Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Win 10 Rogue.953320 Malware

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 01.03.2016, 09:54   #1
pinokw
 
Win 10 Rogue.953320 Malware - Standard

Win 10 Rogue.953320 Malware



Hallo,

mein AVIRA hat seit einigen Tagen einen Fund der "Rogue.953320" Malware gemeldet (s. Log). Daraufhin habe ich auch MBAM laufen lassen. Leider konnte die infizierte Datei nicht umbenannt/gelöscht werden. Mit jedem Suchlauf von AVIRA wurden mehr infizierte Dateien gefunden. Nach mehreren kompletten Suchläufen durch AVIRA wechselte ich die Strategie:

Ich habe dann einen kompletten Suchlauf über die Recovery CD von AVIRA gefahren. Jetzt konnte die infizierte Datei umbenannt werden (irgendwas.vir). Leider war das Problem beim ersten Suchlauf nach dem Hochfahren des Win10 Systems wieder präsent.

Ich brauche jetzt eure Hilfe, da ich an meiner Dissertation arbeite und Angst habe es könnte irgendwas passieren.. Hier die LOGS von AVIRA, MBAM und FRST

Vielen Dank für eure Hilfe!

Code:
ATTFilter
Antivirus Pro
Erstellungsdatum der Reportdatei: Dienstag, 1. März 2016  09:01


Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.

Lizenznehmer   : XXXXXXXX
Seriennummer   : XXXXXXXX
Plattform      : Windows 10 Home
Windowsversion : (plain)  [10.0.10586]
Boot Modus     : Normal gebootet
Benutzername   : SYSTEM
Computername   : EARTH1

Versionsinformationen:
build.dat      : 15.0.15.141    93076 Bytes  17.02.2016 08:41:00
AVSCAN.EXE     : 15.0.15.133  1202864 Bytes  20.02.2016 18:32:43
AVSCANRC.DLL   : 15.0.15.137    66208 Bytes  20.02.2016 18:32:43
LUKE.DLL       : 15.0.15.133    69248 Bytes  20.02.2016 18:32:46
AVSCPLR.DLL    : 15.0.15.133   106352 Bytes  20.02.2016 18:32:43
REPAIR.DLL     : 15.0.15.133   493608 Bytes  20.02.2016 18:32:42
repair.rdf     : 1.0.14.98    1559068 Bytes  29.02.2016 17:05:24
AVREG.DLL      : 15.0.15.133   345344 Bytes  20.02.2016 18:32:42
avlode.dll     : 15.0.15.133   700712 Bytes  20.02.2016 18:32:42
avlode.rdf     : 14.0.5.32      93671 Bytes  26.02.2016 10:03:33
XBV00006.VDF   : 8.12.37.66      2048 Bytes  17.12.2015 14:30:15
XBV00007.VDF   : 8.12.37.66      2048 Bytes  17.12.2015 14:30:15
XBV00008.VDF   : 8.12.37.66      2048 Bytes  17.12.2015 14:30:15
XBV00009.VDF   : 8.12.37.66      2048 Bytes  17.12.2015 14:30:15
XBV00010.VDF   : 8.12.37.66      2048 Bytes  17.12.2015 14:30:15
XBV00011.VDF   : 8.12.37.66      2048 Bytes  17.12.2015 14:30:15
XBV00012.VDF   : 8.12.37.66      2048 Bytes  17.12.2015 14:30:15
XBV00013.VDF   : 8.12.37.66      2048 Bytes  17.12.2015 14:30:15
XBV00014.VDF   : 8.12.37.66      2048 Bytes  17.12.2015 14:30:15
XBV00015.VDF   : 8.12.37.66      2048 Bytes  17.12.2015 14:30:15
XBV00016.VDF   : 8.12.37.66      2048 Bytes  17.12.2015 14:30:15
XBV00017.VDF   : 8.12.37.66      2048 Bytes  17.12.2015 14:30:15
XBV00018.VDF   : 8.12.37.66      2048 Bytes  17.12.2015 14:30:15
XBV00019.VDF   : 8.12.37.66      2048 Bytes  17.12.2015 14:30:15
XBV00020.VDF   : 8.12.37.66      2048 Bytes  17.12.2015 14:30:15
XBV00021.VDF   : 8.12.37.66      2048 Bytes  17.12.2015 14:30:15
XBV00022.VDF   : 8.12.37.66      2048 Bytes  17.12.2015 14:30:15
XBV00023.VDF   : 8.12.37.66      2048 Bytes  17.12.2015 14:30:15
XBV00024.VDF   : 8.12.37.66      2048 Bytes  17.12.2015 14:30:15
XBV00025.VDF   : 8.12.37.66      2048 Bytes  17.12.2015 14:30:15
XBV00026.VDF   : 8.12.37.66      2048 Bytes  17.12.2015 14:30:15
XBV00027.VDF   : 8.12.37.66      2048 Bytes  17.12.2015 14:30:15
XBV00028.VDF   : 8.12.37.66      2048 Bytes  17.12.2015 14:30:15
XBV00029.VDF   : 8.12.37.66      2048 Bytes  17.12.2015 14:30:15
XBV00030.VDF   : 8.12.37.66      2048 Bytes  17.12.2015 14:30:15
XBV00031.VDF   : 8.12.37.66      2048 Bytes  17.12.2015 14:30:15
XBV00032.VDF   : 8.12.37.66      2048 Bytes  17.12.2015 14:30:15
XBV00033.VDF   : 8.12.37.66      2048 Bytes  17.12.2015 14:30:15
XBV00034.VDF   : 8.12.37.66      2048 Bytes  17.12.2015 14:30:15
XBV00035.VDF   : 8.12.37.66      2048 Bytes  17.12.2015 14:30:15
XBV00036.VDF   : 8.12.37.66      2048 Bytes  17.12.2015 14:30:15
XBV00037.VDF   : 8.12.37.66      2048 Bytes  17.12.2015 14:30:15
XBV00038.VDF   : 8.12.37.66      2048 Bytes  17.12.2015 14:30:15
XBV00039.VDF   : 8.12.37.66      2048 Bytes  17.12.2015 14:30:15
XBV00040.VDF   : 8.12.37.66      2048 Bytes  17.12.2015 14:30:15
XBV00041.VDF   : 8.12.37.66      2048 Bytes  17.12.2015 14:30:15
XBV00064.VDF   : 8.12.62.184     2048 Bytes  26.02.2016 09:29:44
XBV00065.VDF   : 8.12.62.184     2048 Bytes  26.02.2016 09:29:45
XBV00066.VDF   : 8.12.62.184     2048 Bytes  26.02.2016 09:29:45
XBV00067.VDF   : 8.12.62.184     2048 Bytes  26.02.2016 09:29:45
XBV00068.VDF   : 8.12.62.184     2048 Bytes  26.02.2016 09:29:45
XBV00069.VDF   : 8.12.62.184     2048 Bytes  26.02.2016 09:29:45
XBV00070.VDF   : 8.12.62.184     2048 Bytes  26.02.2016 09:29:45
XBV00071.VDF   : 8.12.62.184     2048 Bytes  26.02.2016 09:29:45
XBV00072.VDF   : 8.12.62.184     2048 Bytes  26.02.2016 09:29:45
XBV00073.VDF   : 8.12.62.184     2048 Bytes  26.02.2016 09:29:45
XBV00074.VDF   : 8.12.62.184     2048 Bytes  26.02.2016 09:29:45
XBV00075.VDF   : 8.12.62.184     2048 Bytes  26.02.2016 09:29:45
XBV00076.VDF   : 8.12.62.184     2048 Bytes  26.02.2016 09:29:45
XBV00077.VDF   : 8.12.62.184     2048 Bytes  26.02.2016 09:29:45
XBV00078.VDF   : 8.12.62.184     2048 Bytes  26.02.2016 09:29:45
XBV00079.VDF   : 8.12.62.184     2048 Bytes  26.02.2016 09:29:45
XBV00080.VDF   : 8.12.62.184     2048 Bytes  26.02.2016 09:29:45
XBV00081.VDF   : 8.12.62.184     2048 Bytes  26.02.2016 09:29:45
XBV00082.VDF   : 8.12.62.184     2048 Bytes  26.02.2016 09:29:45
XBV00083.VDF   : 8.12.62.184     2048 Bytes  26.02.2016 09:29:45
XBV00084.VDF   : 8.12.62.184     2048 Bytes  26.02.2016 09:29:45
XBV00085.VDF   : 8.12.62.184     2048 Bytes  26.02.2016 09:29:45
XBV00086.VDF   : 8.12.62.184     2048 Bytes  26.02.2016 09:29:45
XBV00087.VDF   : 8.12.62.184     2048 Bytes  26.02.2016 09:29:45
XBV00088.VDF   : 8.12.62.184     2048 Bytes  26.02.2016 09:29:45
XBV00089.VDF   : 8.12.62.184     2048 Bytes  26.02.2016 09:29:45
XBV00090.VDF   : 8.12.62.184     2048 Bytes  26.02.2016 09:29:45
XBV00091.VDF   : 8.12.62.184     2048 Bytes  26.02.2016 09:29:45
XBV00092.VDF   : 8.12.62.184     2048 Bytes  26.02.2016 09:29:45
XBV00093.VDF   : 8.12.62.184     2048 Bytes  26.02.2016 09:29:45
XBV00094.VDF   : 8.12.62.184     2048 Bytes  26.02.2016 09:29:45
XBV00095.VDF   : 8.12.62.184     2048 Bytes  26.02.2016 09:29:45
XBV00096.VDF   : 8.12.62.184     2048 Bytes  26.02.2016 09:29:45
XBV00097.VDF   : 8.12.62.184     2048 Bytes  26.02.2016 09:29:45
XBV00098.VDF   : 8.12.62.184     2048 Bytes  26.02.2016 09:29:45
XBV00099.VDF   : 8.12.62.184     2048 Bytes  26.02.2016 09:29:45
XBV00100.VDF   : 8.12.62.184     2048 Bytes  26.02.2016 09:29:45
XBV00101.VDF   : 8.12.62.184     2048 Bytes  26.02.2016 09:29:45
XBV00102.VDF   : 8.12.62.184     2048 Bytes  26.02.2016 09:29:45
XBV00103.VDF   : 8.12.62.184     2048 Bytes  26.02.2016 09:29:45
XBV00104.VDF   : 8.12.62.184     2048 Bytes  26.02.2016 09:29:45
XBV00105.VDF   : 8.12.62.184     2048 Bytes  26.02.2016 09:29:45
XBV00106.VDF   : 8.12.62.184     2048 Bytes  26.02.2016 09:29:45
XBV00107.VDF   : 8.12.62.184     2048 Bytes  26.02.2016 09:29:45
XBV00108.VDF   : 8.12.62.184     2048 Bytes  26.02.2016 09:29:45
XBV00109.VDF   : 8.12.62.184     2048 Bytes  26.02.2016 09:29:45
XBV00110.VDF   : 8.12.62.184     2048 Bytes  26.02.2016 09:29:45
XBV00111.VDF   : 8.12.62.184     2048 Bytes  26.02.2016 09:29:45
XBV00112.VDF   : 8.12.62.184     2048 Bytes  26.02.2016 09:29:45
XBV00113.VDF   : 8.12.62.184     2048 Bytes  26.02.2016 09:29:45
XBV00114.VDF   : 8.12.62.184     2048 Bytes  26.02.2016 09:29:45
XBV00115.VDF   : 8.12.62.184     2048 Bytes  26.02.2016 09:29:45
XBV00116.VDF   : 8.12.62.184     2048 Bytes  26.02.2016 09:29:45
XBV00117.VDF   : 8.12.62.184     2048 Bytes  26.02.2016 09:29:45
XBV00118.VDF   : 8.12.62.184     2048 Bytes  26.02.2016 09:29:45
XBV00119.VDF   : 8.12.62.184     2048 Bytes  26.02.2016 09:29:45
XBV00120.VDF   : 8.12.62.184     2048 Bytes  26.02.2016 09:29:45
XBV00121.VDF   : 8.12.62.184     2048 Bytes  26.02.2016 09:29:45
XBV00122.VDF   : 8.12.62.184     2048 Bytes  26.02.2016 09:29:45
XBV00123.VDF   : 8.12.62.184     2048 Bytes  26.02.2016 09:29:45
XBV00124.VDF   : 8.12.62.184     2048 Bytes  26.02.2016 09:29:45
XBV00125.VDF   : 8.12.62.184     2048 Bytes  26.02.2016 09:29:45
XBV00126.VDF   : 8.12.62.184     2048 Bytes  26.02.2016 09:29:46
XBV00127.VDF   : 8.12.62.184     2048 Bytes  26.02.2016 09:29:46
XBV00128.VDF   : 8.12.62.184     2048 Bytes  26.02.2016 09:29:46
XBV00129.VDF   : 8.12.62.184     2048 Bytes  26.02.2016 09:29:46
XBV00130.VDF   : 8.12.62.184     2048 Bytes  26.02.2016 09:29:46
XBV00131.VDF   : 8.12.62.184     2048 Bytes  26.02.2016 09:29:46
XBV00132.VDF   : 8.12.62.184     2048 Bytes  26.02.2016 09:29:46
XBV00133.VDF   : 8.12.62.184     2048 Bytes  26.02.2016 09:29:46
XBV00134.VDF   : 8.12.62.184     2048 Bytes  26.02.2016 09:29:46
XBV00135.VDF   : 8.12.62.184     2048 Bytes  26.02.2016 09:29:46
XBV00136.VDF   : 8.12.62.184     2048 Bytes  26.02.2016 09:29:46
XBV00137.VDF   : 8.12.62.184     2048 Bytes  26.02.2016 09:29:46
XBV00138.VDF   : 8.12.62.184     2048 Bytes  26.02.2016 09:29:46
XBV00139.VDF   : 8.12.62.184     2048 Bytes  26.02.2016 09:29:46
XBV00140.VDF   : 8.12.62.184     2048 Bytes  26.02.2016 09:29:46
XBV00141.VDF   : 8.12.62.184     2048 Bytes  26.02.2016 09:29:46
XBV00142.VDF   : 8.12.62.184     2048 Bytes  26.02.2016 09:29:46
XBV00143.VDF   : 8.12.62.184     2048 Bytes  26.02.2016 09:29:46
XBV00144.VDF   : 8.12.62.184     2048 Bytes  26.02.2016 09:29:46
XBV00145.VDF   : 8.12.62.184     2048 Bytes  26.02.2016 09:29:46
XBV00146.VDF   : 8.12.62.184     2048 Bytes  26.02.2016 09:29:46
XBV00147.VDF   : 8.12.62.184     2048 Bytes  26.02.2016 09:29:46
XBV00148.VDF   : 8.12.62.184     2048 Bytes  26.02.2016 09:29:46
XBV00149.VDF   : 8.12.62.184     2048 Bytes  26.02.2016 09:29:46
XBV00150.VDF   : 8.12.62.184     2048 Bytes  26.02.2016 09:29:46
XBV00151.VDF   : 8.12.62.184     2048 Bytes  26.02.2016 09:29:46
XBV00152.VDF   : 8.12.62.184     2048 Bytes  26.02.2016 09:29:46
XBV00153.VDF   : 8.12.62.184     2048 Bytes  26.02.2016 09:29:46
