2FE9F084-1511-3052-BE7C-9010B522C10E}]
""="_QueryAccessibilityHelpEventArgs"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{39D1AE9A-CD84-4141-B7DC-D2FE52FE31C4}]
""="INVPropertyAction"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3CD63077-A08C-481A-93EB-C5D7568AE886}]
""="__x_Windows_CInternal_CSettingSync_CINotifyAccountChange"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{7197B56B-5FA1-31EF-B38B-62FEE737277F}]
""="IContextPropertyActivator"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{72D2B858-9C0E-4D5F-A443-3E03C9E8CA6D}]
""="INVRegistryAction"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C84650E2-FCB3-435B-AEE4-13FD49C3BF5D}]
""="__x_Windows_CUI_CCore_CIAcceleratorKeyActivatedEventHandler"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{CFDE84A5-9FCC-4BED-80A7-9DBFA0DC1102}]
""="INVStandardPropertyAction"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}]
""="_MyAccountCommand"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{BA99AE52-D539-362F-B78C-4E84C14158BF}\2.0.0.0]
"Class"="System.Security.Permissions.SecurityAction"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{BA99AE52-D539-362F-B78C-4E84C14158BF}\4.0.0.0]
"Class"="System.Security.Permissions.SecurityAction"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{91f39027-217f-11da-b2a4-000e7bbb2b09}\ProgID]
""="X509Enrollment.CX509EnrollmentPolicyActiveDirectory.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{91f39027-217f-11da-b2a4-000e7bbb2b09}\VersionIndependentProgID]
""="X509Enrollment.CX509EnrollmentPolicyActiveDirectory"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{0006302D-0000-0000-C000-000000000046}]
""="_PropertyAccessor"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{0220BB94-AF33-412C-A1AC-B1C0489198D8}]
""="INVPropertyActionList"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{2FE9F084-1511-3052-BE7C-9010B522C10E}]
""="_QueryAccessibilityHelpEventArgs"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{39D1AE9A-CD84-4141-B7DC-D2FE52FE31C4}]
""="INVPropertyAction"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{3CD63077-A08C-481A-93EB-C5D7568AE886}]
""="__x_Windows_CInternal_CSettingSync_CINotifyAccountChange"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7197B56B-5FA1-31EF-B38B-62FEE737277F}]
""="IContextPropertyActivator"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{72D2B858-9C0E-4D5F-A443-3E03C9E8CA6D}]
""="INVRegistryAction"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C84650E2-FCB3-435B-AEE4-13FD49C3BF5D}]
""="__x_Windows_CUI_CCore_CIAcceleratorKeyActivatedEventHandler"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{CFDE84A5-9FCC-4BED-80A7-9DBFA0DC1102}]
""="INVStandardPropertyAction"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\X509Enrollment.CX509EnrollmentPolicyActiveDirectory]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\X509Enrollment.CX509EnrollmentPolicyActiveDirectory\CurVer]
""="X509Enrollment.CX509EnrollmentPolicyActiveDirectory.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\X509Enrollment.CX509EnrollmentPolicyActiveDirectory.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\15.0\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\Interface\{0006302D-0000-0000-C000-000000000046}]
""="_PropertyAccessor"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\15.0\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00005109F00000000000000000F01FEC\Features]
"OneNoteFiles"="AsUCo4vN.=Vo-%cn8$Ka]Tp^st!0?=P=G9Y6WNOVWCP'kxtTZ8t8tY^,VUZKM1iNqV,E`?8[NwYd!*tnx-Yb^=w'z@'nE~DV'dI?z+7Jkmy+x=E*zDA%@U,oDGvkRr9rN?4S8?T_0jM''owU$mTk'@arP=8QaN4@UEge80ngu=z$o^yaCg?U)$NF^[TT29iZWWdLiksS{KPImn7Zt@q9Lh7r^80bBrfqHmX{G@w7YOUrJ,'Pz{W~vR(S&?yF9'ObjRxihTrbC6[(t=5tgYGM&dBr=7pIBRve^?Gva,Ei550^PSk@Eg6j{8U{IXhksZ8cPxo=P+G$$=bE.xf'!B^n$7()mLYP8@ar$(,I*IHRK'N~o?v')?^l`V%RY}qDEG2M)Rjq8Ax4AIL^l.DxpDM!Y)r}==m+bv2J&l`j4N+b7jL,0A0]}hxYWh-3(z9$p[NLI@uqrn=Rv-rS"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\current\device\DataProtection]
"AllowDirectMemoryAccess"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\DataProtection\AllowDirectMemoryAccess]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Speech_OneCore\Settings]
"PrivacyPolicyAcceptance"="2"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\051BEB0D640249F4EAB7AE677752296F\Features]
"Common_PPPFiles32"=")2F9[qM8RGDpH8$gpF[mFZQQE,lNmQw,tN%lgL2ny9ds50YXj?1l^[GLXVL^bo7*0`^X(=7qsiR3}=UMgns^uOkV_=Yb&i962,H+}Ylflr!O.A@pnOu{6}[RJ+]msmTyL?Ar2vY&i1J]QDQl,JA~Y=K&va+F?EG.uHRYdz){,?3ny7DgKgFJHO&3*rOC'?,,ZMpH60Wdiv$5*gCH99hQ{+c7Y^(X*SyrQdH([=w?g~z(drHm)rH)&5l2^@Se`LYHFmpnLiQF@k_R=@v'IXpyiQ%@YtAq*q)4j?{cpDQYP)Ze&0}&jh-ex@C0X!YVT}35E(Jp(2sX2?FgulYCVP!nu^d5Ar`pX8=H&eqMHpCBwIrZ*]1@h=RbR+*90YP`z^j{&Uw%x@)!GM6*Z99N$yJn1oMEV=qzGT'x8wE!Y.9Oz~Oex9]W@9zT7QMN!rZ3fbc0?9i'Ejy&fyvq(oy9CBck+9C@&XTRwf)q'}E%mHVS@@`og6.JSLcg2!E=v+XGA9i*I.Z*`-GL&FgW10{ug@F8_KeC0Liu!S].us&%i@GX.t51=U~8P~2+ptr%D9FWMp*pI)`F3gq5[S0T3?y5MYUWC~uqLpm}AjBo7Ar5.uYIirptJ.s`nbk!o845.H'A!e1?P@B6r5Kp79(v]d]1b4G=qn99Z'15J?b?3[7icY6FK@6yyyw8!?FrylySdQ{PBzH,yc=uB2&S3vZz'7!`c,IYm_KAfNa$]fJ.9Oa]TGar@%r0eK^V!*?0h}'h&z6Mvj%&**RV9g[(oqe1(1izNBKUPn+m'EG)RV43sU8@PO'J%{wlsrHH6Me5EDLxnIvvf)VqjnfK}sd8zjmC1Of%?dLM3+?N{B!pht4xv4}}e9a!giq+%aN0CK'(tRiNOxDf24+q2KMji%kIZyaCVfLI8R]dK(5ISRv@'qo6$[^NYoNOaqlnj%0fADfmkF1-ww298cI[q[f.{0C*KEgvjE2Yx2G0wggL^V')d-~~lq=x!.h(xgsVp?-H6Fd!Ojd7Gh%r+Xn^iJ&MH^8m8RcY`m?LEHNNnRHwkq0_CNHjQnt'ri-R-bM`OuZ1*'ieW1yzacCuO2-p@qdps'C?U)Br%GasHMFdte-CG1p0Wh.juF}zStAcy2?iGPnXCkJN=+~g=POrksbmA~T(C5{p^L!aJx.fiR~EOKD4$yuK(2{gPBz_Q@0lL5eh4}P%2}DIF(vmsQjDJ@FC0I&bJRp,'-1}OgJ@S4t75P$EPPPFiles"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\051BEB0D640249F4EAB7AE677752296F\Features]
"Common_DrPFiles32"=")2F9[qM8RGDpH8$gpF[mFZQQE,lNmQw,tN%lgL2ny9ds50YXj?1l^[GLXVL^bo7*0`^X(=7qsiR3}=UMgns^uOkV_=Yb&i962,H+}Ylflr!O.A@pnOu{6}[RJ+]msmTyL?Ar2vY&i1J]QDQl,JA~Y=K&va+F?EG.uHRYdz){,?3ny7DgKgFJHO&3*rOC'?,,ZMpH60Wdiv$5*gCH99hQ{+c7Y^(X*SyrQdH([=w?g~z(drHm)rH)&5l2^@Se`LYHFmpnLiQF@k_R=@v'IXpyiQ%@YtAq*q)4j?{cpDQYP)Ze&0}&jh-ex@C0X!YVT}35E(Jp(2sX2?FgulYCVP!nu^d5Ar`pX8=H&eqMHpCBwIrZ*]1@h=RbR+*90YP`z^j{&Uw%x@)!GM6*Z99N$yJn1oMEV=qzGT'x8wE!Y.9Oz~Oex9]W@9zT7QMN!rZ3fbc0?9i'Ejy&fyvq(oy9CBck+9C@&XTRwf)q'}E%mHVS@@`og6.JSLcg2!E=v+XGA9i*I.Z*`-GL&FgW10{ug@F8_KeC0Liu!S].us&%i@GX.t51=U~8P~2+ptr%D9FWMp*pI)`F3gq5[S0T3?y5MYUWC~uqLpm}AjBo7Ar5.uYIirptJ.s`nbk!o845.H'A!e1?P@B6r5Kp79(v]d]1b4G=qn99Z'15J?b?3[7icY6FK@6yyyw8!?FrylySdQ{PD2?mAfSPQ=wwutct-(e2dp%UK8WVV??KU44HvI&Kh[c~Ia.BV?MJ~'{7CX.-ag*qy]z.M@M)7k=[?srlBzH,yc=uB2&S3vZz'7!`c,IYm_KAfNa$]fJ.9Oa]TGar@%r0eK^V!*?0h}'h&z6Mvj%&**RV9g[(oqe1(1izNBKUPn+m'EG)RV43sU8@PO'J%{wlsrHH6Me5EDLxnIvvf)VqjnfK}sd8zjmC1Of%?dLM3+?N{B!pht4xv4}}e9a!giq+%aN0CK'(tRiNOxDf24+q2KMji%kIZyaCVfLI8R]dK(5ISRv@'qo6$[^NYoNOaqlnj%0fADfmkF1-ww298cI[q[f.{0C*KEgvjE2Yx2G0wggL^V')d-~~lq=x!.h(xgsVp?-H6Fd!Ojd7Gh%r+Xn^iJ&MH^8m8RcY`m?LEHNNnRHwkq0_CNHjQnt'ri-R-bM`OuZ1*'ieW1yzacCuO2-p@qdps'C?U)Br%GasHMFdte-CG1p0Wh.juF}zStAcy2?iGPnXCkJN=+~g=POrksbmA~T(C5{p^L!aJx.fiR~EOKD4$yuK(2{gPBz_Q@0lL5eh4}P%2}DIF(vmsQjDJ@FC0I&bJRp,'-1}OgJ@S4t75P$EDrPFiles"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\25106E7D56C6289488046B2DB88F18DB\Features]
"Common_FR"="m^[V8TEuY8G1O~tK6s?^UN'84W-`o@0lW.PC=eCftZ13K,1e[99G34`t,qG@3ktgDGqmG?-[{cx0W.IQ&yts[`ZW59eLF^@jinyiMMn%TOEaq=b8Z45v@l`Yr9q9_&-!!?{SU[FhjyUEuB''v~~Ri@1zbq6OzpDEuuwuAtc6s9o(,=oJOx-rUMGu.6=n+=o[Td]*U8y2i{D7hqu(f91sV!*-oAu^lXOjW$(FN@fS3ERRu1t8]%Q)W.J6f?-J[t6[al@Ingw-!nA+%9d?p*QztnzyJC}7gb0f?=N$1RDdfURoJ?`Npiz?P@,dfJId?+@?vjnOUC[zQA!_S1BQIy0{PQAt@OC^a8N.(77$0!J8iF4=-bQ8N9}OqcC_A[@_O?g.Gb)6[@sEju'41l3lG*N4$DE+2@(~j1XBmQ!)A`PhCtJ=)?,abar8%IpLvzl!GTWMP?I@bV,'zv^gSw8'rn*}h=$5wJm~1P$G[o%Q_*Phc@y-D2dh%EmWA0H8zuUf+AXJR5U*Bf&7?USR%Z_b?=G27NGBzQE4z)~)N0egZ@ECo?x%.{L782NTo}42[=?T~xf?K2y2RhGL`IR[b=6D9K&g=0!h[CafXpUE4=pW^F4nq{ndlHb,?UJwR9aBbailMLN&wcclXNi-DA5bz,)V?Sb$8.*.u%cz,=!V?vzF$6X[)[K$2yAcb8bH7-3)j-irxP}fCcg=3?VbsZdNRj1[bqqS'M0[)=c2%0&(]r91-,2Kf1U)^=TI,LiC^TEH&cM7099H%9HYaP5JB?1$T1%DQ,kIu89dsNQ,-~KKlwGbTUnnq=w3Dqbv+gg[prj~5?n!8=BfvS[wsF)zF{2[isj3i88gLJJZR&12joiGH7_P&9'e`5C61*Per3C0$.4Qq@D}E+1Ue5Na]7-y`AEX7=RPk@sa^T7{[5s0kt3i]N`u1=kaVfnu-z?9f9_Kc8V6fWKF.fsKCommon"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\AE851E081817EF047A1003C16EEB46BA\Features]
"MediaShow"="o&wI8hl3(A%1_07Alz}8gIF,n!Ql69]nZ9LE9.~CJIG'k)!XD99Rfx?9%Ix!eh!mTTP!hE9(s{[5_^}lZqT4'Jk-Br7Yh[8=6&?8*8V8'B%y9y5qul?$f=f!wl2AEEOS*B=qXN[qm7R`cp'Pb*)?4N.5-c$Ir{&NTs2A66e-~?e8Tce0Xu[ioWDJ'n2Z3*WIx)t22tdYd$A4)+L1KaU%!nyi$CKO+I@iNdLu7Qe6,)-.uST[zzDVvX&^Lg?zmZSKxbgNz4HHj&c]j0e2'.e~5F6Y(2GFgnnt*@(d7VY*m58==qT5E$tEUqc1F-jCEMF7rm`2DT5@ORA$V.J2@5!hsrw{h^5z?[Ytp)-]pPWz8^0x$2w4v@ka5un16_FnR}8SQN'_DEMJ~$,TzxqsehJdw'[LDCM-2^Po^D]QM!Govtb@bdcew*Vev}4IDY4QV}SmDWq~6ofD28-N_q4(jtSzS)N{5YT3~'YF8e]Itr5g!vnEb7%x[6lIt-76O6K&CM&6U9*!@h3f2Ek8Jh,65+`Uufxid{%'P9WZs=vyOY[L%b*GEjIH^ygnk6?vZsd4}NEblZB]bp*Qr^6Wrq-q_40.ZGov*n)XOR`_kqP&PrU08Wmw+a~o3]'kwX1WZ-_=u6}!ys+bt]~5Baf`8%3ep[(Rm&,lo^fmftbbGbcrP}~R[X3T.9zqu9{LTlJRR9dB!YSM@&4KX='0aXw^5P$(x%Z`Df_Z4*30{UXvrA-4Py5}^]aLp^&z^KsF2fWvWh_+O,{s&H_*JI4-O$wT~au]*{]Iuqll3VF'_AE&^43?d3!@N=IKM-^([G)wdN$$0?V44xE?^YmaROYd*2H^vO%3'&0WWtxI_mAH@+8Ydg3)MYQGm,PtX)P,cR}ui9V0cUa-X4l3E=3r?IfTNyGQBEbp)qD-.hllrlgsUW{gCu_LMcD,t1nUNtN,riMcKL5^])dxYbc_gePJyenM4.G3v](3GT$7h$A90zI`+e2drmO935.8gOadPHT++)bNraH1n1{z_jgo!c)NuGS,+-k%_Q5PjJuF,ni4Gcu,dU03h(&Z^tNTjf]KgaXc!9hZne9h09ya1O?k096bHe?vVX^p7t!Vz=hIML+NA`kn'5&MfK~CbR0Q'D}!fiNWOWszpj}HxgaE.Eg7.`NP6rr-=PC*uP,{js{AXhqMjX-g%}E+6H9`8&A'-.F$+^UJqqXFK]Bo`yoWLA+6$xxfy?xinVZZdb+fsYV,'SemQhGNs4M)D)NF)cyw?wnWg4-ZT-r,V3?Wr+_cM0$KsapQBVMWR0_sj$OR2T@F$u.`5&4mj+g4WHO_g*u7=7Z.69M-}*jl?9CsJ!$s9Sz?HJ`mG]a.GFQP15T^IIE2]jmL6J@=B4_WS8^pDx2-8.`Y$9mq{zdPU&Pxb6iGkW'gl7l.G&b!N-$Zne1$5rtcCn}.r(rS.~8YwzEa$0]ZMnc%}1oW4HDU`Cr=*zBFTf(jW*7J(O4XJmGt6a@w2)Wb$1N5,*FXq-rccV8Uuq$aX4&=6PU_H!M8sE}{!&QP$w]P^wxkPSYh9L6cPpQqD75kU4Fg]GWVUS2VHh-br=-DXDVB9%AEm`Wz2jZO{mnv7Fx9ypOab`Hz`XMuA1p9iF.1z&]R.c1jGwBSFi1?iS}Q(7p}C6VZsWXaX?s}DKze0.{ou5b]7+J]CO=Q,Hp1}7Y!'y-QOzk)WACM2?JTS(OAStR=yG${qg]XXQCB=)~vJacL,Vc~DUZN)^6!Vq~3P_Mj98Lo[%!SAEK5T$K2%Mzi~CKb?cpFmwJ,xmnRPj)*PELBWg8D__HpxA)J(hw&K,?[d,!X_V&Zt%~.=pSwO5LYXqIqnvEI_ffjuI)s98nv7[vVq^oggM4vRcxp=HXx{{hjO4n8hcbe.T8%NQh+&PY-NJBUf3`^-o(H$Q5w9dV?ot66{-.V`*LvS5ip_riJ3gMWbbtu9^Hvl46.mIiADAtIu7)zsfr&4MH8wfHrlyq$ij5L4L3iYZ.3S5nseaf2kmr7Kh?%mJk*)%I'hgAlgddCxKue0mpz8~9R@3y35)QH=VX,hzruJavl.c.O+_c0Q6zkelVYE}jMWZswZ&2%yiL~([R?HXJ[cr)r)cpFTrLV(fNrS(5r^8t3]$d9t)U!R?Q%d~I1v.DYreB?9,,!T*fcJSGE_1]!yM0Q@{DRQo{nfXk+7FBzDR3FNj_g&'cGv!+)a*Pb3l2o+Dr30]O4,{b}{Ph.jB8VO.Q07tlfnlW{FMb.khA~o$L')rd}K-s93}Y!41U-C%m_BD~l{+8Tm2zVSV.q+%Gz@[owbcvmE&t6qx3qtG2~f].0GtBy[7I[`qkoE7?+JSt51S2wV*6?J-fg_GYOn8D'SGZQkHUt~LYd!HTzh,is5`0IP?L_hn3$AB}$y^dAZKN}4!u_Rz'AEWFc2PW~4m(CniFN=Vh-%H-m21KWUPyVTnS]OGwJ@L{'dPB~cO,k_$4G7-P'$bEk{[yv`a3!}^fyyM_nfJq`sm0+.wbHL(oT*n}@(,E1DNg0-x$gae&Rq7w(.7tasuFpXj6p%8JD@Vi_)Du2ER!ZWjr*e'cxxIW2Ugolh'}YF(^DvkWHQ^{SMrHhanWT{'*q2ogaq.TgfLB}@po&+n0llXODIdemCEQ-F?qpx-S7ID[SY(mkeu72e@qqaE-G@k{QKgV+IJ,*p?[t-rCYoHWjcf97HkBeGTQ=8%vugJS*E_2H1y}mUgXWHmhOQ%t=XSd~2nOs?cv~^yOKgL{*.WYEs!W)i.1`7&XCLj`(yHWev%0gVe@UJ^,b,1I1LV%61DWpyh8~x3q@vXS6BVovg]7(oo3)j,u_QvJM%rF1*k8oHQ%QQyM{G+Eeap-ly&Ni02Cn&LO_f]]s9fz2i]I?ye!aXvK~,`wLbu5Cz&?}lv}J-01a+qu8^zLly4.ZVPSvPG-%aWPWB&H.NH+bOi{U6mrARXJqp2]qvv(^UXH9byD85e{4kh=2Ue4)*I-x^%j-V&=OU2TwI)l.i=i`[3c7xyq^p4IC1UWw.%o_Q}lo@aA$5tO(({=1(&pDx}f-qWHL0]b)0~nV~ugxAF?ZUTQ@=+LsI8-l9K$Rpvb2fkul(hPw(?drATT13IlzFor.@Ep%-Q%a,ojXo(udG5urq!yKjQs)fJt6r]4hRA?QhFh&4&Eu.N.hc*-ut+f0A'$246j(KimkSB!*+tVhgLqHnL{[9wB~7lmVF9vJqM,bd&R~~jM`y1c9cE-jN0keplC'1K_g{A-%J4cr'UJr`8QAU1IJ3`O`kD]X'e~pYkSnhEoe^D^pxb(X5ox)Ygw1QH-,9s,mOe$6?Ad4'004aMKz6rJI9u,u&Y?j-J(U-QAtPYXc1O2d%hG?{*XcG+?8%b-Q&9T[TL83(Dy-*!oY`c0hqDI[_aF@Q{c$K.,9pUW1spdJZKOf$1n'ByKau1'M1{JFC[a&Z~(HM^m4*MFzh.K`l8*A9g_9BE}cIZzD=p=h_MuV7G&`VM@=f84STZ[VKh)=yWyT@4Dyze`!coKsR7o`6GbZ{ncNP1yGXn28Ix`Mu0*q]4Biy[$2Pf]b6v*rXsLQ9Knp!ti.}KRlrAWCNy%IRAK^dv?^}u+Ck=k9&^j_ifO.A(7d]A.@O6LAu=?Nw2uY3?'(NB7)'9KcVelDguqu&-kqX.eI1CR!N[{9)J{w3cdqBn3feM]ck)pIsL^W$]0OtZkkJCB!7UTLu-TcVoF&!_rzkaiL`PlRTS9%M+EfBTUQuyO&-g$8IsNzYTTMjzZ$NeCEJ=?gt8Y3A]wY+UHp.Zn(2[)K5],'@{l]04(l@zW9x0^buRn_uGcLS`@a_h]f51fX.`DVEkX%zW_Y2$2X`QNYrzUf{neM`o{$Y`4^msJ~8VXpZoZ1hoh'Mm@heJRv]M.`hmSOk%g^!OtVNQ~L6wSci17?oS!L.iH((%hH{Ipcd6C}hgDoAT2)KCUU(=uwQyZLLo.*u((wo@RN^z^%~d^hMJy.$ag*[^Ipz[VPfm!UMKYWF$'$7SwfT6d@R`G'AuLBq,JRlQ_Xzs_f24UvXYOr7$?RsexW.VvdGB47(]wNkznt2U[)Pbm)VB)5b@b5W!jJ]Q5fc+3B?mfatUw[O*=PM5}}LO=.+.FeaWx9oqXlxwA.K%NNcw'7rQ8Ln&swS,-4Ol3HNxxM[]V-IbHLK}gQbJR?]J=jdw?pXMm.tbW]ewJNf$+bL,n_,egKrlr=3goc5B*4c7Z``Uh*CTM6bM_5M1IRgQ!p!Yw8vv^yTe@HLvjHR)t,I_~LmlIfakOZ@4!fTzrL5!cO97ufQNC&yB$hZz]C@FXe!.P%lb-F~xk7,oK3b=cE]C{`WoUSEg1Dg+~deLZ9d)ED~JdMYN%FXCriv4`[q1s1j)%ekvc%?QJ%[_1MmTniA6fI?g=B}0dJM}e!ZLM4}bh,=MTw}K`2qA4Qj%q0rQ@P0FUd.x7HB0d*8hpOja8Vrye3MV[F@^wL[DrCo=PBU+aSFABEQBlA@.+nBxe`nZ8oiw@VoiLz^-]*h(.p=o6%[F0I4+K@o`Yq'(kq]zPMt$7M[D=t*ibxZ=O'AgfpNVBkk)_rIG)c5c7~OjINF~]Z~}0_55Z_dayp]h$CjdQpFE~X(M{2SxQO-kr(?,V]D`78=@U'(Zk`Ks5`[!D*r]@*`LT2vSF+371wkH3W7uC]8mWVe4c``V^X$G04x_u&xkWgxT@zcszI`Jiqp0GwMuN0)nV%q2sezskMYs!skbjj7-Gf_ZbnDEVQ.KO`X,7-7I5z^~qjg7*DcQWJm9-)kLJ{Du@!bRvg}z=b=mXy~FSs*rPbx.QRa=DM_ADJHAED5(N%_^THF6*@H`I7FNQPmRJzz)'3aw6%]^w@W1Ts5[_-HPiBdTvlgZ*9N,}IwwG1oe4]aDZ93~bY21T$U@57f2[`R!!0G+@m(_+uitAkH.)57X=4Z=cy}cUkqQa3jsW'fWjF[UZVp0~vyMfbLTi5IpLOdH?[Rhj[)h9=~P^WQE]w2%9b[A?'4Rq._D%eJk{'mC)iwu'XA-ALBv'lpi@6RR(}GF6zPKG{BI&KSCn0ZfF`e$[4WFhZ-t1iNmjBQ,ic=2=lUAZMdC&sk[B7HNi,A5os-nY=&Z2P*=I3A+X3fqfH{lgp.QPeaQ`ztIekGZu~=HWNbq_YrcwPtcPQ@qv$TfBa]cHbl-k^*ECH+wtD@*INW9C@5JW6!}sJtepjFLgPedtDPqwcKk_@9N$~,ZQIO}ItCONFi)-prRQO*g_{7ECAxXd[cXfLDRh!_&C~3+rbEJ=4RN8Pd-0)9OTb,e9GqxND8&QHXOkKey8oWGO(=(DJME&2nF21JuCfe,5FJxZGEe)7j3Eul,,rF'w@(bDv?7!VI(dY^{K{ONOa3EP(Y?h5sSxL{t64DZavUTB%8+Xf_oK)n.dcdKBCtMli1!}ug6h}hHrhH1]JsxOCP4kpKptY&ZG7i9Ny.$'.6P+19)X0ZB(Bmp2&z`k8sz&M**dCHB8Ma1tzi!6Mgod0vgFRP}JLtQYNCVXsd``PNW*ku.`A@8}rcW,&oRlq&)JWfSa73MHOPvH}QH}j+We%G`t3H3uO3V%DrZ(Zt[k~p(i,Uct*Eg*F2P4kWj$+o?uw$NfQq'eKHwErzVW0tFaScVgB,lRd88@=~nNCLw8&XSUR,{j=D]6qw$KIS,TaV~82DLffCD6emRJ8p`K`Oua*~@n+G)ZnRTasz!dqH]{P-+_ymhf{?IfwO4m`}'2AseT++?d'b`Y5HWO7BZApx.)sxin0]g1]Y*hJhF'^ps8Q4k?ZTS$=HjDJwJOym@v{?Klz3H]9peHL!]rThw8o-e&Wqk[z6am'*hnRldR92`M}w)3rk2AWW9GR{D!,zHxGYf0uG%rNGV94lATs13V)Wd)'AT9dQq4NvRektA*5uA(2K4i%K@.3^Vj!oaaeBsY$+f^v257OuR6]^CEU=y7u$rfeAk}[~PwZW9IlW8d!25D'b(?vtP6^Egidp66q*Zcvf2HhmTtY]%a^c7~CsP3h^zG[FlP.f)dEmJZfr~I8yba1!_MS9q2+RB*!!bHJ^mHD3Us.Gs1]E!OjNKRyGrbSk@VSUQV,omfzV1wNl}2+xtLYvcOg*5'+FFMy0PGw[Et,&AuuiRx}y~7$^zdxzT7GTAwOMUncI@V!MDU8Or[C`vD1)*ix@.72Q.N8NYdtMsL2[JPe9&*Li1JapyU7s8,ihYvZ,mQ?1i@F1x268}xa*uSYhd'kk7]C}[WmE4v.4=dbT(Sm*ta39YVxzll!]=7@A*`Y_SS(~e?HTCwj=q.-G]rR&,vbG}Sis%F'+2.ZfbfB_Jy2h_JSNDlm$sx0[nWnAmNQA7UleU2'XpJ]`TXn?nHA-K&PKO?LLfH6PI3$i=b&3uPa=YZEE'SU~.=7e2d5zU&KRNR^,jEOf'`^?Y2aJlPh^mTO7,hjS@=XGM0+.}YSOb*^zj,dIOvTO=tco+0e5uH1T.Ywli`)~v(P?p7MPjxp4'C0PRvA&3ro5_V]evd@lo`0'bf,gRP2nW8]Rb^+6`~vOKUbSR%JAzC76sDCCL4W~WVNWOfjc+Lxw$QIUc'?`[!HdEc5xW!(JjdSa2lN5{hVd{G@2?V2vFVk{u?HCHes70kIDHs=(DgXKQ!bW=jM5R4DtyA$$d.zs46-,-yR)(*mnhrR0@TD+9!q`ok7DAcu.-v~bo(x6Hg0paCQ2sGk]v2zV)$k9VN?*8X4cgrO,^'X!50i(BHiBCf?A0nTAi=G]Jw99-+PMuV9ogpB1qSOeu^Sm].61gCS4+j3o`X[GGTYeoNH.BJCfLt@vd3~9sZ}v$2QIm$ii)zZ}TEyJc!elA4lJtLKDdSAw[,p[}I*sbvL8ufl=uEZE@WL080heF)}sXTkE{c?~rU'&o$3ev_(uaMCvmL9(t9&w*,VW8lDEi5Kv+&qO&gHL*T0JDjcmp@%fwIH&X^tVmAbo(yWV[QAZzwjEmtQUrUDOR,TQ89~60)kj~~66aA^H*yvDM9qwRez2PyfP`RgWM'}OByeJ0*a!Z4DIcq1Umpiv.OIi9,E.b7N[[R^x''-n5TpX0`uv3+TmlTn4=Di]3,FFJoP1C0h_p2IeL=!dV^tsO^.l~oMTa]]dAd@^x]%z}gDj,N0'R5ymkonY0F1x=W3_(}x[8&wZXf_4j$%Djp8hvTn($v5XsyCqOk*{GNytpg&DgkG)kA}G%Y7e^bAmK%]C,b)p0avDrCQ+]zOXVpqqgb^h%r@Ch,=jL~.eHmD$qH7)y-lz9NO!BdkocRF-Ms.)fV@=IE5Nk2f(G4iS1D$oJjC(AK.sX'_)Lw=&d`VV81~dWvXP.!$SIO-@.)g2&XQ(o8'@tZ[&Cj2_.F&G'f4q1(t(S[X~ZXW_~1p%tg'&RBO0iKQ[1t`Wx666=PQ2APoq7*!_*Bkc?`q*rZHa=8,t!44i&jbqHnvGQ(&^Ys*[-s3(eU@K]=(Bt)[chcTvglaV}mzJKByre(4&ZYH&?4o{D8H1vNW2bz^.pmHUNGZx'ik^J8fUNdxp94)E3B0lz&OM~_Q7dW%sJ086O&{wxQ5_[4lb4wQU~hAoAW1TbTwjWn3VzRcK!kbVOu8o}lA,hZOs)Id3f%xd~sABg`x8tC,UjRz?ms$fC'j.K^^xb-N+qU=c~G==D6(F23b*9ALaNDkcH'IkhbjiD5%X2y7sUm1}VM.Sb1^=P!tUSa.9H&OiA.1,RC+27LClfN3rygI07aOS~}M[`vz4%uY{*g]1Q1fqJr%*9'd*yy2,j_aON.paQ21rqNZA.G0{tY{e~_PT?vOPp?Dq_,Y`epfI[PS]@SU0.P*x?1'h`X]gW2u}9DNy~Zwdx,C+DmD4KRD'O]tN{0qz&lf{),%ha`83Y5S6&q1%J2IfC0mA05i~DUdI3UV+Vt@5v^OBQX?v`_TPKFNC*XIHs-NX]PO?.E3hii]nCq_jszJ?YVE9Bz2eZNw$CQCE[=~s0zvJ8-C%8a.$gz$P9`1kc_hHA5F@ipPV&&3)zHKI1wDr]tO,IHfvQs6=a$-6iB!1k(FacFcnBOQYm~7,7JBSpYa`f[jKb7XEg_@H'o2Vo2'bI]BjnexCb0+2[SGOqTS)E]5bQG)yN~2o,EE]Fp`w3+rPr-9Kd[lN0a'$mnO4-7oFX?u[21~+!MiWOHf.zdn4^oBoYPieUvo@YP'ny^4c6V+St4]TV'wD0S.$9Kv_uE][fbiR,)58QkB4Ktd-gQVcI9A5}2PEaZ!{`Lkt@PbR!q3{2Se-lUauq~,aysIF^}z'WH!u~hX,i@xXzbyVs{qBkV$e-^$4%b1F5(wb[dvaKz[DT_zU_$iVvUTJJba8nH[E6'mDjX`sW7.=CKo!-hazv4Ubg=C$&^nJG}A=VM$}empY%oGxMZ}%o0NJ@I@q@~15e+`@Jp,U1h3bZOi0%xT6gWnk)dvBAB(5POIf]s5C%=K9QrxaXEFoc)EAAn!&lw?Hvgq=F%x_Nwhf=aF2i8m+,+$pyjH1Ma}cO[=iloHujJVa-~.+1ZU@Hnw]tRe7Hou$wGe'aajt@zj^h*El]b?Wj,G+?i8~xXPMO5%WM*rf]kU'TzWX*2e=3ei3o0d'3!EBs?c&ctzSlE&=oM?DVz)!lOtaWsVOp9$,,cFt,ucFQzBu1^t4g0LlBQ$4y^?IW7t@OJje9o?q*7d3ritx*)!K)IP6DMb2{_0%3XzNqpUSz6?KAfG5YA&{T-&G&E-~J5tC4{Jf{[SRXd,RCB%M3^HfdY4xo*[mvYFHzTTULdA(wgMue?LE*Q*R)d=g7Cau)mbj_K-Ce@cr$pnL9^.Y)iU7y1!iC@f,ZPPVm{V6DjBpaicccP)Xo!m6rkuq)K3EJpkRM0RY4onV^']oH'C17xcNri&sAV~vn5?'a?mB*Up5YgUZR8k1.{I!D,hMgYS}1lCL{m.7GX[rr5`1}!4_Lx6C@0EisrObXv$ULDGQV)%)u1GiTt1q.Rmr$!Wr-x&xRW_be2yxpsEMfDc'PP&zpDaE%tfz]]v.ehAqSFTLK.o!pB-ILXnIHvsPY_{-f(I1c[=Me@GjkH2r-o$lM?jW~bXamM_jc^yU]^ynnz`4XVnRl0YNCZWYe*8$'$NNq?J*W7ww9&BWpI&aE8]a4WK)9bq28b2i%n5ofmI*'m)b^TuA~mFiIBwEs0]YZZaephJ]e?^nr3i.Ae$iO'k8I$iQ{3B!TtIj[nZO]lE6H_ir{(nu4BR-tYBfzK.G=x^Y$GbEU=Z(KxJ79uUfF]d*wtP1D+t+OA~J*?{]L{J(z9S.PxOJsZ7+EyajHj-.StL4yjp`.w'^t3tcr)?F0yOC_aqM,vLtJUC5vy!PQN_d3u_WKlN}iR7RKno8i95Z)UUHjTj+s`$H![IfaWTtf9if0*-Gni*vi=qj+Zw-YZin?HYd{Clc'P%7e5'Go9]Jl^~Agv29*795ZWsf$Fz$+g%ITm5fxwhm$uA%QZOmT@fNncpwav5p')j[vwIb]Ab(dte,P*JpdTo!S7d%19d*Js2~.,AR?WO(D*uYWgI~BMd89$D6YKIgddH9ipXFm[-WHzH5!y2`dhAjC=2y2ehcnR!5W1YnvA03rj^rmFPV6rFe+j+Z-8DDpw@+}V?EKJD(a}8b`$C6s&j`1YTURUhg^)AZExcdHBuXZ0[MWIwgCIfZDTbb*,OW1hRVOD3=^8H7pg84HaMNqkoMF0SA-~t3E0Sle&J7ONAs{bUQxif@nLhmqRwqAiz2XcvkuLhVi-8[)f25%JHy0.4?_uDkPd7tEfEI!~I?_HdLlBR+t1ON_bTy=LY+9],'2u{l]W3DJ]8%2+IK_2=AI,e+pCG'%fs%j6.i_!tl*'cB_y{m&N.oC]G5'.Zh2?%4XBd{jLy1vH%J8crJH7yZc7mNTmzmqswJ?AsTP}oWE'QsvlO`x0=z!lF^,fP0$cUtgK*N4h^qYlg0'+P{T')+`,8&@,P&s8H7KP3L1Uo&N@p&'iLV$kxcM,FEe=Stvi1A+DAKB@'^q^*,279`+peH&Wi8wf'n@rx7hDX0)@I4pZi98U%(~DLFj[t6Xe52L[7IeW0z4}EbL)zMZ*YN@IMnB0$P0Lk-{e49uAlR8798L{]Af3&WL!&]m^-[['!SfX49!9Pjb'B.g={z]tzF8WPSlUhKpAy&qh2+JH&.rq9r88%)itoCGD`@%Rf)?jb-F)06'1nfB7nb1,wrdaz-`'F5U1.Q*MN~1ls_IHfGidhIAW'x3w])5[Mpg]l?b`C0y9xK99wTO9[]uaf6)~%4x4%$Mxg+${)1uv%iR%-NUamKL73,)Uofwr6.wy]!P2J+K299nio[?Kj$C}pCC+6VWl0!p,'Z$~GTC$&cry1ul1YY+Sc96h3trgVlSF~U1u3@P,FnE[buUQ!9SpM&fzvB&VMQR49]9E[XH)[~l9zzo_npBYe%v2}qiLYk{Qf`cvaysP2RQsK2Dsz@*rusvI=TRPPV61Ade6h4fYOqs3&Yev5_c%MM&o%i5T3%t2)b]VdGI4IVtVV0M8HN{nqTTkWoF^eB?pppIdkdBwKXpnXCST5Sr-^(]6DMn^Aw6yU$jd**jTrll^!t{87+)PH)rxL+2T_-D-%sv_aAO0XW&D-2))-urO0axV,4iqM=W4Oz*z*v=tB-$=BOCg+r4zzKrqUM$JH+X(Z5a!0@wu%lLImR]ch0p`ic7'WwiRgPM3?ZNB1f`3Xm2-6O%,f,mkwjx4!@sN@aH[-L1zGkfiG4?niK$c11fqnc?3Xlvh7*)c4tA)v}XUS(-ro(ec6A+.exSs1!8QbNRnoZjjjfKOJRvjmgX,W')YMq&d^+p3zMP@g*a{JYI9fmpB1P-N_42.y7Ac2P%A2lK~m=vD(E1[Y!rfzHidguXw7e*!Xo!VD)OZM`50D*F}fL]c6Ks_@N)BI%`.YHFR_zwV9R(5q$Xt7uLPQh6G&VdVF`)FNX5]5%@EdaML-ybg]LeM36ka&!lZy'7GbZg!Y^6_AQf2((3{u`Mc5QvZa6Uq1``Uon8,cg7p0.6nPssFRWhaf~RB+t-Wz_J^8v{3Gmtn*(Jk+HnpEM,O^Ey=g82f!%ap*M`UTk_^!M8=GH%s]OrUHL7ImrtB(6ek8K4z0eT,E,j,d5t_%n=zJ,v%Np[gN9jWAm4$ZjH-'W$80]oT)r$?IZ'.AaiM.oea03l5f4wa9oQEJCnEz)`R(JdTZAmsKT(nKFG$unRuKz0yZ,(&1m'61H&p^v8uaU7mXXp+sQ^Z7Q)t0nIFIjAoxU@tgnS)K+WwPVjj}{rpH2=29AdJDsc)0ITG?^R_'}Nd%Vb*sGK_2y$u,8+k1GN`l%-T'@}NQ$z,2DQdcfCZlRz5h-=&[2j[Wv.lGIiR0l0FAY&9D0r-0yqtfXDotqzAX_RF$vP7XhUT`II1J]{_PY?0mIgN&}kvh95J]W`8ta'07K'w8sulk2e4^,6dg_My77_NYb_AY1yyxj[xml+Ei(7`0l)Mlt~7Wo](y.y?pi$}Pw9@4mjimDg5r*Ni[OxFdrHwAU~!,UG%5iHF^,Y(iMR6Rla[ZbBaaezJdHgCTkTDRWvteNG}=?^t8bfVFSjdfkn7vJK{'[VZ?!]=rgqV)$1DN5`'PO7kajNAn_[E)cH8RDM5{]pakC4(2h8J*ulW(MJ39)n}cJk^odm]Cu?*C^jqhLW9$SCcu(CQK50C4c~%19(HN`k9@uWO?]@$Fu]$L~xg5nLX'%l)L?`k,52i.Z{&-G4RE07=sxYU9y!ELK[N'{IaMwpU9^x0-&9a@MzR,A!A'JGCxf'?G7kH60%zZN,pz8$qNmf%pQ^ow20?o0^ry31I`V'PjAx0RRdYQTFRS`D1a!`kWj*Pz_yIkybXm@IoQ15sO_bBkd0L`6)&faE'MaxPo9bnTBT]d7uA+RoVi[SLi%r?3eaPH*tS[}nR3rdK7Vrfxl=Ln-LtXz(w)xW9W.2_K199w_*7'-pa=CSIC1B9,A[Y'!QxEqUpXWnk2DbvnCV5a.wQ%[LK3,Z5G$~aw0[c=]=H2nSjQiM+AKQMQ8p15N'$c%TKcQ7PN9rBtuB[SprO}3kc}FfgeN7~Y.PHH5]iI,Oo9k3i?Ua1,%hcMJK,cG3n}{s4)V}lns8i=jT5fRDQ5He3's}rY$hL}sVwxpzfBC8fY`%26KwJ7dMpsyv2=oLMe=?Gi$DDYKKTjdyaxjCFf60W-K~ebh+q`HBwpiBllLWp0D_q$EC{Eo$utvUacEW3]4.Rm5gMN7+$*t)s6JU6ZhyDoZ}_v,pMkqHQ%+(Ipz^x7]z_WBtDwY(pHjM~wF~N!TIsb,HUvWDdcUWSjn*%Rd8ol}0yai}.==1=4JC'suND.`'dFTHRF?GTh-WtpGsfOnMrwShwxh(S$^HfSl^hv!-}HYvE!+cC@Jmly*1KiOxMHa`5e0gj,.Z1BuGlK9p%gCf*,*!d^!&k`9mNwtL8X4)f&C_^2KTR!n+wGt(8pne-21p`%J.lXf?U75L,6Vz^t!!&`.s&U$48MxPVb%2$u*QbLYO4eFIVzYPB$81O$$.PhXahM0S5EyvaexH]o+LJXLnON0(+lm356ylzd2^FB'4}aH.@Ynwjetea+?mj2!z&C7b.YIBPdCoe{2RNPb2bCuGOTCpr$@Ap4qAvC@}}!auvQ}Q!Y106+&@zcR,K^=SnR+XHRviy}e!Xf@V8k8FvFPpWFxYC*+}xl6a*IS`H%CVc0oU+A*p1$jFWUko5mD,b3f_]hXjzomi&*us1C6nGLpO.VYOX=qmh=F}`t~`Mc1hE%5ixSNodTARO`uy@~?8DZcM?`4z=(xOHBsY)i[e)hPey_clF19eHK[$~S)73+hKK=1hH?m*^O4+qiKFnWhGF^@g)e=W0*oLi%Ei-5y3(+M7Lw'Uk6&ATmqG*dVbFl-n,=De83pZFTYkapctyxz@bP)hbnqK0C@o%gF.'Gn&,34^d+v%c6_h&_.Dt^wff$5t_KQ%Q0Oc0t79-{+-pEp=+(QVi&@(j2%.%r!RAXX^II&=Vl^*F[sc$A0m`}$%^+c%iIz{FYXujTS9J%0Zb7Yyp@Vg46]fq6bFJvFF2N@[LW?~)8ADl+`,h.KcM?y(ndmUF-yDHYZEjuRR{Z8++0)W&=qeKDB6mz=hP&p!TWP*xbDCUR=Zu(YQS(A%x,vlNj=6r+3*EB*`x3=+}^uQU1WC%gHfCZ3HiIMY9oqZcPTfX!q=pVX,GP.k3)PPp?W70xF.H{uaA*k[yabX%nP022wF0DtqhRLu,~UdLjPcTLB$5YlDwtaYSD'fz51)Y5N6w{NpCz%-bxQR4cD,Oa5nvXundHM8~GW@=k)H?0&!(u*u~Oed^Ilya(wbx60^O~UCT}Ki,2w9iqe+yNk(F_X6Z&a4RrbjfK8qO40IAj3v_U*Q2}Wv3r9?wNVuS1*nGTW&0nngh0&4fJP*[}^RPvm=s}ARK*(3R@p`m0',GFm6v'~8,ndbw'rHvNC_M`MfrCFYK^Z&O,sqr`nW3.fs*1+9WL4~]VB%f{D}nYuSlF7oEyrLgyc(lEpU$`0us%sTc*D9Dqch1NS`,NGD9HO'eU=E[6wW-y1GU2N67&1`3}7OfK$ZAtL)'7+9)]cEU@t!PFI]~Dz__EY!=xf@vg3H^01(RzIX+{%IeXKnY1dPGNb^gsmw3QUkBXnmfFQR]EOjqHQ3&o)vG'7EKcPM=QM]3]G1t.$&zMNi'*0{Ax6qA=Twr2u$wI~[0{~uZ1qkB.VPT0TvuEPj%[fMHyAc]zu(u'?[2)!qYQifVg7UikT&,^C3(EN_zoq9mRHr[{G?1J0XF&QhkGfMmXgl~`ODI&7RO?WhS.,sp_wc+lz0%i}ivlJhYPY0$O?5[.4NxNA7~DR&CKYyW'In+8E_0]1*p9@zl2i!GL6Oh?ZV'er??kOcd)esy*sr}ON+7Xfo`uxtYQ@SgY(R6LU+b+}v[{hXFbekVMuVuYY1!2dsGE1`^~]2`jOGdQVUJWyhJtgl$xsz1d)W6R3r*T0zVtHSdH3@Re,J]99.bClAp8-PEvaMM.{N3,PxXq89,VKE)BWi7jVUnkeHS9,Bq2t%vf2Ex^clpKoKq0S]-K]JDGO%S4ei0y48$}`_SBqHM8NR]]p~]Z*{oQ+@.0x8Rx1Ht2yOCkeg8X_w).%,IUoUUJ1fM%9?ixQhfI*=eCEQ28[jM9M2)hBKGfdw,1@o_hAAYIBxOPx,+b_+S56K!11soZ
Q'%`9&^Y1I4[D?*Lj?Yh?{IqV1x3BCSwX@6B{X1VBTgl`xxw{x14ptzg^JYnWL^XPs$`dDR6mSSv%B?z[r]4k3tG,Iut0`Lm*4YivT3$a=)hrQGU.{-3v,9+@+OQq~)@P&T.{.akjoE@)6+-r?Q+DHqYLSSZR7}9zU]22nqm-5[6q}t['sVdRoF7++hems`N(jV%F=m7M,9%]5TGO&0n+1LK,5)_U@OUyft-&94.{nNAAThw_=)JW1RIUWRCUfdD_?%!e9xDMytfe}yoRf8[13!2e3IT@zTTArWGm1+gBW7iNLhV)@dT'S'a.bPjD6vR(&T7RX`yV1cco@f$Qhd`U,aSlIWcHiU8YyvbZE[Z43-,j@U9%q@eh+u,+1VBn.A`UC}5{1t1H`kNiwg1&PieMp2WwQjwoSQ4mA&Pa{l0f'EfPYy]gm&5mje6H!FzS.`O.?%WlFz}rW)xjaeOR6Ixui=$sW@%aZD(]b8wOBEQ'_Q9G+'dw%]_I(X+K},v40W.S?6vm=T5Ig=1b1T.71.qD1b`}+-dAq!GC)?=e&$jhWM8]kLfyffbBm47Jt5jHBQX&V8n2i@vO0,H8t3KwoeM0o]){X0QZ&&$fxA0bvW,c%sTvjioq~H2z0yg-d}S3yNLzE4YBhRXvhSMO&b-=)U*jEAC7b{OL)lDlZ9TjQa$PmOBi_[SDYIp-Dm_mKPJ!=JZsaQZu`ETRkQw{c~9qEW6&Kd,[d(z$2I^`lt%`]d9h0.Q,i(Qr"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\BE4EBED704B66673BB53C5BB3C58AD73\Features]
"F_compilers_core_amd64"="`yFM`V.(j?5]i'AKuKOKJQ-fL.MGAAWWvkZC2t!Y(91'3NpGO@ya,]$={]vm(~u-_m8U!AL*w{j!wgZZ-mu'YIdC'AnZb-nwxX'gK?QEZcsQX9?=Z!pPD],5lM4p.ricy@JuL~@&9rDLpn@yjcvcW9{`5Gu3.3))c6N1LYaC!9DW`G*oh(@NNetFx_Full_amd64"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\D7314F9862C648A4DB8BE2A5B47BE100\Features]
"Complete5.1.10411.0"="XNmn0lYPR@3$8hQ%TYwx$H8qYCruc=lBn,)FX?V0ye6nlV_SJA)SIIr?X%xiqG@Zp%z_F=5X?Ab(gW2SFDK*8GOnn9A47N8wb(J&*^(zpcD%q=6Q%SVz]6w2v.hv()gBj8W~bv.E7v5B8V7Ts97%r=@(8IYo+y~ViyB(qQyAg?tfYhgrsJ(hoQsEO}052==kab%Yz?`gUqs@2WLXo9A(NHCCNY^x%Rr_CP30)AGEs(q?-3%nc@f&19q4'@X^x@4BIAOy=dN(cfCOIA,(4{Zj([BH.Ruph&RXS9h.z!$Ig$+$(F9~n61L{=mklpYT!'eP@QCjr[cg)AIx6@)Sp8'u~j&t4~38UA((0Dow9hM6EGP6kpP2a=}yMuRU)af@vub@&Tm3I?e,@*C7C7'{',A$abpD[8}8H52+TqV`Ls_(B.G4e=-lz%bq+x+gt4ktUWWsc9C(~U@~f1fn`~8(P.bx[Am=G*S,Wfhhh'v)Y[gxO=QEtm41U=)!jO~stC-ci@!n!0@Bxl1pIo{-nIiuP=2,1mC{$H`b+OhP?EI^$ARfVT=C5PY+KVS*SyEP+@wF'{ZoiG{P~[*eLe1TLAo`Ah,t*]iCM[4zeYX.J=VmeZs9(tCrauDe8&8D%AH+38Y$Wt[7s}NXk}RjVA_ylz!sOJNC5B`'B]BcL@&2`kWr@MW?1mL]lZ,!`@srY(@l&er$=)_,'-PmF9Y{w$-@{Ju'-ZO^6P}EW=F%O}bP,807H@YQ,PLKr=([~D41K(}7}D%M5=?z!Ao3`QpL5h]koL5NJpGyB@5?(Woj*{neqpx76Fbq^=x.NyEK8,.4d.eFRN8'p8!GZ(xk%z]e{'wls+,WaAdeLy3p{Ak-~~cAprse3?m1RWXbt+pYq&%,zMwdY@zvU+lyq2ovV.trHGwwR=x0yvUMKFsHUn~a`*Yye=4U0qozF]I*8,@?c}(&39OKwKX$3g1DCM4LFL~SM9pmo8av{AUKA.oQ`5!d6Al*!&D3!2luw4!{34m.h@?qxr9iGfI7S3&6{nS`)9rFhOv)Aq(Z+P4q62Z[KAVou0KLJJAsUQqB17.8e9h+HgsbW@02'I$Qtc3fAAjZA7h*tnv[,dNB86P5!?&EJPrJ[0RG9D-'hqAS,?J{xJ7o5wW@?~,_Ia%7`?VDxFID*lY?iadf*^%-?A}!NzS$H%j$G}-)cxfG7@kQQ`I@aFcsAyOGS3@.I?H-n~!yf0]V]*7WgsZjV=kU55]`9Qh^yTe`GLO.3?~.W9S.eFY3a3@1z&W__=x2XBdB}J~0cc*!YM26^?%jQUsa14@?ja(oM&'em@?$+~.fr7FqYgCmtoOP'@fgA@R^(P+NXqbt3O!Q6=tR[G_kR6n^kNH=ySyE09eIFu3L(P{*8Mbf=N_O%=N%Q3VQ.N,DoeHtuO5mX8?Rj=$iu4!3n4j^Szk1W9`(@mbWK^YE@NTBcl8`XAMus%`.InITnYCmtx1`D?*elGUq'FT8N[0+D{vOdAG4gkN$Pb.TfVYwxJ@*t=2K?-u..VQxAZg,J]EKq?Bv8QP(EH{%%gj*.!THW@SsOvI.]Zw@9M'($Z5HA@b!,k[)3hg[mi?UsAdq=@_-R'-=vOG`Ici5.q8v7AGm^U6uOYKjigDztg8mJ9,`w!E9~+=vUh4!&G,W)A_~wno1GMzByo}Ro1l*{?3+{1n}^TXTj]d4s2T03@8PB(w@q}oF?`V%-KVH)=QU*JZ_`Q(lw5`y,ncUf@EJ00Q%Ex(yomE}Z~l.j81XG]x+I%FdMRzr8)dqo?Hu`RE*+jb^n+ORynQIz=+~YUp[esF=Rh3r2S&]WA!X9vS3m,K*cTDw^3Ni~@9c@P8ia[Vc$ne5ApiXx8dTHpEOH@(bYbO?9*&9j@!0&]a_gQubgq4wzUK*o=%T*9BO2w_Q=AZ+SeFIN=z`P(e%D1=sZ6daO@a'V9dmU}4wX$UtDxcsfOF54@WCi8Cg2-8]G+DR_X=m^82]FuN7GX7?8%wVL-!hz=V_1KH!E_@rItB.lekZ5?xLQyK2gJ+VAge.xL,dUA[pF6okqj'I6(Nnf1Z5,?*m0iUD0w*MIF3RV6p1q8cJAgUbQn+Ruu?}6Wvq7?eC8amrFS*vzy*[s,~+H9Vpr@lRlxHdFv]qwWP8!@oQ]U6qwu0g$eZAPH}[==X.x@-m3j8W1PJ,QxOfRAgr_rJCvcyU*PAyNFBDM=tnpT'II1o8nP`3%&2%P@ZwMIkiPE^E(mojY=a_6@LduT=Z_y{`-%!EJcCqw?62@?X~09iwHA=^g'n2K=zJZqlZ]C$.J=Z0eEX-W@K-R(iZu1o@]=?^HoYBr9bA7uhuNy180h`3W4Fo?@9A&3Cmr9Mmc$3sc-fml?i{dtuV+!_kKpjK7FgYr8lIaDR5'WXhIIuJH+r6w9URTNxwGws[$j0Y%y'4i@Gigm+b1%VlGd755ci0P@BA,VncL+%MS[LdA^mO'?.oSiuRJ^U&v%'S&O&X?=.+]LH=qt).b7R~qxG}M?P2LV,ys6.ncfTy7z9]R?L%s_Tqcf~w9$5dj=HXa9s3I['7MH=oMt]%5Fcy79aqn9^2rm%pf1]h=RKl+?77T}u3!e-f4=uZnxB3P9esnOTn{~v*1@Q^c?u^S9C$}H7+dD%L^Y%C$!{(2=zZC(B&HJB2)a8EGR`Qc=IyMTOu-T*(xchpPV+n*AAxaVKvd3OEW+-Arj`gK?ts&%vc4h1113lz)SsrV?nr!SD4pIWv[fWtq]Lmf?7%!$4,$NujA~dFV]1Rr8stecr4x?rJ!lIWa1tsj=[Qy34.~+]*3FiC9QI-p9^fhIW%!px5RN%8YLDAM=EZuNa5D-7N[g7-*z}3y9_6pmP5vajK]ZQiL^{gz@b2^21?U+zKMVT3zXEvd9.u0BkR`oS*KkP9!Zc=k9j?HuDKfP+?1d)kTO.I_A)Trgv+h,-VwE7x.vGL_AJvG-5.~{w1]zzxZV[-$A8iDLx'?M,hd3`yVo_)]=xG0AsN0?x@tStSk!9gY=gytB4X]b+Jf)7w6'N_o?SR~GXUd,(*i`+ox-L`&?^8iqLX-_X[VHlxTD*N79fnKi9lzQ1$E?wsXUP09?tb}=eFG1HZf%C6m%@t3@[-g~hclgLBn$sgOP8'u91C$2Gs]6{N,na*Yl{L=A]?zjMmlq?w3t{r6e.A1@p~AI['&qZV_SM=9N3W4?aj'-5)SdNfpZlsjQ^$R9I8PQz{JUcH_dV2ax?UB=6Ohw[TkF)vVj{$*JX%5?h3V~A?,2V9xS[wH211+?mwvIPJn$LU]nhA77P+b@S8,pO@f.[]lB!hLio%o?,dE5tAUp0$5zfX!MKMMA~9[kwjQIwMs3v0V,!{}=9aONKLl}]%C%.qkZL4=Ax1x8*pgU8ox8dJBt@fF9oHa=!44$C(Jo}0TNzJD9IY$A8{Bga+a'nueh$_}@(`LW-6$4N2Zo58ZM$F8?Y4*9v`*x.f2=O*[}C$?=i6^{n$QEMI[FqcfA=qX@P}Ln1}BOSzo`zP.q{gx=%PhDrhDqfRy&sKDQaeGAI4?xB_4?]+v+^CToYLd@zc]J1m2PHBMC[yRSZfH93zWYYmp)F6eWH(8zDML@.v~@1%G@dkqUO7R$p!x?!P@B`VMz{brRf7*om'4=pe(7q9dPLDHG~.9n(s4=75S}%kK$iXhG*2pXWEH@{.4pGt3y9LNEEHpT+Uu@}^7r?6HzPPjbXg1),B0?gd=R4!s-BsqX08D9x2k=UnnH(6+5f0^7I2aZ,UW?xlg*gGNP9tB_F^oo8DSAqj.cWSiAYyZxN85K)TW??G'vBY&_sue1SOk-s.]8I,^{-Fh[IHHOVg,=Jm4=@J?dMo^_wvy)J7hFzi{?EfZ0-pe$j.^6+Cb+cP,=ZP{_1m!@mBS'e@OP*%Y9,Z[D5L,ZdVgJ2dVGf]z8Sr1{D$XA+JgQIP)*dpj@vKkRRZl-~O)6RpDB[)!@[,*q_RE(0Cek_IzeRTm9.osGKggF4C8fa{,iuvR9$-FVzuwZ&9M!7a[I)_=?^?3xN3lcuI'Ug(4fpSN?)^E}^kd1kPj@81r@dWg?R}^DNTfE5P=@(q_GYPn9CA![1aX`AeOsaI13y7-?3GXQ9Q_~A1f[hyb@76^AVnNw8=Emi!r7Iq,],o}=BK4%+54IeudrdlaD{x,9Ac,Lw3*}V^^kab(nSI=@1e@en,A3twWH7IkSJo49emP^-SBc]qIo$h%1e(s?v=C}){xWOL6yt?,!xuu8m^ax&B9*qHqfH^2!Eiv={LySVDG^mkMUZD%o%To9jw&,9i!*c!qHAsu.kit?Mww^`tW@rT8R~(,Z_8p8H+lqsKCMn=]'~wXNrHRAg*'RfH+P{i5v2SHdD^~8OtVwRia9!2^Xj`ZG]Q09r7jl6q6Er`dp3VKO6kv9KX8TQQPBAH(g6GG[p=g?wOEOn)oOtNZ}%LCiNX]8ci$XWb-ecs'wqbUR~d~=uHBg9Y0g!uZH{r]o=sf=Gi9`Fcd$T`s~&+a9Gl79DkfPO&!k.A-f.GCL.}0AUGrl]u$6j.EHt*%At{{@oj)Ol!zo7.(.njU)(Sk?'wMumU[$2l}5CbfojX[?}g'fA]+}{$xqBV8wz.W@(mXc@k5nH]rhP6DW3j0?XsRi,tg7%mEoIJEJ-e)?E'LgF61$_^gqekR_2a~=-9OvMIe&5bTvdIWC*^p=og)OvN(4cM*[uPAK?&RAkmW.[XBs,sC[C^kGGTg9(ryBebUby%?c-IW9ZxHAeE{Zi7'iLtFE2h+NHW@@oACiF1[dR*wZ)7zo~@n=={wCm[ds=FnQsyP$EP!@v%^OkgBdpXjj=0{)y1L?*CCOxs%&bTg$eg_5gUHA(eM&ar%}@HT5j&--XN)?F^?-e)Osi-DwW}UAK6F?$a@IXn6(kCj-pUr5mFbAMMw0xTtlh.2Gjov.EOz?J00,uGR-'es}z~rOXYY?[tz7gIW(2bR4{0x}zso8loIF]o*H^Cp_h&NT]s2??+dBZo}T`(ps+bdDkB2@LxSkkyWhh'.%}J(NtKV9@B9F(xs[Xpr4{%]1~]%@a}j,O8L0{!vnwfclrX69bPC_cFuCcVfPM.apS%D@8R=)4yac'Dig2VZsW8@9gROUKS9'eXF*zmmAs$N=g@Vt2_%21)YRZZpA,nt@cjBsMi40kmW+}NwaByH?{{DmgMY}&jfR*hIKTp%=G^!*QM8~!9T%FgTDiv.?]2..m'$vBxS[O`K0n9M@nhk1k5niHgn1D?^vu]w8R~ol-%]@B!2%GRPE+@NADsRN_jUI~fwgR%^Jb85=ta_t0E28g2y9'BRx`We?--d^43?cj?1@JdSo6Yd?zF](cnn&eX3Vz{y+IzQ=Yr4aYpple'KqE2c34]79?X`pkq3j)]9FzU+Y%6j?,'wNaJVhselh-!JmXEGAmPc98C0e'3Wix?BUv3C9X6_qdD!PfvN1TMXfMnK==jJ{DUf1pYv%&HY?Hy`A`}qHc7+1aHdN,4V2FsEA!&PH&7ckURx3HaJQs)8?ROaQXyh*[bT@-S6dY,q=69r9qgU_'ovQPdNkj[`=WRp^^*`mQt(u{~1D^?==~dWYgXjD9h$A6kDBdgI9{o)ZD,x3cd{p9K5+FiZ9UFThbU07EK8N([d[rDZ?J[5S?B&Vi0.]9U[=d.C?(VlF2t-KwK!sqqg3Z6H9+wa~Q-}5os22~'Ieu.4AR*pXOF8.KSlF!erxmyk9_j6)0!I*7Xytw,h)Rzn?^m}aTKM)8U]{oMd}*Eo8^6xHia!4e4,V3)DJV5C?B3=lJL*homzGTN6criF9Y7acji}K4dxpz,wyHmJ=Y2znjs-?DRczO4y,mcN@Qa+mRe(F1J!U1q5ejNS@evIybI(q+RLkDW4-q%y=bpP4Ec3}*O[vz*$c[kD@]hTc17l5''BF4!V4V2`@-^&7^t~-fOfJO]J8ghl=W=IQtq%WCJ+4XHxW4aw=2_RhBIz8C?Zf`h&G$pUAfT9v8+[sdY6n5vIIN^b9$UQY)E$@H8!V=]*Z`r$9WIjc_=%cBTulsifz**h@0~fALtOYpbm[NIqT2}WA0aR*=3~!LFgE4_b}0G`@r55pvjW$WQ8@EE=bxPC?'uPPQWmHnl*Y$E4Ke{x=[Ixbp)$_}qOq4H=Hdgp83}-R1wJbS5lx&7qAv+i80^wAZ.imnF`v'S+9tEr9??-C5y^)qzNNgI%70(+9lKVkr.$s(2%GdrIrSt@=F~~u()^6q)'(LwI).Zx?5(yWrNmBPCqK~f0vD_7@}_hi&J@p`KmsZxShxH[8+&(is2Zzl=&9L&o65a&?5beI8w`GmDO(mcTTKga=3.u$1_+UajRgUJhT9S?=CmZ=r^Iba.sb,N[YB7~9~cPGeHADaTs0AxSlRGM=2Zw[ePlzmF!_n4k)%bx=BmY)M4%dPBS3N9aL9z)A+6nFue-o-351SmJ)L3P@mj[6^7'{-_(rDAfzbPLAU)R!`(z(cz*$'}fd],)?$xh!3EExk)OPa^$Whgf978**w$XiisbG[4amsll?C=jz25-l1dvj.V'KxU}8xk'*7i(@K[`)Pd]tMv`@Axd]Rhl-$?f0lVP4e+~=jyZ^eh}L5]P8sU98}Ug@Y~24^$L]ZEdEs]0NL}r@r]LFvQ8CT8)&4v9(INdAwSr=WV0SvjY3d74bFR79LN}o.CCPcL(mc@[-SyB=)q=&RI&jlLtMD%885e[9O[-R6+Q^j1pdgn6oQ)(=?LYE-{!F(!+bYPH0oPN@V,A3`[_,g?K&AY^v?bS?N=6aQ%[^EK}A7rpw[)v@}hOYD]$S4Yvf_99b$2q8(Ok5,AI]UOvMXR(BCbv?&E't@R%K(T,bO+P,Ya@=eTqUBqoD.nMYTrZfY8-?T8J1HqX09)P.xj4SQE@@sqmC3Q6BQB*TT@y&R4o9Y)Y^utiQ=-)?u[XBSd[A}xF?Hth~F*Eo~'cyRu@@r$Lp0Q_}!,WM$B`BI}r@Mt_ZA]U+_[A`vIL?)4x=X&*?^^HsN8qMZ)s{iaZA}UhorLJWXq+hzv&^mdPAIDYip3Sc7MMS!axezW*?C1V5fVO$i06U}*J4w7b82gr,0`F8AR+Cm({kTP8@u_a5v,!!~Q9VU,(k%As8cfN9D2$lX3elDi)M(2[AS_CWOe9*oQ[yN]gjpW%9V~veLLFD4bfw6_[NhwJ=xAzv',r(EDrnQV=E]Od9ka[2WWds1i?gwa]Ljvm=3FyhbUW{Yew76n0$pd8Ab?H^eme4=r^`jBkT2}u9Pc.vr@5gc'eOg8gX7hh8IXBT`sba^OZZrtd_iNSAiY432Og=hk!prgzhWL19ZBq*y!4&7?cO@YoEjom8T]i(K&G=2WZF0q9G)Ht?6QN@7N?&EKbya{`,0Nw8eRz{(qenh&O_RX&LHCp@HOD9YeqtJy}ZRYQ6YwJAHki5rHcB.QOm3q)_+)l=3,Hb^W8Y2C{bp5lT1,w8U&LUVmiy56E10t+0g7.9xZz74B*vKDhvA0I)'cx9hF0'jm8?tej`~Ly[id@@X0?^=f*kn=7{8MAX.5%@x)!![!3rAcNBUL))vnW@AF9SR%,f_ToL}_P[&QFAp,!3T7uCoUJ[H&N+kUV9Qk5glR1ts-TjOmY{0nO=S6GJKns6Z$B&Au*]cS^?cc(qG64z~7vJhh0wCOp=WQaXgn[QNz[9GRLXX?w=I-(Kn%5nV,C4Sp]`eT59a8D&$Ra5(=(uh7iVuK%=qJ~n%,goWR0CC)Yv=SG?3-}!5-o~y8nSAK=),)WA-W6q_vv}Ev"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\D7314F9862C648A4DB8BE2A5B47BE100\Features]
"Complete5.1.20125.0"="XNmn0lYPR@3$8hQ%TYwx$H8qYCruc=lBn,)FX?V0ye6nlV_SJA)SIIr?X%xiqG@Zp%z_F=5X?Ab(gW2SFDK*8GOnn9A47N8wb(J&*^(zpcD%q=6Q%SVz]6w2v.hv()gBj8W~bv.E7v5B8V7Ts97%r=@(8IYo+y~ViyB(qQyAg?tfYhgrsJ(hoQsEO}052==kab%Yz?`gUqs@2WLXo9A(NHCCNY^x%Rr_CP30)AGEs(q?-3%nc@f&19q4'@X^x@4BIAOy=dN(cfCOIA,(4{Zj([BH.Ruph&RXS9h.z!$Ig$+$(F9~n61L{=mklpYT!'eP@QCjr[cg)AIx6@)Sp8'u~j&t4~38UA((0Dow9hM6EGP6kpP2a=}yMuRU)af@vub@&Tm3I?e,@*C7C7'{',A$abpD[8}8H52+TqV`Ls_(B.G4e=-lz%bq+x+gt4ktUWWsc9C(~U@~f1fn`~8(P.bx[Am=G*S,Wfhhh'v)Y[gxO=QEtm41U=)!jO~stC-ci@!n!0@Bxl1pIo{-nIiuP=2,1mC{$H`b+OhP?EI^$ARfVT=C5PY+KVS*SyEP+@wF'{ZoiG{P~[*eLe1TLAo`Ah,t*]iCM[4zeYX.J=VmeZs9(tCrauDe8&8D%AH+38Y$Wt[7s}NXk}RjVA_ylz!sOJNC5B`'B]BcL@&2`kWr@MW?1mL]lZ,!`@srY(@l&er$=)_,'-PmF9Y{w$-@{Ju'-ZO^6P}EW=F%O}bP,807H@YQ,PLKr=([~D41K(}7}D%M5=?z!Ao3`QpL5h]koL5NJpGyB@5?(Woj*{neqpx76Fbq^=x.NyEK8,.4d.eFRN8'p8!GZ(xk%z]e{'wls+,WaAdeLy3p{Ak-~~cAprse3?m1RWXbt+pYq&%,zMwdY@zvU+lyq2ovV.trHGwwR=x0yvUMKFsHUn~a`*Yye=4U0qozF]I*8,@?c}(&39OKwKX$3g1DCM4LFL~SM9pmo8av{AUKA.oQ`5!d6Al*!&D3!2luw4!{34m.h@?qxr9iGfI7S3&6{nS`)9rFhOv)Aq(Z+P4q62Z[KAVou0KLJJAsUQqB17.8e9h+HgsbW@02'I$Qtc3fAAjZA7h*tnv[,dNB86P5!?&EJPrJ[0RG9D-'hqAS,?J{xJ7o5wW@?~,_Ia%7`?VDxFID*lY?iadf*^%-?A}!NzS$H%j$G}-)cxfG7@kQQ`I@aFcsAyOGS3@.I?H-n~!yf0]V]*7WgsZjV=kU55]`9Qh^yTe`GLO.3?~.W9S.eFY3a3@1z&W__=x2XBdB}J~0cc*!YM26^?%jQUsa14@?ja(oM&'em@?$+~.fr7FqYgCmtoOP'@fgA@R^(P+NXqbt3O!Q6=tR[G_kR6n^kNH=ySyE09eIFu3L(P{*8Mbf=N_O%=N%Q3VQ.N,DoeHtuO5mX8?Rj=$iu4!3n4j^Szk1W9`(@mbWK^YE@NTBcl8`XAMus%`.InITnYCmtx1`D?*elGUq'FT8N[0+D{vOdAG4gkN$Pb.TfVYwxJ@*t=2K?-u..VQxAZg,J]EKq?Bv8QP(EH{%%gj*.!THW@SsOvI.]Zw@9M'($Z5HA@b!,k[)3hg[mi?UsAdq=@_-R'-=vOG`Ici5.q8v7AGm^U6uOYKjigDztg8mJ9,`w!E9~+=vUh4!&G,W)A_~wno1GMzByo}Ro1l*{?3+{1n}^TXTj]d4s2T03@8PB(w@q}oF?`V%-KVH)=QU*JZ_`Q(lw5`y,ncUf@EJ00Q%Ex(yomE}Z~l.j81XG]x+I%FdMRzr8)dqo?Hu`RE*+jb^n+ORynQIz=+~YUp[esF=Rh3r2S&]WA!X9vS3m,K*cTDw^3Ni~@9c@P8ia[Vc$ne5ApiXx8dTHpEOH@(bYbO?9*&9j@!0&]a_gQubgq4wzUK*o=%T*9BO2w_Q=AZ+SeFIN=z`P(e%D1=sZ6daO@a'V9dmU}4wX$UtDxcsfOF54@WCi8Cg2-8]G+DR_X=m^82]FuN7GX7?8%wVL-!hz=V_1KH!E_@rItB.lekZ5?xLQyK2gJ+VAge.xL,dUA[pF6okqj'I6(Nnf1Z5,?*m0iUD0w*MIF3RV6p1q8cJAgUbQn+Ruu?}6Wvq7?eC8amrFS*vzy*[s,~+H9Vpr@lRlxHdFv]qwWP8!@oQ]U6qwu0g$eZAPH}[==X.x@-m3j8W1PJ,QxOfRAgr_rJCvcyU*PAyNFBDM=tnpT'II1o8nP`3%&2%P@ZwMIkiPE^E(mojY=a_6@LduT=Z_y{`-%!EJcCqw?62@?X~09iwHA=^g'n2K=zJZqlZ]C$.J=Z0eEX-W@K-R(iZu1o@]=?^HoYBr9bA7uhuNy180h`3W4Fo?@9A&3Cmr9Mmc$3sc-fml?i{dtuV+!_kKpjK7FgYr8lIaDR5'WXhIIuJH+r6w9URTNxwGws[$j0Y%y'4i@Gigm+b1%VlGd755ci0P@BA,VncL+%MS[LdA^mO'?.oSiuRJ^U&v%'S&O&X?=.+]LH=qt).b7R~qxG}M?P2LV,ys6.ncfTy7z9]R?L%s_Tqcf~w9$5dj=HXa9s3I['7MH=oMt]%5Fcy79aqn9^2rm%pf1]h=RKl+?77T}u3!e-f4=uZnxB3P9esnOTn{~v*1@Q^c?u^S9C$}H7+dD%L^Y%C$!{(2=zZC(B&HJB2)a8EGR`Qc=IyMTOu-T*(xchpPV+n*AAxaVKvd3OEW+-Arj`gK?ts&%vc4h1113lz)SsrV?nr!SD4pIWv[fWtq]Lmf?7%!$4,$NujA~dFV]1Rr8stecr4x?rJ!lIWa1tsj=[Qy34.~+]*3FiC9QI-p9^fhIW%!px5RN%8YLDAM=EZuNa5D-7N[g7-*z}3y9_6pmP5vajK]ZQiL^{gz@b2^21?U+zKMVT3zXEvd9.u0BkR`oS*KkP9!Zc=k9j?HuDKfP+?1d)kTO.I_A)Trgv+h,-VwE7x.vGL_AJvG-5.~{w1]zzxZV[-$A8iDLx'?M,hd3`yVo_)]=xG0AsN0?x@tStSk!9gY=gytB4X]b+Jf)7w6'N_o?SR~GXUd,(*i`+ox-L`&?^8iqLX-_X[VHlxTD*N79fnKi9lzQ1$E?wsXUP09?tb}=eFG1HZf%C6m%@t3@[-g~hclgLBn$sgOP8'u91C$2Gs]6{N,na*Yl{L=A]?zjMmlq?w3t{r6e.A1@p~AI['&qZV_SM=9N3W4?aj'-5)SdNfpZlsjQ^$R9I8PQz{JUcH_dV2ax?UB=6Ohw[TkF)vVj{$*JX%5?h3V~A?,2V9xS[wH211+?mwvIPJn$LU]nhA77P+b@S8,pO@f.[]lB!hLio%o?,dE5tAUp0$5zfX!MKMMA~9[kwjQIwMs3v0V,!{}=9aONKLl}]%C%.qkZL4=Ax1x8*pgU8ox8dJBt@fF9oHa=!44$C(Jo}0TNzJD9IY$A8{Bga+a'nueh$_}@(`LW-6$4N2Zo58ZM$F8?Y4*9v`*x.f2=O*[}C$?=i6^{n$QEMI[FqcfA=qX@P}Ln1}BOSzo`zP.q{gx=%PhDrhDqfRy&sKDQaeGAI4?xB_4?]+v+^CToYLd@zc]J1m2PHBMC[yRSZfH93zWYYmp)F6eWH(8zDML@.v~@1%G@dkqUO7R$p!x?!P@B`VMz{brRf7*om'4=pe(7q9dPLDHG~.9n(s4=75S}%kK$iXhG*2pXWEH@{.4pGt3y9LNEEHpT+Uu@}^7r?6HzPPjbXg1),B0?gd=R4!s-BsqX08D9x2k=UnnH(6+5f0^7I2aZ,UW?xlg*gGNP9tB_F^oo8DSAqj.cWSiAYyZxN85K)TW??G'vBY&_sue1SOk-s.]8I,^{-Fh[IHHOVg,=Jm4=@J?dMo^_wvy)J7hFzi{?EfZ0-pe$j.^6+Cb+cP,=ZP{_1m!@mBS'e@OP*%Y9,Z[D5L,ZdVgJ2dVGf]z8Sr1{D$XA+JgQIP)*dpj@vKkRRZl-~O)6RpDB[)!@[,*q_RE(0Cek_IzeRTm9.osGKggF4C8fa{,iuvR9$-FVzuwZ&9M!7a[I)_=?^?3xN3lcuI'Ug(4fpSN?)^E}^kd1kPj@81r@dWg?R}^DNTfE5P=@(q_GYPn9CA![1aX`AeOsaI13y7-?3GXQ9Q_~A1f[hyb@76^AVnNw8=Emi!r7Iq,],o}=BK4%+54IeudrdlaD{x,9Ac,Lw3*}V^^kab(nSI=@1e@en,A3twWH7IkSJo49emP^-SBc]qIo$h%1e(s?v=C}){xWOL6yt?,!xuu8m^ax&B9*qHqfH^2!Eiv={LySVDG^mkMUZD%o%To9jw&,9i!*c!qHAsu.kit?Mww^`tW@rT8R~(,Z_8p8H+lqsKCMn=]'~wXNrHRAg*'RfH+P{i5v2SHdD^~8OtVwRia9!2^Xj`ZG]Q09r7jl6q6Er`dp3VKO6kv9KX8TQQPBAH(g6GG[p=g?wOEOn)oOtNZ}%LCiNX]8ci$XWb-ecs'wqbUR~d~=uHBg9Y0g!uZH{r]o=sf=Gi9`Fcd$T`s~&+a9Gl79DkfPO&!k.A-f.GCL.}0AUGrl]u$6j.EHt*%At{{@oj)Ol!zo7.(.njU)(Sk?'wMumU[$2l}5CbfojX[?}g'fA]+}{$xqBV8wz.W@(mXc@k5nH]rhP6DW3j0?XsRi,tg7%mEoIJEJ-e)?E'LgF61$_^gqekR_2a~=-9OvMIe&5bTvdIWC*^p=og)OvN(4cM*[uPAK?&RAkmW.[XBs,sC[C^kGGTg9(ryBebUby%?c-IW9ZxHAeE{Zi7'iLtFE2h+NHW@@oACiF1[dR*wZ)7zo~@n=={wCm[ds=FnQsyP$EP!@v%^OkgBdpXjj=0{)y1L?*CCOxs%&bTg$eg_5gUHA(eM&ar%}@HT5j&--XN)?F^?-e)Osi-DwW}UAK6F?$a@IXn6(kCj-pUr5mFbAMMw0xTtlh.2Gjov.EOz?J00,uGR-'es}z~rOXYY?[tz7gIW(2bR4{0x}zso8loIF]o*H^Cp_h&NT]s2??+dBZo}T`(ps+bdDkB2@LxSkkyWhh'.%}J(NtKV9@B9F(xs[Xpr4{%]1~]%@a}j,O8L0{!vnwfclrX69bPC_cFuCcVfPM.apS%D@8R=)4yac'Dig2VZsW8@9gROUKS9'eXF*zmmAs$N=g@Vt2_%21)YRZZpA,nt@cjBsMi40kmW+}NwaByH?{{DmgMY}&jfR*hIKTp%=G^!*QM8~!9T%FgTDiv.?]2..m'$vBxS[O`K0n9M@nhk1k5niHgn1D?^vu]w8R~ol-%]@B!2%GRPE+@NADsRN_jUI~fwgR%^Jb85=ta_t0E28g2y9'BRx`We?--d^43?cj?1@JdSo6Yd?zF](cnn&eX3Vz{y+IzQ=Yr4aYpple'KqE2c34]79?X`pkq3j)]9FzU+Y%6j?,'wNaJVhselh-!JmXEGAmPc98C0e'3Wix?BUv3C9X6_qdD!PfvN1TMXfMnK==jJ{DUf1pYv%&HY?Hy`A`}qHc7+1aHdN,4V2FsEA!&PH&7ckURx3HaJQs)8?ROaQXyh*[bT@-S6dY,q=69r9qgU_'ovQPdNkj[`=WRp^^*`mQt(u{~1D^?==~dWYgXjD9h$A6kDBdgI9{o)ZD,x3cd{p9K5+FiZ9UFThbU07EK8N([d[rDZ?J[5S?B&Vi0.]9U[=d.C?(VlF2t-KwK!sqqg3Z6H9+wa~Q-}5os22~'Ieu.4AR*pXOF8.KSlF!erxmyk9_j6)0!I*7Xytw,h)Rzn?^m}aTKM)8U]{oMd}*Eo8^6xHia!4e4,V3)DJV5C?B3=lJL*homzGTN6criF9Y7acji}K4dxpz,wyHmJ=Y2znjs-?DRczO4y,mcN@Qa+mRe(F1J!U1q5ejNS@evIybI(q+RLkDW4-q%y=bpP4Ec3}*O[vz*$c[kD@]hTc17l5''BF4!V4V2`@-^&7^t~-fOfJO]J8ghl=W=IQtq%WCJ+4XHxW4aw=2_RhBIz8C?Zf`h&G$pUAfT9v8+[sdY6n5vIIN^b9$UQY)E$@H8!V=]*Z`r$9WIjc_=%cBTulsifz**h@0~fALtOYpbm[NIqT2}WA0aR*=3~!LFgE4_b}0G`@r55pvjW$WQ8@EE=bxPC?'uPPQWmHnl*Y$E4Ke{x=[Ixbp)$_}qOq4H=Hdgp83}-R1wJbS5lx&7qAv+i80^wAZ.imnF`v'S+9tEr9??-C5y^)qzNNgI%70(+9lKVkr.$s(2%GdrIrSt@=F~~u()^6q)'(LwI).Zx?5(yWrNmBPCqK~f0vD_7@}_hi&J@p`KmsZxShxH[8+&(is2Zzl=&9L&o65a&?5beI8w`GmDO(mcTTKga=3.u$1_+UajRgUJhT9S?=CmZ=r^Iba.sb,N[YB7~9~cPGeHADaTs0AxSlRGM=2Zw[ePlzmF!_n4k)%bx=BmY)M4%dPBS3N9aL9z)A+6nFue-o-351SmJ)L3P@mj[6^7'{-_(rDAfzbPLAU)R!`(z(cz*$'}fd],)?$xh!3EExk)OPa^$Whgf978**w$XiisbG[4amsll?C=jz25-l1dvj.V'KxU}8xk'*7i(@K[`)Pd]tMv`@Axd]Rhl-$?f0lVP4e+~=jyZ^eh}L5]P8sU98}Ug@Y~24^$L]ZEdEs]0NL}r@r]LFvQ8CT8)&4v9(INdAwSr=WV0SvjY3d74bFR79LN}o.CCPcL(mc@[-SyB=)q=&RI&jlLtMD%885e[9O[-R6+Q^j1pdgn6oQ)(=?LYE-{!F(!+bYPH0oPN@V,A3`[_,g?K&AY^v?bS?N=6aQ%[^EK}A7rpw[)v@}hOYD]$S4Yvf_99b$2q8(Ok5,AI]UOvMXR(BCbv?&E't@R%K(T,bO+P,Ya@=eTqUBqoD.nMYTrZfY8-?T8J1HqX09)P.xj4SQE@@sqmC3Q6BQB*TT@y&R4o9Y)Y^utiQ=-)?u[XBSd[A}xF?Hth~F*Eo~'cyRu@@r$Lp0Q_}!,WM$B`BI}r@Mt_ZA]U+_[A`vIL?)4x=X&*?^^HsN8qMZ)s{iaZA}UhorLJWXq+hzv&^mdPAIDYip3Sc7MMS!axezW*?C1V5fVO$i06U}*J4w7b82gr,0`F8AR+Cm({kTP8@u_a5v,!!~Q9VU,(k%As8cfN9D2$lX3elDi)M(2[AS_CWOe9*oQ[yN]gjpW%9V~veLLFD4bfw6_[NhwJ=xAzv',r(EDrnQV=E]Od9ka[2WWds1i?gwa]Ljvm=3FyhbUW{Yew76n0$pd8Ab?H^eme4=r^`jBkT2}u9Pc.vr@5gc'eOg8gX7hh8IXBT`sba^OZZrtd_iNSAiY432Og=hk!prgzhWL19ZBq*y!4&7?cO@YoEjom8T]i(K&G=2WZF0q9G)Ht?6QN@7N?&EKbya{`,0Nw8eRz{(qenh&O_RX&LHCp@HOD9YeqtJy}ZRYQ6YwJAHki5rHcB.QOm3q)_+)l=3,Hb^W8Y2C{bp5lT1,w8U&LUVmiy56E10t+0g7.9xZz74B*vKDhvA0I)'cx9hF0'jm8?tej`~Ly[id@@X0?^=f*kn=7{8MAX.5%@x)!![!3rAcNBUL))vnW@AF9SR%,f_ToL}_P[&QFAp,!3T7uCoUJ[H&N+kUV9Qk5glR1ts-TjOmY{0nO=S6GJKns6Z$B&Au*]cS^?cc(qG64z~7vJhh0wCOp=WQaXgn[QNz[9GRLXX?w=I-(Kn%5nV,C4Sp]`eT59a8D&$Ra5(=(uh7iVuK%=qJ~n%,goWR0CC)Yv=SG?3-}!5-o~y8nSAK=),)WA-W6q_vv}Ev"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\D7314F9862C648A4DB8BE2A5B47BE100\Features]
"Complete5.1.20513.0"="XNmn0lYPR@3$8hQ%TYwx$H8qYCruc=lBn,)FX?V0ye6nlV_SJA)SIIr?X%xiqG@Zp%z_F=5X?Ab(gW2SFDK*8GOnn9A47N8wb(J&*^(zpcD%q=6Q%SVz]6w2v.hv()gBj8W~bv.E7v5B8V7Ts97%r=@(8IYo+y~ViyB(qQyAg?tfYhgrsJ(hoQsEO}052==kab%Yz?`gUqs@2WLXo9A(NHCCNY^x%Rr_CP30)AGEs(q?-3%nc@f&19q4'@X^x@4BIAOy=dN(cfCOIA,(4{Zj([BH.Ruph&RXS9h.z!$Ig$+$(F9~n61L{=mklpYT!'eP@QCjr[cg)AIx6@)Sp8'u~j&t4~38UA((0Dow9hM6EGP6kpP2a=}yMuRU)af@vub@&Tm3I?e,@*C7C7'{',A$abpD[8}8H52+TqV`Ls_(B.G4e=-lz%bq+x+gt4ktUWWsc9C(~U@~f1fn`~8(P.bx[Am=G*S,Wfhhh'v)Y[gxO=QEtm41U=)!jO~stC-ci@!n!0@Bxl1pIo{-nIiuP=2,1mC{$H`b+OhP?EI^$ARfVT=C5PY+KVS*SyEP+@wF'{ZoiG{P~[*eLe1TLAo`Ah,t*]iCM[4zeYX.J=VmeZs9(tCrauDe8&8D%AH+38Y$Wt[7s}NXk}RjVA_ylz!sOJNC5B`'B]BcL@&2`kWr@MW?1mL]lZ,!`@srY(@l&er$=)_,'-PmF9Y{w$-@{Ju'-ZO^6P}EW=F%O}bP,807H@YQ,PLKr=([~D41K(}7}D%M5=?z!Ao3`QpL5h]koL5NJpGyB@5?(Woj*{neqpx76Fbq^=x.NyEK8,.4d.eFRN8'p8!GZ(xk%z]e{'wls+,WaAdeLy3p{Ak-~~cAprse3?m1RWXbt+pYq&%,zMwdY@zvU+lyq2ovV.trHGwwR=x0yvUMKFsHUn~a`*Yye=4U0qozF]I*8,@?c}(&39OKwKX$3g1DCM4LFL~SM9pmo8av{AUKA.oQ`5!d6Al*!&D3!2luw4!{34m.h@?qxr9iGfI7S3&6{nS`)9rFhOv)Aq(Z+P4q62Z[KAVou0KLJJAsUQqB17.8e9h+HgsbW@02'I$Qtc3fAAjZA7h*tnv[,dNB86P5!?&EJPrJ[0RG9D-'hqAS,?J{xJ7o5wW@?~,_Ia%7`?VDxFID*lY?iadf*^%-?A}!NzS$H%j$G}-)cxfG7@kQQ`I@aFcsAyOGS3@.I?H-n~!yf0]V]*7WgsZjV=kU55]`9Qh^yTe`GLO.3?~.W9S.eFY3a3@1z&W__=x2XBdB}J~0cc*!YM26^?%jQUsa14@?ja(oM&'em@?$+~.fr7FqYgCmtoOP'@fgA@R^(P+NXqbt3O!Q6=tR[G_kR6n^kNH=ySyE09eIFu3L(P{*8Mbf=N_O%=N%Q3VQ.N,DoeHtuO5mX8?Rj=$iu4!3n4j^Szk1W9`(@mbWK^YE@NTBcl8`XAMus%`.InITnYCmtx1`D?*elGUq'FT8N[0+D{vOdAG4gkN$Pb.TfVYwxJ@*t=2K?-u..VQxAZg,J]EKq?Bv8QP(EH{%%gj*.!THW@SsOvI.]Zw@9M'($Z5HA@b!,k[)3hg[mi?UsAdq=@_-R'-=vOG`Ici5.q8v7AGm^U6uOYKjigDztg8mJ9,`w!E9~+=vUh4!&G,W)A_~wno1GMzByo}Ro1l*{?3+{1n}^TXTj]d4s2T03@8PB(w@q}oF?`V%-KVH)=QU*JZ_`Q(lw5`y,ncUf@EJ00Q%Ex(yomE}Z~l.j81XG]x+I%FdMRzr8)dqo?Hu`RE*+jb^n+ORynQIz=+~YUp[esF=Rh3r2S&]WA!X9vS3m,K*cTDw^3Ni~@9c@P8ia[Vc$ne5ApiXx8dTHpEOH@(bYbO?9*&9j@!0&]a_gQubgq4wzUK*o=%T*9BO2w_Q=AZ+SeFIN=z`P(e%D1=sZ6daO@a'V9dmU}4wX$UtDxcsfOF54@WCi8Cg2-8]G+DR_X=m^82]FuN7GX7?8%wVL-!hz=V_1KH!E_@rItB.lekZ5?xLQyK2gJ+VAge.xL,dUA[pF6okqj'I6(Nnf1Z5,?*m0iUD0w*MIF3RV6p1q8cJAgUbQn+Ruu?}6Wvq7?eC8amrFS*vzy*[s,~+H9Vpr@lRlxHdFv]qwWP8!@oQ]U6qwu0g$eZAPH}[==X.x@-m3j8W1PJ,QxOfRAgr_rJCvcyU*PAyNFBDM=tnpT'II1o8nP`3%&2%P@ZwMIkiPE^E(mojY=a_6@LduT=Z_y{`-%!EJcCqw?62@?X~09iwHA=^g'n2K=zJZqlZ]C$.J=Z0eEX-W@K-R(iZu1o@]=?^HoYBr9bA7uhuNy180h`3W4Fo?@9A&3Cmr9Mmc$3sc-fml?i{dtuV+!_kKpjK7FgYr8lIaDR5'WXhIIuJH+r6w9URTNxwGws[$j0Y%y'4i@Gigm+b1%VlGd755ci0P@BA,VncL+%MS[LdA^mO'?.oSiuRJ^U&v%'S&O&X?=.+]LH=qt).b7R~qxG}M?P2LV,ys6.ncfTy7z9]R?L%s_Tqcf~w9$5dj=HXa9s3I['7MH=oMt]%5Fcy79aqn9^2rm%pf1]h=RKl+?77T}u3!e-f4=uZnxB3P9esnOTn{~v*1@Q^c?u^S9C$}H7+dD%L^Y%C$!{(2=zZC(B&HJB2)a8EGR`Qc=IyMTOu-T*(xchpPV+n*AAxaVKvd3OEW+-Arj`gK?ts&%vc4h1113lz)SsrV?nr!SD4pIWv[fWtq]Lmf?7%!$4,$NujA~dFV]1Rr8stecr4x?rJ!lIWa1tsj=[Qy34.~+]*3FiC9QI-p9^fhIW%!px5RN%8YLDAM=EZuNa5D-7N[g7-*z}3y9_6pmP5vajK]ZQiL^{gz@b2^21?U+zKMVT3zXEvd9.u0BkR`oS*KkP9!Zc=k9j?HuDKfP+?1d)kTO.I_A)Trgv+h,-VwE7x.vGL_AJvG-5.~{w1]zzxZV[-$A8iDLx'?M,hd3`yVo_)]=xG0AsN0?x@tStSk!9gY=gytB4X]b+Jf)7w6'N_o?SR~GXUd,(*i`+ox-L`&?^8iqLX-_X[VHlxTD*N79fnKi9lzQ1$E?wsXUP09?tb}=eFG1HZf%C6m%@t3@[-g~hclgLBn$sgOP8'u91C$2Gs]6{N,na*Yl{L=A]?zjMmlq?w3t{r6e.A1@p~AI['&qZV_SM=9N3W4?aj'-5)SdNfpZlsjQ^$R9I8PQz{JUcH_dV2ax?UB=6Ohw[TkF)vVj{$*JX%5?h3V~A?,2V9xS[wH211+?mwvIPJn$LU]nhA77P+b@S8,pO@f.[]lB!hLio%o?,dE5tAUp0$5zfX!MKMMA~9[kwjQIwMs3v0V,!{}=9aONKLl}]%C%.qkZL4=Ax1x8*pgU8ox8dJBt@fF9oHa=!44$C(Jo}0TNzJD9IY$A8{Bga+a'nueh$_}@(`LW-6$4N2Zo58ZM$F8?Y4*9v`*x.f2=O*[}C$?=i6^{n$QEMI[FqcfA=qX@P}Ln1}BOSzo`zP.q{gx=%PhDrhDqfRy&sKDQaeGAI4?xB_4?]+v+^CToYLd@zc]J1m2PHBMC[yRSZfH93zWYYmp)F6eWH(8zDML@.v~@1%G@dkqUO7R$p!x?!P@B`VMz{brRf7*om'4=pe(7q9dPLDHG~.9n(s4=75S}%kK$iXhG*2pXWEH@{.4pGt3y9LNEEHpT+Uu@}^7r?6HzPPjbXg1),B0?gd=R4!s-BsqX08D9x2k=UnnH(6+5f0^7I2aZ,UW?xlg*gGNP9tB_F^oo8DSAqj.cWSiAYyZxN85K)TW??G'vBY&_sue1SOk-s.]8I,^{-Fh[IHHOVg,=Jm4=@J?dMo^_wvy)J7hFzi{?EfZ0-pe$j.^6+Cb+cP,=ZP{_1m!@mBS'e@OP*%Y9,Z[D5L,ZdVgJ2dVGf]z8Sr1{D$XA+JgQIP)*dpj@vKkRRZl-~O)6RpDB[)!@[,*q_RE(0Cek_IzeRTm9.osGKggF4C8fa{,iuvR9$-FVzuwZ&9M!7a[I)_=?^?3xN3lcuI'Ug(4fpSN?)^E}^kd1kPj@81r@dWg?R}^DNTfE5P=@(q_GYPn9CA![1aX`AeOsaI13y7-?3GXQ9Q_~A1f[hyb@76^AVnNw8=Emi!r7Iq,],o}=BK4%+54IeudrdlaD{x,9Ac,Lw3*}V^^kab(nSI=@1e@en,A3twWH7IkSJo49emP^-SBc]qIo$h%1e(s?v=C}){xWOL6yt?,!xuu8m^ax&B9*qHqfH^2!Eiv={LySVDG^mkMUZD%o%To9jw&,9i!*c!qHAsu.kit?Mww^`tW@rT8R~(,Z_8p8H+lqsKCMn=]'~wXNrHRAg*'RfH+P{i5v2SHdD^~8OtVwRia9!2^Xj`ZG]Q09r7jl6q6Er`dp3VKO6kv9KX8TQQPBAH(g6GG[p=g?wOEOn)oOtNZ}%LCiNX]8ci$XWb-ecs'wqbUR~d~=uHBg9Y0g!uZH{r]o=sf=Gi9`Fcd$T`s~&+a9Gl79DkfPO&!k.A-f.GCL.}0AUGrl]u$6j.EHt*%At{{@oj)Ol!zo7.(.njU)(Sk?'wMumU[$2l}5CbfojX[?}g'fA]+}{$xqBV8wz.W@(mXc@k5nH]rhP6DW3j0?XsRi,tg7%mEoIJEJ-e)?E'LgF61$_^gqekR_2a~=-9OvMIe&5bTvdIWC*^p=og)OvN(4cM*[uPAK?&RAkmW.[XBs,sC[C^kGGTg9(ryBebUby%?c-IW9ZxHAeE{Zi7'iLtFE2h+NHW@@oACiF1[dR*wZ)7zo~@n=={wCm[ds=FnQsyP$EP!@v%^OkgBdpXjj=0{)y1L?*CCOxs%&bTg$eg_5gUHA(eM&ar%}@HT5j&--XN)?F^?-e)Osi-DwW}UAK6F?$a@IXn6(kCj-pUr5mFbAMMw0xTtlh.2Gjov.EOz?J00,uGR-'es}z~rOXYY?[tz7gIW(2bR4{0x}zso8loIF]o*H^Cp_h&NT]s2??+dBZo}T`(ps+bdDkB2@LxSkkyWhh'.%}J(NtKV9@B9F(xs[Xpr4{%]1~]%@a}j,O8L0{!vnwfclrX69bPC_cFuCcVfPM.apS%D@8R=)4yac'Dig2VZsW8@9gROUKS9'eXF*zmmAs$N=g@Vt2_%21)YRZZpA,nt@cjBsMi40kmW+}NwaByH?{{DmgMY}&jfR*hIKTp%=G^!*QM8~!9T%FgTDiv.?]2..m'$vBxS[O`K0n9M@nhk1k5niHgn1D?^vu]w8R~ol-%]@B!2%GRPE+@NADsRN_jUI~fwgR%^Jb85=ta_t0E28g2y9'BRx`We?--d^43?cj?1@JdSo6Yd?zF](cnn&eX3Vz{y+IzQ=Yr4aYpple'KqE2c34]79?X`pkq3j)]9FzU+Y%6j?,'wNaJVhselh-!JmXEGAmPc98C0e'3Wix?BUv3C9X6_qdD!PfvN1TMXfMnK==jJ{DUf1pYv%&HY?Hy`A`}qHc7+1aHdN,4V2FsEA!&PH&7ckURx3HaJQs)8?ROaQXyh*[bT@-S6dY,q=69r9qgU_'ovQPdNkj[`=WRp^^*`mQt(u{~1D^?==~dWYgXjD9h$A6kDBdgI9{o)ZD,x3cd{p9K5+FiZ9UFThbU07EK8N([d[rDZ?J[5S?B&Vi0.]9U[=d.C?(VlF2t-KwK!sqqg3Z6H9+wa~Q-}5os22~'Ieu.4AR*pXOF8.KSlF!erxmyk9_j6)0!I*7Xytw,h)Rzn?^m}aTKM)8U]{oMd}*Eo8^6xHia!4e4,V3)DJV5C?B3=lJL*homzGTN6criF9Y7acji}K4dxpz,wyHmJ=Y2znjs-?DRczO4y,mcN@Qa+mRe(F1J!U1q5ejNS@evIybI(q+RLkDW4-q%y=bpP4Ec3}*O[vz*$c[kD@]hTc17l5''BF4!V4V2`@-^&7^t~-fOfJO]J8ghl=W=IQtq%WCJ+4XHxW4aw=2_RhBIz8C?Zf`h&G$pUAfT9v8+[sdY6n5vIIN^b9$UQY)E$@H8!V=]*Z`r$9WIjc_=%cBTulsifz**h@0~fALtOYpbm[NIqT2}WA0aR*=3~!LFgE4_b}0G`@r55pvjW$WQ8@EE=bxPC?'uPPQWmHnl*Y$E4Ke{x=[Ixbp)$_}qOq4H=Hdgp83}-R1wJbS5lx&7qAv+i80^wAZ.imnF`v'S+9tEr9??-C5y^)qzNNgI%70(+9lKVkr.$s(2%GdrIrSt@=F~~u()^6q)'(LwI).Zx?5(yWrNmBPCqK~f0vD_7@}_hi&J@p`KmsZxShxH[8+&(is2Zzl=&9L&o65a&?5beI8w`GmDO(mcTTKga=3.u$1_+UajRgUJhT9S?=CmZ=r^Iba.sb,N[YB7~9~cPGeHADaTs0AxSlRGM=2Zw[ePlzmF!_n4k)%bx=BmY)M4%dPBS3N9aL9z)A+6nFue-o-351SmJ)L3P@mj[6^7'{-_(rDAfzbPLAU)R!`(z(cz*$'}fd],)?$xh!3EExk)OPa^$Whgf978**w$XiisbG[4amsll?C=jz25-l1dvj.V'KxU}8xk'*7i(@K[`)Pd]tMv`@Axd]Rhl-$?f0lVP4e+~=jyZ^eh}L5]P8sU98}Ug@Y~24^$L]ZEdEs]0NL}r@r]LFvQ8CT8)&4v9(INdAwSr=WV0SvjY3d74bFR79LN}o.CCPcL(mc@[-SyB=)q=&RI&jlLtMD%885e[9O[-R6+Q^j1pdgn6oQ)(=?LYE-{!F(!+bYPH0oPN@V,A3`[_,g?K&AY^v?bS?N=6aQ%[^EK}A7rpw[)v@}hOYD]$S4Yvf_99b$2q8(Ok5,AI]UOvMXR(BCbv?&E't@R%K(T,bO+P,Ya@=eTqUBqoD.nMYTrZfY8-?T8J1HqX09)P.xj4SQE@@sqmC3Q6BQB*TT@y&R4o9Y)Y^utiQ=-)?u[XBSd[A}xF?Hth~F*Eo~'cyRu@@r$Lp0Q_}!,WM$B`BI}r@Mt_ZA]U+_[A`vIL?)4x=X&*?^^HsN8qMZ)s{iaZA}UhorLJWXq+hzv&^mdPAIDYip3Sc7MMS!axezW*?C1V5fVO$i06U}*J4w7b82gr,0`F8AR+Cm({kTP8@u_a5v,!!~Q9VU,(k%As8cfN9D2$lX3elDi)M(2[AS_CWOe9*oQ[yN]gjpW%9V~veLLFD4bfw6_[NhwJ=xAzv',r(EDrnQV=E]Od9ka[2WWds1i?gwa]Ljvm=3FyhbUW{Yew76n0$pd8Ab?H^eme4=r^`jBkT2}u9Pc.vr@5gc'eOg8gX7hh8IXBT`sba^OZZrtd_iNSAiY432Og=hk!prgzhWL19ZBq*y!4&7?cO@YoEjom8T]i(K&G=2WZF0q9G)Ht?6QN@7N?&EKbya{`,0Nw8eRz{(qenh&O_RX&LHCp@HOD9YeqtJy}ZRYQ6YwJAHki5rHcB.QOm3q)_+)l=3,Hb^W8Y2C{bp5lT1,w8U&LUVmiy56E10t+0g7.9xZz74B*vKDhvA0I)'cx9hF0'jm8?tej`~Ly[id@@X0?^=f*kn=7{8MAX.5%@x)!![!3rAcNBUL))vnW@AF9SR%,f_ToL}_P[&QFAp,!3T7uCoUJ[H&N+kUV9Qk5glR1ts-TjOmY{0nO=S6GJKns6Z$B&Au*]cS^?cc(qG64z~7vJhh0wCOp=WQaXgn[QNz[9GRLXX?w=I-(Kn%5nV,C4Sp]`eT59a8D&$Ra5(=(uh7iVuK%=qJ~n%,goWR0CC)Yv=SG?3-}!5-o~y8nSAK=),)WA-W6q_vv}Ev"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\D7314F9862C648A4DB8BE2A5B47BE100\Features]
"Complete5.1.20913.0"="XNmn0lYPR@3$8hQ%TYwx$H8qYCruc=lBn,)FX?V0ye6nlV_SJA)SIIr?X%xiqG@Zp%z_F=5X?Ab(gW2SFDK*8GOnn9A47N8wb(J&*^(zpcD%q=6Q%SVz]6w2v.hv()gBj8W~bv.E7v5B8V7Ts97%r=@(8IYo+y~ViyB(qQyAg?tfYhgrsJ(hoQsEO}052==kab%Yz?`gUqs@2WLXo9A(NHCCNY^x%Rr_CP30)AGEs(q?-3%nc@f&19q4'@X^x@4BIAOy=dN(cfCOIA,(4{Zj([BH.Ruph&RXS9h.z!$Ig$+$(F9~n61L{=mklpYT!'eP@QCjr[cg)AIx6@)Sp8'u~j&t4~38UA((0Dow9hM6EGP6kpP2a=}yMuRU)af@vub@&Tm3I?e,@*C7C7'{',A$abpD[8}8H52+TqV`Ls_(B.G4e=-lz%bq+x+gt4ktUWWsc9C(~U@~f1fn`~8(P.bx[Am=G*S,Wfhhh'v)Y[gxO=QEtm41U=)!jO~stC-ci@!n!0@Bxl1pIo{-nIiuP=2,1mC{$H`b+OhP?EI^$ARfVT=C5PY+KVS*SyEP+@wF'{ZoiG{P~[*eLe1TLAo`Ah,t*]iCM[4zeYX.J=VmeZs9(tCrauDe8&8D%AH+38Y$Wt[7s}NXk}RjVA_ylz!sOJNC5B`'B]BcL@&2`kWr@MW?1mL]lZ,!`@srY(@l&er$=)_,'-PmF9Y{w$-@{Ju'-ZO^6P}EW=F%O}bP,807H@YQ,PLKr=([~D41K(}7}D%M5=?z!Ao3`QpL5h]koL5NJpGyB@5?(Woj*{neqpx76Fbq^=x.NyEK8,.4d.eFRN8'p8!GZ(xk%z]e{'wls+,WaAdeLy3p{Ak-~~cAprse3?m1RWXbt+pYq&%,zMwdY@zvU+lyq2ovV.trHGwwR=x0yvUMKFsHUn~a`*Yye=4U0qozF]I*8,@?c}(&39OKwKX$3g1DCM4LFL~SM9pmo8av{AUKA.oQ`5!d6Al*!&D3!2luw4!{34m.h@?qxr9iGfI7S3&6{nS`)9rFhOv)Aq(Z+P4q62Z[KAVou0KLJJAsUQqB17.8e9h+HgsbW@02'I$Qtc3fAAjZA7h*tnv[,dNB86P5!?&EJPrJ[0RG9D-'hqAS,?J{xJ7o5wW@?~,_Ia%7`?VDxFID*lY?iadf*^%-?A}!NzS$H%j$G}-)cxfG7@kQQ`I@aFcsAyOGS3@.I?H-n~!yf0]V]*7WgsZjV=kU55]`9Qh^yTe`GLO.3?~.W9S.eFY3a3@1z&W__=x2XBdB}J~0cc*!YM26^?%jQUsa14@?ja(oM&'em@?$+~.fr7FqYgCmtoOP'@fgA@R^(P+NXqbt3O!Q6=tR[G_kR6n^kNH=ySyE09eIFu3L(P{*8Mbf=N_O%=N%Q3VQ.N,DoeHtuO5mX8?Rj=$iu4!3n4j^Szk1W9`(@mbWK^YE@NTBcl8`XAMus%`.InITnYCmtx1`D?*elGUq'FT8N[0+D{vOdAG4gkN$Pb.TfVYwxJ@*t=2K?-u..VQxAZg,J]EKq?Bv8QP(EH{%%gj*.!THW@SsOvI.]Zw@9M'($Z5HA@b!,k[)3hg[mi?UsAdq=@_-R'-=vOG`Ici5.q8v7AGm^U6uOYKjigDztg8mJ9,`w!E9~+=vUh4!&G,W)A_~wno1GMzByo}Ro1l*{?3+{1n}^TXTj]d4s2T03@8PB(w@q}oF?`V%-KVH)=QU*JZ_`Q(lw5`y,ncUf@EJ00Q%Ex(yomE}Z~l.j81XG]x+I%FdMRzr8)dqo?Hu`RE*+jb^n+ORynQIz=+~YUp[esF=Rh3r2S&]WA!X9vS3m,K*cTDw^3Ni~@9c@P8ia[Vc$ne5ApiXx8dTHpEOH@(bYbO?9*&9j@!0&]a_gQubgq4wzUK*o=%T*9BO2w_Q=AZ+SeFIN=z`P(e%D1=sZ6daO@a'V9dmU}4wX$UtDxcsfOF54@WCi8Cg2-8]G+DR_X=m^82]FuN7GX7?8%wVL-!hz=V_1KH!E_@rItB.lekZ5?xLQyK2gJ+VAge.xL,dUA[pF6okqj'I6(Nnf1Z5,?*m0iUD0w*MIF3RV6p1q8cJAgUbQn+Ruu?}6Wvq7?eC8amrFS*vzy*[s,~+H9Vpr@lRlxHdFv]qwWP8!@oQ]U6qwu0g$eZAPH}[==X.x@-m3j8W1PJ,QxOfRAgr_rJCvcyU*PAyNFBDM=tnpT'II1o8nP`3%&2%P@ZwMIkiPE^E(mojY=a_6@LduT=Z_y{`-%!EJcCqw?62@?X~09iwHA=^g'n2K=zJZqlZ]C$.J=Z0eEX-W@K-R(iZu1o@]=?^HoYBr9bA7uhuNy180h`3W4Fo?@9A&3Cmr9Mmc$3sc-fml?i{dtuV+!_kKpjK7FgYr8lIaDR5'WXhIIuJH+r6w9URTNxwGws[$j0Y%y'4i@Gigm+b1%VlGd755ci0P@BA,VncL+%MS[LdA^mO'?.oSiuRJ^U&v%'S&O&X?=.+]LH=qt).b7R~qxG}M?P2LV,ys6.ncfTy7z9]R?L%s_Tqcf~w9$5dj=HXa9s3I['7MH=oMt]%5Fcy79aqn9^2rm%pf1]h=RKl+?77T}u3!e-f4=uZnxB3P9esnOTn{~v*1@Q^c?u^S9C$}H7+dD%L^Y%C$!{(2=zZC(B&HJB2)a8EGR`Qc=IyMTOu-T*(xchpPV+n*AAxaVKvd3OEW+-Arj`gK?ts&%vc4h1113lz)SsrV?nr!SD4pIWv[fWtq]Lmf?7%!$4,$NujA~dFV]1Rr8stecr4x?rJ!lIWa1tsj=[Qy34.~+]*3FiC9QI-p9^fhIW%!px5RN%8YLDAM=EZuNa5D-7N[g7-*z}3y9_6pmP5vajK]ZQiL^{gz@b2^21?U+zKMVT3zXEvd9.u0BkR`oS*KkP9!Zc=k9j?HuDKfP+?1d)kTO.I_A)Trgv+h,-VwE7x.vGL_AJvG-5.~{w1]zzxZV[-$A8iDLx'?M,hd3`yVo_)]=xG0AsN0?x@tStSk!9gY=gytB4X]b+Jf)7w6'N_o?SR~GXUd,(*i`+ox-L`&?^8iqLX-_X[VHlxTD*N79fnKi9lzQ1$E?wsXUP09?tb}=eFG1HZf%C6m%@t3@[-g~hclgLBn$sgOP8'u91C$2Gs]6{N,na*Yl{L=A]?zjMmlq?w3t{r6e.A1@p~AI['&qZV_SM=9N3W4?aj'-5)SdNfpZlsjQ^$R9I8PQz{JUcH_dV2ax?UB=6Ohw[TkF)vVj{$*JX%5?h3V~A?,2V9xS[wH211+?mwvIPJn$LU]nhA77P+b@S8,pO@f.[]lB!hLio%o?,dE5tAUp0$5zfX!MKMMA~9[kwjQIwMs3v0V,!{}=9aONKLl}]%C%.qkZL4=Ax1x8*pgU8ox8dJBt@fF9oHa=!44$C(Jo}0TNzJD9IY$A8{Bga+a'nueh$_}@(`LW-6$4N2Zo58ZM$F8?Y4*9v`*x.f2=O*[}C$?=i6^{n$QEMI[FqcfA=qX@P}Ln1}BOSzo`zP.q{gx=%PhDrhDqfRy&sKDQaeGAI4?xB_4?]+v+^CToYLd@zc]J1m2PHBMC[yRSZfH93zWYYmp)F6eWH(8zDML@.v~@1%G@dkqUO7R$p!x?!P@B`VMz{brRf7*om'4=pe(7q9dPLDHG~.9n(s4=75S}%kK$iXhG*2pXWEH@{.4pGt3y9LNEEHpT+Uu@}^7r?6HzPPjbXg1),B0?gd=R4!s-BsqX08D9x2k=UnnH(6+5f0^7I2aZ,UW?xlg*gGNP9tB_F^oo8DSAqj.cWSiAYyZxN85K)TW??G'vBY&_sue1SOk-s.]8I,^{-Fh[IHHOVg,=Jm4=@J?dMo^_wvy)J7hFzi{?EfZ0-pe$j.^6+Cb+cP,=ZP{_1m!@mBS'e@OP*%Y9,Z[D5L,ZdVgJ2dVGf]z8Sr1{D$XA+JgQIP)*dpj@vKkRRZl-~O)6RpDB[)!@[,*q_RE(0Cek_IzeRTm9.osGKggF4C8fa{,iuvR9$-FVzuwZ&9M!7a[I)_=?^?3xN3lcuI'Ug(4fpSN?)^E}^kd1kPj@81r@dWg?R}^DNTfE5P=@(q_GYPn9CA![1aX`AeOsaI13y7-?3GXQ9Q_~A1f[hyb@76^AVnNw8=Emi!r7Iq,],o}=BK4%+54IeudrdlaD{x,9Ac,Lw3*}V^^kab(nSI=@1e@en,A3twWH7IkSJo49emP^-SBc]qIo$h%1e(s?v=C}){xWOL6yt?,!xuu8m^ax&B9*qHqfH^2!Eiv={LySVDG^mkMUZD%o%To9jw&,9i!*c!qHAsu.kit?Mww^`tW@rT8R~(,Z_8p8H+lqsKCMn=]'~wXNrHRAg*'RfH+P{i5v2SHdD^~8OtVwRia9!2^Xj`ZG]Q09r7jl6q6Er`dp3VKO6kv9KX8TQQPBAH(g6GG[p=g?wOEOn)oOtNZ}%LCiNX]8ci$XWb-ecs'wqbUR~d~=uHBg9Y0g!uZH{r]o=sf=Gi9`Fcd$T`s~&+a9Gl79DkfPO&!k.A-f.GCL.}0AUGrl]u$6j.EHt*%At{{@oj)Ol!zo7.(.njU)(Sk?'wMumU[$2l}5CbfojX[?}g'fA]+}{$xqBV8wz.W@(mXc@k5nH]rhP6DW3j0?XsRi,tg7%mEoIJEJ-e)?E'LgF61$_^gqekR_2a~=-9OvMIe&5bTvdIWC*^p=og)OvN(4cM*[uPAK?&RAkmW.[XBs,sC[C^kGGTg9(ryBebUby%?c-IW9ZxHAeE{Zi7'iLtFE2h+NHW@@oACiF1[dR*wZ)7zo~@n=={wCm[ds=FnQsyP$EP!@v%^OkgBdpXjj=0{)y1L?*CCOxs%&bTg$eg_5gUHA(eM&ar%}@HT5j&--XN)?F^?-e)Osi-DwW}UAK6F?$a@IXn6(kCj-pUr5mFbAMMw0xTtlh.2Gjov.EOz?J00,uGR-'es}z~rOXYY?[tz7gIW(2bR4{0x}zso8loIF]o*H^Cp_h&NT]s2??+dBZo}T`(ps+bdDkB2@LxSkkyWhh'.%}J(NtKV9@B9F(xs[Xpr4{%]1~]%@a}j,O8L0{!vnwfclrX69bPC_cFuCcVfPM.apS%D@8R=)4yac'Dig2VZsW8@9gROUKS9'eXF*zmmAs$N=g@Vt2_%21)YRZZpA,nt@cjBsMi40kmW+}NwaByH?{{DmgMY}&jfR*hIKTp%=G^!*QM8~!9T%FgTDiv.?]2..m'$vBxS[O`K0n9M@nhk1k5niHgn1D?^vu]w8R~ol-%]@B!2%GRPE+@NADsRN_jUI~fwgR%^Jb85=ta_t0E28g2y9'BRx`We?--d^43?cj?1@JdSo6Yd?zF](cnn&eX3Vz{y+IzQ=Yr4aYpple'KqE2c34]79?X`pkq3j)]9FzU+Y%6j?,'wNaJVhselh-!JmXEGAmPc98C0e'3Wix?BUv3C9X6_qdD!PfvN1TMXfMnK==jJ{DUf1pYv%&HY?Hy`A`}qHc7+1aHdN,4V2FsEA!&PH&7ckURx3HaJQs)8?ROaQXyh*[bT@-S6dY,q=69r9qgU_'ovQPdNkj[`=WRp^^*`mQt(u{~1D^?==~dWYgXjD9h$A6kDBdgI9{o)ZD,x3cd{p9K5+FiZ9UFThbU07EK8N([d[rDZ?J[5S?B&Vi0.]9U[=d.C?(VlF2t-KwK!sqqg3Z6H9+wa~Q-}5os22~'Ieu.4AR*pXOF8.KSlF!erxmyk9_j6)0!I*7Xytw,h)Rzn?^m}aTKM)8U]{oMd}*Eo8^6xHia!4e4,V3)DJV5C?B3=lJL*homzGTN6criF9Y7acji}K4dxpz,wyHmJ=Y2znjs-?DRczO4y,mcN@Qa+mRe(F1J!U1q5ejNS@evIybI(q+RLkDW4-q%y=bpP4Ec3}*O[vz*$c[kD@]hTc17l5''BF4!V4V2`@-^&7^t~-fOfJO]J8ghl=W=IQtq%WCJ+4XHxW4aw=2_RhBIz8C?Zf`h&G$pUAfT9v8+[sdY6n5vIIN^b9$UQY)E$@H8!V=]*Z`r$9WIjc_=%cBTulsifz**h@0~fALtOYpbm[NIqT2}WA0aR*=3~!LFgE4_b}0G`@r55pvjW$WQ8@EE=bxPC?'uPPQWmHnl*Y$E4Ke{x=[Ixbp)$_}qOq4H=Hdgp83}-R1wJbS5lx&7qAv+i80^wAZ.imnF`v'S+9tEr9??-C5y^)qzNNgI%70(+9lKVkr.$s(2%GdrIrSt@=F~~u()^6q)'(LwI).Zx?5(yWrNmBPCqK~f0vD_7@}_hi&J@p`KmsZxShxH[8+&(is2Zzl=&9L&o65a&?5beI8w`GmDO(mcTTKga=3.u$1_+UajRgUJhT9S?=CmZ=r^Iba.sb,N[YB7~9~cPGeHADaTs0AxSlRGM=2Zw[ePlzmF!_n4k)%bx=BmY)M4%dPBS3N9aL9z)A+6nFue-o-351SmJ)L3P@mj[6^7'{-_(rDAfzbPLAU)R!`(z(cz*$'}fd],)?$xh!3EExk)OPa^$Whgf978**w$XiisbG[4amsll?C=jz25-l1dvj.V'KxU}8xk'*7i(@K[`)Pd]tMv`@Axd]Rhl-$?f0lVP4e+~=jyZ^eh}L5]P8sU98}Ug@Y~24^$L]ZEdEs]0NL}r@r]LFvQ8CT8)&4v9(INdAwSr=WV0SvjY3d74bFR79LN}o.CCPcL(mc@[-SyB=)q=&RI&jlLtMD%885e[9O[-R6+Q^j1pdgn6oQ)(=?LYE-{!F(!+bYPH0oPN@V,A3`[_,g?K&AY^v?bS?N=6aQ%[^EK}A7rpw[)v@}hOYD]$S4Yvf_99b$2q8(Ok5,AI]UOvMXR(BCbv?&E't@R%K(T,bO+P,Ya@=eTqUBqoD.nMYTrZfY8-?T8J1HqX09)P.xj4SQE@@sqmC3Q6BQB*TT@y&R4o9Y)Y^utiQ=-)?u[XBSd[A}xF?Hth~F*Eo~'cyRu@@r$Lp0Q_}!,WM$B`BI}r@Mt_ZA]U+_[A`vIL?)4x=X&*?^^HsN8qMZ)s{iaZA}UhorLJWXq+hzv&^mdPAIDYip3Sc7MMS!axezW*?C1V5fVO$i06U}*J4w7b82gr,0`F8AR+Cm({kTP8@u_a5v,!!~Q9VU,(k%As8cfN9D2$lX3elDi)M(2[AS_CWOe9*oQ[yN]gjpW%9V~veLLFD4bfw6_[NhwJ=xAzv',r(EDrnQV=E]Od9ka[2WWds1i?gwa]Ljvm=3FyhbUW{Yew76n0$pd8Ab?H^eme4=r^`jBkT2}u9Pc.vr@5gc'eOg8gX7hh8IXBT`sba^OZZrtd_iNSAiY432Og=hk!prgzhWL19ZBq*y!4&7?cO@YoEjom8T]i(K&G=2WZF0q9G)Ht?6QN@7N?&EKbya{`,0Nw8eRz{(qenh&O_RX&LHCp@HOD9YeqtJy}ZRYQ6YwJAHki5rHcB.QOm3q)_+)l=3,Hb^W8Y2C{bp5lT1,w8U&LUVmiy56E10t+0g7.9xZz74B*vKDhvA0I)'cx9hF0'jm8?tej`~Ly[id@@X0?^=f*kn=7{8MAX.5%@x)!![!3rAcNBUL))vnW@AF9SR%,f_ToL}_P[&QFAp,!3T7uCoUJ[H&N+kUV9Qk5glR1ts-TjOmY{0nO=S6GJKns6Z$B&Au*]cS^?cc(qG64z~7vJhh0wCOp=WQaXgn[QNz[9GRLXX?w=I-(Kn%5nV,C4Sp]`eT59a8D&$Ra5(=(uh7iVuK%=qJ~n%,goWR0CC)Yv=SG?3-}!5-o~y8nSAK=),)WA-W6q_vv}Ev"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\D7314F9862C648A4DB8BE2A5B47BE100\Features]