XBV00154.VDF   : 8.12.62.184     2048 Bytes  26.02.2016 09:29:46
XBV00155.VDF   : 8.12.62.184     2048 Bytes  26.02.2016 09:29:46
XBV00156.VDF   : 8.12.62.184     2048 Bytes  26.02.2016 09:29:46
XBV00157.VDF   : 8.12.62.184     2048 Bytes  26.02.2016 09:29:46
XBV00158.VDF   : 8.12.62.184     2048 Bytes  26.02.2016 09:29:46
XBV00159.VDF   : 8.12.62.184     2048 Bytes  26.02.2016 09:29:46
XBV00160.VDF   : 8.12.62.184     2048 Bytes  26.02.2016 09:29:46
XBV00161.VDF   : 8.12.62.184     2048 Bytes  26.02.2016 09:29:46
XBV00162.VDF   : 8.12.62.184     2048 Bytes  26.02.2016 09:29:46
XBV00163.VDF   : 8.12.62.184     2048 Bytes  26.02.2016 09:29:46
XBV00164.VDF   : 8.12.62.184     2048 Bytes  26.02.2016 09:29:46
XBV00165.VDF   : 8.12.62.184     2048 Bytes  26.02.2016 09:29:46
XBV00166.VDF   : 8.12.62.184     2048 Bytes  26.02.2016 09:29:46
XBV00167.VDF   : 8.12.62.184     2048 Bytes  26.02.2016 09:29:46
XBV00168.VDF   : 8.12.62.184     2048 Bytes  26.02.2016 09:29:46
XBV00169.VDF   : 8.12.62.184     2048 Bytes  26.02.2016 09:29:46
XBV00170.VDF   : 8.12.62.184     2048 Bytes  26.02.2016 09:29:46
XBV00171.VDF   : 8.12.62.184     2048 Bytes  26.02.2016 09:29:46
XBV00172.VDF   : 8.12.62.184     2048 Bytes  26.02.2016 09:29:46
XBV00173.VDF   : 8.12.62.184     2048 Bytes  26.02.2016 09:29:46
XBV00174.VDF   : 8.12.62.184     2048 Bytes  26.02.2016 09:29:46
XBV00175.VDF   : 8.12.62.184     2048 Bytes  26.02.2016 09:29:46
XBV00176.VDF   : 8.12.62.184     2048 Bytes  26.02.2016 09:29:46
XBV00177.VDF   : 8.12.62.184     2048 Bytes  26.02.2016 09:29:46
XBV00178.VDF   : 8.12.62.184     2048 Bytes  26.02.2016 09:29:46
XBV00179.VDF   : 8.12.62.184     2048 Bytes  26.02.2016 09:29:46
XBV00180.VDF   : 8.12.62.184     2048 Bytes  26.02.2016 09:29:46
XBV00181.VDF   : 8.12.62.184     2048 Bytes  26.02.2016 09:29:46
XBV00182.VDF   : 8.12.62.184     2048 Bytes  26.02.2016 09:29:46
XBV00183.VDF   : 8.12.62.184     2048 Bytes  26.02.2016 09:29:46
XBV00184.VDF   : 8.12.62.184     2048 Bytes  26.02.2016 09:29:47
XBV00185.VDF   : 8.12.62.184     2048 Bytes  26.02.2016 09:29:47
XBV00186.VDF   : 8.12.62.184     2048 Bytes  26.02.2016 09:29:47
XBV00187.VDF   : 8.12.62.184     2048 Bytes  26.02.2016 09:29:47
XBV00188.VDF   : 8.12.62.184     2048 Bytes  26.02.2016 09:29:47
XBV00189.VDF   : 8.12.62.184     2048 Bytes  26.02.2016 09:29:47
XBV00190.VDF   : 8.12.62.184     2048 Bytes  26.02.2016 09:29:47
XBV00191.VDF   : 8.12.62.184     2048 Bytes  26.02.2016 09:29:47
XBV00192.VDF   : 8.12.62.184     2048 Bytes  26.02.2016 09:29:47
XBV00193.VDF   : 8.12.62.184     2048 Bytes  26.02.2016 09:29:47
XBV00194.VDF   : 8.12.62.184     2048 Bytes  26.02.2016 09:29:47
XBV00195.VDF   : 8.12.62.184     2048 Bytes  26.02.2016 09:29:47
XBV00196.VDF   : 8.12.62.184     2048 Bytes  26.02.2016 09:29:47
XBV00197.VDF   : 8.12.62.184     2048 Bytes  26.02.2016 09:29:47
XBV00198.VDF   : 8.12.62.184     2048 Bytes  26.02.2016 09:29:47
XBV00199.VDF   : 8.12.62.184     2048 Bytes  26.02.2016 09:29:47
XBV00200.VDF   : 8.12.62.184     2048 Bytes  26.02.2016 09:29:47
XBV00201.VDF   : 8.12.62.184     2048 Bytes  26.02.2016 09:29:47
XBV00202.VDF   : 8.12.62.184     2048 Bytes  26.02.2016 09:29:47
XBV00203.VDF   : 8.12.62.184     2048 Bytes  26.02.2016 09:29:47
XBV00204.VDF   : 8.12.62.184     2048 Bytes  26.02.2016 09:29:47
XBV00205.VDF   : 8.12.62.184     2048 Bytes  26.02.2016 09:29:47
XBV00206.VDF   : 8.12.62.184     2048 Bytes  26.02.2016 09:29:47
XBV00207.VDF   : 8.12.62.184     2048 Bytes  26.02.2016 09:29:47
XBV00208.VDF   : 8.12.62.184     2048 Bytes  26.02.2016 09:29:47
XBV00209.VDF   : 8.12.62.184     2048 Bytes  26.02.2016 09:29:47
XBV00210.VDF   : 8.12.62.184     2048 Bytes  26.02.2016 09:29:47
XBV00211.VDF   : 8.12.62.184     2048 Bytes  26.02.2016 09:29:47
XBV00212.VDF   : 8.12.62.184     2048 Bytes  26.02.2016 09:29:47
XBV00213.VDF   : 8.12.62.184     2048 Bytes  26.02.2016 09:29:47
XBV00214.VDF   : 8.12.62.184     2048 Bytes  26.02.2016 09:29:47
XBV00215.VDF   : 8.12.62.184     2048 Bytes  26.02.2016 09:29:47
XBV00216.VDF   : 8.12.62.184     2048 Bytes  26.02.2016 09:29:47
XBV00217.VDF   : 8.12.62.184     2048 Bytes  26.02.2016 09:29:47
XBV00218.VDF   : 8.12.62.184     2048 Bytes  26.02.2016 09:29:47
XBV00219.VDF   : 8.12.62.184     2048 Bytes  26.02.2016 09:29:47
XBV00220.VDF   : 8.12.62.184     2048 Bytes  26.02.2016 09:29:47
XBV00221.VDF   : 8.12.62.184     2048 Bytes  26.02.2016 09:29:47
XBV00222.VDF   : 8.12.62.184     2048 Bytes  26.02.2016 09:29:47
XBV00223.VDF   : 8.12.62.184     2048 Bytes  26.02.2016 09:29:47
XBV00224.VDF   : 8.12.62.184     2048 Bytes  26.02.2016 09:29:47
XBV00225.VDF   : 8.12.62.184     2048 Bytes  26.02.2016 09:29:47
XBV00226.VDF   : 8.12.62.184     2048 Bytes  26.02.2016 09:29:47
XBV00227.VDF   : 8.12.62.184     2048 Bytes  26.02.2016 09:29:47
XBV00228.VDF   : 8.12.62.184     2048 Bytes  26.02.2016 09:29:47
XBV00229.VDF   : 8.12.62.184     2048 Bytes  26.02.2016 09:29:47
XBV00230.VDF   : 8.12.62.184     2048 Bytes  26.02.2016 09:29:47
XBV00231.VDF   : 8.12.62.184     2048 Bytes  26.02.2016 09:29:47
XBV00232.VDF   : 8.12.62.184     2048 Bytes  26.02.2016 09:29:47
XBV00233.VDF   : 8.12.62.184     2048 Bytes  26.02.2016 09:29:47
XBV00234.VDF   : 8.12.62.184     2048 Bytes  26.02.2016 09:29:47
XBV00235.VDF   : 8.12.62.184     2048 Bytes  26.02.2016 09:29:47
XBV00236.VDF   : 8.12.62.184     2048 Bytes  26.02.2016 09:29:47
XBV00237.VDF   : 8.12.62.184     2048 Bytes  26.02.2016 09:29:47
XBV00238.VDF   : 8.12.62.184     2048 Bytes  26.02.2016 09:29:47
XBV00239.VDF   : 8.12.62.184     2048 Bytes  26.02.2016 09:29:47
XBV00240.VDF   : 8.12.62.184     2048 Bytes  26.02.2016 09:29:47
XBV00241.VDF   : 8.12.62.184     2048 Bytes  26.02.2016 09:29:47
XBV00242.VDF   : 8.12.62.184     2048 Bytes  26.02.2016 09:29:47
XBV00243.VDF   : 8.12.62.184     2048 Bytes  26.02.2016 09:29:47
XBV00244.VDF   : 8.12.62.184     2048 Bytes  26.02.2016 09:29:48
XBV00245.VDF   : 8.12.62.184     2048 Bytes  26.02.2016 09:29:48
XBV00246.VDF   : 8.12.62.184     2048 Bytes  26.02.2016 09:29:48
XBV00247.VDF   : 8.12.62.184     2048 Bytes  26.02.2016 09:29:48
XBV00248.VDF   : 8.12.62.184     2048 Bytes  26.02.2016 09:29:48
XBV00249.VDF   : 8.12.62.184     2048 Bytes  26.02.2016 09:29:48
XBV00250.VDF   : 8.12.62.184     2048 Bytes  26.02.2016 09:29:48
XBV00251.VDF   : 8.12.62.184     2048 Bytes  26.02.2016 09:29:48
XBV00252.VDF   : 8.12.62.184     2048 Bytes  26.02.2016 09:29:48
XBV00253.VDF   : 8.12.62.184     2048 Bytes  26.02.2016 09:29:48
XBV00254.VDF   : 8.12.62.184     2048 Bytes  26.02.2016 09:29:48
XBV00255.VDF   : 8.12.62.184     2048 Bytes  26.02.2016 09:29:48
XBV00000.VDF   : 7.11.70.0   66736640 Bytes  04.04.2013 15:12:48
XBV00001.VDF   : 7.11.237.0  48041984 Bytes  02.06.2015 14:30:10
XBV00002.VDF   : 7.12.37.36  16452096 Bytes  17.12.2015 14:30:15
XBV00003.VDF   : 8.12.44.142  3948032 Bytes  09.01.2016 15:12:18
XBV00004.VDF   : 8.12.52.208  4036096 Bytes  02.02.2016 11:52:55
XBV00005.VDF   : 8.12.62.184  2779136 Bytes  26.02.2016 09:29:44
XBV00042.VDF   : 8.12.62.186     8192 Bytes  26.02.2016 09:29:44
XBV00043.VDF   : 8.12.62.188     8704 Bytes  26.02.2016 09:29:44
XBV00044.VDF   : 8.12.62.190     8704 Bytes  26.02.2016 09:29:44
XBV00045.VDF   : 8.12.62.192     8704 Bytes  26.02.2016 09:29:44
XBV00046.VDF   : 8.12.62.200    38400 Bytes  27.02.2016 13:20:41
XBV00047.VDF   : 8.12.62.202    30720 Bytes  27.02.2016 15:20:41
XBV00048.VDF   : 8.12.62.204     2048 Bytes  27.02.2016 15:20:41
XBV00049.VDF   : 8.12.62.218     2048 Bytes  27.02.2016 15:20:41
XBV00050.VDF   : 8.12.62.232    17408 Bytes  27.02.2016 15:20:41
XBV00051.VDF   : 8.12.62.246    69632 Bytes  28.02.2016 11:05:11
XBV00052.VDF   : 8.12.63.4       8192 Bytes  28.02.2016 11:05:11
XBV00053.VDF   : 8.12.63.6       2048 Bytes  28.02.2016 11:05:11
XBV00054.VDF   : 8.12.63.34     16384 Bytes  28.02.2016 11:05:11
XBV00055.VDF   : 8.12.63.48     70144 Bytes  29.02.2016 11:05:12
XBV00056.VDF   : 8.12.63.64      2048 Bytes  29.02.2016 11:05:12
XBV00057.VDF   : 8.12.63.80     13312 Bytes  29.02.2016 11:05:12
XBV00058.VDF   : 8.12.63.94      9216 Bytes  29.02.2016 11:05:12
XBV00059.VDF   : 8.12.63.96      9216 Bytes  29.02.2016 11:05:12
XBV00060.VDF   : 8.12.63.98      7680 Bytes  29.02.2016 13:05:11
XBV00061.VDF   : 8.12.63.100    10240 Bytes  29.02.2016 13:05:11
XBV00062.VDF   : 8.12.63.108    39936 Bytes  29.02.2016 19:05:24
XBV00063.VDF   : 8.12.63.122    30208 Bytes  29.02.2016 21:05:24
LOCAL000.VDF   : 8.12.63.122 144260096 Bytes  29.02.2016 21:05:34
Engineversion  : 8.3.36.30 
AEBB.DLL       : 8.1.3.0        59296 Bytes  20.11.2015 15:23:32
AECORE.DLL     : 8.3.9.0       249920 Bytes  12.11.2015 18:13:29
AEDROID.DLL    : 8.4.3.348    1800104 Bytes  06.11.2015 12:06:12
AEEMU.DLL      : 8.1.3.6       404328 Bytes  20.11.2015 15:23:32
AEEXP.DLL      : 8.4.2.144     289920 Bytes  25.12.2015 09:38:39
AEGEN.DLL      : 8.1.8.34      494440 Bytes  26.02.2016 10:03:33
AEHELP.DLL     : 8.3.2.10      284584 Bytes  15.02.2016 11:54:47
AEHEUR.DLL     : 8.1.4.2192  10129472 Bytes  25.02.2016 12:17:09
AEMOBILE.DLL   : 8.1.8.10      301936 Bytes  26.11.2015 14:32:22
AEOFFICE.DLL   : 8.3.1.104     446528 Bytes  26.02.2016 10:03:33
AEPACK.DLL     : 8.4.2.8       804776 Bytes  23.02.2016 14:51:44
AERDL.DLL      : 8.2.1.38      813928 Bytes  06.11.2015 12:06:12
AESBX.DLL      : 8.2.21.2     1629032 Bytes  06.11.2015 12:06:12
AESCN.DLL      : 8.3.4.2       142184 Bytes  22.01.2016 13:07:22
AESCRIPT.DLL   : 8.3.0.42      571304 Bytes  26.02.2016 10:03:33
AEVDF.DLL      : 8.3.3.2       141216 Bytes  10.02.2016 08:29:11
AVWINLL.DLL    : 15.0.15.133    28632 Bytes  20.02.2016 18:32:39
AVPREF.DLL     : 15.0.15.133    55864 Bytes  20.02.2016 18:32:42
AVREP.DLL      : 15.0.15.133   224352 Bytes  20.02.2016 18:32:42
AVARKT.DLL     : 15.0.15.133   231032 Bytes  20.02.2016 18:32:41
AVEVTLOG.DLL   : 15.0.15.133   201600 Bytes  20.02.2016 18:32:41
SQLITE3.DLL    : 15.0.15.133   461672 Bytes  20.02.2016 18:32:47
AVSMTP.DLL     : 15.0.15.133    81152 Bytes  20.02.2016 18:32:43
NETNT.DLL      : 15.0.15.133    18792 Bytes  20.02.2016 18:32:46
CommonImageRc.dll: 15.0.15.133  4308784 Bytes  20.02.2016 18:32:39
CommonTextRc.dll: 15.0.15.133    69816 Bytes  20.02.2016 18:32:39