"Complete5.1.30214.0"="XNmn0lYPR@3$8hQ%TYwx$H8qYCruc=lBn,)FX?V0ye6nlV_SJA)SIIr?X%xiqG@Zp%z_F=5X?Ab(gW2SFDK*8GOnn9A47N8wb(J&*^(zpcD%q=6Q%SVz]6w2v.hv()gBj8W~bv.E7v5B8V7Ts97%r=@(8IYo+y~ViyB(qQyAg?tfYhgrsJ(hoQsEO}052==kab%Yz?`gUqs@2WLXo9A(NHCCNY^x%Rr_CP30)AGEs(q?-3%nc@f&19q4'@X^x@4BIAOy=dN(cfCOIA,(4{Zj([BH.Ruph&RXS9h.z!$Ig$+$(F9~n61L{=mklpYT!'eP@QCjr[cg)AIx6@)Sp8'u~j&t4~38UA((0Dow9hM6EGP6kpP2a=}yMuRU)af@vub@&Tm3I?e,@*C7C7'{',A$abpD[8}8H52+TqV`Ls_(B.G4e=-lz%bq+x+gt4ktUWWsc9C(~U@~f1fn`~8(P.bx[Am=G*S,Wfhhh'v)Y[gxO=QEtm41U=)!jO~stC-ci@!n!0@Bxl1pIo{-nIiuP=2,1mC{$H`b+OhP?EI^$ARfVT=C5PY+KVS*SyEP+@wF'{ZoiG{P~[*eLe1TLAo`Ah,t*]iCM[4zeYX.J=VmeZs9(tCrauDe8&8D%AH+38Y$Wt[7s}NXk}RjVA_ylz!sOJNC5B`'B]BcL@&2`kWr@MW?1mL]lZ,!`@srY(@l&er$=)_,'-PmF9Y{w$-@{Ju'-ZO^6P}EW=F%O}bP,807H@YQ,PLKr=([~D41K(}7}D%M5=?z!Ao3`QpL5h]koL5NJpGyB@5?(Woj*{neqpx76Fbq^=x.NyEK8,.4d.eFRN8'p8!GZ(xk%z]e{'wls+,WaAdeLy3p{Ak-~~cAprse3?m1RWXbt+pYq&%,zMwdY@zvU+lyq2ovV.trHGwwR=x0yvUMKFsHUn~a`*Yye=4U0qozF]I*8,@?c}(&39OKwKX$3g1DCM4LFL~SM9pmo8av{AUKA.oQ`5!d6Al*!&D3!2luw4!{34m.h@?qxr9iGfI7S3&6{nS`)9rFhOv)Aq(Z+P4q62Z[KAVou0KLJJAsUQqB17.8e9h+HgsbW@02'I$Qtc3fAAjZA7h*tnv[,dNB86P5!?&EJPrJ[0RG9D-'hqAS,?J{xJ7o5wW@?~,_Ia%7`?VDxFID*lY?iadf*^%-?A}!NzS$H%j$G}-)cxfG7@kQQ`I@aFcsAyOGS3@.I?H-n~!yf0]V]*7WgsZjV=kU55]`9Qh^yTe`GLO.3?~.W9S.eFY3a3@1z&W__=x2XBdB}J~0cc*!YM26^?%jQUsa14@?ja(oM&'em@?$+~.fr7FqYgCmtoOP'@fgA@R^(P+NXqbt3O!Q6=tR[G_kR6n^kNH=ySyE09eIFu3L(P{*8Mbf=N_O%=N%Q3VQ.N,DoeHtuO5mX8?Rj=$iu4!3n4j^Szk1W9`(@mbWK^YE@NTBcl8`XAMus%`.InITnYCmtx1`D?*elGUq'FT8N[0+D{vOdAG4gkN$Pb.TfVYwxJ@*t=2K?-u..VQxAZg,J]EKq?Bv8QP(EH{%%gj*.!THW@SsOvI.]Zw@9M'($Z5HA@b!,k[)3hg[mi?UsAdq=@_-R'-=vOG`Ici5.q8v7AGm^U6uOYKjigDztg8mJ9,`w!E9~+=vUh4!&G,W)A_~wno1GMzByo}Ro1l*{?3+{1n}^TXTj]d4s2T03@8PB(w@q}oF?`V%-KVH)=QU*JZ_`Q(lw5`y,ncUf@EJ00Q%Ex(yomE}Z~l.j81XG]x+I%FdMRzr8)dqo?Hu`RE*+jb^n+ORynQIz=+~YUp[esF=Rh3r2S&]WA!X9vS3m,K*cTDw^3Ni~@9c@P8ia[Vc$ne5ApiXx8dTHpEOH@(bYbO?9*&9j@!0&]a_gQubgq4wzUK*o=%T*9BO2w_Q=AZ+SeFIN=z`P(e%D1=sZ6daO@a'V9dmU}4wX$UtDxcsfOF54@WCi8Cg2-8]G+DR_X=m^82]FuN7GX7?8%wVL-!hz=V_1KH!E_@rItB.lekZ5?xLQyK2gJ+VAge.xL,dUA[pF6okqj'I6(Nnf1Z5,?*m0iUD0w*MIF3RV6p1q8cJAgUbQn+Ruu?}6Wvq7?eC8amrFS*vzy*[s,~+H9Vpr@lRlxHdFv]qwWP8!@oQ]U6qwu0g$eZAPH}[==X.x@-m3j8W1PJ,QxOfRAgr_rJCvcyU*PAyNFBDM=tnpT'II1o8nP`3%&2%P@ZwMIkiPE^E(mojY=a_6@LduT=Z_y{`-%!EJcCqw?62@?X~09iwHA=^g'n2K=zJZqlZ]C$.J=Z0eEX-W@K-R(iZu1o@]=?^HoYBr9bA7uhuNy180h`3W4Fo?@9A&3Cmr9Mmc$3sc-fml?i{dtuV+!_kKpjK7FgYr8lIaDR5'WXhIIuJH+r6w9URTNxwGws[$j0Y%y'4i@Gigm+b1%VlGd755ci0P@BA,VncL+%MS[LdA^mO'?.oSiuRJ^U&v%'S&O&X?=.+]LH=qt).b7R~qxG}M?P2LV,ys6.ncfTy7z9]R?L%s_Tqcf~w9$5dj=HXa9s3I['7MH=oMt]%5Fcy79aqn9^2rm%pf1]h=RKl+?77T}u3!e-f4=uZnxB3P9esnOTn{~v*1@Q^c?u^S9C$}H7+dD%L^Y%C$!{(2=zZC(B&HJB2)a8EGR`Qc=IyMTOu-T*(xchpPV+n*AAxaVKvd3OEW+-Arj`gK?ts&%vc4h1113lz)SsrV?nr!SD4pIWv[fWtq]Lmf?7%!$4,$NujA~dFV]1Rr8stecr4x?rJ!lIWa1tsj=[Qy34.~+]*3FiC9QI-p9^fhIW%!px5RN%8YLDAM=EZuNa5D-7N[g7-*z}3y9_6pmP5vajK]ZQiL^{gz@b2^21?U+zKMVT3zXEvd9.u0BkR`oS*KkP9!Zc=k9j?HuDKfP+?1d)kTO.I_A)Trgv+h,-VwE7x.vGL_AJvG-5.~{w1]zzxZV[-$A8iDLx'?M,hd3`yVo_)]=xG0AsN0?x@tStSk!9gY=gytB4X]b+Jf)7w6'N_o?SR~GXUd,(*i`+ox-L`&?^8iqLX-_X[VHlxTD*N79fnKi9lzQ1$E?wsXUP09?tb}=eFG1HZf%C6m%@t3@[-g~hclgLBn$sgOP8'u91C$2Gs]6{N,na*Yl{L=A]?zjMmlq?w3t{r6e.A1@p~AI['&qZV_SM=9N3W4?aj'-5)SdNfpZlsjQ^$R9I8PQz{JUcH_dV2ax?UB=6Ohw[TkF)vVj{$*JX%5?h3V~A?,2V9xS[wH211+?mwvIPJn$LU]nhA77P+b@S8,pO@f.[]lB!hLio%o?,dE5tAUp0$5zfX!MKMMA~9[kwjQIwMs3v0V,!{}=9aONKLl}]%C%.qkZL4=Ax1x8*pgU8ox8dJBt@fF9oHa=!44$C(Jo}0TNzJD9IY$A8{Bga+a'nueh$_}@(`LW-6$4N2Zo58ZM$F8?Y4*9v`*x.f2=O*[}C$?=i6^{n$QEMI[FqcfA=qX@P}Ln1}BOSzo`zP.q{gx=%PhDrhDqfRy&sKDQaeGAI4?xB_4?]+v+^CToYLd@zc]J1m2PHBMC[yRSZfH93zWYYmp)F6eWH(8zDML@.v~@1%G@dkqUO7R$p!x?!P@B`VMz{brRf7*om'4=pe(7q9dPLDHG~.9n(s4=75S}%kK$iXhG*2pXWEH@{.4pGt3y9LNEEHpT+Uu@}^7r?6HzPPjbXg1),B0?gd=R4!s-BsqX08D9x2k=UnnH(6+5f0^7I2aZ,UW?xlg*gGNP9tB_F^oo8DSAqj.cWSiAYyZxN85K)TW??G'vBY&_sue1SOk-s.]8I,^{-Fh[IHHOVg,=Jm4=@J?dMo^_wvy)J7hFzi{?EfZ0-pe$j.^6+Cb+cP,=ZP{_1m!@mBS'e@OP*%Y9,Z[D5L,ZdVgJ2dVGf]z8Sr1{D$XA+JgQIP)*dpj@vKkRRZl-~O)6RpDB[)!@[,*q_RE(0Cek_IzeRTm9.osGKggF4C8fa{,iuvR9$-FVzuwZ&9M!7a[I)_=?^?3xN3lcuI'Ug(4fpSN?)^E}^kd1kPj@81r@dWg?R}^DNTfE5P=@(q_GYPn9CA![1aX`AeOsaI13y7-?3GXQ9Q_~A1f[hyb@76^AVnNw8=Emi!r7Iq,],o}=BK4%+54IeudrdlaD{x,9Ac,Lw3*}V^^kab(nSI=@1e@en,A3twWH7IkSJo49emP^-SBc]qIo$h%1e(s?v=C}){xWOL6yt?,!xuu8m^ax&B9*qHqfH^2!Eiv={LySVDG^mkMUZD%o%To9jw&,9i!*c!qHAsu.kit?Mww^`tW@rT8R~(,Z_8p8H+lqsKCMn=]'~wXNrHRAg*'RfH+P{i5v2SHdD^~8OtVwRia9!2^Xj`ZG]Q09r7jl6q6Er`dp3VKO6kv9KX8TQQPBAH(g6GG[p=g?wOEOn)oOtNZ}%LCiNX]8ci$XWb-ecs'wqbUR~d~=uHBg9Y0g!uZH{r]o=sf=Gi9`Fcd$T`s~&+a9Gl79DkfPO&!k.A-f.GCL.}0AUGrl]u$6j.EHt*%At{{@oj)Ol!zo7.(.njU)(Sk?'wMumU[$2l}5CbfojX[?}g'fA]+}{$xqBV8wz.W@(mXc@k5nH]rhP6DW3j0?XsRi,tg7%mEoIJEJ-e)?E'LgF61$_^gqekR_2a~=-9OvMIe&5bTvdIWC*^p=og)OvN(4cM*[uPAK?&RAkmW.[XBs,sC[C^kGGTg9(ryBebUby%?c-IW9ZxHAeE{Zi7'iLtFE2h+NHW@@oACiF1[dR*wZ)7zo~@n=={wCm[ds=FnQsyP$EP!@v%^OkgBdpXjj=0{)y1L?*CCOxs%&bTg$eg_5gUHA(eM&ar%}@HT5j&--XN)?F^?-e)Osi-DwW}UAK6F?$a@IXn6(kCj-pUr5mFbAMMw0xTtlh.2Gjov.EOz?J00,uGR-'es}z~rOXYY?[tz7gIW(2bR4{0x}zso8loIF]o*H^Cp_h&NT]s2??+dBZo}T`(ps+bdDkB2@LxSkkyWhh'.%}J(NtKV9@B9F(xs[Xpr4{%]1~]%@a}j,O8L0{!vnwfclrX69bPC_cFuCcVfPM.apS%D@8R=)4yac'Dig2VZsW8@9gROUKS9'eXF*zmmAs$N=g@Vt2_%21)YRZZpA,nt@cjBsMi40kmW+}NwaByH?{{DmgMY}&jfR*hIKTp%=G^!*QM8~!9T%FgTDiv.?]2..m'$vBxS[O`K0n9M@nhk1k5niHgn1D?^vu]w8R~ol-%]@B!2%GRPE+@NADsRN_jUI~fwgR%^Jb85=ta_t0E28g2y9'BRx`We?--d^43?cj?1@JdSo6Yd?zF](cnn&eX3Vz{y+IzQ=Yr4aYpple'KqE2c34]79?X`pkq3j)]9FzU+Y%6j?,'wNaJVhselh-!JmXEGAmPc98C0e'3Wix?BUv3C9X6_qdD!PfvN1TMXfMnK==jJ{DUf1pYv%&HY?Hy`A`}qHc7+1aHdN,4V2FsEA!&PH&7ckURx3HaJQs)8?ROaQXyh*[bT@-S6dY,q=69r9qgU_'ovQPdNkj[`=WRp^^*`mQt(u{~1D^?==~dWYgXjD9h$A6kDBdgI9{o)ZD,x3cd{p9K5+FiZ9UFThbU07EK8N([d[rDZ?J[5S?B&Vi0.]9U[=d.C?(VlF2t-KwK!sqqg3Z6H9+wa~Q-}5os22~'Ieu.4AR*pXOF8.KSlF!erxmyk9_j6)0!I*7Xytw,h)Rzn?^m}aTKM)8U]{oMd}*Eo8^6xHia!4e4,V3)DJV5C?B3=lJL*homzGTN6criF9Y7acji}K4dxpz,wyHmJ=Y2znjs-?DRczO4y,mcN@Qa+mRe(F1J!U1q5ejNS@evIybI(q+RLkDW4-q%y=bpP4Ec3}*O[vz*$c[kD@]hTc17l5''BF4!V4V2`@-^&7^t~-fOfJO]J8ghl=W=IQtq%WCJ+4XHxW4aw=2_RhBIz8C?Zf`h&G$pUAfT9v8+[sdY6n5vIIN^b9$UQY)E$@H8!V=]*Z`r$9WIjc_=%cBTulsifz**h@0~fALtOYpbm[NIqT2}WA0aR*=3~!LFgE4_b}0G`@r55pvjW$WQ8@EE=bxPC?'uPPQWmHnl*Y$E4Ke{x=[Ixbp)$_}qOq4H=Hdgp83}-R1wJbS5lx&7qAv+i80^wAZ.imnF`v'S+9tEr9??-C5y^)qzNNgI%70(+9lKVkr.$s(2%GdrIrSt@=F~~u()^6q)'(LwI).Zx?5(yWrNmBPCqK~f0vD_7@}_hi&J@p`KmsZxShxH[8+&(is2Zzl=&9L&o65a&?5beI8w`GmDO(mcTTKga=3.u$1_+UajRgUJhT9S?=CmZ=r^Iba.sb,N[YB7~9~cPGeHADaTs0AxSlRGM=2Zw[ePlzmF!_n4k)%bx=BmY)M4%dPBS3N9aL9z)A+6nFue-o-351SmJ)L3P@mj[6^7'{-_(rDAfzbPLAU)R!`(z(cz*$'}fd],)?$xh!3EExk)OPa^$Whgf978**w$XiisbG[4amsll?C=jz25-l1dvj.V'KxU}8xk'*7i(@K[`)Pd]tMv`@Axd]Rhl-$?f0lVP4e+~=jyZ^eh}L5]P8sU98}Ug@Y~24^$L]ZEdEs]0NL}r@r]LFvQ8CT8)&4v9(INdAwSr=WV0SvjY3d74bFR79LN}o.CCPcL(mc@[-SyB=)q=&RI&jlLtMD%885e[9O[-R6+Q^j1pdgn6oQ)(=?LYE-{!F(!+bYPH0oPN@V,A3`[_,g?K&AY^v?bS?N=6aQ%[^EK}A7rpw[)v@}hOYD]$S4Yvf_99b$2q8(Ok5,AI]UOvMXR(BCbv?&E't@R%K(T,bO+P,Ya@=eTqUBqoD.nMYTrZfY8-?T8J1HqX09)P.xj4SQE@@sqmC3Q6BQB*TT@y&R4o9Y)Y^utiQ=-)?u[XBSd[A}xF?Hth~F*Eo~'cyRu@@r$Lp0Q_}!,WM$B`BI}r@Mt_ZA]U+_[A`vIL?)4x=X&*?^^HsN8qMZ)s{iaZA}UhorLJWXq+hzv&^mdPAIDYip3Sc7MMS!axezW*?C1V5fVO$i06U}*J4w7b82gr,0`F8AR+Cm({kTP8@u_a5v,!!~Q9VU,(k%As8cfN9D2$lX3elDi)M(2[AS_CWOe9*oQ[yN]gjpW%9V~veLLFD4bfw6_[NhwJ=xAzv',r(EDrnQV=E]Od9ka[2WWds1i?gwa]Ljvm=3FyhbUW{Yew76n0$pd8Ab?H^eme4=r^`jBkT2}u9Pc.vr@5gc'eOg8gX7hh8IXBT`sba^OZZrtd_iNSAiY432Og=hk!prgzhWL19ZBq*y!4&7?cO@YoEjom8T]i(K&G=2WZF0q9G)Ht?6QN@7N?&EKbya{`,0Nw8eRz{(qenh&O_RX&LHCp@HOD9YeqtJy}ZRYQ6YwJAHki5rHcB.QOm3q)_+)l=3,Hb^W8Y2C{bp5lT1,w8U&LUVmiy56E10t+0g7.9xZz74B*vKDhvA0I)'cx9hF0'jm8?tej`~Ly[id@@X0?^=f*kn=7{8MAX.5%@x)!![!3rAcNBUL))vnW@AF9SR%,f_ToL}_P[&QFAp,!3T7uCoUJ[H&N+kUV9Qk5glR1ts-TjOmY{0nO=S6GJKns6Z$B&Au*]cS^?cc(qG64z~7vJhh0wCOp=WQaXgn[QNz[9GRLXX?w=I-(Kn%5nV,C4Sp]`eT59a8D&$Ra5(=(uh7iVuK%=qJ~n%,goWR0CC)Yv=SG?3-}!5-o~y8nSAK=),)WA-W6q_vv}Ev"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\D7314F9862C648A4DB8BE2A5B47BE100\Features]
"Complete5.1.30514.0"="XNmn0lYPR@3$8hQ%TYwx$H8qYCruc=lBn,)FX?V0ye6nlV_SJA)SIIr?X%xiqG@Zp%z_F=5X?Ab(gW2SFDK*8GOnn9A47N8wb(J&*^(zpcD%q=6Q%SVz]6w2v.hv()gBj8W~bv.E7v5B8V7Ts97%r=@(8IYo+y~ViyB(qQyAg?tfYhgrsJ(hoQsEO}052==kab%Yz?`gUqs@2WLXo9A(NHCCNY^x%Rr_CP30)AGEs(q?-3%nc@f&19q4'@X^x@4BIAOy=dN(cfCOIA,(4{Zj([BH.Ruph&RXS9h.z!$Ig$+$(F9~n61L{=mklpYT!'eP@QCjr[cg)AIx6@)Sp8'u~j&t4~38UA((0Dow9hM6EGP6kpP2a=}yMuRU)af@vub@&Tm3I?e,@*C7C7'{',A$abpD[8}8H52+TqV`Ls_(B.G4e=-lz%bq+x+gt4ktUWWsc9C(~U@~f1fn`~8(P.bx[Am=G*S,Wfhhh'v)Y[gxO=QEtm41U=)!jO~stC-ci@!n!0@Bxl1pIo{-nIiuP=2,1mC{$H`b+OhP?EI^$ARfVT=C5PY+KVS*SyEP+@wF'{ZoiG{P~[*eLe1TLAo`Ah,t*]iCM[4zeYX.J=VmeZs9(tCrauDe8&8D%AH+38Y$Wt[7s}NXk}RjVA_ylz!sOJNC5B`'B]BcL@&2`kWr@MW?1mL]lZ,!`@srY(@l&er$=)_,'-PmF9Y{w$-@{Ju'-ZO^6P}EW=F%O}bP,807H@YQ,PLKr=([~D41K(}7}D%M5=?z!Ao3`QpL5h]koL5NJpGyB@5?(Woj*{neqpx76Fbq^=x.NyEK8,.4d.eFRN8'p8!GZ(xk%z]e{'wls+,WaAdeLy3p{Ak-~~cAprse3?m1RWXbt+pYq&%,zMwdY@zvU+lyq2ovV.trHGwwR=x0yvUMKFsHUn~a`*Yye=4U0qozF]I*8,@?c}(&39OKwKX$3g1DCM4LFL~SM9pmo8av{AUKA.oQ`5!d6Al*!&D3!2luw4!{34m.h@?qxr9iGfI7S3&6{nS`)9rFhOv)Aq(Z+P4q62Z[KAVou0KLJJAsUQqB17.8e9h+HgsbW@02'I$Qtc3fAAjZA7h*tnv[,dNB86P5!?&EJPrJ[0RG9D-'hqAS,?J{xJ7o5wW@?~,_Ia%7`?VDxFID*lY?iadf*^%-?A}!NzS$H%j$G}-)cxfG7@kQQ`I@aFcsAyOGS3@.I?H-n~!yf0]V]*7WgsZjV=kU55]`9Qh^yTe`GLO.3?~.W9S.eFY3a3@1z&W__=x2XBdB}J~0cc*!YM26^?%jQUsa14@?ja(oM&'em@?$+~.fr7FqYgCmtoOP'@fgA@R^(P+NXqbt3O!Q6=tR[G_kR6n^kNH=ySyE09eIFu3L(P{*8Mbf=N_O%=N%Q3VQ.N,DoeHtuO5mX8?Rj=$iu4!3n4j^Szk1W9`(@mbWK^YE@NTBcl8`XAMus%`.InITnYCmtx1`D?*elGUq'FT8N[0+D{vOdAG4gkN$Pb.TfVYwxJ@*t=2K?-u..VQxAZg,J]EKq?Bv8QP(EH{%%gj*.!THW@SsOvI.]Zw@9M'($Z5HA@b!,k[)3hg[mi?UsAdq=@_-R'-=vOG`Ici5.q8v7AGm^U6uOYKjigDztg8mJ9,`w!E9~+=vUh4!&G,W)A_~wno1GMzByo}Ro1l*{?3+{1n}^TXTj]d4s2T03@8PB(w@q}oF?`V%-KVH)=QU*JZ_`Q(lw5`y,ncUf@EJ00Q%Ex(yomE}Z~l.j81XG]x+I%FdMRzr8)dqo?Hu`RE*+jb^n+ORynQIz=+~YUp[esF=Rh3r2S&]WA!X9vS3m,K*cTDw^3Ni~@9c@P8ia[Vc$ne5ApiXx8dTHpEOH@(bYbO?9*&9j@!0&]a_gQubgq4wzUK*o=%T*9BO2w_Q=AZ+SeFIN=z`P(e%D1=sZ6daO@a'V9dmU}4wX$UtDxcsfOF54@WCi8Cg2-8]G+DR_X=m^82]FuN7GX7?8%wVL-!hz=V_1KH!E_@rItB.lekZ5?xLQyK2gJ+VAge.xL,dUA[pF6okqj'I6(Nnf1Z5,?*m0iUD0w*MIF3RV6p1q8cJAgUbQn+Ruu?}6Wvq7?eC8amrFS*vzy*[s,~+H9Vpr@lRlxHdFv]qwWP8!@oQ]U6qwu0g$eZAPH}[==X.x@-m3j8W1PJ,QxOfRAgr_rJCvcyU*PAyNFBDM=tnpT'II1o8nP`3%&2%P@ZwMIkiPE^E(mojY=a_6@LduT=Z_y{`-%!EJcCqw?62@?X~09iwHA=^g'n2K=zJZqlZ]C$.J=Z0eEX-W@K-R(iZu1o@]=?^HoYBr9bA7uhuNy180h`3W4Fo?@9A&3Cmr9Mmc$3sc-fml?i{dtuV+!_kKpjK7FgYr8lIaDR5'WXhIIuJH+r6w9URTNxwGws[$j0Y%y'4i@Gigm+b1%VlGd755ci0P@BA,VncL+%MS[LdA^mO'?.oSiuRJ^U&v%'S&O&X?=.+]LH=qt).b7R~qxG}M?P2LV,ys6.ncfTy7z9]R?L%s_Tqcf~w9$5dj=HXa9s3I['7MH=oMt]%5Fcy79aqn9^2rm%pf1]h=RKl+?77T}u3!e-f4=uZnxB3P9esnOTn{~v*1@Q^c?u^S9C$}H7+dD%L^Y%C$!{(2=zZC(B&HJB2)a8EGR`Qc=IyMTOu-T*(xchpPV+n*AAxaVKvd3OEW+-Arj`gK?ts&%vc4h1113lz)SsrV?nr!SD4pIWv[fWtq]Lmf?7%!$4,$NujA~dFV]1Rr8stecr4x?rJ!lIWa1tsj=[Qy34.~+]*3FiC9QI-p9^fhIW%!px5RN%8YLDAM=EZuNa5D-7N[g7-*z}3y9_6pmP5vajK]ZQiL^{gz@b2^21?U+zKMVT3zXEvd9.u0BkR`oS*KkP9!Zc=k9j?HuDKfP+?1d)kTO.I_A)Trgv+h,-VwE7x.vGL_AJvG-5.~{w1]zzxZV[-$A8iDLx'?M,hd3`yVo_)]=xG0AsN0?x@tStSk!9gY=gytB4X]b+Jf)7w6'N_o?SR~GXUd,(*i`+ox-L`&?^8iqLX-_X[VHlxTD*N79fnKi9lzQ1$E?wsXUP09?tb}=eFG1HZf%C6m%@t3@[-g~hclgLBn$sgOP8'u91C$2Gs]6{N,na*Yl{L=A]?zjMmlq?w3t{r6e.A1@p~AI['&qZV_SM=9N3W4?aj'-5)SdNfpZlsjQ^$R9I8PQz{JUcH_dV2ax?UB=6Ohw[TkF)vVj{$*JX%5?h3V~A?,2V9xS[wH211+?mwvIPJn$LU]nhA77P+b@S8,pO@f.[]lB!hLio%o?,dE5tAUp0$5zfX!MKMMA~9[kwjQIwMs3v0V,!{}=9aONKLl}]%C%.qkZL4=Ax1x8*pgU8ox8dJBt@fF9oHa=!44$C(Jo}0TNzJD9IY$A8{Bga+a'nueh$_}@(`LW-6$4N2Zo58ZM$F8?Y4*9v`*x.f2=O*[}C$?=i6^{n$QEMI[FqcfA=qX@P}Ln1}BOSzo`zP.q{gx=%PhDrhDqfRy&sKDQaeGAI4?xB_4?]+v+^CToYLd@zc]J1m2PHBMC[yRSZfH93zWYYmp)F6eWH(8zDML@.v~@1%G@dkqUO7R$p!x?!P@B`VMz{brRf7*om'4=pe(7q9dPLDHG~.9n(s4=75S}%kK$iXhG*2pXWEH@{.4pGt3y9LNEEHpT+Uu@}^7r?6HzPPjbXg1),B0?gd=R4!s-BsqX08D9x2k=UnnH(6+5f0^7I2aZ,UW?xlg*gGNP9tB_F^oo8DSAqj.cWSiAYyZxN85K)TW??G'vBY&_sue1SOk-s.]8I,^{-Fh[IHHOVg,=Jm4=@J?dMo^_wvy)J7hFzi{?EfZ0-pe$j.^6+Cb+cP,=ZP{_1m!@mBS'e@OP*%Y9,Z[D5L,ZdVgJ2dVGf]z8Sr1{D$XA+JgQIP)*dpj@vKkRRZl-~O)6RpDB[)!@[,*q_RE(0Cek_IzeRTm9.osGKggF4C8fa{,iuvR9$-FVzuwZ&9M!7a[I)_=?^?3xN3lcuI'Ug(4fpSN?)^E}^kd1kPj@81r@dWg?R}^DNTfE5P=@(q_GYPn9CA![1aX`AeOsaI13y7-?3GXQ9Q_~A1f[hyb@76^AVnNw8=Emi!r7Iq,],o}=BK4%+54IeudrdlaD{x,9Ac,Lw3*}V^^kab(nSI=@1e@en,A3twWH7IkSJo49emP^-SBc]qIo$h%1e(s?v=C}){xWOL6yt?,!xuu8m^ax&B9*qHqfH^2!Eiv={LySVDG^mkMUZD%o%To9jw&,9i!*c!qHAsu.kit?Mww^`tW@rT8R~(,Z_8p8H+lqsKCMn=]'~wXNrHRAg*'RfH+P{i5v2SHdD^~8OtVwRia9!2^Xj`ZG]Q09r7jl6q6Er`dp3VKO6kv9KX8TQQPBAH(g6GG[p=g?wOEOn)oOtNZ}%LCiNX]8ci$XWb-ecs'wqbUR~d~=uHBg9Y0g!uZH{r]o=sf=Gi9`Fcd$T`s~&+a9Gl79DkfPO&!k.A-f.GCL.}0AUGrl]u$6j.EHt*%At{{@oj)Ol!zo7.(.njU)(Sk?'wMumU[$2l}5CbfojX[?}g'fA]+}{$xqBV8wz.W@(mXc@k5nH]rhP6DW3j0?XsRi,tg7%mEoIJEJ-e)?E'LgF61$_^gqekR_2a~=-9OvMIe&5bTvdIWC*^p=og)OvN(4cM*[uPAK?&RAkmW.[XBs,sC[C^kGGTg9(ryBebUby%?c-IW9ZxHAeE{Zi7'iLtFE2h+NHW@@oACiF1[dR*wZ)7zo~@n=={wCm[ds=FnQsyP$EP!@v%^OkgBdpXjj=0{)y1L?*CCOxs%&bTg$eg_5gUHA(eM&ar%}@HT5j&--XN)?F^?-e)Osi-DwW}UAK6F?$a@IXn6(kCj-pUr5mFbAMMw0xTtlh.2Gjov.EOz?J00,uGR-'es}z~rOXYY?[tz7gIW(2bR4{0x}zso8loIF]o*H^Cp_h&NT]s2??+dBZo}T`(ps+bdDkB2@LxSkkyWhh'.%}J(NtKV9@B9F(xs[Xpr4{%]1~]%@a}j,O8L0{!vnwfclrX69bPC_cFuCcVfPM.apS%D@8R=)4yac'Dig2VZsW8@9gROUKS9'eXF*zmmAs$N=g@Vt2_%21)YRZZpA,nt@cjBsMi40kmW+}NwaByH?{{DmgMY}&jfR*hIKTp%=G^!*QM8~!9T%FgTDiv.?]2..m'$vBxS[O`K0n9M@nhk1k5niHgn1D?^vu]w8R~ol-%]@B!2%GRPE+@NADsRN_jUI~fwgR%^Jb85=ta_t0E28g2y9'BRx`We?--d^43?cj?1@JdSo6Yd?zF](cnn&eX3Vz{y+IzQ=Yr4aYpple'KqE2c34]79?X`pkq3j)]9FzU+Y%6j?,'wNaJVhselh-!JmXEGAmPc98C0e'3Wix?BUv3C9X6_qdD!PfvN1TMXfMnK==jJ{DUf1pYv%&HY?Hy`A`}qHc7+1aHdN,4V2FsEA!&PH&7ckURx3HaJQs)8?ROaQXyh*[bT@-S6dY,q=69r9qgU_'ovQPdNkj[`=WRp^^*`mQt(u{~1D^?==~dWYgXjD9h$A6kDBdgI9{o)ZD,x3cd{p9K5+FiZ9UFThbU07EK8N([d[rDZ?J[5S?B&Vi0.]9U[=d.C?(VlF2t-KwK!sqqg3Z6H9+wa~Q-}5os22~'Ieu.4AR*pXOF8.KSlF!erxmyk9_j6)0!I*7Xytw,h)Rzn?^m}aTKM)8U]{oMd}*Eo8^6xHia!4e4,V3)DJV5C?B3=lJL*homzGTN6criF9Y7acji}K4dxpz,wyHmJ=Y2znjs-?DRczO4y,mcN@Qa+mRe(F1J!U1q5ejNS@evIybI(q+RLkDW4-q%y=bpP4Ec3}*O[vz*$c[kD@]hTc17l5''BF4!V4V2`@-^&7^t~-fOfJO]J8ghl=W=IQtq%WCJ+4XHxW4aw=2_RhBIz8C?Zf`h&G$pUAfT9v8+[sdY6n5vIIN^b9$UQY)E$@H8!V=]*Z`r$9WIjc_=%cBTulsifz**h@0~fALtOYpbm[NIqT2}WA0aR*=3~!LFgE4_b}0G`@r55pvjW$WQ8@EE=bxPC?'uPPQWmHnl*Y$E4Ke{x=[Ixbp)$_}qOq4H=Hdgp83}-R1wJbS5lx&7qAv+i80^wAZ.imnF`v'S+9tEr9??-C5y^)qzNNgI%70(+9lKVkr.$s(2%GdrIrSt@=F~~u()^6q)'(LwI).Zx?5(yWrNmBPCqK~f0vD_7@}_hi&J@p`KmsZxShxH[8+&(is2Zzl=&9L&o65a&?5beI8w`GmDO(mcTTKga=3.u$1_+UajRgUJhT9S?=CmZ=r^Iba.sb,N[YB7~9~cPGeHADaTs0AxSlRGM=2Zw[ePlzmF!_n4k)%bx=BmY)M4%dPBS3N9aL9z)A+6nFue-o-351SmJ)L3P@mj[6^7'{-_(rDAfzbPLAU)R!`(z(cz*$'}fd],)?$xh!3EExk)OPa^$Whgf978**w$XiisbG[4amsll?C=jz25-l1dvj.V'KxU}8xk'*7i(@K[`)Pd]tMv`@Axd]Rhl-$?f0lVP4e+~=jyZ^eh}L5]P8sU98}Ug@Y~24^$L]ZEdEs]0NL}r@r]LFvQ8CT8)&4v9(INdAwSr=WV0SvjY3d74bFR79LN}o.CCPcL(mc@[-SyB=)q=&RI&jlLtMD%885e[9O[-R6+Q^j1pdgn6oQ)(=?LYE-{!F(!+bYPH0oPN@V,A3`[_,g?K&AY^v?bS?N=6aQ%[^EK}A7rpw[)v@}hOYD]$S4Yvf_99b$2q8(Ok5,AI]UOvMXR(BCbv?&E't@R%K(T,bO+P,Ya@=eTqUBqoD.nMYTrZfY8-?T8J1HqX09)P.xj4SQE@@sqmC3Q6BQB*TT@y&R4o9Y)Y^utiQ=-)?u[XBSd[A}xF?Hth~F*Eo~'cyRu@@r$Lp0Q_}!,WM$B`BI}r@Mt_ZA]U+_[A`vIL?)4x=X&*?^^HsN8qMZ)s{iaZA}UhorLJWXq+hzv&^mdPAIDYip3Sc7MMS!axezW*?C1V5fVO$i06U}*J4w7b82gr,0`F8AR+Cm({kTP8@u_a5v,!!~Q9VU,(k%As8cfN9D2$lX3elDi)M(2[AS_CWOe9*oQ[yN]gjpW%9V~veLLFD4bfw6_[NhwJ=xAzv',r(EDrnQV=E]Od9ka[2WWds1i?gwa]Ljvm=3FyhbUW{Yew76n0$pd8Ab?H^eme4=r^`jBkT2}u9Pc.vr@5gc'eOg8gX7hh8IXBT`sba^OZZrtd_iNSAiY432Og=hk!prgzhWL19ZBq*y!4&7?cO@YoEjom8T]i(K&G=2WZF0q9G)Ht?6QN@7N?&EKbya{`,0Nw8eRz{(qenh&O_RX&LHCp@HOD9YeqtJy}ZRYQ6YwJAHki5rHcB.QOm3q)_+)l=3,Hb^W8Y2C{bp5lT1,w8U&LUVmiy56E10t+0g7.9xZz74B*vKDhvA0I)'cx9hF0'jm8?tej`~Ly[id@@X0?^=f*kn=7{8MAX.5%@x)!![!3rAcNBUL))vnW@AF9SR%,f_ToL}_P[&QFAp,!3T7uCoUJ[H&N+kUV9Qk5glR1ts-TjOmY{0nO=S6GJKns6Z$B&Au*]cS^?cc(qG64z~7vJhh0wCOp=WQaXgn[QNz[9GRLXX?w=I-(Kn%5nV,C4Sp]`eT59a8D&$Ra5(=(uh7iVuK%=qJ~n%,goWR0CC)Yv=SG?3-}!5-o~y8nSAK=),)WA-W6q_vv}Ev"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\D7314F9862C648A4DB8BE2A5B47BE100\Features]
"Complete5.1.40416.0"="XNmn0lYPR@3$8hQ%TYwx$H8qYCruc=lBn,)FX?V0ye6nlV_SJA)SIIr?X%xiqG@Zp%z_F=5X?Ab(gW2SFDK*8GOnn9A47N8wb(J&*^(zpcD%q=6Q%SVz]6w2v.hv()gBj8W~bv.E7v5B8V7Ts97%r=@(8IYo+y~ViyB(qQyAg?tfYhgrsJ(hoQsEO}052==kab%Yz?`gUqs@2WLXo9A(NHCCNY^x%Rr_CP30)AGEs(q?-3%nc@f&19q4'@X^x@4BIAOy=dN(cfCOIA,(4{Zj([BH.Ruph&RXS9h.z!$Ig$+$(F9~n61L{=mklpYT!'eP@QCjr[cg)AIx6@)Sp8'u~j&t4~38UA((0Dow9hM6EGP6kpP2a=}yMuRU)af@vub@&Tm3I?e,@*C7C7'{',A$abpD[8}8H52+TqV`Ls_(B.G4e=-lz%bq+x+gt4ktUWWsc9C(~U@~f1fn`~8(P.bx[Am=G*S,Wfhhh'v)Y[gxO=QEtm41U=)!jO~stC-ci@!n!0@Bxl1pIo{-nIiuP=2,1mC{$H`b+OhP?EI^$ARfVT=C5PY+KVS*SyEP+@wF'{ZoiG{P~[*eLe1TLAo`Ah,t*]iCM[4zeYX.J=VmeZs9(tCrauDe8&8D%AH+38Y$Wt[7s}NXk}RjVA_ylz!sOJNC5B`'B]BcL@&2`kWr@MW?1mL]lZ,!`@srY(@l&er$=)_,'-PmF9Y{w$-@{Ju'-ZO^6P}EW=F%O}bP,807H@YQ,PLKr=([~D41K(}7}D%M5=?z!Ao3`QpL5h]koL5NJpGyB@5?(Woj*{neqpx76Fbq^=x.NyEK8,.4d.eFRN8'p8!GZ(xk%z]e{'wls+,WaAdeLy3p{Ak-~~cAprse3?m1RWXbt+pYq&%,zMwdY@zvU+lyq2ovV.trHGwwR=x0yvUMKFsHUn~a`*Yye=4U0qozF]I*8,@?c}(&39OKwKX$3g1DCM4LFL~SM9pmo8av{AUKA.oQ`5!d6Al*!&D3!2luw4!{34m.h@?qxr9iGfI7S3&6{nS`)9rFhOv)Aq(Z+P4q62Z[KAVou0KLJJAsUQqB17.8e9h+HgsbW@02'I$Qtc3fAAjZA7h*tnv[,dNB86P5!?&EJPrJ[0RG9D-'hqAS,?J{xJ7o5wW@?~,_Ia%7`?VDxFID*lY?iadf*^%-?A}!NzS$H%j$G}-)cxfG7@kQQ`I@aFcsAyOGS3@.I?H-n~!yf0]V]*7WgsZjV=kU55]`9Qh^yTe`GLO.3?~.W9S.eFY3a3@1z&W__=x2XBdB}J~0cc*!YM26^?%jQUsa14@?ja(oM&'em@?$+~.fr7FqYgCmtoOP'@fgA@R^(P+NXqbt3O!Q6=tR[G_kR6n^kNH=ySyE09eIFu3L(P{*8Mbf=N_O%=N%Q3VQ.N,DoeHtuO5mX8?Rj=$iu4!3n4j^Szk1W9`(@mbWK^YE@NTBcl8`XAMus%`.InITnYCmtx1`D?*elGUq'FT8N[0+D{vOdAG4gkN$Pb.TfVYwxJ@*t=2K?-u..VQxAZg,J]EKq?Bv8QP(EH{%%gj*.!THW@SsOvI.]Zw@9M'($Z5HA@b!,k[)3hg[mi?UsAdq=@_-R'-=vOG`Ici5.q8v7AGm^U6uOYKjigDztg8mJ9,`w!E9~+=vUh4!&G,W)A_~wno1GMzByo}Ro1l*{?3+{1n}^TXTj]d4s2T03@8PB(w@q}oF?`V%-KVH)=QU*JZ_`Q(lw5`y,ncUf@EJ00Q%Ex(yomE}Z~l.j81XG]x+I%FdMRzr8)dqo?Hu`RE*+jb^n+ORynQIz=+~YUp[esF=Rh3r2S&]WA!X9vS3m,K*cTDw^3Ni~@9c@P8ia[Vc$ne5ApiXx8dTHpEOH@(bYbO?9*&9j@!0&]a_gQubgq4wzUK*o=%T*9BO2w_Q=AZ+SeFIN=z`P(e%D1=sZ6daO@a'V9dmU}4wX$UtDxcsfOF54@WCi8Cg2-8]G+DR_X=m^82]FuN7GX7?8%wVL-!hz=V_1KH!E_@rItB.lekZ5?xLQyK2gJ+VAge.xL,dUA[pF6okqj'I6(Nnf1Z5,?*m0iUD0w*MIF3RV6p1q8cJAgUbQn+Ruu?}6Wvq7?eC8amrFS*vzy*[s,~+H9Vpr@lRlxHdFv]qwWP8!@oQ]U6qwu0g$eZAPH}[==X.x@-m3j8W1PJ,QxOfRAgr_rJCvcyU*PAyNFBDM=tnpT'II1o8nP`3%&2%P@ZwMIkiPE^E(mojY=a_6@LduT=Z_y{`-%!EJcCqw?62@?X~09iwHA=^g'n2K=zJZqlZ]C$.J=Z0eEX-W@K-R(iZu1o@]=?^HoYBr9bA7uhuNy180h`3W4Fo?@9A&3Cmr9Mmc$3sc-fml?i{dtuV+!_kKpjK7FgYr8lIaDR5'WXhIIuJH+r6w9URTNxwGws[$j0Y%y'4i@Gigm+b1%VlGd755ci0P@BA,VncL+%MS[LdA^mO'?.oSiuRJ^U&v%'S&O&X?=.+]LH=qt).b7R~qxG}M?P2LV,ys6.ncfTy7z9]R?L%s_Tqcf~w9$5dj=HXa9s3I['7MH=oMt]%5Fcy79aqn9^2rm%pf1]h=RKl+?77T}u3!e-f4=uZnxB3P9esnOTn{~v*1@Q^c?u^S9C$}H7+dD%L^Y%C$!{(2=zZC(B&HJB2)a8EGR`Qc=IyMTOu-T*(xchpPV+n*AAxaVKvd3OEW+-Arj`gK?ts&%vc4h1113lz)SsrV?nr!SD4pIWv[fWtq]Lmf?7%!$4,$NujA~dFV]1Rr8stecr4x?rJ!lIWa1tsj=[Qy34.~+]*3FiC9QI-p9^fhIW%!px5RN%8YLDAM=EZuNa5D-7N[g7-*z}3y9_6pmP5vajK]ZQiL^{gz@b2^21?U+zKMVT3zXEvd9.u0BkR`oS*KkP9!Zc=k9j?HuDKfP+?1d)kTO.I_A)Trgv+h,-VwE7x.vGL_AJvG-5.~{w1]zzxZV[-$A8iDLx'?M,hd3`yVo_)]=xG0AsN0?x@tStSk!9gY=gytB4X]b+Jf)7w6'N_o?SR~GXUd,(*i`+ox-L`&?^8iqLX-_X[VHlxTD*N79fnKi9lzQ1$E?wsXUP09?tb}=eFG1HZf%C6m%@t3@[-g~hclgLBn$sgOP8'u91C$2Gs]6{N,na*Yl{L=A]?zjMmlq?w3t{r6e.A1@p~AI['&qZV_SM=9N3W4?aj'-5)SdNfpZlsjQ^$R9I8PQz{JUcH_dV2ax?UB=6Ohw[TkF)vVj{$*JX%5?h3V~A?,2V9xS[wH211+?mwvIPJn$LU]nhA77P+b@S8,pO@f.[]lB!hLio%o?,dE5tAUp0$5zfX!MKMMA~9[kwjQIwMs3v0V,!{}=9aONKLl}]%C%.qkZL4=Ax1x8*pgU8ox8dJBt@fF9oHa=!44$C(Jo}0TNzJD9IY$A8{Bga+a'nueh$_}@(`LW-6$4N2Zo58ZM$F8?Y4*9v`*x.f2=O*[}C$?=i6^{n$QEMI[FqcfA=qX@P}Ln1}BOSzo`zP.q{gx=%PhDrhDqfRy&sKDQaeGAI4?xB_4?]+v+^CToYLd@zc]J1m2PHBMC[yRSZfH93zWYYmp)F6eWH(8zDML@.v~@1%G@dkqUO7R$p!x?!P@B`VMz{brRf7*om'4=pe(7q9dPLDHG~.9n(s4=75S}%kK$iXhG*2pXWEH@{.4pGt3y9LNEEHpT+Uu@}^7r?6HzPPjbXg1),B0?gd=R4!s-BsqX08D9x2k=UnnH(6+5f0^7I2aZ,UW?xlg*gGNP9tB_F^oo8DSAqj.cWSiAYyZxN85K)TW??G'vBY&_sue1SOk-s.]8I,^{-Fh[IHHOVg,=Jm4=@J?dMo^_wvy)J7hFzi{?EfZ0-pe$j.^6+Cb+cP,=ZP{_1m!@mBS'e@OP*%Y9,Z[D5L,ZdVgJ2dVGf]z8Sr1{D$XA+JgQIP)*dpj@vKkRRZl-~O)6RpDB[)!@[,*q_RE(0Cek_IzeRTm9.osGKggF4C8fa{,iuvR9$-FVzuwZ&9M!7a[I)_=?^?3xN3lcuI'Ug(4fpSN?)^E}^kd1kPj@81r@dWg?R}^DNTfE5P=@(q_GYPn9CA![1aX`AeOsaI13y7-?3GXQ9Q_~A1f[hyb@76^AVnNw8=Emi!r7Iq,],o}=BK4%+54IeudrdlaD{x,9Ac,Lw3*}V^^kab(nSI=@1e@en,A3twWH7IkSJo49emP^-SBc]qIo$h%1e(s?v=C}){xWOL6yt?,!xuu8m^ax&B9*qHqfH^2!Eiv={LySVDG^mkMUZD%o%To9jw&,9i!*c!qHAsu.kit?Mww^`tW@rT8R~(,Z_8p8H+lqsKCMn=]'~wXNrHRAg*'RfH+P{i5v2SHdD^~8OtVwRia9!2^Xj`ZG]Q09r7jl6q6Er`dp3VKO6kv9KX8TQQPBAH(g6GG[p=g?wOEOn)oOtNZ}%LCiNX]8ci$XWb-ecs'wqbUR~d~=uHBg9Y0g!uZH{r]o=sf=Gi9`Fcd$T`s~&+a9Gl79DkfPO&!k.A-f.GCL.}0AUGrl]u$6j.EHt*%At{{@oj)Ol!zo7.(.njU)(Sk?'wMumU[$2l}5CbfojX[?}g'fA]+}{$xqBV8wz.W@(mXc@k5nH]rhP6DW3j0?XsRi,tg7%mEoIJEJ-e)?E'LgF61$_^gqekR_2a~=-9OvMIe&5bTvdIWC*^p=og)OvN(4cM*[uPAK?&RAkmW.[XBs,sC[C^kGGTg9(ryBebUby%?c-IW9ZxHAeE{Zi7'iLtFE2h+NHW@@oACiF1[dR*wZ)7zo~@n=={wCm[ds=FnQsyP$EP!@v%^OkgBdpXjj=0{)y1L?*CCOxs%&bTg$eg_5gUHA(eM&ar%}@HT5j&--XN)?F^?-e)Osi-DwW}UAK6F?$a@IXn6(kCj-pUr5mFbAMMw0xTtlh.2Gjov.EOz?J00,uGR-'es}z~rOXYY?[tz7gIW(2bR4{0x}zso8loIF]o*H^Cp_h&NT]s2??+dBZo}T`(ps+bdDkB2@LxSkkyWhh'.%}J(NtKV9@B9F(xs[Xpr4{%]1~]%@a}j,O8L0{!vnwfclrX69bPC_cFuCcVfPM.apS%D@8R=)4yac'Dig2VZsW8@9gROUKS9'eXF*zmmAs$N=g@Vt2_%21)YRZZpA,nt@cjBsMi40kmW+}NwaByH?{{DmgMY}&jfR*hIKTp%=G^!*QM8~!9T%FgTDiv.?]2..m'$vBxS[O`K0n9M@nhk1k5niHgn1D?^vu]w8R~ol-%]@B!2%GRPE+@NADsRN_jUI~fwgR%^Jb85=ta_t0E28g2y9'BRx`We?--d^43?cj?1@JdSo6Yd?zF](cnn&eX3Vz{y+IzQ=Yr4aYpple'KqE2c34]79?X`pkq3j)]9FzU+Y%6j?,'wNaJVhselh-!JmXEGAmPc98C0e'3Wix?BUv3C9X6_qdD!PfvN1TMXfMnK==jJ{DUf1pYv%&HY?Hy`A`}qHc7+1aHdN,4V2FsEA!&PH&7ckURx3HaJQs)8?ROaQXyh*[bT@-S6dY,q=69r9qgU_'ovQPdNkj[`=WRp^^*`mQt(u{~1D^?==~dWYgXjD9h$A6kDBdgI9{o)ZD,x3cd{p9K5+FiZ9UFThbU07EK8N([d[rDZ?J[5S?B&Vi0.]9U[=d.C?(VlF2t-KwK!sqqg3Z6H9+wa~Q-}5os22~'Ieu.4AR*pXOF8.KSlF!erxmyk9_j6)0!I*7Xytw,h)Rzn?^m}aTKM)8U]{oMd}*Eo8^6xHia!4e4,V3)DJV5C?B3=lJL*homzGTN6criF9Y7acji}K4dxpz,wyHmJ=Y2znjs-?DRczO4y,mcN@Qa+mRe(F1J!U1q5ejNS@evIybI(q+RLkDW4-q%y=bpP4Ec3}*O[vz*$c[kD@]hTc17l5''BF4!V4V2`@-^&7^t~-fOfJO]J8ghl=W=IQtq%WCJ+4XHxW4aw=2_RhBIz8C?Zf`h&G$pUAfT9v8+[sdY6n5vIIN^b9$UQY)E$@H8!V=]*Z`r$9WIjc_=%cBTulsifz**h@0~fALtOYpbm[NIqT2}WA0aR*=3~!LFgE4_b}0G`@r55pvjW$WQ8@EE=bxPC?'uPPQWmHnl*Y$E4Ke{x=[Ixbp)$_}qOq4H=Hdgp83}-R1wJbS5lx&7qAv+i80^wAZ.imnF`v'S+9tEr9??-C5y^)qzNNgI%70(+9lKVkr.$s(2%GdrIrSt@=F~~u()^6q)'(LwI).Zx?5(yWrNmBPCqK~f0vD_7@}_hi&J@p`KmsZxShxH[8+&(is2Zzl=&9L&o65a&?5beI8w`GmDO(mcTTKga=3.u$1_+UajRgUJhT9S?=CmZ=r^Iba.sb,N[YB7~9~cPGeHADaTs0AxSlRGM=2Zw[ePlzmF!_n4k)%bx=BmY)M4%dPBS3N9aL9z)A+6nFue-o-351SmJ)L3P@mj[6^7'{-_(rDAfzbPLAU)R!`(z(cz*$'}fd],)?$xh!3EExk)OPa^$Whgf978**w$XiisbG[4amsll?C=jz25-l1dvj.V'KxU}8xk'*7i(@K[`)Pd]tMv`@Axd]Rhl-$?f0lVP4e+~=jyZ^eh}L5]P8sU98}Ug@Y~24^$L]ZEdEs]0NL}r@r]LFvQ8CT8)&4v9(INdAwSr=WV0SvjY3d74bFR79LN}o.CCPcL(mc@[-SyB=)q=&RI&jlLtMD%885e[9O[-R6+Q^j1pdgn6oQ)(=?LYE-{!F(!+bYPH0oPN@V,A3`[_,g?K&AY^v?bS?N=6aQ%[^EK}A7rpw[)v@}hOYD]$S4Yvf_99b$2q8(Ok5,AI]UOvMXR(BCbv?&E't@R%K(T,bO+P,Ya@=eTqUBqoD.nMYTrZfY8-?T8J1HqX09)P.xj4SQE@@sqmC3Q6BQB*TT@y&R4o9Y)Y^utiQ=-)?u[XBSd[A}xF?Hth~F*Eo~'cyRu@@r$Lp0Q_}!,WM$B`BI}r@Mt_ZA]U+_[A`vIL?)4x=X&*?^^HsN8qMZ)s{iaZA}UhorLJWXq+hzv&^mdPAIDYip3Sc7MMS!axezW*?C1V5fVO$i06U}*J4w7b82gr,0`F8AR+Cm({kTP8@u_a5v,!!~Q9VU,(k%As8cfN9D2$lX3elDi)M(2[AS_CWOe9*oQ[yN]gjpW%9V~veLLFD4bfw6_[NhwJ=xAzv',r(EDrnQV=E]Od9ka[2WWds1i?gwa]Ljvm=3FyhbUW{Yew76n0$pd8Ab?H^eme4=r^`jBkT2}u9Pc.vr@5gc'eOg8gX7hh8IXBT`sba^OZZrtd_iNSAiY432Og=hk!prgzhWL19ZBq*y!4&7?cO@YoEjom8T]i(K&G=2WZF0q9G)Ht?6QN@7N?&EKbya{`,0Nw8eRz{(qenh&O_RX&LHCp@HOD9YeqtJy}ZRYQ6YwJAHki5rHcB.QOm3q)_+)l=3,Hb^W8Y2C{bp5lT1,w8U&LUVmiy56E10t+0g7.9xZz74B*vKDhvA0I)'cx9hF0'jm8?tej`~Ly[id@@X0?^=f*kn=7{8MAX.5%@x)!![!3rAcNBUL))vnW@AF9SR%,f_ToL}_P[&QFAp,!3T7uCoUJ[H&N+kUV9Qk5glR1ts-TjOmY{0nO=S6GJKns6Z$B&Au*]cS^?cc(qG64z~7vJhh0wCOp=WQaXgn[QNz[9GRLXX?w=I-(Kn%5nV,C4Sp]`eT59a8D&$Ra5(=(uh7iVuK%=qJ~n%,goWR0CC)Yv=SG?3-}!5-o~y8nSAK=),)WA-W6q_vv}Ev"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\D7314F9862C648A4DB8BE2A5B47BE100\Features]
"Complete5.1.40728.0"="XNmn0lYPR@3$8hQ%TYwx$H8qYCruc=lBn,)FX?V0ye6nlV_SJA)SIIr?X%xiqG@Zp%z_F=5X?Ab(gW2SFDK*8GOnn9A47N8wb(J&*^(zpcD%q=6Q%SVz]6w2v.hv()gBj8W~bv.E7v5B8V7Ts97%r=@(8IYo+y~ViyB(qQyAg?tfYhgrsJ(hoQsEO}052==kab%Yz?`gUqs@2WLXo9A(NHCCNY^x%Rr_CP30)AGEs(q?-3%nc@f&19q4'@X^x@4BIAOy=dN(cfCOIA,(4{Zj([BH.Ruph&RXS9h.z!$Ig$+$(F9~n61L{=mklpYT!'eP@QCjr[cg)AIx6@)Sp8'u~j&t4~38UA((0Dow9hM6EGP6kpP2a=}yMuRU)af@vub@&Tm3I?e,@*C7C7'{',A$abpD[8}8H52+TqV`Ls_(B.G4e=-lz%bq+x+gt4ktUWWsc9C(~U@~f1fn`~8(P.bx[Am=G*S,Wfhhh'v)Y[gxO=QEtm41U=)!jO~stC-ci@!n!0@Bxl1pIo{-nIiuP=2,1mC{$H`b+OhP?EI^$ARfVT=C5PY+KVS*SyEP+@wF'{ZoiG{P~[*eLe1TLAo`Ah,t*]iCM[4zeYX.J=VmeZs9(tCrauDe8&8D%AH+38Y$Wt[7s}NXk}RjVA_ylz!sOJNC5B`'B]BcL@&2`kWr@MW?1mL]lZ,!`@srY(@l&er$=)_,'-PmF9Y{w$-@{Ju'-ZO^6P}EW=F%O}bP,807H@YQ,PLKr=([~D41K(}7}D%M5=?z!Ao3`QpL5h]koL5NJpGyB@5?(Woj*{neqpx76Fbq^=x.NyEK8,.4d.eFRN8'p8!GZ(xk%z]e{'wls+,WaAdeLy3p{Ak-~~cAprse3?m1RWXbt+pYq&%,zMwdY@zvU+lyq2ovV.trHGwwR=x0yvUMKFsHUn~a`*Yye=4U0qozF]I*8,@?c}(&39OKwKX$3g1DCM4LFL~SM9pmo8av{AUKA.oQ`5!d6Al*!&D3!2luw4!{34m.h@?qxr9iGfI7S3&6{nS`)9rFhOv)Aq(Z+P4q62Z[KAVou0KLJJAsUQqB17.8e9h+HgsbW@02'I$Qtc3fAAjZA7h*tnv[,dNB86P5!?&EJPrJ[0RG9D-'hqAS,?J{xJ7o5wW@?~,_Ia%7`?VDxFID*lY?iadf*^%-?A}!NzS$H%j$G}-)cxfG7@kQQ`I@aFcsAyOGS3@.I?H-n~!yf0]V]*7WgsZjV=kU55]`9Qh^yTe`GLO.3?~.W9S.eFY3a3@1z&W__=x2XBdB}J~0cc*!YM26^?%jQUsa14@?ja(oM&'em@?$+~.fr7FqYgCmtoOP'@fgA@R^(P+NXqbt3O!Q6=tR[G_kR6n^kNH=ySyE09eIFu3L(P{*8Mbf=N_O%=N%Q3VQ.N,DoeHtuO5mX8?Rj=$iu4!3n4j^Szk1W9`(@mbWK^YE@NTBcl8`XAMus%`.InITnYCmtx1`D?*elGUq'FT8N[0+D{vOdAG4gkN$Pb.TfVYwxJ@*t=2K?-u..VQxAZg,J]EKq?Bv8QP(EH{%%gj*.!THW@SsOvI.]Zw@9M'($Z5HA@b!,k[)3hg[mi?UsAdq=@_-R'-=vOG`Ici5.q8v7AGm^U6uOYKjigDztg8mJ9,`w!E9~+=vUh4!&G,W)A_~wno1GMzByo}Ro1l*{?3+{1n}^TXTj]d4s2T03@8PB(w@q}oF?`V%-KVH)=QU*JZ_`Q(lw5`y,ncUf@EJ00Q%Ex(yomE}Z~l.j81XG]x+I%FdMRzr8)dqo?Hu`RE*+jb^n+ORynQIz=+~YUp[esF=Rh3r2S&]WA!X9vS3m,K*cTDw^3Ni~@9c@P8ia[Vc$ne5ApiXx8dTHpEOH@(bYbO?9*&9j@!0&]a_gQubgq4wzUK*o=%T*9BO2w_Q=AZ+SeFIN=z`P(e%D1=sZ6daO@a'V9dmU}4wX$UtDxcsfOF54@WCi8Cg2-8]G+DR_X=m^82]FuN7GX7?8%wVL-!hz=V_1KH!E_@rItB.lekZ5?xLQyK2gJ+VAge.xL,dUA[pF6okqj'I6(Nnf1Z5,?*m0iUD0w*MIF3RV6p1q8cJAgUbQn+Ruu?}6Wvq7?eC8amrFS*vzy*[s,~+H9Vpr@lRlxHdFv]qwWP8!@oQ]U6qwu0g$eZAPH}[==X.x@-m3j8W1PJ,QxOfRAgr_rJCvcyU*PAyNFBDM=tnpT'II1o8nP`3%&2%P@ZwMIkiPE^E(mojY=a_6@LduT=Z_y{`-%!EJcCqw?62@?X~09iwHA=^g'n2K=zJZqlZ]C$.J=Z0eEX-W@K-R(iZu1o@]=?^HoYBr9bA7uhuNy180h`3W4Fo?@9A&3Cmr9Mmc$3sc-fml?i{dtuV+!_kKpjK7FgYr8lIaDR5'WXhIIuJH+r6w9URTNxwGws[$j0Y%y'4i@Gigm+b1%VlGd755ci0P@BA,VncL+%MS[LdA^mO'?.oSiuRJ^U&v%'S&O&X?=.+]LH=qt).b7R~qxG}M?P2LV,ys6.ncfTy7z9]R?L%s_Tqcf~w9$5dj=HXa9s3I['7MH=oMt]%5Fcy79aqn9^2rm%pf1]h=RKl+?77T}u3!e-f4=uZnxB3P9esnOTn{~v*1@Q^c?u^S9C$}H7+dD%L^Y%C$!{(2=zZC(B&HJB2)a8EGR`Qc=IyMTOu-T*(xchpPV+n*AAxaVKvd3OEW+-Arj`gK?ts&%vc4h1113lz)SsrV?nr!SD4pIWv[fWtq]Lmf?7%!$4,$NujA~dFV]1Rr8stecr4x?rJ!lIWa1tsj=[Qy34.~+]*3FiC9QI-p9^fhIW%!px5RN%8YLDAM=EZuNa5D-7N[g7-*z}3y9_6pmP5vajK]ZQiL^{gz@b2^21?U+zKMVT3zXEvd9.u0BkR`oS*KkP9!Zc=k9j?HuDKfP+?1d)kTO.I_A)Trgv+h,-VwE7x.vGL_AJvG-5.~{w1]zzxZV[-$A8iDLx'?M,hd3`yVo_)]=xG0AsN0?x@tStSk!9gY=gytB4X]b+Jf)7w6'N_o?SR~GXUd,(*i`+ox-L`&?^8iqLX-_X[VHlxTD*N79fnKi9lzQ1$E?wsXUP09?tb}=eFG1HZf%C6m%@t3@[-g~hclgLBn$sgOP8'u91C$2Gs]6{N,na*Yl{L=A]?zjMmlq?w3t{r6e.A1@p~AI['&qZV_SM=9N3W4?aj'-5)SdNfpZlsjQ^$R9I8PQz{JUcH_dV2ax?UB=6Ohw[TkF)vVj{$*JX%5?h3V~A?,2V9xS[wH211+?mwvIPJn$LU]nhA77P+b@S8,pO@f.[]lB!hLio%o?,dE5tAUp0$5zfX!MKMMA~9[kwjQIwMs3v0V,!{}=9aONKLl}]%C%.qkZL4=Ax1x8*pgU8ox8dJBt@fF9oHa=!44$C(Jo}0TNzJD9IY$A8{Bga+a'nueh$_}@(`LW-6$4N2Zo58ZM$F8?Y4*9v`*x.f2=O*[}C$?=i6^{n$QEMI[FqcfA=qX@P}Ln1}BOSzo`zP.q{gx=%PhDrhDqfRy&sKDQaeGAI4?xB_4?]+v+^CToYLd@zc]J1m2PHBMC[yRSZfH93zWYYmp)F6eWH(8zDML@.v~@1%G@dkqUO7R$p!x?!P@B`VMz{brRf7*om'4=pe(7q9dPLDHG~.9n(s4=75S}%kK$iXhG*2pXWEH@{.4pGt3y9LNEEHpT+Uu@}^7r?6HzPPjbXg1),B0?gd=R4!s-BsqX08D9x2k=UnnH(6+5f0^7I2aZ,UW?xlg*gGNP9tB_F^oo8DSAqj.cWSiAYyZxN85K)TW??G'vBY&_sue1SOk-s.]8I,^{-Fh[IHHOVg,=Jm4=@J?dMo^_wvy)J7hFzi{?EfZ0-pe$j.^6+Cb+cP,=ZP{_1m!@mBS'e@OP*%Y9,Z[D5L,ZdVgJ2dVGf]z8Sr1{D$XA+JgQIP)*dpj@vKkRRZl-~O)6RpDB[)!@[,*q_RE(0Cek_IzeRTm9.osGKggF4C8fa{,iuvR9$-FVzuwZ&9M!7a[I)_=?^?3xN3lcuI'Ug(4fpSN?)^E}^kd1kPj@81r@dWg?R}^DNTfE5P=@(q_GYPn9CA![1aX`AeOsaI13y7-?3GXQ9Q_~A1f[hyb@76^AVnNw8=Emi!r7Iq,],o}=BK4%+54IeudrdlaD{x,9Ac,Lw3*}V^^kab(nSI=@1e@en,A3twWH7IkSJo49emP^-SBc]qIo$h%1e(s?v=C}){xWOL6yt?,!xuu8m^ax&B9*qHqfH^2!Eiv={LySVDG^mkMUZD%o%To9jw&,9i!*c!qHAsu.kit?Mww^`tW@rT8R~(,Z_8p8H+lqsKCMn=]'~wXNrHRAg*'RfH+P{i5v2SHdD^~8OtVwRia9!2^Xj`ZG]Q09r7jl6q6Er`dp3VKO6kv9KX8TQQPBAH(g6GG[p=g?wOEOn)oOtNZ}%LCiNX]8ci$XWb-ecs'wqbUR~d~=uHBg9Y0g!uZH{r]o=sf=Gi9`Fcd$T`s~&+a9Gl79DkfPO&!k.A-f.GCL.}0AUGrl]u$6j.EHt*%At{{@oj)Ol!zo7.(.njU)(Sk?'wMumU[$2l}5CbfojX[?}g'fA]+}{$xqBV8wz.W@(mXc@k5nH]rhP6DW3j0?XsRi,tg7%mEoIJEJ-e)?E'LgF61$_^gqekR_2a~=-9OvMIe&5bTvdIWC*^p=og)OvN(4cM*[uPAK?&RAkmW.[XBs,sC[C^kGGTg9(ryBebUby%?c-IW9ZxHAeE{Zi7'iLtFE2h+NHW@@oACiF1[dR*wZ)7zo~@n=={wCm[ds=FnQsyP$EP!@v%^OkgBdpXjj=0{)y1L?*CCOxs%&bTg$eg_5gUHA(eM&ar%}@HT5j&--XN)?F^?-e)Osi-DwW}UAK6F?$a@IXn6(kCj-pUr5mFbAMMw0xTtlh.2Gjov.EOz?J00,uGR-'es}z~rOXYY?[tz7gIW(2bR4{0x}zso8loIF]o*H^Cp_h&NT]s2??+dBZo}T`(ps+bdDkB2@LxSkkyWhh'.%}J(NtKV9@B9F(xs[Xpr4{%]1~]%@a}j,O8L0{!vnwfclrX69bPC_cFuCcVfPM.apS%D@8R=)4yac'Dig2VZsW8@9gROUKS9'eXF*zmmAs$N=g@Vt2_%21)YRZZpA,nt@cjBsMi40kmW+}NwaByH?{{DmgMY}&jfR*hIKTp%=G^!*QM8~!9T%FgTDiv.?]2..m'$vBxS[O`K0n9M@nhk1k5niHgn1D?^vu]w8R~ol-%]@B!2%GRPE+@NADsRN_jUI~fwgR%^Jb85=ta_t0E28g2y9'BRx`We?--d^43?cj?1@JdSo6Yd?zF](cnn&eX3Vz{y+IzQ=Yr4aYpple'KqE2c34]79?X`pkq3j)]9FzU+Y%6j?,'wNaJVhselh-!JmXEGAmPc98C0e'3Wix?BUv3C9X6_qdD!PfvN1TMXfMnK==jJ{DUf1pYv%&HY?Hy`A`}qHc7+1aHdN,4V2FsEA!&PH&7ckURx3HaJQs)8?ROaQXyh*[bT@-S6dY,q=69r9qgU_'ovQPdNkj[`=WRp^^*`mQt(u{~1D^?==~dWYgXjD9h$A6kDBdgI9{o)ZD,x3cd{p9K5+FiZ9UFThbU07EK8N([d[rDZ?J[5S?B&Vi0.]9U[=d.C?(VlF2t-KwK!sqqg3Z6H9+wa~Q-}5os22~'Ieu.4AR*pXOF8.KSlF!erxmyk9_j6)0!I*7Xytw,h)Rzn?^m}aTKM)8U]{oMd}*Eo8^6xHia!4e4,V3)DJV5C?B3=lJL*homzGTN6criF9Y7acji}K4dxpz,wyHmJ=Y2znjs-?DRczO4y,mcN@Qa+mRe(F1J!U1q5ejNS@evIybI(q+RLkDW4-q%y=bpP4Ec3}*O[vz*$c[kD@]hTc17l5''BF4!V4V2`@-^&7^t~-fOfJO]J8ghl=W=IQtq%WCJ+4XHxW4aw=2_RhBIz8C?Zf`h&G$pUAfT9v8+[sdY6n5vIIN^b9$UQY)E$@H8!V=]*Z`r$9WIjc_=%cBTulsifz**h@0~fALtOYpbm[NIqT2}WA0aR*=3~!LFgE4_b}0G`@r55pvjW$WQ8@EE=bxPC?'uPPQWmHnl*Y$E4Ke{x=[Ixbp)$_}qOq4H=Hdgp83}-R1wJbS5lx&7qAv+i80^wAZ.imnF`v'S+9tEr9??-C5y^)qzNNgI%70(+9lKVkr.$s(2%GdrIrSt@=F~~u()^6q)'(LwI).Zx?5(yWrNmBPCqK~f0vD_7@}_hi&J@p`KmsZxShxH[8+&(is2Zzl=&9L&o65a&?5beI8w`GmDO(mcTTKga=3.u$1_+UajRgUJhT9S?=CmZ=r^Iba.sb,N[YB7~9~cPGeHADaTs0AxSlRGM=2Zw[ePlzmF!_n4k)%bx=BmY)M4%dPBS3N9aL9z)A+6nFue-o-351SmJ)L3P@mj[6^7'{-_(rDAfzbPLAU)R!`(z(cz*$'}fd],)?$xh!3EExk)OPa^$Whgf978**w$XiisbG[4amsll?C=jz25-l1dvj.V'KxU}8xk'*7i(@K[`)Pd]tMv`@Axd]Rhl-$?f0lVP4e+~=jyZ^eh}L5]P8sU98}Ug@Y~24^$L]ZEdEs]0NL}r@r]LFvQ8CT8)&4v9(INdAwSr=WV0SvjY3d74bFR79LN}o.CCPcL(mc@[-SyB=)q=&RI&jlLtMD%885e[9O[-R6+Q^j1pdgn6oQ)(=?LYE-{!F(!+bYPH0oPN@V,A3`[_,g?K&AY^v?bS?N=6aQ%[^EK}A7rpw[)v@}hOYD]$S4Yvf_99b$2q8(Ok5,AI]UOvMXR(BCbv?&E't@R%K(T,bO+P,Ya@=eTqUBqoD.nMYTrZfY8-?T8J1HqX09)P.xj4SQE@@sqmC3Q6BQB*TT@y&R4o9Y)Y^utiQ=-)?u[XBSd[A}xF?Hth~F*Eo~'cyRu@@r$Lp0Q_}!,WM$B`BI}r@Mt_ZA]U+_[A`vIL?)4x=X&*?^^HsN8qMZ)s{iaZA}UhorLJWXq+hzv&^mdPAIDYip3Sc7MMS!axezW*?C1V5fVO$i06U}*J4w7b82gr,0`F8AR+Cm({kTP8@u_a5v,!!~Q9VU,(k%As8cfN9D2$lX3elDi)M(2[AS_CWOe9*oQ[yN]gjpW%9V~veLLFD4bfw6_[NhwJ=xAzv',r(EDrnQV=E]Od9ka[2WWds1i?gwa]Ljvm=3FyhbUW{Yew76n0$pd8Ab?H^eme4=r^`jBkT2}u9Pc.vr@5gc'eOg8gX7hh8IXBT`sba^OZZrtd_iNSAiY432Og=hk!prgzhWL19ZBq*y!4&7?cO@YoEjom8T]i(K&G=2WZF0q9G)Ht?6QN@7N?&EKbya{`,0Nw8eRz{(qenh&O_RX&LHCp@HOD9YeqtJy}ZRYQ6YwJAHki5rHcB.QOm3q)_+)l=3,Hb^W8Y2C{bp5lT1,w8U&LUVmiy56E10t+0g7.9xZz74B*vKDhvA0I)'cx9hF0'jm8?tej`~Ly[id@@X0?^=f*kn=7{8MAX.5%@x)!![!3rAcNBUL))vnW@AF9SR%,f_ToL}_P[&QFAp,!3T7uCoUJ[H&N+kUV9Qk5glR1ts-TjOmY{0nO=S6GJKns6Z$B&Au*]cS^?cc(qG64z~7vJhh0wCOp=WQaXgn[QNz[9GRLXX?w=I-(Kn%5nV,C4Sp]`eT59a8D&$Ra5(=(uh7iVuK%=qJ~n%,goWR0CC)Yv=SG?3-}!5-o~y8nSAK=),)WA-W6q_vv}Ev"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\D7314F9862C648A4DB8BE2A5B47BE100\Features]
"Complete5.1.41105.0"="XNmn0lYPR@3$8hQ%TYwx$H8qYCruc=lBn,)FX?V0ye6nlV_SJA)SIIr?X%xiqG@Zp%z_F=5X?Ab(gW2SFDK*8GOnn9A47N8wb(J&*^(zpcD%q=6Q%SVz]6w2v.hv()gBj8W~bv.E7v5B8V7Ts97%r=@(8IYo+y~ViyB(qQyAg?tfYhgrsJ(hoQsEO}052==kab%Yz?`gUqs@2WLXo9A(NHCCNY^x%Rr_CP30)AGEs(q?-3%nc@f&19q4'@X^x@4BIAOy=dN(cfCOIA,(4{Zj([BH.Ruph&RXS9h.z!$Ig$+$(F9~n61L{=mklpYT!'eP@QCjr[cg)AIx6@)Sp8'u~j&t4~38UA((0Dow9hM6EGP6kpP2a=}yMuRU)af@vub@&Tm3I?e,@*C7C7'{',A$abpD[8}8H52+TqV`Ls_(B.G4e=-lz%bq+x+gt4ktUWWsc9C(~U@~f1fn`~8(P.bx[Am=G*S,Wfhhh'v)Y[gxO=QEtm41U=)!jO~stC-ci@!n!0@Bxl1pIo{-nIiuP=2,1mC{$H`b+OhP?EI^$ARfVT=C5PY+KVS*SyEP+@wF'{ZoiG{P~[*eLe1TLAo`Ah,t*]iCM[4zeYX.J=VmeZs9(tCrauDe8&8D%AH+38Y$Wt[7s}NXk}RjVA_ylz!sOJNC5B`'B]BcL@&2`kWr@MW?1mL]lZ,!`@srY(@l&er$=)_,'-PmF9Y{w$-@{Ju'-ZO^6P}EW=F%O}bP,807H@YQ,PLKr=([~D41K(}7}D%M5=?z!Ao3`QpL5h]koL5NJpGyB@5?(Woj*{neqpx76Fbq^=x.NyEK8,.4d.eFRN8'p8!GZ(xk%z]e{'wls+,WaAdeLy3p{Ak-~~cAprse3?m1RWXbt+pYq&%,zMwdY@zvU+lyq2ovV.trHGwwR=x0yvUMKFsHUn~a`*Yye=4U0qozF]I*8,@?c}(&39OKwKX$3g1DCM4LFL~SM9pmo8av{AUKA.oQ`5!d6Al*!&D3!2luw4!{34m.h@?qxr9iGfI7S3&6{nS`)9rFhOv)Aq(Z+P4q62Z[KAVou0KLJJAsUQqB17.8e9h+HgsbW@02'I$Qtc3fAAjZA7h*tnv[,dNB86P5!?&EJPrJ[0RG9D-'hqAS,?J{xJ7o5wW@?~,_Ia%7`?VDxFID*lY?iadf*^%-?A}!NzS$H%j$G}-)cxfG7@kQQ`I@aFcsAyOGS3@.I?H-n~!yf0]V]*7WgsZjV=kU55]`9Qh^yTe`GLO.3?~.W9S.eFY3a3@1z&W__=x2XBdB}J~0cc*!YM26^?%jQUsa14@?ja(oM&'em@?$+~.fr7FqYgCmtoOP'@fgA@R^(P+NXqbt3O!Q6=tR[G_kR6n^kNH=ySyE09eIFu3L(P{*8Mbf=N_O%=N%Q3VQ.N,DoeHtuO5mX8?Rj=$iu4!3n4j^Szk1W9`(@mbWK^YE@NTBcl8`XAMus%`.InITnYCmtx1`D?*elGUq'FT8N[0+D{vOdAG4gkN$Pb.TfVYwxJ@*t=2K?-u..VQxAZg,J]EKq?Bv8QP(EH{%%gj*.!THW@SsOvI.]Zw@9M'($Z5HA@b!,k[)3hg[mi?UsAdq=@_-R'-=vOG`Ici5.q8v7AGm^U6uOYKjigDztg8mJ9,`w!E9~+=vUh4!&G,W)A_~wno1GMzByo}Ro1l*{?3+{1n}^TXTj]d4s2T03@8PB(w@q}oF?`V%-KVH)=QU*JZ_`Q(lw5`y,ncUf@EJ00Q%Ex(yomE}Z~l.j81XG]x+I%FdMRzr8)dqo?Hu`RE*+jb^n+ORynQIz=+~YUp[esF=Rh3r2S&]WA!X9vS3m,K*cTDw^3Ni~@9c@P8ia[Vc$ne5ApiXx8dTHpEOH@(bYbO?9*&9j@!0&]a_gQubgq4wzUK*o=%T*9BO2w_Q=AZ+SeFIN=z`P(e%D1=sZ6daO@a'V9dmU}4wX$UtDxcsfOF54@WCi8Cg2-8]G+DR_X=m^82]FuN7GX7?8%wVL-!hz=V_1KH!E_@rItB.lekZ5?xLQyK2gJ+VAge.xL,dUA[pF6okqj'I6(Nnf1Z5,?*m0iUD0w*MIF3RV6p1q8cJAgUbQn+Ruu?}6Wvq7?eC8amrFS*vzy*[s,~+H9Vpr@lRlxHdFv]qwWP8!@oQ]U6qwu0g$eZAPH}[==X.x@-m3j8W1PJ,QxOfRAgr_rJCvcyU*PAyNFBDM=tnpT'II1o8nP`3%&2%P@ZwMIkiPE^E(mojY=a_6@LduT=Z_y{`-%!EJcCqw?62@?X~09iwHA=^g'n2K=zJZqlZ]C$.J=Z0eEX-W@K-R(iZu1o@]=?^HoYBr9bA7uhuNy180h`3W4Fo?@9A&3Cmr9Mmc$3sc-fml?i{dtuV+!_kKpjK7FgYr8lIaDR5'WXhIIuJH+r6w9URTNxwGws[$j0Y%y'4i@Gigm+b1%VlGd755ci0P@BA,VncL+%MS[LdA^mO'?.oSiuRJ^U&v%'S&O&X?=.+]LH=qt).b7R~qxG}M?P2LV,ys6.ncfTy7z9]R?L%s_Tqcf~w9$5dj=HXa9s3I['7MH=oMt]%5Fcy79aqn9^2rm%pf1]h=RKl+?77T}u3!e-f4=uZnxB3P9esnOTn{~v*1@Q^c?u^S9C$}H7+dD%L^Y%C$!{(2=zZC(B&HJB2)a8EGR`Qc=IyMTOu-T*(xchpPV+n*AAxaVKvd3OEW+-Arj`gK?ts&%vc4h1113lz)SsrV?nr!SD4pIWv[fWtq]Lmf?7%!$4,$NujA~dFV]1Rr8stecr4x?rJ!lIWa1tsj=[Qy34.~+]*3FiC9QI-p9^fhIW%!px5RN%8YLDAM=EZuNa5D-7N[g7-*z}3y9_6pmP5vajK]ZQiL^{gz@b2^21?U+zKMVT3zXEvd9.u0BkR`oS*KkP9!Zc=k9j?HuDKfP+?1d)kTO.I_A)Trgv+h,-VwE7x.vGL_AJvG-5.~{w1]zzxZV[-$A8iDLx'?M,hd3`yVo_)]=xG0AsN0?x@tStSk!9gY=gytB4X]b+Jf)7w6'N_o?SR~GXUd,(*i`+ox-L`&?^8iqLX-_X[VHlxTD*N79fnKi9lzQ1$E?wsXUP09?tb}=eFG1HZf%C6m%@t3@[-g~hclgLBn$sgOP8'u91C$2Gs]6{N,na*Yl{L=A]?zjMmlq?w3t{r6e.A1@p~AI['&qZV_SM=9N3W4?aj'-5)SdNfpZlsjQ^$R9I8PQz{JUcH_dV2ax?UB=6Ohw[TkF)vVj{$*JX%5?h3V~A?,2V9xS[wH211+?mwvIPJn$LU]nhA77P+b@S8,pO@f.[]lB!hLio%o?,dE5tAUp0$5zfX!MKMMA~9[kwjQIwMs3v0V,!{}=9aONKLl}]%C%.qkZL4=Ax1x8*pgU8ox8dJBt@fF9oHa=!44$C(Jo}0TNzJD9IY$A8{Bga+a'nueh$_}@(`LW-6$4N2Zo58ZM$F8?Y4*9v`*x.f2=O*[}C$?=i6^{n$QEMI[FqcfA=qX@P}Ln1}BOSzo`zP.q{gx=%PhDrhDqfRy&sKDQaeGAI4?xB_4?]+v+^CToYLd@zc]J1m2PHBMC[yRSZfH93zWYYmp)F6eWH(8zDML@.v~@1%G@dkqUO7R$p!x?!P@B`VMz{brRf7*om'4=pe(7q9dPLDHG~.9n(s4=75S}%kK$iXhG*2pXWEH@{.4pGt3y9LNEEHpT+Uu@}^7r?6HzPPjbXg1),B0?gd=R4!s-BsqX08D9x2k=UnnH(6+5f0^7I2aZ,UW?xlg*gGNP9tB_F^oo8DSAqj.cWSiAYyZxN85K)TW??G'vBY&_sue1SOk-s.]8I,^{-Fh[IHHOVg,=Jm4=@J?dMo^_wvy)J7hFzi{?EfZ0-pe$j.^6+Cb+cP,=ZP{_1m!@mBS'e@OP*%Y9,Z[D5L,ZdVgJ2dVGf]z8Sr1{D$XA+JgQIP)*dpj@vKkRRZl-~O)6RpDB[)!@[,*q_RE(0Cek_IzeRTm9.osGKggF4C8fa{,iuvR9$-FVzuwZ&9M!7a[I)_=?^?3xN3lcuI'Ug(4fpSN?)^E}^kd1kPj@81r@dWg?R}^DNTfE5P=@(q_GYPn9CA![1aX`AeOsaI13y7-?3GXQ9Q_~A1f[hyb@76^AVnNw8=Emi!r7Iq,],o}=BK4%+54IeudrdlaD{x,9Ac,Lw3*}V^^kab(nSI=@1e@en,A3twWH7IkSJo49emP^-SBc]qIo$h%1e(s?v=C}){xWOL6yt?,!xuu8m^ax&B9*qHqfH^2!Eiv={LySVDG^mkMUZD%o%To9jw&,9i!*c!qHAsu.kit?Mww^`tW@rT8R~(,Z_8p8H+lqsKCMn=]'~wXNrHRAg*'RfH+P{i5v2SHdD^~8OtVwRia9!2^Xj`ZG]Q09r7jl6q6Er`dp3VKO6kv9KX8TQQPBAH(g6GG[p=g?wOEOn)oOtNZ}%LCiNX]8ci$XWb-ecs'wqbUR~d~=uHBg9Y0g!uZH{r]o=sf=Gi9`Fcd$T`s~&+a9Gl79DkfPO&!k.A-f.GCL.}0AUGrl]u$6j.EHt*%At{{@oj)Ol!zo7.(.njU)(Sk?'wMumU[$2l}5CbfojX[?}g'fA]+}{$xqBV8wz.W@(mXc@k5nH]rhP6DW3j0?XsRi,tg7%mEoIJEJ-e)?E'LgF61$_^gqekR_2a~=-9OvMIe&5bTvdIWC*^p=og)OvN(4cM*[uPAK?&RAkmW.[XBs,sC[C^kGGTg9(ryBebUby%?c-IW9ZxHAeE{Zi7'iLtFE2h+NHW@@oACiF1[dR*wZ)7zo~@n=={wCm[ds=FnQsyP$EP!@v%^OkgBdpXjj=0{)y1L?*CCOxs%&bTg$eg_5gUHA(eM&ar%}@HT5j&--XN)?F^?-e)Osi-DwW}UAK6F?$a@IXn6(kCj-pUr5mFbAMMw0xTtlh.2Gjov.EOz?J00,uGR-'es}z~rOXYY?[tz7gIW(2bR4{0x}zso8loIF]o*H^Cp_h&NT]s2??+dBZo}T`(ps+bdDkB2@LxSkkyWhh'.%}J(NtKV9@B9F(xs[Xpr4{%]1~]%@a}j,O8L0{!vnwfclrX69bPC_cFuCcVfPM.apS%D@8R=)4yac'Dig2VZsW8@9gROUKS9'eXF*zmmAs$N=g@Vt2_%21)YRZZpA,nt@cjBsMi40kmW+}NwaByH?{{DmgMY}&jfR*hIKTp%=G^!*QM8~!9T%FgTDiv.?]2..m'$vBxS[O`K0n9M@nhk1k5niHgn1D?^vu]w8R~ol-%]@B!2%GRPE+@NADsRN_jUI~fwgR%^Jb85=ta_t0E28g2y9'BRx`We?--d^43?cj?1@JdSo6Yd?zF](cnn&eX3Vz{y+IzQ=Yr4aYpple'KqE2c34]79?X`pkq3j)]9FzU+Y%6j?,'wNaJVhselh-!JmXEGAmPc98C0e'3Wix?BUv3C9X6_qdD!PfvN1TMXfMnK==jJ{DUf1pYv%&HY?Hy`A`}qHc7+1aHdN,4V2FsEA!&PH&7ckURx3HaJQs)8?ROaQXyh*[bT@-S6dY,q=69r9qgU_'ovQPdNkj[`=WRp^^*`mQt(u{~1D^?==~dWYgXjD9h$A6kDBdgI9{o)ZD,x3cd{p9K5+FiZ9UFThbU07EK8N([d[rDZ?J[5S?B&Vi0.]9U[=d.C?(VlF2t-KwK!sqqg3Z6H9+wa~Q-}5os22~'Ieu.4AR*pXOF8.KSlF!erxmyk9_j6)0!I*7Xytw,h)Rzn?^m}aTKM)8U]{oMd}*Eo8^6xHia!4e4,V3)DJV5C?B3=lJL*homzGTN6criF9Y7acji}K4dxpz,wyHmJ=Y2znjs-?DRczO4y,mcN@Qa+mRe(F1J!U1q5ejNS@evIybI(q+RLkDW4-q%y=bpP4Ec3}*O[vz*$c[kD@]hTc17l5''BF4!V4V2`@-^&7^t~-fOfJO]J8ghl=W=IQtq%WCJ+4XHxW4aw=2_RhBIz8C?Zf`h&G$pUAfT9v8+[sdY6n5vIIN^b9$UQY)E$@H8!V=]*Z`r$9WIjc_=%cBTulsifz**h@0~fALtOYpbm[NIqT2}WA0aR*=3~!LFgE4_b}0G`@r55pvjW$WQ8@EE=bxPC?'uPPQWmHnl*Y$E4Ke{x=[Ixbp)$_}qOq4H=Hdgp83}-R1wJbS5lx&7qAv+i80^wAZ.imnF`v'S+9tEr9??-C5y^)qzNNgI%70(+9lKVkr.$s(2%GdrIrSt@=F~~u()^6q)'(LwI).Zx?5(yWrNmBPCqK~f0vD_7@}_hi&J@p`KmsZxShxH[8+&(is2Zzl=&9L&o65a&?5beI8w`GmDO(mcTTKga=3.u$1_+UajRgUJhT9S?=CmZ=r^Iba.sb,N[YB7~9~cPGeHADaTs0AxSlRGM=2Zw[ePlzmF!_n4k)%bx=BmY)M4%dPBS3N9aL9z)A+6nFue-o-351SmJ)L3P@mj[6^7'{-_(rDAfzbPLAU)R!`(z(cz*$'}fd],)?$xh!3EExk)OPa^$Whgf978**w$XiisbG[4amsll?C=jz25-l1dvj.V'KxU}8xk'*7i(@K[`)Pd]tMv`@Axd]Rhl-$?f0lVP4e+~=jyZ^eh}L5]P8sU98}Ug@Y~24^$L]ZEdEs]0NL}r@r]LFvQ8CT8)&4v9(INdAwSr=WV0SvjY3d74bFR79LN}o.CCPcL(mc@[-SyB=)q=&RI&jlLtMD%885e[9O[-R6+Q^j1pdgn6oQ)(=?LYE-{!F(!+bYPH0oPN@V,A3`[_,g?K&AY^v?bS?N=6aQ%[^EK}A7rpw[)v@}hOYD]$S4Yvf_99b$2q8(Ok5,AI]UOvMXR(BCbv?&E't@R%K(T,bO+P,Ya@=eTqUBqoD.nMYTrZfY8-?T8J1HqX09)P.xj4SQE@@sqmC3Q6BQB*TT@y&R4o9Y)Y^utiQ=-)?u[XBSd[A}xF?Hth~F*Eo~'cyRu@@r$Lp0Q_}!,WM$B`BI}r@Mt_ZA]U+_[A`vIL?)4x=X&*?^^HsN8qMZ)s{iaZA}UhorLJWXq+hzv&^mdPAIDYip3Sc7MMS!axezW*?C1V5fVO$i06U}*J4w7b82gr,0`F8AR+Cm({kTP8@u_a5v,!!~Q9VU,(k%As8cfN9D2$lX3elDi)M(2[AS_CWOe9*oQ[yN]gjpW%9V~veLLFD4bfw6_[NhwJ=xAzv',r(EDrnQV=E]Od9ka[2WWds1i?gwa]Ljvm=3FyhbUW{Yew76n0$pd8Ab?H^eme4=r^`jBkT2}u9Pc.vr@5gc'eOg8gX7hh8IXBT`sba^OZZrtd_iNSAiY432Og=hk!prgzhWL19ZBq*y!4&7?cO@YoEjom8T]i(K&G=2WZF0q9G)Ht?6QN@7N?&EKbya{`,0Nw8eRz{(qenh&O_RX&LHCp@HOD9YeqtJy}ZRYQ6YwJAHki5rHcB.QOm3q)_+)l=3,Hb^W8Y2C{bp5lT1,w8U&LUVmiy56E10t+0g7.9xZz74B*vKDhvA0I)'cx9hF0'jm8?tej`~Ly[id@@X0?^=f*kn=7{8MAX.5%@x)!![!3rAcNBUL))vnW@AF9SR%,f_ToL}_P[&QFAp,!3T7uCoUJ[H&N+kUV9Qk5glR1ts-TjOmY{0nO=S6GJKns6Z$B&Au*]cS^?cc(qG64z~7vJhh0wCOp=WQaXgn[QNz[9GRLXX?w=I-(Kn%5nV,C4Sp]`eT59a8D&$Ra5(=(uh7iVuK%=qJ~n%,goWR0CC)Yv=SG?3-}!5-o~y8nSAK=),)WA-W6q_vv}Ev"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\D7314F9862C648A4DB8BE2A5B47BE100\Features]
"Complete5.1.41212.0"="XNmn0lYPR@3$8hQ%TYwx$H8qYCruc=lBn,)FX?V0ye6nlV_SJA)SIIr?X%xiqG@Zp%z_F=5X?Ab(gW2SFDK*8GOnn9A47N8wb(J&*^(zpcD%q=6Q%SVz]6w2v.hv()gBj8W~bv.E7v5B8V7Ts97%r=@(8IYo+y~ViyB(qQyAg?tfYhgrsJ(hoQsEO}052==kab%Yz?`gUqs@2WLXo9A(NHCCNY^x%Rr_CP30)AGEs(q?-3%nc@f&19q4'@X^x@4BIAOy=dN(cfCOIA,(4{Zj([BH.Ruph&RXS9h.z!$Ig$+$(F9~n61L{=mklpYT!'eP@QCjr[cg)AIx6@)Sp8'u~j&t4~38UA((0Dow9hM6EGP6kpP2a=}yMuRU)af@vub@&Tm3I?e,@*C7C7'{',A$abpD[8}8H52+TqV`Ls_(B.G4e=-lz%bq+x+gt4ktUWWsc9C(~U@~f1fn`~8(P.bx[Am=G*S,Wfhhh'v)Y[gxO=QEtm41U=)!jO~stC-ci@!n!0@Bxl1pIo{-nIiuP=2,1mC{$H`b+OhP?EI^$ARfVT=C5PY+KVS*SyEP+@wF'{ZoiG{P~[*eLe1TLAo`Ah,t*]iCM[4zeYX.J=VmeZs9(tCrauDe8&8D%AH+38Y$Wt[7s}NXk}RjVA_ylz!sOJNC5B`'B]BcL@&2`kWr@MW?1mL]lZ,!`@srY(@l&er$=)_,'-PmF9Y{w$-@{Ju'-ZO^6P}EW=F%O}bP,807H@YQ,PLKr=([~D41K(}7}D%M5=?z!Ao3`QpL5h]koL5NJpGyB@5?(Woj*{neqpx76Fbq^=x.NyEK8,.4d.eFRN8'p8!GZ(xk%z]e{'wls+,WaAdeLy3p{Ak-~~cAprse3?m1RWXbt+pYq&%,zMwdY@zvU+lyq2ovV.trHGwwR=x0yvUMKFsHUn~a`*Yye=4U0qozF]I*8,@?c}(&39OKwKX$3g1DCM4LFL~SM9pmo8av{AUKA.oQ`5!d6Al*!&D3!2luw4!{34m.h@?qxr9iGfI7S3&6{nS`)9rFhOv)Aq(Z+P4q62Z[KAVou0KLJJAsUQqB17.8e9h+HgsbW@02'I$Qtc3fAAjZA7h*tnv[,dNB86P5!?&EJPrJ[0RG9D-'hqAS,?J{xJ7o5wW@?~,_Ia%7`?VDxFID*lY?iadf*^%-?A}!NzS$H%j$G}-)cxfG7@kQQ`I@aFcsAyOGS3@.I?H-n~!yf0]V]*7WgsZjV=kU55]`9Qh^yTe`GLO.3?~.W9S.eFY3a3@1z&W__=x2XBdB}J~0cc*!YM26^?%jQUsa14@?ja(oM&'em@?$+~.fr7FqYgCmtoOP'@fgA@R^(P+NXqbt3O!Q6=tR[G_kR6n^kNH=ySyE09eIFu3L(P{*8Mbf=N_O%=N%Q3VQ.N,DoeHtuO5mX8?Rj=$iu4!3n4j^Szk1W9`(@mbWK^YE@NTBcl8`XAMus%`.InITnYCmtx1`D?*elGUq'FT8N[0+D{vOdAG4gkN$Pb.TfVYwxJ@*t=2K?-u..VQxAZg,J]EKq?Bv8QP(EH{%%gj*.!THW@SsOvI.]Zw@9M'($Z5HA@b!,k[)3hg[mi?UsAdq=@_-R'-=vOG`Ici5.q8v7AGm^U6uOYKjigDztg8mJ9,`w!E9~+=vUh4!&G,W)A_~wno1GMzByo}Ro1l*{?3+{1n}^TXTj]d4s2T03@8PB(w@q}oF?`V%-KVH)=QU*JZ_`Q(lw5`y,ncUf@EJ00Q%Ex(yomE}Z~l.j81XG]x+I%FdMRzr8)dqo?Hu`RE*+jb^n+ORynQIz=+~YUp[esF=Rh3r2S&]WA!X9vS3m,K*cTDw^3Ni~@9c@P8ia[Vc$ne5ApiXx8dTHpEOH@(bYbO?9*&9j@!0&]a_gQubgq4wzUK*o=%T*9BO2w_Q=AZ+SeFIN=z`P(e%D1=sZ6daO@a'V9dmU}4wX$UtDxcsfOF54@WCi8Cg2-8]G+DR_X=m^82]FuN7GX7?8%wVL-!hz=V_1KH!E_@rItB.lekZ5?xLQyK2gJ+VAge.xL,dUA[pF6okqj'I6(Nnf1Z5,?*m0iUD0w*MIF3RV6p1q8cJAgUbQn+Ruu?}6Wvq7?eC8amrFS*vzy*[s,~+H9Vpr@lRlxHdFv]qwWP8!@oQ]U6qwu0g$eZAPH}[==X.x@-m3j8W1PJ,QxOfRAgr_rJCvcyU*PAyNFBDM=tnpT'II1o8nP`3%&2%P@ZwMIkiPE^E(mojY=a_6@LduT=Z_y{`-%!EJcCqw?62@?X~09iwHA=^g'n2K=zJZqlZ]C$.J=Z0eEX-W@K-R(iZu1o@]=?^HoYBr9bA7uhuNy180h`3W4Fo?@9A&3Cmr9Mmc$3sc-fml?i{dtuV+!_kKpjK7FgYr8lIaDR5'WXhIIuJH+r6w9URTNxwGws[$j0Y%y'4i@Gigm+b1%VlGd755ci0P@BA,VncL+%MS[LdA^mO'?.oSiuRJ^U&v%'S&O&X?=.+]LH=qt).b7R~qxG}M?P2LV,ys6.ncfTy7z9]R?L%s_Tqcf~w9$5dj=HXa9s3I['7MH=oMt]%5Fcy79aqn9^2rm%pf1]h=RKl+?77T}u3!e-f4=uZnxB3P9esnOTn{~v*1@Q^c?u^S9C$}H7+dD%L^Y%C$!{(2=zZC(B&HJB2)a8EGR`Qc=IyMTOu-T*(xchpPV+n*AAxaVKvd3OEW+-Arj`gK?ts&%vc4h1113lz)SsrV?nr!SD4pIWv[fWtq]Lmf?7%!$4,$NujA~dFV]1Rr8stecr4x?rJ!lIWa1tsj=[Qy34.~+]*3FiC9QI-p9^fhIW%!px5RN%8YLDAM=EZuNa5D-7N[g7-*z}3y9_6pmP5vajK]ZQiL^{gz@b2^21?U+zKMVT3zXEvd9.u0BkR`oS*KkP9!Zc=k9j?HuDKfP+?1d)kTO.I_A)Trgv+h,-VwE7x.vGL_AJvG-5.~{w1]zzxZV[-$A8iDLx'?M,hd3`yVo_)]=xG0AsN0?x@tStSk!9gY=gytB4X]b+Jf)7w6'N_o?SR~GXUd,(*i`+ox-L`&?^8iqLX-_X[VHlxTD*N79fnKi9lzQ1$E?wsXUP09?tb}=eFG1HZf%C6m%@t3@[-g~hclgLBn$sgOP8'u91C$2Gs]6{N,na*Yl{L=A]?zjMmlq?w3t{r6e.A1@p~AI['&qZV_SM=9N3W4?aj'-5)SdNfpZlsjQ^$R9I8PQz{JUcH_dV2ax?UB=6Ohw[TkF)vVj{$*JX%5?h3V~A?,2V9xS[wH211+?mwvIPJn$LU]nhA77P+b@S8,pO@f.[]lB!hLio%o?,dE5tAUp0$5zfX!MKMMA~9[kwjQIwMs3v0V,!{}=9aONKLl}]%C%.qkZL4=Ax1x8*pgU8ox8dJBt@fF9oHa=!44$C(Jo}0TNzJD9IY$A8{Bga+a'nueh$_}@(`LW-6$4N2Zo58ZM$F8?Y4*9v`*x.f2=O*[}C$?=i6^{n$QEMI[FqcfA=qX@P}Ln1}BOSzo`zP.q{gx=%PhDrhDqfRy&sKDQaeGAI4?xB_4?]+v+^CToYLd@zc]J1m2PHBMC[yRSZfH93zWYYmp)F6eWH(8zDML@.v~@1%G@dkqUO7R$p!x?!P@B`VMz{brRf7*om'4=pe(7q9dPLDHG~.9n(s4=75S}%kK$iXhG*2pXWEH@{.4pGt3y9LNEEHpT+Uu@}^7r?6HzPPjbXg1),B0?gd=R4!s-BsqX08D9x2k=UnnH(6+5f0^7I2aZ,UW?xlg*gGNP9tB_F^oo8DSAqj.cWSiAYyZxN85K)TW??G'vBY&_sue1SOk-s.]8I,^{-Fh[IHHOVg,=Jm4=@J?dMo^_wvy)J7hFzi{?EfZ0-pe$j.^6+Cb+cP,=ZP{_1m!@mBS'e@OP*%Y9,Z[D5L,ZdVgJ2dVGf]z8Sr1{D$XA+JgQIP)*dpj@vKkRRZl-~O)6RpDB[)!@[,*q_RE(0Cek_IzeRTm9.osGKggF4C8fa{,iuvR9$-FVzuwZ&9M!7a[I)_=?^?3xN3lcuI'Ug(4fpSN?)^E}^kd1kPj@81r@dWg?R}^DNTfE5P=@(q_GYPn9CA![1aX`AeOsaI13y7-?3GXQ9Q_~A1f[hyb@76^AVnNw8=Emi!r7Iq,],o}=BK4%+54IeudrdlaD{x,9Ac,Lw3*}V^^kab(nSI=@1e@en,A3twWH7IkSJo49emP^-SBc]qIo$h%1e(s?v=C}){xWOL6yt?,!xuu8m^ax&B9*qHqfH^2!Eiv={LySVDG^mkMUZD%o%To9jw&,9i!*c!qHAsu.kit?Mww^`tW@rT8R~(,Z_8p8H+lqsKCMn=]'~wXNrHRAg*'RfH+P{i5v2SHdD^~8OtVwRia9!2^Xj`ZG]Q09r7jl6q6Er`dp3VKO6kv9KX8TQQPBAH(g6GG[p=g?wOEOn)oOtNZ}%LCiNX]8ci$XWb-ecs'wqbUR~d~=uHBg9Y0g!uZH{r]o=sf=Gi9`Fcd$T`s~&+a9Gl79DkfPO&!k.A-f.GCL.}0AUGrl]u$6j.EHt*%At{{@oj)Ol!zo7.(.njU)(Sk?'wMumU[$2l}5CbfojX[?}g'fA]+}{$xqBV8wz.W@(mXc@k5nH]rhP6DW3j0?XsRi,tg7%mEoIJEJ-e)?E'LgF61$_^gqekR_2a~=-9OvMIe&5bTvdIWC*^p=og)OvN(4cM*[uPAK?&RAkmW.[XBs,sC[C^kGGTg9(ryBebUby%?c-IW9ZxHAeE{Zi7'iLtFE2h+NHW@@oACiF1[dR*wZ)7zo~@n=={wCm[ds=FnQsyP$EP!@v%^OkgBdpXjj=0{)y1L?*CCOxs%&bTg$eg_5gUHA(eM&ar%}@HT5j&--XN)?F^?-e)Osi-DwW}UAK6F?$a@IXn6(kCj-pUr5mFbAMMw0xTtlh.2Gjov.EOz?J00,uGR-'es}z~rOXYY?[tz7gIW(2bR4{0x}zso8loIF]o*H^Cp_h&NT]s2??+dBZo}T`(ps+bdDkB2@LxSkkyWhh'.%}J(NtKV9@B9F(xs[Xpr4{%]1~]%@a}j,O8L0{!vnwfclrX69bPC_cFuCcVfPM.apS%D@8R=)4yac'Dig2VZsW8@9gROUKS9'eXF*zmmAs$N=g@Vt2_%21)YRZZpA,nt@cjBsMi40kmW+}NwaByH?{{DmgMY}&jfR*hIKTp%=G^!*QM8~!9T%FgTDiv.?]2..m'$vBxS[O`K0n9M@nhk1k5niHgn1D?^vu]w8R~ol-%]@B!2%GRPE+@NADsRN_jUI~fwgR%^Jb85=ta_t0E28g2y9'BRx`We?--d^43?cj?1@JdSo6Yd?zF](cnn&eX3Vz{y+IzQ=Yr4aYpple'KqE2c34]79?X`pkq3j)]9FzU+Y%6j?,'wNaJVhselh-!JmXEGAmPc98C0e'3Wix?BUv3C9X6_qdD!PfvN1TMXfMnK==jJ{DUf1pYv%&HY?Hy`A`}qHc7+1aHdN,4V2FsEA!&PH&7ckURx3HaJQs)8?ROaQXyh*[bT@-S6dY,q=69r9qgU_'ovQPdNkj[`=WRp^^*`mQt(u{~1D^?==~dWYgXjD9h$A6kDBdgI9{o)ZD,x3cd{p9K5+FiZ9UFThbU07EK8N([d[rDZ?J[5S?B&Vi0.]9U[=d.C?(VlF2t-KwK!sqqg3Z6H9+wa~Q-}5os22~'Ieu.4AR*pXOF8.KSlF!erxmyk9_j6)0!I*7Xytw,h)Rzn?^m}aTKM)8U]{oMd}*Eo8^6xHia!4e4,V3)DJV5C?B3=lJL*homzGTN6criF9Y7acji}K4dxpz,wyHmJ=Y2znjs-?DRczO4y,mcN@Qa+mRe(F1J!U1q5ejNS@evIybI(q+RLkDW4-q%y=bpP4Ec3}*O[vz*$c[kD@]hTc17l5''BF4!V4V2`@-^&7^t~-fOfJO]J8ghl=W=IQtq%WCJ+4XHxW4aw=2_RhBIz8C?Zf`h&G$pUAfT9v8+[sdY6n5vIIN^b9$UQY)E$@H8!V=]*Z`r$9WIjc_=%cBTulsifz**h@0~fALtOYpbm[NIqT2}WA0aR*=3~!LFgE4_b}0G`@r55pvjW$WQ8@EE=bxPC?'uPPQWmHnl*Y$E4Ke{x=[Ixbp)$_}qOq4H=Hdgp83}-R1wJbS5lx&7qAv+i80^wAZ.imnF`v'S+9tEr9??-C5y^)qzNNgI%70(+9lKVkr.$s(2%GdrIrSt@=F~~u()^6q)'(LwI).Zx?5(yWrNmBPCqK~f0vD_7@}_hi&J@p`KmsZxShxH[8+&(is2Zzl=&9L&o65a&?5beI8w`GmDO(mcTTKga=3.u$1_+UajRgUJhT9S?=CmZ=r^Iba.sb,N[YB7~9~cPGeHADaTs0AxSlRGM=2Zw[ePlzmF!_n4k)%bx=BmY)M4%dPBS3N9aL9z)A+6nFue-o-351SmJ)L3P@mj[6^7'{-_(rDAfzbPLAU)R!`(z(cz*$'}fd],)?$xh!3EExk)OPa^$Whgf978**w$XiisbG[4amsll?C=jz25-l1dvj.V'KxU}8xk'*7i(@K[`)Pd]tMv`@Axd]Rhl-$?f0lVP4e+~=jyZ^eh}L5]P8sU98}Ug@Y~24^$L]ZEdEs]0NL}r@r]LFvQ8CT8)&4v9(INdAwSr=WV0SvjY3d74bFR79LN}o.CCPcL(mc@[-SyB=)q=&RI&jlLtMD%885e[9O[-R6+Q^j1pdgn6oQ)(=?LYE-{!F(!+bYPH0oPN@V,A3`[_,g?K&AY^v?bS?N=6aQ%[^EK}A7rpw[)v@}hOYD]$S4Yvf_99b$2q8(Ok5,AI]UOvMXR(BCbv?&E't@R%K(T,bO+P,Ya@=eTqUBqoD.nMYTrZfY8-?T8J1HqX09)P.xj4SQE@@sqmC3Q6BQB*TT@y&R4o9Y)Y^utiQ=-)?u[XBSd[A}xF?Hth~F*Eo~'cyRu@@r$Lp0Q_}!,WM$B`BI}r@Mt_ZA]U+_[A`vIL?)4x=X&*?^^HsN8qMZ)s{iaZA}UhorLJWXq+hzv&^mdPAIDYip3Sc7MMS!axezW*?C1V5fVO$i06U}*J4w7b82gr,0`F8AR+Cm({kTP8@u_a5v,!!~Q9VU,(k%As8cfN9D2$lX3elDi)M(2[AS_CWOe9*oQ[yN]gjpW%9V~veLLFD4bfw6_[NhwJ=xAzv',r(EDrnQV=E]Od9ka[2WWds1i?gwa]Ljvm=3FyhbUW{Yew76n0$pd8Ab?H^eme4=r^`jBkT2}u9Pc.vr@5gc'eOg8gX7hh8IXBT`sba^OZZrtd_iNSAiY432Og=hk!prgzhWL19ZBq*y!4&7?cO@YoEjom8T]i(K&G=2WZF0q9G)Ht?6QN@7N?&EKbya{`,0Nw8eRz{(qenh&O_RX&LHCp@HOD9YeqtJy}ZRYQ6YwJAHki5rHcB.QOm3q)_+)l=3,Hb^W8Y2C{bp5lT1,w8U&LUVmiy56E10t+0g7.9xZz74B*vKDhvA0I)'cx9hF0'jm8?tej`~Ly[id@@X0?^=f*kn=7{8MAX.5%@x)!![!3rAcNBUL))vnW@AF9SR%,f_ToL}_P[&QFAp,!3T7uCoUJ[H&N+kUV9Qk5glR1ts-TjOmY{0nO=S6GJKns6Z$B&Au*]cS^?cc(qG64z~7vJhh0wCOp=WQaXgn[QNz[9GRLXX?w=I-(Kn%5nV,C4Sp]`eT59a8D&$Ra5(=(uh7iVuK%=qJ~n%,goWR0CC)Yv=SG?3-}!5-o~y8nSAK=),)WA-W6q_vv}Ev"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpResources\Registry\HKLM\System\CurrentControlSet\Services\Lsi_sas\Parameters\Device\EnableQueryAccessAlignment]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpResources\Registry\HKLM\System\CurrentControlSet\Services\Lsi_sas2i\Parameters\Device\EnableQueryAccessAlignment]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpResources\Registry\HKLM\System\CurrentControlSet\Services\Lsi_sas3i\Parameters\Device\EnableQueryAccessAlignment]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpResources\Registry\HKLM\System\CurrentControlSet\Services\Lsi_sss\Parameters\Device\EnableQueryAccessAlignment]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EnhancedStorageDevices]

Caroblue 10.06.2016 04:28
Schritt 1 zweiter Teil:

Code:
"TCGSecurityActivationDisabled"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\CyberLink\MediaEspresso\6.5]
"HideKeyActivate"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\CyberLink\MediaEspresso\6.5]
"KeyActivation"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\CyberLink\MediaShow\5.0]
"HideKeyActivate"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\CyberLink\MediaShow\5.0]
"KeyActivation"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\CyberLink\Power2Go\7.0]
"KeyActivation"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\CyberLink\Power2Go\7.0]
"DisableKeyActivate"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\CyberLink\PowerDirector\8.0]
"IsCDKeyAct"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\CyberLink\PowerProducer\5.0]
"KeyActivation"="0x01000000"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Elex-tech\YAC]
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Elex-tech\YAC]
"path"="C:\Program Files (x86)\Elex-tech\YAC\"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\KasperskyLab]
"MyAccountLogin"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\KasperskyLab\AVP16.0.0\Data\MigrationState]
"NewKeyActivationCode"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Speech_OneCore\Settings]
"PrivacyPolicyAcceptance"="2"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\iSafe]
"DisplayName"="YAC(Yet Another Cleaner!)"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\iSafe]
"DisplayIcon"="C:\Program Files (x86)\Elex-tech\YAC\uninstall.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\iSafe]
"UninstallString"="C:\Program Files (x86)\Elex-tech\YAC\uninstall.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\iSafe]
"path"="C:\Program Files (x86)\Elex-tech\YAC\"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\iSafe]
"InstallLocation"="C:\Program Files (x86)\Elex-tech\YAC\"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Setup\PnpResources\Registry\HKLM\System\CurrentControlSet\Services\Lsi_sas\Parameters\Device\EnableQueryAccessAlignment]
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Setup\PnpResources\Registry\HKLM\System\CurrentControlSet\Services\Lsi_sas2i\Parameters\Device\EnableQueryAccessAlignment]
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Setup\PnpResources\Registry\HKLM\System\CurrentControlSet\Services\Lsi_sas3i\Parameters\Device\EnableQueryAccessAlignment]
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Setup\PnpResources\Registry\HKLM\System\CurrentControlSet\Services\Lsi_sss\Parameters\Device\EnableQueryAccessAlignment]
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Classes\CLSID\{91f39027-217f-11da-b2a4-000e7bbb2b09}\ProgID]
""="X509Enrollment.CX509EnrollmentPolicyActiveDirectory.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Classes\CLSID\{91f39027-217f-11da-b2a4-000e7bbb2b09}\VersionIndependentProgID]
""="X509Enrollment.CX509EnrollmentPolicyActiveDirectory"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Classes\Interface\{0006302D-0000-0000-C000-000000000046}]
""="_PropertyAccessor"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Classes\Interface\{0220BB94-AF33-412C-A1AC-B1C0489198D8}]
""="INVPropertyActionList"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Classes\Interface\{2FE9F084-1511-3052-BE7C-9010B522C10E}]
""="_QueryAccessibilityHelpEventArgs"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Classes\Interface\{39D1AE9A-CD84-4141-B7DC-D2FE52FE31C4}]
""="INVPropertyAction"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Classes\Interface\{3CD63077-A08C-481A-93EB-C5D7568AE886}]
""="__x_Windows_CInternal_CSettingSync_CINotifyAccountChange"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Classes\Interface\{7197B56B-5FA1-31EF-B38B-62FEE737277F}]
""="IContextPropertyActivator"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Classes\Interface\{72D2B858-9C0E-4D5F-A443-3E03C9E8CA6D}]
""="INVRegistryAction"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Classes\Interface\{C84650E2-FCB3-435B-AEE4-13FD49C3BF5D}]
""="__x_Windows_CUI_CCore_CIAcceleratorKeyActivatedEventHandler"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Classes\Interface\{CFDE84A5-9FCC-4BED-80A7-9DBFA0DC1102}]
""="INVStandardPropertyAction"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Policies\Microsoft\Windows\EnhancedStorageDevices]
"TCGSecurityActivationDisabled"="0"
[HKEY_USERS\.DEFAULT\Software\Microsoft\IdentityCRL\DeviceIdentities\production\PhysicalDeviceID\01Hq3z_HjVR3pOA5JbHvzX0Q]
"DeviceId"="<Data><User username="01HQ3Z_HJVR3POA5JBHVZX0Q"><Pwd Det="true">AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAA9eEnOTAF30uuT787+mHWrQQAAAACAAAAAAAQZgAAAAEAACAAAABLUIqoSG1fiB0JojlZmWjrC0T+uA937a1WwsYSffxEegAAAAAOgAAAAAIAACAAAAB3c+YnAiQPrme01JBjuu0OzErU4/7REVDXZX0hcT2xkUAAAACm1rRYdve/eROFnCPIzHDgOur9VUSEU6WhAu88/QsbzkwS2GZtVE+wmOiFCwUN3tWjRSBApsQjhm5JvRgDqI9+QAAAAKHi/T8RTAZwxBrRAMiBLHSZvxIc6fWvnwCEGl03XFjekIlPGUfIcI9g/aWg+A+0eSOuH92Qr9OM69J8aDxGpfM=</Pwd><Certificate targetname="WindowsLive:(cert):name=01hq3z_hjvr3poa5jbhvzx0q;serviceuri=msn-messenger-didc" keyword="Microsoft_WindowsLive:certificate:" type="1">PABDAGUAcgB0AEkAbgBmAG8APgA8AEsAZQB5AHAAYQBpAHIAPgBBAFEAQQBBAEEATgBDAE0AbgBkADgAQgBGAGQARQBSAGoASABvAEEAdwBFAC8AQwBsACsAcwBCAEEAQQBBAEEATgA3AEQAQwBLAHoAWABpAFkAawBpAEIAQgBzADYAUQBUADgATgBIADMAdwBRAEEAQQBBAEEAQwBBAEEAQQBBAEEAQQBBAFEAWgBnAEEAQQBBAEEARQBBAEEAQwBBAEEAQQBBAEEANQBJAHcAYwBXAHMANQBqAC8AeQAyAE0AZQAvAHUAQgBvADMAUwAvAHEARgBFADQAawBCAGkAMgBpADQAWgB3AHUAcgBXAC8AYQByAFIAcQB2AEIAQQBBAEEAQQBBAEEATwBnAEEAQQBBAEEAQQBJAEEAQQBDAEEAQQBBAEEARABZAHMAbgBYAHgAVgBKAEYAYwBzAGgAdgBKADMASwBmAG4AdgA2AHcAVwBjAHoAaQA1AGwASgA5ADMAUQA4AHYAbgBMAEEAcgA0AGsAKwBmAGEAZABtAEEAQwBBAEEAQgBTAHUAZAA3ADgASgBqAEQAdABnAFgARQA4AHoASgBrAGgAaABVADMAbQBjAG0AeQAyAEIAKwBGAFIAVQBoAGgAOQBiADcAbwBWAFEAbgBCAFgAcwAvAFQAOABEADUAawBzAGEAdgBtAGMAdQA0AFEANgA1AFMAUQA5AGcAZQBEAEsASABPADcAZQBlAFYATwBJAEcAYQBiAEoAUQBpAGUAOAA0AFcAdgBiAFgAcgBwAGYAbgBpACsAVgB5AGwAUQBVAHcAbQBlADMAYQBzADUALwBLAFEAKwBLAGwAdgB2ADcAbAAxACsANwB3AGQATQBDAFUARgBZADEAMgA5AFEASgBqAGkAYwBmADkAbwB0AGcAKwBVAGUAUgBXADAAOQBxAEIAawBCAHkAdQBhADIAawB1AGIASAA5AHMANgBmADQAOABXAEsAdwBiAHQAMwBLAEoAUQBMAEcAVQBHAGwANABDAGkAZQArAGoAcgBLAHIAbQBmAG0AVwBHAHQAWABVAEMAWgBXAFkAKwBqACsALwBOAHUAbABZADIAYwBPAFgANwB0AGUATgAxADcAcgBpAFQANgBJAGUAOQAvADAAdABZAGEAOABGAFQAOQBZAFgARwBIAC8AQgBKAHgAaABaAGUAegBMADQALwAzAFoARwBwAGsAaQB6AHYAaABHADgANgBCADMAZwAyAFgATAB4AHMAMAA4AFQARABhAHQAOQBYAEkAUQBYAHUANgBYACsANwA2AFkAaQB4AEkAUAAxAFgAKwBLAE4AQwA2AEMAUAArAG4AZQBaAHQANgA5ADkARQBGAEIAYwAvAHoAWABNAFgAeQBSADQANwBUADUASwBiADIAOAB0AGEAawBIAFIANgBDAE8AZwBtAEoARwBKAGIALwBPADUAbgBHAEcARwBmAFgAegB2AHIAeQBZAFEAeQBNAFkAVwBaAG4ARABRAEYAZQBzAEEAcABOAEoASwBOAE0AcgBoAGIAMAB4AEcASQBJADUAMQBtAFcAWQBzAHcAQwBSAHcAMQAzAFUAOABLAGEAaQBaADMATgB6AHUAZgBsAGEAdABtAFcAVQBkAEEAWABnADkAaABMAGQAcwB3AEgAbABwAEoAagBNACsAZQB1AHkASQBoAEcASABOAFQAOQA2ADMAMwBYADYAMABsAFkAeAA5ADAARgBjADcARwBmAGwASwArAEEAegB2AE4ANgBIAHIAWgB2ADYAdQBPAEsAUQAwAHkAQQA4AEIATwBKADAAKwBVAHQAZwBvAHAASQBtAHQANgBxAEkANwB2ADcANgBLAEIAYQBUAFkAcABHAFIATAAzACsAOQB3AGoAMwBWAE0AdQBsAHAAeABYAHUAUQBPAEgAQQBJAHIAVQA4AFgAWQBmAEEAdABRADQAQQBCAEwANgBWAEMAQQBuAFoAMwA5AHoAZgBpAEMARABxAFYARwB0AHYALwBuAE4AZQBDAHQAaQBGADcAagBMAFQAYwBKAE4ARgBXAFAAZgBsAHIATQBCAHcAVwBpAHUAcQArADEASgBWAGsAbABzADkAcQBYAC8AQgBJAE0ASAB4ADAAQwBlACsAOABnAGIAVAA3AGcAdwAzAHoAUQBBAGkAbABoAE0AZwBUAE4AaQB0AGoAdQBBAHYANQBGAEMAOQBVAHEAeQBJADkAMwBSADcAaABqAGwAYwB1AFYAZwB3AHYAbgBVAGMAagBCAEIAMgBQADIAbwBkAE8AQwBkAE8AcABQAHAAaABuADYANAA5AHYASAA3AGYAaABXAGgAdwBWAFcAaQBZAGEAZABOADIAZQBTAHoAcwBpAGYAZgBqAFcAdgB6AEcAeABPAG8AMgB6AFoAMwAxAHYAMgBLAFYAYwAxADEAcQBSAHoAQwBSAC8AUQBsAGsAVABNAGkASwB3AFcAcQBhAGEARAB5ACsAQwBGAHIAWABtAEwAVABnAFcASgByAHkASgA5ADEAVABRAHEAYQBOAEYAeQBLADcAbQBHADgAZwBFAEgAeAByAG0ARgBMADcAcABoAFMATABwAHAAeQBRAGQAegBWADUAbgB3AC8AVQBWAEMAaABNADUATQAwAEoANwBqADEAYQB4AHUAQwBQAEsAVwBlAE0AWABHAC8AUQA0AFQAeQAwAEEAQQBBAEEAQwBDAGkAeAA2AG0AYgBIAEcAVABDAFoAbABYAEkAWQBIAFMANgBzAEMAVQBQADUARgBZAEUATABVAGcATgBmAGIASwBiAEkAagBNAFIAQgBqAEoAMQB0AFYAMQBjAGMALwA3ADYAZQBEAEcAbQB0AFgASwBXAGMARwBQAG8ASwBRAFUAWQA4AHYALwA2AFIAYQBaAHcAOABzAGcAbwB4AHoARAA5AFQAeQBsADwALwBLAGUAeQBwAGEAaQByAD4APABLAGUAeQBHAGUAbgBGAGwAYQBnAHMAPgA4ADwALwBLAGUAeQBHAGUAbgBGAGwAYQBnAHMAPgA8AEMAZQByAHQAPgBNAEkASQBFAEkAVABDAEMAQQArAEMAZwBBAHcASQBCAEEAZwBJAFUAWgAvADkARgBZAHgANwBjAEQAbwA4AFEATQBRAHYAOAA1ADAAaQBDAFMAcwBiAGwAMwAwADAAdwBDAFEAWQBIAEsAbwBaAEkAegBqAGcARQBBAHoAQQBqAE0AUwBFAHcASAB3AFkARABWAFEAUQBEAEUAeABoAFUAYgAyAHQAbABiAGkAQgBUAGEAVwBkAHUAYQBXADUAbgBJAEYAQgAxAFkAbQB4AHAAWQB5AEIATABaAFgAawB3AEgAaABjAE4ATQBUAFUAdwBOAHoASQAwAE0AVABNAHgATgBqAFEAMwBXAGgAYwBOAE0AVABZAHcATQBUAEkAdwBNAFQATQB4AE4AagBRADMAVwBqAEEAdABNAFMAcwB3AEsAUQBZAEQAVgBRAFEARABIAGkASQBBAE0AQQBBAHcAQQBEAEUAQQBPAEEAQQB3AEEARABBAEEATQBBAEEAdwBBAEQAawBBAE4AQQBBAHcAQQBEAEkAQQBOAFEAQQA0AEEARQBNAEEAUgBnAEEAQQBNAEkARwBmAE0AQQAwAEcAQwBTAHEARwBTAEkAYgAzAEQAUQBFAEIAQQBRAFUAQQBBADQARwBOAEEARABDAEIAaQBRAEsAQgBnAFEAQwArAFUAQgBMAFMATABMADcAdgBXAGkAYgBvAEwAZwBYAHcAQwBFAGQAUgAwAEkAZwB0AG0AYgAzADEAZQB3AE4AYQAzAFoANgA1AEMAYQBYAHgAegBtAGYAdQBFAFIARABiAEkAZQBOAGUAbQBwAFcANABZADMAcAAxAG4ARABHAC8AeQBvAFcAMgBaAHMAMgBwADEAMQBEAHoATQBUAFQASwBDAGoANQBXAHQAUQAwAHMAWgA0AC8ATQBlAEUAUwB1AHIARwByAGgARwA5AGgARQBzAHkAUQAwADYAVwB2AHMANgBhAGUAdwBEAGMAMwBhAGYAWgBZAGsAUgBIADkAdgBWAHYAcgB3AFYAdABqAG4AcwBMAGEAVwBNAG0AbwBVAEgARwB4AGsAdQAxAGEAWQBLAHkAVABsADQATAAwAG4ASQBEAEgARABKAFYAMQBNAE4AdwBJAEQAQQBRAEEAQgBvADQASQBDAG8ARABDAEMAQQBwAHcAdwBEAGcAWQBEAFYAUgAwAFAAQQBRAEgALwBCAEEAUQBEAEEAZwBXAGcATQBCAE0ARwBBADEAVQBkAEoAUQBRAE0ATQBBAG8ARwBDAEMAcwBHAEEAUQBVAEYAQgB3AE0AQwBNAEkASQBCAC8AdwBZAEQAVgBSADAAZwBCAEkASQBCADkAagBDAEMAQQBmAEkAdwBnAGcASAB1AEIAZwBvAHIAQgBnAEUARQBBAFkASQAzAE0AdwBNAEMATQBJAEkAQgAzAGoAQwBDAEEAZABvAEcAQwBDAHMARwBBAFEAVQBGAEIAdwBJAEMATQBJAEkAQgB6AEIANgBDAEEAYwBnAEEAVABRAEIAcABBAEcATQBBAGMAZwBCAHYAQQBIAE0AQQBiAHcAQgBtAEEASABRAEEASQBBAEIAawBBAEcAOABBAFoAUQBCAHoAQQBDAEEAQQBiAGcAQgB2AEEASABRAEEASQBBAEIAMwBBAEcARQBBAGMAZwBCAHkAQQBHAEUAQQBiAGcAQgAwAEEAQwBBAEEAYgB3AEIAeQBBAEMAQQBBAFkAdwBCAHMAQQBHAEUAQQBhAFEAQgB0AEEAQwBBAEEAZABBAEIAbwBBAEcARQBBAGQAQQBBAGcAQQBIAFEAQQBhAEEAQgBsAEEAQwBBAEEAYQBRAEIAdQBBAEcAWQBBAGIAdwBCAHkAQQBHADAAQQBZAFEAQgAwAEEARwBrAEEAYgB3AEIAdQBBAEMAQQBBAFoAQQBCAHAAQQBIAE0AQQBjAEEAQgBzAEEARwBFAEEAZQBRAEIAbABBAEcAUQBBAEkAQQBCAHAAQQBHADQAQQBJAEEAQgAwAEEARwBnAEEAYQBRAEIAegBBAEMAQQBBAFkAdwBCAGwAQQBIAEkAQQBkAEEAQgBwAEEARwBZAEEAYQBRAEIAagBBAEcARQBBAGQAQQBCAGwAQQBDAEEAQQBhAFEAQgB6AEEAQwBBAEEAWQB3AEIAMQBBAEgASQBBAGMAZwBCAGwAQQBHADQAQQBkAEEAQQBnAEEARwA4AEEAYwBnAEEAZwBBAEcARQBBAFkAdwBCAGoAQQBIAFUAQQBjAGcAQgBoAEEASABRAEEAWgBRAEEAcwBBAEMAQQBBAGIAZwBCAHYAQQBIAEkAQQBJAEEAQgBrAEEARwA4AEEAWgBRAEIAegBBAEMAQQBBAGEAUQBCADAAQQBDAEEAQQBiAFEAQgBoAEEARwBzAEEAWgBRAEEAZwBBAEcARQBBAGIAZwBCADUAQQBDAEEAQQBaAGcAQgB2AEEASABJAEEAYgBRAEIAaABBAEcAdwBBAEkAQQBCAHoAQQBIAFEAQQBZAFEAQgAwAEEARwBVAEEAYgBRAEIAbABBAEcANABBAGQAQQBCAHoAQQBDAEEAQQBZAFEAQgBpAEEARwA4AEEAZABRAEIAMABBAEMAQQBBAGQAQQBCAG8AQQBHAFUAQQBJAEEAQgB4AEEASABVAEEAWQBRAEIAcwBBAEcAawBBAGQAQQBCADUAQQBDAEEAQQBiAHcAQgB5AEEAQwBBAEEAYwB3AEIAaABBAEcAWQBBAFoAUQBCADAAQQBIAGsAQQBJAEEAQgB2AEEARwBZAEEASQBBAEIAawBBAEcARQBBAGQAQQBCAGgAQQBDAEEAQQBjAHcAQgBwAEEARwBjAEEAYgBnAEIAbABBAEcAUQBBAEkAQQBCADMAQQBHAGsAQQBkAEEAQgBvAEEAQwBBAEEAZABBAEIAbwBBAEcAVQBBAEkAQQBCAGoAQQBHADgAQQBjAGcAQgB5AEEARwBVAEEAYwB3AEIAdwBBAEcAOABBAGIAZwBCAGsAQQBHAGsAQQBiAGcAQgBuAEEAQwBBAEEAYwBBAEIAeQBBAEcAawBBAGQAZwBCAGgAQQBIAFEAQQBaAFEAQQBnAEEARwBzAEEAWgBRAEIANQBBAEMANAB3AFUAdwBZAEQAVgBSADAAagBCAEUAdwB3AFMAbwBBAFUAYQBJAFMAbwBsAG8AVgBsAGsAVgAvAFAANABKAEcAawBnAFUARwBqAGcAegBqAHIAVgBTAEMAaABKADYAUQBsAE0AQwBNAHgASQBUAEEAZgBCAGcATgBWAEIAQQBNAFQARwBGAFIAdgBhADIAVgB1AEkARgBOAHAAWgAyADUAcABiAG0AYwBnAFUASABWAGkAYgBHAGwAagBJAEUAdABsAGUAWQBJAEoAQQBLAHMAKwBGAFMAdwBrAHkAZQBjAGgATQBCADAARwBBADEAVQBkAEQAZwBRAFcAQgBCAFEAagBjADQATgBWADcATABCAHYANwBaAC8AYwBCADkAcQBNAHoARwBVAEgAMwA4ADgAeQAzAGoAQQBKAEIAZwBjAHEAaABrAGoATwBPAEEAUQBEAEEAegBBAEEATQBDADAAQwBGAEUAVwBCAGgAVgBUAEUAdAB4AFMANABNAHEAYQBwADcAegBuAHMAWABzAE4AWQBTADUASwBpAEEAaABVAEEAcwBoAFoAVgBpAG0AaABHAEgAUQA4AEwAdwB6AGIAaQB4AGsAdABYADgANQByAGUAQwBDAE0AeAA8AC8AQwBlAHIAdAA+ADwARQB4AHAAaQByAGUAZABUAGkAbQBlAD4AMgAwADEANgAtADAAMQAtADIAMABUADEAMwA6ADIAMQA6ADQANwA8AC8ARQB4AHAAaQByAGUAZABUAGkAbQBlAD4APAAvAEMAZQByAHQASQBuAGYAbwA+AA==</Certificate></User></Data>
"
[HKEY_USERS\.DEFAULT\Software\Microsoft\IdentityCRL\DeviceIdentities\production\S-1-5-21-689365640-92009327-2566536619-500\02tjtxrqaveq]
"DeviceId"="<Data><User username="02TJTXRQAVEQ"><Pwd Det="false">AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAA9eEnOTAF30uuT787+mHWrQQAAAACAAAAAAAQZgAAAAEAACAAAABnRXxkpHZOR0lbYOEi68MBFPPFM/AidJeAxxub0lLpJwAAAAAOgAAAAAIAACAAAACL1Tv/lRMZSGsOMX4La4CGTIT0bkoCHH4b8bwVw8LiNjAAAABQcBfGRGAFzFUtXNxEZos0ZDw2zIhahr4SAyAgncqyzMfXCRktZne/IrmDMkdwjjhAAAAAiZPKYI3HOz9Zlwkyb2y3rK/OKTEmaNzcyOiktbQ9zsvjAhjI/RGPWQxUGD+ZeWX+qehJvc/5pZAwEWXUJuBLlA==</Pwd><Certificate targetname="WindowsLive:(cert):name=02tjtxrqaveq;serviceuri=msn-messenger-didc" keyword="Microsoft_WindowsLive:certificate:" type="1">PABDAGUAcgB0AEkAbgBmAG8APgA8AEsAZQB5AHAAYQBpAHIAPgBBAFEAQQBBAEEATgBDAE0AbgBkADgAQgBGAGQARQBSAGoASABvAEEAdwBFAC8AQwBsACsAcwBCAEEAQQBBAEEAOQBlAEUAbgBPAFQAQQBGADMAMAB1AHUAVAA3ADgANwArAG0ASABXAHIAUQBRAEEAQQBBAEEAQwBBAEEAQQBBAEEAQQBBAFEAWgBnAEEAQQBBAEEARQBBAEEAQwBBAEEAQQBBAEEAOQArADEAcwBxAEIAMQBSADUAWgB1AFcAQgBTAE8AZgBaAEIAawBnAE4AWgA3AHoASQBNAEQAbAByAEYAUAB2AGoATgBUAHAAKwA4AGEAcQBPADUAdwBBAEEAQQBBAEEATwBnAEEAQQBBAEEAQQBJAEEAQQBDAEEAQQBBAEEAQgBUAEkAZAAwAE8AUgArAHcAVABCAFUAbABKAGoATgBHAFIAbABaADAATwBiADYAbgBOAGcAcQBYAFIATgBxAG4AOQBsAGsASwBRAGUAaQBHAGYATwBXAEEAQwBBAEEAQQBXAHQAMgBuADgAUABCAEsAVABBAHQATgBPAHIAUQBXAE0AcwBMAFIAbQBjADUAbAB2AHcASwB3AGQAQwBzAEoAZgBGAGMAcABHADIAawBzAFQARABYADgALwBFAGsARwBJAE8ALwBsAEMAcQBRAG0AVQA1AHoASABtAC8AbwBKADMAbQBPAEoAVQAyAHIANgBnAGYAeABRAFgAUwBQAHYAUgBzADcAMgBaAHoAKwAzAEIAZgBYAHUAMgBIADUARwAvADcAdwBkAGcARABEADYAOAB5AFkAeQArAHoANgBJADUAVgBUAEoAeQBsADcATgBuAC8ATgBIAE4AUABwADgAbwBsAFoARQBTAGQAVgAwADEAKwBVADgAWQB3AGkAeQBrAEQAZwB1AG0AaQBDAE4ANABXAHgATQBLAEMATgBFAEMAdwBBAG0AOAAyAG4ANAAvAE8AYwBXAEEAWgAwAFAAZQBrAFEAWABrAFkATABDAGsAOQBhAHQAQwBsAFIAbgB1AFQASABxAFMASwBGAE4AdABmAFcAUgBOADkATgA4AEUAVwBRAHgAdgBVAHYAcwB1ADgAYgBUAEYAZgA5AEMAMABzAEgARABTAGcAMwBmAEQAQgBFAHEAdQB4AGUAVgBBAEsAdQBRAFgARwBoAEoANQBIAEEAOQBuADQAeABzAHkAUAB2AGsAVABRAHAAdABBAHUAQgBiADQAQgBjAHgAQQBRAEUAawA2AGwASwBuAG0AbQA1AHAAeQBEAE0AQgBEADgAMQBoAFMAbAAwAFoAbQBQAHcALwBrAGgAWgBiAFYAWAAyAHIATgB1AEQATwBPAGEAVABUAGUAOQBBAEQAVwBXAEMAegB0ACsAOQBNAG4ARgBQAFgAdwBTAGgANwAyAEwAOAA2AGYAcgBQADYASgA4AG4AUgB3AE0ARgBGACsAZQBsAGQAMQBPADYANwA1AHcAMQBSAGgAUQBZAEUANQBEAEcAYwBxAEsAeQBUAHkAZgBPAHYAVwBSAGgAcgBOAC8AYQBFAEYAcABKADEAeQBKAEMAbgBDAHcAcwBVAGMAcABOAEsAdABEADUANQB3AFEARAA0AEYANQBkAHcAcwBZAHMAZAA4AHQAeQBwAGsAMwBNADgATgBTAEkAWQBTAHcAYQBwAHoAUgBLACsAQQBuAFoAQwAzAGsANwBHAGwAMwB6AG0AYgBoAFIANgA5AE0AdgBOADgAYgA0AFQAKwBHAGkAcwBuAFIAQQA3AHAATABXAFUATwBTAEYAdABrAEsAOQBWAEYAYgBrAE4AYgBRAGQAQwBiAFUAYQBBAGcAZwBZAG4AQgBGAHoALwBVADMAMQA0AHMAQwBCADcAYwBSADEASQBXAFcATQBjAFAARQBFAFoATQB2AEEAKwBsAFcAZQB5AHEAcgBrAHgAQgBaADEAbABJADUAdAA3AEUAMwBBAHEAVwAvADYAdwBnADQAKwBhAFoASQB3AEoAaABmAEMAVgBVADUASgBTAGUASgBDAFQAbAA1ADIARwB3AFUAMgBLADYAawBIADAAZwBwAEMASwBIAEcAMAAzAE4AbgA0AHMAYgB4AEwAQQBnAHMAcAAvAHQATAB2AGoAUQBEAFgAOQBxAEkARgA3ADgASwB2AG8AQgA2AGwASgA3AHgAMgBtAFEANQBTADAAbwB0AC8AYgBxAGEATQA4ADYAQwBHAGwALwBqAGwASQBsADIAcgB5AEwAdABsAGIAbABJAGgAUgB2AHoAcgBOADYAZgBWAC8AUAB1AFAARQBVAFoAQgBDAEwAcQA2AGkARQBOADIANABmAEkASgBXAGIATAA3AFUAYgAwAEIASgAxAFgASgBMADIAZwBQAG4AQQBmAHkAbQBKADgASABEAGEAaQArAHIARQAwAFAAZQBGADMASAB3AFQAbABRAFoAdQBBAE4AVQA4AHEAQQBQAC8AMABWAGUAYgBVAHIANwBiADUAYwBSAHYAaQBkAGQAdgBjAEsAWQBPAFIAcAA5AEgAYwB1AGIAcQBYAG8ATwA3AHoAbQAzAG4AQwBzADYAMgBxAGIATwBxAGgAOQBtAGIAdQAxAFAAUwBEAEwAUwBiADQAWABYAG4ARgBmAE4AQgBOAEkATgBPAFQAbwBJAEQAUwBrAEEAQQBBAEEARABqAFIATwBhAFMAYwBBAHQAeQBvAG8AKwBRAG4ASgBuAHMAUABKAE8AOQBaAEIAKwBPAGgAeAB3AHYAQwA0AGUATABBAEQAaQA3AHoAbQA5AEcAbQBEAFcAaABXAEsAeAArAGgAVAB0AHEAKwBxAGIAbABRAGYAKwBRAHQAYwBiAHgAZAA0AGwAcwA4AGIARABSAFcAOABnAE8AaQBPAEkAUwBGAE0ATwAwADwALwBLAGUAeQBwAGEAaQByAD4APABLAGUAeQBHAGUAbgBGAGwAYQBnAHMAPgA4ADwALwBLAGUAeQBHAGUAbgBGAGwAYQBnAHMAPgA8AEMAZQByAHQAPgBNAEkASQBFAEkAVABDAEMAQQArAEMAZwBBAHcASQBCAEEAZwBJAFUAZABCAEgAVABvAGgARQBhAEwAcABzAEUAYgAxAGMANwAwADQAdwB1AGwAYQBLAEIAUAA2AFEAdwBDAFEAWQBIAEsAbwBaAEkAegBqAGcARQBBAHoAQQBqAE0AUwBFAHcASAB3AFkARABWAFEAUQBEAEUAeABoAFUAYgAyAHQAbABiAGkAQgBUAGEAVwBkAHUAYQBXADUAbgBJAEYAQgAxAFkAbQB4AHAAWQB5AEIATABaAFgAawB3AEgAaABjAE4ATQBUAEUAdwBPAEQARQB3AE0AVABJAHgATQBUAEUANQBXAGgAYwBOAE0AVABJAHcATQBqAEEAMgBNAFQASQB4AE0AVABFADUAVwBqAEEAdABNAFMAcwB3AEsAUQBZAEQAVgBRAFEARABIAGkASQBBAE0AQQBBAHcAQQBEAEUAQQBPAEEAQQAzAEEARQBZAEEAUgBnAEIARgBBAEQAawBBAE0AdwBBADEAQQBFAFkAQQBOAEEAQQB6AEEARQBVAEEAUgBRAEEAQQBNAEkARwBmAE0AQQAwAEcAQwBTAHEARwBTAEkAYgAzAEQAUQBFAEIAQQBRAFUAQQBBADQARwBOAEEARABDAEIAaQBRAEsAQgBnAFEARABBAGUAKwA0AEEAOQBPAFcASABmAG8AKwBkAE8ASQBBAFkAbABXADgAQgBTAEEAdQBpAGMATwB3AGsALwBrAEEANwBSADMATwB1AEQAdwBJAGwAWgBqAGIAdgBnAEkAVwBGAHAATAB1AFAAWgBwAEQALwA0AFgAbwBlAHcAQwA2AGsAKwB5AFQAWgBkAGIALwBNAFUAUAA1AEYAWQBjAG8AdwBWAEoAcwBjAGEATgBYAG4AZwAwADcAcABQAG0AdgBzAGQASQAyAEEAbQB1AHIAQwA1AE8AYgA3AGcAZgBVADEALwBRAGcAZgBrAE4AdABaADEAZAAwAHoAbgB1AFEAawBUAHQAOQB1AHMAbABZADMAcgBhAFAAUwBpAG4AaQA3AEMAKwBZAGcANgBpADIAMgBIAEwAQgBxAGkASgBIAFkANQBoADIARgBOAHIAUQB6AFkAUQBJAEQAQQBRAEEAQgBvADQASQBDAG8ARABDAEMAQQBwAHcAdwBEAGcAWQBEAFYAUgAwAFAAQQBRAEgALwBCAEEAUQBEAEEAZwBXAGcATQBCAE0ARwBBADEAVQBkAEoAUQBRAE0ATQBBAG8ARwBDAEMAcwBHAEEAUQBVAEYAQgB3AE0AQwBNAEkASQBCAC8AdwBZAEQAVgBSADAAZwBCAEkASQBCADkAagBDAEMAQQBmAEkAdwBnAGcASAB1AEIAZwBvAHIAQgBnAEUARQBBAFkASQAzAE0AdwBNAEMATQBJAEkAQgAzAGoAQwBDAEEAZABvAEcAQwBDAHMARwBBAFEAVQBGAEIAdwBJAEMATQBJAEkAQgB6AEIANgBDAEEAYwBnAEEAVABRAEIAcABBAEcATQBBAGMAZwBCAHYAQQBIAE0AQQBiAHcAQgBtAEEASABRAEEASQBBAEIAawBBAEcAOABBAFoAUQBCAHoAQQBDAEEAQQBiAGcAQgB2AEEASABRAEEASQBBAEIAMwBBAEcARQBBAGMAZwBCAHkAQQBHAEUAQQBiAGcAQgAwAEEAQwBBAEEAYgB3AEIAeQBBAEMAQQBBAFkAdwBCAHMAQQBHAEUAQQBhAFEAQgB0AEEAQwBBAEEAZABBAEIAbwBBAEcARQBBAGQAQQBBAGcAQQBIAFEAQQBhAEEAQgBsAEEAQwBBAEEAYQBRAEIAdQBBAEcAWQBBAGIAdwBCAHkAQQBHADAAQQBZAFEAQgAwAEEARwBrAEEAYgB3AEIAdQBBAEMAQQBBAFoAQQBCAHAAQQBIAE0AQQBjAEEAQgBzAEEARwBFAEEAZQBRAEIAbABBAEcAUQBBAEkAQQBCAHAAQQBHADQAQQBJAEEAQgAwAEEARwBnAEEAYQBRAEIAegBBAEMAQQBBAFkAdwBCAGwAQQBIAEkAQQBkAEEAQgBwAEEARwBZAEEAYQBRAEIAagBBAEcARQBBAGQAQQBCAGwAQQBDAEEAQQBhAFEAQgB6AEEAQwBBAEEAWQB3AEIAMQBBAEgASQBBAGMAZwBCAGwAQQBHADQAQQBkAEEAQQBnAEEARwA4AEEAYwBnAEEAZwBBAEcARQBBAFkAdwBCAGoAQQBIAFUAQQBjAGcAQgBoAEEASABRAEEAWgBRAEEAcwBBAEMAQQBBAGIAZwBCAHYAQQBIAEkAQQBJAEEAQgBrAEEARwA4AEEAWgBRAEIAegBBAEMAQQBBAGEAUQBCADAAQQBDAEEAQQBiAFEAQgBoAEEARwBzAEEAWgBRAEEAZwBBAEcARQBBAGIAZwBCADUAQQBDAEEAQQBaAGcAQgB2AEEASABJAEEAYgBRAEIAaABBAEcAdwBBAEkAQQBCAHoAQQBIAFEAQQBZAFEAQgAwAEEARwBVAEEAYgBRAEIAbABBAEcANABBAGQAQQBCAHoAQQBDAEEAQQBZAFEAQgBpAEEARwA4AEEAZABRAEIAMABBAEMAQQBBAGQAQQBCAG8AQQBHAFUAQQBJAEEAQgB4AEEASABVAEEAWQBRAEIAcwBBAEcAawBBAGQAQQBCADUAQQBDAEEAQQBiAHcAQgB5AEEAQwBBAEEAYwB3AEIAaABBAEcAWQBBAFoAUQBCADAAQQBIAGsAQQBJAEEAQgB2AEEARwBZAEEASQBBAEIAawBBAEcARQBBAGQAQQBCAGgAQQBDAEEAQQBjAHcAQgBwAEEARwBjAEEAYgBnAEIAbABBAEcAUQBBAEkAQQBCADMAQQBHAGsAQQBkAEEAQgBvAEEAQwBBAEEAZABBAEIAbwBBAEcAVQBBAEkAQQBCAGoAQQBHADgAQQBjAGcAQgB5AEEARwBVAEEAYwB3AEIAdwBBAEcAOABBAGIAZwBCAGsAQQBHAGsAQQBiAGcAQgBuAEEAQwBBAEEAYwBBAEIAeQBBAEcAawBBAGQAZwBCAGgAQQBIAFEAQQBaAFEAQQBnAEEARwBzAEEAWgBRAEIANQBBAEMANAB3AFUAdwBZAEQAVgBSADAAagBCAEUAdwB3AFMAbwBBAFUAawBFAGEAMQBCAHIAOAAxAFEAdgBuAHcAeABrADUATABoAEMAOQA4AHAAaQBsAFMATAA4AGkAaABKADYAUQBsAE0AQwBNAHgASQBUAEEAZgBCAGcATgBWAEIAQQBNAFQARwBGAFIAdgBhADIAVgB1AEkARgBOAHAAWgAyADUAcABiAG0AYwBnAFUASABWAGkAYgBHAGwAagBJAEUAdABsAGUAWQBJAEoAQQBOAGoAcAA5AHgAUgBrADkATABlAEIATQBCADAARwBBADEAVQBkAEQAZwBRAFcAQgBCAFIAcwBPADgAbABPAEoAWABBAE0ATABvAEEAdwBUAFcAWQBPAGEARABTACsAVQBsADgAZwBWAFQAQQBKAEIAZwBjAHEAaABrAGoATwBPAEEAUQBEAEEAegBBAEEATQBDADAAQwBGAEEAcgBDAGEAQgBEAEMAMQBmAFcAcgAzADkAZQAwAHMANgBEAGYAbwBoAEYAUwBLAFAAcwAxAEEAaABVAEEAZwBVAC8AcgBLAG0AbABoAEkAegB4AHQAVwBzACsAZwBMAHAAVgA1AHAAYQA4ADIATABOAEEAQQA8AC8AQwBlAHIAdAA+ADwARQB4AHAAaQByAGUAZABUAGkAbQBlAD4AMgAwADEAMgAtADAAMgAtADAANgBUADEAMgA6ADEANgA6ADEAOQA8AC8ARQB4AHAAaQByAGUAZABUAGkAbQBlAD4APAAvAEMAZQByAHQASQBuAGYAbwA+AA==</Certificate></User></Data>
"
[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows Defender]
"CachedProxyAccessType "="1"
[HKEY_USERS\S-1-5-21-689365640-92009327-2566536619-1001\SOFTWARE\Microsoft\AuthCookies\Live\Default\DIDC]
"Data"="ct%3D1465470278%26hashalg%3DSHA256%26bver%3D12%26appid%3DDefault%26da%3D%253CEncryptedData%2520xmlns%253D%2522hxxp://www.w3.org/2001/04/xmlenc%2523%2522%2520Id%253D%2522devicesoftware%2522%2520Type%253D%2522hxxp://www.w3.org/2001/04/xmlenc%2523Element%2522%253E%253CEncryptionMethod%2520Algorithm%253D%2522hxxp://www.w3.org/2001/04/xmlenc%2523tripledes-cbc%2522%253E%253C/EncryptionMethod%253E%253Cds:KeyInfo%2520xmlns:ds%253D%2522hxxp://www.w3.org/2000/09/xmldsig%2523%2522%253E%253Cds:KeyName%253Ehxxp://Passport.NET/STS%253C/ds:KeyName%253E%253C/ds:KeyInfo%253E%253CCipherData%253E%253CCipherValue%253ECTDtR75SC156cr76Dnzlij8JT8NfuTMGduqhfpRFX1vYCPqS5J1wiAOBe/lQaHGN7hlL2Ii5z3XiGdQOJeab77eiI1Pb4vfEcF12LIc4/ABfLSRuxNTqnagT4AefkQeGl2e4kEeGL8kljGpl2f21LBlcjjTWVXFiZNjFc9onZxwAu1zIBjq6UMTUjfRnLDxn/9sI2nOhyC15TwtzFZnVmXqw%252BVXsbRXIO4EGmSPlZBlf2CZOIJg3N1VNckQEh7AD%252BH0hqC7fLnK9VlYH%252BNV/PRMh6s3FiqQf4Dc/Vy3ntek/Il4HJV90dnCnmkN9QQzrf0I66yW3eeMbTg4xYMzrdbh1DKLxnAdvVdxb%252B3cS4FTolAweGq2%252BfF6wgI7pTzRKl5J6ZkL4FK3pMyGfUbpMYAcNSesOsDxHgwtmt%252Baf0u/8wCNNAJklCw6PsB70zg5mk51lDYgxiT9Ts4uc8i/nKaZBocrtR3p4Wv%252BLaxP7pnBz%252BNGTCjV3uv2bMUvaAX4uYc8AA0Fs8eM5mi4Ku/WgtRZ5RvUQjXONq/iD2yd69jY1BiKzggjvddaUE/XtLhgQ67xfzkr%252BVF8/7d%252BGD4BzO9TiplRaSzetpMl9S7oYrqHmICxXk%252B3loPUOcmBq/lDeTFE3BeGaz9Kytg9Nvu6/vLPX4bnaALwW2Dwc/6gZHZdlCT%252BbAbetVbZrA5w7yfyIngTXq7gOUHGjb4ihs8FyltTHMtAQG9rZ0kATMcBpgwvQ%253C/CipherValue%253E%253C/CipherData%253E%253C/EncryptedData%253E%26nonce%3DbL46FOhl9h67lwgyR8euQ26ZdNOpbrG%252B%26hash%3DK6VVzyPssZOMmBhodKaHPB%252BgJwoBOILj4PkWG8wAHZs%253D%26dd%3D1; path=/; domain=login.live.com; secure; httponly"
[HKEY_USERS\S-1-5-21-689365640-92009327-2566536619-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe"="0x534143500100000000000000070000002800000020CD0100566002000100000000000000000003067102000019B4C529E312D10100000000000000000200000028000000000000000000000000000000000000000000000000000000AF7A0000000000000400000004000000"
[HKEY_USERS\S-1-5-21-689365640-92009327-2566536619-1001\SOFTWARE\Classes\Local Settings\MrtCache\C:%5CWINDOWS%5CSystemResources%5CWindows.UI.SettingsAppThreshold%5CWindows.UI.SettingsAppThreshold.pri\1d112e3504d0c94\588addd4]
"@{windows?ms-resource://Windows.UI.SettingsAppThreshold/SearchResources/SettingsPagePrivacyAccountInfo/Description}"="Einstellungen zum Datenschutz von Kontoinformationen"
[HKEY_USERS\S-1-5-21-689365640-92009327-2566536619-1001\SOFTWARE\Classes\Local Settings\MrtCache\C:%5CWINDOWS%5CSystemResources%5CWindows.UI.SettingsAppThreshold%5CWindows.UI.SettingsAppThreshold.pri\1d112e3504d0c94\588addd4]
"@{windows?ms-resource://Windows.UI.SettingsAppThreshold/SearchResources/SettingsPagePrivacyAccountInfo/HighKeywords}"="Benutzerinformationen;user information"
[HKEY_USERS\S-1-5-21-689365640-92009327-2566536619-1001\SOFTWARE\Classes\Local Settings\MrtCache\C:%5CWINDOWS%5CSystemResources%5CWindows.UI.SettingsAppThreshold%5CWindows.UI.SettingsAppThreshold.pri\1d112e3504d0c94\588addd4]
"@{windows?ms-resource://Windows.UI.SettingsAppThreshold/SearchResources/SettingsPagePrivacyAccountInfo/Keywords}"=""
[HKEY_USERS\S-1-5-21-689365640-92009327-2566536619-1001\SOFTWARE\Classes\Local Settings\MrtCache\C:%5CWINDOWS%5CSystemResources%5CWindows.UI.SettingsAppThreshold%5CWindows.UI.SettingsAppThreshold.pri\1d112e3504d0c94\588addd4]
"@{windows?ms-resource://Windows.UI.SettingsAppThreshold/SearchResources/SettingsPagePrivacyAccountInfo/LowKeywords}"="Steuerelemente Steuerelement;steuern steuert;beschränken beschränkt beschränkend;einschränken eingeschränkt einschränkend;Name;Bild;Controls control;restrict restricts restricted restricting; name; picture"
[HKEY_USERS\S-1-5-21-689365640-92009327-2566536619-1001_Classes\Local Settings\MrtCache\C:%5CWINDOWS%5CSystemResources%5CWindows.UI.SettingsAppThreshold%5CWindows.UI.SettingsAppThreshold.pri\1d112e3504d0c94\588addd4]
"@{windows?ms-resource://Windows.UI.SettingsAppThreshold/SearchResources/SettingsPagePrivacyAccountInfo/Description}"="Einstellungen zum Datenschutz von Kontoinformationen"
[HKEY_USERS\S-1-5-21-689365640-92009327-2566536619-1001_Classes\Local Settings\MrtCache\C:%5CWINDOWS%5CSystemResources%5CWindows.UI.SettingsAppThreshold%5CWindows.UI.SettingsAppThreshold.pri\1d112e3504d0c94\588addd4]
"@{windows?ms-resource://Windows.UI.SettingsAppThreshold/SearchResources/SettingsPagePrivacyAccountInfo/HighKeywords}"="Benutzerinformationen;user information"
[HKEY_USERS\S-1-5-21-689365640-92009327-2566536619-1001_Classes\Local Settings\MrtCache\C:%5CWINDOWS%5CSystemResources%5CWindows.UI.SettingsAppThreshold%5CWindows.UI.SettingsAppThreshold.pri\1d112e3504d0c94\588addd4]
"@{windows?ms-resource://Windows.UI.SettingsAppThreshold/SearchResources/SettingsPagePrivacyAccountInfo/Keywords}"=""
[HKEY_USERS\S-1-5-21-689365640-92009327-2566536619-1001_Classes\Local Settings\MrtCache\C:%5CWINDOWS%5CSystemResources%5CWindows.UI.SettingsAppThreshold%5CWindows.UI.SettingsAppThreshold.pri\1d112e3504d0c94\588addd4]
"@{windows?ms-resource://Windows.UI.SettingsAppThreshold/SearchResources/SettingsPagePrivacyAccountInfo/LowKeywords}"="Steuerelemente Steuerelement;steuern steuert;beschränken beschränkt beschränkend;einschränken eingeschränkt einschränkend;Name;Bild;Controls control;restrict restricts restricted restricting; name; picture"
[HKEY_USERS\S-1-5-18\Software\Microsoft\IdentityCRL\DeviceIdentities\production\PhysicalDeviceID\01Hq3z_HjVR3pOA5JbHvzX0Q]
"DeviceId"="<Data><User username="01HQ3Z_HJVR3POA5JBHVZX0Q"><Pwd Det="true">AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAA9eEnOTAF30uuT787+mHWrQQAAAACAAAAAAAQZgAAAAEAACAAAABLUIqoSG1fiB0JojlZmWjrC0T+uA937a1WwsYSffxEegAAAAAOgAAAAAIAACAAAAB3c+YnAiQPrme01JBjuu0OzErU4/7REVDXZX0hcT2xkUAAAACm1rRYdve/eROFnCPIzHDgOur9VUSEU6WhAu88/QsbzkwS2GZtVE+wmOiFCwUN3tWjRSBApsQjhm5JvRgDqI9+QAAAAKHi/T8RTAZwxBrRAMiBLHSZvxIc6fWvnwCEGl03XFjekIlPGUfIcI9g/aWg+A+0eSOuH92Qr9OM69J8aDxGpfM=</Pwd><Certificate targetname="WindowsLive:(cert):name=01hq3z_hjvr3poa5jbhvzx0q;serviceuri=msn-messenger-didc" keyword="Microsoft_WindowsLive:certificate:" type="1">PABDAGUAcgB0AEkAbgBmAG8APgA8AEsAZQB5AHAAYQBpAHIAPgBBAFEAQQBBAEEATgBDAE0AbgBkADgAQgBGAGQARQBSAGoASABvAEEAdwBFAC8AQwBsACsAcwBCAEEAQQBBAEEATgA3AEQAQwBLAHoAWABpAFkAawBpAEIAQgBzADYAUQBUADgATgBIADMAdwBRAEEAQQBBAEEAQwBBAEEAQQBBAEEAQQBBAFEAWgBnAEEAQQBBAEEARQBBAEEAQwBBAEEAQQBBAEEANQBJAHcAYwBXAHMANQBqAC8AeQAyAE0AZQAvAHUAQgBvADMAUwAvAHEARgBFADQAawBCAGkAMgBpADQAWgB3AHUAcgBXAC8AYQByAFIAcQB2AEIAQQBBAEEAQQBBAEEATwBnAEEAQQBBAEEAQQBJAEEAQQBDAEEAQQBBAEEARABZAHMAbgBYAHgAVgBKAEYAYwBzAGgAdgBKADMASwBmAG4AdgA2AHcAVwBjAHoAaQA1AGwASgA5ADMAUQA4AHYAbgBMAEEAcgA0AGsAKwBmAGEAZABtAEEAQwBBAEEAQgBTAHUAZAA3ADgASgBqAEQAdABnAFgARQA4AHoASgBrAGgAaABVADMAbQBjAG0AeQAyAEIAKwBGAFIAVQBoAGgAOQBiADcAbwBWAFEAbgBCAFgAcwAvAFQAOABEADUAawBzAGEAdgBtAGMAdQA0AFEANgA1AFMAUQA5AGcAZQBEAEsASABPADcAZQBlAFYATwBJAEcAYQBiAEoAUQBpAGUAOAA0AFcAdgBiAFgAcgBwAGYAbgBpACsAVgB5AGwAUQBVAHcAbQBlADMAYQBzADUALwBLAFEAKwBLAGwAdgB2ADcAbAAxACsANwB3AGQATQBDAFUARgBZADEAMgA5AFEASgBqAGkAYwBmADkAbwB0AGcAKwBVAGUAUgBXADAAOQBxAEIAawBCAHkAdQBhADIAawB1AGIASAA5AHMANgBmADQAOABXAEsAdwBiAHQAMwBLAEoAUQBMAEcAVQBHAGwANABDAGkAZQArAGoAcgBLAHIAbQBmAG0AVwBHAHQAWABVAEMAWgBXAFkAKwBqACsALwBOAHUAbABZADIAYwBPAFgANwB0AGUATgAxADcAcgBpAFQANgBJAGUAOQAvADAAdABZAGEAOABGAFQAOQBZAFgARwBIAC8AQgBKAHgAaABaAGUAegBMADQALwAzAFoARwBwAGsAaQB6AHYAaABHADgANgBCADMAZwAyAFgATAB4AHMAMAA4AFQARABhAHQAOQBYAEkAUQBYAHUANgBYACsANwA2AFkAaQB4AEkAUAAxAFgAKwBLAE4AQwA2AEMAUAArAG4AZQBaAHQANgA5ADkARQBGAEIAYwAvAHoAWABNAFgAeQBSADQANwBUADUASwBiADIAOAB0AGEAawBIAFIANgBDAE8AZwBtAEoARwBKAGIALwBPADUAbgBHAEcARwBmAFgAegB2AHIAeQBZAFEAeQBNAFkAVwBaAG4ARABRAEYAZQBzAEEAcABOAEoASwBOAE0AcgBoAGIAMAB4AEcASQBJADUAMQBtAFcAWQBzAHcAQwBSAHcAMQAzAFUAOABLAGEAaQBaADMATgB6AHUAZgBsAGEAdABtAFcAVQBkAEEAWABnADkAaABMAGQAcwB3AEgAbABwAEoAagBNACsAZQB1AHkASQBoAEcASABOAFQAOQA2ADMAMwBYADYAMABsAFkAeAA5ADAARgBjADcARwBmAGwASwArAEEAegB2AE4ANgBIAHIAWgB2ADYAdQBPAEsAUQAwAHkAQQA4AEIATwBKADAAKwBVAHQAZwBvAHAASQBtAHQANgBxAEkANwB2ADcANgBLAEIAYQBUAFkAcABHAFIATAAzACsAOQB3AGoAMwBWAE0AdQBsAHAAeABYAHUAUQBPAEgAQQBJAHIAVQA4AFgAWQBmAEEAdABRADQAQQBCAEwANgBWAEMAQQBuAFoAMwA5AHoAZgBpAEMARABxAFYARwB0AHYALwBuAE4AZQBDAHQAaQBGADcAagBMAFQAYwBKAE4ARgBXAFAAZgBsAHIATQBCAHcAVwBpAHUAcQArADEASgBWAGsAbABzADkAcQBYAC8AQgBJAE0ASAB4ADAAQwBlACsAOABnAGIAVAA3AGcAdwAzAHoAUQBBAGkAbABoAE0AZwBUAE4AaQB0AGoAdQBBAHYANQBGAEMAOQBVAHEAeQBJADkAMwBSADcAaABqAGwAYwB1AFYAZwB3AHYAbgBVAGMAagBCAEIAMgBQADIAbwBkAE8AQwBkAE8AcABQAHAAaABuADYANAA5AHYASAA3AGYAaABXAGgAdwBWAFcAaQBZAGEAZABOADIAZQBTAHoAcwBpAGYAZgBqAFcAdgB6AEcAeABPAG8AMgB6AFoAMwAxAHYAMgBLAFYAYwAxADEAcQBSAHoAQwBSAC8AUQBsAGsAVABNAGkASwB3AFcAcQBhAGEARAB5ACsAQwBGAHIAWABtAEwAVABnAFcASgByAHkASgA5ADEAVABRAHEAYQBOAEYAeQBLADcAbQBHADgAZwBFAEgAeAByAG0ARgBMADcAcABoAFMATABwAHAAeQBRAGQAegBWADUAbgB3AC8AVQBWAEMAaABNADUATQAwAEoANwBqADEAYQB4AHUAQwBQAEsAVwBlAE0AWABHAC8AUQA0AFQAeQAwAEEAQQBBAEEAQwBDAGkAeAA2AG0AYgBIAEcAVABDAFoAbABYAEkAWQBIAFMANgBzAEMAVQBQADUARgBZAEUATABVAGcATgBmAGIASwBiAEkAagBNAFIAQgBqAEoAMQB0AFYAMQBjAGMALwA3ADYAZQBEAEcAbQB0AFgASwBXAGMARwBQAG8ASwBRAFUAWQA4AHYALwA2AFIAYQBaAHcAOABzAGcAbwB4AHoARAA5AFQAeQBsADwALwBLAGUAeQBwAGEAaQByAD4APABLAGUAeQBHAGUAbgBGAGwAYQBnAHMAPgA4ADwALwBLAGUAeQBHAGUAbgBGAGwAYQBnAHMAPgA8AEMAZQByAHQAPgBNAEkASQBFAEkAVABDAEMAQQArAEMAZwBBAHcASQBCAEEAZwBJAFUAWgAvADkARgBZAHgANwBjAEQAbwA4AFEATQBRAHYAOAA1ADAAaQBDAFMAcwBiAGwAMwAwADAAdwBDAFEAWQBIAEsAbwBaAEkAegBqAGcARQBBAHoAQQBqAE0AUwBFAHcASAB3AFkARABWAFEAUQBEAEUAeABoAFUAYgAyAHQAbABiAGkAQgBUAGEAVwBkAHUAYQBXADUAbgBJAEYAQgAxAFkAbQB4AHAAWQB5AEIATABaAFgAawB3AEgAaABjAE4ATQBUAFUAdwBOAHoASQAwAE0AVABNAHgATgBqAFEAMwBXAGgAYwBOAE0AVABZAHcATQBUAEkAdwBNAFQATQB4AE4AagBRADMAVwBqAEEAdABNAFMAcwB3AEsAUQBZAEQAVgBRAFEARABIAGkASQBBAE0AQQBBAHcAQQBEAEUAQQBPAEEAQQB3AEEARABBAEEATQBBAEEAdwBBAEQAawBBAE4AQQBBAHcAQQBEAEkAQQBOAFEAQQA0AEEARQBNAEEAUgBnAEEAQQBNAEkARwBmAE0AQQAwAEcAQwBTAHEARwBTAEkAYgAzAEQAUQBFAEIAQQBRAFUAQQBBADQARwBOAEEARABDAEIAaQBRAEsAQgBnAFEAQwArAFUAQgBMAFMATABMADcAdgBXAGkAYgBvAEwAZwBYAHcAQwBFAGQAUgAwAEkAZwB0AG0AYgAzADEAZQB3AE4AYQAzAFoANgA1AEMAYQBYAHgAegBtAGYAdQBFAFIARABiAEkAZQBOAGUAbQBwAFcANABZADMAcAAxAG4ARABHAC8AeQBvAFcAMgBaAHMAMgBwADEAMQBEAHoATQBUAFQASwBDAGoANQBXAHQAUQAwAHMAWgA0AC8ATQBlAEUAUwB1AHIARwByAGgARwA5AGgARQBzAHkAUQAwADYAVwB2AHMANgBhAGUAdwBEAGMAMwBhAGYAWgBZAGsAUgBIADkAdgBWAHYAcgB3AFYAdABqAG4AcwBMAGEAVwBNAG0AbwBVAEgARwB4AGsAdQAxAGEAWQBLAHkAVABsADQATAAwAG4ASQBEAEgARABKAFYAMQBNAE4AdwBJAEQAQQBRAEEAQgBvADQASQBDAG8ARABDAEMAQQBwAHcAdwBEAGcAWQBEAFYAUgAwAFAAQQBRAEgALwBCAEEAUQBEAEEAZwBXAGcATQBCAE0ARwBBADEAVQBkAEoAUQBRAE0ATQBBAG8ARwBDAEMAcwBHAEEAUQBVAEYAQgB3AE0AQwBNAEkASQBCAC8AdwBZAEQAVgBSADAAZwBCAEkASQBCADkAagBDAEMAQQBmAEkAdwBnAGcASAB1AEIAZwBvAHIAQgBnAEUARQBBAFkASQAzAE0AdwBNAEMATQBJAEkAQgAzAGoAQwBDAEEAZABvAEcAQwBDAHMARwBBAFEAVQBGAEIAdwBJAEMATQBJAEkAQgB6AEIANgBDAEEAYwBnAEEAVABRAEIAcABBAEcATQBBAGMAZwBCAHYAQQBIAE0AQQBiAHcAQgBtAEEASABRAEEASQBBAEIAawBBAEcAOABBAFoAUQBCAHoAQQBDAEEAQQBiAGcAQgB2AEEASABRAEEASQBBAEIAMwBBAEcARQBBAGMAZwBCAHkAQQBHAEUAQQBiAGcAQgAwAEEAQwBBAEEAYgB3AEIAeQBBAEMAQQBBAFkAdwBCAHMAQQBHAEUAQQBhAFEAQgB0AEEAQwBBAEEAZABBAEIAbwBBAEcARQBBAGQAQQBBAGcAQQBIAFEAQQBhAEEAQgBsAEEAQwBBAEEAYQBRAEIAdQBBAEcAWQBBAGIAdwBCAHkAQQBHADAAQQBZAFEAQgAwAEEARwBrAEEAYgB3AEIAdQBBAEMAQQBBAFoAQQBCAHAAQQBIAE0AQQBjAEEAQgBzAEEARwBFAEEAZQBRAEIAbABBAEcAUQBBAEkAQQBCAHAAQQBHADQAQQBJAEEAQgAwAEEARwBnAEEAYQBRAEIAegBBAEMAQQBBAFkAdwBCAGwAQQBIAEkAQQBkAEEAQgBwAEEARwBZAEEAYQBRAEIAagBBAEcARQBBAGQAQQBCAGwAQQBDAEEAQQBhAFEAQgB6AEEAQwBBAEEAWQB3AEIAMQBBAEgASQBBAGMAZwBCAGwAQQBHADQAQQBkAEEAQQBnAEEARwA4AEEAYwBnAEEAZwBBAEcARQBBAFkAdwBCAGoAQQBIAFUAQQBjAGcAQgBoAEEASABRAEEAWgBRAEEAcwBBAEMAQQBBAGIAZwBCAHYAQQBIAEkAQQBJAEEAQgBrAEEARwA4AEEAWgBRAEIAegBBAEMAQQBBAGEAUQBCADAAQQBDAEEAQQBiAFEAQgBoAEEARwBzAEEAWgBRAEEAZwBBAEcARQBBAGIAZwBCADUAQQBDAEEAQQBaAGcAQgB2AEEASABJAEEAYgBRAEIAaABBAEcAdwBBAEkAQQBCAHoAQQBIAFEAQQBZAFEAQgAwAEEARwBVAEEAYgBRAEIAbABBAEcANABBAGQAQQBCAHoAQQBDAEEAQQBZAFEAQgBpAEEARwA4AEEAZABRAEIAMABBAEMAQQBBAGQAQQBCAG8AQQBHAFUAQQBJAEEAQgB4AEEASABVAEEAWQBRAEIAcwBBAEcAawBBAGQAQQBCADUAQQBDAEEAQQBiAHcAQgB5AEEAQwBBAEEAYwB3AEIAaABBAEcAWQBBAFoAUQBCADAAQQBIAGsAQQBJAEEAQgB2AEEARwBZAEEASQBBAEIAawBBAEcARQBBAGQAQQBCAGgAQQBDAEEAQQBjAHcAQgBwAEEARwBjAEEAYgBnAEIAbABBAEcAUQBBAEkAQQBCADMAQQBHAGsAQQBkAEEAQgBvAEEAQwBBAEEAZABBAEIAbwBBAEcAVQBBAEkAQQBCAGoAQQBHADgAQQBjAGcAQgB5AEEARwBVAEEAYwB3AEIAdwBBAEcAOABBAGIAZwBCAGsAQQBHAGsAQQBiAGcAQgBuAEEAQwBBAEEAYwBBAEIAeQBBAEcAawBBAGQAZwBCAGgAQQBIAFEAQQBaAFEAQQBnAEEARwBzAEEAWgBRAEIANQBBAEMANAB3AFUAdwBZAEQAVgBSADAAagBCAEUAdwB3AFMAbwBBAFUAYQBJAFMAbwBsAG8AVgBsAGsAVgAvAFAANABKAEcAawBnAFUARwBqAGcAegBqAHIAVgBTAEMAaABKADYAUQBsAE0AQwBNAHgASQBUAEEAZgBCAGcATgBWAEIAQQBNAFQARwBGAFIAdgBhADIAVgB1AEkARgBOAHAAWgAyADUAcABiAG0AYwBnAFUASABWAGkAYgBHAGwAagBJAEUAdABsAGUAWQBJAEoAQQBLAHMAKwBGAFMAdwBrAHkAZQBjAGgATQBCADAARwBBADEAVQBkAEQAZwBRAFcAQgBCAFEAagBjADQATgBWADcATABCAHYANwBaAC8AYwBCADkAcQBNAHoARwBVAEgAMwA4ADgAeQAzAGoAQQBKAEIAZwBjAHEAaABrAGoATwBPAEEAUQBEAEEAegBBAEEATQBDADAAQwBGAEUAVwBCAGgAVgBUAEUAdAB4AFMANABNAHEAYQBwADcAegBuAHMAWABzAE4AWQBTADUASwBpAEEAaABVAEEAcwBoAFoAVgBpAG0AaABHAEgAUQA4AEwAdwB6AGIAaQB4AGsAdABYADgANQByAGUAQwBDAE0AeAA8AC8AQwBlAHIAdAA+ADwARQB4AHAAaQByAGUAZABUAGkAbQBlAD4AMgAwADEANgAtADAAMQAtADIAMABUADEAMwA6ADIAMQA6ADQANwA8AC8ARQB4AHAAaQByAGUAZABUAGkAbQBlAD4APAAvAEMAZQByAHQASQBuAGYAbwA+AA==</Certificate></User></Data>
"
[HKEY_USERS\S-1-5-18\Software\Microsoft\IdentityCRL\DeviceIdentities\production\S-1-5-21-689365640-92009327-2566536619-500\02tjtxrqaveq]
"DeviceId"="<Data><User username="02TJTXRQAVEQ"><Pwd Det="false">AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAA9eEnOTAF30uuT787+mHWrQQAAAACAAAAAAAQZgAAAAEAACAAAABnRXxkpHZOR0lbYOEi68MBFPPFM/AidJeAxxub0lLpJwAAAAAOgAAAAAIAACAAAACL1Tv/lRMZSGsOMX4La4CGTIT0bkoCHH4b8bwVw8LiNjAAAABQcBfGRGAFzFUtXNxEZos0ZDw2zIhahr4SAyAgncqyzMfXCRktZne/IrmDMkdwjjhAAAAAiZPKYI3HOz9Zlwkyb2y3rK/OKTEmaNzcyOiktbQ9zsvjAhjI/RGPWQxUGD+ZeWX+qehJvc/5pZAwEWXUJuBLlA==</Pwd><Certificate targetname="WindowsLive:(cert):name=02tjtxrqaveq;serviceuri=msn-messenger-didc" keyword="Microsoft_WindowsLive:certificate:" type="1">PABDAGUAcgB0AEkAbgBmAG8APgA8AEsAZQB5AHAAYQBpAHIAPgBBAFEAQQBBAEEATgBDAE0AbgBkADgAQgBGAGQARQBSAGoASABvAEEAdwBFAC8AQwBsACsAcwBCAEEAQQBBAEEAOQBlAEUAbgBPAFQAQQBGADMAMAB1AHUAVAA3ADgANwArAG0ASABXAHIAUQBRAEEAQQBBAEEAQwBBAEEAQQBBAEEAQQBBAFEAWgBnAEEAQQBBAEEARQBBAEEAQwBBAEEAQQBBAEEAOQArADEAcwBxAEIAMQBSADUAWgB1AFcAQgBTAE8AZgBaAEIAawBnAE4AWgA3AHoASQBNAEQAbAByAEYAUAB2AGoATgBUAHAAKwA4AGEAcQBPADUAdwBBAEEAQQBBAEEATwBnAEEAQQBBAEEAQQBJAEEAQQBDAEEAQQBBAEEAQgBUAEkAZAAwAE8AUgArAHcAVABCAFUAbABKAGoATgBHAFIAbABaADAATwBiADYAbgBOAGcAcQBYAFIATgBxAG4AOQBsAGsASwBRAGUAaQBHAGYATwBXAEEAQwBBAEEAQQBXAHQAMgBuADgAUABCAEsAVABBAHQATgBPAHIAUQBXAE0AcwBMAFIAbQBjADUAbAB2AHcASwB3AGQAQwBzAEoAZgBGAGMAcABHADIAawBzAFQARABYADgALwBFAGsARwBJAE8ALwBsAEMAcQBRAG0AVQA1AHoASABtAC8AbwBKADMAbQBPAEoAVQAyAHIANgBnAGYAeABRAFgAUwBQAHYAUgBzADcAMgBaAHoAKwAzAEIAZgBYAHUAMgBIADUARwAvADcAdwBkAGcARABEADYAOAB5AFkAeQArAHoANgBJADUAVgBUAEoAeQBsADcATgBuAC8ATgBIAE4AUABwADgAbwBsAFoARQBTAGQAVgAwADEAKwBVADgAWQB3AGkAeQBrAEQAZwB1AG0AaQBDAE4ANABXAHgATQBLAEMATgBFAEMAdwBBAG0AOAAyAG4ANAAvAE8AYwBXAEEAWgAwAFAAZQBrAFEAWABrAFkATABDAGsAOQBhAHQAQwBsAFIAbgB1AFQASABxAFMASwBGAE4AdABmAFcAUgBOADkATgA4AEUAVwBRAHgAdgBVAHYAcwB1ADgAYgBUAEYAZgA5AEMAMABzAEgARABTAGcAMwBmAEQAQgBFAHEAdQB4AGUAVgBBAEsAdQBRAFgARwBoAEoANQBIAEEAOQBuADQAeABzAHkAUAB2AGsAVABRAHAAdABBAHUAQgBiADQAQgBjAHgAQQBRAEUAawA2AGwASwBuAG0AbQA1AHAAeQBEAE0AQgBEADgAMQBoAFMAbAAwAFoAbQBQAHcALwBrAGgAWgBiAFYAWAAyAHIATgB1AEQATwBPAGEAVABUAGUAOQBBAEQAVwBXAEMAegB0ACsAOQBNAG4ARgBQAFgAdwBTAGgANwAyAEwAOAA2AGYAcgBQADYASgA4AG4AUgB3AE0ARgBGACsAZQBsAGQAMQBPADYANwA1AHcAMQBSAGgAUQBZAEUANQBEAEcAYwBxAEsAeQBUAHkAZgBPAHYAVwBSAGgAcgBOAC8AYQBFAEYAcABKADEAeQBKAEMAbgBDAHcAcwBVAGMAcABOAEsAdABEADUANQB3AFEARAA0AEYANQBkAHcAcwBZAHMAZAA4AHQAeQBwAGsAMwBNADgATgBTAEkAWQBTAHcAYQBwAHoAUgBLACsAQQBuAFoAQwAzAGsANwBHAGwAMwB6AG0AYgBoAFIANgA5AE0AdgBOADgAYgA0AFQAKwBHAGkAcwBuAFIAQQA3AHAATABXAFUATwBTAEYAdABrAEsAOQBWAEYAYgBrAE4AYgBRAGQAQwBiAFUAYQBBAGcAZwBZAG4AQgBGAHoALwBVADMAMQA0AHMAQwBCADcAYwBSADEASQBXAFcATQBjAFAARQBFAFoATQB2AEEAKwBsAFcAZQB5AHEAcgBrAHgAQgBaADEAbABJADUAdAA3AEUAMwBBAHEAVwAvADYAdwBnADQAKwBhAFoASQB3AEoAaABmAEMAVgBVADUASgBTAGUASgBDAFQAbAA1ADIARwB3AFUAMgBLADYAawBIADAAZwBwAEMASwBIAEcAMAAzAE4AbgA0AHMAYgB4AEwAQQBnAHMAcAAvAHQATAB2AGoAUQBEAFgAOQBxAEkARgA3ADgASwB2AG8AQgA2AGwASgA3AHgAMgBtAFEANQBTADAAbwB0AC8AYgBxAGEATQA4ADYAQwBHAGwALwBqAGwASQBsADIAcgB5AEwAdABsAGIAbABJAGgAUgB2AHoAcgBOADYAZgBWAC8AUAB1AFAARQBVAFoAQgBDAEwAcQA2AGkARQBOADIANABmAEkASgBXAGIATAA3AFUAYgAwAEIASgAxAFgASgBMADIAZwBQAG4AQQBmAHkAbQBKADgASABEAGEAaQArAHIARQAwAFAAZQBGADMASAB3AFQAbABRAFoAdQBBAE4AVQA4AHEAQQBQAC8AMABWAGUAYgBVAHIANwBiADUAYwBSAHYAaQBkAGQAdgBjAEsAWQBPAFIAcAA5AEgAYwB1AGIAcQBYAG8ATwA3AHoAbQAzAG4AQwBzADYAMgBxAGIATwBxAGgAOQBtAGIAdQAxAFAAUwBEAEwAUwBiADQAWABYAG4ARgBmAE4AQgBOAEkATgBPAFQAbwBJAEQAUwBrAEEAQQBBAEEARABqAFIATwBhAFMAYwBBAHQAeQBvAG8AKwBRAG4ASgBuAHMAUABKAE8AOQBaAEIAKwBPAGgAeAB3AHYAQwA0AGUATABBAEQAaQA3AHoAbQA5AEcAbQBEAFcAaABXAEsAeAArAGgAVAB0AHEAKwBxAGIAbABRAGYAKwBRAHQAYwBiAHgAZAA0AGwAcwA4AGIARABSAFcAOABnAE8AaQBPAEkAUwBGAE0ATwAwADwALwBLAGUAeQBwAGEAaQByAD4APABLAGUAeQBHAGUAbgBGAGwAYQBnAHMAPgA4ADwALwBLAGUAeQBHAGUAbgBGAGwAYQBnAHMAPgA8AEMAZQByAHQAPgBNAEkASQBFAEkAVABDAEMAQQArAEMAZwBBAHcASQBCAEEAZwBJAFUAZABCAEgAVABvAGgARQBhAEwAcABzAEUAYgAxAGMANwAwADQAdwB1AGwAYQBLAEIAUAA2AFEAdwBDAFEAWQBIAEsAbwBaAEkAegBqAGcARQBBAHoAQQBqAE0AUwBFAHcASAB3AFkARABWAFEAUQBEAEUAeABoAFUAYgAyAHQAbABiAGkAQgBUAGEAVwBkAHUAYQBXADUAbgBJAEYAQgAxAFkAbQB4AHAAWQB5AEIATABaAFgAawB3AEgAaABjAE4ATQBUAEUAdwBPAEQARQB3AE0AVABJAHgATQBUAEUANQBXAGgAYwBOAE0AVABJAHcATQBqAEEAMgBNAFQASQB4AE0AVABFADUAVwBqAEEAdABNAFMAcwB3AEsAUQBZAEQAVgBRAFEARABIAGkASQBBAE0AQQBBAHcAQQBEAEUAQQBPAEEAQQAzAEEARQBZAEEAUgBnAEIARgBBAEQAawBBAE0AdwBBADEAQQBFAFkAQQBOAEEAQQB6AEEARQBVAEEAUgBRAEEAQQBNAEkARwBmAE0AQQAwAEcAQwBTAHEARwBTAEkAYgAzAEQAUQBFAEIAQQBRAFUAQQBBADQARwBOAEEARABDAEIAaQBRAEsAQgBnAFEARABBAGUAKwA0AEEAOQBPAFcASABmAG8AKwBkAE8ASQBBAFkAbABXADgAQgBTAEEAdQBpAGMATwB3AGsALwBrAEEANwBSADMATwB1AEQAdwBJAGwAWgBqAGIAdgBnAEkAVwBGAHAATAB1AFAAWgBwAEQALwA0AFgAbwBlAHcAQwA2AGsAKwB5AFQAWgBkAGIALwBNAFUAUAA1AEYAWQBjAG8AdwBWAEoAcwBjAGEATgBYAG4AZwAwADcAcABQAG0AdgBzAGQASQAyAEEAbQB1AHIAQwA1AE8AYgA3AGcAZgBVADEALwBRAGcAZgBrAE4AdABaADEAZAAwAHoAbgB1AFEAawBUAHQAOQB1AHMAbABZADMAcgBhAFAAUwBpAG4AaQA3AEMAKwBZAGcANgBpADIAMgBIAEwAQgBxAGkASgBIAFkANQBoADIARgBOAHIAUQB6AFkAUQBJAEQAQQBRAEEAQgBvADQASQBDAG8ARABDAEMAQQBwAHcAdwBEAGcAWQBEAFYAUgAwAFAAQQBRAEgALwBCAEEAUQBEAEEAZwBXAGcATQBCAE0ARwBBADEAVQBkAEoAUQBRAE0ATQBBAG8ARwBDAEMAcwBHAEEAUQBVAEYAQgB3AE0AQwBNAEkASQBCAC8AdwBZAEQAVgBSADAAZwBCAEkASQBCADkAagBDAEMAQQBmAEkAdwBnAGcASAB1AEIAZwBvAHIAQgBnAEUARQBBAFkASQAzAE0AdwBNAEMATQBJAEkAQgAzAGoAQwBDAEEAZABvAEcAQwBDAHMARwBBAFEAVQBGAEIAdwBJAEMATQBJAEkAQgB6AEIANgBDAEEAYwBnAEEAVABRAEIAcABBAEcATQBBAGMAZwBCAHYAQQBIAE0AQQBiAHcAQgBtAEEASABRAEEASQBBAEIAawBBAEcAOABBAFoAUQBCAHoAQQBDAEEAQQBiAGcAQgB2AEEASABRAEEASQBBAEIAMwBBAEcARQBBAGMAZwBCAHkAQQBHAEUAQQBiAGcAQgAwAEEAQwBBAEEAYgB3AEIAeQBBAEMAQQBBAFkAdwBCAHMAQQBHAEUAQQBhAFEAQgB0AEEAQwBBAEEAZABBAEIAbwBBAEcARQBBAGQAQQBBAGcAQQBIAFEAQQBhAEEAQgBsAEEAQwBBAEEAYQBRAEIAdQBBAEcAWQBBAGIAdwBCAHkAQQBHADAAQQBZAFEAQgAwAEEARwBrAEEAYgB3AEIAdQBBAEMAQQBBAFoAQQBCAHAAQQBIAE0AQQBjAEEAQgBzAEEARwBFAEEAZQBRAEIAbABBAEcAUQBBAEkAQQBCAHAAQQBHADQAQQBJAEEAQgAwAEEARwBnAEEAYQBRAEIAegBBAEMAQQBBAFkAdwBCAGwAQQBIAEkAQQBkAEEAQgBwAEEARwBZAEEAYQBRAEIAagBBAEcARQBBAGQAQQBCAGwAQQBDAEEAQQBhAFEAQgB6AEEAQwBBAEEAWQB3AEIAMQBBAEgASQBBAGMAZwBCAGwAQQBHADQAQQBkAEEAQQBnAEEARwA4AEEAYwBnAEEAZwBBAEcARQBBAFkAdwBCAGoAQQBIAFUAQQBjAGcAQgBoAEEASABRAEEAWgBRAEEAcwBBAEMAQQBBAGIAZwBCAHYAQQBIAEkAQQBJAEEAQgBrAEEARwA4AEEAWgBRAEIAegBBAEMAQQBBAGEAUQBCADAAQQBDAEEAQQBiAFEAQgBoAEEARwBzAEEAWgBRAEEAZwBBAEcARQBBAGIAZwBCADUAQQBDAEEAQQBaAGcAQgB2AEEASABJAEEAYgBRAEIAaABBAEcAdwBBAEkAQQBCAHoAQQBIAFEAQQBZAFEAQgAwAEEARwBVAEEAYgBRAEIAbABBAEcANABBAGQAQQBCAHoAQQBDAEEAQQBZAFEAQgBpAEEARwA4AEEAZABRAEIAMABBAEMAQQBBAGQAQQBCAG8AQQBHAFUAQQBJAEEAQgB4AEEASABVAEEAWQBRAEIAcwBBAEcAawBBAGQAQQBCADUAQQBDAEEAQQBiAHcAQgB5AEEAQwBBAEEAYwB3AEIAaABBAEcAWQBBAFoAUQBCADAAQQBIAGsAQQBJAEEAQgB2AEEARwBZAEEASQBBAEIAawBBAEcARQBBAGQAQQBCAGgAQQBDAEEAQQBjAHcAQgBwAEEARwBjAEEAYgBnAEIAbABBAEcAUQBBAEkAQQBCADMAQQBHAGsAQQBkAEEAQgBvAEEAQwBBAEEAZABBAEIAbwBBAEcAVQBBAEkAQQBCAGoAQQBHADgAQQBjAGcAQgB5AEEARwBVAEEAYwB3AEIAdwBBAEcAOABBAGIAZwBCAGsAQQBHAGsAQQBiAGcAQgBuAEEAQwBBAEEAYwBBAEIAeQBBAEcAawBBAGQAZwBCAGgAQQBIAFEAQQBaAFEAQQBnAEEARwBzAEEAWgBRAEIANQBBAEMANAB3AFUAdwBZAEQAVgBSADAAagBCAEUAdwB3AFMAbwBBAFUAawBFAGEAMQBCAHIAOAAxAFEAdgBuAHcAeABrADUATABoAEMAOQA4AHAAaQBsAFMATAA4AGkAaABKADYAUQBsAE0AQwBNAHgASQBUAEEAZgBCAGcATgBWAEIAQQBNAFQARwBGAFIAdgBhADIAVgB1AEkARgBOAHAAWgAyADUAcABiAG0AYwBnAFUASABWAGkAYgBHAGwAagBJAEUAdABsAGUAWQBJAEoAQQBOAGoAcAA5AHgAUgBrADkATABlAEIATQBCADAARwBBADEAVQBkAEQAZwBRAFcAQgBCAFIAcwBPADgAbABPAEoAWABBAE0ATABvAEEAdwBUAFcAWQBPAGEARABTACsAVQBsADgAZwBWAFQAQQBKAEIAZwBjAHEAaABrAGoATwBPAEEAUQBEAEEAegBBAEEATQBDADAAQwBGAEEAcgBDAGEAQgBEAEMAMQBmAFcAcgAzADkAZQAwAHMANgBEAGYAbwBoAEYAUwBLAFAAcwAxAEEAaABVAEEAZwBVAC8AcgBLAG0AbABoAEkAegB4AHQAVwBzACsAZwBMAHAAVgA1AHAAYQA4ADIATABOAEEAQQA8AC8AQwBlAHIAdAA+ADwARQB4AHAAaQByAGUAZABUAGkAbQBlAD4AMgAwADEAMgAtADAAMgAtADAANgBUADEAMgA6ADEANgA6ADEAOQA8AC8ARQB4AHAAaQByAGUAZABUAGkAbQBlAD4APAAvAEMAZQByAHQASQBuAGYAbwA+AA==</Certificate></User></Data>
"