Konfiguration für den aktuellen Suchlauf:
Job Name..............................: AVGuardAsyncScan
Konfigurationsdatei...................: G:\Avira\Antivirus\TEMP\AVGUARD_56d54a24\guard_slideup.avp
Protokollierung.......................: standard
Primäre Aktion........................: Reparieren
Sekundäre Aktion......................: Quarantäne
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: aus
Durchsuche aktive Programme...........: ein
Durchsuche Registrierung..............: aus
Suche nach Rootkits...................: ein
Integritätsprüfung von Systemdateien..: aus
Prüfe alle Dateien....................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Abweichende Archivtypen...............: +, +, +, +, +, +, +, +, 
Makrovirenheuristik...................: ein
Dateiheuristik........................: Vollständig
Abweichende Gefahrenkategorien........: +APPL,+GAME,+JOKE,+SPR,

Beginn des Suchlaufs: Dienstag, 1. März 2016  09:01

Der Suchlauf nach versteckten Objekten wird begonnen.

Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'svchost.exe' - '68' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'dwm.exe' - '50' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '213' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '82' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvvsvc.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '87' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '53' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvSCPAPISvr.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'WUDFHost.exe' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '77' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvxdsync.exe' - '58' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvvsvc.exe' - '48' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '73' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '88' Modul(e) wurden durchsucht
Durchsuche Prozess 'vpnagent.exe' - '69' Modul(e) wurden durchsucht
Durchsuche Prozess 'spoolsv.exe' - '91' Modul(e) wurden durchsucht
Durchsuche Prozess 'dashost.exe' - '61' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '94' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '124' Modul(e) wurden durchsucht
Durchsuche Prozess 'armsvc.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'Avira.ServiceHost.exe' - '120' Modul(e) wurden durchsucht
Durchsuche Prozess 'AppleMobileDeviceService.exe' - '60' Modul(e) wurden durchsucht
Durchsuche Prozess 'mDNSResponder.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'cjpcsc.exe' - '48' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'SkypeC2CPNRSvc.exe' - '21' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '82' Modul(e) wurden durchsucht
Durchsuche Prozess 'SkypeC2CAutoUpdateSvc.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '46' Modul(e) wurden durchsucht
Durchsuche Prozess 'mqsvc.exe' - '68' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '62' Modul(e) wurden durchsucht
Durchsuche Prozess 'StarMoneyOnlineUpdate.exe' - '46' Modul(e) wurden durchsucht
Durchsuche Prozess 'WDDriveService.exe' - '53' Modul(e) wurden durchsucht
Durchsuche Prozess 'AdAwareService.exe' - '116' Modul(e) wurden durchsucht
Durchsuche Prozess 'OfficeClickToRun.exe' - '89' Modul(e) wurden durchsucht
Durchsuche Prozess 'mbamscheduler.exe' - '50' Modul(e) wurden durchsucht
Durchsuche Prozess 'StarMoneyOnlineUpdate.exe' - '46' Modul(e) wurden durchsucht
Durchsuche Prozess 'WDBackupEngine.exe' - '108' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'SMSvcHost.exe' - '41' Modul(e) wurden durchsucht
Durchsuche Prozess 'SMSvcHost.exe' - '39' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmiprvse.exe' - '41' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmiprvse.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'avshadow.exe' - '25' Modul(e) wurden durchsucht
Durchsuche Prozess 'avmailc7.exe' - '56' Modul(e) wurden durchsucht
Durchsuche Prozess 'avwebg7.exe' - '59' Modul(e) wurden durchsucht
Durchsuche Prozess 'sihost.exe' - '56' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskhostw.exe' - '51' Modul(e) wurden durchsucht
Durchsuche Prozess 'Explorer.EXE' - '252' Modul(e) wurden durchsucht
Durchsuche Prozess 'RemindersServer.exe' - '63' Modul(e) wurden durchsucht
Durchsuche Prozess 'SkypeHost.exe' - '51' Modul(e) wurden durchsucht
Durchsuche Prozess 'RuntimeBroker.exe' - '147' Modul(e) wurden durchsucht
Durchsuche Prozess 'ShellExperienceHost.exe' - '81' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchUI.exe' - '172' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchIndexer.exe' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '80' Modul(e) wurden durchsucht
Durchsuche Prozess 'GoogleCrashHandler.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'GoogleCrashHandler64.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvtray.exe' - '59' Modul(e) wurden durchsucht
Durchsuche Prozess 'RtkNGUI64.exe' - '58' Modul(e) wurden durchsucht
Durchsuche Prozess 'ProfilerU.exe' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'SaiMfd.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'iTunesHelper.exe' - '67' Modul(e) wurden durchsucht
Durchsuche Prozess 'AdAwareTray.exe' - '62' Modul(e) wurden durchsucht
Durchsuche Prozess 'iCloudServices.exe' - '107' Modul(e) wurden durchsucht
Durchsuche Prozess 'ApplePhotoStreams.exe' - '116' Modul(e) wurden durchsucht
Durchsuche Prozess 'APSDaemon.exe' - '80' Modul(e) wurden durchsucht
Durchsuche Prozess 'fontdrvhost.exe' - '8' Modul(e) wurden durchsucht
Durchsuche Prozess 'iPodService.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'iCloudDrive.exe' - '101' Modul(e) wurden durchsucht
Durchsuche Prozess 'AppleIEDAV.exe' - '68' Modul(e) wurden durchsucht
Durchsuche Prozess 'Skype.exe' - '150' Modul(e) wurden durchsucht
Durchsuche Prozess 'CCleaner64.exe' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'OneDrive.exe' - '109' Modul(e) wurden durchsucht
Durchsuche Prozess 'onenotem.exe' - '44' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '118' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dropbox.exe' - '209' Modul(e) wurden durchsucht
Durchsuche Prozess 'BrMfcWnd.exe' - '51' Modul(e) wurden durchsucht
Durchsuche Prozess 'BrMfimon.exe' - '49' Modul(e) wurden durchsucht
Durchsuche Prozess 'winampa.exe' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'acrotray.exe' - '49' Modul(e) wurden durchsucht
Durchsuche Prozess 'vpnui.exe' - '83' Modul(e) wurden durchsucht
Durchsuche Prozess 'Agile1pAgent.exe' - '62' Modul(e) wurden durchsucht
Durchsuche Prozess 'HORNETDRIVE.exe' - '92' Modul(e) wurden durchsucht
Durchsuche Prozess 'MsoSync.exe' - '74' Modul(e) wurden durchsucht
Durchsuche Prozess 'WDDMStatus.exe' - '92' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmiprvse.exe' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'Avira.Systray.exe' - '139' Modul(e) wurden durchsucht
Durchsuche Prozess 'CSISYNCCLIENT.EXE' - '66' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '105' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '39' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '69' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '54' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '54' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '54' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '54' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '54' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '61' Modul(e) wurden durchsucht
Durchsuche Prozess 'OUTLOOK.EXE' - '192' Modul(e) wurden durchsucht
Durchsuche Prozess 'NOTEPAD.EXE' - '41' Modul(e) wurden durchsucht
Durchsuche Prozess 'mbam.exe' - '115' Modul(e) wurden durchsucht
Durchsuche Prozess 'WINWORD.EXE' - '143' Modul(e) wurden durchsucht
Durchsuche Prozess 'vssvc.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '127' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskeng.exe' - '20' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '114' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '112' Modul(e) wurden durchsucht
Durchsuche Prozess 'update.exe' - '86' Modul(e) wurden durchsucht
Durchsuche Prozess 'updrgui.exe' - '48' Modul(e) wurden durchsucht
Durchsuche Prozess 'update.exe' - '59' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsass.exe' - '96' Modul(e) wurden durchsucht
Durchsuche Prozess 'winlogon.exe' - '35' Modul(e) wurden durchsucht

Der Suchlauf über die ausgewählten Dateien wird begonnen:

Beginne mit der Suche in 'C:\Windows\Temp\ed9c7e94-4347-4785-a1ab-3bc270a98753\tmp000001b3\tmp000019ff'
[INFO] RepairMalware: Disinfection of malware TR/Rogue.953320 needs a reboot to complete
[INFO] RepairMalware: Disinfection of malware TR/Rogue.953320 needs the rescue cd to complete
C:\Windows\Temp\ed9c7e94-4347-4785-a1ab-3bc270a98753\tmp000001b3\tmp000019ff
  [FUND]      Ist das Trojanische Pferd TR/Rogue.953320
  [HINWEIS]   Die Datei konnte nicht ins Quarantäneverzeichnis verschoben werden!
  [HINWEIS]   Die Datei existiert nicht!
Beginne mit der Suche in 'C:\Windows\Temp\ed9c7e94-4347-4785-a1ab-3bc270a98753\tmp000001b3\tmp00001a01'
Der zu durchsuchende Pfad C:\Windows\Temp\ed9c7e94-4347-4785-a1ab-3bc270a98753\tmp000001b3\tmp00001a01 konnte nicht geöffnet werden!
Systemfehler [2]: Das System kann die angegebene Datei nicht finden.
Beginne mit der Suche in 'C:\Windows\Temp\ed9c7e94-4347-4785-a1ab-3bc270a98753\tmp000001b3\tmp00001a03'
Der zu durchsuchende Pfad C:\Windows\Temp\ed9c7e94-4347-4785-a1ab-3bc270a98753\tmp000001b3\tmp00001a03 konnte nicht geöffnet werden!
Systemfehler [2]: Das System kann die angegebene Datei nicht finden.
Beginne mit der Suche in 'C:\Windows\Temp\ed9c7e94-4347-4785-a1ab-3bc270a98753\tmp000001b3\tmp00001a05'
Der zu durchsuchende Pfad C:\Windows\Temp\ed9c7e94-4347-4785-a1ab-3bc270a98753\tmp000001b3\tmp00001a05 konnte nicht geöffnet werden!
Systemfehler [2]: Das System kann die angegebene Datei nicht finden.
Beginne mit der Suche in 'C:\Windows\Temp\ed9c7e94-4347-4785-a1ab-3bc270a98753\tmp000001b3\tmp00001a07'
Der zu durchsuchende Pfad C:\Windows\Temp\ed9c7e94-4347-4785-a1ab-3bc270a98753\tmp000001b3\tmp00001a07 konnte nicht geöffnet werden!
Systemfehler [2]: Das System kann die angegebene Datei nicht finden.
Beginne mit der Suche in 'C:\Windows\Temp\ed9c7e94-4347-4785-a1ab-3bc270a98753\tmp000001b3\tmp00001a09'
Der zu durchsuchende Pfad C:\Windows\Temp\ed9c7e94-4347-4785-a1ab-3bc270a98753\tmp000001b3\tmp00001a09 konnte nicht geöffnet werden!
Systemfehler [2]: Das System kann die angegebene Datei nicht finden.
Beginne mit der Suche in 'C:\Windows\Temp\ed9c7e94-4347-4785-a1ab-3bc270a98753\tmp000001b3\tmp00001a0b'
Der zu durchsuchende Pfad C:\Windows\Temp\ed9c7e94-4347-4785-a1ab-3bc270a98753\tmp000001b3\tmp00001a0b konnte nicht geöffnet werden!
Systemfehler [2]: Das System kann die angegebene Datei nicht finden.
Beginne mit der Suche in 'C:\Windows\Temp\ed9c7e94-4347-4785-a1ab-3bc270a98753\tmp000001b3\tmp00001a0d'
Der zu durchsuchende Pfad C:\Windows\Temp\ed9c7e94-4347-4785-a1ab-3bc270a98753\tmp000001b3\tmp00001a0d konnte nicht geöffnet werden!
Systemfehler [2]: Das System kann die angegebene Datei nicht finden.
Beginne mit der Suche in 'C:\Windows\Temp\ed9c7e94-4347-4785-a1ab-3bc270a98753\tmp000001b3\tmp00001a0f'
Der zu durchsuchende Pfad C:\Windows\Temp\ed9c7e94-4347-4785-a1ab-3bc270a98753\tmp000001b3\tmp00001a0f konnte nicht geöffnet werden!
Systemfehler [2]: Das System kann die angegebene Datei nicht finden.
Beginne mit der Suche in 'C:\Windows\Temp\ed9c7e94-4347-4785-a1ab-3bc270a98753\tmp000001b3\tmp00001a11'
Der zu durchsuchende Pfad C:\Windows\Temp\ed9c7e94-4347-4785-a1ab-3bc270a98753\tmp000001b3\tmp00001a11 konnte nicht geöffnet werden!
Systemfehler [2]: Das System kann die angegebene Datei nicht finden.
Beginne mit der Suche in 'C:\Windows\Temp\ed9c7e94-4347-4785-a1ab-3bc270a98753\tmp000001b3\tmp00001a1b'
Der zu durchsuchende Pfad C:\Windows\Temp\ed9c7e94-4347-4785-a1ab-3bc270a98753\tmp000001b3\tmp00001a1b konnte nicht geöffnet werden!
Systemfehler [2]: Das System kann die angegebene Datei nicht finden.
Beginne mit der Suche in 'C:\Windows\Temp\ed9c7e94-4347-4785-a1ab-3bc270a98753\tmp000001b3\tmp00001a1d'
Der zu durchsuchende Pfad C:\Windows\Temp\ed9c7e94-4347-4785-a1ab-3bc270a98753\tmp000001b3\tmp00001a1d konnte nicht geöffnet werden!
Systemfehler [2]: Das System kann die angegebene Datei nicht finden.
Beginne mit der Suche in 'C:\Windows\Temp\ed9c7e94-4347-4785-a1ab-3bc270a98753\tmp000001b3\tmp00001a2e'
Der zu durchsuchende Pfad C:\Windows\Temp\ed9c7e94-4347-4785-a1ab-3bc270a98753\tmp000001b3\tmp00001a2e konnte nicht geöffnet werden!
Systemfehler [2]: Das System kann die angegebene Datei nicht finden.
Beginne mit der Suche in 'C:\Windows\Temp\ed9c7e94-4347-4785-a1ab-3bc270a98753\tmp000001b3\tmp00001a3f'
Der zu durchsuchende Pfad C:\Windows\Temp\ed9c7e94-4347-4785-a1ab-3bc270a98753\tmp000001b3\tmp00001a3f konnte nicht geöffnet werden!
Systemfehler [2]: Das System kann die angegebene Datei nicht finden.
Beginne mit der Suche in 'C:\Windows\Temp\ed9c7e94-4347-4785-a1ab-3bc270a98753\tmp000001b3\tmp00001a41'
Der zu durchsuchende Pfad C:\Windows\Temp\ed9c7e94-4347-4785-a1ab-3bc270a98753\tmp000001b3\tmp00001a41 konnte nicht geöffnet werden!
Systemfehler [2]: Das System kann die angegebene Datei nicht finden.
Beginne mit der Suche in 'C:\Windows\Temp\ed9c7e94-4347-4785-a1ab-3bc270a98753\tmp000001b3\tmp00001a43'
Der zu durchsuchende Pfad C:\Windows\Temp\ed9c7e94-4347-4785-a1ab-3bc270a98753\tmp000001b3\tmp00001a43 konnte nicht geöffnet werden!
Systemfehler [2]: Das System kann die angegebene Datei nicht finden.


Ende des Suchlaufs: Dienstag, 1. März 2016  09:04
Benötigte Zeit: 01:45 Minute(n)

Der Suchlauf wurde vollständig durchgeführt.

      0 Verzeichnisse wurden überprüft
   2350 Dateien wurden geprüft
      1 Viren bzw. unerwünschte Programme wurden gefunden
      0 Dateien wurden als verdächtig eingestuft
      0 Dateien wurden gelöscht
      0 Viren bzw. unerwünschte Programme wurden repariert
      0 Dateien wurden in die Quarantäne verschoben
      0 Dateien wurden umbenannt
      0 Dateien konnten nicht durchsucht werden
   2349 Dateien ohne Befall
    156 Archive wurden durchsucht
      0 Warnungen
      1 Hinweise
 223361 Objekte wurden beim Rootkitscan durchsucht
      0 Versteckte Objekte wurden gefunden
         
Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlaufdatum: 01.03.2016
Suchlaufzeit: 09:15
Protokolldatei: MBAM0103.txt
Administrator: Ja

Version: 2.2.0.1024
Malware-Datenbank: v2016.03.01.02
Rootkit-Datenbank: v2016.02.27.01
Lizenz: Kostenlose Version
Malware-Schutz: Deaktiviert
Schutz vor bösartigen Websites: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 10
CPU: x64
Dateisystem: NTFS
Benutzer: XXXXX

Suchlauftyp: Bedrohungssuchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 558066
Abgelaufene Zeit: 11 Min., 12 Sek.