====== Ende von Suche ======
Hallo Rafael,
habe jetzt folgende Fehlermeldung beim scannen erhalten.

"Updates funktionieren nicht. Ist ein Proxy eingerichtet?"
Was muss ich jetzt machen?

Guten morgen, kann es sein das meine letzte Nachricht eventuell untergegangen ist? Ich komme mit dem scannen nicht weiter, wegen der Fehlermeldung.

burningice 10.06.2016 18:09
Meistens klappt es nach 1-2 simplen Neustarts und/oder erneutem Herunterladen wieder problemlos :)

Caroblue 10.06.2016 21:30
Code:
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=46a9f6008bb7674baa5ef0d96556e1d0
# end=init
# utc_time=2016-06-09 11:19:51
# local_time=2016-06-09 01:19:51 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.2.9200 NT
Update Init
Update Download
esets_scanner_update returned -1 esets_gle=37126
Update Finalize
Updated modules version: 0
Old modules - leave modules
Update Init
Update Download
Update Finalize
Updated modules version: 29744
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=46a9f6008bb7674baa5ef0d96556e1d0
# end=init
# utc_time=2016-06-10 05:37:24
# local_time=2016-06-10 07:37:24 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.2.9200 NT
Update Init
Update Download
Update Finalize
Updated modules version: 29758
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=46a9f6008bb7674baa5ef0d96556e1d0
# end=updated
# utc_time=2016-06-10 05:38:48
# local_time=2016-06-10 07:38:48 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.2.9200 NT
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=46a9f6008bb7674baa5ef0d96556e1d0
# engine=29758
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2016-06-10 07:53:30
# local_time=2016-06-10 09:53:30 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT
# compatibility_mode_1='Kaspersky Total Security'
# compatibility_mode=1304 16777213 100 100 216796 29810662 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 117977 19402553 0 0
# scanned=299201
# found=34
# cleaned=32
# scan_time=8082
sh=BB81439EA817953E9DBE7B7039F29456D4DC64D7 ft=1 fh=3e21a739fcfccdc1 vn="Variante von Win32/ELEX.CC evtl. unerwünschte Anwendung" ac=I fn="C:\Users\All Users\Malwarebytes\Malwarebytes Anti-Malware\iSafeNetFilter.sys-k.mbam"
sh=BB81439EA817953E9DBE7B7039F29456D4DC64D7 ft=1 fh=3e21a739fcfccdc1 vn="Variante von Win32/ELEX.CC evtl. unerwünschte Anwendung" ac=I fn="C:\Users\All Users\Malwarebytes\Malwarebytes Anti-Malware\iSafeNetFilter.sys-u.mbam"
sh=523DED566E785E6CE03F9A0F1E9387CE22220A7C ft=1 fh=c71c0011c52e71be vn="Variante von Win32/Adware.CloudGuard.B Anwendung (Gesäubert durch Löschen)" ac=C fn="C:\AdwCleaner\FileQuarantine\C\Program Files (x86)\DNS Unlocker\ConsoleApplication1.dll.vir"
sh=ADBC200F6EEABA9A36744339919BCA923ED9B16A ft=1 fh=c71c0011b7c271b9 vn="Variante von Win32/ELEX.HS evtl. unerwünschte Anwendung (Gesäubert durch Löschen)" ac=C fn="C:\AdwCleaner\FileQuarantine\C\ProgramData\awinpa\WFini.exe.vir"
sh=CE55B1856A3C604B5315E194448FC2188FA2E569 ft=1 fh=c71c0011450b013c vn="Variante von Win32/ELEX.HX evtl. unerwünschte Anwendung (Gesäubert durch Löschen)" ac=C fn="C:\AdwCleaner\FileQuarantine\C\ProgramData\awinpa\xtemp\mib.exe.vir"
sh=BB81439EA817953E9DBE7B7039F29456D4DC64D7 ft=1 fh=3e21a739fcfccdc1 vn="Variante von Win32/ELEX.CC evtl. unerwünschte Anwendung (Gesäubert durch Löschen)" ac=C fn="C:\AdwCleaner\FileQuarantine\C\WINDOWS\SysNative\drivers\iSafeNetFilter.sys.vir"
sh=C577BA4033EA592A41A5E50BEFCA2098DC9121CC ft=1 fh=9be0728652813877 vn="Variante von Win32/Packed.NSISmod.R verdächtige Datei (Gesäubert durch Löschen)" ac=C fn="C:\Program Files\3d4c000a04d89a4d691861923d3e00f8\185a19c9f926fa9d8c455bcb810deb50.exe"
sh=F678EA93DB0BD549C5D4C7824E398F2DE0CC31C9 ft=1 fh=4c8f3bdca1489cf7 vn="Variante von Win32/ELEX.BP evtl. unerwünschte Anwendung (Gesäubert durch Löschen (nach dem nächsten Neustart))" ac=C fn="C:\Program Files (x86)\Elex-tech\YAC\iImportLib.dll"
sh=BFC712282D22A4DC02D4594EC5AF71C790347E36 ft=1 fh=91d61e330d1da7f8 vn="Variante von Win32/ELEX.CC evtl. unerwünschte Anwendung (Gesäubert durch Löschen (nach dem nächsten Neustart))" ac=C fn="C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlCall64.dll"
sh=BB81439EA817953E9DBE7B7039F29456D4DC64D7 ft=1 fh=3e21a739fcfccdc1 vn="Variante von Win32/ELEX.CC evtl. unerwünschte Anwendung (Gesäubert durch Löschen (nach dem nächsten Neustart))" ac=C fn="C:\Program Files (x86)\Elex-tech\YAC\iSafeNetFilter.sys"
sh=A99A057031BE5E697F08A6B32F08D279C673DB78 ft=1 fh=bf29d5f4060d2337 vn="Variante von Win32/ELEX.CC evtl. unerwünschte Anwendung (Gesäubert durch Löschen (nach dem nächsten Neustart))" ac=C fn="C:\Program Files (x86)\Elex-tech\YAC\iSafeRKScanShell64.dll"
sh=A340BA98EC7BA228D8E66AC55C47F6A0F0FCCBD2 ft=1 fh=92c69192d39a3ccb vn="Variante von Win32/ELEX.CC evtl. unerwünschte Anwendung (Gesäubert durch Löschen (nach dem nächsten Neustart))" ac=C fn="C:\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll"
sh=EF7D28C86AEA03A9BB290B1AE376AFC038BFF65C ft=1 fh=6f4875cd36564c65 vn="Variante von Win32/ELEX.CS evtl. unerwünschte Anwendung (Gesäubert durch Löschen (nach dem nächsten Neustart))" ac=C fn="C:\Program Files (x86)\Elex-tech\YAC\iSvc.dll"
sh=20C5E9E139DBB09A63B1641739A50B7F82E97EAE ft=1 fh=d50fd859e0be4c10 vn="Variante von Win32/ELEX.CQ evtl. unerwünschte Anwendung (Gesäubert durch Löschen (nach dem nächsten Neustart))" ac=C fn="C:\Program Files (x86)\Elex-tech\YAC\iSvc2.dll"
sh=5AF0B98E324EB8D81F97EEE2D11E3F996B5C91F5 ft=1 fh=955761e6ce5527b5 vn="Variante von Win32/ELEX.CC evtl. unerwünschte Anwendung (Gesäubert durch Löschen (nach dem nächsten Neustart))" ac=C fn="C:\Program Files (x86)\Elex-tech\YAC\ouilibx.dll"
sh=62182165AE6E611C1A59076BB40AA02C089EB760 ft=1 fh=485b3e1c719876ae vn="Variante von Win32/ELEX.DB evtl. unerwünschte Anwendung (Gesäubert durch Löschen (nach dem nächsten Neustart))" ac=C fn="C:\Program Files (x86)\Elex-tech\YAC\uninstall.exe"
sh=BB81439EA817953E9DBE7B7039F29456D4DC64D7 ft=1 fh=3e21a739fcfccdc1 vn="Variante von Win32/ELEX.CC evtl. unerwünschte Anwendung (Gesäubert durch Löschen)" ac=C fn="C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\iSafeNetFilter.sys-k.mbam"
sh=BB81439EA817953E9DBE7B7039F29456D4DC64D7 ft=1 fh=3e21a739fcfccdc1 vn="Variante von Win32/ELEX.CC evtl. unerwünschte Anwendung (Gesäubert durch Löschen)" ac=C fn="C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\iSafeNetFilter.sys-u.mbam"
sh=56C1908CBC0DE68EA4896A99C30DCA6F894C7D65 ft=1 fh=a1273a17b88e6a2a vn="Variante von Win32/ELEX.IC evtl. unerwünschte Anwendung (Gesäubert durch Löschen)" ac=C fn="C:\Users\lucted\AppData\Local\Temp\istD5F2.tmp\tools\wzp\eUpgrade\eupgrade.exe"
sh=629619A3A54198ECBB99038D9423A88D1592E6F1 ft=1 fh=9c54cde5fe3020f0 vn="Variante von Win32/ELEX.IC evtl. unerwünschte Anwendung (Gesäubert durch Löschen)" ac=C fn="C:\Users\lucted\AppData\Local\Temp\istD5F2.tmp\tools\wzp\OmigaZip_patch\winziper.exe"
sh=5F9FC152547007EB88CD4BBDDF3786EE92FDD87A ft=1 fh=d686fe28f8e3c80e vn="Variante von Win32/ELEX.HU evtl. unerwünschte Anwendung (Gesäubert durch Löschen)" ac=C fn="C:\Users\lucted\AppData\Local\Temp\istD5F2.tmp\tools\wzp\OmigaZip_patch\winzipersvc.exe"
sh=B56591832EBB1FCB8417BA6E0619A60670C6B088 ft=1 fh=9289bff57409798f vn="Variante von Win32/ELEX.IH evtl. unerwünschte Anwendung (Gesäubert durch Löschen)" ac=C fn="C:\Users\lucted\AppData\Local\Temp\istD5F2.tmp\tools\wzp\OmigaZip_patch\wzdl.exe"
sh=D7A39A84A81E1C5EAB6B9CE019C7D1173B156FBE ft=1 fh=e41d7fa28bf500b2 vn="Variante von Win32/ELEX.IC evtl. unerwünschte Anwendung (Gesäubert durch Löschen)" ac=C fn="C:\Users\lucted\AppData\Local\Temp\istD5F2.tmp\tools\wzp\OmigaZip_patch\wzUninstall.exe"
sh=5F9E91B38E3622F69CA776F34255735794918574 ft=1 fh=917e71d6619d64f4 vn="Variante von Win32/ELEX.HW evtl. unerwünschte Anwendung (Gesäubert durch Löschen)" ac=C fn="C:\Users\lucted\AppData\Local\Temp\istD5F2.tmp\tools\wzp\OmigaZip_patch\wzUpg.exe"
sh=2A479117E8D4FA069EF5271CB37EDDF6C314F7E3 ft=0 fh=0000000000000000 vn="Win32/Toolbar.TNT2.I evtl. unerwünschte Anwendung (Gesäubert durch Löschen)" ac=C fn="C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\extensions\arthurj8283@gmail.com\chrome\content\toolbar.js"
sh=CD58E8AF0F578E66C616C8DCDC4A26B498A2208C ft=1 fh=905c6d65df2844f3 vn="Win32/SoftonicDownloader.E evtl. unerwünschte Anwendung (Gesäubert durch Löschen)" ac=C fn="C:\Users\lucted\Downloads\COMPUTER_BILD_Download_Manager_fuer_euchler-haushaltsbuch.exe"
sh=CB7DD53F5495D977BB89F7DF77924FC314397E8C ft=1 fh=af24f1c2402b553b vn="Variante von MSIL/383Media.A evtl. unerwünschte Anwendung (gelöscht)" ac=C fn="C:\Users\lucted\Downloads\Driverwhiz.exe"
sh=63EC29027CDDBC3361B2D658CAEDF21A13200705 ft=1 fh=f33f0f78ed1e7101 vn="Variante von Win32/InstallCore.AHS evtl. unerwünschte Anwendung (Gesäubert durch Löschen)" ac=C fn="C:\Users\lucted\Downloads\JavaSetup(1).exe"
sh=96EF2D43E2C3CC7524FBAF84C4E7903093600D5A ft=1 fh=5f7e2854144fe522 vn="Variante von Win32/InstallCore.AFF.gen evtl. unerwünschte Anwendung (Gesäubert durch Löschen)" ac=C fn="C:\Users\lucted\Downloads\JavaSetup.exe"
sh=ACE547CB4890417D4BEAA870433A673BBFBD66A8 ft=1 fh=0a700108666a1180 vn="Win32/SoftonicDownloader.E evtl. unerwünschte Anwendung (Gesäubert durch Löschen)" ac=C fn="C:\Users\lucted\Downloads\SoftonicDownloader_fuer_chatflow.exe"
sh=BB81439EA817953E9DBE7B7039F29456D4DC64D7 ft=1 fh=3e21a739fcfccdc1 vn="Variante von Win32/ELEX.CC evtl. unerwünschte Anwendung (Gesäubert durch Löschen (nach dem nächsten Neustart))" ac=C fn="C:\Windows\System32\drivers\iSafeNetFilter.sys"
sh=B702A593F93147F4F1CAEBF3554E367BE8788A26 ft=1 fh=77fb28f89c4b04ed vn="Variante von Win32/Kryptik.CD Trojaner (Gesäubert durch Löschen)" ac=C fn="C:\Windows\Temp\WAXCD73.tmp"
sh=A9F6A3299D8E5A8B0F8F18915521C8B3E7C9F864 ft=1 fh=a874d3fc82897e2d vn="Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung (gelöscht)" ac=C fn="D:\TOOLS\Medion MediaPack\medion_mediapack_2_ext.exe"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="Variante von Win32/ELEX.BP evtl. unerwünschte Anwendung (gelöscht (nach dem nächsten Neustart))" ac=C fn="${Memory}"

Caroblue 12.06.2016 08:22
Hallo, ist mein PC jetzt gesäubert? Kann ich jetzt wieder Kaspersky Installieren? Brauche dringend meinen PC um Online dinge zu erledigen.
lg Caroblue

burningice 12.06.2016 11:55
Schritt: 1
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
[-HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\iSafe]
Task: {0AE78D91-A7DE-4F65-A9CD-E369C3479F09} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Keine Datei <==== ACHTUNG
Task: {319EB23E-559C-4E9E-9F0B-AAFDA9B7421D} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Keine Datei <==== ACHTUNG
Task: {4AFB5D0A-7DF4-46BE-A82E-5241D88C8C60} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Keine Datei <==== ACHTUNG
Task: {75230950-0B37-4462-B7BA-CA2735954A56} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Keine Datei <==== ACHTUNG
Task: {7A6B14B7-677B-4BD6-917D-DC58503BCBFF} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Keine Datei <==== ACHTUNG
Task: {7B04EE90-A8D1-4A8A-A32B-B09B2F6C57D1} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Keine Datei <==== ACHTUNG
Task: {7E6C1EA1-F6F2-41F3-BD59-51B43EA13E44} - System32\Tasks\jIxmRfRBrowserUpdateUA => C:\Program Files (x86)\jIxmRfR\jIxmRfR\bin\jIxmRfR_server.exe <==== ACHTUNG
Task: {887344DF-D754-4FF4-8651-860705AE50A3} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Keine Datei <==== ACHTUNG
Task: {8CFCAFD0-C275-46BC-A536-D43A3EE24B92} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Keine Datei <==== ACHTUNG
Task: {97EAAE54-1A62-46E4-B3AA-F891A2C3005A} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Keine Datei <==== ACHTUNG
Task: {B6D99E2F-9D9F-4969-9B47-65031077E91C} - System32\Tasks\irMonitor => C:\Windows\system32 [2016-06-08] ()
Task: {BEB05DFD-8F3D-4045-B1A5-BF088E87EF92} - System32\Tasks\jIxmRfRCheckTask => C:\Program Files (x86)\jIxmRfR\jIxmRfR\bin\jIxmRfR_server.exe <==== ACHTUNG
Task: {DF49E67D-237B-4E9C-BE76-38CBDCA26153} - System32\Tasks\jIxmRfRBrowserUpdateCore => C:\Program Files (x86)\jIxmRfR\jIxmRfR\bin\jIxmRfR_server.exe <==== ACHTUNG
Task: {E729A9E5-95D1-4339-8989-78C278042C83} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Keine Datei <==== ACHTUNG
Task: {FFDF00CD-C356-471E-BF42-9F6DAA5DFD8E} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> Keine Datei <==== ACHTUNG
Task: C:\WINDOWS\Tasks\jIxmRfRBrowserUpdateCore.job => C:\Program Files (x86)\jIxmRfR\jIxmRfR\bin\jIxmRfR_server.exe <==== ACHTUNG
Task: C:\WINDOWS\Tasks\jIxmRfRCheckTask.job => C:\Program Files (x86)\jIxmRfR\jIxmRfR\bin\jIxmRfR_server.exe <==== ACHTUNG
C:\Program Files (x86)\Elex-tech
C:\Program Files (x86)\jIxmRfR
FirewallRules: [{89C3D9B3-C937-47C6-B68D-4B98A106A023}] => (Allow) C:\Program Files (x86)\jIxmRfR\jIxmRfR\chrome.exe
FirewallRules: [{A4F0DB59-7443-437E-9FA6-5308DE692F5C}] => (Allow) C:\Program Files (x86)\jIxmRfR\jIxmRfR\bin\jIxmRfR_server.exe
FirewallRules: [{68096047-A42E-4D7A-A3D4-F57FF681E452}] => (Allow) C:\ProgramData\jIxmRfR\protect\protect.exe
SearchScopes: HKLM -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKLM -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKLM-x32 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKLM-x32 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-689365640-92009327-2566536619-1001 -> DefaultScope {4BB7C960-1C70-484C-B979-2CCADBE00A6F} URL =
SearchScopes: HKU\S-1-5-21-689365640-92009327-2566536619-1001 -> {4BB7C960-1C70-484C-B979-2CCADBE00A6F} URL =
SearchScopes: HKU\S-1-5-21-689365640-92009327-2566536619-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {4BB7C960-1C70-484C-B979-2CCADBE00A6F} URL =
SearchScopes: HKU\S-1-5-21-689365640-92009327-2566536619-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {4BB7C960-1C70-484C-B979-2CCADBE00A6F} URL =
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll => Keine Datei
FF DefaultSearchEngine: v9
FF SelectedSearchEngine: v9
FF Keyword.URL: undefined://undefined/
CHR DefaultSearchURL: Default -> hxxp://www.nicesearches.com/search.php?type=ds&ts=1462807746&from=87640509&uid=hitachixhts547575a9e384_j2540054ca75yeca75yex&z=addf052d28676756fb7e802g0z2q4oabfe0m8m3c7b&q={searchTerms}
CHR DefaultSearchKeyword: Default -> nice
R2 iSafeService; C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe [118048 2016-05-24] (Elex do Brasil Participações Ltda)
S2 jIxmRfR_protect; "C:\ProgramData\jIxmRfR\protect\protect.exe" [X]
R1 iSafeKrnl; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnl.sys [262344 2016-05-24] (Elex do Brasil Participações Ltda)
S1 iSafeKrnlKit; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlKit.sys [110112 2016-05-24] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlMon; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlMon.sys [52440 2016-05-24] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlR3; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlR3.sys [103904 2016-05-24] (Elex do Brasil Participações Ltda)
R1 iSafeNetFilter; C:\Windows\System32\DRIVERS\iSafeNetFilter.sys [52392 2016-05-19] (Elex do Brasil Participações Ltda)
2016-06-08 09:32 - 2016-06-08 09:32 - 00000000 ____D C:\Users\lucted\AppData\Roaming\Elex-tech
2016-06-01 08:40 - 2016-06-01 08:40 - 00000000 ____D C:\Program Files (x86)\TXQQBrowser
2016-05-22 17:32 - 2016-05-22 17:32 - 00000000 ____D C:\Program Files\3d4c000a04d89a4d691861923d3e00f8
2016-05-22 17:31 - 2016-05-22 17:31 - 00079944 _____ C:\WINDOWS\system32\Drivers\9bbd853a1cc743e00bcc1b20a5622ae6.sys
2016-05-24 13:47 - 2016-03-26 10:41 - 00000000 ____D C:\Program Files\43479b7a0f48684bb2a08ceca5cd1e79
2016-05-22 17:31 - 2016-03-24 07:07 - 00649728 _____ C:\WINDOWS\185a19c9f926fa9d8c455bcb810deb50.exe
cmd: dir "C:\Program Files (x86)"
cmd: dir "C:\Program Files"

emptytemp:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.



Schritt: 2
Verwende das Kaspersky Removal Tool, weil du immer noch eine unvollständige Installation auf dem PC hast
Download: http://media.kaspersky.com/utilities...s/kavremvr.exe

Schritt: 3
Bitte starte wieder FRST, setze den Haken bei Addition und drücke auf Untersuchen. Poste bitte wieder die beiden Textdateien, die so entstehen.

Caroblue 12.06.2016 22:01
Code:
Entferungsergebnis von Farbar Recovery Scan Tool (x64) Version:12-06-2016 01
durchgeführt von lucted (2016-06-12 22:27:30) Run:1
Gestartet von C:\Users\lucted\Trojaner-Board#\FRST-OlderVersion
Geladene Profile: UpdatusUser & lucted (Verfügbare Profile: UpdatusUser & lucted & DefaultAppPool)
Start-Modus: Normal
==============================================

fixlist Inhalt:
*****************
[-HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\iSafe]
Task: {0AE78D91-A7DE-4F65-A9CD-E369C3479F09} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Keine Datei <==== ACHTUNG
Task: {319EB23E-559C-4E9E-9F0B-AAFDA9B7421D} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Keine Datei <==== ACHTUNG
Task: {4AFB5D0A-7DF4-46BE-A82E-5241D88C8C60} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Keine Datei <==== ACHTUNG
Task: {75230950-0B37-4462-B7BA-CA2735954A56} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Keine Datei <==== ACHTUNG
Task: {7A6B14B7-677B-4BD6-917D-DC58503BCBFF} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Keine Datei <==== ACHTUNG
Task: {7B04EE90-A8D1-4A8A-A32B-B09B2F6C57D1} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Keine Datei <==== ACHTUNG
Task: {7E6C1EA1-F6F2-41F3-BD59-51B43EA13E44} - System32\Tasks\jIxmRfRBrowserUpdateUA => C:\Program Files (x86)\jIxmRfR\jIxmRfR\bin\jIxmRfR_server.exe <==== ACHTUNG
Task: {887344DF-D754-4FF4-8651-860705AE50A3} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Keine Datei <==== ACHTUNG
Task: {8CFCAFD0-C275-46BC-A536-D43A3EE24B92} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Keine Datei <==== ACHTUNG
Task: {97EAAE54-1A62-46E4-B3AA-F891A2C3005A} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Keine Datei <==== ACHTUNG
Task: {B6D99E2F-9D9F-4969-9B47-65031077E91C} - System32\Tasks\irMonitor => C:\Windows\system32 [2016-06-08] ()
Task: {BEB05DFD-8F3D-4045-B1A5-BF088E87EF92} - System32\Tasks\jIxmRfRCheckTask => C:\Program Files (x86)\jIxmRfR\jIxmRfR\bin\jIxmRfR_server.exe <==== ACHTUNG
Task: {DF49E67D-237B-4E9C-BE76-38CBDCA26153} - System32\Tasks\jIxmRfRBrowserUpdateCore => C:\Program Files (x86)\jIxmRfR\jIxmRfR\bin\jIxmRfR_server.exe <==== ACHTUNG
Task: {E729A9E5-95D1-4339-8989-78C278042C83} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Keine Datei <==== ACHTUNG
Task: {FFDF00CD-C356-471E-BF42-9F6DAA5DFD8E} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> Keine Datei <==== ACHTUNG
Task: C:\WINDOWS\Tasks\jIxmRfRBrowserUpdateCore.job => C:\Program Files (x86)\jIxmRfR\jIxmRfR\bin\jIxmRfR_server.exe <==== ACHTUNG
Task: C:\WINDOWS\Tasks\jIxmRfRCheckTask.job => C:\Program Files (x86)\jIxmRfR\jIxmRfR\bin\jIxmRfR_server.exe <==== ACHTUNG
C:\Program Files (x86)\Elex-tech
C:\Program Files (x86)\jIxmRfR
FirewallRules: [{89C3D9B3-C937-47C6-B68D-4B98A106A023}] => (Allow) C:\Program Files (x86)\jIxmRfR\jIxmRfR\chrome.exe
FirewallRules: [{A4F0DB59-7443-437E-9FA6-5308DE692F5C}] => (Allow) C:\Program Files (x86)\jIxmRfR\jIxmRfR\bin\jIxmRfR_server.exe
FirewallRules: [{68096047-A42E-4D7A-A3D4-F57FF681E452}] => (Allow) C:\ProgramData\jIxmRfR\protect\protect.exe
SearchScopes: HKLM -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKLM -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKLM-x32 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKLM-x32 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-689365640-92009327-2566536619-1001 -> DefaultScope {4BB7C960-1C70-484C-B979-2CCADBE00A6F} URL =
SearchScopes: HKU\S-1-5-21-689365640-92009327-2566536619-1001 -> {4BB7C960-1C70-484C-B979-2CCADBE00A6F} URL =
SearchScopes: HKU\S-1-5-21-689365640-92009327-2566536619-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {4BB7C960-1C70-484C-B979-2CCADBE00A6F} URL =
SearchScopes: HKU\S-1-5-21-689365640-92009327-2566536619-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {4BB7C960-1C70-484C-B979-2CCADBE00A6F} URL =
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll => Keine Datei
FF DefaultSearchEngine: v9
FF SelectedSearchEngine: v9
FF Keyword.URL: undefined://undefined/
CHR DefaultSearchURL: Default -> hxxp://www.nicesearches.com/search.php?type=ds&ts=1462807746&from=87640509&uid=hitachixhts547575a9e384_j2540054ca75yeca75yex&z=addf052d28676756fb7e802g0z2q4oabfe0m8m3c7b&q={searchTerms}
CHR DefaultSearchKeyword: Default -> nice
R2 iSafeService; C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe [118048 2016-05-24] (Elex do Brasil Participações Ltda)
S2 jIxmRfR_protect; "C:\ProgramData\jIxmRfR\protect\protect.exe" [X]
R1 iSafeKrnl; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnl.sys [262344 2016-05-24] (Elex do Brasil Participações Ltda)
S1 iSafeKrnlKit; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlKit.sys [110112 2016-05-24] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlMon; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlMon.sys [52440 2016-05-24] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlR3; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlR3.sys [103904 2016-05-24] (Elex do Brasil Participações Ltda)
R1 iSafeNetFilter; C:\Windows\System32\DRIVERS\iSafeNetFilter.sys [52392 2016-05-19] (Elex do Brasil Participações Ltda)
2016-06-08 09:32 - 2016-06-08 09:32 - 00000000 ____D C:\Users\lucted\AppData\Roaming\Elex-tech
2016-06-01 08:40 - 2016-06-01 08:40 - 00000000 ____D C:\Program Files (x86)\TXQQBrowser
2016-05-22 17:32 - 2016-05-22 17:32 - 00000000 ____D C:\Program Files\3d4c000a04d89a4d691861923d3e00f8
2016-05-22 17:31 - 2016-05-22 17:31 - 00079944 _____ C:\WINDOWS\system32\Drivers\9bbd853a1cc743e00bcc1b20a5622ae6.sys
2016-05-24 13:47 - 2016-03-26 10:41 - 00000000 ____D C:\Program Files\43479b7a0f48684bb2a08ceca5cd1e79
2016-05-22 17:31 - 2016-03-24 07:07 - 00649728 _____ C:\WINDOWS\185a19c9f926fa9d8c455bcb810deb50.exe
cmd: dir "C:\Program Files (x86)"
cmd: dir "C:\Program Files"

emptytemp:
*****************

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\iSafe => konnte nicht entfernt werden im ersten Versuch (ErrorCode: C0000022), siehe nächste Zeile.
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\iSafe => konnte nicht entfernt werdenSchlüssel.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0AE78D91-A7DE-4F65-A9CD-E369C3479F09}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0AE78D91-A7DE-4F65-A9CD-E369C3479F09}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{319EB23E-559C-4E9E-9F0B-AAFDA9B7421D}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{319EB23E-559C-4E9E-9F0B-AAFDA9B7421D}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4AFB5D0A-7DF4-46BE-A82E-5241D88C8C60}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4AFB5D0A-7DF4-46BE-A82E-5241D88C8C60}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{75230950-0B37-4462-B7BA-CA2735954A56}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{75230950-0B37-4462-B7BA-CA2735954A56}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7A6B14B7-677B-4BD6-917D-DC58503BCBFF}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7A6B14B7-677B-4BD6-917D-DC58503BCBFF}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7B04EE90-A8D1-4A8A-A32B-B09B2F6C57D1}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7B04EE90-A8D1-4A8A-A32B-B09B2F6C57D1}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7E6C1EA1-F6F2-41F3-BD59-51B43EA13E44}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7E6C1EA1-F6F2-41F3-BD59-51B43EA13E44}" => Schlüssel erfolgreich entfernt
C:\WINDOWS\System32\Tasks\jIxmRfRBrowserUpdateUA => erfolgreich verschoben
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\jIxmRfRBrowserUpdateUA" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{887344DF-D754-4FF4-8651-860705AE50A3}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{887344DF-D754-4FF4-8651-860705AE50A3}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{8CFCAFD0-C275-46BC-A536-D43A3EE24B92}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8CFCAFD0-C275-46BC-A536-D43A3EE24B92}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{97EAAE54-1A62-46E4-B3AA-F891A2C3005A}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{97EAAE54-1A62-46E4-B3AA-F891A2C3005A}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B6D99E2F-9D9F-4969-9B47-65031077E91C}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B6D99E2F-9D9F-4969-9B47-65031077E91C}" => Schlüssel erfolgreich entfernt
C:\WINDOWS\System32\Tasks\irMonitor => erfolgreich verschoben
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\irMonitor" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BEB05DFD-8F3D-4045-B1A5-BF088E87EF92}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BEB05DFD-8F3D-4045-B1A5-BF088E87EF92}" => Schlüssel erfolgreich entfernt
C:\WINDOWS\System32\Tasks\jIxmRfRCheckTask => erfolgreich verschoben
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\jIxmRfRCheckTask" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DF49E67D-237B-4E9C-BE76-38CBDCA26153}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DF49E67D-237B-4E9C-BE76-38CBDCA26153}" => Schlüssel erfolgreich entfernt
C:\WINDOWS\System32\Tasks\jIxmRfRBrowserUpdateCore => erfolgreich verschoben
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\jIxmRfRBrowserUpdateCore" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E729A9E5-95D1-4339-8989-78C278042C83}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E729A9E5-95D1-4339-8989-78C278042C83}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FFDF00CD-C356-471E-BF42-9F6DAA5DFD8E}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FFDF00CD-C356-471E-BF42-9F6DAA5DFD8E}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd" => Schlüssel erfolgreich entfernt
C:\WINDOWS\Tasks\jIxmRfRBrowserUpdateCore.job => erfolgreich verschoben
C:\WINDOWS\Tasks\jIxmRfRCheckTask.job => erfolgreich verschoben

"C:\Program Files (x86)\Elex-tech" Ordner verschieben:

Konnte nicht verschoben werden "C:\Program Files (x86)\Elex-tech" => ist geplant bei Neustart verschoben zu werden.

"C:\Program Files (x86)\jIxmRfR" => nicht gefunden.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{89C3D9B3-C937-47C6-B68D-4B98A106A023} => Wert erfolgreich entfernt
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A4F0DB59-7443-437E-9FA6-5308DE692F5C} => Wert erfolgreich entfernt
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{68096047-A42E-4D7A-A3D4-F57FF681E452} => Wert erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Fehler beim Setzen des Wertes
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => Schlüssel konnte nicht entfernt werden.
HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => Schlüssel nicht gefunden.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Fehler beim Setzen des Wertes
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => Schlüssel konnte nicht entfernt werden.
HKCR\Wow6432Node\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => Schlüssel nicht gefunden.
HKU\S-1-5-21-689365640-92009327-2566536619-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Wert erfolgreich entfernt
HKU\S-1-5-21-689365640-92009327-2566536619-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{4BB7C960-1C70-484C-B979-2CCADBE00A6F} => Schlüssel konnte nicht entfernt werden.
HKCR\CLSID\{4BB7C960-1C70-484C-B979-2CCADBE00A6F} => Schlüssel nicht gefunden.
HKU\S-1-5-21-689365640-92009327-2566536619-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Wert nicht gefunden.
HKU\S-1-5-21-689365640-92009327-2566536619-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{4BB7C960-1C70-484C-B979-2CCADBE00A6F} => Schlüssel nicht gefunden.
HKCR\CLSID\{4BB7C960-1C70-484C-B979-2CCADBE00A6F} => Schlüssel nicht gefunden.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => Schlüssel erfolgreich entfernt
"HKCR\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => Schlüssel erfolgreich entfernt
Firefox DefaultSearchEngine erfolgreich entfernt
Firefox SelectedSearchEngine erfolgreich entfernt
Firefox "Keyword.URL" erfolgreich entfernt
Chrome DefaultSearchURL => erfolgreich entfernt
Chrome DefaultSearchKeyword => erfolgreich entfernt
iSafeService => Dienst konnte nicht gestoppt werden.
iSafeService => Dienst konnte nicht entfernt werden
jIxmRfR_protect => Dienst erfolgreich entfernt
iSafeKrnl => Dienst konnte nicht gestoppt werden.
iSafeKrnl => Dienst konnte nicht entfernt werden
iSafeKrnlKit => Dienst konnte nicht entfernt werden
iSafeKrnlMon => Dienst konnte nicht gestoppt werden.
iSafeKrnlMon => Dienst erfolgreich entfernt
iSafeKrnlR3 => Dienst konnte nicht gestoppt werden.
iSafeKrnlR3 => Dienst konnte nicht entfernt werden
iSafeNetFilter => Dienst konnte nicht entfernt werden

"C:\Users\lucted\AppData\Roaming\Elex-tech" Ordner verschieben:

Konnte nicht verschoben werden "C:\Users\lucted\AppData\Roaming\Elex-tech" => ist geplant bei Neustart verschoben zu werden.

C:\Program Files (x86)\TXQQBrowser => erfolgreich verschoben
C:\Program Files\3d4c000a04d89a4d691861923d3e00f8 => erfolgreich verschoben
C:\WINDOWS\system32\Drivers\9bbd853a1cc743e00bcc1b20a5622ae6.sys => erfolgreich verschoben
C:\Program Files\43479b7a0f48684bb2a08ceca5cd1e79 => erfolgreich verschoben
C:\WINDOWS\185a19c9f926fa9d8c455bcb810deb50.exe => erfolgreich verschoben

=========  dir "C:\Program Files (x86)" =========

 Datentr�ger in Laufwerk C: ist Boot
 Volumeseriennummer: 9604-B995

 Verzeichnis von C:\Program Files (x86)

12.06.2016  22:28    <DIR>          .
12.06.2016  22:28    <DIR>          ..
29.03.2016  09:37    <DIR>          Adobe
18.08.2011  16:47    <DIR>          AMI
10.08.2011  21:33    <DIR>          Cisco
08.06.2016  09:16    <DIR>          Common Files
18.12.2011  00:09    <DIR>          Corel
17.08.2011  14:35    <DIR>          CyberLink
26.12.2011  14:33    <DIR>          Deutsche Telekom
18.08.2011  16:24    <DIR>          Dolby Advanced Audio v2
21.04.2016  13:25    <DIR>          Elex-tech
18.12.2011  00:08    <DIR>          Google
30.03.2016  18:21    <DIR>          Hewlett-Packard
30.03.2016  18:21    <DIR>          HP
06.01.2016  13:43    <DIR>          Intel
11.10.2015  14:13    <DIR>          Intel Corporation
15.05.2016  14:14    <DIR>          Internet Explorer
12.12.2014  12:49    <DIR>          Java
07.06.2016  10:44    <DIR>          Kaspersky Lab
17.08.2011  14:14    <DIR>          Launch Manager
10.08.2011  23:02    <DIR>          Medion MediaPack 2
24.12.2014  15:59    <DIR>          Microsoft Office
18.01.2016  14:41    <DIR>          Microsoft Silverlight
24.12.2014  15:31    <DIR>          Microsoft SkyDrive
10.08.2011  18:48    <DIR>          Microsoft SQL Server Compact Edition
06.01.2016  13:43    <DIR>          Microsoft.NET
21.03.2016  11:57    <DIR>          Mozilla Firefox
21.03.2016  11:57    <DIR>          Mozilla Maintenance Service
06.01.2016  13:10    <DIR>          MSBuild
10.08.2011  17:29    <DIR>          MSXML 4.0
06.01.2016  13:43    <DIR>          NVIDIA Corporation
19.08.2011  01:09    <DIR>          Realtek
06.01.2016  13:10    <DIR>          Reference Assemblies
01.01.2013  11:29    <DIR>          Samsung
27.07.2013  21:45    <DIR>          Sony
27.07.2013  21:49    <DIR>          Sony Ericsson
31.01.2015  23:17    <DIR>          Sony Media Go Install
26.12.2011  14:32    <DIR>          T-Online
10.08.2011  21:46    <DIR>          Texas Instruments Inc
04.09.2015  14:34    <DIR>          TomTom International B.V
04.01.2012  15:33    <DIR>          usenet
18.12.2011  00:08    <DIR>          watchmi
30.10.2015  20:35    <DIR>          Windows Defender
10.08.2011  18:50    <DIR>          Windows Live
06.01.2016  13:43    <DIR>          Windows Mail
30.10.2015  20:35    <DIR>          Windows Media Player
18.03.2016  21:41    <DIR>          Windows Multimedia Platform
30.10.2015  09:24    <DIR>          Windows NT
30.10.2015  20:35    <DIR>          Windows Photo Viewer
18.03.2016  21:41    <DIR>          Windows Portable Devices
              0 Datei(en),              0 Bytes
              50 Verzeichnis(se), 614.259.970.048 Bytes frei

========= Ende von CMD: =========


=========  dir "C:\Program Files" =========

 Datentr�ger in Laufwerk C: ist Boot
 Volumeseriennummer: 9604-B995

 Verzeichnis von C:\Program Files

12.06.2016  22:28    <DIR>          .
12.06.2016  22:28    <DIR>          ..
06.01.2016  13:43    <DIR>          Common Files
11.10.2015  14:13    <DIR>          DVD Maker
06.01.2016  13:35    <DIR>          FSP
18.12.2011  00:08    <DIR>          Google
11.10.2015  14:13    <DIR>          Intel
15.05.2016  14:14    <DIR>          Internet Explorer
06.01.2016  13:43    <DIR>          Microsoft Games
18.12.2011  00:11    <DIR>          Microsoft Mathematics
27.05.2016  09:48    <DIR>          Microsoft Office 15
18.01.2016  14:41    <DIR>          Microsoft Silverlight
06.01.2016  13:10    <DIR>          MSBuild
06.01.2016  13:36    <DIR>          NVIDIA Corporation
18.12.2011  00:11    <DIR>          PlayReady
06.01.2016  13:35    <DIR>          Realtek
06.01.2016  13:10    <DIR>          Reference Assemblies
11.10.2015  14:13    <DIR>          Synaptics
30.10.2015  20:35    <DIR>          Windows Defender
15.05.2016  14:14    <DIR>          Windows Journal
10.08.2011  18:42    <DIR>          Windows Live
06.01.2016  13:43    <DIR>          Windows Mail
18.03.2016  21:41    <DIR>          Windows Media Player
18.03.2016  21:41    <DIR>          Windows Multimedia Platform
06.01.2016  14:10    <DIR>          Windows NT
30.10.2015  20:35    <DIR>          Windows Photo Viewer
18.03.2016  21:41    <DIR>          Windows Portable Devices
              0 Datei(en),              0 Bytes
              27 Verzeichnis(se), 614.259.957.760 Bytes frei

========= Ende von CMD: =========

EmptyTemp: => 1.3 GB temporäre Dateien entfernt.

Ergebnis der geplanten Datei-Verschiebungen (Start-Modus: Normal) (Datum&Uhrzeit: 2016-06-12 22:35:45)

C:\Program Files (x86)\Elex-tech => ist erfolgreich verschoben
C:\Users\lucted\AppData\Roaming\Elex-tech => ist erfolgreich verschoben

==== Ende von Fixlog 22:35:46 ====
Code:
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:12-06-2016 01
durchgeführt von lucted (Administrator) auf LUCTED-PC (12-06-2016 22:50:54)
Gestartet von C:\Users\lucted\Trojaner-Board#\FRST-OlderVersion
Geladene Profile: UpdatusUser & lucted (Verfügbare Profile: UpdatusUser & lucted & DefaultAppPool)
Platform: Windows 10 Home Version 1511 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: Edge)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
() C:\Windows\System32\FspService.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
(Sony) C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
() C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
(Wistron) C:\Program Files (x86)\Launch Manager\HotkeyApp.exe
(Wistron Corp.) C:\Program Files (x86)\Launch Manager\OSD.exe
(Wistron Corp.) C:\Program Files (x86)\Launch Manager\WButton.exe
(Wistron Corp.) C:\Program Files (x86)\Launch Manager\WisLMSvc.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
() C:\Program Files (x86)\watchmi\TvdTray.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Geek Software GmbH) C:\Users\lucted\Mama Strom\Sonja\PDF24\pdf24.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\NetworkUXBroker.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe


==================== Registry (Nicht auf der Ausnahmeliste) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [fspuip] => C:\Program Files\FSP\fspuip.exe [6319440 2015-05-29] (Sentelic Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12661352 2011-08-01] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2264168 2011-07-13] (Realtek Semiconductor)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
HKLM-x32\...\Run: [HotkeyApp] => C:\Program Files (x86)\Launch Manager\HotkeyApp.exe [207400 2011-08-06] (Wistron)
HKLM-x32\...\Run: [LMgrVolOSD] => C:\Program Files (x86)\Launch Manager\OSD.exe [348960 2011-08-06] (Wistron Corp.)
HKLM-x32\...\Run: [LMgrOSD] => "C:\Program Files (x86)\Launch Manager\OSDCtrl.exe"
HKLM-x32\...\Run: [Wbutton] => C:\Program Files (x86)\Launch Manager\Wbutton.exe [447016 2011-08-13] (Wistron Corp.)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [107816 2010-08-04] (CyberLink)
HKLM-x32\...\Run: [Dolby Advanced Audio v2] => C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe [506712 2011-02-03] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67384 2016-03-18] (Apple Inc.)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [310280 2012-12-20] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [PDFPrint] => C:\Users\lucted\Mama Strom\Sonja\PDF24\pdf24.exe [221216 2015-11-18] (Geek Software GmbH)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-689365640-92009327-2566536619-1000\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [517632 2015-10-30] (Microsoft Corporation)
HKU\S-1-5-21-689365640-92009327-2566536619-1001\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-12-18] (Google Inc.)
HKU\S-1-5-21-689365640-92009327-2566536619-1001\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1476104 2012-12-20] (Samsung)
HKU\S-1-5-21-689365640-92009327-2566536619-1001\...\Run: [] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844296 2012-12-20] (Samsung)
HKU\S-1-5-21-689365640-92009327-2566536619-1001\...\Run: [Sony PC Companion] => C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe [457088 2015-09-23] (Sony)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [176904 2015-07-23] (NVIDIA Corporation)
AppInit_DLLs: ,C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [176904 2015-07-23] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [155280 2015-07-23] (NVIDIA Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\lucted\AppData\Local\Microsoft\OneDrive\17.3.5892.0626_1\amd64\FileSyncShell64.dll [2016-01-06] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\lucted\AppData\Local\Microsoft\OneDrive\17.3.5892.0626_1\amd64\FileSyncShell64.dll [2016-01-06] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\lucted\AppData\Local\Microsoft\OneDrive\17.3.5892.0626_1\amd64\FileSyncShell64.dll [2016-01-06] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\lucted\AppData\Local\Microsoft\OneDrive\17.3.5892.0626_1\FileSyncShell.dll [2016-01-06] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\lucted\AppData\Local\Microsoft\OneDrive\17.3.5892.0626_1\FileSyncShell.dll [2016-01-06] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\lucted\AppData\Local\Microsoft\OneDrive\17.3.5892.0626_1\FileSyncShell.dll [2016-01-06] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2015-12-28]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\watchmi tray.lnk [2010-12-02]
ShortcutTarget: watchmi tray.lnk -> C:\Windows\Installer\{AA4D1C5E-116A-4FF4-AA91-28F526868203}\SHCT_TRAY_PROGRAMG_A10D8603999C4E9488776EF2533C58C9.exe (Acresso Software Inc.)

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1
Tcpip\Parameters: [NameServer] 82.163.142.7 95.211.158.134
Tcpip\..\Interfaces\{03825670-e143-4a1c-9d66-6b83c604caab}: [DhcpNameServer] 192.168.2.1 192.168.2.1
Tcpip\..\Interfaces\{5327d1c1-1dac-4479-9385-c34c11de559b}: [DhcpNameServer] 82.163.142.7

Internet Explorer:
==================
HKU\S-1-5-21-689365640-92009327-2566536619-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com
SearchScopes: HKLM -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKLM -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKLM-x32 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKLM-x32 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-689365640-92009327-2566536619-1001 -> {4BB7C960-1C70-484C-B979-2CCADBE00A6F} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2016-04-12] (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-27] (Google Inc.)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-04-12] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll [2014-12-12] (Oracle Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-27] (Google Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-12-12] (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-27] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-27] (Google Inc.)
Toolbar: HKU\S-1-5-21-689365640-92009327-2566536619-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-27] (Google Inc.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1
FF DefaultSearchEngine: v9
FF SelectedSearchEngine: v9
FF Homepage: hxxp://www.web.de/
FF Keyword.URL: undefined://undefined/
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_21_0_0_242.dll [2016-05-13] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_242.dll [2016-05-13] ()
FF Plugin-x32: @java.com/DTPlugin,version=10.9.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2012-11-24] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-12-12] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-12-27] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-14] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-14] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2011-07-25] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2011-07-25] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin HKU\S-1-5-21-689365640-92009327-2566536619-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\lucted\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2013-06-06] (Unity Technologies ApS)
FF user.js: detected! => C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\8hxidemf.default\user.js [2016-06-08]
FF user.js: detected! => C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\user.js [2016-06-08]
FF SearchPlugin: C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\8hxidemf.default\searchplugins\englische-ergebnisse.xml [2013-03-22]
FF SearchPlugin: C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\8hxidemf.default\searchplugins\gmx-suche.xml [2013-03-22]
FF SearchPlugin: C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\8hxidemf.default\searchplugins\lastminute.xml [2013-03-22]
FF SearchPlugin: C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\8hxidemf.default\searchplugins\webde-suche.xml [2013-03-22]
FF SearchPlugin: C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\searchplugins\englische-ergebnisse.xml [2013-03-22]
FF SearchPlugin: C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\searchplugins\gmx-suche.xml [2013-03-22]
FF SearchPlugin: C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\searchplugins\lastminute.xml [2013-03-22]
FF SearchPlugin: C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\searchplugins\webde-suche.xml [2013-03-22]
FF Extension: WEB.DE MailCheck - C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\extensions\browser-mailcheck@web.de [2016-03-26]
FF Extension: xRocket Toolbar - C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\extensions\arthurj8283@gmail.com [2016-05-09] [ist nicht signiert]
FF Extension: WEB.DE MailCheck - C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\8hxidemf.default\Extensions\browser-mailcheck@web.de [2016-03-26]
FF Extension: GsearchFinder - C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\Extensions\@E9438230-A7DF-4D1F-8F2D-CA1D0F0F7924.xpi [2016-03-24]
FF Extension: Gooding Toolbar - C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\Extensions\gooding-toolbar@gooding.de.xpi [2016-04-09]
FF Extension: Anti-Banner - C:\Program Files (x86)\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak2 [2016-03-19] [ist nicht signiert]
FF Extension: Modul zur Link-Untersuchung - C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak2 [2016-03-19] [ist nicht signiert]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2016-03-19] [ist nicht signiert]
FF HKLM-x32\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru => nicht gefunden
FF HKLM-x32\...\Firefox\Extensions: [arthurj8283@gmail.com] - C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\extensions\arthurj8283@gmail.com

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR DefaultSearchURL: Default -> hxxp://www.nicesearches.com/search.php?type=ds&ts=1462807746&from=87640509&uid=hitachixhts547575a9e384_j2540054ca75yeca75yex&z=addf052d28676756fb7e802g0z2q4oabfe0m8m3c7b&q={searchTerms}
CHR DefaultSearchKeyword: Default -> nice
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.112\gcswf32.dll => Keine Datei
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll => Keine Datei
CHR Plugin: (Java Deployment Toolkit 6.0.260.3) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll => Keine Datei
CHR Plugin: (Java(TM) Platform SE 6 U26) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll => Keine Datei
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll => Keine Datei
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll => Keine Datei
CHR Plugin: (Chrome NaCl) - C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.112\ppGoogleNaClPluginChrome.dll => Keine Datei
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.112\pdf.dll => Keine Datei
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll => Keine Datei
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Profile: C:\Users\lucted\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Kaspersky Protection) - C:\Users\lucted\AppData\Local\Google\Chrome\User Data\Default\Extensions\eahebamiopdhefndnmappcihfajigkka [2016-04-21]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\lucted\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-21]

==================== Dienste (Nicht auf der Ausnahmeliste) ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3009264 2016-05-17] (Microsoft Corporation)
R2 FspSvc; C:\Windows\System32\FspService.exe [2178896 2015-05-29] ()
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [Datei ist nicht signiert]
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [Datei ist nicht signiert]
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2010-12-14] () [Datei ist nicht signiert]
S2 watchmi; C:\Program Files (x86)\watchmi\TvdService.exe [62464 2010-12-06] () [Datei ist nicht signiert]
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
R3 WisLMSvc; C:\Program Files (x86)\Launch Manager\WisLMSvc.exe [118560 2011-08-06] (Wistron Corp.)
S2 iSafeService; C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe [X]

===================== Treiber (Nicht auf der Ausnahmeliste) ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)
R3 fspad_win764; C:\Windows\system32\DRIVERS\fspad_win764.sys [209232 2015-05-29] (Sentelic Corporation)
S3 IT9135BDA; C:\Windows\System32\Drivers\IT9135BDA.sys [165504 2011-08-10] (ITE                      )
S3 mod7764; C:\Windows\System32\DRIVERS\mod77-64.sys [1077416 2010-09-16] (DiBcom SA)
R3 RTSUER; C:\Windows\system32\Drivers\RtsUer.sys [402960 2015-05-14] (Realsil Semiconductor Corporation)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
U3 idsvc; kein ImagePath
S1 iSafeKrnl; \??\C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnl.sys [X]
S1 iSafeKrnlKit; \??\C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlKit.sys [X]
S1 iSafeKrnlR3; \??\C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlR3.sys [X]

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-06-12 22:41 - 2016-06-12 22:41 - 12819016 _____ (Kaspersky Lab ZAO) C:\Users\lucted\Downloads\kavremvr.exe
2016-06-08 08:39 - 2016-06-08 09:16 - 00000000 ____D C:\AdwCleaner
2016-06-08 07:53 - 2016-06-08 14:18 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-06-08 07:52 - 2016-06-08 07:52 - 00000919 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-06-08 07:52 - 2016-06-08 07:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-06-08 07:52 - 2016-06-08 07:52 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-06-08 07:52 - 2016-06-08 07:52 - 00000000 ____D C:\Benutzer
2016-06-08 07:52 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-06-08 07:52 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-06-08 07:52 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-06-08 07:49 - 2016-06-08 07:49 - 00001653 _____ C:\Users\lucted\Desktop\mbam-setup-2.2.1.1043.exe - Verknüpfung.lnk
2016-06-07 14:48 - 2016-06-07 14:48 - 00000000 ____D C:\TDSSKiller_Quarantine
2016-06-07 14:37 - 2016-06-07 15:03 - 00822490 _____ C:\TDSSKiller.3.1.0.9_07.06.2016_14.37.08_log.txt
2016-06-07 13:07 - 2016-06-12 22:50 - 00000000 ____D C:\FRST
2016-06-07 12:27 - 2016-06-12 22:25 - 00000000 ____D C:\Users\lucted\Trojaner-Board#
2016-06-07 10:41 - 2016-06-07 10:42 - 162961416 _____ (Kaspersky Lab) C:\Users\lucted\Downloads\kts16.0.0.614abcdde_9994(1).exe
2016-06-06 22:44 - 2016-06-06 23:00 - 00000000 ____D C:\KVRT_Data
2016-06-06 22:43 - 2016-06-06 22:43 - 94947664 _____ (Kaspersky Lab ZAO) C:\Users\lucted\Downloads\KVRT (3).exe
2016-06-06 22:40 - 2016-06-06 22:40 - 94947664 _____ (Kaspersky Lab ZAO) C:\Users\lucted\Downloads\KVRT (2).exe
2016-06-06 22:39 - 2016-06-06 22:44 - 94947664 _____ (Kaspersky Lab ZAO) C:\Users\lucted\Downloads\KVRT.exe
2016-06-06 22:39 - 2016-06-06 22:40 - 94947664 _____ (Kaspersky Lab ZAO) C:\Users\lucted\Downloads\KVRT (1).exe
2016-06-06 22:30 - 2016-06-06 22:33 - 162961416 _____ (Kaspersky Lab) C:\Users\lucted\Downloads\kts16.0.0.614abcdde_9994.exe
2016-06-06 22:17 - 2016-06-06 22:27 - 00000000 ____D C:\WINDOWS\Minidump
2016-05-27 10:29 - 2016-05-27 10:29 - 00000000 _____ C:\Users\Public\Documents\report.dat
2016-05-22 19:17 - 2016-05-22 19:17 - 00004336 _____ C:\Users\lucted\Downloads\MitteilungForm(1).pdf
2016-05-22 19:12 - 2016-05-22 19:12 - 00004394 _____ C:\Users\lucted\Downloads\MitteilungForm.pdf
2016-05-20 17:10 - 2016-05-20 17:10 - 00036153 _____ C:\Users\lucted\Downloads\Kontoumsaetze_848_031412000_20160520_171027.pdf

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-06-12 22:47 - 2011-12-18 00:08 - 00001134 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-06-12 22:46 - 2012-12-05 19:45 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-06-12 22:45 - 2016-01-06 14:04 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-06-12 22:45 - 2016-01-06 13:36 - 00000000 ____D C:\ProgramData\NVIDIA
2016-06-12 22:44 - 2015-10-30 09:24 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2016-06-12 22:44 - 2015-10-30 08:28 - 00786432 ___SH C:\WINDOWS\system32\config\BBI
2016-06-12 22:44 - 2012-01-19 23:47 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2016-06-12 22:43 - 2015-10-30 09:21 - 00000000 ____D C:\WINDOWS\INF
2016-06-12 22:43 - 2015-10-30 08:28 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2016-06-12 22:41 - 2015-10-30 09:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-06-12 22:41 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-06-12 22:41 - 2011-12-18 00:08 - 00001138 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-06-12 22:28 - 2016-03-21 17:07 - 00000000 ____D C:\Users\lucted\AppData\LocalLow\Temp
2016-06-12 22:23 - 2015-12-28 14:36 - 00004156 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{845ECAD7-6284-46CB-831F-F26619A16307}
2016-06-10 19:35 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-06-08 09:17 - 2016-04-21 13:26 - 00000000 ____D C:\WINDOWS\system32\log
2016-06-08 09:17 - 2016-03-26 10:41 - 00000008 __RSH C:\ProgramData\ntuser.pol
2016-06-08 07:47 - 2011-12-18 00:08 - 00002298 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-06-08 07:47 - 2011-12-18 00:08 - 00002286 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-06-07 12:27 - 2016-01-06 13:40 - 00000000 ____D C:\Users\lucted
2016-06-06 22:17 - 2014-05-17 20:56 - 597610651 _____ C:\WINDOWS\MEMORY.DMP
2016-05-27 12:34 - 2016-04-21 13:26 - 00002179 _____ C:\Users\lucted\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-05-27 09:49 - 2015-10-30 09:24 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-05-27 09:48 - 2014-12-24 15:23 - 00000000 ____D C:\Program Files\Microsoft Office 15
2016-05-24 18:41 - 2015-12-30 14:28 - 00000000 ____D C:\Users\lucted\Documents\Carola DAK
2016-05-20 18:35 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\rescache
2016-05-20 17:20 - 2015-10-30 09:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-05-19 07:26 - 2015-09-10 07:37 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-05-15 14:14 - 2015-10-30 20:44 - 00000000 ____D C:\Program Files\Windows Journal
2016-05-15 14:14 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-05-15 14:14 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-05-15 14:14 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\Provisioning
2016-05-15 14:14 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-05-15 14:13 - 2015-10-30 09:24 - 00015703 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
2016-05-15 11:54 - 2013-07-14 22:06 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-05-15 11:31 - 2011-08-10 17:28 - 139319312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-05-13 08:44 - 2015-10-11 14:37 - 00000000 ____D C:\Users\lucted\AppData\Local\Packages

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2012-03-18 21:30 - 2012-03-18 21:30 - 0017408 _____ () C:\Users\lucted\AppData\Local\WebpageIcons.db
2015-12-28 14:29 - 2016-03-30 18:12 - 0002385 _____ () C:\ProgramData\hpzinstall.log

==================== Bamital & volsnap =================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert


LastRegBack: 2016-06-06 20:32

==================== Ende von FRST.txt ===========================
Code:
Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:12-06-2016 01
durchgeführt von lucted (2016-06-12 22:52:26)
Gestartet von C:\Users\lucted\Trojaner-Board#\FRST-OlderVersion
Windows 10 Home Version 1511 (X64) (2016-01-06 12:10:54)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-689365640-92009327-2566536619-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-689365640-92009327-2566536619-503 - Limited - Disabled)
Gast (S-1-5-21-689365640-92009327-2566536619-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-689365640-92009327-2566536619-1005 - Limited - Enabled)
lucted (S-1-5-21-689365640-92009327-2566536619-1001 - Administrator - Enabled) => C:\Users\lucted
UpdatusUser (S-1-5-21-689365640-92009327-2566536619-1000 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

4500_Help (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.7.1.19610 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.242 - Adobe Systems Incorporated)
AMI VR-pulse OS Switcher (HKLM\...\{69A90894-D54A-4657-8172-6B0FCE93414E}) (Version: 1.2 - American Megatrends Inc.)
Apple Application Support (32-Bit) (HKLM-x32\...\{FE5C2FAA-118D-4509-B51D-3F71CC9E1B3E}) (Version: 4.3 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{2937FD88-C9D6-4B82-B539-37CD0A572F42}) (Version: 4.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Ashampoo Burning Studio (HKLM-x32\...\Ashampoo Burning Studio_is1) (Version: 10.0.10 - Ashampoo GmbH & Co. KG)
Ashampoo Photo Commander (HKLM-x32\...\Ashampoo Photo Commander_is1) (Version: 9.2.0 - Ashampoo GmbH & Co. KG)
Ashampoo Photo Optimizer (HKLM-x32\...\Ashampoo Photo Optimizer_is1) (Version: 4.0.0 - Ashampoo GmbH & Co. KG)
Ashampoo Snap (HKLM-x32\...\Ashampoo Snap_is1) (Version: 4.3.0 - Ashampoo GmbH & Co. KG)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.39 - Atheros Communications Inc.)
bpd_scan (x32 Version: 3.00.0000 - Hewlett-Packard) Hidden
BPDSoftware (x32 Version: 140.0.001.000 - Hewlett-Packard) Hidden
BPDSoftware_Ini (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
BufferChm (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
Control ActiveX de Windows Live Mesh para conexiones remotas (HKLM-x32\...\{04668DF2-D32F-4555-9C7E-35523DCD6544}) (Version: 15.4.5722.2 - Microsoft Corporation)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation)
Corel Graphics - Windows Shell Extension (HKLM-x32\...\_{B6BFCD02-BA0E-41A9-9C9C-6624C4BB475F}) (Version: 15.2.0.686 - Corel Corporation)
Corel Graphics - Windows Shell Extension (x32 Version: 15.2.686 - Corel Corporation) Hidden
Corel Graphics - Windows Shell Extension 64 Bit (Version: 15.2.686 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Common (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Connect (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Custom Data (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - DE (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Draw (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - EN (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - ES (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Extra Content (HKLM-x32\...\_{5A10CFDA-FA2B-453C-B561-AE864E62EAC8}) (Version:  - Corel Corporation)
CorelDRAW Essentials X5 - Extra Content (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Filters (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - FR (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - IPM (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - IT (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - PHOTO-PAINT (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Redist (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Setup Files (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - WT (x32 Version: 15.3 -  Corel Corporation) Hidden
CorelDRAW Essentials X5 (HKLM-x32\...\_{EDBEBF07-F880-48FB-9AA5-0E8E71E02D83}) (Version: 15.2.0.686 - Corel Corporation)
CorelDRAW Essentials X5 (x32 Version: 15.3 - Corel Corporation) Hidden
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3624 - CyberLink Corp.)
CyberLink MediaEspresso (HKLM-x32\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 6.5.1508_36229 - CyberLink Corp.)
CyberLink MediaShow (HKLM-x32\...\InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}) (Version: 5.1.2414 - CyberLink Corp.)
CyberLink PhotoNow (HKLM-x32\...\InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.0.6904 - CyberLink Corp.)
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 7.0.0.1327 - CyberLink Corp.)
CyberLink PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.4020 - CyberLink Corp.)
CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.2930.52 - CyberLink Corp.)
CyberLink PowerDVD Copy (HKLM-x32\...\InstallShield_{E3D04529-6EDB-11D8-A372-0050BAE317E1}) (Version: 1.5.1306 - CyberLink Corp.)
CyberLink PowerProducer (HKLM-x32\...\InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}) (Version: 5.0.2.3503 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.1.4013 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Destinations (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
DocProc (x32 Version: 140.0.185.000 - Hewlett-Packard) Hidden
Dolby Advanced Audio v2 (HKLM-x32\...\{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}) (Version: 7.2.7000.4 - Dolby Laboratories Inc)
Dropbox (HKU\S-1-5-21-689365640-92009327-2566536619-1001\...\Dropbox) (Version: 3.0.5 - Dropbox, Inc.)
Fax (x32 Version: 140.0.307.000 - Hewlett-Packard) Hidden
Finger Sensing Pad Driver (HKLM\...\{E86906FF-C63D-4EAF-ACE7-5F8D55FBEA9A}) (Version: 9.4.9.5 - Sentelic)
Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsługę połączeń zdalnych (HKLM-x32\...\{B04A0E2F-1E4C-4E61-B18E-3B2BD6779CA7}) (Version: 15.4.5722.2 - Microsoft Corporation)
Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 51.0.2704.84 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7619.1252 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Officejet J4500 Series 14.0 Rel. 6 (HKLM\...\{EACF146B-01D2-4185-B773-9604A0E5902A}) (Version: 14.0 - HP)
HPSSupply (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
Intel PROSet Wireless (x32 Version:  - ) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2462 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{006B5C65-3938-4246-B182-994A7E415EDE}) (Version: 1.1.0.0537 - Intel Corporation)
Intel(R) WiDi (HKLM-x32\...\{781A93CD-1608-427D-B7F0-D05C07795B25}) (Version: 2.1.41.0 - Intel Corporation)
Intel(R) Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version:  - )
IT9130 Driver v11.4.26.1 (HKLM-x32\...\IT9130 DriverInstaller_11.4.26.1) (Version:  - )
J4500 (x32 Version: 140.0.001.000 - Hewlett-Packard) Hidden
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kontrolnik Windows Live Mesh ActiveX za oddaljene povezave (HKLM-x32\...\{CA227A9D-09BE-4BFB-9764-48FED2DA5454}) (Version: 15.4.5722.2 - Microsoft Corporation)
Launch Manager (HKLM-x32\...\{D0846526-66DD-4DC9-A02C-98F9A2806812}) (Version: 1.5.1.4 - Wistron Corp.)
Malwarebytes Anti-Malware Version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
MarketResearch (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Medion Home Cinema (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 8.0.2608 - CyberLink Corp.)
Medion Home Cinema (x32 Version: 8.0.2608 - CyberLink Corp.) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft Mathematics (64-Bit) (HKLM\...\{E57B7E0A-8BE5-42E2-BE60-C07ED680A063}) (Version: 4.0 - Microsoft Corporation)
Microsoft Office Professional 2013 - de-de (HKLM\...\ProfessionalRetail - de-de) (Version: 15.0.4823.1004 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 45.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 45.0.1 (x86 de)) (Version: 45.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 45.0.1.5918 - Mozilla)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NVIDIA 3D Vision Driver 269.24 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 269.24 - NVIDIA Corporation)
NVIDIA Graphics Driver 269.24 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 269.24 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}) (Version: 9.10.0513 - NVIDIA Corporation)
OCR Software by I.R.I.S. 14.0 (HKLM\...\HPOCR) (Version: 14.0 - HP)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4823.1004 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4823.1004 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4823.1004 - Microsoft Corporation) Hidden
PDF24 Creator 7.4.1 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Pošta Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
ProductContext (x32 Version: 140.0.001.000 - Hewlett-Packard) Hidden
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6428 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Reader Driver (HKLM-x32\...\{62BBB2F0-E220-4821-A564-730807D2C34D}) (Version: 6.1.7600.10010 - Realtek Semiconductor Corp.)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.5.1.12123_2 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.5.1.12123_2 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.16.0 - SAMSUNG Electronics Co., Ltd.)
Scan (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
Sony Ericsson Update Engine (HKLM-x32\...\Update Engine) (Version: 2.13.8.201307151333 - Sony Ericsson Communications AB)
Sony PC Companion 2.10.303 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.303 - Sony)
Spelling Dictionaries Support For Adobe Reader X (HKLM-x32\...\{AC76BA86-7AD7-5464-3428-A00000000004}) (Version: 10.0.0 - Adobe Systems Incorporated)
Status (x32 Version: 140.0.342.000 - Hewlett-Packard) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.1.12.0 - Synaptics Incorporated)
Telekom Fotoservice (HKLM-x32\...\Telekom Fotoservice) (Version:  - )
TI USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{B1EB7FFF-6E44-43D8-869D-B78E44CD3E0F}) (Version: 1.12.14.0 - Texas Instruments Inc.)
TI USB3 Host Driver (x32 Version: 1.12.14.0 - Texas Instruments Inc.) Hidden
TomTom HOME (HKLM-x32\...\{5DCB2EB3-87AD-426E-8D74-8B92C9D731C4}) (Version: 2.9.8 - Ihr Firmenname)
TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
T-Online 6.0 (HKLM-x32\...\{B1275E23-717A-4D52-997A-1AD1E24BC7F3}) (Version:  - )
T-Online WLAN-Access Finder (HKLM-x32\...\{295C31E5-3F91-498E-9623-DA24D2FA2B6A}) (Version:  - )
Toolbox (x32 Version: 140.0.596.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
Unity Web Player (HKU\S-1-5-21-689365640-92009327-2566536619-1001\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
VR-pulse Installer (HKLM\...\{E3725525-DE3E-48C1-9B81-D5FF1BFA23BC}) (Version: 1.4.0 - American Megatrends Inc.)
watchmi (HKLM-x32\...\{AA4D1C5E-116A-4FF4-AA91-28F526868203}) (Version: 2.5.0 - Axel Springer Digital TV Guide GmbH)
WebReg (x32 Version: 140.0.297.017 - Hewlett-Packard) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen (HKLM-x32\...\{C32CE55C-12BA-4951-8797-0967FDEF556F}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX-objekt til fjernforbindelser (HKLM-x32\...\{57220148-3B2B-412A-A2E0-82B9DF423696}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX-vezérlő távoli kapcsolatokhoz (HKLM-x32\...\{6E29C4F7-C2C2-4B18-A15C-E09B92065F15}) (Version: 15.4.5722.2 - Microsoft Corporation)
YAC(Yet Another Cleaner!) (HKLM-x32\...\iSafe) (Version:  - ELEX DO BRASIL PARTICIPAÇÕES LTDA) <==== ACHTUNG

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

CustomCLSID: HKU\S-1-5-21-689365640-92009327-2566536619-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\lucted\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-689365640-92009327-2566536619-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\lucted\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-689365640-92009327-2566536619-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\lucted\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-689365640-92009327-2566536619-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\lucted\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-689365640-92009327-2566536619-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\lucted\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-689365640-92009327-2566536619-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\lucted\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-689365640-92009327-2566536619-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\lucted\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-689365640-92009327-2566536619-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\lucted\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-689365640-92009327-2566536619-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\lucted\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {04BCB11B-17F1-4955-9C00-69977B36C809} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe
Task: {117783BD-65A6-4DC1-9E57-4D81CD732B70} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe
Task: {197BFA21-9421-417A-A970-70146ABD8F06} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe
Task: {2175C1B2-482A-4A54-BB55-0CDD42FCACD7} - System32\Tasks\{F1346FE0-48B9-405C-B428-32C2807A08ED} => Chrome.exe
Task: {282EB8E8-1E85-4C65-8674-346BAA7E4F34} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {2B86DFC6-EB5D-4BD8-8398-CA427629B14B} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe
Task: {44B93389-5249-4E2B-A9B5-3D65E2BFAC17} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe
Task: {471E3170-56D4-4523-86A6-1464157ACD0A} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {5057AEF1-568D-4FBC-AC9E-4A78E653BFA6} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe
Task: {62A99E50-A0D9-4911-8AF5-1C78217849C2} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe
Task: {62F1DEF1-2EE7-46AC-9183-887B0B9A4311} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe
Task: {63C3E556-7059-4370-9A2A-470323E2C382} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe
Task: {670DEE14-CBDC-42E9-91D0-0552EE63E821} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {6A11C2BB-548A-4972-B321-955CC4F3952E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-04] (Google Inc.)
Task: {6D585D27-5627-4974-BE14-99479A641455} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {6E491ED6-FE8B-4B32-BF70-135C535CF8BE} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
Task: {79523EC8-DECC-43B3-AA31-7B484566FFEF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-04] (Google Inc.)
Task: {7B995869-C825-446D-8392-BEB8EAD525B3} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-05-13] (Adobe Systems Incorporated)
Task: {8C3D5683-CCAD-40F5-9375-5E6E1C5DDD73} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-05-15] (Microsoft Corporation)
Task: {962D96D8-D3AC-4B8E-98AE-A1E01A0E23A9} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe
Task: {980027FC-1320-46C9-8285-64016C8A1EDC} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe
Task: {9B6E932B-A2D6-47F1-AA14-73C659390FEB} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {ABB5E909-9D2C-47F4-9D50-CDE3BB3B99C4} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe
Task: {C921D49D-10A4-4118-A3F9-3CF0397FB61A} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {D0DC9FC0-A8BF-49B3-89FD-EE03766974EF} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-04-12] (Microsoft Corporation)
Task: {DEE673F8-F516-4176-963D-56B3DE107736} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {DF2F5D2A-F185-46FA-9084-4DC72EA2D69D} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-04-12] (Microsoft Corporation)
Task: {EA754882-3285-4AAC-834C-D4D4E2B6A4B4} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe
Task: {F7E02F74-F9B2-404B-9F09-BF7D0D44E431} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe
Task: {FA04D949-46B9-4BC1-A25D-12C4EBBDFDCC} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {FA059BAD-6409-4CF3-AEF4-B1A8C3BFBD8C} - System32\Tasks\{400F534C-CAAB-4BDF-87FF-62FCA9FD66B8} => Chrome.exe
Task: {FDB06D6C-0F7A-4090-8C38-2EE877AAFA29} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Verknüpfungen =============================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)

ShortcutWithArgument: C:\Users\lucted\Desktop\Medion\MEDIONhome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.medion.com/de --disable-quic
ShortcutWithArgument: C:\Users\lucted\Desktop\Medion\MEDIONplay.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.medion.com/de/electronics/cat/MEDIONplay/gaming_browsergames_88 --disable-quic
ShortcutWithArgument: C:\Users\lucted\Desktop\Aldi\ALDI Nord Blumen Service.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www1.aldi-blumenservice.de --disable-quic
ShortcutWithArgument: C:\Users\lucted\Desktop\Aldi\ALDI Nord Reisen.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://nord.aldi-reisen.de/html_nord --disable-quic
ShortcutWithArgument: C:\Users\lucted\Desktop\Aldi\ALDI Nord Startseite.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.aldi-essen.de --disable-quic
ShortcutWithArgument: C:\Users\lucted\Desktop\Aldi\ALDI Talk.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.medionmobile.de --disable-quic

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2015-10-30 09:18 - 2015-10-30 09:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-01-06 13:36 - 2015-07-23 03:10 - 00116552 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-05-29 07:29 - 2015-05-29 07:29 - 02178896 _____ () C:\Windows\System32\FspService.exe
2014-12-25 20:49 - 2015-10-13 05:34 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2016-03-18 23:56 - 2016-03-18 23:56 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-03-18 23:56 - 2016-03-18 23:56 - 01329936 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2011-08-17 14:26 - 2010-12-14 11:39 - 00244904 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2016-04-13 12:49 - 2016-03-29 12:20 - 02656952 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-04-13 12:49 - 2016-03-29 12:20 - 02656952 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-04-21 08:47 - 2016-04-21 08:48 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2016-01-06 16:43 - 2015-12-07 06:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-05-11 10:25 - 2016-04-23 06:25 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-05-11 10:26 - 2016-04-23 06:02 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-05-11 10:26 - 2016-04-23 05:58 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-05-11 10:26 - 2016-04-23 05:58 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-05-11 10:27 - 2016-04-23 06:01 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-06-01 21:00 - 2015-06-01 21:00 - 00102912 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-07-27 21:45 - 2015-06-10 11:13 - 00113024 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
2010-12-06 13:52 - 2010-12-06 13:52 - 01070080 _____ () C:\Program Files (x86)\watchmi\TvdTray.exe
2010-12-06 13:52 - 2010-12-06 13:52 - 00004608 _____ () C:\Program Files (x86)\watchmi\de\TvdTray.resources.dll
2016-01-06 13:43 - 2016-01-06 13:43 - 00061952 _____ () C:\WINDOWS\assembly\GAC_MSIL\Tvd.Remote\2.5.0.5__f722db7bec59a14b\Tvd.Remote.dll
2016-04-21 08:47 - 2016-04-21 08:48 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-04-21 08:47 - 2016-04-21 08:48 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2013-07-27 21:45 - 2012-04-30 11:57 - 00039936 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\TMonitorAPI.dll
2013-07-27 21:45 - 2015-10-20 18:44 - 00242176 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\MExplorer.dll
2011-07-07 14:54 - 2011-07-07 14:54 - 00233984 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\Report.dll
2013-05-14 09:38 - 2013-05-14 09:38 - 00607744 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\PhoneUpdate.dll
2010-08-04 00:39 - 2010-08-04 00:39 - 00619816 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
2010-08-04 00:39 - 2010-08-04 00:39 - 00013096 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
2016-01-04 14:02 - 2015-11-18 14:04 - 00074272 _____ () C:\Users\lucted\Mama Strom\Sonja\PDF24\zlib.dll
2016-01-04 14:02 - 2015-11-18 14:04 - 00052256 _____ () C:\Users\lucted\Mama Strom\Sonja\PDF24\OperationUI.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)


==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)


==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)


==================== Hosts Inhalt: ===============================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts


==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-689365640-92009327-2566536619-1000\Control Panel\Desktop\\Wallpaper ->
HKU\S-1-5-21-689365640-92009327-2566536619-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Desktop-Hintergrund.bmp
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)


==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808
FirewallRules: [{C59151D1-7438-4CDC-876A-DB62AD37122E}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [{E7067E1E-E8E1-4432-ABBA-8782D7AB663C}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [{EE6A52BE-2D30-4997-A0D7-A23E594417F3}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{3FCF51C9-F2DB-47AB-8D72-AEC83275C08F}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{32898F3D-8893-43B8-9BFA-0064D4085B27}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{820AEF7B-8D24-46AE-AFA1-6A90FFBE946B}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqfxt08.exe
FirewallRules: [{35320FA6-CBBB-4579-9515-59091B8A7C28}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxs08.exe
FirewallRules: [{5B9439B8-3BA7-4E0B-9983-8A089882248B}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{58F29F08-83AF-4CCD-BDD0-929A86F366D0}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{986D1FD6-5279-4E3D-A63D-C85DC1FE7B1D}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpzwiz01.exe
FirewallRules: [{39E89A1C-E0E7-4F2A-A537-6CF75B0B6F47}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{3FA40793-3956-4AD1-B6D2-03FDCB040C68}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{FA692561-CD09-4CB8-B535-6D45719D3374}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{E7DAA948-9C3F-4104-BC8D-619C8F1D29A3}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposfx08.exe
FirewallRules: [{78A5C2F7-533F-4548-9CE2-E72263131BD9}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxm08.exe
FirewallRules: [{1DAFD66C-B77E-422B-90C1-14DC7ABE36C7}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{669D6B49-D269-423F-AC57-0BB6E1E48C80}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{C9AA2C88-29A5-4104-B366-EFD59E2BD98B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{F614D191-EA5E-449E-9505-C7A3EC2C44F2}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{9C9EC504-17B1-4C47-BB36-FCF5E3D2E86C}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{AF6B72BA-D090-40DF-98EB-F86E0F449231}] => (Allow) LPort=2869
FirewallRules: [{E837ABE2-F877-4178-8B2E-2D30E71331C3}] => (Allow) LPort=1900
FirewallRules: [{78415ED0-ED22-46B5-8CF6-6330A38D9667}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{98730647-519B-40EA-AE33-AA5CB53581C6}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{C5686880-17D2-4944-9F78-78EFE22B0A7C}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
FirewallRules: [{6F384575-BDEB-47D8-A16B-04950A53FF09}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
FirewallRules: [{AEBF5336-40F2-45D9-8748-06C8EAB61AF2}] => (Allow) C:\Program Files (x86)\Intel Corporation\Intel WiDi\WiDiApp.exe
FirewallRules: [{51E9A207-6589-4FC7-9C95-4C2EB8644335}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector\PDR8.EXE
FirewallRules: [{AD026405-E962-4384-B5E3-5E989E8CB3AE}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{64B140A0-8BFF-409B-876B-DB99F0A4B6CC}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{083DB4A0-AF82-4EEF-9414-77E8D4A89D91}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{CA6BC9E5-E136-433B-A373-844BFD421588}] => (Allow) C:\Program Files (x86)\Sony Ericsson\Update Engine\Sony Ericsson Update Engine.exe
FirewallRules: [{73EEFB9D-525E-4777-AEA6-36E5F61E7344}] => (Allow) C:\Program Files (x86)\Sony Ericsson\Update Engine\Sony Ericsson Update Engine.exe
FirewallRules: [{05D77498-21A2-46B7-9385-1DBBD1C342B3}] => (Allow) C:\Users\lucted\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{177BC7C4-05B2-49F0-B9BF-BA9190DCFCBB}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{4D74C715-7AA0-47A7-816E-16C37BC869E5}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{5C10B5C9-42EE-4B9B-A629-699482688139}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{37079CCD-0E6D-4D78-9DFA-613DC7B7BC57}] => (Allow) C:\Users\lucted\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{F544B605-B131-4B1B-9F16-B5B9E1FA50D1}] => (Allow) C:\Users\lucted\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{FBFEAA35-416F-41A8-A8FA-6A7117E66A1B}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Wiederherstellungspunkte =========================

07-06-2016 09:38:05 Geplanter Prüfpunkt

==================== Fehlerhafte Geräte im Gerätemanager =============


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (06/12/2016 10:47:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: mediasrv.exe, Version: 1.1.0.51, Zeitstempel: 0x4d6e5b7d
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x7f194cd3
ID des fehlerhaften Prozesses: 0x1608
Startzeit der fehlerhaften Anwendung: 0xmediasrv.exe0
Pfad der fehlerhaften Anwendung: mediasrv.exe1
Pfad des fehlerhaften Moduls: mediasrv.exe2
Berichtskennung: mediasrv.exe3
Vollständiger Name des fehlerhaften Pakets: mediasrv.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: mediasrv.exe5

Error: (06/12/2016 10:47:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: obexsrv.exe, Version: 1.1.0.51, Zeitstempel: 0x4d6e5ab8
Name des fehlerhaften Moduls: obexsrv.exe, Version: 1.1.0.51, Zeitstempel: 0x4d6e5ab8
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0005225c
ID des fehlerhaften Prozesses: 0x102c
Startzeit der fehlerhaften Anwendung: 0xobexsrv.exe0
Pfad der fehlerhaften Anwendung: obexsrv.exe1
Pfad des fehlerhaften Moduls: obexsrv.exe2
Berichtskennung: obexsrv.exe3
Vollständiger Name des fehlerhaften Pakets: obexsrv.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: obexsrv.exe5

Error: (06/12/2016 10:47:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: devmonsrv.exe, Version: 1.1.0.51, Zeitstempel: 0x4d6e5bd3
Name des fehlerhaften Moduls: devmonsrv.exe, Version: 1.1.0.51, Zeitstempel: 0x4d6e5bd3
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00043c86
ID des fehlerhaften Prozesses: 0x33c
Startzeit der fehlerhaften Anwendung: 0xdevmonsrv.exe0
Pfad der fehlerhaften Anwendung: devmonsrv.exe1
Pfad des fehlerhaften Moduls: devmonsrv.exe2
Berichtskennung: devmonsrv.exe3
Vollständiger Name des fehlerhaften Pakets: devmonsrv.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: devmonsrv.exe5

Error: (06/12/2016 10:45:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: devmonsrv.exe, Version: 1.1.0.51, Zeitstempel: 0x4d6e5bd3
Name des fehlerhaften Moduls: devmonsrv.exe, Version: 1.1.0.51, Zeitstempel: 0x4d6e5bd3
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00043c86
ID des fehlerhaften Prozesses: 0x838
Startzeit der fehlerhaften Anwendung: 0xdevmonsrv.exe0
Pfad der fehlerhaften Anwendung: devmonsrv.exe1
Pfad des fehlerhaften Moduls: devmonsrv.exe2
Berichtskennung: devmonsrv.exe3
Vollständiger Name des fehlerhaften Pakets: devmonsrv.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: devmonsrv.exe5

Error: (06/12/2016 10:45:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: obexsrv.exe, Version: 1.1.0.51, Zeitstempel: 0x4d6e5ab8
Name des fehlerhaften Moduls: obexsrv.exe, Version: 1.1.0.51, Zeitstempel: 0x4d6e5ab8
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0005225c
ID des fehlerhaften Prozesses: 0x984
Startzeit der fehlerhaften Anwendung: 0xobexsrv.exe0
Pfad der fehlerhaften Anwendung: obexsrv.exe1
Pfad des fehlerhaften Moduls: obexsrv.exe2
Berichtskennung: obexsrv.exe3
Vollständiger Name des fehlerhaften Pakets: obexsrv.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: obexsrv.exe5

Error: (06/12/2016 10:44:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: svchost.exe, Version: 10.0.10586.0, Zeitstempel: 0x5632d7ba
Name des fehlerhaften Moduls: ESENT.dll, Version: 10.0.10586.212, Zeitstempel: 0x56fa1686
Ausnahmecode: 0xc0000602
Fehleroffset: 0x000000000022885f
ID des fehlerhaften Prozesses: 0xa8c
Startzeit der fehlerhaften Anwendung: 0xsvchost.exe0
Pfad der fehlerhaften Anwendung: svchost.exe1
Pfad des fehlerhaften Moduls: svchost.exe2
Berichtskennung: svchost.exe3
Vollständiger Name des fehlerhaften Pakets: svchost.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: svchost.exe5

Error: (06/12/2016 10:44:43 PM) (Source: ESENT) (EventID: 908) (User: )
Description: svchost (2700) Der Prozess wird aufgrund eines nicht behebbaren Fehlers beendet: PV: 10.0.10586.0 SV: 10.0.10586.0 GLE: 0 ERR: -1603(fucb.cxx:359): dllentry.cxx(103) (ESENT[10.0.10586.0] RETAIL RTM MBCS)

Error: (06/12/2016 10:36:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: mediasrv.exe, Version: 1.1.0.51, Zeitstempel: 0x4d6e5b7d
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x7f194cd3
ID des fehlerhaften Prozesses: 0x10d0
Startzeit der fehlerhaften Anwendung: 0xmediasrv.exe0
Pfad der fehlerhaften Anwendung: mediasrv.exe1
Pfad des fehlerhaften Moduls: mediasrv.exe2
Berichtskennung: mediasrv.exe3
Vollständiger Name des fehlerhaften Pakets: mediasrv.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: mediasrv.exe5

Error: (06/12/2016 10:36:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: obexsrv.exe, Version: 1.1.0.51, Zeitstempel: 0x4d6e5ab8
Name des fehlerhaften Moduls: obexsrv.exe, Version: 1.1.0.51, Zeitstempel: 0x4d6e5ab8
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0005225c
ID des fehlerhaften Prozesses: 0x1008
Startzeit der fehlerhaften Anwendung: 0xobexsrv.exe0
Pfad der fehlerhaften Anwendung: obexsrv.exe1
Pfad des fehlerhaften Moduls: obexsrv.exe2
Berichtskennung: obexsrv.exe3
Vollständiger Name des fehlerhaften Pakets: obexsrv.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: obexsrv.exe5

Error: (06/12/2016 10:36:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: devmonsrv.exe, Version: 1.1.0.51, Zeitstempel: 0x4d6e5bd3
Name des fehlerhaften Moduls: devmonsrv.exe, Version: 1.1.0.51, Zeitstempel: 0x4d6e5bd3
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00043c86
ID des fehlerhaften Prozesses: 0x1278
Startzeit der fehlerhaften Anwendung: 0xdevmonsrv.exe0
Pfad der fehlerhaften Anwendung: devmonsrv.exe1
Pfad des fehlerhaften Moduls: devmonsrv.exe2
Berichtskennung: devmonsrv.exe3
Vollständiger Name des fehlerhaften Pakets: devmonsrv.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: devmonsrv.exe5


Systemfehler:
=============
Error: (06/12/2016 10:47:11 PM) (Source: DCOM) (EventID: 10005) (User: LUCTED-PC)
Description: 1053Bluetooth Media ServiceNicht verfügbar{9AC233E9-AC75-4DB5-85C4-DAB13A484FEA}

Error: (06/12/2016 10:47:11 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Bluetooth Media Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error: (06/12/2016 10:47:11 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Bluetooth Media Service erreicht.

Error: (06/12/2016 10:47:11 PM) (Source: DCOM) (EventID: 10005) (User: LUCTED-PC)
Description: 1053Bluetooth OBEX ServiceNicht verfügbar{E9E0D51D-F407-4D91-B294-C111F721A3AF}

Error: (06/12/2016 10:47:11 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Bluetooth OBEX Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error: (06/12/2016 10:47:11 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Bluetooth OBEX Service erreicht.

Error: (06/12/2016 10:47:09 PM) (Source: DCOM) (EventID: 10005) (User: LUCTED-PC)
Description: 1053Bluetooth Device MonitorNicht verfügbar{DABF28BE-F6B4-4E40-8F40-C4FB26F3116C}

Error: (06/12/2016 10:47:09 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Bluetooth Device Monitor" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error: (06/12/2016 10:47:09 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Bluetooth Device Monitor erreicht.

Error: (06/12/2016 10:46:10 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "watchmi" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053


CodeIntegrity:
===================================
  Date: 2016-06-12 22:22:49.349
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.

  Date: 2016-06-12 22:20:31.887
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.

  Date: 2016-06-10 22:20:05.287
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.

  Date: 2016-06-10 22:20:05.269
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.

  Date: 2016-06-10 21:59:05.833
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.

  Date: 2016-06-10 21:57:43.550
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.

  Date: 2016-06-10 19:39:25.792
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.

  Date: 2016-06-10 19:38:10.603
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.

  Date: 2016-06-10 19:38:10.594
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.

  Date: 2016-06-09 15:25:16.982
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.


==================== Speicherinformationen ===========================

Prozessor: Intel(R) Core(TM) i3-2330M CPU @ 2.20GHz
Prozentuale Nutzung des RAM: 45%
Installierter physikalischer RAM: 4001.87 MB
Verfügbarer physikalischer RAM: 2191.94 MB
Summe virtueller Speicher: 8097.87 MB
Verfügbarer virtueller Speicher: 6334.02 MB

==================== Laufwerke ================================

Drive c: (Boot) (Fixed) (Total:647.54 GB) (Free:581.46 GB) NTFS
Drive d: (Recover) (Fixed) (Total:48 GB) (Free:22.32 GB) NTFS

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: 2BD2C32A)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=647.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=50 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=1 GB) - (Type=12)

==================== Ende von Addition.txt ============================
Guten Abend Rafael,
ich habe alles durchgeführt, auch Kaspersky entfernt.
Wünsche Dir einen schönen Abend.
Lg Caroblue

burningice 12.06.2016 22:20
Es wird, es wird aber passt immer noch nicht ganz.

Schritt: 1
Mache einen erneuten Clean-Run mit AdwCleaner:
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).


Schritt: 2
Du hast eine veraltete Version von FRST benutzt (zu erkennen an "C:\Users\lucted\Trojaner-Board#\FRST-OlderVersion". Bitte verwende die aktuellste Version. Wenn du gemäß Anleitung arbeiten würdest, wäre sie jetzt auf dem Desktop. Ansonsten lade sie dir neu herunter.

Bitte starte wieder FRST, setze den Haken bei Addition und drücke auf Untersuchen. Poste bitte wieder die beiden Textdateien, die so entstehen.

Caroblue 13.06.2016 07:25
Code:
# AdwCleaner v5.119 - Bericht erstellt am 13/06/2016 um 08:07:43
# Aktualisiert am 30/05/2016 von Xplode
# Datenbank : 2016-06-12.1 [Server]
# Betriebssystem : Windows 10 Home  (X64)
# Benutzername : lucted - LUCTED-PC
# Gestartet von : C:\Users\lucted\Trojaner-Board#\AdwCleaner_5.119.exe
# Option : Löschen
# Unterstützung : hxxp://toolslib.net/forum

***** [ Dienste ] *****

[-] Dienst gelöscht : iSafeKrnl
[-] Dienst gelöscht : iSafeKrnlKit
[-] Dienst gelöscht : iSafeKrnlR3
[-] Dienst gelöscht : iSafeService

***** [ Ordner ] *****

[-] Ordner gelöscht : C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\YourGSearchFinder_br

***** [ Dateien ] *****


***** [ DLLs ] *****


***** [ WMI ] *****


***** [ Verknüpfungen ] *****


***** [ Aufgabenplanung ] *****


***** [ Registrierungsdatenbank ] *****

[-] Schlüssel gelöscht : HKLM\SOFTWARE\Elex-tech
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iSafe

***** [ Internetbrowser ] *****

[-] [C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\prefs.js] gelöscht : user_pref("browser.search.searchengine.searchengine.uid", "[xpconnect wrapped nsIUUIDGenerator]");
[-] [C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\prefs.js] gelöscht : user_pref("extensions.mywebsearch.prevKwdEnabled", true);
[-] [C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\prefs.js] gelöscht : user_pref("extensions.toolbar.mindspark._brMembers_.BUTTON_STRUCTURE", "[{\"b\":224520315,\"c\":\"mindspark.magnify\",\"p\":\"L.0\"},{\"b\":224520316,\"c\":\"mindspark.entersearchterms\",\"p\":\"L.0.0[...]
[-] [C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\prefs.js] gelöscht : user_pref("extensions.toolbar.mindspark._brMembers_.browser.version.last", "45.0");
[-] [C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\prefs.js] gelöscht : user_pref("extensions.toolbar.mindspark._brMembers_.firstKnownVersion", "7.38.8.45986");
[-] [C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\prefs.js] gelöscht : user_pref("extensions.toolbar.mindspark._brMembers_.homepage", "/index.jhtml?n=782aa589");
[-] [C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\prefs.js] gelöscht : user_pref("extensions.toolbar.mindspark._brMembers_.hp.enabled", true);
[-] [C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\prefs.js] gelöscht : user_pref("extensions.toolbar.mindspark._brMembers_.hp.guardType", "HPR");
[-] [C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\prefs.js] gelöscht : user_pref("extensions.toolbar.mindspark._brMembers_.initialized", true);
[-] [C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\prefs.js] gelöscht : user_pref("extensions.toolbar.mindspark._brMembers_.installation.installDate", "2016060809");
[-] [C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\prefs.js] gelöscht : user_pref("extensions.toolbar.mindspark._brMembers_.installation.success", true);
[-] [C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\prefs.js] gelöscht : user_pref("extensions.toolbar.mindspark._brMembers_.lastActivePing", "1465797545417");
[-] [C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\prefs.js] gelöscht : user_pref("extensions.toolbar.mindspark._brMembers_.lastKnownVersion", "7.38.8.45986");
[-] [C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\prefs.js] gelöscht : user_pref("extensions.toolbar.mindspark._brMembers_.lssState", "{\"previousLocales\":[\"de\",\"en-US\",\"en\"],\"supportedLocales\":[\"de\",\"es\",\"pt\",\"ja\",\"en\"],\"defaultLocale\":\"en\",\"supp[...]
[-] [C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\prefs.js] gelöscht : user_pref("extensions.toolbar.mindspark._brMembers_.options.defaultSearch", false);
[-] [C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\prefs.js] gelöscht : user_pref("extensions.toolbar.mindspark._brMembers_.options.homePageEnabled", false);
[-] [C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\prefs.js] gelöscht : user_pref("extensions.toolbar.mindspark._brMembers_.options.keywordEnabled", true);
[-] [C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\prefs.js] gelöscht : user_pref("extensions.toolbar.mindspark._brMembers_.options.tabEnabled", false);
[-] [C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\prefs.js] gelöscht : user_pref("extensions.toolbar.mindspark._brMembers_.productDeliveryOption.language", "en");
[-] [C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\prefs.js] gelöscht : user_pref("extensions.toolbar.mindspark._brMembers_.productDeliveryOption.type", "Toolbar");
[-] [C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\prefs.js] gelöscht : user_pref("extensions.toolbar.mindspark._brMembers_.successUrl", "undefined");
[-] [C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\prefs.js] gelöscht : user_pref("extensions.toolbar.mindspark._brMembers_.toolbarCollapsed", false);
[-] [C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\prefs.js] gelöscht : user_pref("extensions.toolbar.mindspark._brMembers_.uninstallTasks", "{\"prefBranchesToDelete\":[\"extensions.toolbar.mindspark._brMembers_.\"],\"filesToDelete\":[\"C:\\\\Users\\\\lucted\\\\AppData\\\[...]
[-] [C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\prefs.js] gelöscht : user_pref("extensions.toolbar.mindspark.hp.enabled", true);
[-] [C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\prefs.js] gelöscht : user_pref("extensions.toolbar.mindspark.hp.enabled.guid", "yourGSearchfinder@GSearch.com");
[-] [C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\prefs.js] gelöscht : user_pref("extensions.toolbar.mindspark.lastInstalled", "yourGSearchfinder@GSearch.com");

*************************

:: "Tracing" Schlüssel gelöscht
:: Proxy Einstellungen zurückgesetzt
:: Winsock Einstellungen zurückgesetzt
:: Internet Explorer Richtlinien gelöscht
:: Chrome Richtlinien gelöscht

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [53987 Bytes] - [08/06/2016 09:16:30]
C:\AdwCleaner\AdwCleaner[C2].txt - [6463 Bytes] - [13/06/2016 08:07:43]
C:\AdwCleaner\AdwCleaner[S1].txt - [53061 Bytes] - [08/06/2016 09:13:41]
C:\AdwCleaner\AdwCleaner[S2].txt - [6675 Bytes] - [13/06/2016 08:06:05]

########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [6683 Bytes] ##########
Code:
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:12-06-2016 01
durchgeführt von lucted (Administrator) auf LUCTED-PC (13-06-2016 08:19:21)
Gestartet von C:\Users\lucted\Downloads
Geladene Profile: UpdatusUser & lucted (Verfügbare Profile: UpdatusUser & lucted & DefaultAppPool)
Platform: Windows 10 Home Version 1511 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: Edge)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
() C:\Windows\System32\FspService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
(Sony) C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
() C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
(Wistron) C:\Program Files (x86)\Launch Manager\HotkeyApp.exe
(Wistron Corp.) C:\Program Files (x86)\Launch Manager\OSD.exe
(Wistron Corp.) C:\Program Files (x86)\Launch Manager\WButton.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Wistron Corp.) C:\Program Files (x86)\Launch Manager\WisLMSvc.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Geek Software GmbH) C:\Users\lucted\Mama Strom\Sonja\PDF24\pdf24.exe
() C:\Program Files (x86)\watchmi\TvdTray.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.10586.168_none_76587b40265ca57e\TiWorker.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Nicht auf der Ausnahmeliste) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [fspuip] => C:\Program Files\FSP\fspuip.exe [6319440 2015-05-29] (Sentelic Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12661352 2011-08-01] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2264168 2011-07-13] (Realtek Semiconductor)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
HKLM-x32\...\Run: [HotkeyApp] => C:\Program Files (x86)\Launch Manager\HotkeyApp.exe [207400 2011-08-06] (Wistron)
HKLM-x32\...\Run: [LMgrVolOSD] => C:\Program Files (x86)\Launch Manager\OSD.exe [348960 2011-08-06] (Wistron Corp.)
HKLM-x32\...\Run: [LMgrOSD] => "C:\Program Files (x86)\Launch Manager\OSDCtrl.exe"
HKLM-x32\...\Run: [Wbutton] => C:\Program Files (x86)\Launch Manager\Wbutton.exe [447016 2011-08-13] (Wistron Corp.)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [107816 2010-08-04] (CyberLink)
HKLM-x32\...\Run: [Dolby Advanced Audio v2] => C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe [506712 2011-02-03] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67384 2016-03-18] (Apple Inc.)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [310280 2012-12-20] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [PDFPrint] => C:\Users\lucted\Mama Strom\Sonja\PDF24\pdf24.exe [221216 2015-11-18] (Geek Software GmbH)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-689365640-92009327-2566536619-1000\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [517632 2015-10-30] (Microsoft Corporation)
HKU\S-1-5-21-689365640-92009327-2566536619-1001\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-12-18] (Google Inc.)
HKU\S-1-5-21-689365640-92009327-2566536619-1001\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1476104 2012-12-20] (Samsung)
HKU\S-1-5-21-689365640-92009327-2566536619-1001\...\Run: [] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844296 2012-12-20] (Samsung)
HKU\S-1-5-21-689365640-92009327-2566536619-1001\...\Run: [Sony PC Companion] => C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe [457088 2015-09-23] (Sony)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [176904 2015-07-23] (NVIDIA Corporation)
AppInit_DLLs: ,C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [176904 2015-07-23] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [155280 2015-07-23] (NVIDIA Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\lucted\AppData\Local\Microsoft\OneDrive\17.3.5892.0626_1\amd64\FileSyncShell64.dll [2016-01-06] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\lucted\AppData\Local\Microsoft\OneDrive\17.3.5892.0626_1\amd64\FileSyncShell64.dll [2016-01-06] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\lucted\AppData\Local\Microsoft\OneDrive\17.3.5892.0626_1\amd64\FileSyncShell64.dll [2016-01-06] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\lucted\AppData\Local\Microsoft\OneDrive\17.3.5892.0626_1\FileSyncShell.dll [2016-01-06] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\lucted\AppData\Local\Microsoft\OneDrive\17.3.5892.0626_1\FileSyncShell.dll [2016-01-06] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\lucted\AppData\Local\Microsoft\OneDrive\17.3.5892.0626_1\FileSyncShell.dll [2016-01-06] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2015-12-28]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\watchmi tray.lnk [2010-12-02]
ShortcutTarget: watchmi tray.lnk -> C:\Windows\Installer\{AA4D1C5E-116A-4FF4-AA91-28F526868203}\SHCT_TRAY_PROGRAMG_A10D8603999C4E9488776EF2533C58C9.exe (Acresso Software Inc.)

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1
Tcpip\Parameters: [NameServer] 82.163.142.7 95.211.158.134
Tcpip\..\Interfaces\{03825670-e143-4a1c-9d66-6b83c604caab}: [DhcpNameServer] 192.168.2.1 192.168.2.1
Tcpip\..\Interfaces\{5327d1c1-1dac-4479-9385-c34c11de559b}: [DhcpNameServer] 82.163.142.7

Internet Explorer:
==================
HKU\S-1-5-21-689365640-92009327-2566536619-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com
SearchScopes: HKLM -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKLM -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKLM-x32 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKLM-x32 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-689365640-92009327-2566536619-1001 -> {4BB7C960-1C70-484C-B979-2CCADBE00A6F} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2016-04-12] (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-27] (Google Inc.)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-04-12] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll [2014-12-12] (Oracle Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-27] (Google Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-12-12] (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-27] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-27] (Google Inc.)
Toolbar: HKU\S-1-5-21-689365640-92009327-2566536619-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-27] (Google Inc.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1
FF DefaultSearchEngine: v9
FF SelectedSearchEngine: v9
FF Homepage: hxxp://www.web.de/
FF Keyword.URL: undefined://undefined/
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_21_0_0_242.dll [2016-05-13] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_242.dll [2016-05-13] ()
FF Plugin-x32: @java.com/DTPlugin,version=10.9.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2012-11-24] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-12-12] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-12-27] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-14] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-14] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2011-07-25] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2011-07-25] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin HKU\S-1-5-21-689365640-92009327-2566536619-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\lucted\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2013-06-06] (Unity Technologies ApS)
FF user.js: detected! => C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\8hxidemf.default\user.js [2016-06-08]
FF user.js: detected! => C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\user.js [2016-06-08]
FF SearchPlugin: C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\8hxidemf.default\searchplugins\englische-ergebnisse.xml [2013-03-22]
FF SearchPlugin: C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\8hxidemf.default\searchplugins\gmx-suche.xml [2013-03-22]
FF SearchPlugin: C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\8hxidemf.default\searchplugins\lastminute.xml [2013-03-22]
FF SearchPlugin: C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\8hxidemf.default\searchplugins\webde-suche.xml [2013-03-22]
FF SearchPlugin: C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\searchplugins\englische-ergebnisse.xml [2013-03-22]
FF SearchPlugin: C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\searchplugins\gmx-suche.xml [2013-03-22]
FF SearchPlugin: C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\searchplugins\lastminute.xml [2013-03-22]
FF SearchPlugin: C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\searchplugins\webde-suche.xml [2013-03-22]
FF Extension: WEB.DE MailCheck - C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\extensions\browser-mailcheck@web.de [2016-03-26]
FF Extension: xRocket Toolbar - C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\extensions\arthurj8283@gmail.com [2016-05-09] [ist nicht signiert]
FF Extension: WEB.DE MailCheck - C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\8hxidemf.default\Extensions\browser-mailcheck@web.de [2016-03-26]
FF Extension: GsearchFinder - C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\Extensions\@E9438230-A7DF-4D1F-8F2D-CA1D0F0F7924.xpi [2016-03-24]
FF Extension: Gooding Toolbar - C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\Extensions\gooding-toolbar@gooding.de.xpi [2016-04-09]
FF Extension: Anti-Banner - C:\Program Files (x86)\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak2 [2016-03-19] [ist nicht signiert]
FF Extension: Modul zur Link-Untersuchung - C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak2 [2016-03-19] [ist nicht signiert]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2016-03-19] [ist nicht signiert]
FF HKLM-x32\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru => nicht gefunden
FF HKLM-x32\...\Firefox\Extensions: [arthurj8283@gmail.com] - C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\extensions\arthurj8283@gmail.com

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR DefaultSearchURL: Default -> hxxp://www.nicesearches.com/search.php?type=ds&ts=1462807746&from=87640509&uid=hitachixhts547575a9e384_j2540054ca75yeca75yex&z=addf052d28676756fb7e802g0z2q4oabfe0m8m3c7b&q={searchTerms}
CHR DefaultSearchKeyword: Default -> nice
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.112\gcswf32.dll => Keine Datei
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll => Keine Datei
CHR Plugin: (Java Deployment Toolkit 6.0.260.3) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll => Keine Datei
CHR Plugin: (Java(TM) Platform SE 6 U26) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll => Keine Datei
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll => Keine Datei
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll => Keine Datei
CHR Plugin: (Chrome NaCl) - C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.112\ppGoogleNaClPluginChrome.dll => Keine Datei
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.112\pdf.dll => Keine Datei
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll => Keine Datei
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Profile: C:\Users\lucted\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Kaspersky Protection) - C:\Users\lucted\AppData\Local\Google\Chrome\User Data\Default\Extensions\eahebamiopdhefndnmappcihfajigkka [2016-04-21]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\lucted\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-21]

==================== Dienste (Nicht auf der Ausnahmeliste) ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3009264 2016-05-17] (Microsoft Corporation)
R2 FspSvc; C:\Windows\System32\FspService.exe [2178896 2015-05-29] ()
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [Datei ist nicht signiert]
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [Datei ist nicht signiert]
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2010-12-14] () [Datei ist nicht signiert]
S2 watchmi; C:\Program Files (x86)\watchmi\TvdService.exe [62464 2010-12-06] () [Datei ist nicht signiert]
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
R3 WisLMSvc; C:\Program Files (x86)\Launch Manager\WisLMSvc.exe [118560 2011-08-06] (Wistron Corp.)

===================== Treiber (Nicht auf der Ausnahmeliste) ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)
R3 fspad_win764; C:\Windows\system32\DRIVERS\fspad_win764.sys [209232 2015-05-29] (Sentelic Corporation)
S3 IT9135BDA; C:\Windows\System32\Drivers\IT9135BDA.sys [165504 2011-08-10] (ITE                      )
S3 mod7764; C:\Windows\System32\DRIVERS\mod77-64.sys [1077416 2010-09-16] (DiBcom SA)
R3 RTSUER; C:\Windows\system32\Drivers\RtsUer.sys [402960 2015-05-14] (Realsil Semiconductor Corporation)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
U3 idsvc; kein ImagePath

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-06-13 08:19 - 2016-06-13 08:19 - 00022360 _____ C:\Users\lucted\Downloads\FRST.txt
2016-06-13 08:18 - 2016-06-13 08:19 - 00000000 ____D C:\FRST
2016-06-13 08:17 - 2016-06-13 08:18 - 02385408 _____ (Farbar) C:\Users\lucted\Downloads\FRST64.exe
2016-06-13 08:17 - 2016-06-13 08:17 - 00001026 _____ C:\Users\lucted\Desktop\FRST64.exe - Verknüpfung.lnk
2016-06-13 08:04 - 2016-06-13 08:04 - 00001612 _____ C:\Users\lucted\Desktop\AdwCleaner_5.119.exe - Verknüpfung.lnk
2016-06-12 22:41 - 2016-06-12 22:41 - 12819016 _____ (Kaspersky Lab ZAO) C:\Users\lucted\Downloads\kavremvr.exe
2016-06-08 08:39 - 2016-06-13 08:07 - 00000000 ____D C:\AdwCleaner
2016-06-08 07:53 - 2016-06-08 14:18 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-06-08 07:52 - 2016-06-08 07:52 - 00000919 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-06-08 07:52 - 2016-06-08 07:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-06-08 07:52 - 2016-06-08 07:52 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-06-08 07:52 - 2016-06-08 07:52 - 00000000 ____D C:\Benutzer
2016-06-08 07:52 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-06-08 07:52 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-06-08 07:52 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-06-08 07:49 - 2016-06-08 07:49 - 00001653 _____ C:\Users\lucted\Desktop\mbam-setup-2.2.1.1043.exe - Verknüpfung.lnk
2016-06-07 14:48 - 2016-06-07 14:48 - 00000000 ____D C:\TDSSKiller_Quarantine
2016-06-07 14:37 - 2016-06-07 15:03 - 00822490 _____ C:\TDSSKiller.3.1.0.9_07.06.2016_14.37.08_log.txt
2016-06-07 12:27 - 2016-06-13 08:15 - 00000000 ____D C:\Users\lucted\Trojaner-Board#
2016-06-07 10:41 - 2016-06-07 10:42 - 162961416 _____ (Kaspersky Lab) C:\Users\lucted\Downloads\kts16.0.0.614abcdde_9994(1).exe
2016-06-06 22:44 - 2016-06-06 23:00 - 00000000 ____D C:\KVRT_Data
2016-06-06 22:43 - 2016-06-06 22:43 - 94947664 _____ (Kaspersky Lab ZAO) C:\Users\lucted\Downloads\KVRT (3).exe
2016-06-06 22:40 - 2016-06-06 22:40 - 94947664 _____ (Kaspersky Lab ZAO) C:\Users\lucted\Downloads\KVRT (2).exe
2016-06-06 22:39 - 2016-06-06 22:44 - 94947664 _____ (Kaspersky Lab ZAO) C:\Users\lucted\Downloads\KVRT.exe
2016-06-06 22:39 - 2016-06-06 22:40 - 94947664 _____ (Kaspersky Lab ZAO) C:\Users\lucted\Downloads\KVRT (1).exe
2016-06-06 22:30 - 2016-06-06 22:33 - 162961416 _____ (Kaspersky Lab) C:\Users\lucted\Downloads\kts16.0.0.614abcdde_9994.exe
2016-06-06 22:17 - 2016-06-06 22:27 - 00000000 ____D C:\WINDOWS\Minidump
2016-05-27 10:29 - 2016-05-27 10:29 - 00000000 _____ C:\Users\Public\Documents\report.dat
2016-05-22 19:17 - 2016-05-22 19:17 - 00004336 _____ C:\Users\lucted\Downloads\MitteilungForm(1).pdf
2016-05-22 19:12 - 2016-05-22 19:12 - 00004394 _____ C:\Users\lucted\Downloads\MitteilungForm.pdf
2016-05-20 17:10 - 2016-05-20 17:10 - 00036153 _____ C:\Users\lucted\Downloads\Kontoumsaetze_848_031412000_20160520_171027.pdf

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-06-13 08:10 - 2011-12-18 00:08 - 00001134 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-06-13 08:09 - 2016-01-06 14:04 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-06-13 08:09 - 2016-01-06 13:36 - 00000000 ____D C:\ProgramData\NVIDIA
2016-06-13 08:08 - 2015-10-30 08:28 - 00786432 ___SH C:\WINDOWS\system32\config\BBI
2016-06-13 08:00 - 2015-12-28 14:36 - 00004156 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{845ECAD7-6284-46CB-831F-F26619A16307}
2016-06-12 22:46 - 2012-12-05 19:45 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-06-12 22:44 - 2015-10-30 09:24 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2016-06-12 22:44 - 2012-01-19 23:47 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2016-06-12 22:43 - 2015-10-30 09:21 - 00000000 ____D C:\WINDOWS\INF
2016-06-12 22:43 - 2015-10-30 08:28 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2016-06-12 22:41 - 2015-10-30 09:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-06-12 22:41 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-06-12 22:41 - 2011-12-18 00:08 - 00001138 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-06-12 22:28 - 2016-03-21 17:07 - 00000000 ____D C:\Users\lucted\AppData\LocalLow\Temp
2016-06-10 19:35 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-06-08 09:17 - 2016-04-21 13:26 - 00000000 ____D C:\WINDOWS\system32\log
2016-06-08 09:17 - 2016-03-26 10:41 - 00000008 __RSH C:\ProgramData\ntuser.pol
2016-06-08 07:47 - 2011-12-18 00:08 - 00002298 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-06-08 07:47 - 2011-12-18 00:08 - 00002286 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-06-07 12:27 - 2016-01-06 13:40 - 00000000 ____D C:\Users\lucted
2016-06-06 22:17 - 2014-05-17 20:56 - 597610651 _____ C:\WINDOWS\MEMORY.DMP
2016-05-27 12:34 - 2016-04-21 13:26 - 00002179 _____ C:\Users\lucted\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-05-27 09:49 - 2015-10-30 09:24 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-05-27 09:48 - 2014-12-24 15:23 - 00000000 ____D C:\Program Files\Microsoft Office 15
2016-05-24 18:41 - 2015-12-30 14:28 - 00000000 ____D C:\Users\lucted\Documents\Carola DAK
2016-05-20 18:35 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\rescache
2016-05-20 17:20 - 2015-10-30 09:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-05-19 07:26 - 2015-09-10 07:37 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-05-15 14:14 - 2015-10-30 20:44 - 00000000 ____D C:\Program Files\Windows Journal
2016-05-15 14:14 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-05-15 14:14 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-05-15 14:14 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\Provisioning
2016-05-15 14:14 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-05-15 14:13 - 2015-10-30 09:24 - 00015703 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
2016-05-15 11:54 - 2013-07-14 22:06 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-05-15 11:31 - 2011-08-10 17:28 - 139319312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2012-03-18 21:30 - 2012-03-18 21:30 - 0017408 _____ () C:\Users\lucted\AppData\Local\WebpageIcons.db
2015-12-28 14:29 - 2016-03-30 18:12 - 0002385 _____ () C:\ProgramData\hpzinstall.log

Einige Dateien in TEMP:
====================
C:\Users\lucted\AppData\Local\Temp\libeay32.dll
C:\Users\lucted\AppData\Local\Temp\msvcr120.dll
C:\Users\lucted\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert


LastRegBack: 2016-06-06 20:32

==================== Ende von FRST.txt ============================
Code:
Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:12-06-2016 01
durchgeführt von lucted (2016-06-13 08:20:26)
Gestartet von C:\Users\lucted\Downloads
Windows 10 Home Version 1511 (X64) (2016-01-06 12:10:54)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-689365640-92009327-2566536619-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-689365640-92009327-2566536619-503 - Limited - Disabled)
Gast (S-1-5-21-689365640-92009327-2566536619-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-689365640-92009327-2566536619-1005 - Limited - Enabled)
lucted (S-1-5-21-689365640-92009327-2566536619-1001 - Administrator - Enabled) => C:\Users\lucted
UpdatusUser (S-1-5-21-689365640-92009327-2566536619-1000 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

4500_Help (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.7.1.19610 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.242 - Adobe Systems Incorporated)
AMI VR-pulse OS Switcher (HKLM\...\{69A90894-D54A-4657-8172-6B0FCE93414E}) (Version: 1.2 - American Megatrends Inc.)
Apple Application Support (32-Bit) (HKLM-x32\...\{FE5C2FAA-118D-4509-B51D-3F71CC9E1B3E}) (Version: 4.3 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{2937FD88-C9D6-4B82-B539-37CD0A572F42}) (Version: 4.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Ashampoo Burning Studio (HKLM-x32\...\Ashampoo Burning Studio_is1) (Version: 10.0.10 - Ashampoo GmbH & Co. KG)
Ashampoo Photo Commander (HKLM-x32\...\Ashampoo Photo Commander_is1) (Version: 9.2.0 - Ashampoo GmbH & Co. KG)
Ashampoo Photo Optimizer (HKLM-x32\...\Ashampoo Photo Optimizer_is1) (Version: 4.0.0 - Ashampoo GmbH & Co. KG)
Ashampoo Snap (HKLM-x32\...\Ashampoo Snap_is1) (Version: 4.3.0 - Ashampoo GmbH & Co. KG)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.39 - Atheros Communications Inc.)
bpd_scan (x32 Version: 3.00.0000 - Hewlett-Packard) Hidden
BPDSoftware (x32 Version: 140.0.001.000 - Hewlett-Packard) Hidden
BPDSoftware_Ini (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
BufferChm (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
Control ActiveX de Windows Live Mesh para conexiones remotas (HKLM-x32\...\{04668DF2-D32F-4555-9C7E-35523DCD6544}) (Version: 15.4.5722.2 - Microsoft Corporation)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation)
Corel Graphics - Windows Shell Extension (HKLM-x32\...\_{B6BFCD02-BA0E-41A9-9C9C-6624C4BB475F}) (Version: 15.2.0.686 - Corel Corporation)
Corel Graphics - Windows Shell Extension (x32 Version: 15.2.686 - Corel Corporation) Hidden
Corel Graphics - Windows Shell Extension 64 Bit (Version: 15.2.686 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Common (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Connect (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Custom Data (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - DE (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Draw (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - EN (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - ES (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Extra Content (HKLM-x32\...\_{5A10CFDA-FA2B-453C-B561-AE864E62EAC8}) (Version:  - Corel Corporation)
CorelDRAW Essentials X5 - Extra Content (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Filters (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - FR (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - IPM (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - IT (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - PHOTO-PAINT (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Redist (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Setup Files (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - WT (x32 Version: 15.3 -  Corel Corporation) Hidden
CorelDRAW Essentials X5 (HKLM-x32\...\_{EDBEBF07-F880-48FB-9AA5-0E8E71E02D83}) (Version: 15.2.0.686 - Corel Corporation)
CorelDRAW Essentials X5 (x32 Version: 15.3 - Corel Corporation) Hidden
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3624 - CyberLink Corp.)
CyberLink MediaEspresso (HKLM-x32\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 6.5.1508_36229 - CyberLink Corp.)
CyberLink MediaShow (HKLM-x32\...\InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}) (Version: 5.1.2414 - CyberLink Corp.)
CyberLink PhotoNow (HKLM-x32\...\InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.0.6904 - CyberLink Corp.)
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 7.0.0.1327 - CyberLink Corp.)
CyberLink PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.4020 - CyberLink Corp.)
CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.2930.52 - CyberLink Corp.)
CyberLink PowerDVD Copy (HKLM-x32\...\InstallShield_{E3D04529-6EDB-11D8-A372-0050BAE317E1}) (Version: 1.5.1306 - CyberLink Corp.)
CyberLink PowerProducer (HKLM-x32\...\InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}) (Version: 5.0.2.3503 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.1.4013 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Destinations (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
DocProc (x32 Version: 140.0.185.000 - Hewlett-Packard) Hidden
Dolby Advanced Audio v2 (HKLM-x32\...\{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}) (Version: 7.2.7000.4 - Dolby Laboratories Inc)
Dropbox (HKU\S-1-5-21-689365640-92009327-2566536619-1001\...\Dropbox) (Version: 3.0.5 - Dropbox, Inc.)
Fax (x32 Version: 140.0.307.000 - Hewlett-Packard) Hidden
Finger Sensing Pad Driver (HKLM\...\{E86906FF-C63D-4EAF-ACE7-5F8D55FBEA9A}) (Version: 9.4.9.5 - Sentelic)
Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsługę połączeń zdalnych (HKLM-x32\...\{B04A0E2F-1E4C-4E61-B18E-3B2BD6779CA7}) (Version: 15.4.5722.2 - Microsoft Corporation)
Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 51.0.2704.84 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7619.1252 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Officejet J4500 Series 14.0 Rel. 6 (HKLM\...\{EACF146B-01D2-4185-B773-9604A0E5902A}) (Version: 14.0 - HP)
HPSSupply (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
Intel PROSet Wireless (x32 Version:  - ) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2462 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{006B5C65-3938-4246-B182-994A7E415EDE}) (Version: 1.1.0.0537 - Intel Corporation)
Intel(R) WiDi (HKLM-x32\...\{781A93CD-1608-427D-B7F0-D05C07795B25}) (Version: 2.1.41.0 - Intel Corporation)
Intel(R) Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version:  - )
IT9130 Driver v11.4.26.1 (HKLM-x32\...\IT9130 DriverInstaller_11.4.26.1) (Version:  - )
J4500 (x32 Version: 140.0.001.000 - Hewlett-Packard) Hidden
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kontrolnik Windows Live Mesh ActiveX za oddaljene povezave (HKLM-x32\...\{CA227A9D-09BE-4BFB-9764-48FED2DA5454}) (Version: 15.4.5722.2 - Microsoft Corporation)
Launch Manager (HKLM-x32\...\{D0846526-66DD-4DC9-A02C-98F9A2806812}) (Version: 1.5.1.4 - Wistron Corp.)
Malwarebytes Anti-Malware Version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
MarketResearch (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Medion Home Cinema (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 8.0.2608 - CyberLink Corp.)
Medion Home Cinema (x32 Version: 8.0.2608 - CyberLink Corp.) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft Mathematics (64-Bit) (HKLM\...\{E57B7E0A-8BE5-42E2-BE60-C07ED680A063}) (Version: 4.0 - Microsoft Corporation)
Microsoft Office Professional 2013 - de-de (HKLM\...\ProfessionalRetail - de-de) (Version: 15.0.4823.1004 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 45.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 45.0.1 (x86 de)) (Version: 45.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 45.0.1.5918 - Mozilla)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NVIDIA 3D Vision Driver 269.24 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 269.24 - NVIDIA Corporation)
NVIDIA Graphics Driver 269.24 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 269.24 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}) (Version: 9.10.0513 - NVIDIA Corporation)
OCR Software by I.R.I.S. 14.0 (HKLM\...\HPOCR) (Version: 14.0 - HP)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4823.1004 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4823.1004 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4823.1004 - Microsoft Corporation) Hidden
PDF24 Creator 7.4.1 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Pošta Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
ProductContext (x32 Version: 140.0.001.000 - Hewlett-Packard) Hidden
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6428 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Reader Driver (HKLM-x32\...\{62BBB2F0-E220-4821-A564-730807D2C34D}) (Version: 6.1.7600.10010 - Realtek Semiconductor Corp.)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.5.1.12123_2 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.5.1.12123_2 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.16.0 - SAMSUNG Electronics Co., Ltd.)
Scan (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
Sony Ericsson Update Engine (HKLM-x32\...\Update Engine) (Version: 2.13.8.201307151333 - Sony Ericsson Communications AB)
Sony PC Companion 2.10.303 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.303 - Sony)
Spelling Dictionaries Support For Adobe Reader X (HKLM-x32\...\{AC76BA86-7AD7-5464-3428-A00000000004}) (Version: 10.0.0 - Adobe Systems Incorporated)
Status (x32 Version: 140.0.342.000 - Hewlett-Packard) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.1.12.0 - Synaptics Incorporated)
Telekom Fotoservice (HKLM-x32\...\Telekom Fotoservice) (Version:  - )
TI USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{B1EB7FFF-6E44-43D8-869D-B78E44CD3E0F}) (Version: 1.12.14.0 - Texas Instruments Inc.)
TI USB3 Host Driver (x32 Version: 1.12.14.0 - Texas Instruments Inc.) Hidden
TomTom HOME (HKLM-x32\...\{5DCB2EB3-87AD-426E-8D74-8B92C9D731C4}) (Version: 2.9.8 - Ihr Firmenname)
TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
T-Online 6.0 (HKLM-x32\...\{B1275E23-717A-4D52-997A-1AD1E24BC7F3}) (Version:  - )
T-Online WLAN-Access Finder (HKLM-x32\...\{295C31E5-3F91-498E-9623-DA24D2FA2B6A}) (Version:  - )
Toolbox (x32 Version: 140.0.596.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
Unity Web Player (HKU\S-1-5-21-689365640-92009327-2566536619-1001\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
VR-pulse Installer (HKLM\...\{E3725525-DE3E-48C1-9B81-D5FF1BFA23BC}) (Version: 1.4.0 - American Megatrends Inc.)
watchmi (HKLM-x32\...\{AA4D1C5E-116A-4FF4-AA91-28F526868203}) (Version: 2.5.0 - Axel Springer Digital TV Guide GmbH)
WebReg (x32 Version: 140.0.297.017 - Hewlett-Packard) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen (HKLM-x32\...\{C32CE55C-12BA-4951-8797-0967FDEF556F}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX-objekt til fjernforbindelser (HKLM-x32\...\{57220148-3B2B-412A-A2E0-82B9DF423696}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX-vezérlő távoli kapcsolatokhoz (HKLM-x32\...\{6E29C4F7-C2C2-4B18-A15C-E09B92065F15}) (Version: 15.4.5722.2 - Microsoft Corporation)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

CustomCLSID: HKU\S-1-5-21-689365640-92009327-2566536619-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\lucted\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-689365640-92009327-2566536619-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\lucted\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-689365640-92009327-2566536619-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\lucted\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-689365640-92009327-2566536619-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\lucted\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-689365640-92009327-2566536619-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\lucted\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-689365640-92009327-2566536619-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\lucted\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-689365640-92009327-2566536619-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\lucted\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-689365640-92009327-2566536619-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\lucted\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-689365640-92009327-2566536619-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\lucted\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {04BCB11B-17F1-4955-9C00-69977B36C809} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe
Task: {117783BD-65A6-4DC1-9E57-4D81CD732B70} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe
Task: {197BFA21-9421-417A-A970-70146ABD8F06} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe
Task: {2175C1B2-482A-4A54-BB55-0CDD42FCACD7} - System32\Tasks\{F1346FE0-48B9-405C-B428-32C2807A08ED} => Chrome.exe
Task: {282EB8E8-1E85-4C65-8674-346BAA7E4F34} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {2B86DFC6-EB5D-4BD8-8398-CA427629B14B} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe
Task: {44B93389-5249-4E2B-A9B5-3D65E2BFAC17} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe
Task: {471E3170-56D4-4523-86A6-1464157ACD0A} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {5057AEF1-568D-4FBC-AC9E-4A78E653BFA6} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe
Task: {62A99E50-A0D9-4911-8AF5-1C78217849C2} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe
Task: {62F1DEF1-2EE7-46AC-9183-887B0B9A4311} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe
Task: {63C3E556-7059-4370-9A2A-470323E2C382} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe
Task: {670DEE14-CBDC-42E9-91D0-0552EE63E821} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {6A11C2BB-548A-4972-B321-955CC4F3952E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-04] (Google Inc.)
Task: {6D585D27-5627-4974-BE14-99479A641455} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {6E491ED6-FE8B-4B32-BF70-135C535CF8BE} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
Task: {79523EC8-DECC-43B3-AA31-7B484566FFEF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-04] (Google Inc.)
Task: {7B995869-C825-446D-8392-BEB8EAD525B3} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-05-13] (Adobe Systems Incorporated)
Task: {8C3D5683-CCAD-40F5-9375-5E6E1C5DDD73} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-05-15] (Microsoft Corporation)
Task: {962D96D8-D3AC-4B8E-98AE-A1E01A0E23A9} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe
Task: {980027FC-1320-46C9-8285-64016C8A1EDC} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe
Task: {9B6E932B-A2D6-47F1-AA14-73C659390FEB} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {ABB5E909-9D2C-47F4-9D50-CDE3BB3B99C4} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe
Task: {C921D49D-10A4-4118-A3F9-3CF0397FB61A} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {D0DC9FC0-A8BF-49B3-89FD-EE03766974EF} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-04-12] (Microsoft Corporation)
Task: {DEE673F8-F516-4176-963D-56B3DE107736} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {DF2F5D2A-F185-46FA-9084-4DC72EA2D69D} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-04-12] (Microsoft Corporation)
Task: {EA754882-3285-4AAC-834C-D4D4E2B6A4B4} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe
Task: {F7E02F74-F9B2-404B-9F09-BF7D0D44E431} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe
Task: {FA04D949-46B9-4BC1-A25D-12C4EBBDFDCC} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {FA059BAD-6409-4CF3-AEF4-B1A8C3BFBD8C} - System32\Tasks\{400F534C-CAAB-4BDF-87FF-62FCA9FD66B8} => Chrome.exe
Task: {FDB06D6C-0F7A-4090-8C38-2EE877AAFA29} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Verknüpfungen =============================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)

ShortcutWithArgument: C:\Users\lucted\Desktop\Medion\MEDIONhome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.medion.com/de --disable-quic
ShortcutWithArgument: C:\Users\lucted\Desktop\Medion\MEDIONplay.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.medion.com/de/electronics/cat/MEDIONplay/gaming_browsergames_88 --disable-quic
ShortcutWithArgument: C:\Users\lucted\Desktop\Aldi\ALDI Nord Blumen Service.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www1.aldi-blumenservice.de --disable-quic
ShortcutWithArgument: C:\Users\lucted\Desktop\Aldi\ALDI Nord Reisen.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://nord.aldi-reisen.de/html_nord --disable-quic
ShortcutWithArgument: C:\Users\lucted\Desktop\Aldi\ALDI Nord Startseite.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.aldi-essen.de --disable-quic
ShortcutWithArgument: C:\Users\lucted\Desktop\Aldi\ALDI Talk.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.medionmobile.de --disable-quic

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2015-10-30 09:18 - 2015-10-30 09:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-01-06 13:36 - 2015-07-23 03:10 - 00116552 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-05-29 07:29 - 2015-05-29 07:29 - 02178896 _____ () C:\Windows\System32\FspService.exe
2016-03-18 23:56 - 2016-03-18 23:56 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-03-18 23:56 - 2016-03-18 23:56 - 01329936 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-12-25 20:49 - 2015-10-13 05:34 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2011-08-17 14:26 - 2010-12-14 11:39 - 00244904 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2016-04-13 12:49 - 2016-03-29 12:20 - 02656952 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-04-13 12:49 - 2016-03-29 12:20 - 02656952 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-04-21 08:47 - 2016-04-21 08:48 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2016-01-06 16:43 - 2015-12-07 06:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-05-11 10:25 - 2016-04-23 06:25 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-05-11 10:26 - 2016-04-23 06:02 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-05-11 10:26 - 2016-04-23 05:58 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-05-11 10:26 - 2016-04-23 05:58 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-05-11 10:27 - 2016-04-23 06:01 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-06-01 21:00 - 2015-06-01 21:00 - 00102912 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-07-27 21:45 - 2015-06-10 11:13 - 00113024 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
2010-12-06 13:52 - 2010-12-06 13:52 - 01070080 _____ () C:\Program Files (x86)\watchmi\TvdTray.exe
2010-12-06 13:52 - 2010-12-06 13:52 - 00004608 _____ () C:\Program Files (x86)\watchmi\de\TvdTray.resources.dll
2016-01-06 13:43 - 2016-01-06 13:43 - 00061952 _____ () C:\WINDOWS\assembly\GAC_MSIL\Tvd.Remote\2.5.0.5__f722db7bec59a14b\Tvd.Remote.dll
2015-10-30 09:18 - 2015-10-30 09:18 - 00218456 _____ () c:\windows\system32\WerEtw.dll
2016-04-21 08:47 - 2016-04-21 08:48 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-04-21 08:47 - 2016-04-21 08:48 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2013-07-27 21:45 - 2012-04-30 11:57 - 00039936 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\TMonitorAPI.dll
2013-07-27 21:45 - 2015-10-20 18:44 - 00242176 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\MExplorer.dll
2011-07-07 14:54 - 2011-07-07 14:54 - 00233984 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\Report.dll
2013-05-14 09:38 - 2013-05-14 09:38 - 00607744 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\PhoneUpdate.dll
2010-08-04 00:39 - 2010-08-04 00:39 - 00619816 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
2010-08-04 00:39 - 2010-08-04 00:39 - 00013096 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
2016-01-04 14:02 - 2015-11-18 14:04 - 00074272 _____ () C:\Users\lucted\Mama Strom\Sonja\PDF24\zlib.dll
2016-01-04 14:02 - 2015-11-18 14:04 - 00052256 _____ () C:\Users\lucted\Mama Strom\Sonja\PDF24\OperationUI.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)


==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)


==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)


==================== Hosts Inhalt: ===============================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts


==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-689365640-92009327-2566536619-1000\Control Panel\Desktop\\Wallpaper ->
HKU\S-1-5-21-689365640-92009327-2566536619-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Desktop-Hintergrund.bmp
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)


==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808
FirewallRules: [{C59151D1-7438-4CDC-876A-DB62AD37122E}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [{E7067E1E-E8E1-4432-ABBA-8782D7AB663C}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [{EE6A52BE-2D30-4997-A0D7-A23E594417F3}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{3FCF51C9-F2DB-47AB-8D72-AEC83275C08F}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{32898F3D-8893-43B8-9BFA-0064D4085B27}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{820AEF7B-8D24-46AE-AFA1-6A90FFBE946B}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqfxt08.exe
FirewallRules: [{35320FA6-CBBB-4579-9515-59091B8A7C28}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxs08.exe
FirewallRules: [{5B9439B8-3BA7-4E0B-9983-8A089882248B}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{58F29F08-83AF-4CCD-BDD0-929A86F366D0}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{986D1FD6-5279-4E3D-A63D-C85DC1FE7B1D}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpzwiz01.exe
FirewallRules: [{39E89A1C-E0E7-4F2A-A537-6CF75B0B6F47}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{3FA40793-3956-4AD1-B6D2-03FDCB040C68}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{FA692561-CD09-4CB8-B535-6D45719D3374}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{E7DAA948-9C3F-4104-BC8D-619C8F1D29A3}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposfx08.exe
FirewallRules: [{78A5C2F7-533F-4548-9CE2-E72263131BD9}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxm08.exe
FirewallRules: [{1DAFD66C-B77E-422B-90C1-14DC7ABE36C7}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{669D6B49-D269-423F-AC57-0BB6E1E48C80}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{C9AA2C88-29A5-4104-B366-EFD59E2BD98B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{F614D191-EA5E-449E-9505-C7A3EC2C44F2}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{9C9EC504-17B1-4C47-BB36-FCF5E3D2E86C}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{AF6B72BA-D090-40DF-98EB-F86E0F449231}] => (Allow) LPort=2869
FirewallRules: [{E837ABE2-F877-4178-8B2E-2D30E71331C3}] => (Allow) LPort=1900
FirewallRules: [{78415ED0-ED22-46B5-8CF6-6330A38D9667}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{98730647-519B-40EA-AE33-AA5CB53581C6}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{C5686880-17D2-4944-9F78-78EFE22B0A7C}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
FirewallRules: [{6F384575-BDEB-47D8-A16B-04950A53FF09}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
FirewallRules: [{AEBF5336-40F2-45D9-8748-06C8EAB61AF2}] => (Allow) C:\Program Files (x86)\Intel Corporation\Intel WiDi\WiDiApp.exe
FirewallRules: [{51E9A207-6589-4FC7-9C95-4C2EB8644335}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector\PDR8.EXE
FirewallRules: [{AD026405-E962-4384-B5E3-5E989E8CB3AE}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{64B140A0-8BFF-409B-876B-DB99F0A4B6CC}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{083DB4A0-AF82-4EEF-9414-77E8D4A89D91}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{CA6BC9E5-E136-433B-A373-844BFD421588}] => (Allow) C:\Program Files (x86)\Sony Ericsson\Update Engine\Sony Ericsson Update Engine.exe
FirewallRules: [{73EEFB9D-525E-4777-AEA6-36E5F61E7344}] => (Allow) C:\Program Files (x86)\Sony Ericsson\Update Engine\Sony Ericsson Update Engine.exe
FirewallRules: [{05D77498-21A2-46B7-9385-1DBBD1C342B3}] => (Allow) C:\Users\lucted\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{177BC7C4-05B2-49F0-B9BF-BA9190DCFCBB}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{4D74C715-7AA0-47A7-816E-16C37BC869E5}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{5C10B5C9-42EE-4B9B-A629-699482688139}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{37079CCD-0E6D-4D78-9DFA-613DC7B7BC57}] => (Allow) C:\Users\lucted\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{F544B605-B131-4B1B-9F16-B5B9E1FA50D1}] => (Allow) C:\Users\lucted\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{FBFEAA35-416F-41A8-A8FA-6A7117E66A1B}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Wiederherstellungspunkte =========================

07-06-2016 09:38:05 Geplanter Prüfpunkt

==================== Fehlerhafte Geräte im Gerätemanager =============


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (06/13/2016 08:17:49 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: devmonsrv.exe, Version: 1.1.0.51, Zeitstempel: 0x4d6e5bd3
Name des fehlerhaften Moduls: devmonsrv.exe, Version: 1.1.0.51, Zeitstempel: 0x4d6e5bd3
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00043c86
ID des fehlerhaften Prozesses: 0x1c58
Startzeit der fehlerhaften Anwendung: 0xdevmonsrv.exe0
Pfad der fehlerhaften Anwendung: devmonsrv.exe1
Pfad des fehlerhaften Moduls: devmonsrv.exe2
Berichtskennung: devmonsrv.exe3
Vollständiger Name des fehlerhaften Pakets: devmonsrv.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: devmonsrv.exe5

Error: (06/13/2016 08:17:22 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: devmonsrv.exe, Version: 1.1.0.51, Zeitstempel: 0x4d6e5bd3
Name des fehlerhaften Moduls: devmonsrv.exe, Version: 1.1.0.51, Zeitstempel: 0x4d6e5bd3
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00043c86
ID des fehlerhaften Prozesses: 0x1db0
Startzeit der fehlerhaften Anwendung: 0xdevmonsrv.exe0
Pfad der fehlerhaften Anwendung: devmonsrv.exe1
Pfad des fehlerhaften Moduls: devmonsrv.exe2
Berichtskennung: devmonsrv.exe3
Vollständiger Name des fehlerhaften Pakets: devmonsrv.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: devmonsrv.exe5

Error: (06/13/2016 08:15:16 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: devmonsrv.exe, Version: 1.1.0.51, Zeitstempel: 0x4d6e5bd3
Name des fehlerhaften Moduls: devmonsrv.exe, Version: 1.1.0.51, Zeitstempel: 0x4d6e5bd3
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00043c86
ID des fehlerhaften Prozesses: 0x1b0c
Startzeit der fehlerhaften Anwendung: 0xdevmonsrv.exe0
Pfad der fehlerhaften Anwendung: devmonsrv.exe1
Pfad des fehlerhaften Moduls: devmonsrv.exe2
Berichtskennung: devmonsrv.exe3
Vollständiger Name des fehlerhaften Pakets: devmonsrv.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: devmonsrv.exe5

Error: (06/13/2016 08:15:10 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: devmonsrv.exe, Version: 1.1.0.51, Zeitstempel: 0x4d6e5bd3
Name des fehlerhaften Moduls: devmonsrv.exe, Version: 1.1.0.51, Zeitstempel: 0x4d6e5bd3
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00043c86
ID des fehlerhaften Prozesses: 0x1d78
Startzeit der fehlerhaften Anwendung: 0xdevmonsrv.exe0
Pfad der fehlerhaften Anwendung: devmonsrv.exe1
Pfad des fehlerhaften Moduls: devmonsrv.exe2
Berichtskennung: devmonsrv.exe3
Vollständiger Name des fehlerhaften Pakets: devmonsrv.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: devmonsrv.exe5

Error: (06/13/2016 08:14:39 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: devmonsrv.exe, Version: 1.1.0.51, Zeitstempel: 0x4d6e5bd3
Name des fehlerhaften Moduls: devmonsrv.exe, Version: 1.1.0.51, Zeitstempel: 0x4d6e5bd3
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00043c86
ID des fehlerhaften Prozesses: 0x1d30
Startzeit der fehlerhaften Anwendung: 0xdevmonsrv.exe0
Pfad der fehlerhaften Anwendung: devmonsrv.exe1
Pfad des fehlerhaften Moduls: devmonsrv.exe2
Berichtskennung: devmonsrv.exe3
Vollständiger Name des fehlerhaften Pakets: devmonsrv.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: devmonsrv.exe5

Error: (06/13/2016 08:10:44 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: mediasrv.exe, Version: 1.1.0.51, Zeitstempel: 0x4d6e5b7d
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x7f194cd3
ID des fehlerhaften Prozesses: 0x11dc
Startzeit der fehlerhaften Anwendung: 0xmediasrv.exe0
Pfad der fehlerhaften Anwendung: mediasrv.exe1
Pfad des fehlerhaften Moduls: mediasrv.exe2
Berichtskennung: mediasrv.exe3
Vollständiger Name des fehlerhaften Pakets: mediasrv.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: mediasrv.exe5

Error: (06/13/2016 08:10:43 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: obexsrv.exe, Version: 1.1.0.51, Zeitstempel: 0x4d6e5ab8
Name des fehlerhaften Moduls: obexsrv.exe, Version: 1.1.0.51, Zeitstempel: 0x4d6e5ab8
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0005225c
ID des fehlerhaften Prozesses: 0x38c
Startzeit der fehlerhaften Anwendung: 0xobexsrv.exe0
Pfad der fehlerhaften Anwendung: obexsrv.exe1
Pfad des fehlerhaften Moduls: obexsrv.exe2
Berichtskennung: obexsrv.exe3
Vollständiger Name des fehlerhaften Pakets: obexsrv.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: obexsrv.exe5

Error: (06/13/2016 08:10:38 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: devmonsrv.exe, Version: 1.1.0.51, Zeitstempel: 0x4d6e5bd3
Name des fehlerhaften Moduls: devmonsrv.exe, Version: 1.1.0.51, Zeitstempel: 0x4d6e5bd3
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00043c86
ID des fehlerhaften Prozesses: 0x1668
Startzeit der fehlerhaften Anwendung: 0xdevmonsrv.exe0
Pfad der fehlerhaften Anwendung: devmonsrv.exe1
Pfad des fehlerhaften Moduls: devmonsrv.exe2
Berichtskennung: devmonsrv.exe3
Vollständiger Name des fehlerhaften Pakets: devmonsrv.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: devmonsrv.exe5

Error: (06/13/2016 08:09:24 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: devmonsrv.exe, Version: 1.1.0.51, Zeitstempel: 0x4d6e5bd3
Name des fehlerhaften Moduls: devmonsrv.exe, Version: 1.1.0.51, Zeitstempel: 0x4d6e5bd3
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00043c86
ID des fehlerhaften Prozesses: 0x908
Startzeit der fehlerhaften Anwendung: 0xdevmonsrv.exe0
Pfad der fehlerhaften Anwendung: devmonsrv.exe1
Pfad des fehlerhaften Moduls: devmonsrv.exe2
Berichtskennung: devmonsrv.exe3
Vollständiger Name des fehlerhaften Pakets: devmonsrv.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: devmonsrv.exe5

Error: (06/13/2016 08:09:24 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: obexsrv.exe, Version: 1.1.0.51, Zeitstempel: 0x4d6e5ab8
Name des fehlerhaften Moduls: obexsrv.exe, Version: 1.1.0.51, Zeitstempel: 0x4d6e5ab8
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0005225c
ID des fehlerhaften Prozesses: 0x9c8
Startzeit der fehlerhaften Anwendung: 0xobexsrv.exe0
Pfad der fehlerhaften Anwendung: obexsrv.exe1
Pfad des fehlerhaften Moduls: obexsrv.exe2
Berichtskennung: obexsrv.exe3
Vollständiger Name des fehlerhaften Pakets: obexsrv.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: obexsrv.exe5


Systemfehler:
=============
Error: (06/13/2016 08:17:49 AM) (Source: DCOM) (EventID: 10005) (User: LUCTED-PC)
Description: 1053Bluetooth Device MonitorNicht verfügbar{DABF28BE-F6B4-4E40-8F40-C4FB26F3116C}

Error: (06/13/2016 08:17:49 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Bluetooth Device Monitor" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error: (06/13/2016 08:17:49 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Bluetooth Device Monitor erreicht.