Speicher: Aktiviert
Start: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(keine bösartigen Elemente erkannt)

Module: 0
(keine bösartigen Elemente erkannt)

Registrierungsschlüssel: 0
(keine bösartigen Elemente erkannt)

Registrierungswerte: 0
(keine bösartigen Elemente erkannt)

Registrierungsdaten: 0
(keine bösartigen Elemente erkannt)

Ordner: 0
(keine bösartigen Elemente erkannt)

Dateien: 0
(keine bösartigen Elemente erkannt)

Physische Sektoren: 0
(keine bösartigen Elemente erkannt)


(end)
         
Code:
ATTFilter
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:27-02-2016
durchgeführt von XXXXXX (Administrator) auf EARTH1 (01-03-2016 09:33:32)
Gestartet von I:\PinheiroLLB\Downloads
Geladene Profile: XXXXXX &  (Verfügbare Profile:XXXXXX & UpdatusUser & Annabelle)
Platform: Windows 10 Home Version 1511 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: Edge)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(REINER SCT) C:\Windows\SysWOW64\cjpcsc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Star Finanz-Software Entwicklung und Vertriebs GmbH) C:\Program Files (x86)\StarMoney 10\ouservice\StarMoneyOnlineUpdate.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Malwarebytes) G:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Star Finanz - Software Entwicklung und Vertriebs GmbH) G:\Program Files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Saitek) C:\Program Files\SmartTechnology\Software\ProfilerU.exe
(Saitek) C:\Program Files\SmartTechnology\Software\SaiMfd.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareTray.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Dropbox, Inc.) C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe
(Nullsoft, Inc.) G:\Program Files (x86)\Winamp\winampa.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(AgileBits) G:\Program Files (x86)\1Password 4\Agile1pAgent.exe
(antispameurope GmbH) C:\Program Files (x86)\HORNETDRIVE\HORNETDRIVE.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE
(Malwarebytes) G:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(AgileBits) G:\Program Files (x86)\1Password 4\1Password.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.201.11370.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Nicht auf der Ausnahmeliste) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7560296 2011-12-12] (Realtek Semiconductor)
HKLM\...\Run: [ProfilerU] => C:\Program Files\SmartTechnology\Software\ProfilerU.exe [454144 2012-09-04] (Saitek)
HKLM\...\Run: [SaiMfd] => C:\Program Files\SmartTechnology\Software\SaiMfd.exe [158208 2012-09-04] (Saitek)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-12-17] (Apple Inc.)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [AdAwareTray] => C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareTray.exe [9581280 2016-01-28] ()
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [804168 2016-02-20] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60688 2015-12-17] (Apple Inc.)
HKLM-x32\...\Run: [BrMfcWnd] => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [WinampAgent] => G:\Program Files (x86)\Winamp\winampa.exe [85600 2013-11-26] (Nullsoft, Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3498720 2015-12-17] (Adobe Systems Inc.)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [707984 2014-11-19] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [Agile1pAgent] => G:\Program Files (x86)\1Password 4\Agile1pAgent.exe [4882360 2016-02-23] (AgileBits)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [66328 2016-01-27] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5564784 2015-07-20] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1085656 2015-12-13] (Adobe Systems Incorporated)
HKU\S-1-5-21-942671010-3624539665-887436449-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [60688 2015-10-21] (Apple Inc.)
HKU\S-1-5-21-942671010-3624539665-887436449-1000\...\Run: [SanDiskSecureAccess_Manager.exe] => C:\Users\PinheiroLLB\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe [30705792 2012-02-14] (Gemalto N.V.)
HKU\S-1-5-21-942671010-3624539665-887436449-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [61200 2015-10-21] (Apple Inc.)
HKU\S-1-5-21-942671010-3624539665-887436449-1000\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\AdobeCollabSync.exe [761056 2015-12-17] (Adobe Systems Incorporated)
HKU\S-1-5-21-942671010-3624539665-887436449-1000\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [103696 2015-10-21] (Apple Inc.)
HKU\S-1-5-21-942671010-3624539665-887436449-1000\...\Run: [AppleIEDAV] => C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe [1079592 2015-06-26] (Apple Inc.)
HKU\S-1-5-21-942671010-3624539665-887436449-1000\...\Run: [SkyDrive] => C:\Users\PinheiroLLB\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [277672 2015-03-21] (Microsoft Corporation)
HKU\S-1-5-21-942671010-3624539665-887436449-1000\...\Run: [Dropbox Update] => C:\Users\PinheiroLLB\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-16] (Dropbox, Inc.)
HKU\S-1-5-21-942671010-3624539665-887436449-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50605696 2016-02-10] (Skype Technologies S.A.)
HKU\S-1-5-21-942671010-3624539665-887436449-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8591272 2015-11-16] (Piriform Ltd)
HKU\S-1-5-21-942671010-3624539665-887436449-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [60688 2015-10-21] (Apple Inc.)
HKU\S-1-5-21-942671010-3624539665-887436449-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [SanDiskSecureAccess_Manager.exe] => C:\Users\PinheiroLLB\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe [30705792 2012-02-14] (Gemalto N.V.)
HKU\S-1-5-21-942671010-3624539665-887436449-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [61200 2015-10-21] (Apple Inc.)
HKU\S-1-5-21-942671010-3624539665-887436449-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\AdobeCollabSync.exe [761056 2015-12-17] (Adobe Systems Incorporated)
HKU\S-1-5-21-942671010-3624539665-887436449-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [103696 2015-10-21] (Apple Inc.)
HKU\S-1-5-21-942671010-3624539665-887436449-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [AppleIEDAV] => C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe [1079592 2015-06-26] (Apple Inc.)
HKU\S-1-5-21-942671010-3624539665-887436449-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [SkyDrive] => C:\Users\PinheiroLLB\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [277672 2015-03-21] (Microsoft Corporation)
HKU\S-1-5-21-942671010-3624539665-887436449-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Dropbox Update] => C:\Users\PinheiroLLB\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-16] (Dropbox, Inc.)
HKU\S-1-5-21-942671010-3624539665-887436449-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50605696 2016-02-10] (Skype Technologies S.A.)
HKU\S-1-5-21-942671010-3624539665-887436449-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8591272 2015-11-16] (Piriform Ltd)
HKU\S-1-5-21-942671010-3624539665-887436449-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [60688 2015-10-21] (Apple Inc.)
HKU\S-1-5-21-942671010-3624539665-887436449-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [SanDiskSecureAccess_Manager.exe] => C:\Users\PinheiroLLB\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe [30705792 2012-02-14] (Gemalto N.V.)
HKU\S-1-5-21-942671010-3624539665-887436449-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [61200 2015-10-21] (Apple Inc.)
HKU\S-1-5-21-942671010-3624539665-887436449-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\AdobeCollabSync.exe [761056 2015-12-17] (Adobe Systems Incorporated)
HKU\S-1-5-21-942671010-3624539665-887436449-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [103696 2015-10-21] (Apple Inc.)
HKU\S-1-5-21-942671010-3624539665-887436449-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [AppleIEDAV] => C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe [1079592 2015-06-26] (Apple Inc.)
HKU\S-1-5-21-942671010-3624539665-887436449-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [SkyDrive] => C:\Users\PinheiroLLB\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [277672 2015-03-21] (Microsoft Corporation)
HKU\S-1-5-21-942671010-3624539665-887436449-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [Dropbox Update] => C:\Users\PinheiroLLB\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-16] (Dropbox, Inc.)
HKU\S-1-5-21-942671010-3624539665-887436449-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50605696 2016-02-10] (Skype Technologies S.A.)
HKU\S-1-5-21-942671010-3624539665-887436449-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8591272 2015-11-16] (Piriform Ltd)
HKU\S-1-5-21-942671010-3624539665-887436449-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [60688 2015-10-21] (Apple Inc.)
HKU\S-1-5-21-942671010-3624539665-887436449-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\Run: [SanDiskSecureAccess_Manager.exe] => C:\Users\PinheiroLLB\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe [30705792 2012-02-14] (Gemalto N.V.)
HKU\S-1-5-21-942671010-3624539665-887436449-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [61200 2015-10-21] (Apple Inc.)
HKU\S-1-5-21-942671010-3624539665-887436449-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\AdobeCollabSync.exe [761056 2015-12-17] (Adobe Systems Incorporated)
HKU\S-1-5-21-942671010-3624539665-887436449-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [103696 2015-10-21] (Apple Inc.)
HKU\S-1-5-21-942671010-3624539665-887436449-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\Run: [AppleIEDAV] => C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe [1079592 2015-06-26] (Apple Inc.)
HKU\S-1-5-21-942671010-3624539665-887436449-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\Run: [SkyDrive] => C:\Users\PinheiroLLB\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [277672 2015-03-21] (Microsoft Corporation)
HKU\S-1-5-21-942671010-3624539665-887436449-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\Run: [Dropbox Update] => C:\Users\PinheiroLLB\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-16] (Dropbox, Inc.)
HKU\S-1-5-21-942671010-3624539665-887436449-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50605696 2016-02-10] (Skype Technologies S.A.)
HKU\S-1-5-21-942671010-3624539665-887436449-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8591272 2015-11-16] (Piriform Ltd)
HKU\S-1-5-21-942671010-3624539665-887436449-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [517632 2015-10-30] (Microsoft Corporation)
HKU\S-1-5-21-942671010-3624539665-887436449-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [517632 2015-10-30] (Microsoft Corporation)
HKU\S-1-5-21-942671010-3624539665-887436449-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [517632 2015-10-30] (Microsoft Corporation)
HKU\S-1-5-21-942671010-3624539665-887436449-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [60688 2015-10-21] (Apple Inc.)
HKU\S-1-5-21-942671010-3624539665-887436449-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [61200 2015-10-21] (Apple Inc.)
HKU\S-1-5-21-942671010-3624539665-887436449-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [103696 2015-10-21] (Apple Inc.)
HKU\S-1-5-21-942671010-3624539665-887436449-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [60688 2015-10-21] (Apple Inc.)
HKU\S-1-5-21-942671010-3624539665-887436449-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [61200 2015-10-21] (Apple Inc.)
HKU\S-1-5-21-942671010-3624539665-887436449-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [103696 2015-10-21] (Apple Inc.)
HKU\S-1-5-21-942671010-3624539665-887436449-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [60688 2015-10-21] (Apple Inc.)
HKU\S-1-5-21-942671010-3624539665-887436449-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [61200 2015-10-21] (Apple Inc.)
HKU\S-1-5-21-942671010-3624539665-887436449-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [103696 2015-10-21] (Apple Inc.)
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\PinheiroLLB\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918_6\amd64\SkyDriveShell64.dll [2015-03-21] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\PinheiroLLB\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918_6\amd64\SkyDriveShell64.dll [2015-03-21] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\PinheiroLLB\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918_6\amd64\SkyDriveShell64.dll [2015-03-21] (Microsoft Corporation)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\PinheiroLLB\AppData\Local\Microsoft\OneDrive\17.3.6301.0127_10\FileSyncShell.dll [2016-02-25] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\PinheiroLLB\AppData\Local\Microsoft\OneDrive\17.3.6301.0127_10\FileSyncShell.dll [2016-02-25] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\PinheiroLLB\AppData\Local\Microsoft\OneDrive\17.3.6301.0127_10\FileSyncShell.dll [2016-02-25] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-02-23] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-02-23] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-02-23] (Microsoft Corporation)
Startup: C:\Users\PinheiroLLB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk [2016-02-27]
ShortcutTarget: An OneNote senden.lnk -> C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe (Microsoft Corporation)
Startup: C:\Users\PinheiroLLB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2016-02-22]
ShortcutTarget: Dropbox.lnk -> C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\PinheiroLLB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HORNETDRIVE starten.lnk [2015-03-27]
ShortcutTarget: HORNETDRIVE starten.lnk -> C:\Program Files (x86)\HORNETDRIVE\HORNETDRIVE.exe (antispameurope GmbH)

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{e3750fe7-67b0-4170-b8e0-591dd6c63e62}: [DhcpNameServer] 192.168.178.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung <======= ACHTUNG
HKU\S-1-5-21-942671010-3624539665-887436449-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung <======= ACHTUNG
HKU\S-1-5-21-942671010-3624539665-887436449-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung <======= ACHTUNG
HKU\S-1-5-21-942671010-3624539665-887436449-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung <======= ACHTUNG
HKU\S-1-5-21-942671010-3624539665-887436449-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung <======= ACHTUNG
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-942671010-3624539665-887436449-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-942671010-3624539665-887436449-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-942671010-3624539665-887436449-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-942671010-3624539665-887436449-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-942671010-3624539665-887436449-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-942671010-3624539665-887436449-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-942671010-3624539665-887436449-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-942671010-3624539665-887436449-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: 1Password -> {037C06D5-3893-49E8-9AC0-41F7524AFBF5} -> G:\Program Files (x86)\1Password 4\x64\Agile1pIE4.dll [2016-02-23] (AgileBits)
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2016-02-23] (Microsoft Corporation)
BHO: Kein Name -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> Keine Datei
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2015-12-17] (Adobe Systems Incorporated)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2016-02-23] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-02-23] (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2015-12-17] (Adobe Systems Incorporated)
BHO-x32: 1Password -> {037C06D5-3893-49E8-9AC0-41F7524AFBF5} -> G:\Program Files (x86)\1Password 4\x86\Agile1pIE4.dll [2016-02-23] (AgileBits)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2016-02-23] (Microsoft Corporation)
BHO-x32: Kein Name -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> Keine Datei
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-04-20] (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-12-03] (Adobe Systems Incorporated)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-02-23] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-20] (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-12-03] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2015-12-17] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-12-03] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-942671010-3624539665-887436449-1000 -> Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2015-12-17] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-942671010-3624539665-887436449-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2015-12-17] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-942671010-3624539665-887436449-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 -> Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2015-12-17] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-942671010-3624539665-887436449-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2 -> Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2015-12-17] (Adobe Systems Incorporated)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\PinheiroLLB\AppData\Roaming\Mozilla\Firefox\Profiles\5pzyhjcy.default
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_20_0_0_306.dll [2016-02-10] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-04-28] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_306.dll [2016-02-10] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll [2013-09-04] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-20] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-20] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-11-03] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2013-10-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2013-02-09] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2013-02-09] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> G:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2013-09-23] (VideoLAN)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2015-12-17] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-28] (Adobe Systems)
FF Extension: Avira Browser Safety - C:\Users\PinheiroLLB\AppData\Roaming\Mozilla\Firefox\Profiles\5pzyhjcy.default\Extensions\abs@avira.com.xpi [2016-02-26]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2016-01-15]
StartMenuInternet: FIREFOX.EXE - C:\Users\PinheiroLLB\Documents\Firefox Browser\App\Firefox\firefox.exe

Chrome: 
=======
CHR Profile: C:\Users\PinheiroLLB\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\PinheiroLLB\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-11-01]
CHR Extension: (Google Docs) - C:\Users\PinheiroLLB\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-11-01]
CHR Extension: (1Password: Password Manager and Secure Wallet) - C:\Users\PinheiroLLB\AppData\Local\Google\Chrome\User Data\Default\Extensions\aomjjhallfgjeglblehebfpbcfeobpgk [2016-01-22]
CHR Extension: (Google Drive) - C:\Users\PinheiroLLB\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-01]
CHR Extension: (YouTube) - C:\Users\PinheiroLLB\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-01]
CHR Extension: (Google Search) - C:\Users\PinheiroLLB\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-01]
CHR Extension: (Adobe Acrobat) - C:\Users\PinheiroLLB\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2015-11-10]
CHR Extension: (Google Sheets) - C:\Users\PinheiroLLB\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-11-01]
CHR Extension: (iCloud Bookmarks) - C:\Users\PinheiroLLB\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkepacicchenbjecpbpbclokcabebhah [2015-11-01]
CHR Extension: (Google Analytics Opt-out Add-on (by Google)) - C:\Users\PinheiroLLB\AppData\Local\Google\Chrome\User Data\Default\Extensions\fllaojicojecljbmefodhfapmkghcbnh [2015-11-01]
CHR Extension: (Avira Browser Safety) - C:\Users\PinheiroLLB\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2016-02-23]
CHR Extension: (Google Docs Offline) - C:\Users\PinheiroLLB\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-20]
CHR Extension: (Mailvelope) - C:\Users\PinheiroLLB\AppData\Local\Google\Chrome\User Data\Default\Extensions\kajibbejlbohfaggdiogboambcijhkke [2016-02-25]
CHR Extension: (Chrome Web Store Payments) - C:\Users\PinheiroLLB\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-11-01]
CHR Extension: (Gmail) - C:\Users\PinheiroLLB\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-11-01]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2015-12-17]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-01-08]
CHR HKLM-x32\...\Chrome\Extension: [ohgndokldibnndfnjnagojmheejlengn] - hxxps://clients2.google.com/service/update2/crx

==================== Dienste (Nicht auf der Ausnahmeliste) ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [948392 2016-02-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [466408 2016-02-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [466408 2016-02-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1417592 2016-02-20] (Avira Operations GmbH & Co. KG)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [260456 2016-01-27] (Avira Operations GmbH & Co. KG)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2016-01-08] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2016-01-08] (Microsoft Corporation)
R2 cjpcsc; C:\Windows\SysWOW64\cjpcsc.exe [514128 2012-03-19] (REINER SCT)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2809072 2016-01-20] (Microsoft Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [Datei ist nicht signiert]
R2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareService.exe [712432 2016-01-28] ()
R2 MBAMScheduler; G:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
S2 MBAMService; G:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 StarMoney 10 OnlineUpdate; C:\Program Files (x86)\StarMoney 10\ouservice\StarMoneyOnlineUpdate.exe [701760 2016-01-26] (Star Finanz-Software Entwicklung und Vertriebs GmbH)
R2 StarMoney 8.0 OnlineUpdate; G:\Program Files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe [699680 2012-12-21] (Star Finanz - Software Entwicklung und Vertriebs GmbH)
R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2015-10-28] (Western Digital Technologies, Inc.)
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [307576 2015-10-28] (Western Digital Technologies, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)

===================== Treiber (Nicht auf der Ausnahmeliste) ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [135880 2016-01-16] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [146704 2016-02-20] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [35488 2016-01-16] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [73032 2016-01-16] (Avira Operations GmbH & Co. KG)
S3 cjusb; C:\Windows\system32\DRIVERS\cjusb.sys [34672 2011-03-29] (REINER SCT)
R3 gzflt; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.99.0\gzflt.sys [155912 2015-12-09] (BitDefender LLC)
R0 hotcore3; C:\Windows\System32\DRIVERS\hotcore3.sys [37392 2009-08-31] (Paragon Software Group)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-03-01] (Malwarebytes)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [589824 2015-10-30] (Realtek                                            )
R3 SaiH0461; C:\Windows\system32\DRIVERS\SaiH0461.sys [171144 2007-05-01] (Saitek)
S3 SaiH0763; C:\Windows\system32\DRIVERS\SaiH0763.sys [176640 2007-07-18] (Saitek)
R3 SaiMini; C:\Windows\System32\drivers\SaiMini.sys [24680 2012-09-05] (Saitek)
R3 SaiNtBus; C:\Windows\system32\drivers\SaiBus.sys [52200 2012-09-05] (Saitek)
S3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [452040 2015-12-09] (BitDefender S.R.L.)
S3 vpnva; C:\Windows\System32\drivers\vpnva64-6.sys [52592 2014-11-19] (Cisco Systems, Inc.)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
U3 idsvc; kein ImagePath
U3 wpcsvc; kein ImagePath