Error: (06/13/2016 08:17:22 AM) (Source: DCOM) (EventID: 10005) (User: LUCTED-PC)
Description: 1053Bluetooth Device MonitorNicht verfügbar{DABF28BE-F6B4-4E40-8F40-C4FB26F3116C}

Error: (06/13/2016 08:17:22 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Bluetooth Device Monitor" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error: (06/13/2016 08:17:22 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Bluetooth Device Monitor erreicht.

Error: (06/13/2016 08:15:16 AM) (Source: DCOM) (EventID: 10005) (User: LUCTED-PC)
Description: 1053Bluetooth Device MonitorNicht verfügbar{DABF28BE-F6B4-4E40-8F40-C4FB26F3116C}

Error: (06/13/2016 08:15:16 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Bluetooth Device Monitor" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error: (06/13/2016 08:15:16 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Bluetooth Device Monitor erreicht.

Error: (06/13/2016 08:15:10 AM) (Source: DCOM) (EventID: 10005) (User: LUCTED-PC)
Description: 1053Bluetooth Device MonitorNicht verfügbar{DABF28BE-F6B4-4E40-8F40-C4FB26F3116C}


CodeIntegrity:
===================================
  Date: 2016-06-12 22:22:49.349
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.

  Date: 2016-06-12 22:20:31.887
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.

  Date: 2016-06-10 22:20:05.287
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.

  Date: 2016-06-10 22:20:05.269
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.

  Date: 2016-06-10 21:59:05.833
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.

  Date: 2016-06-10 21:57:43.550
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.

  Date: 2016-06-10 19:39:25.792
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.

  Date: 2016-06-10 19:38:10.603
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.

  Date: 2016-06-10 19:38:10.594
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.

  Date: 2016-06-09 15:25:16.982
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.


==================== Speicherinformationen ===========================

Prozessor: Intel(R) Core(TM) i3-2330M CPU @ 2.20GHz
Prozentuale Nutzung des RAM: 45%
Installierter physikalischer RAM: 4001.87 MB
Verfügbarer physikalischer RAM: 2194.34 MB
Summe virtueller Speicher: 8097.87 MB
Verfügbarer virtueller Speicher: 6326.55 MB

==================== Laufwerke ================================

Drive c: (Boot) (Fixed) (Total:647.54 GB) (Free:581.33 GB) NTFS
Drive d: (Recover) (Fixed) (Total:48 GB) (Free:22.32 GB) NTFS

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: 2BD2C32A)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=647.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=50 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=1 GB) - (Type=12)

==================== Ende von Addition.txt ============================
Guten Morgen Rafael,
ich bin kein Fachmann ( Fachfrau) auf den Gebiet PC, daher weiss ich auch nicht wie ich eine alte Version von FRST auf den PC bekommen habe. Bitte um Entschuldigung, wenn ich Euch damit mehr Arbeit gemacht habe.
Lg Caro

burningice 13.06.2016 22:25
Bitte um Mithilfe
Hi Caro, dein PC ist mit einer sehr robusten Art von Schadsoftware infiziert und wie du vielleicht schon gemerkt hast, verläuft unsere Bereinigung darum etwas zäh.

Darum bitte ich dich um Mithilfe, um die Tools, die wir hier verwenden, zu verbessern. Dazu tue bitte folgendes:

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
zip:C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1;C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\profiles.ini

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.



https://pbs.twimg.com/profile_images...ild_normal.png Benutzung des TrojanerBoard Upload Kanals:
  • Link zum Upload-Channel.
  • Deaktiviere dein Anti-Viren-Programm.
  • Auf deinem Desktop befindet sich eine Datei mit dem Namen:
    Code:
    Upload.zip
  • Klicke auf der Seite des Upload-Channels auf http://deeprybka.trojaner-board.de/b...upload%203.PNG und wähle die oben genannte Datei aus.
  • Fülle bitte das Formular weiter aus und lade mir die Datei hoch.

Danke für deine Hilfe!

Bitte teile mir mit, ob der Upload geklappt hat!

Schritt: 1
Bitte folge dieser Anleitung, um deinen Firefox zu bereinigen - lösche den "alte-Daten" Ordner auf deinem Desktop bitte noch nicht.
https://support.mozilla.org/de/kb/firefox-bereinigen

Schritt: 2
Bitte folge dieser Anleitung, um deinen Chrome zu bereinigen
https://support.google.com/chrome/answer/3296214?hl=de

Schritt: 3
Bitte starte wieder FRST, setze den Haken bei Addition und drücke auf Untersuchen. Poste bitte wieder die beiden Textdateien, die so entstehen.

Caroblue 14.06.2016 09:04
Schönen guten Morgen, ist ja eine ganze Menge, werde mein bestes geben.☺ Aber wie ist es möglich, trotz Kaspersky sich so ein teil einzufangen?

Beim durchlauf von FRST kommt die Fehlermeldung " ZIP-komprimierte Ordner-Fehler" Datei nicht gefunden oder keine Leseberechtigung.

Lauf wurde aber trotzdem beendet, nach dem ich ok gedrückt habe.

Code:
Entferungsergebnis von Farbar Recovery Scan Tool (x64) Version:13-06-2016
durchgeführt von lucted (2016-06-14 08:10:04) Run:1
Gestartet von C:\Users\lucted\Trojaner-Board#
Geladene Profile: UpdatusUser & lucted (Verfügbare Profile: UpdatusUser & lucted & DefaultAppPool)
Start-Modus: Normal
==============================================

fixlist Inhalt:
*****************
zip:C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1;C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\profiles.ini
*****************

================== Zip: ===================
C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1 -> erfolgreich kopiert zu C:\Users\lucted\Desktop\Upload.zip
"C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\profiles.ini" -> nicht gefunden
=========== Zip: Ende ===========

==== Ende von Fixlog 08:12:51 ====
Habe jetzt folgendes Problem:
Auf der Upload Seite will er ein Link zum Thema im Forum, habe dort mein Thema eingegeben, aber es kommt immer die Meldung, ich soll den link zum thread überprüfen.
Hilfeeeeee was nun?

da ich dir nur ein Feedback geben sollte, oder der Upload funktioniert hat, habe ich die anderen 3 Schritte schon mal weiter gemacht.

Code:
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:13-06-2016
durchgeführt von lucted (Administrator) auf LUCTED-PC (14-06-2016 08:48:29)
Gestartet von C:\Users\lucted\Trojaner-Board#
Geladene Profile: UpdatusUser & lucted (Verfügbare Profile: UpdatusUser & lucted & DefaultAppPool)
Platform: Windows 10 Home Version 1511 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: Edge)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
() C:\Windows\System32\FspService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
(Sony) C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
() C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
(Wistron) C:\Program Files (x86)\Launch Manager\HotkeyApp.exe
(Wistron Corp.) C:\Program Files (x86)\Launch Manager\OSD.exe
(Wistron Corp.) C:\Program Files (x86)\Launch Manager\WButton.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Wistron Corp.) C:\Program Files (x86)\Launch Manager\WisLMSvc.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Geek Software GmbH) C:\Users\lucted\Mama Strom\Sonja\PDF24\pdf24.exe
() C:\Program Files (x86)\watchmi\TvdTray.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\NetworkUXBroker.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Nicht auf der Ausnahmeliste) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [fspuip] => C:\Program Files\FSP\fspuip.exe [6319440 2015-05-29] (Sentelic Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12661352 2011-08-01] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2264168 2011-07-13] (Realtek Semiconductor)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
HKLM-x32\...\Run: [HotkeyApp] => C:\Program Files (x86)\Launch Manager\HotkeyApp.exe [207400 2011-08-06] (Wistron)
HKLM-x32\...\Run: [LMgrVolOSD] => C:\Program Files (x86)\Launch Manager\OSD.exe [348960 2011-08-06] (Wistron Corp.)
HKLM-x32\...\Run: [LMgrOSD] => "C:\Program Files (x86)\Launch Manager\OSDCtrl.exe"
HKLM-x32\...\Run: [Wbutton] => C:\Program Files (x86)\Launch Manager\Wbutton.exe [447016 2011-08-13] (Wistron Corp.)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [107816 2010-08-04] (CyberLink)
HKLM-x32\...\Run: [Dolby Advanced Audio v2] => C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe [506712 2011-02-03] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67384 2016-03-18] (Apple Inc.)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [310280 2012-12-20] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [PDFPrint] => C:\Users\lucted\Mama Strom\Sonja\PDF24\pdf24.exe [221216 2015-11-18] (Geek Software GmbH)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-689365640-92009327-2566536619-1000\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [517632 2015-10-30] (Microsoft Corporation)
HKU\S-1-5-21-689365640-92009327-2566536619-1001\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-12-18] (Google Inc.)
HKU\S-1-5-21-689365640-92009327-2566536619-1001\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1476104 2012-12-20] (Samsung)
HKU\S-1-5-21-689365640-92009327-2566536619-1001\...\Run: [] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844296 2012-12-20] (Samsung)
HKU\S-1-5-21-689365640-92009327-2566536619-1001\...\Run: [Sony PC Companion] => C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe [457088 2015-09-23] (Sony)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [176904 2015-07-23] (NVIDIA Corporation)
AppInit_DLLs: ,C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [176904 2015-07-23] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [155280 2015-07-23] (NVIDIA Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\lucted\AppData\Local\Microsoft\OneDrive\17.3.5892.0626_1\amd64\FileSyncShell64.dll [2016-01-06] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\lucted\AppData\Local\Microsoft\OneDrive\17.3.5892.0626_1\amd64\FileSyncShell64.dll [2016-01-06] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\lucted\AppData\Local\Microsoft\OneDrive\17.3.5892.0626_1\amd64\FileSyncShell64.dll [2016-01-06] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\lucted\AppData\Local\Microsoft\OneDrive\17.3.5892.0626_1\FileSyncShell.dll [2016-01-06] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\lucted\AppData\Local\Microsoft\OneDrive\17.3.5892.0626_1\FileSyncShell.dll [2016-01-06] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\lucted\AppData\Local\Microsoft\OneDrive\17.3.5892.0626_1\FileSyncShell.dll [2016-01-06] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2015-12-28]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\watchmi tray.lnk [2010-12-02]
ShortcutTarget: watchmi tray.lnk -> C:\Windows\Installer\{AA4D1C5E-116A-4FF4-AA91-28F526868203}\SHCT_TRAY_PROGRAMG_A10D8603999C4E9488776EF2533C58C9.exe (Acresso Software Inc.)

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1
Tcpip\Parameters: [NameServer] 82.163.142.7 95.211.158.134
Tcpip\..\Interfaces\{03825670-e143-4a1c-9d66-6b83c604caab}: [DhcpNameServer] 192.168.2.1 192.168.2.1
Tcpip\..\Interfaces\{5327d1c1-1dac-4479-9385-c34c11de559b}: [DhcpNameServer] 82.163.142.7

Internet Explorer:
==================
HKU\S-1-5-21-689365640-92009327-2566536619-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com
SearchScopes: HKLM -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKLM -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKLM-x32 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKLM-x32 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-689365640-92009327-2566536619-1001 -> {4BB7C960-1C70-484C-B979-2CCADBE00A6F} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2016-04-12] (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-27] (Google Inc.)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-04-12] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll [2014-12-12] (Oracle Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-27] (Google Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-12-12] (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-27] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-27] (Google Inc.)
Toolbar: HKU\S-1-5-21-689365640-92009327-2566536619-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-27] (Google Inc.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\8hxidemf.default
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_21_0_0_242.dll [2016-05-13] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_242.dll [2016-05-13] ()
FF Plugin-x32: @java.com/DTPlugin,version=10.9.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2012-11-24] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-12-12] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-12-27] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-14] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-14] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2011-07-25] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2011-07-25] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin HKU\S-1-5-21-689365640-92009327-2566536619-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\lucted\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2013-06-06] (Unity Technologies ApS)
FF user.js: detected! => C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\8hxidemf.default\user.js [2016-06-08]
FF SearchPlugin: C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\8hxidemf.default\searchplugins\englische-ergebnisse.xml [2013-03-22]
FF SearchPlugin: C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\8hxidemf.default\searchplugins\gmx-suche.xml [2013-03-22]
FF SearchPlugin: C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\8hxidemf.default\searchplugins\lastminute.xml [2013-03-22]
FF SearchPlugin: C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\8hxidemf.default\searchplugins\webde-suche.xml [2013-03-22]
FF Extension: WEB.DE MailCheck - C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\8hxidemf.default\extensions\browser-mailcheck@web.de [2016-03-26]
FF Extension: Kein Name - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\FFExt\light_plugin_firefox [nicht gefunden]
FF Extension: WEB.DE MailCheck - C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\9c59swmb.default-1465886105769\Extensions\toolbar@web.de [2016-06-14] [ist nicht signiert]
FF Extension: Anti-Banner - C:\Program Files (x86)\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak2 [2016-03-19] [ist nicht signiert]
FF Extension: Modul zur Link-Untersuchung - C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak2 [2016-03-19] [ist nicht signiert]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2016-03-19] [ist nicht signiert]
FF HKLM-x32\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru => nicht gefunden
FF HKLM-x32\...\Firefox\Extensions: [arthurj8283@gmail.com] - C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\extensions\arthurj8283@gmail.com => nicht gefunden

Chrome:
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.84\gcswf32.dll => Keine Datei
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll => Keine Datei
CHR Plugin: (Java Deployment Toolkit 6.0.260.3) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll => Keine Datei
CHR Plugin: (Java(TM) Platform SE 6 U26) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll => Keine Datei
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll => Keine Datei
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll => Keine Datei
CHR Plugin: (Chrome NaCl) - C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.84\ppGoogleNaClPluginChrome.dll => Keine Datei
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.84\pdf.dll => Keine Datei
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll => Keine Datei
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Profile: C:\Users\lucted\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\lucted\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-21]

==================== Dienste (Nicht auf der Ausnahmeliste) ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3009264 2016-05-17] (Microsoft Corporation)
R2 FspSvc; C:\Windows\System32\FspService.exe [2178896 2015-05-29] ()
S2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [Datei ist nicht signiert]
S2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [Datei ist nicht signiert]
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2010-12-14] () [Datei ist nicht signiert]
S2 watchmi; C:\Program Files (x86)\watchmi\TvdService.exe [62464 2010-12-06] () [Datei ist nicht signiert]
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
R3 WisLMSvc; C:\Program Files (x86)\Launch Manager\WisLMSvc.exe [118560 2011-08-06] (Wistron Corp.)

===================== Treiber (Nicht auf der Ausnahmeliste) ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)
R3 fspad_win764; C:\Windows\system32\DRIVERS\fspad_win764.sys [209232 2015-05-29] (Sentelic Corporation)
S3 IT9135BDA; C:\Windows\System32\Drivers\IT9135BDA.sys [165504 2011-08-10] (ITE                      )
S3 mod7764; C:\Windows\System32\DRIVERS\mod77-64.sys [1077416 2010-09-16] (DiBcom SA)
R3 RTSUER; C:\Windows\system32\Drivers\RtsUer.sys [402960 2015-05-14] (Realsil Semiconductor Corporation)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
U3 idsvc; kein ImagePath

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-06-14 08:35 - 2016-06-14 08:35 - 00000000 ____D C:\Users\lucted\Desktop\Alte Firefox-Daten
2016-06-14 08:10 - 2016-06-14 08:10 - 09022355 _____ C:\Users\lucted\Desktop\Upload.zip
2016-06-14 08:08 - 2016-06-14 08:08 - 00000000 ____D C:\Users\lucted\Downloads\FRST-OlderVersion
2016-06-13 08:20 - 2016-06-13 08:21 - 00052836 _____ C:\Users\lucted\Downloads\Addition.txt
2016-06-13 08:19 - 2016-06-13 08:21 - 00030736 _____ C:\Users\lucted\Downloads\FRST.txt
2016-06-13 08:18 - 2016-06-14 08:48 - 00000000 ____D C:\FRST
2016-06-13 08:17 - 2016-06-14 08:09 - 00001407 _____ C:\Users\lucted\Desktop\FRST64.exe - Verknüpfung.lnk
2016-06-13 08:04 - 2016-06-13 08:04 - 00001612 _____ C:\Users\lucted\Desktop\AdwCleaner_5.119.exe - Verknüpfung.lnk
2016-06-12 22:41 - 2016-06-12 22:41 - 12819016 _____ (Kaspersky Lab ZAO) C:\Users\lucted\Downloads\kavremvr.exe
2016-06-08 08:39 - 2016-06-13 08:07 - 00000000 ____D C:\AdwCleaner
2016-06-08 07:53 - 2016-06-08 14:18 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-06-08 07:52 - 2016-06-08 07:52 - 00000919 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-06-08 07:52 - 2016-06-08 07:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-06-08 07:52 - 2016-06-08 07:52 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-06-08 07:52 - 2016-06-08 07:52 - 00000000 ____D C:\Benutzer
2016-06-08 07:52 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-06-08 07:52 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-06-08 07:52 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-06-08 07:49 - 2016-06-08 07:49 - 00001653 _____ C:\Users\lucted\Desktop\mbam-setup-2.2.1.1043.exe - Verknüpfung.lnk
2016-06-07 14:48 - 2016-06-07 14:48 - 00000000 ____D C:\TDSSKiller_Quarantine
2016-06-07 14:37 - 2016-06-07 15:03 - 00822490 _____ C:\TDSSKiller.3.1.0.9_07.06.2016_14.37.08_log.txt
2016-06-07 12:27 - 2016-06-14 08:48 - 00000000 ____D C:\Users\lucted\Trojaner-Board#
2016-06-07 10:41 - 2016-06-07 10:42 - 162961416 _____ (Kaspersky Lab) C:\Users\lucted\Downloads\kts16.0.0.614abcdde_9994(1).exe
2016-06-06 22:44 - 2016-06-06 23:00 - 00000000 ____D C:\KVRT_Data
2016-06-06 22:43 - 2016-06-06 22:43 - 94947664 _____ (Kaspersky Lab ZAO) C:\Users\lucted\Downloads\KVRT (3).exe
2016-06-06 22:40 - 2016-06-06 22:40 - 94947664 _____ (Kaspersky Lab ZAO) C:\Users\lucted\Downloads\KVRT (2).exe
2016-06-06 22:39 - 2016-06-06 22:44 - 94947664 _____ (Kaspersky Lab ZAO) C:\Users\lucted\Downloads\KVRT.exe
2016-06-06 22:39 - 2016-06-06 22:40 - 94947664 _____ (Kaspersky Lab ZAO) C:\Users\lucted\Downloads\KVRT (1).exe
2016-06-06 22:30 - 2016-06-06 22:33 - 162961416 _____ (Kaspersky Lab) C:\Users\lucted\Downloads\kts16.0.0.614abcdde_9994.exe
2016-06-06 22:17 - 2016-06-06 22:27 - 00000000 ____D C:\WINDOWS\Minidump
2016-05-27 10:29 - 2016-05-27 10:29 - 00000000 _____ C:\Users\Public\Documents\report.dat
2016-05-22 19:17 - 2016-05-22 19:17 - 00004336 _____ C:\Users\lucted\Downloads\MitteilungForm(1).pdf
2016-05-22 19:12 - 2016-05-22 19:12 - 00004394 _____ C:\Users\lucted\Downloads\MitteilungForm.pdf
2016-05-20 17:10 - 2016-05-20 17:10 - 00036153 _____ C:\Users\lucted\Downloads\Kontoumsaetze_848_031412000_20160520_171027.pdf

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-06-14 08:46 - 2012-12-05 19:45 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-06-14 08:41 - 2011-12-18 00:08 - 00001138 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-06-14 08:04 - 2015-12-28 14:36 - 00004156 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{845ECAD7-6284-46CB-831F-F26619A16307}
2016-06-14 08:01 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-06-13 08:10 - 2011-12-18 00:08 - 00001134 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-06-13 08:09 - 2016-01-06 14:04 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-06-13 08:09 - 2016-01-06 13:36 - 00000000 ____D C:\ProgramData\NVIDIA
2016-06-13 08:08 - 2015-10-30 08:28 - 00786432 ___SH C:\WINDOWS\system32\config\BBI
2016-06-12 22:44 - 2015-10-30 09:24 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2016-06-12 22:44 - 2012-01-19 23:47 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2016-06-12 22:43 - 2015-10-30 09:21 - 00000000 ____D C:\WINDOWS\INF
2016-06-12 22:43 - 2015-10-30 08:28 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2016-06-12 22:41 - 2015-10-30 09:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-06-12 22:28 - 2016-03-21 17:07 - 00000000 ____D C:\Users\lucted\AppData\LocalLow\Temp
2016-06-10 19:35 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-06-08 09:17 - 2016-04-21 13:26 - 00000000 ____D C:\WINDOWS\system32\log
2016-06-08 09:17 - 2016-03-26 10:41 - 00000008 __RSH C:\ProgramData\ntuser.pol
2016-06-08 07:47 - 2011-12-18 00:08 - 00002298 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-06-08 07:47 - 2011-12-18 00:08 - 00002286 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-06-07 12:27 - 2016-01-06 13:40 - 00000000 ____D C:\Users\lucted
2016-06-06 22:17 - 2014-05-17 20:56 - 597610651 _____ C:\WINDOWS\MEMORY.DMP
2016-05-27 12:34 - 2016-04-21 13:26 - 00002179 _____ C:\Users\lucted\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-05-27 09:49 - 2015-10-30 09:24 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-05-27 09:48 - 2014-12-24 15:23 - 00000000 ____D C:\Program Files\Microsoft Office 15
2016-05-24 18:41 - 2015-12-30 14:28 - 00000000 ____D C:\Users\lucted\Documents\Carola DAK
2016-05-20 18:35 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\rescache
2016-05-20 17:20 - 2015-10-30 09:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-05-19 07:26 - 2015-09-10 07:37 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-05-15 14:14 - 2015-10-30 20:44 - 00000000 ____D C:\Program Files\Windows Journal
2016-05-15 14:14 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-05-15 14:14 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-05-15 14:14 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\Provisioning
2016-05-15 14:14 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-05-15 14:13 - 2015-10-30 09:24 - 00015703 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
2016-05-15 11:54 - 2013-07-14 22:06 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-05-15 11:31 - 2011-08-10 17:28 - 139319312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2012-03-18 21:30 - 2012-03-18 21:30 - 0017408 _____ () C:\Users\lucted\AppData\Local\WebpageIcons.db
2015-12-28 14:29 - 2016-03-30 18:12 - 0002385 _____ () C:\ProgramData\hpzinstall.log

Einige Dateien in TEMP:
====================
C:\Users\lucted\AppData\Local\Temp\libeay32.dll
C:\Users\lucted\AppData\Local\Temp\msvcr120.dll
C:\Users\lucted\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert


LastRegBack: 2016-06-06 20:32

==================== Ende von FRST.txt ============================
Code:
Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:13-06-2016
durchgeführt von lucted (2016-06-14 08:49:22)
Gestartet von C:\Users\lucted\Trojaner-Board#
Windows 10 Home Version 1511 (X64) (2016-01-06 12:10:54)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-689365640-92009327-2566536619-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-689365640-92009327-2566536619-503 - Limited - Disabled)
Gast (S-1-5-21-689365640-92009327-2566536619-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-689365640-92009327-2566536619-1005 - Limited - Enabled)
lucted (S-1-5-21-689365640-92009327-2566536619-1001 - Administrator - Enabled) => C:\Users\lucted
UpdatusUser (S-1-5-21-689365640-92009327-2566536619-1000 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

4500_Help (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.7.1.19610 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.242 - Adobe Systems Incorporated)
AMI VR-pulse OS Switcher (HKLM\...\{69A90894-D54A-4657-8172-6B0FCE93414E}) (Version: 1.2 - American Megatrends Inc.)
Apple Application Support (32-Bit) (HKLM-x32\...\{FE5C2FAA-118D-4509-B51D-3F71CC9E1B3E}) (Version: 4.3 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{2937FD88-C9D6-4B82-B539-37CD0A572F42}) (Version: 4.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Ashampoo Burning Studio (HKLM-x32\...\Ashampoo Burning Studio_is1) (Version: 10.0.10 - Ashampoo GmbH & Co. KG)
Ashampoo Photo Commander (HKLM-x32\...\Ashampoo Photo Commander_is1) (Version: 9.2.0 - Ashampoo GmbH & Co. KG)
Ashampoo Photo Optimizer (HKLM-x32\...\Ashampoo Photo Optimizer_is1) (Version: 4.0.0 - Ashampoo GmbH & Co. KG)
Ashampoo Snap (HKLM-x32\...\Ashampoo Snap_is1) (Version: 4.3.0 - Ashampoo GmbH & Co. KG)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.39 - Atheros Communications Inc.)
bpd_scan (x32 Version: 3.00.0000 - Hewlett-Packard) Hidden
BPDSoftware (x32 Version: 140.0.001.000 - Hewlett-Packard) Hidden
BPDSoftware_Ini (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
BufferChm (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
Control ActiveX de Windows Live Mesh para conexiones remotas (HKLM-x32\...\{04668DF2-D32F-4555-9C7E-35523DCD6544}) (Version: 15.4.5722.2 - Microsoft Corporation)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation)
Corel Graphics - Windows Shell Extension (HKLM-x32\...\_{B6BFCD02-BA0E-41A9-9C9C-6624C4BB475F}) (Version: 15.2.0.686 - Corel Corporation)
Corel Graphics - Windows Shell Extension (x32 Version: 15.2.686 - Corel Corporation) Hidden
Corel Graphics - Windows Shell Extension 64 Bit (Version: 15.2.686 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Common (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Connect (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Custom Data (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - DE (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Draw (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - EN (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - ES (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Extra Content (HKLM-x32\...\_{5A10CFDA-FA2B-453C-B561-AE864E62EAC8}) (Version:  - Corel Corporation)
CorelDRAW Essentials X5 - Extra Content (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Filters (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - FR (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - IPM (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - IT (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - PHOTO-PAINT (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Redist (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Setup Files (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - WT (x32 Version: 15.3 -  Corel Corporation) Hidden
CorelDRAW Essentials X5 (HKLM-x32\...\_{EDBEBF07-F880-48FB-9AA5-0E8E71E02D83}) (Version: 15.2.0.686 - Corel Corporation)
CorelDRAW Essentials X5 (x32 Version: 15.3 - Corel Corporation) Hidden
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3624 - CyberLink Corp.)
CyberLink MediaEspresso (HKLM-x32\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 6.5.1508_36229 - CyberLink Corp.)
CyberLink MediaShow (HKLM-x32\...\InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}) (Version: 5.1.2414 - CyberLink Corp.)
CyberLink PhotoNow (HKLM-x32\...\InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.0.6904 - CyberLink Corp.)
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 7.0.0.1327 - CyberLink Corp.)
CyberLink PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.4020 - CyberLink Corp.)
CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.2930.52 - CyberLink Corp.)
CyberLink PowerDVD Copy (HKLM-x32\...\InstallShield_{E3D04529-6EDB-11D8-A372-0050BAE317E1}) (Version: 1.5.1306 - CyberLink Corp.)
CyberLink PowerProducer (HKLM-x32\...\InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}) (Version: 5.0.2.3503 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.1.4013 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Destinations (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
DocProc (x32 Version: 140.0.185.000 - Hewlett-Packard) Hidden
Dolby Advanced Audio v2 (HKLM-x32\...\{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}) (Version: 7.2.7000.4 - Dolby Laboratories Inc)
Dropbox (HKU\S-1-5-21-689365640-92009327-2566536619-1001\...\Dropbox) (Version: 3.0.5 - Dropbox, Inc.)
Fax (x32 Version: 140.0.307.000 - Hewlett-Packard) Hidden
Finger Sensing Pad Driver (HKLM\...\{E86906FF-C63D-4EAF-ACE7-5F8D55FBEA9A}) (Version: 9.4.9.5 - Sentelic)
Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsługę połączeń zdalnych (HKLM-x32\...\{B04A0E2F-1E4C-4E61-B18E-3B2BD6779CA7}) (Version: 15.4.5722.2 - Microsoft Corporation)
Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 51.0.2704.84 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7619.1252 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Officejet J4500 Series 14.0 Rel. 6 (HKLM\...\{EACF146B-01D2-4185-B773-9604A0E5902A}) (Version: 14.0 - HP)
HPSSupply (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
Intel PROSet Wireless (x32 Version:  - ) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2462 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{006B5C65-3938-4246-B182-994A7E415EDE}) (Version: 1.1.0.0537 - Intel Corporation)
Intel(R) WiDi (HKLM-x32\...\{781A93CD-1608-427D-B7F0-D05C07795B25}) (Version: 2.1.41.0 - Intel Corporation)
Intel(R) Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version:  - )
IT9130 Driver v11.4.26.1 (HKLM-x32\...\IT9130 DriverInstaller_11.4.26.1) (Version:  - )
J4500 (x32 Version: 140.0.001.000 - Hewlett-Packard) Hidden
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kontrolnik Windows Live Mesh ActiveX za oddaljene povezave (HKLM-x32\...\{CA227A9D-09BE-4BFB-9764-48FED2DA5454}) (Version: 15.4.5722.2 - Microsoft Corporation)
Launch Manager (HKLM-x32\...\{D0846526-66DD-4DC9-A02C-98F9A2806812}) (Version: 1.5.1.4 - Wistron Corp.)
Malwarebytes Anti-Malware Version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
MarketResearch (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Medion Home Cinema (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 8.0.2608 - CyberLink Corp.)
Medion Home Cinema (x32 Version: 8.0.2608 - CyberLink Corp.) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft Mathematics (64-Bit) (HKLM\...\{E57B7E0A-8BE5-42E2-BE60-C07ED680A063}) (Version: 4.0 - Microsoft Corporation)
Microsoft Office Professional 2013 - de-de (HKLM\...\ProfessionalRetail - de-de) (Version: 15.0.4823.1004 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 45.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 45.0.1 (x86 de)) (Version: 45.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 45.0.1.5918 - Mozilla)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NVIDIA 3D Vision Driver 269.24 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 269.24 - NVIDIA Corporation)
NVIDIA Graphics Driver 269.24 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 269.24 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}) (Version: 9.10.0513 - NVIDIA Corporation)
OCR Software by I.R.I.S. 14.0 (HKLM\...\HPOCR) (Version: 14.0 - HP)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4823.1004 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4823.1004 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4823.1004 - Microsoft Corporation) Hidden
PDF24 Creator 7.4.1 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Pošta Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
ProductContext (x32 Version: 140.0.001.000 - Hewlett-Packard) Hidden
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6428 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Reader Driver (HKLM-x32\...\{62BBB2F0-E220-4821-A564-730807D2C34D}) (Version: 6.1.7600.10010 - Realtek Semiconductor Corp.)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.5.1.12123_2 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.5.1.12123_2 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.16.0 - SAMSUNG Electronics Co., Ltd.)
Scan (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
Sony Ericsson Update Engine (HKLM-x32\...\Update Engine) (Version: 2.13.8.201307151333 - Sony Ericsson Communications AB)
Sony PC Companion 2.10.303 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.303 - Sony)
Spelling Dictionaries Support For Adobe Reader X (HKLM-x32\...\{AC76BA86-7AD7-5464-3428-A00000000004}) (Version: 10.0.0 - Adobe Systems Incorporated)
Status (x32 Version: 140.0.342.000 - Hewlett-Packard) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.1.12.0 - Synaptics Incorporated)
Telekom Fotoservice (HKLM-x32\...\Telekom Fotoservice) (Version:  - )
TI USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{B1EB7FFF-6E44-43D8-869D-B78E44CD3E0F}) (Version: 1.12.14.0 - Texas Instruments Inc.)
TI USB3 Host Driver (x32 Version: 1.12.14.0 - Texas Instruments Inc.) Hidden
TomTom HOME (HKLM-x32\...\{5DCB2EB3-87AD-426E-8D74-8B92C9D731C4}) (Version: 2.9.8 - Ihr Firmenname)
TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
T-Online 6.0 (HKLM-x32\...\{B1275E23-717A-4D52-997A-1AD1E24BC7F3}) (Version:  - )
T-Online WLAN-Access Finder (HKLM-x32\...\{295C31E5-3F91-498E-9623-DA24D2FA2B6A}) (Version:  - )
Toolbox (x32 Version: 140.0.596.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
Unity Web Player (HKU\S-1-5-21-689365640-92009327-2566536619-1001\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
VR-pulse Installer (HKLM\...\{E3725525-DE3E-48C1-9B81-D5FF1BFA23BC}) (Version: 1.4.0 - American Megatrends Inc.)
watchmi (HKLM-x32\...\{AA4D1C5E-116A-4FF4-AA91-28F526868203}) (Version: 2.5.0 - Axel Springer Digital TV Guide GmbH)
WebReg (x32 Version: 140.0.297.017 - Hewlett-Packard) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen (HKLM-x32\...\{C32CE55C-12BA-4951-8797-0967FDEF556F}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX-objekt til fjernforbindelser (HKLM-x32\...\{57220148-3B2B-412A-A2E0-82B9DF423696}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX-vezérlő távoli kapcsolatokhoz (HKLM-x32\...\{6E29C4F7-C2C2-4B18-A15C-E09B92065F15}) (Version: 15.4.5722.2 - Microsoft Corporation)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

CustomCLSID: HKU\S-1-5-21-689365640-92009327-2566536619-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\lucted\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-689365640-92009327-2566536619-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\lucted\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-689365640-92009327-2566536619-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\lucted\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-689365640-92009327-2566536619-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\lucted\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-689365640-92009327-2566536619-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\lucted\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-689365640-92009327-2566536619-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\lucted\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-689365640-92009327-2566536619-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\lucted\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-689365640-92009327-2566536619-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\lucted\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-689365640-92009327-2566536619-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\lucted\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {04BCB11B-17F1-4955-9C00-69977B36C809} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe
Task: {117783BD-65A6-4DC1-9E57-4D81CD732B70} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe
Task: {197BFA21-9421-417A-A970-70146ABD8F06} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe
Task: {2175C1B2-482A-4A54-BB55-0CDD42FCACD7} - System32\Tasks\{F1346FE0-48B9-405C-B428-32C2807A08ED} => Chrome.exe
Task: {282EB8E8-1E85-4C65-8674-346BAA7E4F34} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {2B86DFC6-EB5D-4BD8-8398-CA427629B14B} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe
Task: {44B93389-5249-4E2B-A9B5-3D65E2BFAC17} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe
Task: {471E3170-56D4-4523-86A6-1464157ACD0A} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {5057AEF1-568D-4FBC-AC9E-4A78E653BFA6} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe
Task: {62A99E50-A0D9-4911-8AF5-1C78217849C2} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe
Task: {62F1DEF1-2EE7-46AC-9183-887B0B9A4311} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe
Task: {63C3E556-7059-4370-9A2A-470323E2C382} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe
Task: {670DEE14-CBDC-42E9-91D0-0552EE63E821} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {6A11C2BB-548A-4972-B321-955CC4F3952E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-04] (Google Inc.)
Task: {6D585D27-5627-4974-BE14-99479A641455} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {6E491ED6-FE8B-4B32-BF70-135C535CF8BE} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
Task: {79523EC8-DECC-43B3-AA31-7B484566FFEF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-04] (Google Inc.)
Task: {7B995869-C825-446D-8392-BEB8EAD525B3} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-05-13] (Adobe Systems Incorporated)
Task: {8C3D5683-CCAD-40F5-9375-5E6E1C5DDD73} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-05-15] (Microsoft Corporation)
Task: {962D96D8-D3AC-4B8E-98AE-A1E01A0E23A9} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe
Task: {980027FC-1320-46C9-8285-64016C8A1EDC} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe
Task: {9B6E932B-A2D6-47F1-AA14-73C659390FEB} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {ABB5E909-9D2C-47F4-9D50-CDE3BB3B99C4} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe
Task: {C921D49D-10A4-4118-A3F9-3CF0397FB61A} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {D0DC9FC0-A8BF-49B3-89FD-EE03766974EF} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-04-12] (Microsoft Corporation)
Task: {DEE673F8-F516-4176-963D-56B3DE107736} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {DF2F5D2A-F185-46FA-9084-4DC72EA2D69D} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-04-12] (Microsoft Corporation)
Task: {EA754882-3285-4AAC-834C-D4D4E2B6A4B4} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe
Task: {F7E02F74-F9B2-404B-9F09-BF7D0D44E431} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe
Task: {FA04D949-46B9-4BC1-A25D-12C4EBBDFDCC} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {FA059BAD-6409-4CF3-AEF4-B1A8C3BFBD8C} - System32\Tasks\{400F534C-CAAB-4BDF-87FF-62FCA9FD66B8} => Chrome.exe
Task: {FDB06D6C-0F7A-4090-8C38-2EE877AAFA29} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Verknüpfungen =============================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)

ShortcutWithArgument: C:\Users\lucted\Desktop\Medion\MEDIONhome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.medion.com/de --disable-quic
ShortcutWithArgument: C:\Users\lucted\Desktop\Medion\MEDIONplay.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.medion.com/de/electronics/cat/MEDIONplay/gaming_browsergames_88 --disable-quic
ShortcutWithArgument: C:\Users\lucted\Desktop\Aldi\ALDI Nord Blumen Service.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www1.aldi-blumenservice.de --disable-quic
ShortcutWithArgument: C:\Users\lucted\Desktop\Aldi\ALDI Nord Reisen.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://nord.aldi-reisen.de/html_nord --disable-quic
ShortcutWithArgument: C:\Users\lucted\Desktop\Aldi\ALDI Nord Startseite.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.aldi-essen.de --disable-quic
ShortcutWithArgument: C:\Users\lucted\Desktop\Aldi\ALDI Talk.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.medionmobile.de --disable-quic

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2015-10-30 09:18 - 2015-10-30 09:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-01-06 13:36 - 2015-07-23 03:10 - 00116552 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-05-29 07:29 - 2015-05-29 07:29 - 02178896 _____ () C:\Windows\System32\FspService.exe
2016-03-18 23:56 - 2016-03-18 23:56 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-03-18 23:56 - 2016-03-18 23:56 - 01329936 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-12-25 20:49 - 2015-10-13 05:34 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2011-08-17 14:26 - 2010-12-14 11:39 - 00244904 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2016-04-13 12:49 - 2016-03-29 12:20 - 02656952 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-04-13 12:49 - 2016-03-29 12:20 - 02656952 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-04-21 08:47 - 2016-04-21 08:48 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2016-01-06 16:43 - 2015-12-07 06:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-05-11 10:25 - 2016-04-23 06:25 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-05-11 10:26 - 2016-04-23 06:02 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-05-11 10:26 - 2016-04-23 05:58 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-05-11 10:26 - 2016-04-23 05:58 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-05-11 10:27 - 2016-04-23 06:01 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-06-01 21:00 - 2015-06-01 21:00 - 00102912 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-07-27 21:45 - 2015-06-10 11:13 - 00113024 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
2010-12-06 13:52 - 2010-12-06 13:52 - 01070080 _____ () C:\Program Files (x86)\watchmi\TvdTray.exe
2010-12-06 13:52 - 2010-12-06 13:52 - 00004608 _____ () C:\Program Files (x86)\watchmi\de\TvdTray.resources.dll
2016-01-06 13:43 - 2016-01-06 13:43 - 00061952 _____ () C:\WINDOWS\assembly\GAC_MSIL\Tvd.Remote\2.5.0.5__f722db7bec59a14b\Tvd.Remote.dll
2016-04-21 08:47 - 2016-04-21 08:48 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-04-21 08:47 - 2016-04-21 08:48 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2013-07-27 21:45 - 2012-04-30 11:57 - 00039936 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\TMonitorAPI.dll
2013-07-27 21:45 - 2015-10-20 18:44 - 00242176 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\MExplorer.dll
2011-07-07 14:54 - 2011-07-07 14:54 - 00233984 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\Report.dll
2013-05-14 09:38 - 2013-05-14 09:38 - 00607744 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\PhoneUpdate.dll
2010-08-04 00:39 - 2010-08-04 00:39 - 00619816 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
2010-08-04 00:39 - 2010-08-04 00:39 - 00013096 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
2016-01-04 14:02 - 2015-11-18 14:04 - 00074272 _____ () C:\Users\lucted\Mama Strom\Sonja\PDF24\zlib.dll
2016-01-04 14:02 - 2015-11-18 14:04 - 00052256 _____ () C:\Users\lucted\Mama Strom\Sonja\PDF24\OperationUI.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)


==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)


==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)


==================== Hosts Inhalt: ===============================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts


==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-689365640-92009327-2566536619-1000\Control Panel\Desktop\\Wallpaper ->
HKU\S-1-5-21-689365640-92009327-2566536619-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Desktop-Hintergrund.bmp
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)


==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808
FirewallRules: [{C59151D1-7438-4CDC-876A-DB62AD37122E}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [{E7067E1E-E8E1-4432-ABBA-8782D7AB663C}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [{EE6A52BE-2D30-4997-A0D7-A23E594417F3}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{3FCF51C9-F2DB-47AB-8D72-AEC83275C08F}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{32898F3D-8893-43B8-9BFA-0064D4085B27}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{820AEF7B-8D24-46AE-AFA1-6A90FFBE946B}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqfxt08.exe
FirewallRules: [{35320FA6-CBBB-4579-9515-59091B8A7C28}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxs08.exe
FirewallRules: [{5B9439B8-3BA7-4E0B-9983-8A089882248B}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{58F29F08-83AF-4CCD-BDD0-929A86F366D0}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{986D1FD6-5279-4E3D-A63D-C85DC1FE7B1D}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpzwiz01.exe
FirewallRules: [{39E89A1C-E0E7-4F2A-A537-6CF75B0B6F47}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{3FA40793-3956-4AD1-B6D2-03FDCB040C68}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{FA692561-CD09-4CB8-B535-6D45719D3374}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{E7DAA948-9C3F-4104-BC8D-619C8F1D29A3}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposfx08.exe
FirewallRules: [{78A5C2F7-533F-4548-9CE2-E72263131BD9}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxm08.exe
FirewallRules: [{1DAFD66C-B77E-422B-90C1-14DC7ABE36C7}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{669D6B49-D269-423F-AC57-0BB6E1E48C80}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{C9AA2C88-29A5-4104-B366-EFD59E2BD98B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{F614D191-EA5E-449E-9505-C7A3EC2C44F2}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{9C9EC504-17B1-4C47-BB36-FCF5E3D2E86C}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{AF6B72BA-D090-40DF-98EB-F86E0F449231}] => (Allow) LPort=2869
FirewallRules: [{E837ABE2-F877-4178-8B2E-2D30E71331C3}] => (Allow) LPort=1900
FirewallRules: [{78415ED0-ED22-46B5-8CF6-6330A38D9667}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{98730647-519B-40EA-AE33-AA5CB53581C6}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{C5686880-17D2-4944-9F78-78EFE22B0A7C}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
FirewallRules: [{6F384575-BDEB-47D8-A16B-04950A53FF09}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
FirewallRules: [{AEBF5336-40F2-45D9-8748-06C8EAB61AF2}] => (Allow) C:\Program Files (x86)\Intel Corporation\Intel WiDi\WiDiApp.exe
FirewallRules: [{51E9A207-6589-4FC7-9C95-4C2EB8644335}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector\PDR8.EXE
FirewallRules: [{AD026405-E962-4384-B5E3-5E989E8CB3AE}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{64B140A0-8BFF-409B-876B-DB99F0A4B6CC}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{083DB4A0-AF82-4EEF-9414-77E8D4A89D91}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{CA6BC9E5-E136-433B-A373-844BFD421588}] => (Allow) C:\Program Files (x86)\Sony Ericsson\Update Engine\Sony Ericsson Update Engine.exe
FirewallRules: [{73EEFB9D-525E-4777-AEA6-36E5F61E7344}] => (Allow) C:\Program Files (x86)\Sony Ericsson\Update Engine\Sony Ericsson Update Engine.exe
FirewallRules: [{05D77498-21A2-46B7-9385-1DBBD1C342B3}] => (Allow) C:\Users\lucted\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{177BC7C4-05B2-49F0-B9BF-BA9190DCFCBB}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{4D74C715-7AA0-47A7-816E-16C37BC869E5}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{5C10B5C9-42EE-4B9B-A629-699482688139}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{37079CCD-0E6D-4D78-9DFA-613DC7B7BC57}] => (Allow) C:\Users\lucted\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{F544B605-B131-4B1B-9F16-B5B9E1FA50D1}] => (Allow) C:\Users\lucted\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{FBFEAA35-416F-41A8-A8FA-6A7117E66A1B}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Wiederherstellungspunkte =========================

07-06-2016 09:38:05 Geplanter Prüfpunkt

==================== Fehlerhafte Geräte im Gerätemanager =============


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (06/14/2016 08:09:48 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: devmonsrv.exe, Version: 1.1.0.51, Zeitstempel: 0x4d6e5bd3
Name des fehlerhaften Moduls: devmonsrv.exe, Version: 1.1.0.51, Zeitstempel: 0x4d6e5bd3
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00043c86
ID des fehlerhaften Prozesses: 0x1f90
Startzeit der fehlerhaften Anwendung: 0xdevmonsrv.exe0
Pfad der fehlerhaften Anwendung: devmonsrv.exe1
Pfad des fehlerhaften Moduls: devmonsrv.exe2
Berichtskennung: devmonsrv.exe3
Vollständiger Name des fehlerhaften Pakets: devmonsrv.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: devmonsrv.exe5

Error: (06/14/2016 08:07:56 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: devmonsrv.exe, Version: 1.1.0.51, Zeitstempel: 0x4d6e5bd3
Name des fehlerhaften Moduls: devmonsrv.exe, Version: 1.1.0.51, Zeitstempel: 0x4d6e5bd3
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00043c86
ID des fehlerhaften Prozesses: 0x36c
Startzeit der fehlerhaften Anwendung: 0xdevmonsrv.exe0
Pfad der fehlerhaften Anwendung: devmonsrv.exe1
Pfad des fehlerhaften Moduls: devmonsrv.exe2
Berichtskennung: devmonsrv.exe3
Vollständiger Name des fehlerhaften Pakets: devmonsrv.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: devmonsrv.exe5

Error: (06/13/2016 08:17:49 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: devmonsrv.exe, Version: 1.1.0.51, Zeitstempel: 0x4d6e5bd3
Name des fehlerhaften Moduls: devmonsrv.exe, Version: 1.1.0.51, Zeitstempel: 0x4d6e5bd3
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00043c86
ID des fehlerhaften Prozesses: 0x1c58
Startzeit der fehlerhaften Anwendung: 0xdevmonsrv.exe0
Pfad der fehlerhaften Anwendung: devmonsrv.exe1
Pfad des fehlerhaften Moduls: devmonsrv.exe2
Berichtskennung: devmonsrv.exe3
Vollständiger Name des fehlerhaften Pakets: devmonsrv.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: devmonsrv.exe5

Error: (06/13/2016 08:17:22 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: devmonsrv.exe, Version: 1.1.0.51, Zeitstempel: 0x4d6e5bd3
Name des fehlerhaften Moduls: devmonsrv.exe, Version: 1.1.0.51, Zeitstempel: 0x4d6e5bd3
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00043c86
ID des fehlerhaften Prozesses: 0x1db0
Startzeit der fehlerhaften Anwendung: 0xdevmonsrv.exe0
Pfad der fehlerhaften Anwendung: devmonsrv.exe1
Pfad des fehlerhaften Moduls: devmonsrv.exe2
Berichtskennung: devmonsrv.exe3
Vollständiger Name des fehlerhaften Pakets: devmonsrv.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: devmonsrv.exe5

Error: (06/13/2016 08:15:16 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: devmonsrv.exe, Version: 1.1.0.51, Zeitstempel: 0x4d6e5bd3
Name des fehlerhaften Moduls: devmonsrv.exe, Version: 1.1.0.51, Zeitstempel: 0x4d6e5bd3
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00043c86
ID des fehlerhaften Prozesses: 0x1b0c
Startzeit der fehlerhaften Anwendung: 0xdevmonsrv.exe0
Pfad der fehlerhaften Anwendung: devmonsrv.exe1
Pfad des fehlerhaften Moduls: devmonsrv.exe2
Berichtskennung: devmonsrv.exe3
Vollständiger Name des fehlerhaften Pakets: devmonsrv.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: devmonsrv.exe5

Error: (06/13/2016 08:15:10 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: devmonsrv.exe, Version: 1.1.0.51, Zeitstempel: 0x4d6e5bd3
Name des fehlerhaften Moduls: devmonsrv.exe, Version: 1.1.0.51, Zeitstempel: 0x4d6e5bd3
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00043c86
ID des fehlerhaften Prozesses: 0x1d78
Startzeit der fehlerhaften Anwendung: 0xdevmonsrv.exe0
Pfad der fehlerhaften Anwendung: devmonsrv.exe1
Pfad des fehlerhaften Moduls: devmonsrv.exe2
Berichtskennung: devmonsrv.exe3
Vollständiger Name des fehlerhaften Pakets: devmonsrv.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: devmonsrv.exe5

Error: (06/13/2016 08:14:39 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: devmonsrv.exe, Version: 1.1.0.51, Zeitstempel: 0x4d6e5bd3
Name des fehlerhaften Moduls: devmonsrv.exe, Version: 1.1.0.51, Zeitstempel: 0x4d6e5bd3
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00043c86
ID des fehlerhaften Prozesses: 0x1d30
Startzeit der fehlerhaften Anwendung: 0xdevmonsrv.exe0
Pfad der fehlerhaften Anwendung: devmonsrv.exe1
Pfad des fehlerhaften Moduls: devmonsrv.exe2
Berichtskennung: devmonsrv.exe3
Vollständiger Name des fehlerhaften Pakets: devmonsrv.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: devmonsrv.exe5

Error: (06/13/2016 08:10:44 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: mediasrv.exe, Version: 1.1.0.51, Zeitstempel: 0x4d6e5b7d
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x7f194cd3
ID des fehlerhaften Prozesses: 0x11dc
Startzeit der fehlerhaften Anwendung: 0xmediasrv.exe0
Pfad der fehlerhaften Anwendung: mediasrv.exe1
Pfad des fehlerhaften Moduls: mediasrv.exe2
Berichtskennung: mediasrv.exe3
Vollständiger Name des fehlerhaften Pakets: mediasrv.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: mediasrv.exe5

Error: (06/13/2016 08:10:43 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: obexsrv.exe, Version: 1.1.0.51, Zeitstempel: 0x4d6e5ab8
Name des fehlerhaften Moduls: obexsrv.exe, Version: 1.1.0.51, Zeitstempel: 0x4d6e5ab8
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0005225c
ID des fehlerhaften Prozesses: 0x38c
Startzeit der fehlerhaften Anwendung: 0xobexsrv.exe0
Pfad der fehlerhaften Anwendung: obexsrv.exe1
Pfad des fehlerhaften Moduls: obexsrv.exe2
Berichtskennung: obexsrv.exe3
Vollständiger Name des fehlerhaften Pakets: obexsrv.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: obexsrv.exe5

Error: (06/13/2016 08:10:38 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: devmonsrv.exe, Version: 1.1.0.51, Zeitstempel: 0x4d6e5bd3
Name des fehlerhaften Moduls: devmonsrv.exe, Version: 1.1.0.51, Zeitstempel: 0x4d6e5bd3
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00043c86
ID des fehlerhaften Prozesses: 0x1668
Startzeit der fehlerhaften Anwendung: 0xdevmonsrv.exe0
Pfad der fehlerhaften Anwendung: devmonsrv.exe1
Pfad des fehlerhaften Moduls: devmonsrv.exe2
Berichtskennung: devmonsrv.exe3
Vollständiger Name des fehlerhaften Pakets: devmonsrv.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: devmonsrv.exe5


Systemfehler:
=============
Error: (06/14/2016 08:09:48 AM) (Source: DCOM) (EventID: 10005) (User: LUCTED-PC)
Description: 1053Bluetooth Device MonitorNicht verfügbar{DABF28BE-F6B4-4E40-8F40-C4FB26F3116C}

Error: (06/14/2016 08:09:48 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Bluetooth Device Monitor" wurde aufgrund folgenden Fehlers nicht gestartet:
Der Dienst antwortete nicht rechtzeitig auf die Start- oder Steuerungsanforderung.


Error: (06/14/2016 08:09:48 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Bluetooth Device Monitor erreicht.

Error: (06/14/2016 08:07:58 AM) (Source: DCOM) (EventID: 10005) (User: LUCTED-PC)
Description: 1053Bluetooth Device MonitorNicht verfügbar{DABF28BE-F6B4-4E40-8F40-C4FB26F3116C}

Error: (06/14/2016 08:07:58 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Bluetooth Device Monitor" wurde aufgrund folgenden Fehlers nicht gestartet:
Der Dienst antwortete nicht rechtzeitig auf die Start- oder Steuerungsanforderung.


Error: (06/14/2016 08:07:58 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Bluetooth Device Monitor erreicht.

Error: (06/14/2016 07:59:41 AM) (Source: i8042prt) (EventID: 41) (User: )
Description: Beim Aktivieren der Maus für die Informationsübertragung ist ein Fehler aufgetreten. Das Gerät wurde zurückgesetzt, um es wieder funktionstüchtig zu machen.

Error: (06/14/2016 07:59:39 AM) (Source: i8042prt) (EventID: 41) (User: )
Description: Beim Aktivieren der Maus für die Informationsübertragung ist ein Fehler aufgetreten. Das Gerät wurde zurückgesetzt, um es wieder funktionstüchtig zu machen.

Error: (06/13/2016 08:17:49 AM) (Source: DCOM) (EventID: 10005) (User: LUCTED-PC)
Description: 1053Bluetooth Device MonitorNicht verfügbar{DABF28BE-F6B4-4E40-8F40-C4FB26F3116C}

Error: (06/13/2016 08:17:49 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Bluetooth Device Monitor" wurde aufgrund folgenden Fehlers nicht gestartet:
Der Dienst antwortete nicht rechtzeitig auf die Start- oder Steuerungsanforderung.



CodeIntegrity:
===================================
  Date: 2016-06-12 22:22:49.349
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.

  Date: 2016-06-12 22:20:31.887
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.

  Date: 2016-06-10 22:20:05.287
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.

  Date: 2016-06-10 22:20:05.269
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.

  Date: 2016-06-10 21:59:05.833
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.

  Date: 2016-06-10 21:57:43.550
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.

  Date: 2016-06-10 19:39:25.792
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.

  Date: 2016-06-10 19:38:10.603
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.

  Date: 2016-06-10 19:38:10.594
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.

  Date: 2016-06-09 15:25:16.982
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.


==================== Speicherinformationen ===========================

Prozessor: Intel(R) Core(TM) i3-2330M CPU @ 2.20GHz
Prozentuale Nutzung des RAM: 47%
Installierter physikalischer RAM: 4001.87 MB
Verfügbarer physikalischer RAM: 2090.95 MB
Summe virtueller Speicher: 8097.87 MB
Verfügbarer virtueller Speicher: 6134.64 MB

==================== Laufwerke ================================

Drive c: (Boot) (Fixed) (Total:647.54 GB) (Free:581.72 GB) NTFS
Drive d: (Recover) (Fixed) (Total:48 GB) (Free:22.32 GB) NTFS

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: 2BD2C32A)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=647.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=50 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=1 GB) - (Type=12)

==================== Ende von Addition.txt ============================
Upload hat jetzt doch funktioniert, war erfolgreich

burningice 14.06.2016 21:56
Super danke dafür!

Downloade Dir HitmanProhttp://deeprybka.trojaner-board.de/b.../hitmanpro.pngauf Deinen Desktop:

HitmanPro-32 Bit Version
HitmanPro-64 Bit Version

Caroblue 15.06.2016 07:24
Schönen guten Morgen,
hier kommt das Ergebnis, wünsche noch einen schönen Tag.

Code:
HitmanPro 3.7.14.265
www.hitmanpro.com

  Computer name . . . . : LUCTED-PC
  Windows . . . . . . . : 10.0.0.10586.X64/4
  User name . . . . . . : LUCTED-PC\lucted
  UAC . . . . . . . . . : Enabled
  License . . . . . . . : Free

  Scan date . . . . . . : 2016-06-15 07:54:53
  Scan mode . . . . . . : Normal
  Scan duration . . . . : 8m 23s
  Disk access mode  . . : Direct disk access (SRB)
  Cloud . . . . . . . . : Internet
  Reboot  . . . . . . . : No

  Threats . . . . . . . : 0
  Traces  . . . . . . . : 52

  Objects scanned . . . : 1.993.276
  Files scanned . . . . : 41.429
  Remnants scanned  . . : 422.571 files / 1.529.276 keys

Suspicious files ____________________________________________________________

  C:\Users\lucted\AppData\Local\Microsoft\Windows\INetCache\IE\NVYPUT3I\FRST64[1].exe
      Size . . . . . . . : 2.385.920 bytes
      Age  . . . . . . . : 1.0 days (2016-06-14 08:08:32)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 2C7000FE2E1515B814DD4F212102FA4F93529D770EE0BAF529B90EEF6D0E8C99
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
        Program has no publisher information but prompts the user for permission elevation.
        Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
        Authors name is missing in version info. This is not common to most programs.
        Version control is missing. This file is probably created by an individual. This is not typical for most programs.
        Time indicates that the file appeared recently on this computer.
      Forensic Cluster
        -1.0s C:\Users\lucted\AppData\Local\Microsoft\Windows\INetCookies\CS2SLTZC.txt
        -1.0s C:\Users\lucted\AppData\Local\Microsoft\Windows\INetCache\IE\50O556XB\82[1].htm
          0.0s C:\Users\lucted\AppData\Local\Microsoft\Windows\INetCache\IE\NVYPUT3I\FRST64[1].exe
          0.1s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\02\
          0.1s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\02\5F377FB81D0AC7DA.dat
          3.5s C:\Users\lucted\Downloads\FRST-OlderVersion\
          3.7s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\76\9F2AFEF7326C2C20.dat
          4.6s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\62\5AFE7EFB51798B5A.dat

  C:\Users\lucted\Downloads\FRST-OlderVersion\FRST64.exe
      Size . . . . . . . : 2.385.408 bytes
      Age  . . . . . . . : 2.0 days (2016-06-13 08:17:02)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 8A9CEF7FD8019023414AB3462A909AAD1CDCD7CB038730D835910020732B004E
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
        Program has no publisher information but prompts the user for permission elevation.
        Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
        Authors name is missing in version info. This is not common to most programs.
        Version control is missing. This file is probably created by an individual. This is not typical for most programs.
        Time indicates that the file appeared recently on this computer.
      Forensic Cluster
          0.0s C:\Users\lucted\Trojaner-Board#\FRST64.exe
          0.0s C:\Users\lucted\Downloads\FRST-OlderVersion\FRST64.exe
        23.5s C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_devmonsrv.exe_c49af33a3664445b19437d8291226d3b0fe4efc_692de7c9_055bf114\
        23.5s C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_devmonsrv.exe_c49af33a3664445b19437d8291226d3b0fe4efc_692de7c9_055bf114\Report.wer
        27.0s C:\Users\lucted\Desktop\FRST64.exe - Verknüpfung.lnk
        49.1s C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_devmonsrv.exe_c49af33a3664445b19437d8291226d3b0fe4efc_692de7c9_0d4454fe\
        49.1s C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_devmonsrv.exe_c49af33a3664445b19437d8291226d3b0fe4efc_692de7c9_0d4454fe\Report.wer

  C:\Users\lucted\Trojaner-Board#\FRST64.exe
      Size . . . . . . . : 2.385.920 bytes
      Age  . . . . . . . : 2.0 days (2016-06-13 08:17:02)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 2C7000FE2E1515B814DD4F212102FA4F93529D770EE0BAF529B90EEF6D0E8C99
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
        Program has no publisher information but prompts the user for permission elevation.
        Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
        Authors name is missing in version info. This is not common to most programs.
        Version control is missing. This file is probably created by an individual. This is not typical for most programs.
        Time indicates that the file appeared recently on this computer.
      References
        C:\Users\lucted\Desktop\FRST64.exe - Verknüpfung.lnk
      Forensic Cluster
          0.0s C:\Users\lucted\Trojaner-Board#\FRST64.exe
          0.0s C:\Users\lucted\Downloads\FRST-OlderVersion\FRST64.exe
        23.5s C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_devmonsrv.exe_c49af33a3664445b19437d8291226d3b0fe4efc_692de7c9_055bf114\
        23.5s C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_devmonsrv.exe_c49af33a3664445b19437d8291226d3b0fe4efc_692de7c9_055bf114\Report.wer
        27.0s C:\Users\lucted\Desktop\FRST64.exe - Verknüpfung.lnk
        49.1s C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_devmonsrv.exe_c49af33a3664445b19437d8291226d3b0fe4efc_692de7c9_0d4454fe\
        49.1s C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_devmonsrv.exe_c49af33a3664445b19437d8291226d3b0fe4efc_692de7c9_0d4454fe\Report.wer


Potential Unwanted Programs _________________________________________________

  C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\CCACCBF1-7AB4-4CF5-B32D-668C686A539F\searchplugins\ask-web-search.xml (AskBar)
  HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}\ (Iminent)
  HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}\ (Iminent)
  HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}\ (Iminent)
  HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}\ (Iminent)
  HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}\ (Iminent)
  HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}\ (Iminent)
  HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}\ (Iminent)
  HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}\ (Iminent)
  HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}\ (Iminent)
  HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}\ (Iminent)
  HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}\ (Iminent)
  HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}\ (Iminent)
  HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}\ (Iminent)
  HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}\ (Iminent)
  HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}\ (Iminent)
  HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}\ (Iminent)
  HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}\ (Iminent)
  HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}\ (Iminent)
  HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}\ (Iminent)
  HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}\ (Iminent)
  HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}\ (Iminent)
  HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}\ (Iminent)
  HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}\ (Iminent)
  HKLM\SOFTWARE\Classes\Interface\{94952EC4-DB66-3F32-BE4C-F0BB875EA98E}\ (Iminent)
  HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}\ (Iminent)
  HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}\ (Iminent)
  HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}\ (Iminent)
  HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}\ (Iminent)
  HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}\ (Iminent)
  HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}\ (Iminent)
  HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}\ (Iminent)
  HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}\ (Iminent)
  HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}\ (Iminent)
  HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}\ (Iminent)
  HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}\ (Iminent)
  HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}\ (Iminent)
  HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}\ (Iminent)
  HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}\ (Iminent)
  HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}\ (Iminent)
  HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}\ (Iminent)
  HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}\ (Iminent)
  HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}\ (Iminent)
  HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}\ (Iminent)
  HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}\ (Iminent)
  HKU\S-1-5-21-689365640-92009327-2566536619-1000\SOFTWARE\One System Care\ (OneSystemCare)
  HKU\S-1-5-21-689365640-92009327-2566536619-1000\SOFTWARE\System Healer\ (SystemHealer)
  HKU\S-1-5-21-689365640-92009327-2566536619-1000\SOFTWARE\WajIEnhance\ (Wajam)

burningice 15.06.2016 09:35
Na das schaut ja schon fast wieder aus wie ein computer bei dir :D

Danach sollte es wohl passen:
Schritt: 1
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\CCACCBF1-7AB4-4CF5-B32D-668C686A539F\searchplugins\ask-web-search.xml
[-HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}]
[-HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}]
[-HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}]
[-HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}]
[-HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}]
[-HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}]
[-HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}]
[-HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}]
[-HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}]
[-HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}]
[-HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}]
[-HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}]
[-HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}]
[-HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}]
[-HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}]
[-HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}]
[-HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}]
[-HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}]
[-HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}]
[-HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}]
[-HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}]
[-HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}]
[-HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}]
[-HKLM\SOFTWARE\Classes\Interface\{94952EC4-DB66-3F32-BE4C-F0BB875EA98E}]
[-HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}]
[-HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}]
[-HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}]
[-HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}]
[-HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}]
[-HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}]
[-HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}]
[-HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}]
[-HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}]
[-HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}]
[-HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}]
[-HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}]
[-HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}]
[-HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}]
[-HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}]
[-HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}]
[-HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}]
[-HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}]
[-HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}]
[-HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}]
[-HKU\S-1-5-21-689365640-92009327-2566536619-1000\SOFTWARE\One System Care]
[-HKU\S-1-5-21-689365640-92009327-2566536619-1000\SOFTWARE\System Healer]
[-HKU\S-1-5-21-689365640-92009327-2566536619-1000\SOFTWARE\WajIEnhance]
Tcpip\Parameters: [NameServer] 82.163.142.7 95.211.158.134
Tcpip\..\Interfaces\{5327d1c1-1dac-4479-9385-c34c11de559b}: [DhcpNameServer] 82.163.142.7
cmd: ipconfig /release
cmd: ipconfig /renew
cmd: ipconfig /flushdns
SearchScopes: HKLM -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKLM -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKLM-x32 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-689365640-92009327-2566536619-1001 -> {4BB7C960-1C70-484C-B979-2CCADBE00A6F} URL =
FF user.js: detected! => C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\8hxidemf.default\user.js [2016-06-08]
FF HKLM-x32\...\Firefox\Extensions: [arthurj8283@gmail.com] - C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\extensions\arthurj8283@gmail.com => nicht gefunden

emptytemp:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.



Schritt: 2
Bitte starte wieder FRST, setze den Haken bei Addition und drücke auf Untersuchen. Poste bitte wieder die beiden Textdateien, die so entstehen.

Hast du noch irgendwelche Probleme mit deinem Rechner?

Caroblue 15.06.2016 16:33
Code:
Entferungsergebnis von Farbar Recovery Scan Tool (x64) Version:15-06-2016
durchgeführt von lucted (2016-06-15 17:11:16) Run:2
Gestartet von C:\Users\lucted\Trojaner-Board#
Geladene Profile: UpdatusUser & lucted & DefaultAppPool (Verfügbare Profile: UpdatusUser & lucted & DefaultAppPool)
Start-Modus: Normal
==============================================

fixlist Inhalt:
*****************
C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\CCACCBF1-7AB4-4CF5-B32D-668C686A539F\searchplugins\ask-web-search.xml
[-HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}]
[-HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}]
[-HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}]
[-HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}]
[-HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}]
[-HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}]
[-HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}]
[-HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}]
[-HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}]
[-HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}]
[-HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}]
[-HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}]
[-HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}]
[-HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}]
[-HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}]
[-HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}]
[-HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}]
[-HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}]
[-HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}]
[-HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}]
[-HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}]
[-HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}]
[-HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}]
[-HKLM\SOFTWARE\Classes\Interface\{94952EC4-DB66-3F32-BE4C-F0BB875EA98E}]
[-HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}]
[-HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}]
[-HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}]
[-HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}]
[-HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}]
[-HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}]
[-HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}]
[-HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}]
[-HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}]
[-HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}]
[-HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}]
[-HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}]
[-HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}]
[-HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}]
[-HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}]
[-HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}]
[-HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}]
[-HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}]
[-HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}]
[-HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}]
[-HKU\S-1-5-21-689365640-92009327-2566536619-1000\SOFTWARE\One System Care]
[-HKU\S-1-5-21-689365640-92009327-2566536619-1000\SOFTWARE\System Healer]
[-HKU\S-1-5-21-689365640-92009327-2566536619-1000\SOFTWARE\WajIEnhance]
Tcpip\Parameters: [NameServer] 82.163.142.7 95.211.158.134
Tcpip\..\Interfaces\{5327d1c1-1dac-4479-9385-c34c11de559b}: [DhcpNameServer] 82.163.142.7
cmd: ipconfig /release
cmd: ipconfig /renew
cmd: ipconfig /flushdns
SearchScopes: HKLM -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKLM -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKLM-x32 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-689365640-92009327-2566536619-1001 -> {4BB7C960-1C70-484C-B979-2CCADBE00A6F} URL =
FF user.js: detected! => C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\8hxidemf.default\user.js [2016-06-08]
FF HKLM-x32\...\Firefox\Extensions: [arthurj8283@gmail.com] - C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\extensions\arthurj8283@gmail.com => nicht gefunden

emptytemp:
*****************

C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\CCACCBF1-7AB4-4CF5-B32D-668C686A539F\searchplugins\ask-web-search.xml => erfolgreich verschoben
HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA} => konnte nicht entfernt werden im ersten Versuch (ErrorCode: C0000121), siehe nächste Zeile.
HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09} => konnte nicht entfernt werden im ersten Versuch (ErrorCode: C0000121), siehe nächste Zeile.
HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49} => konnte nicht entfernt werden im ersten Versuch (ErrorCode: C0000121), siehe nächste Zeile.
HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460} => konnte nicht entfernt werden im ersten Versuch (ErrorCode: C0000121), siehe nächste Zeile.
HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920} => konnte nicht entfernt werden im ersten Versuch (ErrorCode: C0000121), siehe nächste Zeile.
HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3} => konnte nicht entfernt werden im ersten Versuch (ErrorCode: C0000121), siehe nächste Zeile.
HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861} => konnte nicht entfernt werden im ersten Versuch (ErrorCode: C0000121), siehe nächste Zeile.
HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065} => konnte nicht entfernt werden im ersten Versuch (ErrorCode: C0000121), siehe nächste Zeile.
HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA} => konnte nicht entfernt werden im ersten Versuch (ErrorCode: C0000121), siehe nächste Zeile.
HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000} => konnte nicht entfernt werden im ersten Versuch (ErrorCode: C0000121), siehe nächste Zeile.
HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4} => konnte nicht entfernt werden im ersten Versuch (ErrorCode: C0000121), siehe nächste Zeile.
HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D} => konnte nicht entfernt werden im ersten Versuch (ErrorCode: C0000121), siehe nächste Zeile.
HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0} => konnte nicht entfernt werden im ersten Versuch (ErrorCode: C0000121), siehe nächste Zeile.
HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C} => konnte nicht entfernt werden im ersten Versuch (ErrorCode: C0000121), siehe nächste Zeile.
HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9} => konnte nicht entfernt werden im ersten Versuch (ErrorCode: C0000121), siehe nächste Zeile.
HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08} => konnte nicht entfernt werden im ersten Versuch (ErrorCode: C0000121), siehe nächste Zeile.
HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4} => konnte nicht entfernt werden im ersten Versuch (ErrorCode: C0000121), siehe nächste Zeile.
HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C} => konnte nicht entfernt werden im ersten Versuch (ErrorCode: C0000121), siehe nächste Zeile.
HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37} => konnte nicht entfernt werden im ersten Versuch (ErrorCode: C0000121), siehe nächste Zeile.
HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0} => konnte nicht entfernt werden im ersten Versuch (ErrorCode: C0000121), siehe nächste Zeile.
HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003} => konnte nicht entfernt werden im ersten Versuch (ErrorCode: C0000121), siehe nächste Zeile.
HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4} => konnte nicht entfernt werden im ersten Versuch (ErrorCode: C0000121), siehe nächste Zeile.
HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D} => konnte nicht entfernt werden im ersten Versuch (ErrorCode: C0000121), siehe nächste Zeile.
HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Classes\Interface\{94952EC4-DB66-3F32-BE4C-F0BB875EA98E} => konnte nicht entfernt werden im ersten Versuch (ErrorCode: C0000121), siehe nächste Zeile.
HKLM\SOFTWARE\Classes\Interface\{94952EC4-DB66-3F32-BE4C-F0BB875EA98E} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5} => konnte nicht entfernt werden im ersten Versuch (ErrorCode: C0000121), siehe nächste Zeile.
HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A} => konnte nicht entfernt werden im ersten Versuch (ErrorCode: C0000121), siehe nächste Zeile.
HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D} => konnte nicht entfernt werden im ersten Versuch (ErrorCode: C0000121), siehe nächste Zeile.
HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA} => konnte nicht entfernt werden im ersten Versuch (ErrorCode: C0000121), siehe nächste Zeile.
HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75} => konnte nicht entfernt werden im ersten Versuch (ErrorCode: C0000121), siehe nächste Zeile.
HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556} => konnte nicht entfernt werden im ersten Versuch (ErrorCode: C0000121), siehe nächste Zeile.
HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C} => konnte nicht entfernt werden im ersten Versuch (ErrorCode: C0000121), siehe nächste Zeile.
HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500} => konnte nicht entfernt werden im ersten Versuch (ErrorCode: C0000121), siehe nächste Zeile.
HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205} => konnte nicht entfernt werden im ersten Versuch (ErrorCode: C0000121), siehe nächste Zeile.
HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED} => konnte nicht entfernt werden im ersten Versuch (ErrorCode: C0000121), siehe nächste Zeile.
HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25} => konnte nicht entfernt werden im ersten Versuch (ErrorCode: C0000121), siehe nächste Zeile.
HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D} => konnte nicht entfernt werden im ersten Versuch (ErrorCode: C0000121), siehe nächste Zeile.
HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3} => konnte nicht entfernt werden im ersten Versuch (ErrorCode: C0000121), siehe nächste Zeile.
HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7} => konnte nicht entfernt werden im ersten Versuch (ErrorCode: C0000121), siehe nächste Zeile.
HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01} => konnte nicht entfernt werden im ersten Versuch (ErrorCode: C0000121), siehe nächste Zeile.
HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2} => konnte nicht entfernt werden im ersten Versuch (ErrorCode: C0000121), siehe nächste Zeile.
HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587} => konnte nicht entfernt werden im ersten Versuch (ErrorCode: C0000121), siehe nächste Zeile.
HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4} => konnte nicht entfernt werden im ersten Versuch (ErrorCode: C0000121), siehe nächste Zeile.
HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B} => konnte nicht entfernt werden im ersten Versuch (ErrorCode: C0000121), siehe nächste Zeile.
HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7} => konnte nicht entfernt werden im ersten Versuch (ErrorCode: C0000121), siehe nächste Zeile.
HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7} => Schlüssel erfolgreich entfernt
HKU\S-1-5-21-689365640-92009327-2566536619-1000\SOFTWARE\One System Care => Schlüssel erfolgreich entfernt
HKU\S-1-5-21-689365640-92009327-2566536619-1000\SOFTWARE\System Healer => Schlüssel erfolgreich entfernt
HKU\S-1-5-21-689365640-92009327-2566536619-1000\SOFTWARE\WajIEnhance => Schlüssel erfolgreich entfernt
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\\NameServer => Wert erfolgreich entfernt
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{5327d1c1-1dac-4479-9385-c34c11de559b}\\DhcpNameServer => Wert erfolgreich entfernt

=========  ipconfig /release =========


Windows-IP-Konfiguration

Es kann kein Vorgang auf Ethernet ausgef�hrt werden, solange dessen Medium nicht
verbunden ist.
Es kann kein Vorgang auf LAN-Verbindung* 1 ausgef�hrt werden, solange dessen Medium nicht
verbunden ist.

Ethernet-Adapter Ethernet:

  Medienstatus. . . . . . . . . . . : Medium getrennt
  Verbindungsspezifisches DNS-Suffix:

Drahtlos-LAN-Adapter LAN-Verbindung* 1:

  Medienstatus. . . . . . . . . . . : Medium getrennt
  Verbindungsspezifisches DNS-Suffix:

Drahtlos-LAN-Adapter WiFi:

  Verbindungsspezifisches DNS-Suffix:
  IPv6-Adresse. . . . . . . . . . . : 2003:46:a00:e3ed:8d0:c9a1:368f:6968
  Tempor�re IPv6-Adresse. . . . . . : 2003:46:a00:e3ed:7dbf:2192:d82d:23c3
  Verbindungslokale IPv6-Adresse  . : fe80::8d0:c9a1:368f:6968%2
  Standardgateway . . . . . . . . . : fe80::1%2

========= Ende von CMD: =========


=========  ipconfig /renew =========


Windows-IP-Konfiguration

Es kann kein Vorgang auf Ethernet ausgef�hrt werden, solange dessen Medium nicht
verbunden ist.
Es kann kein Vorgang auf LAN-Verbindung* 1 ausgef�hrt werden, solange dessen Medium nicht
verbunden ist.

Ethernet-Adapter Ethernet:

  Medienstatus. . . . . . . . . . . : Medium getrennt
  Verbindungsspezifisches DNS-Suffix:

Drahtlos-LAN-Adapter LAN-Verbindung* 1:

  Medienstatus. . . . . . . . . . . : Medium getrennt
  Verbindungsspezifisches DNS-Suffix:

Drahtlos-LAN-Adapter WiFi:

  Verbindungsspezifisches DNS-Suffix: SpeedportEntry209012601050045
  IPv6-Adresse. . . . . . . . . . . : 2003:46:a00:e3ed:8d0:c9a1:368f:6968
  Tempor�re IPv6-Adresse. . . . . . : 2003:46:a00:e3ed:7dbf:2192:d82d:23c3
  Verbindungslokale IPv6-Adresse  . : fe80::8d0:c9a1:368f:6968%2
  IPv4-Adresse  . . . . . . . . . . : 192.168.2.105
  Subnetzmaske  . . . . . . . . . . : 255.255.255.0
  Standardgateway . . . . . . . . . : fe80::1%2
                                      192.168.2.1

========= Ende von CMD: =========


=========  ipconfig /flushdns =========


Windows-IP-Konfiguration

Der DNS-Aufl�sungscache wurde geleert.

========= Ende von CMD: =========

HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Wert erfolgreich wiederhergestellt
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" => Schlüssel erfolgreich entfernt
HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => Schlüssel nicht gefunden.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Wert erfolgreich wiederhergestellt
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" => Schlüssel erfolgreich entfernt
HKCR\Wow6432Node\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => Schlüssel nicht gefunden.
"HKU\S-1-5-21-689365640-92009327-2566536619-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{4BB7C960-1C70-484C-B979-2CCADBE00A6F}" => Schlüssel erfolgreich entfernt
HKCR\CLSID\{4BB7C960-1C70-484C-B979-2CCADBE00A6F} => Schlüssel nicht gefunden.
C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\8hxidemf.default\user.js => erfolgreich verschoben
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\arthurj8283@gmail.com => Wert erfolgreich entfernt
EmptyTemp: => 58.5 MB temporäre Dateien entfernt.


Das System musste neu gestartet werden.

==== Ende von Fixlog 17:11:30 ====
Code:
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:15-06-2016
durchgeführt von lucted (Administrator) auf LUCTED-PC (15-06-2016 17:23:49)
Gestartet von C:\Users\lucted\Trojaner-Board#
Geladene Profile: UpdatusUser & lucted (Verfügbare Profile: UpdatusUser & lucted & DefaultAppPool)
Platform: Windows 10 Home Version 1511 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: Edge)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
() C:\Windows\System32\FspService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
(Sony) C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
() C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
(Wistron) C:\Program Files (x86)\Launch Manager\HotkeyApp.exe
(Wistron Corp.) C:\Program Files (x86)\Launch Manager\OSD.exe
(Wistron Corp.) C:\Program Files (x86)\Launch Manager\WButton.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Wistron Corp.) C:\Program Files (x86)\Launch Manager\WisLMSvc.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
() C:\Program Files (x86)\watchmi\TvdTray.exe
(Geek Software GmbH) C:\Users\lucted\Mama Strom\Sonja\PDF24\pdf24.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\NetworkUXBroker.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.10586.168_none_76587b40265ca57e\TiWorker.exe


==================== Registry (Nicht auf der Ausnahmeliste) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [fspuip] => C:\Program Files\FSP\fspuip.exe [6319440 2015-05-29] (Sentelic Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12661352 2011-08-01] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2264168 2011-07-13] (Realtek Semiconductor)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
HKLM-x32\...\Run: [HotkeyApp] => C:\Program Files (x86)\Launch Manager\HotkeyApp.exe [207400 2011-08-06] (Wistron)
HKLM-x32\...\Run: [LMgrVolOSD] => C:\Program Files (x86)\Launch Manager\OSD.exe [348960 2011-08-06] (Wistron Corp.)
HKLM-x32\...\Run: [LMgrOSD] => "C:\Program Files (x86)\Launch Manager\OSDCtrl.exe"
HKLM-x32\...\Run: [Wbutton] => C:\Program Files (x86)\Launch Manager\Wbutton.exe [447016 2011-08-13] (Wistron Corp.)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [107816 2010-08-04] (CyberLink)
HKLM-x32\...\Run: [Dolby Advanced Audio v2] => C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe [506712 2011-02-03] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67384 2016-03-18] (Apple Inc.)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [310280 2012-12-20] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [PDFPrint] => C:\Users\lucted\Mama Strom\Sonja\PDF24\pdf24.exe [221216 2015-11-18] (Geek Software GmbH)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-689365640-92009327-2566536619-1000\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [517632 2015-10-30] (Microsoft Corporation)
HKU\S-1-5-21-689365640-92009327-2566536619-1001\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-12-18] (Google Inc.)
HKU\S-1-5-21-689365640-92009327-2566536619-1001\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1476104 2012-12-20] (Samsung)
HKU\S-1-5-21-689365640-92009327-2566536619-1001\...\Run: [] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844296 2012-12-20] (Samsung)
HKU\S-1-5-21-689365640-92009327-2566536619-1001\...\Run: [Sony PC Companion] => C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe [457088 2015-09-23] (Sony)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [176904 2015-07-23] (NVIDIA Corporation)
AppInit_DLLs: ,C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [176904 2015-07-23] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [155280 2015-07-23] (NVIDIA Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\lucted\AppData\Local\Microsoft\OneDrive\17.3.5892.0626_1\amd64\FileSyncShell64.dll [2016-01-06] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\lucted\AppData\Local\Microsoft\OneDrive\17.3.5892.0626_1\amd64\FileSyncShell64.dll [2016-01-06] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\lucted\AppData\Local\Microsoft\OneDrive\17.3.5892.0626_1\amd64\FileSyncShell64.dll [2016-01-06] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\lucted\AppData\Local\Microsoft\OneDrive\17.3.5892.0626_1\FileSyncShell.dll [2016-01-06] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\lucted\AppData\Local\Microsoft\OneDrive\17.3.5892.0626_1\FileSyncShell.dll [2016-01-06] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\lucted\AppData\Local\Microsoft\OneDrive\17.3.5892.0626_1\FileSyncShell.dll [2016-01-06] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2015-12-28]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\watchmi tray.lnk [2010-12-02]
ShortcutTarget: watchmi tray.lnk -> C:\Windows\Installer\{AA4D1C5E-116A-4FF4-AA91-28F526868203}\SHCT_TRAY_PROGRAMG_A10D8603999C4E9488776EF2533C58C9.exe (Acresso Software Inc.)

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1
Tcpip\..\Interfaces\{03825670-e143-4a1c-9d66-6b83c604caab}: [DhcpNameServer] 192.168.2.1 192.168.2.1

Internet Explorer:
==================
HKU\S-1-5-21-689365640-92009327-2566536619-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2016-04-12] (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-27] (Google Inc.)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-04-12] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll [2014-12-12] (Oracle Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-27] (Google Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-12-12] (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-27] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-27] (Google Inc.)
Toolbar: HKU\S-1-5-21-689365640-92009327-2566536619-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-27] (Google Inc.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\wy4qbny0.Caro
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_21_0_0_242.dll [2016-05-13] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_242.dll [2016-05-13] ()
FF Plugin-x32: @java.com/DTPlugin,version=10.9.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2012-11-24] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-12-12] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-12-27] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-14] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-14] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2011-07-25] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2011-07-25] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin HKU\S-1-5-21-689365640-92009327-2566536619-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\lucted\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2013-06-06] (Unity Technologies ApS)
FF SearchPlugin: C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\8hxidemf.default\searchplugins\englische-ergebnisse.xml [2013-03-22]
FF SearchPlugin: C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\8hxidemf.default\searchplugins\gmx-suche.xml [2013-03-22]
FF SearchPlugin: C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\8hxidemf.default\searchplugins\lastminute.xml [2013-03-22]
FF SearchPlugin: C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\8hxidemf.default\searchplugins\webde-suche.xml [2013-03-22]
FF Extension: WEB.DE MailCheck - C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\8hxidemf.default\Extensions\browser-mailcheck@web.de [2016-03-26]
FF Extension: WEB.DE MailCheck - C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\9c59swmb.default-1465886105769\Extensions\toolbar@web.de [2016-06-14] [ist nicht signiert]
FF Extension: WEB.DE MailCheck - C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\wy4qbny0.Caro\Extensions\toolbar@web.de [2016-06-15] [ist nicht signiert]
FF Extension: Anti-Banner - C:\Program Files (x86)\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak2 [2016-03-19] [ist nicht signiert]
FF Extension: Modul zur Link-Untersuchung - C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak2 [2016-03-19] [ist nicht signiert]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2016-03-19] [ist nicht signiert]
FF HKLM-x32\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru => nicht gefunden

Chrome:
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.84\gcswf32.dll => Keine Datei
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll => Keine Datei
CHR Plugin: (Java Deployment Toolkit 6.0.260.3) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll => Keine Datei
CHR Plugin: (Java(TM) Platform SE 6 U26) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll => Keine Datei
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll => Keine Datei
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll => Keine Datei
CHR Plugin: (Chrome NaCl) - C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.84\ppGoogleNaClPluginChrome.dll => Keine Datei
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.84\pdf.dll => Keine Datei
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll => Keine Datei
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Profile: C:\Users\lucted\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\lucted\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-21]

==================== Dienste (Nicht auf der Ausnahmeliste) ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3009264 2016-05-17] (Microsoft Corporation)
R2 FspSvc; C:\Windows\System32\FspService.exe [2178896 2015-05-29] ()
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [Datei ist nicht signiert]
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [Datei ist nicht signiert]
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2010-12-14] () [Datei ist nicht signiert]
S2 watchmi; C:\Program Files (x86)\watchmi\TvdService.exe [62464 2010-12-06] () [Datei ist nicht signiert]
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
R3 WisLMSvc; C:\Program Files (x86)\Launch Manager\WisLMSvc.exe [118560 2011-08-06] (Wistron Corp.)

===================== Treiber (Nicht auf der Ausnahmeliste) ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)
R3 fspad_win764; C:\Windows\system32\DRIVERS\fspad_win764.sys [209232 2015-05-29] (Sentelic Corporation)
S3 IT9135BDA; C:\Windows\System32\Drivers\IT9135BDA.sys [165504 2011-08-10] (ITE                      )
S3 mod7764; C:\Windows\System32\DRIVERS\mod77-64.sys [1077416 2010-09-16] (DiBcom SA)
R3 RTSUER; C:\Windows\system32\Drivers\RtsUer.sys [402960 2015-05-14] (Realsil Semiconductor Corporation)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
U3 idsvc; kein ImagePath

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-06-15 07:54 - 2016-06-15 08:21 - 00000000 ____D C:\ProgramData\HitmanPro
2016-06-15 07:53 - 2016-06-15 07:53 - 00001087 _____ C:\Users\lucted\Desktop\HitmanPro_x64.exe - Verknüpfung.lnk
2016-06-15 07:52 - 2016-06-15 07:54 - 11438608 _____ (SurfRight B.V.) C:\Users\lucted\Downloads\HitmanPro_x64.exe
2016-06-14 08:35 - 2016-06-14 08:35 - 00000000 ____D C:\Users\lucted\Desktop\Alte Firefox-Daten
2016-06-14 08:10 - 2016-06-14 08:10 - 09022355 _____ C:\Users\lucted\Desktop\Upload.zip
2016-06-14 08:08 - 2016-06-14 08:08 - 00000000 ____D C:\Users\lucted\Downloads\FRST-OlderVersion
2016-06-13 08:20 - 2016-06-13 08:21 - 00052836 _____ C:\Users\lucted\Downloads\Addition.txt
2016-06-13 08:19 - 2016-06-13 08:21 - 00030736 _____ C:\Users\lucted\Downloads\FRST.txt
2016-06-13 08:18 - 2016-06-15 17:23 - 00000000 ____D C:\FRST
2016-06-13 08:17 - 2016-06-14 08:09 - 00001407 _____ C:\Users\lucted\Desktop\FRST64.exe - Verknüpfung.lnk
2016-06-13 08:04 - 2016-06-13 08:04 - 00001612 _____ C:\Users\lucted\Desktop\AdwCleaner_5.119.exe - Verknüpfung.lnk
2016-06-12 22:41 - 2016-06-12 22:41 - 12819016 _____ (Kaspersky Lab ZAO) C:\Users\lucted\Downloads\kavremvr.exe
2016-06-08 08:39 - 2016-06-13 08:07 - 00000000 ____D C:\AdwCleaner
2016-06-08 07:53 - 2016-06-08 14:18 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-06-08 07:52 - 2016-06-08 07:52 - 00000919 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-06-08 07:52 - 2016-06-08 07:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-06-08 07:52 - 2016-06-08 07:52 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-06-08 07:52 - 2016-06-08 07:52 - 00000000 ____D C:\Benutzer
2016-06-08 07:52 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-06-08 07:52 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-06-08 07:52 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-06-08 07:49 - 2016-06-08 07:49 - 00001653 _____ C:\Users\lucted\Desktop\mbam-setup-2.2.1.1043.exe - Verknüpfung.lnk
2016-06-07 14:48 - 2016-06-07 14:48 - 00000000 ____D C:\TDSSKiller_Quarantine
2016-06-07 14:37 - 2016-06-07 15:03 - 00822490 _____ C:\TDSSKiller.3.1.0.9_07.06.2016_14.37.08_log.txt
2016-06-07 12:27 - 2016-06-15 17:11 - 00000000 ____D C:\Users\lucted\Trojaner-Board#
2016-06-07 10:41 - 2016-06-07 10:42 - 162961416 _____ (Kaspersky Lab) C:\Users\lucted\Downloads\kts16.0.0.614abcdde_9994(1).exe
2016-06-06 22:44 - 2016-06-06 23:00 - 00000000 ____D C:\KVRT_Data
2016-06-06 22:43 - 2016-06-06 22:43 - 94947664 _____ (Kaspersky Lab ZAO) C:\Users\lucted\Downloads\KVRT (3).exe
2016-06-06 22:40 - 2016-06-06 22:40 - 94947664 _____ (Kaspersky Lab ZAO) C:\Users\lucted\Downloads\KVRT (2).exe
2016-06-06 22:39 - 2016-06-06 22:44 - 94947664 _____ (Kaspersky Lab ZAO) C:\Users\lucted\Downloads\KVRT.exe
2016-06-06 22:39 - 2016-06-06 22:40 - 94947664 _____ (Kaspersky Lab ZAO) C:\Users\lucted\Downloads\KVRT (1).exe
2016-06-06 22:30 - 2016-06-06 22:33 - 162961416 _____ (Kaspersky Lab) C:\Users\lucted\Downloads\kts16.0.0.614abcdde_9994.exe
2016-06-06 22:17 - 2016-06-06 22:27 - 00000000 ____D C:\WINDOWS\Minidump
2016-05-27 10:29 - 2016-05-27 10:29 - 00000000 _____ C:\Users\Public\Documents\report.dat
2016-05-22 19:17 - 2016-05-22 19:17 - 00004336 _____ C:\Users\lucted\Downloads\MitteilungForm(1).pdf
2016-05-22 19:12 - 2016-05-22 19:12 - 00004394 _____ C:\Users\lucted\Downloads\MitteilungForm.pdf
2016-05-20 17:10 - 2016-05-20 17:10 - 00036153 _____ C:\Users\lucted\Downloads\Kontoumsaetze_848_031412000_20160520_171027.pdf

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-06-15 17:18 - 2015-10-30 09:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-06-15 17:14 - 2011-12-18 00:08 - 00001134 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-06-15 17:13 - 2016-01-06 13:36 - 00000000 ____D C:\ProgramData\NVIDIA
2016-06-15 17:12 - 2016-01-06 14:04 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-06-15 17:12 - 2015-10-30 08:28 - 00786432 ___SH C:\WINDOWS\system32\config\BBI
2016-06-15 17:09 - 2015-12-28 14:36 - 00004156 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{845ECAD7-6284-46CB-831F-F26619A16307}
2016-06-15 07:56 - 2015-10-30 09:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-06-15 07:56 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-06-14 10:46 - 2012-12-05 19:45 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-06-14 10:41 - 2011-12-18 00:08 - 00001138 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-06-12 22:44 - 2015-10-30 09:24 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2016-06-12 22:44 - 2012-01-19 23:47 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2016-06-12 22:43 - 2015-10-30 09:21 - 00000000 ____D C:\WINDOWS\INF
2016-06-12 22:43 - 2015-10-30 08:28 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2016-06-12 22:28 - 2016-03-21 17:07 - 00000000 ____D C:\Users\lucted\AppData\LocalLow\Temp
2016-06-10 19:35 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-06-08 09:17 - 2016-04-21 13:26 - 00000000 ____D C:\WINDOWS\system32\log
2016-06-08 09:17 - 2016-03-26 10:41 - 00000008 __RSH C:\ProgramData\ntuser.pol
2016-06-08 07:47 - 2011-12-18 00:08 - 00002298 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-06-08 07:47 - 2011-12-18 00:08 - 00002286 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-06-07 12:27 - 2016-01-06 13:40 - 00000000 ____D C:\Users\lucted
2016-06-06 22:17 - 2014-05-17 20:56 - 597610651 _____ C:\WINDOWS\MEMORY.DMP
2016-05-27 12:34 - 2016-04-21 13:26 - 00002179 _____ C:\Users\lucted\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-05-27 09:49 - 2015-10-30 09:24 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-05-27 09:48 - 2014-12-24 15:23 - 00000000 ____D C:\Program Files\Microsoft Office 15
2016-05-24 18:41 - 2015-12-30 14:28 - 00000000 ____D C:\Users\lucted\Documents\Carola DAK
2016-05-20 18:35 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\rescache
2016-05-19 07:26 - 2015-09-10 07:37 - 00000000 __RHD C:\Users\Public\AccountPictures

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2012-03-18 21:30 - 2012-03-18 21:30 - 0017408 _____ () C:\Users\lucted\AppData\Local\WebpageIcons.db
2015-12-28 14:29 - 2016-03-30 18:12 - 0002385 _____ () C:\ProgramData\hpzinstall.log

==================== Bamital & volsnap =================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert


LastRegBack: 2016-06-06 20:32

==================== Ende von FRST.txt ============================
Code:
Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:15-06-2016
durchgeführt von lucted (2016-06-15 17:24:56)
Gestartet von C:\Users\lucted\Trojaner-Board#
Windows 10 Home Version 1511 (X64) (2016-01-06 12:10:54)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-689365640-92009327-2566536619-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-689365640-92009327-2566536619-503 - Limited - Disabled)
Gast (S-1-5-21-689365640-92009327-2566536619-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-689365640-92009327-2566536619-1005 - Limited - Enabled)
lucted (S-1-5-21-689365640-92009327-2566536619-1001 - Administrator - Enabled) => C:\Users\lucted
UpdatusUser (S-1-5-21-689365640-92009327-2566536619-1000 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

4500_Help (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.7.1.19610 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.242 - Adobe Systems Incorporated)
AMI VR-pulse OS Switcher (HKLM\...\{69A90894-D54A-4657-8172-6B0FCE93414E}) (Version: 1.2 - American Megatrends Inc.)
Apple Application Support (32-Bit) (HKLM-x32\...\{FE5C2FAA-118D-4509-B51D-3F71CC9E1B3E}) (Version: 4.3 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{2937FD88-C9D6-4B82-B539-37CD0A572F42}) (Version: 4.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Ashampoo Burning Studio (HKLM-x32\...\Ashampoo Burning Studio_is1) (Version: 10.0.10 - Ashampoo GmbH & Co. KG)
Ashampoo Photo Commander (HKLM-x32\...\Ashampoo Photo Commander_is1) (Version: 9.2.0 - Ashampoo GmbH & Co. KG)
Ashampoo Photo Optimizer (HKLM-x32\...\Ashampoo Photo Optimizer_is1) (Version: 4.0.0 - Ashampoo GmbH & Co. KG)
Ashampoo Snap (HKLM-x32\...\Ashampoo Snap_is1) (Version: 4.3.0 - Ashampoo GmbH & Co. KG)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.39 - Atheros Communications Inc.)
bpd_scan (x32 Version: 3.00.0000 - Hewlett-Packard) Hidden
BPDSoftware (x32 Version: 140.0.001.000 - Hewlett-Packard) Hidden
BPDSoftware_Ini (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
BufferChm (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
Control ActiveX de Windows Live Mesh para conexiones remotas (HKLM-x32\...\{04668DF2-D32F-4555-9C7E-35523DCD6544}) (Version: 15.4.5722.2 - Microsoft Corporation)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation)
Corel Graphics - Windows Shell Extension (HKLM-x32\...\_{B6BFCD02-BA0E-41A9-9C9C-6624C4BB475F}) (Version: 15.2.0.686 - Corel Corporation)
Corel Graphics - Windows Shell Extension (x32 Version: 15.2.686 - Corel Corporation) Hidden
Corel Graphics - Windows Shell Extension 64 Bit (Version: 15.2.686 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Common (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Connect (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Custom Data (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - DE (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Draw (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - EN (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - ES (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Extra Content (HKLM-x32\...\_{5A10CFDA-FA2B-453C-B561-AE864E62EAC8}) (Version:  - Corel Corporation)
CorelDRAW Essentials X5 - Extra Content (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Filters (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - FR (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - IPM (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - IT (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - PHOTO-PAINT (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Redist (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Setup Files (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - WT (x32 Version: 15.3 -  Corel Corporation) Hidden
CorelDRAW Essentials X5 (HKLM-x32\...\_{EDBEBF07-F880-48FB-9AA5-0E8E71E02D83}) (Version: 15.2.0.686 - Corel Corporation)
CorelDRAW Essentials X5 (x32 Version: 15.3 - Corel Corporation) Hidden
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3624 - CyberLink Corp.)
CyberLink MediaEspresso (HKLM-x32\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 6.5.1508_36229 - CyberLink Corp.)
CyberLink MediaShow (HKLM-x32\...\InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}) (Version: 5.1.2414 - CyberLink Corp.)
CyberLink PhotoNow (HKLM-x32\...\InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.0.6904 - CyberLink Corp.)
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 7.0.0.1327 - CyberLink Corp.)
CyberLink PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.4020 - CyberLink Corp.)
CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.2930.52 - CyberLink Corp.)
CyberLink PowerDVD Copy (HKLM-x32\...\InstallShield_{E3D04529-6EDB-11D8-A372-0050BAE317E1}) (Version: 1.5.1306 - CyberLink Corp.)
CyberLink PowerProducer (HKLM-x32\...\InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}) (Version: 5.0.2.3503 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.1.4013 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Destinations (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
DocProc (x32 Version: 140.0.185.000 - Hewlett-Packard) Hidden
Dolby Advanced Audio v2 (HKLM-x32\...\{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}) (Version: 7.2.7000.4 - Dolby Laboratories Inc)
Dropbox (HKU\S-1-5-21-689365640-92009327-2566536619-1001\...\Dropbox) (Version: 3.0.5 - Dropbox, Inc.)
Fax (x32 Version: 140.0.307.000 - Hewlett-Packard) Hidden
Finger Sensing Pad Driver (HKLM\...\{E86906FF-C63D-4EAF-ACE7-5F8D55FBEA9A}) (Version: 9.4.9.5 - Sentelic)
Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsługę połączeń zdalnych (HKLM-x32\...\{B04A0E2F-1E4C-4E61-B18E-3B2BD6779CA7}) (Version: 15.4.5722.2 - Microsoft Corporation)
Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 51.0.2704.84 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7619.1252 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Officejet J4500 Series 14.0 Rel. 6 (HKLM\...\{EACF146B-01D2-4185-B773-9604A0E5902A}) (Version: 14.0 - HP)
HPSSupply (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
Intel PROSet Wireless (x32 Version:  - ) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2462 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{006B5C65-3938-4246-B182-994A7E415EDE}) (Version: 1.1.0.0537 - Intel Corporation)
Intel(R) WiDi (HKLM-x32\...\{781A93CD-1608-427D-B7F0-D05C07795B25}) (Version: 2.1.41.0 - Intel Corporation)
Intel(R) Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version:  - )
IT9130 Driver v11.4.26.1 (HKLM-x32\...\IT9130 DriverInstaller_11.4.26.1) (Version:  - )
J4500 (x32 Version: 140.0.001.000 - Hewlett-Packard) Hidden
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kontrolnik Windows Live Mesh ActiveX za oddaljene povezave (HKLM-x32\...\{CA227A9D-09BE-4BFB-9764-48FED2DA5454}) (Version: 15.4.5722.2 - Microsoft Corporation)
Launch Manager (HKLM-x32\...\{D0846526-66DD-4DC9-A02C-98F9A2806812}) (Version: 1.5.1.4 - Wistron Corp.)
Malwarebytes Anti-Malware Version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
MarketResearch (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Medion Home Cinema (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 8.0.2608 - CyberLink Corp.)
Medion Home Cinema (x32 Version: 8.0.2608 - CyberLink Corp.) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft Mathematics (64-Bit) (HKLM\...\{E57B7E0A-8BE5-42E2-BE60-C07ED680A063}) (Version: 4.0 - Microsoft Corporation)
Microsoft Office Professional 2013 - de-de (HKLM\...\ProfessionalRetail - de-de) (Version: 15.0.4823.1004 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 45.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 45.0.1 (x86 de)) (Version: 45.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 45.0.1.5918 - Mozilla)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NVIDIA 3D Vision Driver 269.24 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 269.24 - NVIDIA Corporation)
NVIDIA Graphics Driver 269.24 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 269.24 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}) (Version: 9.10.0513 - NVIDIA Corporation)
OCR Software by I.R.I.S. 14.0 (HKLM\...\HPOCR) (Version: 14.0 - HP)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4823.1004 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4823.1004 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4823.1004 - Microsoft Corporation) Hidden
PDF24 Creator 7.4.1 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Pošta Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
ProductContext (x32 Version: 140.0.001.000 - Hewlett-Packard) Hidden
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6428 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Reader Driver (HKLM-x32\...\{62BBB2F0-E220-4821-A564-730807D2C34D}) (Version: 6.1.7600.10010 - Realtek Semiconductor Corp.)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.5.1.12123_2 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.5.1.12123_2 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.16.0 - SAMSUNG Electronics Co., Ltd.)
Scan (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
Sony Ericsson Update Engine (HKLM-x32\...\Update Engine) (Version: 2.13.8.201307151333 - Sony Ericsson Communications AB)
Sony PC Companion 2.10.303 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.303 - Sony)
Spelling Dictionaries Support For Adobe Reader X (HKLM-x32\...\{AC76BA86-7AD7-5464-3428-A00000000004}) (Version: 10.0.0 - Adobe Systems Incorporated)
Status (x32 Version: 140.0.342.000 - Hewlett-Packard) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.1.12.0 - Synaptics Incorporated)
Telekom Fotoservice (HKLM-x32\...\Telekom Fotoservice) (Version:  - )
TI USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{B1EB7FFF-6E44-43D8-869D-B78E44CD3E0F}) (Version: 1.12.14.0 - Texas Instruments Inc.)
TI USB3 Host Driver (x32 Version: 1.12.14.0 - Texas Instruments Inc.) Hidden
TomTom HOME (HKLM-x32\...\{5DCB2EB3-87AD-426E-8D74-8B92C9D731C4}) (Version: 2.9.8 - Ihr Firmenname)
TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
T-Online 6.0 (HKLM-x32\...\{B1275E23-717A-4D52-997A-1AD1E24BC7F3}) (Version:  - )
T-Online WLAN-Access Finder (HKLM-x32\...\{295C31E5-3F91-498E-9623-DA24D2FA2B6A}) (Version:  - )
Toolbox (x32 Version: 140.0.596.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
Unity Web Player (HKU\S-1-5-21-689365640-92009327-2566536619-1001\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
VR-pulse Installer (HKLM\...\{E3725525-DE3E-48C1-9B81-D5FF1BFA23BC}) (Version: 1.4.0 - American Megatrends Inc.)
watchmi (HKLM-x32\...\{AA4D1C5E-116A-4FF4-AA91-28F526868203}) (Version: 2.5.0 - Axel Springer Digital TV Guide GmbH)
WebReg (x32 Version: 140.0.297.017 - Hewlett-Packard) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen (HKLM-x32\...\{C32CE55C-12BA-4951-8797-0967FDEF556F}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX-objekt til fjernforbindelser (HKLM-x32\...\{57220148-3B2B-412A-A2E0-82B9DF423696}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX-vezérlő távoli kapcsolatokhoz (HKLM-x32\...\{6E29C4F7-C2C2-4B18-A15C-E09B92065F15}) (Version: 15.4.5722.2 - Microsoft Corporation)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

CustomCLSID: HKU\S-1-5-21-689365640-92009327-2566536619-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\lucted\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-689365640-92009327-2566536619-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\lucted\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-689365640-92009327-2566536619-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\lucted\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-689365640-92009327-2566536619-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\lucted\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-689365640-92009327-2566536619-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\lucted\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-689365640-92009327-2566536619-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\lucted\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-689365640-92009327-2566536619-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\lucted\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-689365640-92009327-2566536619-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\lucted\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-689365640-92009327-2566536619-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\lucted\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {04BCB11B-17F1-4955-9C00-69977B36C809} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe
Task: {117783BD-65A6-4DC1-9E57-4D81CD732B70} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe
Task: {197BFA21-9421-417A-A970-70146ABD8F06} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe
Task: {2175C1B2-482A-4A54-BB55-0CDD42FCACD7} - System32\Tasks\{F1346FE0-48B9-405C-B428-32C2807A08ED} => Chrome.exe
Task: {282EB8E8-1E85-4C65-8674-346BAA7E4F34} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {2B86DFC6-EB5D-4BD8-8398-CA427629B14B} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe
Task: {44B93389-5249-4E2B-A9B5-3D65E2BFAC17} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe
Task: {471E3170-56D4-4523-86A6-1464157ACD0A} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {5057AEF1-568D-4FBC-AC9E-4A78E653BFA6} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe
Task: {62A99E50-A0D9-4911-8AF5-1C78217849C2} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe
Task: {62F1DEF1-2EE7-46AC-9183-887B0B9A4311} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe
Task: {63C3E556-7059-4370-9A2A-470323E2C382} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe
Task: {670DEE14-CBDC-42E9-91D0-0552EE63E821} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {6A11C2BB-548A-4972-B321-955CC4F3952E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-04] (Google Inc.)
Task: {6D585D27-5627-4974-BE14-99479A641455} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {6E491ED6-FE8B-4B32-BF70-135C535CF8BE} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
Task: {79523EC8-DECC-43B3-AA31-7B484566FFEF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-04] (Google Inc.)
Task: {7B995869-C825-446D-8392-BEB8EAD525B3} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-05-13] (Adobe Systems Incorporated)
Task: {8C3D5683-CCAD-40F5-9375-5E6E1C5DDD73} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-05-15] (Microsoft Corporation)
Task: {962D96D8-D3AC-4B8E-98AE-A1E01A0E23A9} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe
Task: {980027FC-1320-46C9-8285-64016C8A1EDC} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe
Task: {9B6E932B-A2D6-47F1-AA14-73C659390FEB} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {ABB5E909-9D2C-47F4-9D50-CDE3BB3B99C4} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe
Task: {C921D49D-10A4-4118-A3F9-3CF0397FB61A} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {D0DC9FC0-A8BF-49B3-89FD-EE03766974EF} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-04-12] (Microsoft Corporation)
Task: {DEE673F8-F516-4176-963D-56B3DE107736} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {DF2F5D2A-F185-46FA-9084-4DC72EA2D69D} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-04-12] (Microsoft Corporation)
Task: {EA754882-3285-4AAC-834C-D4D4E2B6A4B4} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe
Task: {F7E02F74-F9B2-404B-9F09-BF7D0D44E431} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe
Task: {FA04D949-46B9-4BC1-A25D-12C4EBBDFDCC} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {FA059BAD-6409-4CF3-AEF4-B1A8C3BFBD8C} - System32\Tasks\{400F534C-CAAB-4BDF-87FF-62FCA9FD66B8} => Chrome.exe
Task: {FDB06D6C-0F7A-4090-8C38-2EE877AAFA29} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Verknüpfungen =============================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)

ShortcutWithArgument: C:\Users\lucted\Desktop\Medion\MEDIONhome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.medion.com/de --disable-quic
ShortcutWithArgument: C:\Users\lucted\Desktop\Medion\MEDIONplay.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.medion.com/de/electronics/cat/MEDIONplay/gaming_browsergames_88 --disable-quic
ShortcutWithArgument: C:\Users\lucted\Desktop\Aldi\ALDI Nord Blumen Service.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www1.aldi-blumenservice.de --disable-quic
ShortcutWithArgument: C:\Users\lucted\Desktop\Aldi\ALDI Nord Reisen.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://nord.aldi-reisen.de/html_nord --disable-quic
ShortcutWithArgument: C:\Users\lucted\Desktop\Aldi\ALDI Nord Startseite.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.aldi-essen.de --disable-quic
ShortcutWithArgument: C:\Users\lucted\Desktop\Aldi\ALDI Talk.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.medionmobile.de --disable-quic

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2015-10-30 09:18 - 2015-10-30 09:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-01-06 13:36 - 2015-07-23 03:10 - 00116552 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2011-08-17 14:26 - 2010-12-14 11:39 - 00244904 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2015-05-29 07:29 - 2015-05-29 07:29 - 02178896 _____ () C:\Windows\System32\FspService.exe
2016-03-18 23:56 - 2016-03-18 23:56 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-03-18 23:56 - 2016-03-18 23:56 - 01329936 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-12-25 20:49 - 2015-10-13 05:34 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2016-04-13 12:49 - 2016-03-29 12:20 - 02656952 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-04-13 12:49 - 2016-03-29 12:20 - 02656952 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-04-21 08:47 - 2016-04-21 08:48 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2016-01-06 16:43 - 2015-12-07 06:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-05-11 10:25 - 2016-04-23 06:25 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-05-11 10:26 - 2016-04-23 06:02 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-05-11 10:26 - 2016-04-23 05:58 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-05-11 10:26 - 2016-04-23 05:58 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-05-11 10:27 - 2016-04-23 06:01 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-06-01 21:00 - 2015-06-01 21:00 - 00102912 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-07-27 21:45 - 2015-06-10 11:13 - 00113024 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
2010-12-06 13:52 - 2010-12-06 13:52 - 01070080 _____ () C:\Program Files (x86)\watchmi\TvdTray.exe
2010-12-06 13:52 - 2010-12-06 13:52 - 00004608 _____ () C:\Program Files (x86)\watchmi\de\TvdTray.resources.dll
2016-01-06 13:43 - 2016-01-06 13:43 - 00061952 _____ () C:\WINDOWS\assembly\GAC_MSIL\Tvd.Remote\2.5.0.5__f722db7bec59a14b\Tvd.Remote.dll
2016-04-21 08:47 - 2016-04-21 08:48 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-04-21 08:47 - 2016-04-21 08:48 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2013-07-27 21:45 - 2012-04-30 11:57 - 00039936 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\TMonitorAPI.dll
2013-07-27 21:45 - 2015-10-20 18:44 - 00242176 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\MExplorer.dll
2011-07-07 14:54 - 2011-07-07 14:54 - 00233984 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\Report.dll
2013-05-14 09:38 - 2013-05-14 09:38 - 00607744 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\PhoneUpdate.dll
2010-08-04 00:39 - 2010-08-04 00:39 - 00619816 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
2010-08-04 00:39 - 2010-08-04 00:39 - 00013096 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
2016-01-04 14:02 - 2015-11-18 14:04 - 00052256 _____ () C:\Users\lucted\Mama Strom\Sonja\PDF24\OperationUI.dll
2016-01-04 14:02 - 2015-11-18 14:04 - 00074272 _____ () C:\Users\lucted\Mama Strom\Sonja\PDF24\zlib.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)


==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)


==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)


==================== Hosts Inhalt: ===============================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts


==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-689365640-92009327-2566536619-1000\Control Panel\Desktop\\Wallpaper ->
HKU\S-1-5-21-689365640-92009327-2566536619-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Desktop-Hintergrund.bmp
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)


==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808
FirewallRules: [{C59151D1-7438-4CDC-876A-DB62AD37122E}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [{E7067E1E-E8E1-4432-ABBA-8782D7AB663C}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [{EE6A52BE-2D30-4997-A0D7-A23E594417F3}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{3FCF51C9-F2DB-47AB-8D72-AEC83275C08F}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{32898F3D-8893-43B8-9BFA-0064D4085B27}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{820AEF7B-8D24-46AE-AFA1-6A90FFBE946B}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqfxt08.exe
FirewallRules: [{35320FA6-CBBB-4579-9515-59091B8A7C28}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxs08.exe
FirewallRules: [{5B9439B8-3BA7-4E0B-9983-8A089882248B}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{58F29F08-83AF-4CCD-BDD0-929A86F366D0}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{986D1FD6-5279-4E3D-A63D-C85DC1FE7B1D}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpzwiz01.exe
FirewallRules: [{39E89A1C-E0E7-4F2A-A537-6CF75B0B6F47}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{3FA40793-3956-4AD1-B6D2-03FDCB040C68}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{FA692561-CD09-4CB8-B535-6D45719D3374}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{E7DAA948-9C3F-4104-BC8D-619C8F1D29A3}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposfx08.exe
FirewallRules: [{78A5C2F7-533F-4548-9CE2-E72263131BD9}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxm08.exe
FirewallRules: [{1DAFD66C-B77E-422B-90C1-14DC7ABE36C7}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{669D6B49-D269-423F-AC57-0BB6E1E48C80}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{C9AA2C88-29A5-4104-B366-EFD59E2BD98B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{F614D191-EA5E-449E-9505-C7A3EC2C44F2}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{9C9EC504-17B1-4C47-BB36-FCF5E3D2E86C}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{AF6B72BA-D090-40DF-98EB-F86E0F449231}] => (Allow) LPort=2869
FirewallRules: [{E837ABE2-F877-4178-8B2E-2D30E71331C3}] => (Allow) LPort=1900
FirewallRules: [{78415ED0-ED22-46B5-8CF6-6330A38D9667}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{98730647-519B-40EA-AE33-AA5CB53581C6}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{C5686880-17D2-4944-9F78-78EFE22B0A7C}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
FirewallRules: [{6F384575-BDEB-47D8-A16B-04950A53FF09}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
FirewallRules: [{AEBF5336-40F2-45D9-8748-06C8EAB61AF2}] => (Allow) C:\Program Files (x86)\Intel Corporation\Intel WiDi\WiDiApp.exe
FirewallRules: [{51E9A207-6589-4FC7-9C95-4C2EB8644335}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector\PDR8.EXE
FirewallRules: [{AD026405-E962-4384-B5E3-5E989E8CB3AE}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{64B140A0-8BFF-409B-876B-DB99F0A4B6CC}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{083DB4A0-AF82-4EEF-9414-77E8D4A89D91}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{CA6BC9E5-E136-433B-A373-844BFD421588}] => (Allow) C:\Program Files (x86)\Sony Ericsson\Update Engine\Sony Ericsson Update Engine.exe
FirewallRules: [{73EEFB9D-525E-4777-AEA6-36E5F61E7344}] => (Allow) C:\Program Files (x86)\Sony Ericsson\Update Engine\Sony Ericsson Update Engine.exe
FirewallRules: [{05D77498-21A2-46B7-9385-1DBBD1C342B3}] => (Allow) C:\Users\lucted\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{177BC7C4-05B2-49F0-B9BF-BA9190DCFCBB}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{4D74C715-7AA0-47A7-816E-16C37BC869E5}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{5C10B5C9-42EE-4B9B-A629-699482688139}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{37079CCD-0E6D-4D78-9DFA-613DC7B7BC57}] => (Allow) C:\Users\lucted\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{F544B605-B131-4B1B-9F16-B5B9E1FA50D1}] => (Allow) C:\Users\lucted\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{FBFEAA35-416F-41A8-A8FA-6A7117E66A1B}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Wiederherstellungspunkte =========================

07-06-2016 09:38:05 Geplanter Prüfpunkt

==================== Fehlerhafte Geräte im Gerätemanager =============


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (06/15/2016 05:14:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: mediasrv.exe, Version: 1.1.0.51, Zeitstempel: 0x4d6e5b7d
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x7f194cd3
ID des fehlerhaften Prozesses: 0x116c
Startzeit der fehlerhaften Anwendung: 0xmediasrv.exe0
Pfad der fehlerhaften Anwendung: mediasrv.exe1
Pfad des fehlerhaften Moduls: mediasrv.exe2
Berichtskennung: mediasrv.exe3
Vollständiger Name des fehlerhaften Pakets: mediasrv.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: mediasrv.exe5

Error: (06/15/2016 05:14:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: obexsrv.exe, Version: 1.1.0.51, Zeitstempel: 0x4d6e5ab8
Name des fehlerhaften Moduls: obexsrv.exe, Version: 1.1.0.51, Zeitstempel: 0x4d6e5ab8
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0005225c
ID des fehlerhaften Prozesses: 0x115c
Startzeit der fehlerhaften Anwendung: 0xobexsrv.exe0
Pfad der fehlerhaften Anwendung: obexsrv.exe1
Pfad des fehlerhaften Moduls: obexsrv.exe2
Berichtskennung: obexsrv.exe3
Vollständiger Name des fehlerhaften Pakets: obexsrv.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: obexsrv.exe5

Error: (06/15/2016 05:14:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: devmonsrv.exe, Version: 1.1.0.51, Zeitstempel: 0x4d6e5bd3
Name des fehlerhaften Moduls: devmonsrv.exe, Version: 1.1.0.51, Zeitstempel: 0x4d6e5bd3
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00043c86
ID des fehlerhaften Prozesses: 0x16a8
Startzeit der fehlerhaften Anwendung: 0xdevmonsrv.exe0
Pfad der fehlerhaften Anwendung: devmonsrv.exe1
Pfad des fehlerhaften Moduls: devmonsrv.exe2
Berichtskennung: devmonsrv.exe3
Vollständiger Name des fehlerhaften Pakets: devmonsrv.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: devmonsrv.exe5

Error: (06/15/2016 05:13:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: obexsrv.exe, Version: 1.1.0.51, Zeitstempel: 0x4d6e5ab8
Name des fehlerhaften Moduls: obexsrv.exe, Version: 1.1.0.51, Zeitstempel: 0x4d6e5ab8
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0005225c
ID des fehlerhaften Prozesses: 0xb58
Startzeit der fehlerhaften Anwendung: 0xobexsrv.exe0
Pfad der fehlerhaften Anwendung: obexsrv.exe1
Pfad des fehlerhaften Moduls: obexsrv.exe2
Berichtskennung: obexsrv.exe3
Vollständiger Name des fehlerhaften Pakets: obexsrv.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: obexsrv.exe5

Error: (06/15/2016 05:13:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: devmonsrv.exe, Version: 1.1.0.51, Zeitstempel: 0x4d6e5bd3
Name des fehlerhaften Moduls: devmonsrv.exe, Version: 1.1.0.51, Zeitstempel: 0x4d6e5bd3
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00043c86
ID des fehlerhaften Prozesses: 0xb34
Startzeit der fehlerhaften Anwendung: 0xdevmonsrv.exe0
Pfad der fehlerhaften Anwendung: devmonsrv.exe1
Pfad des fehlerhaften Moduls: devmonsrv.exe2
Berichtskennung: devmonsrv.exe3
Vollständiger Name des fehlerhaften Pakets: devmonsrv.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: devmonsrv.exe5

Error: (06/15/2016 08:21:46 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: devmonsrv.exe, Version: 1.1.0.51, Zeitstempel: 0x4d6e5bd3
Name des fehlerhaften Moduls: devmonsrv.exe, Version: 1.1.0.51, Zeitstempel: 0x4d6e5bd3
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00043c86
ID des fehlerhaften Prozesses: 0x1a54
Startzeit der fehlerhaften Anwendung: 0xdevmonsrv.exe0
Pfad der fehlerhaften Anwendung: devmonsrv.exe1
Pfad des fehlerhaften Moduls: devmonsrv.exe2
Berichtskennung: devmonsrv.exe3
Vollständiger Name des fehlerhaften Pakets: devmonsrv.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: devmonsrv.exe5

Error: (06/15/2016 07:53:25 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: devmonsrv.exe, Version: 1.1.0.51, Zeitstempel: 0x4d6e5bd3
Name des fehlerhaften Moduls: devmonsrv.exe, Version: 1.1.0.51, Zeitstempel: 0x4d6e5bd3
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00043c86
ID des fehlerhaften Prozesses: 0x1a80
Startzeit der fehlerhaften Anwendung: 0xdevmonsrv.exe0
Pfad der fehlerhaften Anwendung: devmonsrv.exe1
Pfad des fehlerhaften Moduls: devmonsrv.exe2
Berichtskennung: devmonsrv.exe3
Vollständiger Name des fehlerhaften Pakets: devmonsrv.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: devmonsrv.exe5

Error: (06/14/2016 08:09:48 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: devmonsrv.exe, Version: 1.1.0.51, Zeitstempel: 0x4d6e5bd3
Name des fehlerhaften Moduls: devmonsrv.exe, Version: 1.1.0.51, Zeitstempel: 0x4d6e5bd3
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00043c86
ID des fehlerhaften Prozesses: 0x1f90
Startzeit der fehlerhaften Anwendung: 0xdevmonsrv.exe0
Pfad der fehlerhaften Anwendung: devmonsrv.exe1
Pfad des fehlerhaften Moduls: devmonsrv.exe2
Berichtskennung: devmonsrv.exe3
Vollständiger Name des fehlerhaften Pakets: devmonsrv.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: devmonsrv.exe5

Error: (06/14/2016 08:07:56 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: devmonsrv.exe, Version: 1.1.0.51, Zeitstempel: 0x4d6e5bd3
Name des fehlerhaften Moduls: devmonsrv.exe, Version: 1.1.0.51, Zeitstempel: 0x4d6e5bd3
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00043c86
ID des fehlerhaften Prozesses: 0x36c
Startzeit der fehlerhaften Anwendung: 0xdevmonsrv.exe0
Pfad der fehlerhaften Anwendung: devmonsrv.exe1
Pfad des fehlerhaften Moduls: devmonsrv.exe2
Berichtskennung: devmonsrv.exe3
Vollständiger Name des fehlerhaften Pakets: devmonsrv.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: devmonsrv.exe5

Error: (06/13/2016 08:17:49 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: devmonsrv.exe, Version: 1.1.0.51, Zeitstempel: 0x4d6e5bd3
Name des fehlerhaften Moduls: devmonsrv.exe, Version: 1.1.0.51, Zeitstempel: 0x4d6e5bd3
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00043c86
ID des fehlerhaften Prozesses: 0x1c58
Startzeit der fehlerhaften Anwendung: 0xdevmonsrv.exe0
Pfad der fehlerhaften Anwendung: devmonsrv.exe1
Pfad des fehlerhaften Moduls: devmonsrv.exe2
Berichtskennung: devmonsrv.exe3
Vollständiger Name des fehlerhaften Pakets: devmonsrv.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: devmonsrv.exe5


Systemfehler:
=============
Error: (06/15/2016 05:14:48 PM) (Source: DCOM) (EventID: 10005) (User: LUCTED-PC)
Description: 1053Bluetooth Media ServiceNicht verfügbar{9AC233E9-AC75-4DB5-85C4-DAB13A484FEA}

Error: (06/15/2016 05:14:48 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Bluetooth Media Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053 = Der Dienst antwortete nicht rechtzeitig auf die Start- oder Steuerungsanforderung.


Error: (06/15/2016 05:14:48 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Bluetooth Media Service erreicht.

Error: (06/15/2016 05:14:46 PM) (Source: DCOM) (EventID: 10005) (User: LUCTED-PC)
Description: 1053Bluetooth OBEX ServiceNicht verfügbar{E9E0D51D-F407-4D91-B294-C111F721A3AF}

Error: (06/15/2016 05:14:46 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Bluetooth OBEX Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053 = Der Dienst antwortete nicht rechtzeitig auf die Start- oder Steuerungsanforderung.


Error: (06/15/2016 05:14:46 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Bluetooth OBEX Service erreicht.

Error: (06/15/2016 05:14:45 PM) (Source: DCOM) (EventID: 10005) (User: LUCTED-PC)
Description: 1053Bluetooth Device MonitorNicht verfügbar{DABF28BE-F6B4-4E40-8F40-C4FB26F3116C}

Error: (06/15/2016 05:14:45 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Bluetooth Device Monitor" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053 = Der Dienst antwortete nicht rechtzeitig auf die Start- oder Steuerungsanforderung.


Error: (06/15/2016 05:14:45 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Bluetooth Device Monitor erreicht.

Error: (06/15/2016 05:13:40 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "watchmi" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053 = Der Dienst antwortete nicht rechtzeitig auf die Start- oder Steuerungsanforderung.



CodeIntegrity:
===================================
  Date: 2016-06-12 22:22:49.349
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.

  Date: 2016-06-12 22:20:31.887
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.

  Date: 2016-06-10 22:20:05.287
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.

  Date: 2016-06-10 22:20:05.269
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.

  Date: 2016-06-10 21:59:05.833
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.

  Date: 2016-06-10 21:57:43.550
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.

  Date: 2016-06-10 19:39:25.792
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.

  Date: 2016-06-10 19:38:10.603
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.

  Date: 2016-06-10 19:38:10.594
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.

  Date: 2016-06-09 15:25:16.982
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.


==================== Speicherinformationen ===========================

Prozessor: Intel(R) Core(TM) i3-2330M CPU @ 2.20GHz
Prozentuale Nutzung des RAM: 50%
Installierter physikalischer RAM: 4001.87 MB
Verfügbarer physikalischer RAM: 1975.83 MB
Summe virtueller Speicher: 8097.87 MB
Verfügbarer virtueller Speicher: 6108.59 MB

==================== Laufwerke ================================

Drive c: (Boot) (Fixed) (Total:647.54 GB) (Free:581.01 GB) NTFS
Drive d: (Recover) (Fixed) (Total:48 GB) (Free:22.32 GB) NTFS

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: 2BD2C32A)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=647.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=50 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=1 GB) - (Type=12)

==================== Ende von Addition.txt ============================
Hallo Rafael,
die Frage am Ende, ob ich noch irgendwelche Probleme mit meinem PC habe,ist die an mich gerichtet oder eine allgemeine Werbung von Euch?

Denn ich habe tatsächlich noch Probleme mit meinem anderen PC, den dies ist hier mein Laptop wo wir gerade den Trojaner bekämpfen:kloppen:

Aber ich gehe mal davon aus, dass ich dafür dann wieder ein neuen Thread eröffnen muss.
Denn da wird es wohl auch kompliziert werden:headbang:

Lg Caro

burningice 15.06.2016 18:18
Die Frage ist durchaus an dich gerichtet haha - also dieser PC läuft dann wohl gut schließe ich daraus.

Eine kleine Feinheit hier noch und damit verbunden etwas aus Interesse:
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1
C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\CCACCBF1-7AB4-4CF5-B32D-668C686A539F
cmd: dir "C:\Users\lucted\Desktop\Alte Firefox-Daten" /s

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.



Welches Problem hat dein anderer PC denn?

Caroblue 16.06.2016 18:14
:lach: das willst du nicht wirklich wissen :Boogie: bei dem pc ist alles im argen. Mein Mann wollte den pc von Windows Vista auf Windows 8.1 aufrüsten und nun ist der bildschirm schwarz und nichts geht mehr:wtf:

Code:
Entferungsergebnis von Farbar Recovery Scan Tool (x64) Version:15-06-2016
durchgeführt von lucted (2016-06-15 22:58:26) Run:3
Gestartet von C:\Users\lucted\Trojaner-Board#
Geladene Profile: UpdatusUser & lucted (Verfügbare Profile: UpdatusUser & lucted & DefaultAppPool)
Start-Modus: Normal
==============================================

fixlist Inhalt:
*****************
C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1
C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\CCACCBF1-7AB4-4CF5-B32D-668C686A539F
cmd: dir "C:\Users\lucted\Desktop\Alte Firefox-Daten" /s
*****************

"C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1" => nicht gefunden.
C:\Users\lucted\AppData\Roaming\Mozilla\Firefox\Profiles\CCACCBF1-7AB4-4CF5-B32D-668C686A539F => erfolgreich verschoben

=========  dir "C:\Users\lucted\Desktop\Alte Firefox-Daten" /s =========

 Datentr�ger in Laufwerk C: ist Boot
 Volumeseriennummer: 9604-B995

 Verzeichnis von C:\Users\lucted\Desktop\Alte Firefox-Daten

14.06.2016  08:35    <DIR>          .
14.06.2016  08:35    <DIR>          ..
14.06.2016  08:35    <DIR>          41A66E7E5EE1
              0 Datei(en),              0 Bytes

 Verzeichnis von C:\Users\lucted\Desktop\Alte Firefox-Daten\41A66E7E5EE1

14.06.2016  08:35    <DIR>          .
14.06.2016  08:35    <DIR>          ..
13.06.2016  08:03            3.910 addons.json
03.10.2013  08:32          524.288 addons.sqlite
14.06.2016  08:35    <DIR>          Allin1Convert_8h
13.06.2016  08:01          235.489 blocklist.xml
14.06.2016  08:35    <DIR>          bookmarkbackups
14.06.2016  08:35          704.512 cert8.db
30.09.2012  19:42              732 cert_override.txt
13.06.2016  07:59              208 compatibility.ini
14.06.2016  08:35          229.376 content-prefs.sqlite
14.06.2016  08:35          524.288 cookies.sqlite
17.01.2015  18:09        1.572.864 cookies.sqlite.bak
14.06.2016  08:35    <DIR>          crashes
14.06.2016  08:35    <DIR>          datareporting
14.06.2016  08:35    <DIR>          extensions
12.06.2016  22:47              489 extensions.ini
14.06.2016  08:11            8.321 extensions.json
16.11.2013  13:53          458.752 extensions.sqlite
14.06.2016  08:30        1.146.880 formhistory.sqlite
14.06.2016  08:35    <DIR>          gmp
14.06.2016  08:35    <DIR>          gmp-eme-adobe
14.06.2016  08:35    <DIR>          gmp-gmpopenh264
14.06.2016  08:35    <DIR>          healthreport
14.06.2016  08:05        1.146.880 healthreport.sqlite
07.12.2014  10:54              558 hotfix.v20140527.01.json
14.06.2016  08:35    <DIR>          jetpack
14.06.2016  08:35            16.384 key3.db
12.12.2014  13:25            10.563 localstore.rdf
07.06.2016  11:11            1.907 logins.json
02.04.2014  20:27                57 marionette.log
09.04.2016  20:17          256.923 memory-report.json.gz
02.05.2016  10:30            13.630 mimeTypes.rdf
14.06.2016  08:35    <DIR>          minidumps
14.06.2016  08:03                0 parent.lock
18.04.2016  10:30          131.072 permissions.sqlite
14.06.2016  08:35        10.485.760 places.sqlite
13.05.2016  08:46            4.644 pluginreg.dat
14.06.2016  08:35            40.869 prefs.js
14.06.2016  08:03            7.488 revocations.txt
14.06.2016  08:35    <DIR>          saved-telemetry-pings
26.03.2016  10:41              224 search-metadata.json
09.06.2016  13:03            42.763 search.json.mozlz4
16.06.2012  20:59            65.536 search.sqlite
14.06.2016  08:35    <DIR>          searchplugins
26.12.2011  15:20            16.384 secmod.db
19.03.2016  20:16              263 serviceworker.txt
14.06.2016  08:35              288 sessionCheckpoints.json
14.06.2016  08:35    <DIR>          sessionstore-backups
26.09.2014  00:43            18.318 sessionstore.bak-20140923175406
14.06.2016  08:35            8.921 sessionstore.js
07.09.2014  19:49          327.680 signons.sqlite
14.06.2016  08:35            8.555 SiteSecurityServiceState.txt
14.06.2016  08:35    <DIR>          storage
16.07.2013  22:00                1 Telemetry.FailedProfileLocks.txt
24.05.2013  21:25                25 times.json
14.06.2016  08:35          110.696 undefinedbs.log
15.05.2014  18:40              154 urlclassifierkey3.txt
08.06.2016  09:17              259 user.js
14.06.2016  08:35    <DIR>          weave
14.06.2016  08:35    <DIR>          webapps
14.06.2016  08:35          131.072 webappsstore.sqlite
14.06.2016  08:35            4.949 xulstore.json
14.06.2016  08:35    <DIR>          YourGSearchFinder_br
              44 Datei(en),    18.262.932 Bytes

 Verzeichnis von C:\Users\lucted\Desktop\Alte Firefox-Daten\41A66E7E5EE1\Allin1Convert_8h

14.06.2016  08:35    <DIR>          .
14.06.2016  08:35    <DIR>          ..
              0 Datei(en),              0 Bytes

 Verzeichnis von C:\Users\lucted\Desktop\Alte Firefox-Daten\41A66E7E5EE1\bookmarkbackups

14.06.2016  08:35    <DIR>          .
14.06.2016  08:35    <DIR>          ..
20.02.2015  11:32            25.965 bookmarks-2015-03-02_136_8JkjvcJUiEl0lp-bKHNHxw==.jsonlz4
05.03.2015  15:08            26.060 bookmarks-2015-03-06_137_prQIXqNg4x+alYYViEPP9w==.jsonlz4
07.03.2015  10:15            26.030 bookmarks-2015-04-30_137_VGAqmiz4fnXSCTqWUDbBJQ==.jsonlz4
14.05.2015  17:37            26.174 bookmarks-2015-05-26_138_rRMxCpcLUrVnOWtYdDSMcQ==.jsonlz4
29.05.2015  20:43            29.306 bookmarks-2015-06-21_139_W4Wp4KnXrI6rVgrvOe2GNg==.jsonlz4
25.06.2015  19:27            29.306 bookmarks-2015-10-31_139_SCp1e1GOmAuk4bqv7dFgAg==.jsonlz4
01.11.2015  18:00            30.314 bookmarks-2015-12-28_140_C5QHCZGGUrY+UoZma-j6nQ==.jsonlz4
02.01.2016  15:27            30.311 bookmarks-2016-01-03_140_4S3dyDQCMxe8IQbvtIqj2A==.jsonlz4
04.01.2016  16:32            30.483 bookmarks-2016-01-05_141_zZfIb2t+vvgf+hYdIaaRGA==.jsonlz4
06.01.2016  17:19            30.786 bookmarks-2016-02-08_142_4S-YUN2OHFNNJDWkWW870Q==.jsonlz4
11.02.2016  11:56            31.498 bookmarks-2016-03-22_144_pf28f7Ze5f3udWhHG005yw==.jsonlz4
23.03.2016  13:13            32.163 bookmarks-2016-04-12_146_XhNFjCSXUxCeg9S2hDXBLg==.jsonlz4
13.04.2016  13:46            32.432 bookmarks-2016-04-27_147_l13Ha7+y-dQb3p59pMsVGw==.jsonlz4
02.05.2016  11:48            32.371 bookmarks-2016-05-04_147_pi5wKoUOxUyn46rEdr5aMQ==.jsonlz4
09.05.2016  17:34            32.654 bookmarks-2016-06-13_148_RZFfCKRy6dZ1CZ6J+jwKmg==.jsonlz4
              15 Datei(en),        445.853 Bytes

 Verzeichnis von C:\Users\lucted\Desktop\Alte Firefox-Daten\41A66E7E5EE1\crashes

14.06.2016  08:35    <DIR>          .
14.06.2016  08:35    <DIR>          ..
14.06.2016  08:35    <DIR>          events
14.06.2016  08:04            5.232 store.json.mozlz4
              1 Datei(en),          5.232 Bytes

 Verzeichnis von C:\Users\lucted\Desktop\Alte Firefox-Daten\41A66E7E5EE1\crashes\events

14.06.2016  08:35    <DIR>          .
14.06.2016  08:35    <DIR>          ..
              0 Datei(en),              0 Bytes

 Verzeichnis von C:\Users\lucted\Desktop\Alte Firefox-Daten\41A66E7E5EE1\datareporting

14.06.2016  08:35    <DIR>          .
14.06.2016  08:35    <DIR>          ..
14.06.2016  08:35    <DIR>          archived
14.06.2016  08:04              137 session-state.json
13.12.2014  19:09                51 state.json
              2 Datei(en),            188 Bytes

 Verzeichnis von C:\Users\lucted\Desktop\Alte Firefox-Daten\41A66E7E5EE1\datareporting\archived

14.06.2016  08:35    <DIR>          .
14.06.2016  08:35    <DIR>          ..
14.06.2016  08:35    <DIR>          2016-01
14.06.2016  08:35    <DIR>          2016-02
14.06.2016  08:35    <DIR>          2016-03
14.06.2016  08:35    <DIR>          2016-04
14.06.2016  08:35    <DIR>          2016-05
14.06.2016  08:35    <DIR>          2016-06
              0 Datei(en),              0 Bytes

 Verzeichnis von C:\Users\lucted\Desktop\Alte Firefox-Daten\41A66E7E5EE1\datareporting\archived\2016-01

14.06.2016  08:35    <DIR>          .
14.06.2016  08:35    <DIR>          ..
02.01.2016  13:06            5.858 1451732796472.e39a9860-7a8a-45b9-a68c-2c409d9d0a88.main.jsonlz4
02.01.2016  16:17            6.483 1451744276171.1ee76189-11b3-4680-8a24-390803a8de8d.main.jsonlz4
03.01.2016  20:01            6.399 1451844096525.5434726a-0754-4045-833c-74c84ede3977.main.jsonlz4
04.01.2016  14:44            6.405 1451911494028.daf77854-c0cc-468e-ac6a-1cfaa760937c.main.jsonlz4
04.01.2016  21:37            6.387 1451936235720.4a631849-c0e9-4fdf-b730-eae80755187b.main.jsonlz4
04.01.2016  21:41            5.934 1451936461535.d833c606-63d9-4d2d-a8e3-2f003741aecb.main.jsonlz4
05.01.2016  22:29            6.394 1452025756272.6f31542b-abeb-4ba9-b7e7-e32ea0aecb52.main.jsonlz4
06.01.2016  12:44            6.128 1452077050928.29d23c58-bebe-44c0-9bb9-3780d7447ab5.main.jsonlz4
06.01.2016  20:26            6.245 1452104785046.8afd496d-78af-42a8-9259-5b8e583f0d24.main.jsonlz4
07.01.2016  21:24            6.389 1452194661244.a4ae4686-b036-492e-b89b-a80ee9b33bc5.main.jsonlz4
10.01.2016  22:11            6.346 1452456711449.f72b5efe-3a1e-4c5f-a304-d6ee6054f4be.main.jsonlz4
11.01.2016  14:51            6.462 1452516688441.171a3cde-67b0-4fca-85c5-35e424f87abd.main.jsonlz4
11.01.2016  14:58            6.049 1452517131554.11a90d73-83cf-4740-a046-fad3ad188d14.main.jsonlz4
11.01.2016  17:51            6.048 1452527484294.3dc8ad49-0f45-405a-ae16-b865e1942808.main.jsonlz4
12.01.2016  11:38            5.944 1452591502987.a4f8c137-7ab7-486d-ab0f-9f81db0a0b04.main.jsonlz4
12.01.2016  12:31            6.468 1452594708099.e66e8700-eced-44d2-b2c2-563cd6ba5f55.main.jsonlz4
14.01.2016  00:25            6.397 1452723926108.4f8d3222-8691-436c-a11a-d49b7acfe6db.main.jsonlz4
14.01.2016  14:50            6.164 1452775817570.c6162e8e-acb4-43f4-8424-9bdea2dfbf32.main.jsonlz4
14.01.2016  16:11            6.271 1452780660745.b377466d-802c-4fc8-a535-46d4a9b376ec.main.jsonlz4
15.01.2016  16:49            6.265 1452869387312.d11ba2a4-29cb-4e4f-a4b9-27eb70c42926.main.jsonlz4
17.01.2016  21:16            6.431 1453058197493.85e22fa7-3e08-4507-928a-d2d470b2e2f6.main.jsonlz4
19.01.2016  10:40            6.402 1453192829707.6fb92818-7a17-4a8a-b09a-487ab3888c5f.main.jsonlz4
19.01.2016  12:52            6.331 1453200736565.39f5c5e0-aed4-4c4d-9b98-c9cac6e64ad8.main.jsonlz4
21.01.2016  22:41            6.463 1453408865228.a37d99e9-9a6d-448e-a1d4-92248ad6535a.main.jsonlz4
22.01.2016  14:38            6.222 1453466295423.e7df4306-c94a-42db-b079-3ff762776135.main.jsonlz4
22.01.2016  20:50            6.407 1453488619330.c757bc38-0423-4c9a-b767-4fe9c98f8bda.main.jsonlz4
24.01.2016  19:55            6.501 1453658147016.e6d30086-8a02-406e-a41d-9310cbf3f7fa.main.jsonlz4
25.01.2016  13:42            6.388 1453722124783.65d9d3e9-c50c-456d-825b-7b4b191a091a.main.jsonlz4
27.01.2016  21:59            6.496 1453924743944.e6830502-7437-4dd3-a8d7-431d1aca5302.main.jsonlz4
28.01.2016  14:16            5.911 1453983404791.c1de0161-3c2f-485f-a548-463405a94743.main.jsonlz4
28.01.2016  15:26            6.284 1453987601349.86b00ac2-bf15-4d2d-afb2-8af979e4f919.main.jsonlz4
30.01.2016  20:59            6.438 1454180389806.a6c2e94d-1a12-499e-b925-a564508d2060.main.jsonlz4
31.01.2016  19:19            6.270 1454260763492.845031bb-1a00-48fe-bb17-2a7d35a7a73d.main.jsonlz4
31.01.2016  19:40            6.224 1454262029198.94f97d6a-ec5f-4678-8a37-7b67e13b1f6e.main.jsonlz4
              34 Datei(en),        213.804 Bytes

 Verzeichnis von C:\Users\lucted\Desktop\Alte Firefox-Daten\41A66E7E5EE1\datareporting\archived\2016-02

14.06.2016  08:35    <DIR>          .
14.06.2016  08:35    <DIR>          ..
02.02.2016  14:56            6.388 1454417766876.60a630d6-de4d-4c0e-9c5e-6730d9ffbc88.main.jsonlz4
02.02.2016  21:12            6.056 1454440365376.d9107582-d4d1-4b5b-9ebf-17f4f8de97d5.main.jsonlz4
05.02.2016  19:29            6.506 1454693360631.dbacf44d-3c49-45b6-86db-007568e01756.main.jsonlz4
08.02.2016  21:16            6.555 1454959006962.0b4ddb19-4a85-424a-8bf7-c20962da4074.main.jsonlz4
09.02.2016  14:42            6.458 1455021776884.0f4a7947-538d-42ef-80a6-57442f4446d1.main.jsonlz4
10.02.2016  19:42            6.380 1455126127582.ee2a86b8-6fdc-4472-8806-dc4bc14fac8a.main.jsonlz4
11.02.2016  12:56            6.283 1455188186367.54f24203-6364-4c27-8b21-723a13cec5cb.main.jsonlz4
13.02.2016  21:11            6.579 1455390676335.cb649c2f-f635-4a27-bd87-8474974317ae.main.jsonlz4
14.02.2016  18:19            6.323 1455466756051.74b118e3-5360-4233-a0d9-06fedf612753.main.jsonlz4
19.02.2016  16:31            6.401 1455892312241.3d6b32c3-7d94-4e11-825f-aa2363351807.main.jsonlz4
28.02.2016  12:03            6.474 1456653823484.b4fab7a9-8615-45ed-b404-eb6ad4166c1f.main.jsonlz4
              11 Datei(en),        70.403 Bytes

 Verzeichnis von C:\Users\lucted\Desktop\Alte Firefox-Daten\41A66E7E5EE1\datareporting\archived\2016-03

14.06.2016  08:35    <DIR>          .
14.06.2016  08:35    <DIR>          ..
03.03.2016  11:52            6.313 1456998738140.1af99dad-85fd-474f-a202-3628e33b7f45.main.jsonlz4
09.03.2016  09:28            6.252 1457508493154.ff0b56d3-7256-4cd6-a511-11938270ae4e.main.jsonlz4
09.03.2016  17:39            6.080 1457537986743.6f3067ba-896e-4dca-bff1-397d080d253e.main.jsonlz4
09.03.2016  21:08            6.366 1457550481600.2420cde4-42b7-4dae-80e4-fbeb72699911.main.jsonlz4
16.03.2016  11:40            6.478 1458121233393.57a09a54-8a08-47bc-9184-e6f83307b6a1.main.jsonlz4
18.03.2016  21:39            6.704 1458329979461.fd45946d-5651-4398-a01c-a5165001be5c.main.jsonlz4
19.03.2016  21:12            6.737 1458414721246.f3aae700-2259-473e-9d6a-2436108c3b05.main.jsonlz4
21.03.2016  00:07            6.879 1458511671455.d9bd575c-b5c7-4ed9-96b8-fb506ea598b2.main.jsonlz4
21.03.2016  20:51            6.941 1458586281862.033a567c-22bf-4214-8c55-8d1f46b2c26e.main.jsonlz4
22.03.2016  21:10            6.792 1458673802837.4a95c5c5-da38-4a80-a711-9824e407e0b3.main.jsonlz4
23.03.2016  20:57            6.926 1458759432732.787a606d-6291-47fb-8e4a-248f90290028.main.jsonlz4
24.03.2016  18:16            6.818 1458836205271.c2c19022-5bef-4bed-a98d-250b3e2adac0.main.jsonlz4
25.03.2016  21:17            6.942 1458933422448.9da7eddc-94ad-4681-82e9-fe0ee59417ef.main.jsonlz4
26.03.2016  10:51            6.292 1458981393437.d74cfb82-248b-4ced-b1ca-5e3b735d8036.main.jsonlz4
26.03.2016  15:36            7.416 1458999384055.f9842b1a-e747-4baf-ba4d-a2ce9186f3f8.main.jsonlz4
30.03.2016  18:23            6.595 1459354249841.0236a756-abe3-4a76-b754-21d6d68c59b5.main.jsonlz4
30.03.2016  19:05            6.668 1459357052910.2d801648-e807-4e63-ad67-b5b7f27f5746.main.jsonlz4
30.03.2016  19:20            6.542 1459357804504.0b1db8e1-766a-42d7-a86b-cb7b3b08f374.main.jsonlz4
30.03.2016  22:12            7.052 1459368733424.555154ac-7e3f-42e5-93d1-31fdf6c10987.main.jsonlz4
31.03.2016  20:52            6.814 1459450330345.ec4b4299-27e9-4adb-b89e-b21b06679a81.main.jsonlz4
              20 Datei(en),        133.607 Bytes

 Verzeichnis von C:\Users\lucted\Desktop\Alte Firefox-Daten\41A66E7E5EE1\datareporting\archived\2016-04

14.06.2016  08:35    <DIR>          .
14.06.2016  08:35    <DIR>          ..
01.04.2016  00:03            6.612 1459461821201.d9b2458a-893f-456b-b4ee-82cfde42acbe.main.jsonlz4
01.04.2016  15:45            6.498 1459464655583.3f6e9fbb-e055-49ef-be9f-18333b6273f2.main.jsonlz4
01.04.2016  21:28            7.118 1459538901979.85e28541-6535-4316-b062-1187de715836.main.jsonlz4
02.04.2016  00:49            6.695 1459550945067.cf09cd1d-fec6-40a3-9b06-6f4816b31db3.main.jsonlz4
05.04.2016  13:26            6.936 1459854973004.d7c6f390-d39e-4bfc-92c5-0af7656d4f90.main.jsonlz4
05.04.2016  13:50            6.675 1459857046277.263ea33e-5231-41bc-8f8e-f7ccd1c89fbc.main.jsonlz4
09.04.2016  14:30            6.941 1460205029050.2af24703-c4f4-4f89-858b-d0e624211e9e.main.jsonlz4
09.04.2016  20:18            7.324 1460225895984.928639ca-4517-413d-8918-2f750d057cef.main.jsonlz4
12.04.2016  20:04            7.115 1460484271363.33ec0f70-a89b-4863-8b5e-7d9c6701328b.main.jsonlz4
13.04.2016  20:15            7.138 1460571304684.6058f4fe-ea29-4e60-8b84-e022356b7c54.main.jsonlz4
15.04.2016  18:07            7.151 1460731101861.a735020b-c582-459b-9ec9-bd1d499b0af2.main.jsonlz4
15.04.2016  20:14            6.767 1460744055273.ee5d74c8-afc1-4fb1-8959-f82fa75bc676.main.jsonlz4
15.04.2016  22:55            6.692 1460753730020.d55fd4de-e303-4533-ad90-d80fdfc22e1d.main.jsonlz4
18.04.2016  11:02            7.017 1460970141817.de0dfbe0-b4b4-4669-a199-97cd8fe199b2.main.jsonlz4
21.04.2016  09:26            7.054 1461223576672.a3248386-b376-4ada-944f-6294d4c3a6e8.main.jsonlz4
21.04.2016  23:03            7.040 1461272615394.78488b33-3fee-4ee5-9578-da2a2f4c1302.main.jsonlz4
27.04.2016  19:11            7.244 1461777073808.74fe8619-638d-4040-8077-d15e6d8ff64a.main.jsonlz4
              17 Datei(en),        118.017 Bytes

 Verzeichnis von C:\Users\lucted\Desktop\Alte Firefox-Daten\41A66E7E5EE1\datareporting\archived\2016-05

14.06.2016  08:35    <DIR>          .
14.06.2016  08:35    <DIR>          ..
02.05.2016  20:46            7.133 1462214799336.e37bbeb5-3f9c-40ad-be50-920020f56164.main.jsonlz4
04.05.2016  15:50            7.174 1462369835403.d8b8506b-5bda-4ffa-8365-99687d5ddfba.main.jsonlz4
04.05.2016  20:15            6.803 1462385732900.bc54c276-089c-41ba-8ec6-96f1337aadc9.main.jsonlz4
09.05.2016  20:29            7.178 1462818581042.e8bbd0fd-b0ed-41ef-af38-fe61b316c86e.main.jsonlz4
10.05.2016  13:58            6.966 1462881479305.f843fda4-c8c4-4e22-942d-b01f4c364fd7.main.jsonlz4
10.05.2016  14:30            6.952 1462883414586.0f7062f8-4205-4b49-bdfe-a7f2a8cfa6c5.main.jsonlz4
11.05.2016  09:55            6.658 1462953317679.4b40ca1f-8e2b-4b4b-8519-84849199eaff.main.jsonlz4
11.05.2016  10:02            6.683 1462953769442.d8214e86-7265-4d6f-8fb5-fcf19a077c02.main.jsonlz4
11.05.2016  20:42            7.192 1462992156437.32f37ff4-1473-441a-8615-fd8b38dcaca9.main.jsonlz4
13.05.2016  08:46            6.954 1463121996426.75bae898-bfb5-4f98-8958-1e718672999f.main.jsonlz4
13.05.2016  08:54            6.892 1463122496157.82650330-df5f-44c5-882f-ed62dad2ab60.main.jsonlz4
13.05.2016  09:43            6.998 1463125392216.b4a742a2-6edc-4951-a15e-42b769f90e91.main.jsonlz4
15.05.2016  12:10            7.059 1463307006407.fb8a9f78-47ef-47b3-b8c7-dfa0b600a0cc.main.jsonlz4
15.05.2016  13:56            7.112 1463313389153.f603bdcf-497b-4b88-8454-fd7163b3b13b.main.jsonlz4
15.05.2016  14:04            6.844 1463313883601.b62e0208-23c7-4837-8a93-d74ba87ae338.main.jsonlz4
15.05.2016  14:09            6.878 1463314143199.074b114b-0c3f-4bc5-b0d1-0e16db1eebbb.main.jsonlz4
19.05.2016  07:35            6.913 1463636137723.6811741f-2997-4fd6-9d77-65033b17de63.main.jsonlz4
19.05.2016  08:13            7.033 1463638394656.686694b8-38e3-4f9d-a490-a5872a239801.main.jsonlz4
20.05.2016  07:05            7.028 1463720755532.bf5d210d-f4c9-4b6d-aa3f-3dbc4b9beba8.main.jsonlz4
20.05.2016  07:16            7.024 1463721382040.d4be09da-56a2-4e54-b3e4-6804d12f650a.main.jsonlz4
20.05.2016  22:33            7.150 1463776398772.b61337e4-60e4-4edc-a399-463c9777bd34.main.jsonlz4
22.05.2016  18:53            7.149 1463936004930.e78d7f6d-eb50-4c2f-8a95-8082e7b83cae.main.jsonlz4
22.05.2016  19:01            6.892 1463936494361.01da614e-fc62-40e1-ad29-ef0df2553f2c.main.jsonlz4
22.05.2016  22:06            7.081 1463947563037.d0fc972b-56e1-4320-8aff-f69ef06c26dc.main.jsonlz4
24.05.2016  18:44            7.216 1464108253409.d0e2df07-85c3-4e40-ad10-badef20585c9.main.jsonlz4
24.05.2016  18:55            6.941 1464108941986.6f2c40de-fa4d-4638-a7fe-bd065697b8bf.main.jsonlz4
24.05.2016  20:11            7.033 1464113485363.2720fc90-d2b1-4117-ae9d-805924554c1c.main.jsonlz4
27.05.2016  09:32            4.600 1464334369466.734e5d31-a53f-4ca1-ae9f-1a4d99b3a135.crash.jsonlz4
27.05.2016  09:37            6.781 1464334661758.74908471-df48-46b0-b7ec-3636513b5c05.main.jsonlz4
27.05.2016  15:46            7.188 1464356764663.a02ed91a-6d5c-490d-8d49-4c00d6ee1e69.main.jsonlz4
              30 Datei(en),        207.505 Bytes

 Verzeichnis von C:\Users\lucted\Desktop\Alte Firefox-Daten\41A66E7E5EE1\datareporting\archived\2016-06

14.06.2016  08:35    <DIR>          .
14.06.2016  08:35    <DIR>          ..
01.06.2016  07:17            7.055 1464758229604.5c15020e-7de5-4bbb-8cbe-0f0283fb17de.main.jsonlz4
01.06.2016  07:26            6.941 1464758785332.9493b7f1-f296-4f59-bbba-2a5c5dfd4d66.main.jsonlz4
01.06.2016  08:18            7.015 1464761899616.0f2b586b-721b-4b5d-b851-6533119d8381.main.jsonlz4
01.06.2016  08:44            7.006 1464763476022.8e6f8ecc-4afa-477e-9127-8cd82065c006.main.jsonlz4
06.06.2016  22:23            6.660 1465200899880.17607cb3-f151-474c-80f4-4582611edb01.main.jsonlz4
06.06.2016  22:28            7.032 1465244915403.d0f97d8c-8ed4-4320-95f0-60d9ad3e8b3f.main.jsonlz4
06.06.2016  23:20            7.022 1465247442824.cce1f839-27e1-48dd-8e61-bebf7a74606b.main.jsonlz4
06.06.2016  23:40            6.813 1465248648123.89d51059-da3f-4b9b-9f75-9735d3befd8f.main.jsonlz4
06.06.2016  23:40            4.592 1465249249766.a1144598-9aa9-4a49-9c7e-dc2df874df7f.crash.jsonlz4
07.06.2016  10:32            6.569 1465249850562.ac81026f-cc82-4263-bb52-7bd94e280bc8.main.jsonlz4
07.06.2016  10:32            4.455 1465288334564.8ea15719-f9b2-42e7-9cd1-8197156ee951.crash.jsonlz4
07.06.2016  10:41            6.822 1465288894266.6f6b86d2-732c-4846-8b67-129cd1c33fc5.main.jsonlz4
07.06.2016  10:59            6.781 1465289983964.8b81e297-c89e-493f-8456-f62882621e90.main.jsonlz4
07.06.2016  11:15            6.816 1465290920591.da667aa4-1f94-499c-bc25-2a301b0d093c.main.jsonlz4
07.06.2016  12:58            6.949 1465297082373.7d275e79-08d7-4a3c-966a-093d44bac14e.main.jsonlz4
07.06.2016  14:11            6.917 1465301493546.bb533b13-837d-40eb-abe6-693cb0934e2c.main.jsonlz4
07.06.2016  14:33            6.819 1465302831503.38b068b6-56a5-4855-9648-bf4c3fd8e0e2.main.jsonlz4
07.06.2016  15:54            6.880 1465307653624.8b3d9695-07a5-4baa-988a-055f0a954090.main.jsonlz4
07.06.2016  16:26            6.760 1465309572955.c87a9860-4b3a-400f-82ee-8b16e9f10f16.main.jsonlz4
08.06.2016  08:57            6.953 1465368592890.f71c4aa5-3bac-4b91-8bdb-626fe56e70ff.main.jsonlz4
08.06.2016  09:13            6.819 1465370009339.ffe4fe93-3f6c-46cb-bff7-0da92f52eebc.main.jsonlz4
08.06.2016  14:16            6.493 1465387682701.6bc80660-f038-48ae-af8b-325db341648b.main.jsonlz4
08.06.2016  20:09            6.574 1465409352407.5e3fb81b-fffd-4ad6-96dd-1688ccf06fde.main.jsonlz4
09.06.2016  21:06            6.881 1465499209407.fb45c284-2391-4db1-af76-47192e8eda09.main.jsonlz4
10.06.2016  22:36            6.674 1465590998512.8ed0dd02-71c5-4ade-88e8-bed024c907ed.main.jsonlz4
12.06.2016  22:19            6.495 1465762773607.f85a8960-59ed-45d2-9c19-a6c6d8aadb83.main.jsonlz4
12.06.2016  22:39            6.755 1465763174926.c55955b9-e561-4511-afc1-0f0f99854577.main.jsonlz4
12.06.2016  22:48            6.408 1465764274267.7e7f9122-c9f2-4f17-b275-eda61ea6d839.main.jsonlz4
12.06.2016  23:02            6.672 1465765326958.be0d9572-6262-49b2-a8c7-0bab45fbc9f5.main.jsonlz4
13.06.2016  08:05            6.510 1465797909491.9c2fd371-a4af-45f1-bfb6-ef93aa52b25d.main.jsonlz4
13.06.2016  08:53            6.448 1465800814928.8d0a0d76-29e9-4632-99c8-f63fed65fb0a.main.jsonlz4
14.06.2016  08:35            6.694 1465886105337.edbafa3c-e5a2-4c5e-96dc-f545f83759e0.main.jsonlz4
              32 Datei(en),        212.280 Bytes

 Verzeichnis von C:\Users\lucted\Desktop\Alte Firefox-Daten\41A66E7E5EE1\extensions

14.06.2016  08:35    <DIR>          .
14.06.2016  08:35    <DIR>          ..
24.03.2016  05:33          331.500 @E9438230-A7DF-4D1F-8F2D-CA1D0F0F7924.xpi
14.06.2016  08:35    <DIR>          arthurj8283@gmail.com
14.06.2016  08:35    <DIR>          browser-mailcheck@web.de
09.04.2016  14:30          126.553 gooding-toolbar@gooding.de.xpi
              2 Datei(en),        458.053 Bytes

 Verzeichnis von C:\Users\lucted\Desktop\Alte Firefox-Daten\41A66E7E5EE1\extensions\arthurj8283@gmail.com

14.06.2016  08:35    <DIR>          .
14.06.2016  08:35    <DIR>          ..
14.06.2016  08:35    <DIR>          chrome
08.04.2015  15:14              267 chrome.manifest
08.04.2015  15:36              836 install.rdf
              2 Datei(en),          1.103 Bytes

 Verzeichnis von C:\Users\lucted\Desktop\Alte Firefox-Daten\41A66E7E5EE1\extensions\arthurj8283@gmail.com\chrome

14.06.2016  08:35    <DIR>          .
14.06.2016  08:35    <DIR>          ..
14.06.2016  08:35    <DIR>          content
14.06.2016  08:35    <DIR>          skin
              0 Datei(en),              0 Bytes

 Verzeichnis von C:\Users\lucted\Desktop\Alte Firefox-Daten\41A66E7E5EE1\extensions\arthurj8283@gmail.com\chrome\content

14.06.2016  08:35    <DIR>          .
14.06.2016  08:35    <DIR>          ..
08.04.2015  15:21              725 toolbar.xul
              1 Datei(en),            725 Bytes

 Verzeichnis von C:\Users\lucted\Desktop\Alte Firefox-Daten\41A66E7E5EE1\extensions\arthurj8283@gmail.com\chrome\skin

14.06.2016  08:35    <DIR>          .
14.06.2016  08:35    <DIR>          ..
25.12.2014  18:20            9.375 icon.png
              1 Datei(en),          9.375 Bytes

 Verzeichnis von C:\Users\lucted\Desktop\Alte Firefox-Daten\41A66E7E5EE1\extensions\browser-mailcheck@web.de

14.06.2016  08:35    <DIR>          .
14.06.2016  08:35    <DIR>          ..
18.03.2016  11:52          610.482 chrome.jar
18.03.2016  11:52            4.357 chrome.manifest
14.06.2016  08:35    <DIR>          components
14.06.2016  08:35    <DIR>          defaults
18.03.2016  11:52            1.837 install.rdf
14.06.2016  08:35    <DIR>          META-INF
              3 Datei(en),        616.676 Bytes

 Verzeichnis von C:\Users\lucted\Desktop\Alte Firefox-Daten\41A66E7E5EE1\extensions\browser-mailcheck@web.de\components

14.06.2016  08:35    <DIR>          .
14.06.2016  08:35    <DIR>          ..
18.03.2016  11:52            1.664 aboutNetError.js
18.03.2016  11:52            6.687 mCollectAutoComplete.js
              2 Datei(en),          8.351 Bytes

 Verzeichnis von C:\Users\lucted\Desktop\Alte Firefox-Daten\41A66E7E5EE1\extensions\browser-mailcheck@web.de\defaults

14.06.2016  08:35    <DIR>          .
14.06.2016  08:35    <DIR>          ..
14.06.2016  08:35    <DIR>          preferences
              0 Datei(en),              0 Bytes

 Verzeichnis von C:\Users\lucted\Desktop\Alte Firefox-Daten\41A66E7E5EE1\extensions\browser-mailcheck@web.de\defaults\preferences

14.06.2016  08:35    <DIR>          .
14.06.2016  08:35    <DIR>          ..
18.03.2016  11:52                55 unitedinternet-debug.js
18.03.2016  11:52              423 unitedinternet-general.js
18.03.2016  11:52                62 unitedinternet-highlight.js
18.03.2016  11:52              387 unitedinternet-login.js
18.03.2016  11:52                58 unitedinternet-neterror.js
18.03.2016  11:52              293 unitedinternet-newtab.js
18.03.2016  11:52                60 unitedinternet-pref.js
18.03.2016  11:52              358 unitedinternet-search.js
18.03.2016  11:52              220 unitedinternet-shopping.js
18.03.2016  11:52              260 unitedinternet-tracking.js
18.03.2016  11:52              280 unitedinternet-util.js
              11 Datei(en),          2.456 Bytes

 Verzeichnis von C:\Users\lucted\Desktop\Alte Firefox-Daten\41A66E7E5EE1\extensions\browser-mailcheck@web.de\META-INF

14.06.2016  08:35    <DIR>          .
14.06.2016  08:35    <DIR>          ..
18.03.2016  11:52            2.459 manifest.mf
18.03.2016  11:52            4.182 mozilla.rsa
18.03.2016  11:52              121 mozilla.sf
              3 Datei(en),          6.762 Bytes

 Verzeichnis von C:\Users\lucted\Desktop\Alte Firefox-Daten\41A66E7E5EE1\gmp

14.06.2016  08:35    <DIR>          .
14.06.2016  08:35    <DIR>          ..
14.06.2016  08:35    <DIR>          WINNT_x86-msvc
              0 Datei(en),              0 Bytes

 Verzeichnis von C:\Users\lucted\Desktop\Alte Firefox-Daten\41A66E7E5EE1\gmp\WINNT_x86-msvc

14.06.2016  08:35    <DIR>          .
14.06.2016  08:35    <DIR>          ..
              0 Datei(en),              0 Bytes

 Verzeichnis von C:\Users\lucted\Desktop\Alte Firefox-Daten\41A66E7E5EE1\gmp-eme-adobe

14.06.2016  08:35    <DIR>          .
14.06.2016  08:35    <DIR>          ..
14.06.2016  08:35    <DIR>          15
              0 Datei(en),              0 Bytes

 Verzeichnis von C:\Users\lucted\Desktop\Alte Firefox-Daten\41A66E7E5EE1\gmp-eme-adobe\15

14.06.2016  08:35    <DIR>          .
14.06.2016  08:35    <DIR>          ..
15.10.2015  01:45        6.937.352 eme-adobe.dll
17.10.2015  01:27              309 eme-adobe.info
15.10.2015  01:45          222.034 eme-adobe.voucher
              3 Datei(en),      7.159.695 Bytes

 Verzeichnis von C:\Users\lucted\Desktop\Alte Firefox-Daten\41A66E7E5EE1\gmp-gmpopenh264

14.06.2016  08:35    <DIR>          .
14.06.2016  08:35    <DIR>          ..
14.06.2016  08:35    <DIR>          1.1
14.06.2016  08:35    <DIR>          1.3
14.06.2016  08:35    <DIR>          1.5.3
              0 Datei(en),              0 Bytes

 Verzeichnis von C:\Users\lucted\Desktop\Alte Firefox-Daten\41A66E7E5EE1\gmp-gmpopenh264\1.1

14.06.2016  08:35    <DIR>          .
14.06.2016  08:35    <DIR>          ..
02.09.2014  22:40          555.520 gmpopenh264.dll
02.09.2014  22:40              118 gmpopenh264.info
              2 Datei(en),        555.638 Bytes

 Verzeichnis von C:\Users\lucted\Desktop\Alte Firefox-Daten\41A66E7E5EE1\gmp-gmpopenh264\1.3

14.06.2016  08:35    <DIR>          .
14.06.2016  08:35    <DIR>          ..
15.01.2015  17:56          617.984 gmpopenh264.dll
14.01.2015  23:55              118 gmpopenh264.info
              2 Datei(en),        618.102 Bytes

 Verzeichnis von C:\Users\lucted\Desktop\Alte Firefox-Daten\41A66E7E5EE1\gmp-gmpopenh264\1.5.3

14.06.2016  08:35    <DIR>          .
14.06.2016  08:35    <DIR>          ..
18.12.2015  19:49          720.552 gmpopenh264.dll
18.12.2015  18:59              120 gmpopenh264.info
              2 Datei(en),        720.672 Bytes

 Verzeichnis von C:\Users\lucted\Desktop\Alte Firefox-Daten\41A66E7E5EE1\healthreport

14.06.2016  08:35    <DIR>          .
14.06.2016  08:35    <DIR>          ..
19.12.2015  13:07              193 state.json
              1 Datei(en),            193 Bytes

 Verzeichnis von C:\Users\lucted\Desktop\Alte Firefox-Daten\41A66E7E5EE1\jetpack

14.06.2016  08:35    <DIR>          .
14.06.2016  08:35    <DIR>          ..
14.06.2016  08:35    <DIR>          @lottadealsun
14.06.2016  08:35    <DIR>          gooding-toolbar@gooding.de
              0 Datei(en),              0 Bytes

 Verzeichnis von C:\Users\lucted\Desktop\Alte Firefox-Daten\41A66E7E5EE1\jetpack\@lottadealsun

14.06.2016  08:35    <DIR>          .
14.06.2016  08:35    <DIR>          ..
14.06.2016  08:35    <DIR>          simple-storage
              0 Datei(en),              0 Bytes

 Verzeichnis von C:\Users\lucted\Desktop\Alte Firefox-Daten\41A66E7E5EE1\jetpack\@lottadealsun\simple-storage

14.06.2016  08:35    <DIR>          .
14.06.2016  08:35    <DIR>          ..
08.06.2016  09:13        1.914.649 store.json
              1 Datei(en),      1.914.649 Bytes

 Verzeichnis von C:\Users\lucted\Desktop\Alte Firefox-Daten\41A66E7E5EE1\jetpack\gooding-toolbar@gooding.de

14.06.2016  08:35    <DIR>          .
14.06.2016  08:35    <DIR>          ..
14.06.2016  08:35    <DIR>          simple-storage
              0 Datei(en),              0 Bytes

 Verzeichnis von C:\Users\lucted\Desktop\Alte Firefox-Daten\41A66E7E5EE1\jetpack\gooding-toolbar@gooding.de\simple-storage

14.06.2016  08:35    <DIR>          .
14.06.2016  08:35    <DIR>          ..
14.06.2016  08:35          243.589 store.json
              1 Datei(en),        243.589 Bytes

 Verzeichnis von C:\Users\lucted\Desktop\Alte Firefox-Daten\41A66E7E5EE1\minidumps