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-03-01 09:31 - 2016-03-01 09:32 - 00000000 ____D C:\Users\PinheiroLLB\Desktop\Rouge Malware
2016-02-29 21:40 - 2016-02-29 21:40 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2016-02-29 21:39 - 2016-02-29 21:41 - 00198726 _____ C:\WINDOWS\ntbtlog.txt
2016-02-29 21:21 - 2016-02-29 21:21 - 00000000 ____D C:\Users\PinheiroLLB\AppData\Local\Avira-Scout
2016-02-29 21:20 - 2016-02-29 21:21 - 00002353 _____ C:\Users\PinheiroLLB\Desktop\Avira Scout.lnk
2016-02-29 21:20 - 2016-02-29 21:20 - 00000000 ____D C:\Users\PinheiroLLB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Avira
2016-02-29 21:20 - 2016-02-29 21:20 - 00000000 ____D C:\Users\PinheiroLLB\AppData\Local\Package Cache
2016-02-27 14:20 - 2016-02-27 14:20 - 00000000 ____D C:\Users\PinheiroLLB\SkyDrive
2016-02-27 12:01 - 2016-02-27 12:01 - 00000831 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2016-02-27 11:53 - 2016-02-27 11:56 - 00000000 ____D C:\AVZ
2016-02-27 10:46 - 2016-02-27 10:46 - 00000000 _____ C:\Users\PinheiroLLB\Desktop\Neues Textdokument (3).txt
2016-02-22 13:39 - 2016-02-22 18:27 - 00000000 ____D C:\Users\PinheiroLLB\Desktop\Dokumente
2016-02-22 11:48 - 2016-02-22 11:48 - 00000000 ____D C:\Users\PinheiroLLB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-02-13 16:52 - 2016-02-13 16:52 - 00000000 ____D C:\Users\PinheiroLLB\Desktop\Glasgow UB Box
2016-02-12 09:05 - 2016-02-12 09:05 - 00143554 _____ C:\Users\PinheiroLLB\Desktop\CCR12022016_00000.pdf
2016-02-12 08:46 - 2016-02-12 08:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2016-02-12 08:46 - 2016-02-12 08:46 - 00000000 ____D C:\Program Files\Common Files\Lavasoft
2016-02-11 12:34 - 2016-02-11 12:34 - 00000949 _____ C:\Users\Public\Desktop\King's Quest II.lnk
2016-02-11 12:34 - 2016-02-11 12:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AGD Interactive
2016-02-10 12:43 - 2016-01-29 07:57 - 04502352 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2016-02-10 12:43 - 2016-01-29 07:33 - 04064320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2016-02-10 12:43 - 2016-01-27 07:15 - 01557776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2016-02-10 12:43 - 2016-01-27 07:15 - 01542816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2016-02-10 12:43 - 2016-01-27 07:01 - 07476064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-02-10 12:43 - 2016-01-27 07:01 - 01997328 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2016-02-10 12:43 - 2016-01-27 07:01 - 01819720 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-02-10 12:43 - 2016-01-27 06:59 - 00304752 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemreset.exe
2016-02-10 12:43 - 2016-01-27 06:57 - 02919320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-02-10 12:43 - 2016-01-27 06:57 - 01824264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2016-02-10 12:43 - 2016-01-27 06:57 - 00820704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2016-02-10 12:43 - 2016-01-27 06:56 - 21124344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-02-10 12:43 - 2016-01-27 06:55 - 05242496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2016-02-10 12:43 - 2016-01-27 06:55 - 00081112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpenWith.exe
2016-02-10 12:43 - 2016-01-27 06:54 - 00295264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2016-02-10 12:43 - 2016-01-27 06:46 - 02606824 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2016-02-10 12:43 - 2016-01-27 06:46 - 01270072 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2016-02-10 12:43 - 2016-01-27 06:45 - 22564328 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-02-10 12:43 - 2016-01-27 06:45 - 06605544 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2016-02-10 12:43 - 2016-01-27 06:44 - 00604928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-02-10 12:43 - 2016-01-27 06:44 - 00085320 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpenWith.exe
2016-02-10 12:43 - 2016-01-27 06:43 - 00359776 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2016-02-10 12:43 - 2016-01-27 06:37 - 01998176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-02-10 12:43 - 2016-01-27 06:37 - 00576352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-02-10 12:43 - 2016-01-27 06:21 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msorcl32.dll
2016-02-10 12:43 - 2016-01-27 06:15 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ztrace_maps.dll
2016-02-10 12:43 - 2016-01-27 06:13 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininetlui.dll
2016-02-10 12:43 - 2016-01-27 06:12 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2016-02-10 12:43 - 2016-01-27 06:11 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mtxoci.dll
2016-02-10 12:43 - 2016-01-27 06:10 - 22394368 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-02-10 12:43 - 2016-01-27 06:10 - 00099840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hlink.dll
2016-02-10 12:43 - 2016-01-27 06:08 - 00299008 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll
2016-02-10 12:43 - 2016-01-27 06:08 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ztrace_maps.dll
2016-02-10 12:43 - 2016-01-27 06:07 - 00203264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iassam.dll
2016-02-10 12:43 - 2016-01-27 06:05 - 19339776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-02-10 12:43 - 2016-01-27 06:05 - 18678272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-02-10 12:43 - 2016-01-27 06:05 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininetlui.dll
2016-02-10 12:43 - 2016-01-27 06:05 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2016-02-10 12:43 - 2016-01-27 06:04 - 09918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-02-10 12:43 - 2016-01-27 06:04 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mtxoci.dll
2016-02-10 12:43 - 2016-01-27 06:03 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngckeyenum.dll
2016-02-10 12:43 - 2016-01-27 06:02 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\hlink.dll
2016-02-10 12:43 - 2016-01-27 06:01 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2016-02-10 12:43 - 2016-01-27 05:59 - 00258048 _____ (Microsoft Corporation) C:\WINDOWS\system32\iassam.dll
2016-02-10 12:43 - 2016-01-27 05:58 - 11545088 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-02-10 12:43 - 2016-01-27 05:57 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-02-10 12:43 - 2016-01-27 05:55 - 12125696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-02-10 12:43 - 2016-01-27 05:55 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-02-10 12:43 - 2016-01-27 05:54 - 24603136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-02-10 12:43 - 2016-01-27 05:52 - 00970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2016-02-10 12:43 - 2016-01-27 05:50 - 02230784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-02-10 12:43 - 2016-01-27 05:50 - 01504768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-02-10 12:43 - 2016-01-27 05:50 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2016-02-10 12:43 - 2016-01-27 05:49 - 05662208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-02-10 12:43 - 2016-01-27 05:48 - 13382656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-02-10 12:43 - 2016-01-27 05:44 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cfgbkend.dll
2016-02-10 12:43 - 2016-01-27 05:42 - 01387520 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-02-10 12:43 - 2016-01-27 05:41 - 03592704 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-02-10 12:43 - 2016-01-27 05:39 - 02275328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-02-10 12:43 - 2016-01-27 05:38 - 07835648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-02-10 12:43 - 2016-01-27 05:38 - 01734656 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-02-10 12:43 - 2016-01-27 05:37 - 04894720 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-02-10 12:43 - 2016-01-27 05:36 - 02757120 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-02-10 12:43 - 2016-01-27 05:32 - 01087488 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2016-02-10 12:43 - 2016-01-27 05:31 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\cfgbkend.dll
2016-02-10 10:29 - 2016-02-10 10:29 - 00002402 _____ C:\Users\Annabelle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-02-10 10:29 - 2016-02-10 10:29 - 00000000 ___RD C:\Users\Annabelle\OneDrive
2016-02-10 10:28 - 2016-02-10 10:29 - 00000000 ____D C:\Users\Annabelle\AppData\Local\Packages
2016-02-10 10:28 - 2016-02-10 10:28 - 00000020 ___SH C:\Users\Annabelle\ntuser.ini
2016-02-10 10:28 - 2016-02-10 10:28 - 00000000 ____D C:\Users\Annabelle\AppData\Local\TileDataLayer
2016-02-10 10:28 - 2016-02-10 10:28 - 00000000 ____D C:\Users\Annabelle\AppData\Local\Publishers
2016-02-01 09:39 - 2016-02-01 09:39 - 00000762 _____ C:\Users\PinheiroLLB\Desktop\SpeedFan.lnk
2016-02-01 09:03 - 2016-02-01 09:03 - 00000000 ____D C:\Program Files\Western Digital

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-03-01 09:33 - 2014-10-30 14:00 - 00000000 ____D C:\FRST
2016-03-01 09:24 - 2012-10-13 17:15 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-03-01 09:07 - 2012-10-03 14:32 - 00000000 ____D C:\Users\PinheiroLLB\AppData\Local\3687D008-A3F4-44C5-9AB9-7FFCC06ABFD1.aplzod
2016-03-01 09:01 - 2012-12-09 15:26 - 00001132 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-03-01 08:57 - 2014-11-05 15:12 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-03-01 08:56 - 2016-01-16 12:35 - 02113870 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-03-01 08:56 - 2015-10-30 19:35 - 00898280 _____ C:\WINDOWS\system32\perfh007.dat
2016-03-01 08:56 - 2015-10-30 19:35 - 00201766 _____ C:\WINDOWS\system32\perfc007.dat
2016-03-01 08:56 - 2015-10-30 08:21 - 00000000 ____D C:\WINDOWS\INF
2016-03-01 08:53 - 2015-03-27 15:43 - 00000000 ___RD C:\Users\PinheiroLLB\Documents\Drives
2016-03-01 08:53 - 2015-03-27 15:42 - 00000000 ____D C:\Users\PinheiroLLB\AppData\Roaming\HORNETDRIVE
2016-03-01 08:53 - 2014-11-05 15:21 - 00000000 ___RD C:\Users\PinheiroLLB\iCloudDrive
2016-03-01 08:53 - 2013-07-25 09:15 - 00000000 ____D C:\Users\PinheiroLLB\AppData\Roaming\Dropbox
2016-03-01 08:52 - 2012-12-09 15:26 - 00001128 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-03-01 08:51 - 2016-01-16 12:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-03-01 08:51 - 2016-01-16 12:35 - 00000000 ____D C:\ProgramData\NVIDIA
2016-03-01 08:51 - 2015-09-20 18:27 - 00008192 _____ C:\WINDOWS\SysWOW64\WDPABKP.dat
2016-02-29 22:09 - 2015-10-30 07:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2016-02-29 22:00 - 2014-06-03 17:32 - 00000000 ____D C:\Users\PinheiroLLB\AppData\Roaming\Skype
2016-02-29 21:20 - 2012-10-02 19:08 - 00000000 ____D C:\Users\PinheiroLLB\AppData\Roaming\Avira
2016-02-29 20:49 - 2015-06-16 08:53 - 00001248 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-942671010-3624539665-887436449-1000UA.job
2016-02-29 20:42 - 2015-06-17 13:57 - 00000000 ____D C:\Users\PinheiroLLB\AppData\Roaming\AgileBits
2016-02-29 11:40 - 2014-12-03 14:18 - 00004162 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{261599DF-B78D-4986-93D8-1E134244C5C4}
2016-02-27 14:20 - 2016-01-16 12:36 - 00000000 ____D C:\Users\PinheiroLLB
2016-02-27 13:49 - 2015-06-16 08:53 - 00001196 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-942671010-3624539665-887436449-1000Core.job
2016-02-27 12:31 - 2015-07-03 09:51 - 00000000 ____D C:\Users\PinheiroLLB\Desktop\Dirk Projekte
2016-02-27 12:11 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-02-27 12:01 - 2014-11-05 15:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2016-02-27 11:50 - 2016-01-16 12:47 - 00000000 ____D C:\Users\PinheiroLLB\AppData\Local\Packages
2016-02-27 10:38 - 2015-05-23 13:15 - 00000000 ____D C:\Program Files (x86)\StarMoney 10
2016-02-26 18:04 - 2015-03-05 15:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2016-02-26 17:54 - 2013-12-15 18:30 - 00000000 ____D C:\ProgramData\Package Cache
2016-02-26 13:54 - 2012-10-07 14:55 - 00000974 _____ C:\WINDOWS\Brpfx04a.ini
2016-02-26 12:08 - 2015-10-30 08:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-02-26 12:07 - 2015-03-21 20:46 - 00000000 ___RD C:\Users\PinheiroLLB\OneDrive
2016-02-26 11:15 - 2012-10-23 14:02 - 00000000 ____D C:\Users\PinheiroLLB\AppData\Roaming\PC-FAX TX
2016-02-25 22:48 - 2016-01-17 16:30 - 00002437 _____ C:\Users\PinheiroLLB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-02-24 09:20 - 2015-10-30 08:24 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-02-24 09:19 - 2013-10-09 12:24 - 00000000 ____D C:\Program Files\Microsoft Office 15
2016-02-22 12:03 - 2015-11-01 12:39 - 00002264 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-02-20 19:32 - 2013-03-31 20:19 - 00146704 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys
2016-02-17 13:58 - 2016-01-16 12:32 - 00000000 ____D C:\Windows.old
2016-02-16 10:27 - 2014-06-03 17:32 - 00000000 ____D C:\ProgramData\Skype
2016-02-13 12:07 - 2014-11-05 15:21 - 00000000 ____D C:\Users\PinheiroLLB\AppData\Local\Apple Inc
2016-02-12 09:29 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\rescache
2016-02-10 20:43 - 2016-01-16 12:47 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-02-10 17:12 - 2015-10-30 19:44 - 00000000 ____D C:\Program Files\Windows Journal
2016-02-10 12:47 - 2015-10-30 08:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-02-10 12:47 - 2014-08-23 13:21 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-02-10 12:43 - 2014-08-23 13:21 - 146614896 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-02-10 10:29 - 2016-01-16 12:36 - 00000000 ____D C:\Users\Annabelle
2016-02-10 10:29 - 2015-08-27 16:44 - 00000000 ___RD C:\Users\Annabelle\iCloudDrive
2016-02-10 10:28 - 2015-08-27 16:36 - 00002354 _____ C:\Users\Annabelle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-02-10 10:28 - 2015-08-27 16:36 - 00002324 _____ C:\Users\Annabelle\Desktop\Google Chrome.lnk
2016-02-05 16:35 - 2015-11-26 17:38 - 00000000 ____D C:\ProgramData\RavensburgerTipToi3
2016-02-05 16:35 - 2015-11-26 17:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\tiptoi® Manager
2016-02-05 16:34 - 2015-11-26 17:30 - 00000000 ____D C:\Users\PinheiroLLB\.oracle_jre_usage
2016-02-05 16:34 - 2014-10-09 15:32 - 00000000 ____D C:\ProgramData\RavensburgerTipToi
2016-02-03 20:01 - 2015-10-30 08:26 - 00828920 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-02-03 20:01 - 2015-10-30 08:26 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-02-03 17:41 - 2016-01-16 12:58 - 00000000 ____D C:\Users\PinheiroLLB\AppData\Local\MicrosoftEdge
2016-02-02 13:56 - 2012-12-09 15:26 - 00004190 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-02-02 13:56 - 2012-12-09 15:26 - 00003958 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2016-02-01 09:39 - 2015-04-30 09:34 - 00000045 _____ C:\WINDOWS\SysWOW64\initdebug.nfo
2016-02-01 09:03 - 2015-09-20 10:18 - 00000000 ____D C:\ProgramData\Western Digital
2016-02-01 09:03 - 2015-09-20 10:18 - 00000000 ____D C:\Program Files\Common Files\Western Digital
2016-02-01 09:03 - 2015-09-20 10:18 - 00000000 ____D C:\Program Files (x86)\Western Digital
2016-02-01 01:06 - 2015-10-30 08:24 - 00000000 ___SD C:\WINDOWS\system32\F12
2016-02-01 01:06 - 2015-10-30 08:24 - 00000000 ___RD C:\WINDOWS\PurchaseDialog
2016-02-01 01:06 - 2015-10-30 08:24 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-02-01 01:06 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2016-02-01 01:06 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-02-01 01:06 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-02-01 01:06 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\bcastdvr