14.06.2016  08:35    <DIR>          .
14.06.2016  08:35    <DIR>          ..
28.09.2015  16:04                0 00022d8e-36d6-4b9e-baab-ae482e546dec.dmp
13.10.2013  22:12                0 0006c25a-7164-42c4-b0c1-ac1467d0ca64.dmp
26.02.2014  19:54                0 0086dc75-13c7-48d9-85d3-b5cfd0e0dc7e.dmp
04.12.2012  21:43                0 01af8fcb-90e9-4aa1-b431-39814b2111fd.dmp
09.05.2013  16:05                0 0202bb2a-6f28-4e1b-984c-880c03e0264f.dmp
29.12.2012  17:03                0 023f9fa9-2b2d-4e2c-b4ef-1cb2e2be513e.dmp
05.10.2012  11:15                0 02a6f739-92d3-4316-abd3-cab3787f8387.dmp
14.05.2013  17:19            16.576 02eb6697-c401-43b5-bed7-fa2f785e392f.dmp
14.05.2013  17:19            1.534 02eb6697-c401-43b5-bed7-fa2f785e392f.extra
08.03.2013  15:04                0 0388ebac-ff98-442e-ba19-649e325452a4.dmp
17.05.2014  20:55                0 03d4e62f-6a8d-4cd3-81a2-abc0ddd19092.dmp
10.02.2013  10:20                0 0455a0fe-7de7-4559-bc02-dd8f9898b8ea.dmp
05.01.2013  18:17                0 0471bad3-9556-4e29-8df7-b5af240dda3f.dmp
09.08.2013  12:24                0 047e24ab-1ffe-48e2-b797-34f2b6099190.dmp
17.10.2013  21:01                0 057abd00-b540-444a-a1f9-11199fe58db5.dmp
11.05.2013  23:17            13.648 058dfffd-a47c-42c0-b5cb-c02360f86ea8.dmp
11.05.2013  23:17                0 058dfffd-a47c-42c0-b5cb-c02360f86ea8.extra
28.09.2014  10:23                0 05b90ad2-1fda-40c6-a683-88bce41bbdb0.dmp
16.06.2013  22:12                0 062cbfed-d29b-4315-86b7-21b695736931.dmp
03.08.2014  00:01                0 067b9e14-434f-4122-b25d-85357ee9c292.dmp
09.09.2012  12:06                0 07a37eea-83ad-42e8-8acb-be7b7ae90237.dmp
29.05.2013  20:30                0 08a3ee44-0169-44ea-aab4-cb6bac36ec97.dmp
17.06.2013  22:12                0 095e8e0b-a3da-4ca6-9872-d44e9662f19c.dmp
09.11.2012  21:38                0 0985999f-42a1-4899-9a2b-4e5a22ff31c3.dmp
02.11.2013  13:50                0 09e448e5-a295-4c73-865c-f07389f93271.dmp
15.09.2012  22:25                0 0aee8539-347e-4f3d-b4f2-8e30709e6933.dmp
02.07.2014  20:23                0 0bce4498-6788-496d-8d5b-aa25afc4edbb.dmp
02.11.2012  10:53                0 0c7fef56-fdee-49af-8520-091157797dc6.dmp
05.05.2013  21:15            14.380 0d1e4dae-a06f-47e1-883f-c317f21c9c80.dmp
30.05.2013  15:09                0 0d3a8e95-edc9-4081-800f-07499e22be2b.dmp
11.11.2012  12:38                0 0d430e58-ceab-4e02-b6ac-26727df9de65.dmp
02.08.2014  22:05                0 0e542e28-de8f-41c8-a5ee-793fbfb7a8df.dmp
09.10.2012  20:21                0 0ef0632e-451e-4731-9d64-62dab6df2905.dmp
13.10.2012  10:55                0 0f5d51b9-4aa8-4909-a022-6fedc588f9e1.dmp
20.08.2013  16:30                0 103d6eb6-de19-4fe4-aa44-a370d4fc6317.dmp
23.02.2013  21:15                0 116df726-f1ff-47d5-b389-a24e54e3a94d.dmp
31.07.2014  13:22                0 117f4695-3796-4990-9286-7dcdd036ba7a.dmp
09.03.2014  20:43                0 12a594ec-eebb-4858-9aa2-9a8ab25abfcd.dmp
30.01.2013  21:44                0 12c0ce3d-737e-444f-b53b-9079f055ea84.dmp
09.09.2012  21:26                0 13129816-f9dd-411a-98b9-3370676fb67b.dmp
27.07.2013  13:18                0 13a8c69d-68f2-44b1-98af-80f6f315e1e4.dmp
01.10.2014  20:42                0 141073e9-4215-4368-8808-d4759cd9ec69.dmp
02.04.2014  20:30                0 144c3d16-507c-40ba-aa4d-3b12eb27b2f2.dmp
01.05.2014  22:43                0 148d9799-7f93-421c-9fb4-82965fe85e4a.dmp
10.08.2013  22:19                0 149ba979-e9c9-44c9-9397-885c18239bb9.dmp
14.01.2013  22:30                0 14f13457-3a26-427c-a1e7-06e8703c0360.dmp
14.01.2013  06:23                0 154daa79-e359-4b14-a82a-3515537018d7.dmp
16.10.2014  11:26                0 15a56ec3-9e3f-4426-ac05-bebc68f7dfd4.dmp
11.10.2012  21:49                0 16abad4b-11a8-4c30-8b77-5f2197453a0c.dmp
15.02.2014  10:16                0 18256124-e64d-4e83-aecd-e6a0be1d4084.dmp
08.06.2016  14:10                0 19074e64-b792-4c6b-89c4-f38a78f5d38c.dmp
03.11.2012  11:23                0 19a413f0-f39c-4b9b-8e56-61aa51679c02.dmp
13.07.2013  10:29                0 19b1e9cf-fa19-4963-8314-1ff4a95a5645.dmp
03.02.2014  19:49                0 1a2e73aa-dc06-4731-ac0f-abd58a427c6e.dmp
21.09.2012  13:16                0 1ac0cbb8-941a-4708-aa3c-3533ac5fe6c0.dmp
06.02.2013  21:29                0 1c35915f-b566-4980-afad-22e2bedebf76.dmp
24.12.2012  18:29                0 1d8c4823-52b5-41c1-807d-77595137fd9f.dmp
06.09.2013  22:58                0 1dccb8ee-2946-45ce-a3f0-038323d29a3f.dmp
26.11.2012  06:34                0 1e17d73f-3f62-4cd2-a7d2-a00043aaf5bf.dmp
02.11.2013  12:08                0 1e5569fa-eb56-4d3d-a9d6-bcddc35e3361.dmp
11.10.2014  11:55                0 1f9457da-020a-4dba-a587-dc0c2f735a60.dmp
26.05.2013  10:59                0 1fb2734c-f01d-4536-86e7-251813cabc37.dmp
16.12.2012  00:21                0 1ff0ab9c-89bf-46c9-9078-616d7e43c3f5.dmp
31.10.2013  23:38                0 2041596e-cbbd-4c1a-a3c1-2945bf73263c.dmp
27.02.2014  11:12                0 20b12cc4-c143-46ad-b4cd-5053a4f31b8a.dmp
17.12.2012  23:54                0 20e671a7-ed96-4740-a0e7-e59085182521.dmp
23.03.2014  13:18                0 2206e22d-eebf-4451-8939-e0b1458677a0.dmp
24.05.2013  09:13                0 225d9ea7-dc65-4995-ac1b-91916d67f31d.dmp
16.10.2012  07:23                0 2267f40f-7998-473a-8c52-8dc7e866b361.dmp
09.09.2014  12:08                0 227f7954-ee48-49e0-a921-aadf16f47346.dmp
26.09.2013  15:16                0 228f54e3-33fe-4cb2-ad0e-e3fea26d22c6.dmp
22.09.2013  13:30                0 229193af-dcc8-44f8-9a59-f5521f5102d6.dmp
22.11.2012  09:04                0 2340339a-eb5b-49af-b395-1b41f97c2224.dmp
03.11.2012  15:10                0 239e3bad-17c8-4883-af36-fb77404e2775.dmp
07.12.2012  18:09                0 23a53b37-5841-4e09-93da-76c5d8a5a3df.dmp
07.04.2013  21:35                0 23afe5e8-3164-4554-8062-ecd6c47bc9ef.dmp
16.05.2013  23:41                0 240f9c19-e62e-4cbc-a0e5-659ccbd34aec.dmp
17.07.2013  20:24                0 24566a31-5473-44cb-bf0d-a1ca7ef371fe.dmp
21.01.2013  06:44                0 2497478a-6faf-47de-b3b1-48b480fe8065.dmp
11.01.2013  12:56                0 254b8ab0-9fd7-43c0-9df1-d2aca8d09233.dmp
31.03.2013  17:52                0 25903ed1-5371-4f32-bdb8-6b47efc22f24.dmp
05.07.2014  19:18                0 25fed06b-fb4c-4865-8f72-6320f7fba046.dmp
26.09.2013  22:29                0 261dd6fa-c48d-4439-bf87-0d4c3007e175.dmp
16.09.2014  13:40                0 263ed3c8-3d80-40ac-9e29-7e6e6a7f18af.dmp
24.11.2012  11:28                0 2695a92c-a43f-4ae8-990d-7c6116224b8d.dmp
15.09.2012  14:36                0 27dd1f0d-8a11-4465-94af-48a52ba207c0.dmp
27.05.2013  08:44                0 2893561d-514e-4153-bc6d-e2f7156e91c7.dmp
04.02.2013  07:41                0 29c21c5e-c8cf-447f-acdf-1f2bdf55dab3.dmp
04.01.2013  21:26                0 2a3c2d5c-7d33-450b-bee9-ec7e6899a172.dmp
07.06.2013  10:43                0 2a5b963e-6ed5-402b-8506-9042e18c7f8b.dmp
02.11.2014  16:40                0 2a89b50e-1c2f-4010-be18-afe6a363214e.dmp
26.01.2013  00:55                0 2a9d73f7-5200-4a53-9228-4ff0c7ec9aee.dmp
30.07.2014  20:17                0 2af9be06-c00d-4972-861e-b1bdff38a1c9.dmp
10.01.2013  22:44                0 2d4c54ea-e874-4aa7-82cf-ef51dabe9b54.dmp
14.12.2012  23:26                0 2e240b87-ea5d-4071-86cd-4536cc1b4ae4.dmp
02.05.2013  09:52                0 2e2760e8-7666-4814-8bde-c0f5be506e21.dmp
08.09.2013  21:22                0 2e38d3f5-f64a-4438-879e-ec46fea4aec5.dmp
28.09.2013  22:59                0 2e9b1b5d-a551-4c44-97fa-5e0578697c5b.dmp
09.10.2013  07:58                0 2f317e46-c2d0-4fd3-ac51-fb01878ec83e.dmp
12.10.2013  13:35                0 30d55bdd-71ba-4c21-ae42-869e08e138d7.dmp
10.10.2013  21:32                0 312d9afa-daad-4eff-9562-7bf3c487eb95.dmp
08.09.2012  23:18                0 31387569-93f7-421d-9fcf-898feb001057.dmp
15.07.2013  21:15                0 3152188a-6316-4ccb-9fd2-e411b6475254.dmp
07.11.2014  12:56                0 32b1ff78-2601-4d7c-9807-43d90527a365.dmp
12.11.2013  22:51                0 33103f23-cc83-4da2-a445-ffb6b4d6d217.dmp
12.10.2013  21:41                0 3409a473-6ed6-4389-9020-7cd2257e673e.dmp
06.10.2012  11:32                0 342b59a3-a0b8-415b-983c-25d3cffb3bb9.dmp
20.03.2013  22:33            42.499 343103cb-a79d-423f-bab1-b539a943b016.dmp
20.03.2013  22:33                0 343103cb-a79d-423f-bab1-b539a943b016.extra
18.01.2014  12:37                0 34520d75-b645-44a1-aa33-fe178df33ab9.dmp
23.01.2014  11:29                0 347121ff-63d4-44f3-8af7-d828d1c41184.dmp
23.03.2014  20:12                0 34ee8dc9-5e81-47aa-8f0a-6326e9beea46.dmp
11.10.2014  12:15                0 35a32721-e4d2-4db9-8c63-df33559d0652.dmp
24.08.2013  21:22                0 3664ecc8-9bef-4171-a0b8-5c74ffbc54c9.dmp
28.02.2013  07:52                0 3769a248-9209-43ac-9c01-7c5c491eb663.dmp
27.10.2012  09:55                0 3798775c-5582-41a3-9109-b3a15608321c.dmp
07.11.2013  17:26                0 37d42b13-68a4-43ba-87b1-5d3594a937c8.dmp
31.03.2013  23:16                0 3840e8bf-04ab-4fd6-8acc-c986a16efa96.dmp
30.09.2014  21:19                0 38997944-8149-4898-b3d6-e133e648193c.dmp
30.11.2013  22:45                0 3937b784-1327-42a0-b3fd-ca79f7fee7a2.dmp
12.01.2013  11:23                0 3991c4f4-4660-4524-ac51-ce40f8ad50ad.dmp
27.10.2013  09:38                0 39b0ee72-6358-4cb7-a8ec-7af6f54c20e3.dmp
04.01.2014  22:35                0 39b98d0e-781c-4bd4-a076-f56645904e1d.dmp
11.02.2013  23:14                0 3a5964cf-283e-46e2-9953-0bd65c440ac8.dmp
09.11.2013  23:33                0 3ae7ecdf-349a-44dd-b227-bb985a92e9a1.dmp
27.04.2013  14:40                0 3b58850e-4e0b-439f-ae1a-06489e1a2a83.dmp
22.03.2014  20:53                0 3c2df7dd-3841-4b6a-94e2-9717bc74a852.dmp
11.10.2013  09:27                0 3c418ca5-b809-4989-afec-6c1d3c91c1c5.dmp
21.08.2013  19:22            13.858 3c4face7-79dd-4a0d-a2b3-7061433ab8e5.dmp
21.08.2013  19:22            1.471 3c4face7-79dd-4a0d-a2b3-7061433ab8e5.extra
15.07.2013  22:01                0 3c6e1199-adf4-42d5-98c2-235e7448c10a.dmp
20.11.2012  08:11                0 3d34bb2b-66be-450a-a075-672b08532172.dmp
06.06.2016  23:35          522.920 3d72a076-e293-4900-8a0e-a110895de431.dmp
06.06.2016  23:35            11.823 3d72a076-e293-4900-8a0e-a110895de431.extra
22.10.2013  11:52                0 3d7bd0fb-61c9-4cf9-b9ef-71abf8db789e.dmp
16.02.2014  12:07                0 3d9a967c-d2b9-4292-8f0a-6afc2beb6f14.dmp
04.02.2013  08:09                0 3da25822-b26e-40f3-8774-3aed99d47631.dmp
19.12.2012  08:05                0 3da9d670-34ca-41c6-830b-161a7eab8407.dmp
20.10.2013  21:45            13.860 3dbfad75-7224-4e71-ba64-7d3d41cf4f16.dmp
20.10.2013  21:45                0 3dbfad75-7224-4e71-ba64-7d3d41cf4f16.extra
28.03.2013  20:12                0 3ddc2089-bda4-437a-bd78-f731cd1ff640.dmp
19.01.2013  23:13            12.741 3e51774f-0f3f-4546-97c0-6b3ac8e5e6a8.dmp
19.01.2013  23:13            1.425 3e51774f-0f3f-4546-97c0-6b3ac8e5e6a8.extra
10.12.2012  23:03                0 3e72973b-dfb6-4b60-b3f5-b2823e3f2c6e.dmp
24.10.2014  09:01                0 3eab1055-6c25-435b-ba92-ce1bb951aaa7.dmp
30.09.2013  21:13                0 3fecda71-86f5-49cc-9a7f-24816ddb428e.dmp
05.11.2013  08:00                0 40751f77-da95-4578-92f5-802ede15b45c.dmp
05.10.2012  19:40                0 40a59d80-8bcc-412d-8f33-7aefe1c4bfe6.dmp
22.01.2013  15:25                0 424b791a-5be2-4199-a235-552b255dbafa.dmp
12.10.2012  13:13                0 424d4896-b78b-467c-8f73-070d43625768.dmp
06.05.2013  19:10                0 4253253b-5736-44ea-af91-728711550e4d.dmp
30.07.2013  20:51                0 426cf608-c854-4a66-980f-7a1b4e04328c.dmp
28.09.2014  11:52                0 42e86319-4585-40c6-83f6-4efc544c521c.dmp
01.07.2012  21:07                0 4319e2e6-6b16-404c-83af-e767aeaeab38.dmp
03.01.2014  16:13                0 43c90fb0-02c5-4234-bb64-0717f7247916.dmp
24.01.2014  13:29                0 44191ce7-b0a3-4974-aa73-a0350dacb78e.dmp
26.09.2014  08:57                0 4462d875-51c0-40a8-bce3-649fe8dd5075.dmp
25.10.2012  20:36                0 4491b2ca-722a-454c-b6fb-a6b4837d80a8.dmp
27.01.2014  11:14                0 450b5aeb-a0c6-4eab-baec-b52d91564799.dmp
31.12.2012  14:58                0 45a49a7d-2e5e-4696-8e10-b587edfaae5c.dmp
11.08.2013  22:12                0 4670d0bc-0886-4057-b402-f03a2f8c30d5.dmp
29.05.2013  14:55            14.380 4678432c-ac4f-46b4-a7d0-3c6bd6cd9fb4.dmp
22.12.2013  11:00                0 468c7543-ad02-4a4f-bde5-203d4e05db1a.dmp
24.01.2014  22:24            13.854 468ced14-cb5a-4f54-90b5-e6c40c22c860.dmp
24.01.2014  22:24                0 468ced14-cb5a-4f54-90b5-e6c40c22c860.extra
17.08.2014  21:07                0 46cdbb5b-02a7-4b1d-a77f-083d7ae80989.dmp
05.02.2014  16:20                0 47675372-a88c-4ba2-bbee-8d6c984164d5.dmp
24.07.2013  21:28            14.590 47a01bce-c398-4f8a-a26c-da1f9ba0a3b2.dmp
11.09.2012  20:53            11.451 496f3c18-5bdb-47ef-89db-5f8c2a19ebe0.dmp
11.09.2012  20:53            1.417 496f3c18-5bdb-47ef-89db-5f8c2a19ebe0.extra
31.08.2012  21:15                0 4a1b4d3e-ce5b-4ec2-ab62-008604dd346b.dmp
13.12.2012  11:50                0 4af3fb6a-fe5d-4920-9a7d-667ce44933f6.dmp
11.10.2014  14:20                0 4b124ab9-6818-4997-9f77-fba19f274498.dmp
21.03.2013  14:07                0 4c1ff78a-1a33-4ba8-ba20-b3c7095247b1.dmp
23.06.2013  19:02                0 4c8d972c-07ee-4b0c-aad3-c9b6429ca9f4.dmp
06.02.2014  09:50                0 4caa0deb-a1e4-4b32-8b2a-1fdb1628e2f1.dmp
02.05.2013  09:48                0 4cdf356f-e224-4801-876b-1e8b57a6972c.dmp
08.09.2013  08:55                0 4cea2134-d9bb-426b-874b-9e1411143058.dmp
18.11.2012  23:08                0 4d01d64e-8fc7-472d-885d-10832dd57914.dmp
11.07.2013  10:41                0 4d667094-dfa5-44df-9540-086580b7d4d6.dmp
10.11.2013  23:25                0 4d7155de-1e41-4a68-90c2-f491c7e6c2a2.dmp
25.05.2013  15:23            17.704 4e0f6659-b277-4ed9-8f1f-f94cf361ec99.dmp
25.05.2013  15:23                0 4e0f6659-b277-4ed9-8f1f-f94cf361ec99.extra
15.06.2012  12:44            20.812 4e65d942-a5ad-4ae3-9d28-77477d13135d.dmp
15.06.2012  12:44            1.365 4e65d942-a5ad-4ae3-9d28-77477d13135d.extra
24.01.2014  15:25                0 50510a1a-d2c3-4e1b-a7cf-1012895b4272.dmp
31.01.2013  22:16                0 517011c1-1f0c-4470-b718-4bd2edaf1d97.dmp
12.10.2014  13:47                0 5181a15e-118a-4022-bcfb-57bc8f232900.dmp
04.11.2012  09:57                0 522a07f4-3e9e-4329-8e18-e1b787dfb813.dmp
23.09.2012  17:03                0 527b9444-890b-4a36-a2ae-f4b64301832a.dmp
06.06.2016  23:55          368.958 52a9d215-92d5-49cd-9a7b-760c91cbc0b5.dmp
06.06.2016  23:55            11.278 52a9d215-92d5-49cd-9a7b-760c91cbc0b5.extra
09.06.2013  19:34                0 52beb5ae-a1bf-4cb3-9dd7-c3b9b85b500b.dmp
23.02.2013  17:05                0 53573a08-e74d-4fcf-a128-d4db7fe279af.dmp
03.10.2013  11:31                0 53c33b09-abc9-4113-902c-8d12c0c6dc35.dmp
18.02.2013  23:40                0 53d3e4a1-c70e-472f-887a-e7aaa7a974ad.dmp
03.07.2013  21:46                0 53e53c0c-af18-4691-ae30-5535fa501329.dmp
07.11.2014  16:34                0 55897e3b-a94f-41dc-85dc-26f31a51fb79.dmp
14.06.2013  11:55                0 57488811-3de6-488f-857c-e56215dc61f2.dmp
14.03.2013  13:12            15.135 57b48396-d02d-4bb6-896a-618d4c3d0ba0.dmp
14.03.2013  13:12                0 57b48396-d02d-4bb6-896a-618d4c3d0ba0.extra
25.08.2012  08:58                0 57f95cbc-17a8-4431-a44d-8ca229ec2fb6.dmp
14.09.2012  22:49            11.663 585651e4-8cb4-479f-b992-73918eee7d3a.dmp
14.09.2012  22:49            1.417 585651e4-8cb4-479f-b992-73918eee7d3a.extra
19.10.2014  11:29                0 5874fbd3-7a7c-4ac4-854a-3b8737fdc64a.dmp
13.01.2013  16:38                0 58a7b679-9b3d-4958-8ef5-a1149e63ad9e.dmp
23.09.2014  11:05                0 58bd0911-d408-4d94-a61c-64434ccc85d5.dmp
20.09.2013  07:20                0 5956a04b-4289-4557-b57e-a08b2f150a15.dmp
01.01.2013  22:39                0 5969c395-fc6c-41fb-90da-58ac34888b87.dmp
16.01.2013  20:43                0 59c4402d-9765-4c8e-b3df-fd104dfa5dd1.dmp
15.06.2012  12:02            17.372 59fb62d3-4b5c-49c5-a3bf-0f7bebe6ec02.dmp
15.10.2012  06:49                0 59ff178e-f773-439d-9ce4-3ba9fc5b0cfc.dmp
12.06.2013  22:15                0 5a322327-e855-4c70-8edc-65df3ce1b41c.dmp
05.10.2012  19:59                0 5b97a99f-6a3a-4470-8722-cec53c256f2b.dmp
27.01.2013  16:00                0 5d851b2e-c32c-4718-810f-3d077821c6a1.dmp
24.12.2012  21:22                0 5d972ec1-8a74-49f6-98eb-ebedeb6e5bf6.dmp
02.01.2013  07:54                0 5e8a2b8b-4362-40e2-a296-0d98b115328a.dmp
20.01.2014  19:33                0 5ec9f1c3-cf06-4571-92e4-ee75608bee5d.dmp
21.06.2013  23:00                0 5f8e04c0-e539-4fbb-8950-f720223f936e.dmp
18.12.2012  22:47                0 5fb65ab4-9df2-4e7d-8253-97dd29b3f54c.dmp
19.10.2013  20:53                0 6053cfbb-148f-4081-bdf7-590b7701d1f2.dmp
16.07.2013  22:04                0 60b736ce-4f70-4786-b59a-30fd06da05c4.dmp
02.10.2013  20:36                0 61cf61bc-76a2-4a83-81a6-96eb9986fd31.dmp
28.09.2012  12:54                0 62c0a0ce-615a-436a-9034-e819e0659200.dmp
23.12.2012  21:56                0 62d249a4-1f9d-4486-a76f-f7ec3b90fa3f.dmp
13.03.2013  15:21                0 62fece04-1db0-4d03-8ece-520708d97392.dmp
26.06.2013  06:28                0 63f83eba-69b9-47eb-9294-7606a280e345.dmp
12.10.2013  14:55                0 64b6c7c3-0f80-4cd6-b298-51fecc06b8b7.dmp
26.11.2012  22:04            15.541 652b90f9-40f0-40df-a6b0-596ca64dc8d6.dmp
26.11.2012  22:04            1.454 652b90f9-40f0-40df-a6b0-596ca64dc8d6.extra
03.02.2014  22:01                0 6632eafe-55bf-4ea4-a692-c4159a766f3e.dmp
21.08.2013  03:40                0 6657fc92-015f-434e-b14d-3f28205407ff.dmp
29.11.2013  01:44                0 669dc36c-e70e-41f2-b862-9779a47d86ec.dmp
12.08.2013  13:28                0 66cf9219-49bb-418f-ae52-1b6b67de2147.dmp
15.09.2014  16:22                0 670d7000-7d73-4c96-a028-31d993127977.dmp
03.10.2012  19:25                0 6823b834-24de-48b8-987c-caaae225b83b.dmp
09.04.2014  21:38                0 685eb5a6-b282-45dc-82fe-76438270152f.dmp
30.03.2013  23:08                0 688eed83-6066-4df5-8eba-fff45e48a916.dmp
09.10.2014  06:20                0 68c883e4-4094-4621-93b9-18d2d0678106.dmp
30.04.2013  13:57                0 69366c5a-0391-4958-af3f-82b6166ba4ac.dmp
27.07.2013  22:52                0 694f017d-4d97-4da5-a884-481d7a729d49.dmp
18.10.2013  05:17                0 69caddd7-e9b1-47bc-9ca8-4d03cc1de7ab.dmp
29.03.2013  22:41                0 69d1af3b-9649-4a80-bdb3-c91b30aeb052.dmp
22.03.2013  21:15                0 69d52516-9ec6-498f-8555-6d032d975e47.dmp
21.05.2013  15:19                0 6a12f033-1417-4e5b-8d6a-8689752ff594.dmp
15.12.2013  16:19                0 6a7385be-ef10-4789-aac6-f8433e29d677.dmp
05.11.2012  19:08                0 6a74ab27-98ff-4b53-ab8a-36f7521176e3.dmp
14.09.2013  13:30                0 6abfb07f-657d-4f71-865f-9c74526ac93c.dmp
08.11.2012  22:18                0 6ae4a3e2-abba-4b1b-84f9-4885eee708b0.dmp
19.01.2013  20:03                0 6b2bd568-a1ef-4ef5-83e4-5948a98c62f6.dmp
28.02.2013  21:18                0 6c4c785b-a3fb-4d36-9cc3-79409ccb3ee0.dmp
30.09.2012  16:32                0 6cad61a3-ce86-4bf4-aeae-a2becc82a3a7.dmp
16.12.2012  21:41                0 6ce07a18-9459-4960-9924-5f09c052867e.dmp
27.11.2012  22:24                0 6cfa161f-d1d4-422f-8738-88913854780b.dmp
08.05.2013  22:20                0 6e130f7c-f762-4606-bc7a-4328fa66824c.dmp
14.09.2014  10:19                0 6f7dcca8-f72b-4f6a-a851-406632a707e2.dmp
20.11.2012  22:37                0 6fbd5034-b81b-4d71-9a55-57324fddfeaa.dmp
03.10.2014  16:54                0 6ff11c08-9a22-4349-899a-20061fb164b9.dmp
20.05.2013  23:23                0 7077de35-44bb-471f-ba9b-c5fc970f91cf.dmp
04.12.2012  06:50                0 70a4b208-2208-4d04-be05-2fe58904545a.dmp
29.12.2012  11:19                0 717179bf-5580-47b5-aed7-a7ac800bc2f9.dmp
13.10.2013  11:40                0 71964dc6-dda5-49d6-a5f3-06bb7a60269b.dmp
28.09.2014  13:22                0 722a95c5-8d70-418b-8d69-e12ea145cf30.dmp
12.02.2013  16:38                0 733ed458-7a3e-40db-ab34-2654b025036d.dmp
07.10.2012  11:01            28.324 735275fa-743e-452a-8592-13f9418101f7.dmp
17.12.2012  09:01                0 738fd283-64dd-4b9e-8e03-2744a39d92f9.dmp
05.10.2012  21:24            11.451 7395d066-3450-428c-aa8c-c51813e7bc4e.dmp
05.10.2012  21:24            1.417 7395d066-3450-428c-aa8c-c51813e7bc4e.extra
10.02.2013  22:37                0 747fab96-f6f2-4ed1-aa9d-9a7cabd87e59.dmp
14.08.2013  19:11                0 74cc75f8-8405-44c0-a2f1-07e91ef7c498.dmp
05.04.2014  22:06                0 74f05754-520d-434b-80e4-66322769cb6b.dmp
21.10.2013  19:49                0 7678efbb-f4c8-4493-8cdd-322503af4c00.dmp
18.10.2013  09:01                0 7769402d-f370-4066-bda9-59d6ac08cb55.dmp
18.10.2013  11:04            13.860 776a4eb0-67a7-4d4c-8498-79fba5bd1d6c.dmp
18.10.2013  11:04                0 776a4eb0-67a7-4d4c-8498-79fba5bd1d6c.extra
03.10.2012  21:55                0 78490bef-cbde-4a32-b547-6274fa56bae1.dmp
11.07.2014  20:51                0 789bdf03-f434-40b9-b544-b73b19ad439a.dmp
30.07.2015  17:25                0 798843f6-79b2-42cf-af69-9fe7d669c110.dmp
12.11.2012  23:34                0 799d875c-5a0f-406a-8c7a-9d4daa7864e2.dmp
03.05.2013  08:19                0 7bb8baab-5e70-4546-9276-08be41f124e0.dmp
11.05.2014  21:35                0 7bff1f7c-165b-4ff5-8f32-fac4734287d7.dmp
19.08.2013  11:07                0 7c3ff6a0-e255-475a-b1fa-60c44ea05e44.dmp
28.09.2014  11:07                0 7ccad99b-2c35-415d-95a3-192ace4b77d4.dmp
03.12.2013  23:02                0 7e81e522-7925-4c06-bb24-1e510c175bfd.dmp
18.09.2012  21:19            11.451 7e9b8abd-7acd-43c9-897c-426f36039c6a.dmp
18.09.2012  21:19            1.417 7e9b8abd-7acd-43c9-897c-426f36039c6a.extra
09.10.2013  07:03                0 803e2d31-7127-4ccc-9a3e-599f0629c3b8.dmp
07.05.2013  11:04                0 8090fe91-4428-4b66-a90e-44256e4d100b.dmp
30.01.2013  22:20                0 80d55be8-2dfa-45c0-afd2-00a58cf41bc8.dmp
13.11.2012  22:10                0 81f5297d-8f92-43bb-8dcc-69e30a579a05.dmp
26.10.2012  23:17                0 8245dc04-8db3-4b6e-ac5b-a0fce30a328c.dmp
08.04.2013  21:46            42.368 83a07f6e-67a9-4112-bfc7-7b569bafe875.dmp
08.04.2013  21:46                0 83a07f6e-67a9-4112-bfc7-7b569bafe875.extra
09.11.2012  11:43                0 85c82669-4129-4034-ba79-fe2d8f0def37.dmp
01.12.2012  15:38                0 85fa0718-6804-444f-86ae-d504f3cc483b.dmp
11.10.2014  14:56                0 868939e3-9ac6-472f-8989-1116e4e6603d.dmp
03.08.2014  19:53                0 869385a8-0138-41cb-9e67-8bd4c001efb1.dmp
13.09.2013  08:12                0 872b9bfb-34ac-4c2e-adc1-97c9e217ce94.dmp
27.10.2012  15:32                0 87b07291-8436-4547-a58b-99ac2881d93c.dmp
29.09.2014  15:54                0 880f3aef-e7f6-4978-b1aa-4aaf58529d01.dmp
27.05.2016  09:27          519.544 8a1738a0-6fba-4766-bff8-6fb5ebde576c.dmp
27.05.2016  09:27            11.679 8a1738a0-6fba-4766-bff8-6fb5ebde576c.extra
06.01.2013  21:19                0 8ac2faf7-67a0-4305-b25e-d946180743fe.dmp
19.11.2013  22:56                0 8b2bdbb2-ee83-406e-ac3d-865631f209cc.dmp
14.10.2012  14:20                0 8c1768d5-759c-4a4c-989e-eec5ca8606c4.dmp
16.06.2012  15:41            17.372 8c40a403-9ae0-45ec-9d92-680e82488ca8.dmp
10.12.2013  22:29                0 8c88e782-dc8c-471d-ba96-f20d14c734bb.dmp
16.11.2012  12:21                0 8c8ef691-ad17-4c50-98be-de388c1d8176.dmp
19.10.2013  10:53                0 8ea7692c-f178-46bd-bd5a-c2a5bcf2a7c6.dmp
11.07.2014  13:19                0 8eb8ca7e-b301-463b-8768-45831064bfd4.dmp
04.10.2013  08:46                0 8ec713da-5869-42aa-b193-45e52aee4a61.dmp
06.07.2014  12:19                0 8f501399-cc0d-4cbc-ae1f-1a29ae972274.dmp
22.07.2013  21:53                0 905457b2-2b82-4966-b050-49121fad090a.dmp
31.12.2012  23:10                0 90b1146d-f605-410a-b925-4a021aa966fb.dmp
15.10.2012  06:58                0 923a649f-f0d0-4add-b609-cf2d1e6f3973.dmp
13.08.2013  21:32                0 93d24f98-aef4-4a87-87e1-c7051d2dae56.dmp
28.09.2014  14:11                0 93f1cb0b-bcbc-4aa6-a3ef-c4a6b57ca077.dmp
12.07.2013  00:24                0 93f5c6ea-4c08-42cf-bc47-cd2ff74bebdb.dmp
20.10.2013  11:50                0 9463411d-2026-4f15-958e-5014eb4ddf2d.dmp
20.09.2013  12:03                0 94df81bd-fc6e-42a5-ae53-57d2bc35708a.dmp
28.10.2013  22:06                0 9570891c-c929-495e-b08c-009e76d5feb6.dmp
25.02.2013  22:16            12.529 9722bd4f-20e0-4ada-8761-112103eefb19.dmp
25.02.2013  22:16                0 9722bd4f-20e0-4ada-8761-112103eefb19.extra
25.11.2013  21:25                0 9824d6a1-4ce6-43e7-bbe5-e2c86c018a6f.dmp
13.09.2013  12:27                0 9ab837b5-fb5c-4d64-bf65-5d77d06bd8f4.dmp
24.09.2013  19:28            14.592 9bce814d-ea6d-42a3-b605-28c9555080ce.dmp
18.12.2013  22:31                0 9bd098b2-6562-412c-802d-a925db859515.dmp
24.12.2014  15:59                0 9c5d6c6d-a00b-4396-9a51-742b4fe4f292.dmp
14.10.2013  22:29                0 9c6a73fe-08f2-43f1-8554-5da6c43eb1e7.dmp
19.02.2013  21:51                0 9cb1146e-791e-492f-b281-9c8af9376c17.dmp
11.05.2013  19:47                0 9cc922d5-d455-418c-bbf7-2d877d61a894.dmp
11.11.2014  08:59                0 9d3e75f9-a57e-47e7-a8c5-8580a3691d65.dmp
10.11.2013  13:22                0 9d472952-deb6-4fc2-beec-73988f4e6d6d.dmp
31.10.2014  11:40                0 9d7f9306-b3f5-41d8-82c6-e31bdf3322c8.dmp
26.07.2013  14:09                0 9e0a7fcf-3001-49c9-8c7d-ba6b15e5022c.dmp
10.11.2012  21:16                0 9e5390d8-b6c3-4065-b494-1e9bce5acc70.dmp
28.02.2014  11:48                0 9ef08a79-ff5c-4e94-ac39-ae30b75ec4c3.dmp
27.02.2014  16:05                0 9f8bbda7-2b16-465e-bb2f-4581bf6fa759.dmp
23.09.2013  20:46                0 9fa0ae82-402d-41cf-97f0-41509726ceaf.dmp
16.02.2013  09:05                0 9ff92795-4fc5-4fb2-8b2b-d2114c701afe.dmp
06.10.2013  11:32                0 a024ca49-a1d9-4c2a-bcd2-afda9d63fa0e.dmp
29.04.2013  14:17                0 a0b3cfa0-30dd-4fe4-b061-bbb5ef56db10.dmp
12.01.2014  20:44                0 a0c37f26-c63b-4f26-be6b-af16d0cf3587.dmp
29.09.2012  00:29                0 a0e6480b-e3e9-43ab-be49-b959fc9628da.dmp
14.01.2014  21:40                0 a1672fb9-1b50-48ba-b00a-8e307ea19313.dmp
06.02.2013  09:12            12.741 a1a3c77b-2129-4d18-a73a-f7d6846b7561.dmp
06.02.2013  09:12            1.425 a1a3c77b-2129-4d18-a73a-f7d6846b7561.extra
10.11.2012  12:26                0 a1ed2a63-1f01-41c2-8ed1-be979426b17f.dmp
09.09.2014  12:22                0 a207a277-bc2d-41db-9d8b-25a76f4ec839.dmp
23.08.2013  22:42                0 a321febf-3222-455f-b5e6-779e77e7d4a1.dmp
30.11.2012  17:15                0 a3969c80-38d7-488e-8082-2f285ebf535a.dmp
04.04.2013  21:09                0 a41a4dd1-1d32-4a17-9d5c-fc21fd00172e.dmp
22.10.2012  19:45                0 a4844192-2bda-4c62-a89a-cb2fe1e3e364.dmp
04.11.2013  21:50                0 a57ba0e8-de02-4ab4-80dd-ba202900845a.dmp
11.07.2013  11:20                0 a594dd61-6a02-4d87-a836-117a9a0c441d.dmp
24.09.2013  18:08                0 a5a0df79-1f6c-4cb5-999f-60f66ba8a9bb.dmp
24.10.2012  20:10                0 a8c57e58-d0e5-4083-8671-e4247b17ea79.dmp
06.05.2013  23:37                0 a8ff6554-e6dd-4f22-a07e-e11d19b9b5f9.dmp
11.10.2012  06:02                0 a99bf891-8d09-46f1-8948-8e04a8e35528.dmp
08.01.2013  23:07                0 a9cd938c-ca4a-4ddf-b538-50a1008cedcc.dmp
28.05.2013  09:08                0 a9d2c2b3-2ff9-4263-8edf-2302dec6ee46.dmp
24.02.2013  19:45                0 aa5edddf-0386-4284-a44a-5e7d728d13ad.dmp
29.09.2014  16:30                0 ab23fdd3-71d8-4625-8f87-16ac141181ef.dmp
30.12.2012  18:11                0 ab6e124e-1998-4b3e-835c-5d2e70e0ef9f.dmp
01.08.2013  19:16                0 abd2c939-83e9-4ff8-a600-d6b06de4feff.dmp
23.03.2013  22:30                0 ac93591f-90b4-4a50-bcfc-81424b0b6ba5.dmp
23.04.2013  20:54                0 aca2d2a2-f048-4a34-ba2d-386f96fe787a.dmp
18.07.2013  19:42                0 ad2730e1-f2d4-4b61-8ced-b13b99477a7b.dmp
07.12.2013  17:04                0 aebbc46c-ccfb-4913-9734-055890a32551.dmp
01.04.2013  22:14                0 af1b6a7c-4430-4c93-a5ff-35c4dbdc4e93.dmp
17.03.2013  23:16                0 af214dfd-0bd1-452c-916e-d3c69fd2e976.dmp
25.07.2013  21:21            13.858 af422171-aa0d-4a53-8968-990306c9828b.dmp
25.07.2013  21:21            1.467 af422171-aa0d-4a53-8968-990306c9828b.extra
24.11.2012  17:44                0 b0935337-0833-4d41-89eb-9bffd842fb3b.dmp
19.03.2013  12:58                0 b0b973f1-6ea7-4616-b468-b6bb903aa5cf.dmp
10.12.2012  07:16                0 b12661eb-e600-45d3-9c38-3212c5a9dd28.dmp
19.05.2013  08:45                0 b13fdc2e-82f5-4a8e-90bd-6200e3507fd2.dmp
22.09.2013  20:23                0 b1400883-1c87-4c78-b606-1af189c0a1d0.dmp
25.09.2013  21:07                0 b14ddf34-c076-4de0-acf6-e5d80b1c6011.dmp
28.02.2014  22:26                0 b15788ae-ae56-4cc2-9f31-69c39929ce19.dmp
30.09.2013  22:02                0 b1819ed2-24ab-4bd2-88cf-e062fbc08769.dmp
21.05.2013  15:23                0 b1ac0a11-cc7d-4fc8-b05c-4cb70f6d245b.dmp
08.11.2014  22:21                0 b1ae423f-b962-4243-9c62-2827879fcda8.dmp
11.12.2013  22:00                0 b1c46ee5-6ef0-4232-a851-54e83c597a7e.dmp
06.06.2016  23:35                0 b33a7beb-0ab7-4fea-9a6f-2467731f6100.dmp
25.04.2014  23:06                0 b379e28a-61f7-4767-b20c-0c5e52c43f7a.dmp
24.03.2013  23:54            15.203 b3b5625d-9396-470a-b35f-6b0a63b8e1fb.dmp
24.03.2013  23:54                0 b3b5625d-9396-470a-b35f-6b0a63b8e1fb.extra
27.09.2013  21:51                0 b3ff20c1-6ef1-4522-9615-5cc49ac60a71.dmp
07.02.2013  09:02                0 b4209f21-77ef-4d12-96cd-438b2344f25b.dmp
21.11.2012  23:15                0 b4b6f4aa-df38-46ad-9da2-e018f83e8cf7.dmp
11.10.2013  16:20                0 b5075579-cc19-4ea9-b27b-45b9fbbc48fa.dmp
24.09.2012  22:07                0 b542986f-7bf4-4e24-88b9-3b0cc02d5177.dmp
26.03.2013  15:17                0 b592d9eb-0585-4f34-b5d4-c5c868170ceb.dmp
29.01.2013  22:22                0 b6d043d0-0db0-4172-8c5f-18537c55b97a.dmp
10.09.2014  21:00                0 b71a785b-5652-4795-9289-4fea0f44ffff.dmp
26.05.2014  20:54                0 b7d0d356-f5a0-4537-a43b-3dbbe16ee010.dmp
24.12.2013  15:19                0 b7e5a9b7-720f-4434-9efe-f01740b37f7e.dmp
26.09.2014  23:34                0 b815d58a-e47f-4ab3-b0f6-c261f5265287.dmp
01.01.2014  14:01                0 b8bd67a2-66d2-4320-9e21-bcda08b3e748.dmp
31.07.2014  13:40                0 b9026644-d65b-48bd-9057-e16dc9ff59aa.dmp
02.06.2013  21:51                0 b907876c-7934-454b-bf76-ed58d7f6bf5f.dmp
22.12.2012  14:37                0 b956fe9f-130e-4e01-becb-247398ab57f1.dmp
16.09.2013  18:21                0 bb9a9e50-160c-4532-bca6-be0a449ca30c.dmp
14.09.2013  21:40                0 bb9cf2db-b9ec-4be3-923b-49a358f149e3.dmp
11.10.2013  18:55                0 bbfe4220-d730-487c-8632-3606674eee08.dmp
13.08.2013  23:02                0 bcbc8013-7392-4989-bd61-82a74f4de473.dmp
09.10.2013  22:45                0 bdb66416-c214-4057-9081-d564fd91fb79.dmp
07.01.2013  08:32                0 bdf98169-9901-4207-abce-42b93515fc62.dmp
05.12.2013  23:06                0 be4470d4-4f02-484d-86ea-e772277593cb.dmp
31.01.2014  23:54                0 be44d717-ad81-4cd2-a5aa-0df2080f2035.dmp
07.11.2012  21:26                0 be4a097c-1545-4560-9455-8d7dbee8127e.dmp
17.10.2012  07:20                0 be8963d4-461c-4643-afbc-9d0f745b02f0.dmp
27.12.2012  11:16                0 bf1cbd4a-258e-4af3-98cd-3fea48578142.dmp
07.05.2013  13:18                0 c0db63ab-b711-4d60-b708-d91dd39ec6d6.dmp
22.06.2014  17:14                0 c13ec86c-8611-4a6c-8df0-0f40a360a98d.dmp
15.05.2013  19:43                0 c21227f0-a313-4def-9c9b-af8a6514b2da.dmp
08.02.2013  12:44                0 c2881cd7-c15b-4577-9e8c-02663a21acdf.dmp
09.11.2013  19:28                0 c3960444-617c-4a41-b0bb-3c8bf2925b85.dmp
16.08.2013  14:14                0 c3d7fbcb-7ba4-4449-aec1-0d3544122d62.dmp
29.09.2014  15:42                0 c644e5b1-9436-45ab-92ba-09f55e32729e.dmp
07.09.2012  15:36                0 c7a05e4a-9ca6-4c83-81e5-5e69e63a7f75.dmp
24.11.2012  19:47                0 c7af6559-89d7-496f-9189-52ef78ec1673.dmp
11.10.2013  19:00                0 c93cd07d-02db-4de7-937d-ac7280032ee5.dmp
18.03.2013  11:55                0 c95eb107-f128-431e-a425-9c5c929fbf63.dmp
07.12.2012  10:18                0 ca67448b-1b54-4b87-8191-897a71c743b8.dmp
21.08.2013  03:40            48.059 ca7c53ba-5abb-481a-acdc-5e13d1f36ba3.dmp
21.08.2013  03:40            1.877 ca7c53ba-5abb-481a-acdc-5e13d1f36ba3.extra
02.03.2014  21:37            14.586 cb300f1d-bb2e-4299-afda-33e5199abc3d.dmp
28.09.2014  14:18                0 cb75c33d-0fac-4a3a-8914-000b55ddd0e6.dmp
22.11.2013  20:52                0 cbcaa38b-bc02-4b98-a64e-521a0444f627.dmp
03.01.2013  07:40                0 cc760e2b-1b50-4802-92f1-d2e585970995.dmp
31.12.2012  20:48                0 cc8659c6-fc54-450b-adc4-0eed4c74f064.dmp
21.09.2012  22:39                0 cccdce09-d0c4-4bff-86fb-a3c82b227a05.dmp
17.10.2013  21:08                0 ccf0acc8-8b29-42d9-b1c3-e50793c91140.dmp
27.07.2013  09:16                0 cd1bf6cb-2de4-4f50-978c-87a0786e25d5.dmp
18.07.2013  22:40                0 cd7b52d4-f4bd-4bd5-a557-53171d261bd7.dmp
28.09.2012  08:13                0 cdf9acf7-d2cb-47ab-b222-b3de2a8ffaa2.dmp
30.04.2013  13:00                0 ce283385-50ff-47d5-b6e2-173790c7e657.dmp
31.10.2012  20:55                0 cefd6f7f-978c-459c-a13a-4997c7e72396.dmp
12.06.2013  23:42                0 cf73ea80-a73c-4e90-9945-3d89fddebeca.dmp
24.10.2014  12:40                0 cf78a17d-a68d-4451-a4d9-1948991495ee.dmp
20.09.2013  21:37                0 cfb7f1b9-b131-4e2b-a53f-be53d456f5ef.dmp
14.09.2012  19:14                0 d1612805-49c0-49bf-b424-4a168c8e8e4b.dmp
25.02.2013  20:11                0 d1890f61-1c65-487b-9bdd-3548f4d78c92.dmp
19.11.2012  06:34                0 d1ebe746-41a8-43cf-bb26-d71fa4f89971.dmp
12.05.2013  17:23                0 d2376d80-0828-4b18-8ab1-23e714a453b1.dmp
04.11.2012  16:21                0 d2ae3f4a-3a8e-4896-af0f-f60f13104c6f.dmp
26.01.2014  14:54                0 d2b5fd45-7810-4f5f-adb6-ce4d87364f22.dmp
01.02.2014  23:39                0 d2e8e4f0-d664-4a84-b659-acb249a7a470.dmp
17.12.2013  21:52                0 d3387218-d8b7-4554-9e21-fc07dbc4f674.dmp
16.08.2013  14:07                0 d3f0a6c3-ba3a-4925-a91c-7c56aff5191a.dmp
26.01.2013  11:36            15.789 d48d906d-997d-4861-bb32-e6a9f5fe3a38.dmp
26.01.2013  11:36            1.425 d48d906d-997d-4861-bb32-e6a9f5fe3a38.extra
22.03.2013  15:56                0 d585781a-434e-4ace-a39d-55246e3797d9.dmp
25.05.2013  01:00                0 d59fc8bb-b665-4ad2-8008-a9bd34d8f969.dmp
06.12.2012  22:59            15.165 d5b3b769-2ac9-4a8c-bf7d-7ef2424f7c36.dmp
06.12.2012  22:59                0 d5b3b769-2ac9-4a8c-bf7d-7ef2424f7c36.extra
06.04.2013  23:11                0 d7e0b99d-368e-4988-8b96-17ea477fb4c3.dmp
09.06.2013  20:51                0 d886c158-84f4-4a18-bba7-436515150de9.dmp
16.09.2012  22:40                0 d90a0e6b-d1c7-45bc-b45c-d9cdef4578a8.dmp
02.04.2014  22:15                0 da87c100-da66-4d7c-9a53-86801cab74ec.dmp
26.12.2012  23:33                0 dab46cbe-3ff2-42a6-b826-c71cee9f2053.dmp
12.10.2013  14:52                0 daba2d64-657c-41d8-921d-d32abc0fd654.dmp
19.11.2012  21:16                0 dba9b695-a2b4-486c-a1da-f3a7ce0fd328.dmp
14.06.2012  20:16            17.372 dc77c287-3eb8-49a4-9a41-ea8549a9c5b8.dmp
05.03.2015  14:00                0 dcbec670-30e5-422b-baee-77d7d9f253fb.dmp
06.10.2013  15:09                0 dd8bc7a1-8035-4414-b10a-c58bc80c2f80.dmp
30.10.2012  21:50                0 de9198f1-6ad9-4983-9e0a-3a2f558269e3.dmp
19.08.2013  23:09                0 de9d7c6c-607a-4601-bfdd-c9dfccb5c6b6.dmp
19.11.2012  20:20            28.324 dec149c6-2ab0-4a80-b528-42805bc81014.dmp
01.10.2013  21:32                0 dfbeecd9-1831-4167-bbb2-740b83401444.dmp
01.05.2013  22:37                0 dfd724e0-c8cd-4832-aca6-80e899814b4e.dmp
13.07.2013  13:24            13.954 e015e569-9661-484d-a4ee-d18f0d66ab2e.dmp
13.07.2013  13:24            1.467 e015e569-9661-484d-a4ee-d18f0d66ab2e.extra
07.01.2013  23:19                0 e04b12df-1dd7-474c-b1d2-27a08524e154.dmp
07.06.2013  23:58            14.380 e05cbab0-02bd-42ee-b5eb-431fed486d52.dmp
21.03.2013  12:55                0 e0d7d386-fff0-40cb-858b-5b0014deb1f2.dmp
05.12.2013  22:23                0 e1b7fa02-d7e3-44c2-801f-8335360cb4e1.dmp
16.06.2012  20:58            20.836 e2840652-1d24-498b-9390-50550f785220.dmp
16.06.2012  20:58            1.365 e2840652-1d24-498b-9390-50550f785220.extra
07.02.2014  09:29                0 e288d439-9cc5-40fc-8c40-c0b2ac313a1e.dmp
01.11.2013  22:45                0 e329cdb2-2be2-43bb-8ebd-396ab4440f16.dmp
22.04.2014  20:46                0 e3503f5f-5c91-402c-abeb-f80f7d421d78.dmp
27.10.2012  18:43                0 e3e5849f-4070-4adf-bfe0-99d245817da6.dmp
29.11.2012  16:06            12.529 e5043c70-1ecc-4972-8146-08086268ef59.dmp
29.11.2012  16:06            1.454 e5043c70-1ecc-4972-8146-08086268ef59.extra
17.01.2013  22:24                0 e55dd7f7-7315-426e-99cb-1dc6558e64b4.dmp
29.11.2013  13:18                0 e715dc85-f9ae-4bcf-bdc7-fa4d10c8f60f.dmp
08.12.2012  10:35                0 e7237f95-2f2e-4071-9b4a-3baa75fd56c4.dmp
16.04.2013  20:12                0 e84e1a02-da62-418e-96e6-ac969dcf2e35.dmp
26.10.2014  21:13                0 e8d67e54-28dc-42d7-a050-a760ecd5ecb1.dmp
23.10.2012  21:19                0 eb32bbb7-ef49-46d1-a859-d98d146a6b08.dmp
05.09.2013  22:07                0 ec13c5d4-ea3e-462f-aaf0-dcea318a6a8b.dmp
20.07.2013  23:03                0 ec1d5aea-3950-4e30-ab24-b9a91fdaa7bd.dmp
28.12.2012  21:15                0 ed5a84e6-d4b8-427c-921d-baf8fe2ef1a3.dmp
30.09.2012  21:30                0 edc42200-2f59-4b82-82cd-24d7dd064776.dmp
09.02.2013  15:09                0 eee7f34b-8930-41f8-a7d8-48e4fab976de.dmp
19.10.2012  05:29                0 ef207404-60ae-4a1e-8b88-e01487d44455.dmp
01.10.2012  20:33                0 ef64ee91-ca5c-45e2-9323-f5df66267728.dmp
20.08.2013  23:36            15.668 efdc5857-d2aa-4664-a22c-05e0dfe5e29f.dmp
22.10.2012  21:38                0 eff90e62-dc9a-4f15-a241-e51212f644c4.dmp
10.06.2013  22:00                0 f1e19728-ee6a-4839-9811-74fae13a74b4.dmp
01.05.2013  18:54                0 f258563f-8840-4f6c-94ca-66b336c13da2.dmp
23.12.2013  01:44                0 f2e6da61-4eca-4309-8e94-fe7a07fb31b7.dmp
11.12.2012  07:40                0 f46aa993-1aaf-417a-955a-9ca1a79eb172.dmp
14.05.2013  22:46                0 f4a7c37d-98f5-47d7-9271-882876396a88.dmp
27.06.2013  22:36                0 f6084d18-a301-45c7-b1bf-adfb335cccfb.dmp
25.06.2014  21:42                0 f6bab533-9727-4c22-87bc-5b3e55e9c619.dmp
27.03.2013  00:40                0 f6e9354e-8bd3-4363-8ff1-d401fb664b2b.dmp
10.09.2014  11:03                0 f74784d8-f9db-457e-b8a6-9f9f9e774dcd.dmp
02.12.2013  21:15                0 f794db77-78ce-460d-bb2c-05398da795a1.dmp
21.10.2012  20:10                0 f897df4b-7977-4cd2-af14-7e1de1ab87b9.dmp
11.12.2012  22:23                0 f8aec7c0-0e09-4aeb-96d2-09cafb063103.dmp
13.05.2013  10:14                0 f9d3b4af-5314-4bc2-8311-6f04e974aa75.dmp
30.09.2014  11:20                0 fa88d439-d011-4593-8b50-5e4a21d47df7.dmp
09.12.2012  21:59                0 fa9436e4-390a-4846-8ea6-a02e487a5c24.dmp
18.03.2013  16:44                0 fae864ea-5262-48b3-8833-c6132d08a382.dmp
22.11.2013  23:15                0 faea5297-5288-4838-827e-9ca4e6f91fca.dmp
04.11.2012  21:11                0 fb79aa69-5d2b-44d5-a5e8-0f66e5484b60.dmp
23.11.2013  22:33                0 fba75946-4c16-4c6c-bf0e-e1c72b09540a.dmp
07.05.2013  22:31                0 fc26bd62-f1fa-4014-aae1-0461c3da3495.dmp
15.06.2012  21:46            21.512 fc905f37-1cf3-47fa-8bcc-f2a69589a2b0.dmp
15.06.2012  21:46            1.365 fc905f37-1cf3-47fa-8bcc-f2a69589a2b0.extra
03.05.2013  21:38                0 fd31ddad-d45a-4827-aa35-5b3e9d78594f.dmp
29.12.2013  17:42                0 fd80d26b-d2bb-4cb6-9b21-bca6c192a4ad.dmp
18.10.2014  20:35                0 fd946769-1b79-4cce-9ab2-785c3d36b0a4.dmp
18.01.2014  13:01                0 fd9a699c-4286-4e0c-a241-dfb7b5c69952.dmp
08.12.2013  22:55                0 feb0e376-d0fc-418e-acd8-e64c92bc49af.dmp
09.03.2014  18:42                0 ff400b31-1ad4-422d-963c-21f93abc1210.dmp
23.09.2014  20:45            13.856 ff552b2a-1fad-4149-b7f8-ffb03067bc9c.dmp
            531 Datei(en),      2.196.807 Bytes

 Verzeichnis von C:\Users\lucted\Desktop\Alte Firefox-Daten\41A66E7E5EE1\saved-telemetry-pings

14.06.2016  08:35    <DIR>          .
14.06.2016  08:35    <DIR>          ..
14.06.2016  08:35            15.810 edbafa3c-e5a2-4c5e-96dc-f545f83759e0
              1 Datei(en),        15.810 Bytes

 Verzeichnis von C:\Users\lucted\Desktop\Alte Firefox-Daten\41A66E7E5EE1\searchplugins

14.06.2016  08:35    <DIR>          .
14.06.2016  08:35    <DIR>          ..
22.03.2013  15:00            2.418 englische-ergebnisse.xml
22.03.2013  15:00            10.701 gmx-suche.xml
22.03.2013  15:00            2.432 lastminute.xml
22.03.2013  15:00            5.682 webde-suche.xml
              4 Datei(en),        21.233 Bytes

 Verzeichnis von C:\Users\lucted\Desktop\Alte Firefox-Daten\41A66E7E5EE1\sessionstore-backups

14.06.2016  08:35    <DIR>          .
14.06.2016  08:35    <DIR>          ..
13.06.2016  08:53            4.724 previous.js
14.06.2016  08:34            8.921 recovery.bak
14.06.2016  08:34            8.921 recovery.js
27.01.2016  21:59            17.241 upgrade.js-20160123151951
13.02.2016  21:11            22.633 upgrade.js-20160210153822
19.03.2016  21:12            15.194 upgrade.js-20160315153207
              6 Datei(en),        77.634 Bytes

 Verzeichnis von C:\Users\lucted\Desktop\Alte Firefox-Daten\41A66E7E5EE1\storage

14.06.2016  08:35    <DIR>          .
14.06.2016  08:35    <DIR>          ..
14.06.2016  08:35    <DIR>          default
14.06.2016  08:35    <DIR>          permanent
14.06.2016  08:35    <DIR>          temporary
              0 Datei(en),              0 Bytes

 Verzeichnis von C:\Users\lucted\Desktop\Alte Firefox-Daten\41A66E7E5EE1\storage\default

14.06.2016  08:35    <DIR>          .
14.06.2016  08:35    <DIR>          ..
14.06.2016  08:35    <DIR>          http+++content.wargaming.net
14.06.2016  08:35    <DIR>          http+++de.tommy.com
14.06.2016  08:35    <DIR>          http+++intouch.wunderweib.de
14.06.2016  08:35    <DIR>          http+++likemag.com
14.06.2016  08:35    <DIR>          http+++lp.fiverr.com
14.06.2016  08:35    <DIR>          http+++web.de
14.06.2016  08:35    <DIR>          http+++www.bild.de
14.06.2016  08:35    <DIR>          http+++www.gamepoint.de
14.06.2016  08:35    <DIR>          http+++www.kochbar.de
14.06.2016  08:35    <DIR>          http+++www.rtl.de
14.06.2016  08:35    <DIR>          http+++www.swk.de
14.06.2016  08:35    <DIR>          https+++de3.elvenar.com
14.06.2016  08:35    <DIR>          https+++fb.gamepoint.com
14.06.2016  08:35    <DIR>          https+++html5reader.thalia.de
14.06.2016  08:35    <DIR>          https+++lpcdn.lpsnmedia.net
14.06.2016  08:35    <DIR>          https+++web.de
14.06.2016  08:35    <DIR>          https+++www.fiverr.com
14.06.2016  08:35    <DIR>          https+++www.pinterest.com
              0 Datei(en),              0 Bytes

 Verzeichnis von C:\Users\lucted\Desktop\Alte Firefox-Daten\41A66E7E5EE1\storage\default\http+++content.wargaming.net

14.06.2016  08:35    <DIR>          .
14.06.2016  08:35    <DIR>          ..
12.06.2016  22:19                58 .metadata
14.06.2016  08:35    <DIR>          idb
              1 Datei(en),            58 Bytes

 Verzeichnis von C:\Users\lucted\Desktop\Alte Firefox-Daten\41A66E7E5EE1\storage\default\http+++content.wargaming.net\idb

14.06.2016  08:35    <DIR>          .
14.06.2016  08:35    <DIR>          ..
14.06.2016  08:35    <DIR>          2785209772abrdm-otre-gidniswp-e.files
22.03.2016  15:31            49.152 2785209772abrdm-otre-gidniswp-e.sqlite
              1 Datei(en),        49.152 Bytes

 Verzeichnis von C:\Users\lucted\Desktop\Alte Firefox-Daten\41A66E7E5EE1\storage\default\http+++content.wargaming.net\idb\2785209772abrdm-otre-gidniswp-e.files

14.06.2016  08:35    <DIR>          .
14.06.2016  08:35    <DIR>          ..
              0 Datei(en),              0 Bytes

 Verzeichnis von C:\Users\lucted\Desktop\Alte Firefox-Daten\41A66E7E5EE1\storage\default\http+++de.tommy.com

14.06.2016  08:35    <DIR>          .
14.06.2016  08:35    <DIR>          ..
12.06.2016  22:19                45 .metadata
14.06.2016  08:35    <DIR>          idb
              1 Datei(en),            45 Bytes

 Verzeichnis von C:\Users\lucted\Desktop\Alte Firefox-Daten\41A66E7E5EE1\storage\default\http+++de.tommy.com\idb

14.06.2016  08:35    <DIR>          .
14.06.2016  08:35    <DIR>          ..
14.06.2016  08:35    <DIR>          766948556cbtd..files
08.02.2016  15:50            49.152 766948556cbtd..sqlite
              1 Datei(en),        49.152 Bytes

 Verzeichnis von C:\Users\lucted\Desktop\Alte Firefox-Daten\41A66E7E5EE1\storage\default\http+++de.tommy.com\idb\766948556cbtd..files

14.06.2016  08:35    <DIR>          .
14.06.2016  08:35    <DIR>          ..
              0 Datei(en),              0 Bytes

 Verzeichnis von C:\Users\lucted\Desktop\Alte Firefox-Daten\41A66E7E5EE1\storage\default\http+++intouch.wunderweib.de

14.06.2016  08:35    <DIR>          .
14.06.2016  08:35    <DIR>          ..
12.06.2016  22:19                58 .metadata
14.06.2016  08:35    <DIR>          idb
              1 Datei(en),            58 Bytes

 Verzeichnis von C:\Users\lucted\Desktop\Alte Firefox-Daten\41A66E7E5EE1\storage\default\http+++intouch.wunderweib.de\idb

14.06.2016  08:35    <DIR>          .
14.06.2016  08:35    <DIR>          ..
14.06.2016  08:35    <DIR>          301792106ttes.files
31.01.2016  19:31            49.152 301792106ttes.sqlite
              1 Datei(en),        49.152 Bytes

 Verzeichnis von C:\Users\lucted\Desktop\Alte Firefox-Daten\41A66E7E5EE1\storage\default\http+++intouch.wunderweib.de\idb\301792106ttes.files

14.06.2016  08:35    <DIR>          .
14.06.2016  08:35    <DIR>          ..
              0 Datei(en),              0 Bytes

 Verzeichnis von C:\Users\lucted\Desktop\Alte Firefox-Daten\41A66E7E5EE1\storage\default\http+++likemag.com

14.06.2016  08:35    <DIR>          .
14.06.2016  08:35    <DIR>          ..
12.06.2016  22:19                46 .metadata
14.06.2016  08:35    <DIR>          idb
              1 Datei(en),            46 Bytes

 Verzeichnis von C:\Users\lucted\Desktop\Alte Firefox-Daten\41A66E7E5EE1\storage\default\http+++likemag.com\idb

14.06.2016  08:35    <DIR>          .
14.06.2016  08:35    <DIR>          ..
14.06.2016  08:35    <DIR>          12183338011.files
25.03.2016  17:22            49.152 12183338011.sqlite
14.06.2016  08:35    <DIR>          301792106ttes.files
02.05.2016  10:44            49.152 301792106ttes.sqlite
14.06.2016  08:35    <DIR>          734840399Aruug.files
02.05.2016  10:44            49.152 734840399Aruug.sqlite
              3 Datei(en),        147.456 Bytes

 Verzeichnis von C:\Users\lucted\Desktop\Alte Firefox-Daten\41A66E7E5EE1\storage\default\http+++likemag.com\idb\12183338011.files

14.06.2016  08:35    <DIR>          .
14.06.2016  08:35    <DIR>          ..
              0 Datei(en),              0 Bytes

 Verzeichnis von C:\Users\lucted\Desktop\Alte Firefox-Daten\41A66E7E5EE1\storage\default\http+++likemag.com\idb\301792106ttes.files

14.06.2016  08:35    <DIR>          .
14.06.2016  08:35    <DIR>          ..
              0 Datei(en),              0 Bytes

 Verzeichnis von C:\Users\lucted\Desktop\Alte Firefox-Daten\41A66E7E5EE1\storage\default\http+++likemag.com\idb\734840399Aruug.files

14.06.2016  08:35    <DIR>          .
14.06.2016  08:35    <DIR>          ..
              0 Datei(en),              0 Bytes

 Verzeichnis von C:\Users\lucted\Desktop\Alte Firefox-Daten\41A66E7E5EE1\storage\default\http+++lp.fiverr.com

14.06.2016  08:35    <DIR>          .
14.06.2016  08:35    <DIR>          ..
06.01.2016  18:39                47 .metadata
14.06.2016  08:35    <DIR>          idb
              1 Datei(en),            47 Bytes

 Verzeichnis von C:\Users\lucted\Desktop\Alte Firefox-Daten\41A66E7E5EE1\storage\default\http+++lp.fiverr.com\idb

14.06.2016  08:35    <DIR>          .
14.06.2016  08:35    <DIR>          ..
              0 Datei(en),              0 Bytes

 Verzeichnis von C:\Users\lucted\Desktop\Alte Firefox-Daten\41A66E7E5EE1\storage\default\http+++web.de

14.06.2016  08:35    <DIR>          .
14.06.2016  08:35    <DIR>          ..
14.06.2016  08:04                36 .metadata
14.06.2016  08:35    <DIR>          idb
              1 Datei(en),            36 Bytes

 Verzeichnis von C:\Users\lucted\Desktop\Alte Firefox-Daten\41A66E7E5EE1\storage\default\http+++web.de\idb

14.06.2016  08:35    <DIR>          .
14.06.2016  08:35    <DIR>          ..
14.06.2016  08:35    <DIR>          301792106ttes.files
28.01.2016  14:15            49.152 301792106ttes.sqlite
              1 Datei(en),        49.152 Bytes

 Verzeichnis von C:\Users\lucted\Desktop\Alte Firefox-Daten\41A66E7E5EE1\storage\default\http+++web.de\idb\301792106ttes.files

14.06.2016  08:35    <DIR>          .
14.06.2016  08:35    <DIR>          ..
              0 Datei(en),              0 Bytes

 Verzeichnis von C:\Users\lucted\Desktop\Alte Firefox-Daten\41A66E7E5EE1\storage\default\http+++www.bild.de

14.06.2016  08:35    <DIR>          .
14.06.2016  08:35    <DIR>          ..
12.06.2016  22:19                42 .metadata
14.06.2016  08:35    <DIR>          idb
              1 Datei(en),            42 Bytes

 Verzeichnis von C:\Users\lucted\Desktop\Alte Firefox-Daten\41A66E7E5EE1\storage\default\http+++www.bild.de\idb

14.06.2016  08:35    <DIR>          .
14.06.2016  08:35    <DIR>          ..
14.06.2016  08:35    <DIR>          1396593213tbedst.files
02.02.2016  14:14            49.152 1396593213tbedst.sqlite
              1 Datei(en),        49.152 Bytes

 Verzeichnis von C:\Users\lucted\Desktop\Alte Firefox-Daten\41A66E7E5EE1\storage\default\http+++www.bild.de\idb\1396593213tbedst.files

14.06.2016  08:35    <DIR>          .
14.06.2016  08:35    <DIR>          ..
              0 Datei(en),              0 Bytes

 Verzeichnis von C:\Users\lucted\Desktop\Alte Firefox-Daten\41A66E7E5EE1\storage\default\http+++www.gamepoint.de

14.06.2016  08:35    <DIR>          .
14.06.2016  08:35    <DIR>          ..
12.06.2016  22:19                52 .metadata
14.06.2016  08:35    <DIR>          idb
              1 Datei(en),            52 Bytes

 Verzeichnis von C:\Users\lucted\Desktop\Alte Firefox-Daten\41A66E7E5EE1\storage\default\http+++www.gamepoint.de\idb

14.06.2016  08:35    <DIR>          .
14.06.2016  08:35    <DIR>          ..
14.06.2016  08:35    <DIR>          1320802654iedibk_oeovcer.files
06.01.2016  17:00            49.152 1320802654iedibk_oeovcer.sqlite
              1 Datei(en),        49.152 Bytes

 Verzeichnis von C:\Users\lucted\Desktop\Alte Firefox-Daten\41A66E7E5EE1\storage\default\http+++www.gamepoint.de\idb\1320802654iedibk_oeovcer.files

14.06.2016  08:35    <DIR>          .
14.06.2016  08:35    <DIR>          ..
              0 Datei(en),              0 Bytes

 Verzeichnis von C:\Users\lucted\Desktop\Alte Firefox-Daten\41A66E7E5EE1\storage\default\http+++www.kochbar.de

14.06.2016  08:35    <DIR>          .
14.06.2016  08:35    <DIR>          ..
12.06.2016  22:19                48 .metadata
14.06.2016  08:35    <DIR>          idb
              1 Datei(en),            48 Bytes

 Verzeichnis von C:\Users\lucted\Desktop\Alte Firefox-Daten\41A66E7E5EE1\storage\default\http+++www.kochbar.de\idb

14.06.2016  08:35    <DIR>          .
14.06.2016  08:35    <DIR>          ..
14.06.2016  08:35    <DIR>          1967432207atcs_et.files
21.01.2016  16:38            49.152 1967432207atcs_et.sqlite
              1 Datei(en),        49.152 Bytes

 Verzeichnis von C:\Users\lucted\Desktop\Alte Firefox-Daten\41A66E7E5EE1\storage\default\http+++www.kochbar.de\idb\1967432207atcs_et.files

14.06.2016  08:35    <DIR>          .
14.06.2016  08:35    <DIR>          ..
              0 Datei(en),              0 Bytes

 Verzeichnis von C:\Users\lucted\Desktop\Alte Firefox-Daten\41A66E7E5EE1\storage\default\http+++www.rtl.de

14.06.2016  08:35    <DIR>          .
14.06.2016  08:35    <DIR>          ..
12.06.2016  22:19                40 .metadata
14.06.2016  08:35    <DIR>          idb
              1 Datei(en),            40 Bytes

 Verzeichnis von C:\Users\lucted\Desktop\Alte Firefox-Daten\41A66E7E5EE1\storage\default\http+++www.rtl.de\idb

14.06.2016  08:35    <DIR>          .
14.06.2016  08:35    <DIR>          ..
14.06.2016  08:35    <DIR>          1967432207atcs_et.files
21.01.2016  13:37            49.152 1967432207atcs_et.sqlite
              1 Datei(en),        49.152 Bytes

 Verzeichnis von C:\Users\lucted\Desktop\Alte Firefox-Daten\41A66E7E5EE1\storage\default\http+++www.rtl.de\idb\1967432207atcs_et.files

14.06.2016  08:35    <DIR>          .
14.06.2016  08:35    <DIR>          ..
              0 Datei(en),              0 Bytes

 Verzeichnis von C:\Users\lucted\Desktop\Alte Firefox-Daten\41A66E7E5EE1\storage\default\http+++www.swk.de

14.06.2016  08:35    <DIR>          .
14.06.2016  08:35    <DIR>          ..
21.03.2016  14:04                40 .metadata
14.06.2016  08:35    <DIR>          idb
              1 Datei(en),            40 Bytes

 Verzeichnis von C:\Users\lucted\Desktop\Alte Firefox-Daten\41A66E7E5EE1\storage\default\http+++www.swk.de\idb

14.06.2016  08:35    <DIR>          .
14.06.2016  08:35    <DIR>          ..
              0 Datei(en),              0 Bytes

 Verzeichnis von C:\Users\lucted\Desktop\Alte Firefox-Daten\41A66E7E5EE1\storage\default\https+++de3.elvenar.com

14.06.2016  08:35    <DIR>          .
14.06.2016  08:35    <DIR>          ..
12.06.2016  22:19                51 .metadata
14.06.2016  08:35    <DIR>          idb
              1 Datei(en),            51 Bytes

 Verzeichnis von C:\Users\lucted\Desktop\Alte Firefox-Daten\41A66E7E5EE1\storage\default\https+++de3.elvenar.com\idb

14.06.2016  08:35    <DIR>          .
14.06.2016  08:35    <DIR>          ..
14.06.2016  08:35    <DIR>          136316291isdfb_.files
24.05.2016  19:08            49.152 136316291isdfb_.sqlite
              1 Datei(en),        49.152 Bytes

 Verzeichnis von C:\Users\lucted\Desktop\Alte Firefox-Daten\41A66E7E5EE1\storage\default\https+++de3.elvenar.com\idb\136316291isdfb_.files

14.06.2016  08:35    <DIR>          .
14.06.2016  08:35    <DIR>          ..
              0 Datei(en),              0 Bytes

 Verzeichnis von C:\Users\lucted\Desktop\Alte Firefox-Daten\41A66E7E5EE1\storage\default\https+++fb.gamepoint.com

14.06.2016  08:35    <DIR>          .
14.06.2016  08:35    <DIR>          ..
12.06.2016  22:19                54 .metadata
14.06.2016  08:35    <DIR>          idb
              1 Datei(en),            54 Bytes

 Verzeichnis von C:\Users\lucted\Desktop\Alte Firefox-Daten\41A66E7E5EE1\storage\default\https+++fb.gamepoint.com\idb

14.06.2016  08:35    <DIR>          .
14.06.2016  08:35    <DIR>          ..
14.06.2016  08:35    <DIR>          1320802654iedibk_oeovcer.files
28.01.2016  15:10            49.152 1320802654iedibk_oeovcer.sqlite
              1 Datei(en),        49.152 Bytes

 Verzeichnis von C:\Users\lucted\Desktop\Alte Firefox-Daten\41A66E7E5EE1\storage\default\https+++fb.gamepoint.com\idb\1320802654iedibk_oeovcer.files

14.06.2016  08:35    <DIR>          .
14.06.2016  08:35    <DIR>          ..
              0 Datei(en),              0 Bytes

 Verzeichnis von C:\Users\lucted\Desktop\Alte Firefox-Daten\41A66E7E5EE1\storage\default\https+++html5reader.thalia.de

14.06.2016  08:35    <DIR>          .
14.06.2016  08:35    <DIR>          ..
12.06.2016  22:19                55 .metadata
14.06.2016  08:35    <DIR>          idb
              1 Datei(en),            55 Bytes

 Verzeichnis von C:\Users\lucted\Desktop\Alte Firefox-Daten\41A66E7E5EE1\storage\default\https+++html5reader.thalia.de\idb

14.06.2016  08:35    <DIR>          .
14.06.2016  08:35    <DIR>          ..
14.06.2016  08:35    <DIR>          33016943513b3d8-1g-82577a-71-db.files
11.10.2015  16:07          524.288 33016943513b3d8-1g-82577a-71-db.sqlite
14.06.2016  08:35    <DIR>          3651738702PBaDgdeePxleadcneI_.files
11.10.2015  16:07          524.288 3651738702PBaDgdeePxleadcneI_.sqlite
              2 Datei(en),      1.048.576 Bytes

 Verzeichnis von C:\Users\lucted\Desktop\Alte Firefox-Daten\41A66E7E5EE1\storage\default\https+++html5reader.thalia.de\idb\33016943513b3d8-1g-82577a-71-db.files

14.06.2016  08:35    <DIR>          .
14.06.2016  08:35    <DIR>          ..
              0 Datei(en),              0 Bytes

 Verzeichnis von C:\Users\lucted\Desktop\Alte Firefox-Daten\41A66E7E5EE1\storage\default\https+++html5reader.thalia.de\idb\3651738702PBaDgdeePxleadcneI_.files

14.06.2016  08:35    <DIR>          .
14.06.2016  08:35    <DIR>          ..
              0 Datei(en),              0 Bytes

 Verzeichnis von C:\Users\lucted\Desktop\Alte Firefox-Daten\41A66E7E5EE1\storage\default\https+++lpcdn.lpsnmedia.net

14.06.2016  08:35    <DIR>          .
14.06.2016  08:35    <DIR>          ..
12.06.2016  22:19                57 .metadata
14.06.2016  08:35    <DIR>          idb
              1 Datei(en),            57 Bytes

 Verzeichnis von C:\Users\lucted\Desktop\Alte Firefox-Daten\41A66E7E5EE1\storage\default\https+++lpcdn.lpsnmedia.net\idb

14.06.2016  08:35    <DIR>          .
14.06.2016  08:35    <DIR>          ..
14.06.2016  08:35    <DIR>          713543746LePgSaercoutrSe.files
07.01.2016  20:34            49.152 713543746LePgSaercoutrSe.sqlite
              1 Datei(en),        49.152 Bytes

 Verzeichnis von C:\Users\lucted\Desktop\Alte Firefox-Daten\41A66E7E5EE1\storage\default\https+++lpcdn.lpsnmedia.net\idb\713543746LePgSaercoutrSe.files

14.06.2016  08:35    <DIR>          .
14.06.2016  08:35    <DIR>          ..
              0 Datei(en),              0 Bytes

 Verzeichnis von C:\Users\lucted\Desktop\Alte Firefox-Daten\41A66E7E5EE1\storage\default\https+++web.de

14.06.2016  08:35    <DIR>          .
14.06.2016  08:35    <DIR>          ..
12.06.2016  22:19                37 .metadata
14.06.2016  08:35    <DIR>          idb
              1 Datei(en),            37 Bytes

 Verzeichnis von C:\Users\lucted\Desktop\Alte Firefox-Daten\41A66E7E5EE1\storage\default\https+++web.de\idb

14.06.2016  08:35    <DIR>          .
14.06.2016  08:35    <DIR>          ..
14.06.2016  08:35    <DIR>          301792106ttes.files
04.05.2016  14:17            49.152 301792106ttes.sqlite
              1 Datei(en),        49.152 Bytes

 Verzeichnis von C:\Users\lucted\Desktop\Alte Firefox-Daten\41A66E7E5EE1\storage\default\https+++web.de\idb\301792106ttes.files

14.06.2016  08:35    <DIR>          .
14.06.2016  08:35    <DIR>          ..
              0 Datei(en),              0 Bytes

 Verzeichnis von C:\Users\lucted\Desktop\Alte Firefox-Daten\41A66E7E5EE1\storage\default\https+++www.fiverr.com

14.06.2016  08:35    <DIR>          .
14.06.2016  08:35    <DIR>          ..
06.01.2016  18:46                49 .metadata
14.06.2016  08:35    <DIR>          idb
              1 Datei(en),            49 Bytes

 Verzeichnis von C:\Users\lucted\Desktop\Alte Firefox-Daten\41A66E7E5EE1\storage\default\https+++www.fiverr.com\idb

14.06.2016  08:35    <DIR>          .
14.06.2016  08:35    <DIR>          ..
              0 Datei(en),              0 Bytes

 Verzeichnis von C:\Users\lucted\Desktop\Alte Firefox-Daten\41A66E7E5EE1\storage\default\https+++www.pinterest.com

14.06.2016  08:35    <DIR>          .
14.06.2016  08:35    <DIR>          ..
19.03.2016  20:17                55 .metadata
14.06.2016  08:35    <DIR>          cache
              1 Datei(en),            55 Bytes

 Verzeichnis von C:\Users\lucted\Desktop\Alte Firefox-Daten\41A66E7E5EE1\storage\default\https+++www.pinterest.com\cache

14.06.2016  08:35    <DIR>          .
14.06.2016  08:35    <DIR>          ..
19.03.2016  20:17            65.536 caches.sqlite
14.06.2016  08:35    <DIR>          morgue
              1 Datei(en),        65.536 Bytes

 Verzeichnis von C:\Users\lucted\Desktop\Alte Firefox-Daten\41A66E7E5EE1\storage\default\https+++www.pinterest.com\cache\morgue

14.06.2016  08:35    <DIR>          .
14.06.2016  08:35    <DIR>          ..
14.06.2016  08:35    <DIR>          143
14.06.2016  08:35    <DIR>          255
14.06.2016  08:35    <DIR>          43
14.06.2016  08:35    <DIR>          79
14.06.2016  08:35    <DIR>          88
              0 Datei(en),              0 Bytes

 Verzeichnis von C:\Users\lucted\Desktop\Alte Firefox-Daten\41A66E7E5EE1\storage\default\https+++www.pinterest.com\cache\morgue\143

14.06.2016  08:35    <DIR>          .
14.06.2016  08:35    <DIR>          ..
03.03.2016  11:48            1.824 {cbad066f-11a4-4065-bbae-1e03bb53368f}.final
              1 Datei(en),          1.824 Bytes

 Verzeichnis von C:\Users\lucted\Desktop\Alte Firefox-Daten\41A66E7E5EE1\storage\default\https+++www.pinterest.com\cache\morgue\255

14.06.2016  08:35    <DIR>          .
14.06.2016  08:35    <DIR>          ..
18.03.2016  12:40            1.824 {e05a94f7-fc91-489c-ab8f-4c69d3606aff}.final
              1 Datei(en),          1.824 Bytes

 Verzeichnis von C:\Users\lucted\Desktop\Alte Firefox-Daten\41A66E7E5EE1\storage\default\https+++www.pinterest.com\cache\morgue\43

14.06.2016  08:35    <DIR>          .
14.06.2016  08:35    <DIR>          ..
28.02.2016  10:36            1.824 {221ff0b8-9192-43bd-9396-48c3edf9f32b}.final
              1 Datei(en),          1.824 Bytes

 Verzeichnis von C:\Users\lucted\Desktop\Alte Firefox-Daten\41A66E7E5EE1\storage\default\https+++www.pinterest.com\cache\morgue\79

14.06.2016  08:35    <DIR>          .
14.06.2016  08:35    <DIR>          ..
19.03.2016  20:16            1.824 {5d340fe2-162e-497f-beaf-e6f772bfbb4f}.final
              1 Datei(en),          1.824 Bytes

 Verzeichnis von C:\Users\lucted\Desktop\Alte Firefox-Daten\41A66E7E5EE1\storage\default\https+++www.pinterest.com\cache\morgue\88

14.06.2016  08:35    <DIR>          .
14.06.2016  08:35    <DIR>          ..
19.02.2016  16:08            1.824 {069cfaac-47d0-43f5-8d10-e64c0ba84f58}.final
              1 Datei(en),          1.824 Bytes

 Verzeichnis von C:\Users\lucted\Desktop\Alte Firefox-Daten\41A66E7E5EE1\storage\permanent

14.06.2016  08:35    <DIR>          .
14.06.2016  08:35    <DIR>          ..
14.06.2016  08:35    <DIR>          chrome
              0 Datei(en),              0 Bytes

 Verzeichnis von C:\Users\lucted\Desktop\Alte Firefox-Daten\41A66E7E5EE1\storage\permanent\chrome

14.06.2016  08:35    <DIR>          .
14.06.2016  08:35    <DIR>          ..
12.03.2015  22:21                29 .metadata
14.06.2016  08:35    <DIR>          idb
              1 Datei(en),            29 Bytes

 Verzeichnis von C:\Users\lucted\Desktop\Alte Firefox-Daten\41A66E7E5EE1\storage\permanent\chrome\idb

14.06.2016  08:35    <DIR>          .
14.06.2016  08:35    <DIR>          ..
14.06.2016  08:35    <DIR>          2588645841ssegtnti.files
11.10.2015  16:07          524.288 2588645841ssegtnti.sqlite
14.06.2016  08:35    <DIR>          2918063365piupsah.files
28.01.2016  14:15            49.152 2918063365piupsah.sqlite
14.06.2016  08:35    <DIR>          846562544phus.files
11.10.2015  16:07          524.288 846562544phus.sqlite
              3 Datei(en),      1.097.728 Bytes

 Verzeichnis von C:\Users\lucted\Desktop\Alte Firefox-Daten\41A66E7E5EE1\storage\permanent\chrome\idb\2588645841ssegtnti.files

14.06.2016  08:35    <DIR>          .
14.06.2016  08:35    <DIR>          ..
              0 Datei(en),              0 Bytes

 Verzeichnis von C:\Users\lucted\Desktop\Alte Firefox-Daten\41A66E7E5EE1\storage\permanent\chrome\idb\2918063365piupsah.files

14.06.2016  08:35    <DIR>          .
14.06.2016  08:35    <DIR>          ..
              0 Datei(en),              0 Bytes

 Verzeichnis von C:\Users\lucted\Desktop\Alte Firefox-Daten\41A66E7E5EE1\storage\permanent\chrome\idb\846562544phus.files

14.06.2016  08:35    <DIR>          .
14.06.2016  08:35    <DIR>          ..
              0 Datei(en),              0 Bytes

 Verzeichnis von C:\Users\lucted\Desktop\Alte Firefox-Daten\41A66E7E5EE1\storage\temporary

14.06.2016  08:35    <DIR>          .
14.06.2016  08:35    <DIR>          ..
14.06.2016  08:35    <DIR>          http+++content.wargaming.net
14.06.2016  08:35    <DIR>          https+++apps.facebook.com
14.06.2016  08:35    <DIR>          https+++www.facebook.com
              0 Datei(en),              0 Bytes

 Verzeichnis von C:\Users\lucted\Desktop\Alte Firefox-Daten\41A66E7E5EE1\storage\temporary\http+++content.wargaming.net

14.06.2016  08:35    <DIR>          .
14.06.2016  08:35    <DIR>          ..
22.03.2016  15:31                58 .metadata
14.06.2016  08:35    <DIR>          asmjs
              1 Datei(en),            58 Bytes

 Verzeichnis von C:\Users\lucted\Desktop\Alte Firefox-Daten\41A66E7E5EE1\storage\temporary\http+++content.wargaming.net\asmjs

14.06.2016  08:35    <DIR>          .
14.06.2016  08:35    <DIR>          ..
22.03.2016  15:31              274 metadata
22.03.2016  15:28        7.536.023 module15
              2 Datei(en),      7.536.297 Bytes

 Verzeichnis von C:\Users\lucted\Desktop\Alte Firefox-Daten\41A66E7E5EE1\storage\temporary\https+++apps.facebook.com

14.06.2016  08:35    <DIR>          .
14.06.2016  08:35    <DIR>          ..
12.03.2015  22:21                54 .metadata
14.06.2016  08:35    <DIR>          asmjs
              1 Datei(en),            54 Bytes

 Verzeichnis von C:\Users\lucted\Desktop\Alte Firefox-Daten\41A66E7E5EE1\storage\temporary\https+++apps.facebook.com\asmjs

14.06.2016  08:35    <DIR>          .
14.06.2016  08:35    <DIR>          ..
10.02.2015  20:02              274 metadata
10.02.2015  20:02        1.323.137 module13
10.02.2015  20:02        1.323.137 module14
10.02.2015  20:02        1.323.137 module15
              4 Datei(en),      3.969.685 Bytes

 Verzeichnis von C:\Users\lucted\Desktop\Alte Firefox-Daten\41A66E7E5EE1\storage\temporary\https+++www.facebook.com

14.06.2016  08:35    <DIR>          .
14.06.2016  08:35    <DIR>          ..
05.04.2016  12:35                53 .metadata
14.06.2016  08:35    <DIR>          asmjs
              1 Datei(en),            53 Bytes

 Verzeichnis von C:\Users\lucted\Desktop\Alte Firefox-Daten\41A66E7E5EE1\storage\temporary\https+++www.facebook.com\asmjs

14.06.2016  08:35    <DIR>          .
14.06.2016  08:35    <DIR>          ..
05.04.2016  12:35              274 metadata
20.03.2016  17:08        1.255.786 module13
20.03.2016  17:08        1.255.786 module14
20.03.2016  17:08        1.255.786 module15
              4 Datei(en),      3.767.632 Bytes

 Verzeichnis von C:\Users\lucted\Desktop\Alte Firefox-Daten\41A66E7E5EE1\weave

14.06.2016  08:35    <DIR>          .
14.06.2016  08:35    <DIR>          ..
14.06.2016  08:35    <DIR>          changes
14.06.2016  08:35    <DIR>          failed
14.06.2016  08:35    <DIR>          toFetch
              0 Datei(en),              0 Bytes

 Verzeichnis von C:\Users\lucted\Desktop\Alte Firefox-Daten\41A66E7E5EE1\weave\changes

14.06.2016  08:35    <DIR>          .
14.06.2016  08:35    <DIR>          ..
              0 Datei(en),              0 Bytes

 Verzeichnis von C:\Users\lucted\Desktop\Alte Firefox-Daten\41A66E7E5EE1\weave\failed

14.06.2016  08:35    <DIR>          .
14.06.2016  08:35    <DIR>          ..
              0 Datei(en),              0 Bytes

 Verzeichnis von C:\Users\lucted\Desktop\Alte Firefox-Daten\41A66E7E5EE1\weave\toFetch

14.06.2016  08:35    <DIR>          .
14.06.2016  08:35    <DIR>          ..
              0 Datei(en),              0 Bytes

 Verzeichnis von C:\Users\lucted\Desktop\Alte Firefox-Daten\41A66E7E5EE1\webapps

14.06.2016  08:35    <DIR>          .
14.06.2016  08:35    <DIR>          ..
14.06.2016  08:03                2 webapps.json
              1 Datei(en),              2 Bytes

 Verzeichnis von C:\Users\lucted\Desktop\Alte Firefox-Daten\41A66E7E5EE1\YourGSearchFinder_br

14.06.2016  08:35    <DIR>          .
14.06.2016  08:35    <DIR>          ..
              0 Datei(en),              0 Bytes

    Anzahl der angezeigten Dateien:
            844 Datei(en),    52.530.264 Bytes
            365 Verzeichnis(se), 622.113.751.040 Bytes frei

========= Ende von CMD: =========


==== Ende von Fixlog 22:58:27 ====
Dann haben wir aber auch noch das Problem, dass wir seit der Umstellung der Telekom auf das Magenta ein sehr langsames Internet haben, ich könnte :headbang:grrrrr
ich habe mein Handy,Tablet und Laptop alle über Wlan, beim Laptop habe ich keine Probleme mit dem Internet, aber beim Handy und Tablet heisst es immer "Ihre Internetverbindung ist instabil" ich denke ich muss mal den ganzen Telekom mist neu machen:confused:

Ok das wars erstmal, wünsche Dir noch eine angenehme Nacht, bis morgen und:dankeschoen:

Guten Abend Rafael,
ist mein pc jetzt sauber? Kann ich jetzt Kaspersky wieder laden?
Lg Caro

burningice 16.06.2016 23:05
okay nochmal: der PC auf dem wir jetzt die letzten 3 Seiten rumgewerkelt haben, hat der noch ein Problem? Weil von meiner Seite würde das sonst passen - dann könnten wir zum "aufräumen" kommen und danach ein neues Projekt starten ;) first things first

Caroblue 17.06.2016 11:37
Hallo Rafael,
also ich würde mal sagen "nein keine weiteren Probleme" ��wir können aufräumen☺ wollte dich eh fragen, ob die Programme alle wieder weg können ☺wenn wir fertig sind.
Vielen lieben dank und es wird noch ein Dankeschön an eure Seite für die tolle Hilfe folgen.
Lg Caro

burningice 17.06.2016 16:02
Die Logs von deinem Rechner sehen jetzt für mich sauber aus: Herzlichen Glückwunsch - du bist Clean :daumenhoc



Zum Schluss müssen wir noch etwas aufräumen und ich gebe dir ein paar Hinweise mit auf den Weg:

Wichtig: Entfernen der verwendeten Tools
Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.

http://filepony.de/icon/tiny/malware...ti_malware.png Malwarebytes Anti-Malware und http://filepony.de/icon/tiny/eset_online_scanner.pngESET kannst du als Ergänzung zu deiner bestehenden Antivirus-Lösung auf dem Computer belassen und deinen Computer damit regelmäßig scannen.


Persönliche Empfehlungen
Das wichtigste zu erst:

Schutz vor unerwünschter Software
Adware ist zu einer Art permanenten Bedrohung geworden, weil immer mehr Programme versuchen, einem beim Installieren noch was anderes unterzujubeln - und wie schnell hat man da ein Häkchen übersehen?

Darum: pass auf, wenn du dir Software aus dem Internet herunterlädst! Viele Portale im Internet wie Chip, Softonic und Sourceforge versuchen häufig, dir Adware oder sonstige Downloader mit unerwünschten Programmen unterzujubeln. Downloade nach Möglichkeit immer direkt von der Herstellerseite oder alternativ von einem sauberen Download-Portal, wie von FilePony.de.
Lese dir dazu auch folgenden Artikel durch: CHIP-Installer - was ist das? - Anleitungen

Selbst wenn du ein Programm von einer seriösen Quelle heruntergeladen hast, ist das keine Garantie, dass dein Programm nicht doch versucht, unerwünschte Änderungen an deinem Computer vorzunehmen. So versuchen immer mehr Programme, durch modifizierte Installationsroutinen unerwünschte Programme mit auf deinen PC zu schleusen. Das klappt leider auch häufig, weil viele Anwender nicht lesen, was auf dem Bildschirm steht und stattdessen schnell durchklicken.
Deshalb: Wenn du ein Programm installierst, wähle immer die benutzerdefinierte Installation und schaue, was du da gerade eigentlich alles mit einem Klick auf "Ok" oder "Weiter" abnickst - entferne entsprechend die Haken bei Dingen, die du nicht möchtest. Wer lesen kann, ist klar im Vorteil!

Benutze keine Optimizer, Cleaner oder sonstige SpeedUp Wunder, da diese Tools fast nie einen auch nur messbaren Performancegewinn bringen.
Du kannst jedoch regelmäßig auf deinem PC die Datenträgerbereinigung ausführen, so gewinnst du belegten Speicherplatz zurück.

Aktiviere in deiner Virenschutzlösungen den "Schutz vor potentiell unerwünschter Software", um dich bestmöglich zu schützen.

Guter Trick: Wenn du den kostenlosen Windows Defender benutzt (ab Windows 8), kannst du einen vergleichbaren Schutz durch einen kleinen Trick auch nutzen! Lese dazu folgenden Artikel um dich mehr zu informieren: Windows mit verstecktem Adware-Killer
Zum aktivieren dieses "Tricks" lade einfach nur diese Datei und führe sie aus: MpEnablePlus.reg

Tipps, um dein System sicherer zu machen
Halte immer deine Plug-ins und Software, insbesondere deinen Browser aktuell. Deinstalliere wenn möglich Java und den Adobe Flashplayer von deinem Computer. Neuerdings benötigt man sie fast nie mehr und stellen darum nur mehr eine unnötige Sicherheitslücke auf deinem Computer dar. Wenn du sie doch unbedingt benötigst, halte sie aber unbedingt aktuell.

Weiters kannst du dir http://filepony.de/icon/tiny/malware...ti_exploit.pngMalwarebytes Anti-Exploit installieren. Es schützt gegen viele aktuelle Sicherheitslücken und erhöht so deine Sicherheit.

Passwörter
Ändere regelmäßig deine Passwörter! Zudem musst du sichere Passwörter benutzen, das bedeutet: mindestens 8 Zeichen, Groß- und Kleinbuchstaben und Sonderzeichen.
Ganz wichtig: benutze pro Account ein anderes Passwort!
Tipp: Benutze einen Spruch, den du dir leicht merken kannst, als Hilfe für ein Passwort! Zum Beispiel: Der Himmel ist blau und wenn es regnet?-grau ==> DHibuwer?-grau


Unterstütze uns und empfiehl uns weiter

Du kennst Freunde und Bekannte, die Probleme mit ihrem Computer haben? Schick sie doch zu uns auf das Trojaner Board, wir helfen gerne :daumenhoc

Wenn du uns mit einer Spende unterstützen möchtest, freuen wir uns sehr und dies kannst du hier tun: http://www.trojaner-board.de/79994-s...ndenkonto.html Herzlichen Dank dafür :party:

Wir machen diese Tätigkeit hier freiwillig, darum freue ich mich besonders über ein kurzes Danke, wenn du mit mir zufrieden warest oder sonst über Verbesserungsvorschläge - das kannst du gerne hier machen :)

Besuche und like unsere Facebook-Seite! http://3.bp.blogspot.com/--h4eLCX9kl...ike-symbol.png


:abklatsch: Danke für deine Mitarbeit und alles Gute! :abklatsch:

Bitte gib mir Bescheid, wenn du das alles gelesen hast und du keine weiteren Fragen mehr hast.

Caroblue 17.06.2016 21:38
Hallo Rafael, ich habe es gelesen und werde mich noch heute ran machen 😊
es ist eine ganze Menge zu beachten, wenn man nicht viel Ahnung von allem hat. Holla die Waldfee :wtf: ich geb mein bestes.
Lob und Spende sind schon erfolgt und ich werde euch auf jedenfall weiterempfehlen :daumenhoc
lg Caro :dankeschoen:

Ich habe noch eine frage, was ist mit dem Ordner auf meinen Destop " Upload.zip"
und mit dem Ordner "alte Firefox-Daten" kann ich die beiden auch löschen?

burningice 18.06.2016 13:14
Super - herzlichen Dank dafür :)

Ja kannst du alles löschen


Alle Zeitangaben in WEZ +1. Es ist jetzt 12:47 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131