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2014-06-12 14:45 - 2014-06-12 14:45 - 0038515 _____ () C:\Users\PinheiroLLB\AppData\Roaming\Durch Trennzeichen getrennte Werte.ADR
2015-02-03 09:30 - 2015-02-03 09:41 - 0000600 _____ () C:\Users\PinheiroLLB\AppData\Local\PUTTY.RND
2013-03-31 21:56 - 2015-04-19 15:52 - 0007636 _____ () C:\Users\PinheiroLLB\AppData\Local\resmon.resmoncfg
2012-12-12 15:36 - 2013-12-11 21:20 - 0000080 _____ () C:\Users\PinheiroLLB\AppData\Local\X-Plane Installer.prf
2012-12-12 10:59 - 2014-03-15 18:34 - 0000073 _____ () C:\Users\PinheiroLLB\AppData\Local\X-Plane_drm.prf
2012-12-12 11:03 - 2012-12-26 20:13 - 0000047 _____ () C:\Users\PinheiroLLB\AppData\Local\x-plane_install_10.txt

Dateien, die verschoben oder gelöscht werden sollten:
====================
C:\Users\PinheiroLLB\FSDreamTeam_GSX.reg
C:\Users\PinheiroLLB\FSDreamTeam_JFK V2.reg
C:\Users\PinheiroLLB\FSDreamTeam_JFK.reg
C:\Users\PinheiroLLB\FSDreamTeam_KLAS.reg
C:\Users\PinheiroLLB\FSDreamTeam_Los Angeles V2.reg
C:\Users\PinheiroLLB\QualityWings_Ultimate 757 Collection.reg


Einige Dateien in TEMP:
====================
C:\Users\Annabelle\AppData\Local\Temp\avgnt.exe
C:\Users\PinheiroLLB\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap =================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert


LastRegBack: 2016-02-29 15:31

==================== Ende von FRST.txt ============================
         

Alt 01.03.2016, 09:55   #2
pinokw
 
Win 10 Rogue.953320 Malware - Standard

Win 10 Rogue.953320 Malware



Code:
ATTFilter
Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:27-02-2016
durchgeführt von XXXXX (2016-03-01 09:33:52)
Gestartet von I:\PinheiroLLB\Downloads
Windows 10 Home Version 1511 (X64) (2016-01-16 11:47:43)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-942671010-3624539665-887436449-500 - Administrator - Disabled)
Annabelle (S-1-5-21-942671010-3624539665-887436449-1005 - Limited - Enabled) => C:\Users\Annabelle
DefaultAccount (S-1-5-21-942671010-3624539665-887436449-503 - Limited - Disabled)
Gast (S-1-5-21-942671010-3624539665-887436449-501 - Limited - Disabled)
PinheiroLLB (S-1-5-21-942671010-3624539665-887436449-1000 - Administrator - Enabled) => C:\Users\PinheiroLLB
UpdatusUser (S-1-5-21-942671010-3624539665-887436449-1002 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Ad-Aware Antivirus (Enabled - Up to date) {B0CC18C6-E527-6EE6-874C-9D19920E5619}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Ad-Aware Antivirus (Enabled - Up to date) {0BADF922-C31D-6168-BDFC-A66BE9891CA4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Ad-Aware Firewall (Disabled) {88F799E3-AF48-6FBE-AC13-342C6CDD1162}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

Active Sky Advanced (HKLM-x32\...\{9B091E1C-781A-4769-9A8D-9AFB6A39EBCC}) (Version: 1.00.0316 - HiFi Flightware)
Ad-Aware Antivirus (HKLM\...\{50E2E8FE-1F8B-4F21-BE9F-F9152D3EA5B1}_AdAwareUpdater) (Version: 11.10.767.8917 - Lavasoft)
AdAwareInstaller (Version: 11.10.767.8917 - Lavasoft) Hidden
AdAwareUpdater (Version: 11.10.767.8917 - Lavasoft) Hidden
Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.14 - Adobe Systems)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.306 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\{BCFB58FF-181E-472F-A9DB-827B75C1EDF7}) (Version: 12.0.4.144 - Adobe Systems, Inc)
Aerosoft's - Aerosoft Launcher (HKLM-x32\...\{EE11CFFC-898C-4875-8A63-8B732A9AD43B}) (Version: 1.2.0.3 - Aerosoft)
Aerosoft's - Airbus A318-A319 - PREPAR3D V2.x (HKLM-x32\...\Airbus A318-A319 - PREPAR3D V2.x) (Version: 1.00 - Aerosoft)
Aerosoft's - Airbus X Extended - FSX (HKLM-x32\...\Airbus X Extended - FSX) (Version: 1.16 - Aerosoft)
Aerosoft's - Airbus X Extended - PrePar3D (HKLM-x32\...\Airbus X Extended - PrePar3D) (Version: 1.16 - Aerosoft)
Aerosoft's - Anchorage X (HKLM-x32\...\{3D88DF20-8778-422F-933D-4C4D74210045}) (Version: 1.00 - Aerosoft)
aerosoft's - FlightSim Commander 9 (HKLM-x32\...\{F941AABE-E868-42D9-9F38-884250F7898A}) (Version: 9.2.2.0 - aerosoft)
Aerosoft's - Manhattan X (HKLM-x32\...\{6ED3756D-BA23-4938-94F9-7C2BFC9B86FC}) (Version: 1.20 - Aerosoft)
aerosoft's - Mega Airport Frankfurt X (HKLM-x32\...\{BAEE0C24-C8C2-4820-9DF4-887909F1A286}) (Version: 1.04 - aerosoft)
aerosoft's - Nice Cote dAzur X (HKLM-x32\...\{90447E05-DE8E-470D-8D3E-C871D2AE74AF}) (Version: 1.10 - aerosoft)
aerosoft's - USCitiesX - San Francisco (HKLM-x32\...\{DF91C497-0315-43F9-BB85-24D82FE5B11A}) (Version: 1.01 - aerosoft)
Airbus Series 2 - Evolution Upgrade (FSX) (HKLM-x32\...\Airbus Series 2 - Evolution Upgrade (FSX)) (Version:  - )
Airbus Series Vol.2 (FS X) (HKU\S-1-5-21-942671010-3624539665-887436449-1000\...\Airbus Series Vol.2 (FS X)) (Version:  - )
Airbus Series Vol.2 (FS X) (HKU\S-1-5-21-942671010-3624539665-887436449-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Airbus Series Vol.2 (FS X)) (Version:  - )
Airbus Series Vol.2 (FS X) (HKU\S-1-5-21-942671010-3624539665-887436449-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Airbus Series Vol.2 (FS X)) (Version:  - )
Airbus Series Vol.2 (FS X) (HKU\S-1-5-21-942671010-3624539665-887436449-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\Airbus Series Vol.2 (FS X)) (Version:  - )
Airport Amsterdam (HKLM-x32\...\Airport Amsterdam) (Version: 1.0.0.0 - Aerosoft GmbH)
Airport Zurich (HKLM-x32\...\Airport Zurich) (Version: 1.1.0.0 - Aerosoft GmbH)
AivlaSoft EFB (HKLM-x32\...\AivlaSoft EFB) (Version: 1.3.7 - AivlaSoft GmbH)
AlacrityPC (HKLM-x32\...\{B6D0F294-B844-4FAF-9993-FAC10E9E0F94}) (Version: 1.0.0 - Ken Salter)
Amazon Kindle (HKU\S-1-5-21-942671010-3624539665-887436449-1000\...\Amazon Kindle) (Version:  - Amazon)
Amazon Kindle (HKU\S-1-5-21-942671010-3624539665-887436449-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Amazon Kindle) (Version:  - Amazon)
Amazon Kindle (HKU\S-1-5-21-942671010-3624539665-887436449-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Amazon Kindle) (Version:  - Amazon)
Amazon Kindle (HKU\S-1-5-21-942671010-3624539665-887436449-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\Amazon Kindle) (Version:  - Amazon)
AntimalwareEngine (Version: 3.0.99.0 - Lavasoft) Hidden
Apple Application Support (32-Bit) (HKLM-x32\...\{7FA9ECCF-A2DE-4DA1-BFF3-81260DBDA68F}) (Version: 4.1.2 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{691F30EB-9009-475A-B8A9-E1BF39598FD5}) (Version: 4.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.15.141 - Avira Operations GmbH & Co. KG)
Avira Launcher (HKLM-x32\...\{3b87484e-d70b-4b4f-ad59-2ae89571e2cf}) (Version: 1.1.56.9119 - Avira Operations GmbH & Co. KG)
Avira Launcher (x32 Version: 1.1.56.9119 - Avira Operations GmbH & Co. KG) Hidden
Avira Scout (HKU\S-1-5-21-942671010-3624539665-887436449-1000\...\{3cc6cc67-d693-4af9-9320-241d34083394}) (Version: 16.2.15.170 - Avira Operations GmbH & Co. KG)
Avira Scout (HKU\S-1-5-21-942671010-3624539665-887436449-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\{3cc6cc67-d693-4af9-9320-241d34083394}) (Version: 16.2.15.170 - Avira Operations GmbH & Co. KG)
Avira Scout (HKU\S-1-5-21-942671010-3624539665-887436449-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\{3cc6cc67-d693-4af9-9320-241d34083394}) (Version: 16.2.15.170 - Avira Operations GmbH & Co. KG)
Avira Scout (HKU\S-1-5-21-942671010-3624539665-887436449-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\{3cc6cc67-d693-4af9-9320-241d34083394}) (Version: 16.2.15.170 - Avira Operations GmbH & Co. KG)
AviraScoutMsi (x32 Version: 16.02.15.00170 - Avira Operations GmbH & Co. KG) Hidden
BlackBox Simulation - Airbus Xtreme (Prologue) (HKLM-x32\...\BlackBox Simulation-Airbus Xtreme (Prologue)) (Version: 0.75.0 - BlackBox Simulation)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Brother MFL-Pro Suite MFC-7440N (HKLM-x32\...\{46E1B1F2-A279-4356-9B17-029F9CC72EAE}) (Version: 1.0.1.0 - Brother Industries, Ltd.)
calibre (HKLM-x32\...\{1752D07B-9BEB-414F-9B51-AA529101F0E5}) (Version: 0.9.12 - Kovid Goyal)
Canon SELPHY CP800 (HKLM\...\Canon SELPHY CP800) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 5.12 - Piriform)
Cisco AnyConnect Secure Mobility Client  (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.06073 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.06073 - Cisco Systems, Inc.) Hidden
Cisco Systems VPN Client 5.0.07.0440 (HKLM\...\{5FDC06BF-3D3D-4367-8FFB-4FAFCB61972D}) (Version: 5.0.7 - Cisco Systems, Inc.)
Citavi (HKLM-x32\...\{E12C6653-1FF0-4686-ADB8-589C13AE761F}) (Version: 3.4.0.2 - Swiss Academic Software)
Citavi 4 (HKLM-x32\...\{CC0A85B2-734A-45B3-B678-05F6A6499AC7}) (Version: 4.4.0.28 - Swiss Academic Software)
cyberJack Base Components (HKLM-x32\...\{FC338210-F594-11D3-BA24-00001C3AB4DF}) (Version: 6.10.0 - REINER SCT)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dropbox (HKU\S-1-5-21-942671010-3624539665-887436449-1000\...\Dropbox) (Version: 3.14.7 - Dropbox, Inc.)
Dropbox (HKU\S-1-5-21-942671010-3624539665-887436449-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Dropbox) (Version: 3.14.7 - Dropbox, Inc.)
Dropbox (HKU\S-1-5-21-942671010-3624539665-887436449-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Dropbox) (Version: 3.14.7 - Dropbox, Inc.)
Dropbox (HKU\S-1-5-21-942671010-3624539665-887436449-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\Dropbox) (Version: 3.14.7 - Dropbox, Inc.)
FileZilla Client 3.9.0.3 (HKLM-x32\...\FileZilla Client) (Version: 3.9.0.3 - Tim Kosse)
Firefox Browser (remove only) (HKLM-x32\...\Firefox Browser) (Version:  - )
FlightParis Bundle (HKU\S-1-5-21-942671010-3624539665-887436449-1000\...\FlightParis Bundle) (Version:  - )
FlightParis Bundle (HKU\S-1-5-21-942671010-3624539665-887436449-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\FlightParis Bundle) (Version:  - )
FlightParis Bundle (HKU\S-1-5-21-942671010-3624539665-887436449-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\FlightParis Bundle) (Version:  - )
FlightParis Bundle (HKU\S-1-5-21-942671010-3624539665-887436449-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\FlightParis Bundle) (Version:  - )
FormatFactory 3.3.5.0 (HKLM-x32\...\FormatFactory) (Version: 3.3.5.0 - Format Factory)
Fotogalerie (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
FS Global 2010 (HKLM-x32\...\FS Global 2010) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 48.0.2564.116 - Google Inc.)
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
HORNETDRIVE (HKLM-x32\...\HORNETDRIVE) (Version: 3.3.1.1086 - antispameurope GmbH)
iCloud (HKLM\...\{4B48E22A-2FB0-4EFA-B99E-954B1E50CD69}) (Version: 5.1.0.34 - Apple Inc.)
iFly Jets - The 747-400 V2 for FSX - Hotfix 1 (HKLM-x32\...\iFly Jets - The 747-400 V2 for FSX - Hotfix 1) (Version:  - )
iFly Jets - The 747-400 V2 for FSX (HKLM-x32\...\iFly Jets - The 747-400 V2 for FSX) (Version:  - )
iTunes (HKLM\...\{FBEB98F8-64E4-4FA3-A15E-4A9F42FF962E}) (Version: 12.3.2.35 - Apple Inc.)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
Junk Mail filter update (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
KeyTweak - Keyboard Remapper (remove only) (HKLM-x32\...\KeyTweak) (Version:  - )
LFPN - Toussus Le Noble FSX (HKU\S-1-5-21-942671010-3624539665-887436449-1000\...\LFPN - Toussus Le Noble FSX) (Version:  - )
LFPN - Toussus Le Noble FSX (HKU\S-1-5-21-942671010-3624539665-887436449-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\LFPN - Toussus Le Noble FSX) (Version:  - )
LFPN - Toussus Le Noble FSX (HKU\S-1-5-21-942671010-3624539665-887436449-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\LFPN - Toussus Le Noble FSX) (Version:  - )
LFPN - Toussus Le Noble FSX (HKU\S-1-5-21-942671010-3624539665-887436449-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\LFPN - Toussus Le Noble FSX) (Version:  - )
Microsoft .NET Framework 1.1 (HKLM-x32\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM-x32\...\M2698023) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM-x32\...\M2833941) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM-x32\...\M979906) (Version:  - )
Microsoft .NET Framework 1.1 SP1 (HKLM\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version:  - )
Microsoft .NET Framework 1.1 SP1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft ESP SimConnect Client v1.0.20.0 (HKLM-x32\...\{C0A9FCC1-9725-4679-8AC2-FE501B139B63}) (Version: 1.0.20.0 - Microsoft Corporation)
Microsoft Flight Simulator SimConnect Client v10.0.60905.0 (HKLM-x32\...\{D1AC9B0B-2727-4811-91DC-1FC3C4E47A9B}) (Version: 10.0.60905.0 - Microsoft Corporation)
Microsoft Flight Simulator SimConnect Client v10.0.61242.0 (HKLM-x32\...\{85DF6786-66AA-42EE-8616-AE456B07BD99}) (Version: 10.0.61242.0 - Microsoft Corporation)
Microsoft Flight Simulator SimConnect Client v10.0.61259.0 (HKLM-x32\...\{D61CA184-3F6D-4A50-B2CC-7A18447D6A8D}) (Version: 10.0.61259.0 - Microsoft Corporation)
Microsoft Flight Simulator X Service Pack 2 (HKLM-x32\...\{E7CC4B85-DC2F-463F-8FEB-E7398E25C19A}) (Version: 10.0.61472.0 - Microsoft Game Studios)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0407-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 - de-de (HKLM\...\ProPlusRetail - de-de) (Version: 15.0.4797.1003 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-942671010-3624539665-887436449-1000\...\OneDriveSetup.exe) (Version: 17.3.1229.0918 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-942671010-3624539665-887436449-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\OneDriveSetup.exe) (Version: 17.3.1229.0918 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-942671010-3624539665-887436449-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\OneDriveSetup.exe) (Version: 17.3.1229.0918 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-942671010-3624539665-887436449-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\OneDriveSetup.exe) (Version: 17.3.1229.0918 - Microsoft Corporation)
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit (HKLM-x32\...\{95140000-007D-0409-0000-0000000FF1CE}) (Version: 14.0.5120.5000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 - ENU (HKLM-x32\...\{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 Runtime (HKLM-x32\...\{299C0434-4F4E-341F-A916-4E07AEB35E79}) (Version: 9.0.30729 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser und SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
NavDataPro (HKLM-x32\...\NavDataPro) (Version: 1.0.1.6 - Aerosoft GmbH)
NVIDIA 3D Vision Controller-Treiber 314.07 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 314.07 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 314.07 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 314.07 - NVIDIA Corporation)
NVIDIA Grafiktreiber 314.07 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 314.07 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.23.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.23.1 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.12.1031 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA Update 1.12.12 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.12.12 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4797.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4797.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4797.1003 - Microsoft Corporation) Hidden
Paragon Festplatten Manager 10 - Drive Backup (HKLM-x32\...\{F8013DD1-574B-4921-A473-88A2F7A34D16}) (Version: 90.00.0003 - Paragon Software)
Paragon Festplatten Manager 10 - Partition Manager (HKLM\...\{986A654F-F1E4-11DD-9FCA-005056C00008}) (Version: 90.00.0003 - Paragon Software)
Parallels runtime modules (x32 Version: 1.00.0000 - Parallels) Hidden
Parallels USB Driver (x32 Version: 6.00.23046 - Parallels) Hidden
PMDG 737 6700 NGX RTM (HKLM-x32\...\{C7EE862A-D83D-4A9F-B746-CBDE39BD7001}) (Version: 1.00.3219 - PMDG Simulations, LLC.)
PMDG 737 8900 NGX (HKLM-x32\...\{20708FD5-E94D-4097-A21E-E28564CDBC06}) (Version: 1.00.3219 - PMDG Simulations, LLC.)
PMDG 777-200LR/F Base Package FSX (HKLM-x32\...\{0F16340B-5B5B-4531-8D87-4952E3BCA6E6}) (Version: 1.10.6061 - PMDG Simulations, LLC.)
PMDG MD-11 (FSX version of COMBO) (HKLM-x32\...\{CED6EAB9-9FFD-44B2-939A-D77905AD35F3}) (Version: 1.00.0003 - Precision Manuals Development Group)
PMDGMD11X_GE_AA (HKLM-x32\...\{ABB4DB59-0284-414D-9346-4992E1856E7F}) (Version: 1.00.0000 - Precision Manuals Development Group)
PMDGMD11X_GE_LH (HKLM-x32\...\{3DB1F8B4-96A5-45B8-9C50-CB5828A0B1C6}) (Version: 1.00.0000 - Precision Manuals Development Group)
PMDGMD11X_PW_SR1 (HKLM-x32\...\{E5F249B9-4A7F-482E-951D-005F47F06A43}) (Version: 1.00.0000 - Precision Manuals Development Group)
PMDGMD11XF_GE_LHF (HKLM-x32\...\{93ACD680-40F5-4D37-BC07-52FD96AFDDCD}) (Version: 1.00.0000 - Precision Manuals Development Group)
Prepar3D v2 Academic (HKLM-x32\...\{92B3FF8A-3C33-4EFC-850D-CF29E54292D9}) (Version: 2.4.11570.0 - Lockheed Martin)
Prepar3D v2 Academic (x32 Version: 2.0.9448.0 - Lockheed Martin) Hidden
Professional Flight Planner X (HKLM-x32\...\{1A5D2729-4A3B-4CD5-85C8-4896FD44B78D}) (Version: 1.19 - aerosoft)
RAAS Professional by FS2Crew (LOCKED) (HKLM-x32\...\RAAS Professional by FS2Crew (LOCKED)) (Version:  - )
Ravensburger tiptoi (HKLM-x32\...\Ravensburger tiptoi) (Version:  - )
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.49.927.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6526 - Realtek Semiconductor Corp.)
REX Essential Plus Overdrive (HKLM-x32\...\{9F30A684-44DC-4BDF-89ED-70F9021B851F}) (Version: 3.5.2012.1029 - REX Game Studios)
SanDiskSecureAccess_Manager.exe (HKU\S-1-5-21-942671010-3624539665-887436449-1000\...\@@__UNKNOWN__@@SanDiskSecureAccess_Manager.exe) (Version: 1.1.19755 - Gemalto N.V.)
SanDiskSecureAccess_Manager.exe (HKU\S-1-5-21-942671010-3624539665-887436449-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\@@__UNKNOWN__@@SanDiskSecureAccess_Manager.exe) (Version: 1.1.19755 - Gemalto N.V.)
SanDiskSecureAccess_Manager.exe (HKU\S-1-5-21-942671010-3624539665-887436449-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\@@__UNKNOWN__@@SanDiskSecureAccess_Manager.exe) (Version: 1.1.19755 - Gemalto N.V.)
SanDiskSecureAccess_Manager.exe (HKU\S-1-5-21-942671010-3624539665-887436449-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\@@__UNKNOWN__@@SanDiskSecureAccess_Manager.exe) (Version: 1.1.19755 - Gemalto N.V.)
Sigel Beschriftungs-Software für Überweisung und Lastschrift (HKLM-x32\...\Sigel Beschriftungs-Software für Überweisung und Lastschrift) (Version:  - )
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.0.0.9103 - Microsoft Corporation)
Skype™ 7.18 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.18.112 - Skype Technologies S.A.)
Smart Technology Programming Software 7.0.19.4 (HKLM\...\{1970C821-567B-415F-982C-134CB8FB8DAA}) (Version: 7.0.19.4 - Mad Catz)
SnapAPI (x32 Version: 4.2.709 - Acronis) Hidden
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
StarMoney (x32 Version: 3.0.5.8 - StarFinanz) Hidden
StarMoney (x32 Version: 5.0.0.226 - StarFinanz) Hidden
StarMoney 10  (HKLM-x32\...\{86B730BC-FFDF-4B50-9127-851A6F152A68}) (Version: 10 - Star Finanz GmbH)
StarMoney 8.0  (HKLM-x32\...\{EF2BE7ED-FE44-49B4-A6C3-919CE4790FDE}) (Version: 8.0 - Star Finanz GmbH)
Streamripper (Remove only) (HKLM-x32\...\Streamripper) (Version:  - )
Streamripper Plugin 1.61.27 (Remove only) (HKLM-x32\...\Streamripper.Plugin) (Version:  - )
sv.net (HKLM-x32\...\sv.net) (Version: 15.0 - ITSG GmbH)
syngo fastView (HKLM-x32\...\{4CF46E90-60EC-4177-9BE7-5F4BE89BC2E7}) (Version: VX57L38 - Siemens MedSW)
tiptoi® Manager 3.0.9 (HKLM-x32\...\9978-5763-2995-5228) (Version: 3.0.9 - Ravensburger AG)
TOPCAT 2.74 Beta 1 - Take-Off and Landing Performance Calculation Tool (HKLM-x32\...\TOPCAT) (Version: 2.74 Beta 1 - FSS GmbH)
UK2000 Heathrow Xtreme FSX  (HKLM-x32\...\UK2000 Heathrow Xtreme FSX) (Version: 3.0 - UK2000 Scenery)
Ultimate Terrain X - Europe (HKU\S-1-5-21-942671010-3624539665-887436449-1000\...\Ultimate Terrain X - Europe) (Version:  - )
Ultimate Terrain X - Europe (HKU\S-1-5-21-942671010-3624539665-887436449-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Ultimate Terrain X - Europe) (Version:  - )
Ultimate Terrain X - Europe (HKU\S-1-5-21-942671010-3624539665-887436449-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Ultimate Terrain X - Europe) (Version:  - )
Ultimate Terrain X - Europe (HKU\S-1-5-21-942671010-3624539665-887436449-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\Ultimate Terrain X - Europe) (Version:  - )
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 2.1.0 (HKLM-x32\...\VLC media player) (Version: 2.1.0 - VideoLAN)
vroute.info premium - 1  (HKU\S-1-5-21-942671010-3624539665-887436449-1000\...\b4d9024f4f0aca8c) (Version: 2.1.0.8 - vroute)
vroute.info premium - 1  (HKU\S-1-5-21-942671010-3624539665-887436449-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\b4d9024f4f0aca8c) (Version: 2.1.0.8 - vroute)
vroute.info premium - 1  (HKU\S-1-5-21-942671010-3624539665-887436449-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\b4d9024f4f0aca8c) (Version: 2.1.0.8 - vroute)
vroute.info premium - 1  (HKU\S-1-5-21-942671010-3624539665-887436449-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\b4d9024f4f0aca8c) (Version: 2.1.0.8 - vroute)
vroute.info premium (HKU\S-1-5-21-942671010-3624539665-887436449-1000\...\e16201be0cba039f) (Version: 2.0.7.6 - vroute)
vroute.info premium (HKU\S-1-5-21-942671010-3624539665-887436449-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\e16201be0cba039f) (Version: 2.0.7.6 - vroute)
vroute.info premium (HKU\S-1-5-21-942671010-3624539665-887436449-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\e16201be0cba039f) (Version: 2.0.7.6 - vroute)
vroute.info premium (HKU\S-1-5-21-942671010-3624539665-887436449-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\e16201be0cba039f) (Version: 2.0.7.6 - vroute)
WD Quick View (HKLM-x32\...\{4D0776BB-71B7-49A2-A439-24791A4620E1}) (Version: 2.4.14.13 - Western Digital Technologies, Inc.)
WD SmartWare (HKLM\...\{37BF2365-3EC7-45E4-9D88-61489F932A0B}) (Version: 2.4.14.13 - Western Digital Technologies, Inc.)
WD SmartWare Installer (HKLM-x32\...\{e72369b3-306a-4d10-a766-3433a65e8dc2}) (Version: 2.4.14.13 - Western Digital Technologies, Inc.)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
Winamp Erkennungs-Plug-in (HKU\S-1-5-21-942671010-3624539665-887436449-1000\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Winamp Erkennungs-Plug-in (HKU\S-1-5-21-942671010-3624539665-887436449-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Winamp Erkennungs-Plug-in (HKU\S-1-5-21-942671010-3624539665-887436449-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Winamp Erkennungs-Plug-in (HKU\S-1-5-21-942671010-3624539665-887436449-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
WinRAR (HKLM\...\WinRAR archiver) (Version:  - )
WISO Steuer-Sparbuch 2014 (HKLM-x32\...\{4C810612-124B-4610-93ED-EF7357EA3EDC}) (Version: 21.00.8480 - Buhl Data Service GmbH)
X-FMC (HKLM-x32\...\{D215611B-8A8A-4914-9C23-2EF36D8926CF}) (Version: 2.02 - X-FMC)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

CustomCLSID: HKU\S-1-5-21-942671010-3624539665-887436449-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-942671010-3624539665-887436449-1000_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\PinheiroLLB\AppData\Local\Microsoft\OneDrive\17.3.6301.0127_10\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-942671010-3624539665-887436449-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-942671010-3624539665-887436449-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-942671010-3624539665-887436449-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-942671010-3624539665-887436449-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-942671010-3624539665-887436449-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-942671010-3624539665-887436449-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-942671010-3624539665-887436449-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-942671010-3624539665-887436449-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-942671010-3624539665-887436449-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-942671010-3624539665-887436449-1000_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll (Dropbox, Inc.)

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {02D25461-8A94-4339-A4D5-72C73FD06B6C} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe
Task: {0F573DF1-69F4-4F53-BFBA-5FC40A9A94B5} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-11-16] (Piriform Ltd)
Task: {1532C4A2-9F69-4730-90F8-87E7A44A77EB} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> Keine Datei <==== ACHTUNG
Task: {1ED0FEE3-A4D0-4AF9-AAD3-505787FD7706} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe
Task: {24C3E746-6452-459A-9E93-1D4A301F67D8} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Keine Datei <==== ACHTUNG
Task: {24FE594B-CC16-4D77-9ED0-7C8E004CD7C2} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Keine Datei <==== ACHTUNG
Task: {25C56614-3CEB-425E-B763-7EC3A508A8AF} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
Task: {2890FDBB-5547-411D-B472-DDE879ADECF1} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe
Task: {33CC8B4F-0F03-4A72-9D9B-A4E7A5401D58} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Keine Datei <==== ACHTUNG
Task: {3C8E7229-112A-4E9D-95CD-B4653A68A123} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe
Task: {42DFD782-7241-449A-9C16-3000CE033C0A} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {450FDACD-9D90-47E7-BADD-C82B624584E3} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {4B09F0D2-A506-4779-9266-C98EA768DA2C} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe
Task: {4E59ED50-C5D8-4246-B1B7-C6ADB65E1BBB} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated)
Task: {4F953E1E-7E9C-4C24-AF6C-86D67D0CDE06} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {5749FA15-E717-4A30-B3C4-9BACA05290F3} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {594C849D-DC95-4323-8508-0708E7A37F53} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe
Task: {5BD7EE29-8843-48EB-A95A-6EA3038E324B} - System32\Tasks\{00710EDC-947D-4257-A20C-2F1780679420} => pcalua.exe -a C:\Users\PinheiroLLB\Downloads\HiJackThis204.exe -d C:\Users\PinheiroLLB\Downloads
Task: {5F1EEA42-3777-40A9-8848-E702D088879E} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Keine Datei <==== ACHTUNG
Task: {5F9C8D7F-FFD1-424B-9A3B-28358D50D00A} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Keine Datei <==== ACHTUNG
Task: {6022AE36-967A-4366-A241-0B17AECD3994} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe
Task: {63036FEE-3754-4790-89F4-1ED53D884167} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe
Task: {68EE2EE5-CEE9-4781-8896-8CCACB349052} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-942671010-3624539665-887436449-1000Core => C:\Users\PinheiroLLB\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-16] (Dropbox, Inc.)
Task: {6E49DF11-B1BF-4839-B13B-43D9265A4662} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-01-12] (Microsoft Corporation)
Task: {712C6861-2B14-4E72-92BA-22B6921FE2B7} - System32\Tasks\Microsoft\Windows\Wired\GatherWiredInfo => C:\Windows\system32\gatherWiredInfo.vbs
Task: {72F91625-792E-40F4-AFDE-2057734E5437} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {772513A8-461E-40B1-87E1-4D62F8FABC73} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-01] (Google Inc.)
Task: {7E0C0633-D75D-4E6A-AE88-7D42E6BB5D2C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-01] (Google Inc.)
Task: {8632EC4F-0DF6-4982-A891-19549646C625} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> Keine Datei <==== ACHTUNG
Task: {8C7F210B-7703-4060-A8DC-CBD99340D288} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-942671010-3624539665-887436449-1000UA => C:\Users\PinheiroLLB\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-16] (Dropbox, Inc.)
Task: {8CFC4F80-28AD-4DCB-9F59-BDB30B2DA204} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {93738455-319D-416A-B75D-67EA051F549C} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Keine Datei <==== ACHTUNG
Task: {99D23324-7E7F-440F-84AE-619A09734666} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Keine Datei <==== ACHTUNG
Task: {9B3BF89F-8FEB-485D-9B24-A0A9B726B7AA} - System32\Tasks\{F52C3292-A378-48F7-A667-A31DC6B87BB1} => pcalua.exe -a C:\Users\PinheiroLLB\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe -c --uninstall
Task: {A798075D-9298-4A5C-8106-5A9354F2C71D} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe
Task: {B1F34822-C928-4172-BEC2-E216460AD834} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-10-27] (Microsoft Corporation)
Task: {B49948F7-0663-4509-8CA6-74FD32D92D78} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe
Task: {B57A3EAC-F055-412B-BC48-A3BCFD9A5CB1} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Keine Datei <==== ACHTUNG
Task: {B6493125-CB5A-44E4-8066-2A83AEA5FC4B} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-26] (Apple Inc.)
Task: {B9659609-4FBC-4382-83CF-A12B9611AA77} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Keine Datei <==== ACHTUNG
Task: {C1D527F1-8D21-4B03-96A2-9933D46769E2} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {CB89D200-0D95-4C40-A985-BB43DDC565C3} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe
Task: {CBCB9AF3-FFCB-4AA5-9056-60961A31B62A} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {CE93E2C0-739D-4B04-B488-81855FD931D2} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-01-12] (Microsoft Corporation)
Task: {D2CCA1E3-A332-44F1-9A9A-4A1504CAA72E} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe
Task: {D7E167E5-6342-4269-86B4-3A08BD29135A} - System32\Tasks\{955920E4-E7F9-47CF-94C4-F8E6A61CB687} => pcalua.exe -a E:\.\windows\setup.exe -d E:\ -c .\windows
Task: {DC69A008-8069-4715-B7E8-FB5259456527} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Keine Datei <==== ACHTUNG
Task: {DDCC7B16-F1DF-42C3-A419-6F0CE2D85D11} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-10-27] (Microsoft Corporation)
Task: {E841B6A3-96C0-4E06-8611-A489C577F14A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-02-10] (Adobe Systems Incorporated)
Task: {E91D6474-70CC-42BE-80FF-8BED8AF557ED} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs
Task: {EAE387B3-2F6F-42BD-8A03-CF8A8B0EA352} - System32\Tasks\Western Digital\SmartWare\____Volume_cdbdcca7_0ca1_11e2_be20_806e6f6e6963__uuid_73656761_7465_7375_636b_0090a93953b9_SmartWare_ => C:\Program Files (x86)\Western Digital\WD SmartWare\BackupTask.exe [2015-10-28] (Western Digital Technologies, Inc.)
Task: {F544E0DA-E797-45D4-A13A-609AFD9B3E99} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe
Task: {FE2F7AF1-CDDD-4CB5-ACBF-B8D6C2318E16} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-942671010-3624539665-887436449-1000Core.job => C:\Users\PinheiroLLB\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-942671010-3624539665-887436449-1000UA.job => C:\Users\PinheiroLLB\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Verknüpfungen =============================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2015-10-30 08:17 - 2015-10-30 08:17 - 00028672 _____ () C:\WINDOWS\SYSTEM32\efsext.dll
2015-10-30 08:18 - 2015-10-30 08:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-01-16 12:35 - 2015-08-07 01:24 - 00116344 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-02-13 04:20 - 2015-02-13 04:20 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-10-13 05:45 - 2015-10-13 05:45 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2012-10-07 14:55 - 2005-04-22 12:36 - 00143360 _____ () C:\WINDOWS\system32\BrSNMP64.dll
2016-01-28 16:44 - 2016-01-28 16:44 - 00712432 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareService.exe
2016-01-28 16:48 - 2016-01-28 16:48 - 00025856 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\boost_system-vc120-mt-1_57.dll
2016-01-28 16:48 - 2016-01-28 16:48 - 00057096 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\boost_date_time-vc120-mt-1_57.dll
2016-01-28 16:48 - 2016-01-28 16:48 - 00123656 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\boost_filesystem-vc120-mt-1_57.dll
2016-01-28 16:48 - 2016-01-28 16:48 - 11674360 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareServiceKernel.dll
2016-01-28 16:48 - 2016-01-28 16:48 - 03549904 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\RCF.dll
2016-01-28 16:48 - 2016-01-28 16:48 - 00911616 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\boost_regex-vc120-mt-1_57.dll
2016-01-28 16:48 - 2016-01-28 16:48 - 00107776 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\boost_thread-vc120-mt-1_57.dll
2016-01-28 16:48 - 2016-01-28 16:48 - 00035072 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\boost_chrono-vc120-mt-1_57.dll
2016-01-28 16:47 - 2016-01-28 16:47 - 00973040 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareActivation.dll
2016-01-28 16:48 - 2016-01-28 16:48 - 00561920 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareApplicationUpdater.dll
2016-01-28 16:48 - 2016-01-28 16:48 - 00847600 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareGamingMode.dll
2016-01-28 16:48 - 2016-01-28 16:48 - 00101096 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareReset.dll
2016-01-28 16:48 - 2016-01-28 16:48 - 00123104 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareTime.dll
2016-01-28 16:48 - 2016-01-28 16:48 - 01030912 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareDefinitionsUpdater.dll
2016-01-28 16:48 - 2016-01-28 16:48 - 00905488 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareDefinitionsUpdaterScheduler.dll
2016-01-28 16:48 - 2016-01-28 16:48 - 01146608 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareIgnoreList.dll
2016-01-28 16:48 - 2016-01-28 16:48 - 00243440 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareQuarantine.dll
2016-01-28 16:47 - 2016-01-28 16:47 - 01594624 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareAntiMalwareEngine.dll
2016-01-28 16:48 - 2016-01-28 16:48 - 00206080 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareAntiRootkitEngine.dll
2016-01-28 16:48 - 2016-01-28 16:48 - 01210616 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareScannerHistory.dll
2016-01-28 16:48 - 2016-01-28 16:48 - 01373928 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareScanner.dll
2016-01-28 16:48 - 2016-01-28 16:48 - 00036096 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\boost_timer-vc120-mt-1_57.dll
2016-01-28 16:48 - 2016-01-28 16:48 - 01019640 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareScannerScheduler.dll
2016-01-28 16:48 - 2016-01-28 16:48 - 01190656 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareRealTimeProtection.dll
2016-01-28 16:48 - 2016-01-28 16:48 - 02547448 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareIncompatibles.dll
2016-01-28 16:48 - 2016-01-28 16:48 - 01489640 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareAntiSpam.dll
2016-01-28 16:48 - 2016-01-28 16:48 - 01437424 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareAntiPhishing.dll
2016-01-28 16:48 - 2016-01-28 16:48 - 03263736 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareParentalControl.dll
2016-01-28 16:48 - 2016-01-28 16:48 - 03107576 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareWebProtection.dll
2016-01-28 16:48 - 2016-01-28 16:48 - 01325816 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareEmailProtection.dll
2016-01-28 16:48 - 2016-01-28 16:48 - 00059656 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\boost_iostreams-vc120-mt-1_57.dll
2016-01-28 16:48 - 2016-01-28 16:48 - 01878784 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareNetworkProtection.dll
2016-01-28 16:48 - 2016-01-28 16:48 - 01024744 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwarePromo.dll
2016-01-28 16:48 - 2016-01-28 16:48 - 00457448 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareFeedback.dll
2016-01-28 16:48 - 2016-01-28 16:48 - 02958592 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareThreatWorkAlliance.dll
2016-01-28 16:48 - 2016-01-28 16:48 - 01310952 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwarePinCode.dll
2016-01-28 16:48 - 2016-01-28 16:48 - 01027304 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareNotice.dll
2016-01-28 16:48 - 2016-01-28 16:48 - 01563888 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareAvcEngine.dll
2016-01-28 16:48 - 2016-01-28 16:48 - 01222416 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareRealTimeProtectionHistory.dll
2016-01-28 16:48 - 2016-01-28 16:48 - 00519920 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareStatistics.dll
2014-08-12 09:11 - 2015-10-13 04:34 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2016-01-16 12:32 - 2016-01-16 12:32 - 02653816 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-01-16 12:32 - 2016-01-16 12:32 - 02653816 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2014-05-01 20:29 - 2014-05-01 20:29 - 00098304 _____ () G:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2016-01-16 12:32 - 2016-01-16 12:32 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-01-22 09:43 - 2016-01-22 09:43 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2016-01-16 12:32 - 2016-01-16 12:32 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-01-16 12:32 - 2016-01-16 12:32 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-01-28 16:48 - 2016-01-28 16:48 - 09581280 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareTray.exe
2016-01-28 16:48 - 2016-01-28 16:48 - 00492288 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\boost_locale-vc120-mt-1_57.dll
2016-01-28 16:48 - 2016-01-28 16:48 - 02266344 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\HtmlFramework.dll
2016-01-28 16:48 - 2016-01-28 16:48 - 00868600 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareTrayDefaultSkin.dll
2016-01-16 12:32 - 2016-01-16 12:32 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-01-16 12:32 - 2016-01-16 12:32 - 00936960 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2016-01-29 17:25 - 2016-01-16 06:10 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-01-29 17:25 - 2016-01-16 06:13 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-01-16 12:32 - 2016-01-16 12:32 - 00529408 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.NodeWinrtWrap.dll
2015-10-30 08:18 - 2015-10-30 19:44 - 00037888 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\winrt-projections\bin\Winrt_Projections.node
2015-10-30 08:18 - 2015-10-30 19:44 - 00796160 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.web.http\bin\NodeRT_Windows_Web_Http.node
2015-10-30 08:18 - 2015-10-30 19:44 - 00961024 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.web.http.headers\bin\NodeRT_Windows_Web_Http_Headers.node
2015-10-30 08:18 - 2015-10-30 19:44 - 00206336 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.web.http.filters\bin\NodeRT_Windows_Web_Http_Filters.node
2015-10-30 08:18 - 2015-10-30 19:44 - 00558592 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.storage.streams\bin\NodeRT_Windows_Storage_Streams.node
2015-10-30 08:18 - 2015-10-30 19:44 - 00397824 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.foundation\bin\NodeRT_Windows_Foundation.node
2015-10-30 08:18 - 2015-10-30 19:44 - 00181248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\nodert-buffer-utils\bin\NodeRT_Buffer_Utils.node
2015-10-30 08:18 - 2015-10-30 19:44 - 00093696 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.security.cryptography\bin\NodeRT_Windows_Security_Cryptography.node
2015-10-30 08:18 - 2015-10-30 19:43 - 00200192 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.cortana.pal\bin\NodeRT_Windows_Cortana_PAL.node
2016-02-09 10:47 - 2016-02-09 10:47 - 00015872 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.201.11370.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2016-02-09 10:47 - 2016-02-09 10:47 - 14869504 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.201.11370.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2016-01-16 13:26 - 2016-01-16 13:27 - 00258560 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.201.11370.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll
2014-11-19 16:36 - 2014-11-19 16:36 - 00063376 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
2016-02-25 09:04 - 2011-01-13 10:44 - 00232800 _____ () C:\Program Files (x86)\StarMoney 10\ouservice\PATCHW32.dll
2013-02-13 13:23 - 2011-01-13 10:44 - 00232800 _____ () G:\Program Files (x86)\StarMoney 8.0\ouservice\PATCHW32.dll
2016-01-22 09:43 - 2016-01-22 09:43 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-01-22 09:43 - 2016-01-22 09:43 - 22330368 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2015-10-13 05:45 - 2015-10-13 05:45 - 00237328 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll
2015-10-13 05:46 - 2015-10-13 05:46 - 01040144 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-04-13 13:16 - 2016-02-23 09:48 - 00325824 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll
2015-12-13 10:50 - 2016-01-12 19:44 - 00034768 _____ () C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\_multiprocessing.pyd
2016-02-22 11:48 - 2016-01-12 19:45 - 00019408 _____ () C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\faulthandler.pyd
2015-12-13 10:50 - 2016-01-12 19:44 - 00116688 _____ () C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\pywintypes27.dll
2015-12-13 10:50 - 2016-01-12 19:44 - 00093640 _____ () C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\_ctypes.pyd
2015-12-13 10:50 - 2016-01-12 19:44 - 00018376 _____ () C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\select.pyd
2015-12-13 10:50 - 2016-02-16 19:39 - 00019760 _____ () C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\tornado.speedups.pyd
2015-12-13 10:50 - 2016-01-12 19:46 - 00105928 _____ () C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\win32api.pyd
2015-12-13 10:50 - 2016-01-12 19:44 - 00392144 _____ () C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\pythoncom27.dll
2015-12-13 10:50 - 2016-02-16 19:39 - 00381752 _____ () C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\win32com.shell.shell.pyd
2015-12-13 10:50 - 2016-01-12 19:44 - 00692688 _____ () C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\unicodedata.pyd
2016-02-22 11:48 - 2016-02-16 19:38 - 00020816 _____ () C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._constant_time.pyd
2015-12-13 10:50 - 2016-01-12 19:45 - 00112592 _____ () C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\_cffi_backend.pyd
2016-02-22 11:48 - 2016-02-16 19:38 - 01682760 _____ () C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._openssl.pyd
2016-02-22 11:48 - 2016-02-16 19:38 - 00020808 _____ () C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._padding.pyd
2015-12-13 10:50 - 2016-02-16 19:39 - 00020800 _____ () C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\_cffi_python_x66cf7a7cx17a72769.pyd
2015-12-13 10:50 - 2016-02-16 19:39 - 00021840 _____ () C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\_cffi_unicode_environ_win32_x8bf8e68bx9968e850.pyd
2016-02-22 11:48 - 2016-02-16 19:39 - 00038696 _____ () C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\fastpath.pyd
2016-02-22 11:48 - 2016-01-12 19:46 - 00020936 _____ () C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\mmapfile.pyd
2015-12-13 10:50 - 2016-01-12 19:46 - 00024528 _____ () C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\win32event.pyd
2015-12-13 10:50 - 2016-01-12 19:47 - 00114640 _____ () C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\win32security.pyd
2015-12-13 10:50 - 2016-01-12 19:46 - 00124880 _____ () C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\win32file.pyd
2016-02-22 11:48 - 2016-02-16 19:39 - 00021832 _____ () C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\_cffi_pywin_kernel32_x64d8f881xc8c369be.pyd
2015-12-13 10:50 - 2016-01-12 19:46 - 00024016 _____ () C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\win32clipboard.pyd
2015-12-13 10:50 - 2016-01-12 19:46 - 00175560 _____ () C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\win32gui.pyd
2015-12-13 10:50 - 2016-01-12 19:47 - 00030160 _____ () C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\win32pipe.pyd
2015-12-13 10:50 - 2016-01-12 19:47 - 00043472 _____ () C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\win32process.pyd
2015-12-13 10:50 - 2016-01-12 19:47 - 00028616 _____ () C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\win32ts.pyd
2015-12-13 10:50 - 2016-01-12 19:47 - 00048592 _____ () C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\win32service.pyd
2016-02-22 11:48 - 2016-02-16 19:39 - 00026456 _____ () C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\dropbox.infinite.win.compiled._driverinstallation.pyd
2015-12-13 10:50 - 2016-01-12 19:46 - 00057808 _____ () C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\win32evtlog.pyd
2015-12-13 10:50 - 2016-01-12 19:47 - 00024016 _____ () C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\win32profile.pyd
2016-02-22 11:48 - 2016-02-16 19:38 - 00117056 _____ () C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\breakpad.client.windows.handler.pyd
2016-02-22 11:48 - 2016-02-16 19:39 - 00024392 _____ () C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\librsyncffi.compiled._librsyncffi.pyd
2016-02-22 11:48 - 2016-01-12 19:47 - 00036296 _____ () C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\librsync.dll
2016-02-22 11:48 - 2016-02-16 19:39 - 00031568 _____ () C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\enterprise_data.compiled._enterprise_data.pyd
2016-02-22 11:48 - 2015-11-05 01:04 - 00293392 _____ () C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\EnterpriseDataAdapter.dll
2015-12-13 10:50 - 2016-02-16 19:39 - 00023376 _____ () C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\winscreenshot.compiled._CaptureScreenshot.pyd
2015-12-13 10:50 - 2016-01-12 19:44 - 00134608 _____ () C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\_elementtree.pyd
2015-12-13 10:50 - 2016-01-12 19:44 - 00134088 _____ () C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\pyexpat.pyd
2016-02-22 11:48 - 2016-01-12 19:45 - 00240584 _____ () C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\jpegtran.pyd
2015-12-13 10:50 - 2016-02-16 19:39 - 00052024 _____ () C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\psutil._psutil_windows.pyd
2016-02-22 11:48 - 2016-02-16 19:39 - 00020800 _____ () C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\winffi.iphlpapi._winffi_iphlpapi.pyd
2016-02-22 11:48 - 2016-02-16 19:39 - 00021824 _____ () C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\winffi.kernel32._winffi_kernel32.pyd
2016-02-22 11:48 - 2016-02-16 19:39 - 00019776 _____ () C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\winffi.winerror._winffi_winerror.pyd
2016-02-22 11:48 - 2016-02-16 19:39 - 00020800 _____ () C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\winffi.wininet._winffi_wininet.pyd
2016-02-22 11:48 - 2016-02-16 19:38 - 00020280 _____ () C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\cpuid.compiled._cpuid.pyd
2015-12-13 10:50 - 2016-01-12 19:47 - 00350152 _____ () C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\winxpgui.pyd
2016-02-22 11:48 - 2016-02-16 19:39 - 00022352 _____ () C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\winverifysignature.compiled._VerifySignature.pyd
2016-02-22 11:48 - 2016-02-16 19:39 - 00084792 _____ () C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\dropbox_sqlite_ext.DLL
2015-12-13 10:50 - 2016-02-16 19:39 - 01826096 _____ () C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\PyQt5.QtCore.pyd
2015-12-13 10:50 - 2016-01-12 19:45 - 00083912 _____ () C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\sip.pyd
2015-12-13 10:50 - 2016-02-16 19:39 - 03928880 _____ () C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\PyQt5.QtWidgets.pyd
2015-12-13 10:50 - 2016-02-16 19:39 - 01971504 _____ () C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\PyQt5.QtGui.pyd
2015-12-13 10:50 - 2016-02-16 19:39 - 00531248 _____ () C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\PyQt5.QtNetwork.pyd
2015-12-13 10:50 - 2016-02-16 19:39 - 00132912 _____ () C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKit.pyd
2015-12-13 10:50 - 2016-02-16 19:39 - 00223544 _____ () C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKitWidgets.pyd
2015-12-13 10:50 - 2016-02-16 19:39 - 00207672 _____ () C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\PyQt5.QtPrintSupport.pyd
2016-02-22 11:48 - 2016-02-16 19:39 - 00158008 _____ () C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\PyQt5.QtWebEngineWidgets.pyd
2016-02-22 11:48 - 2016-02-16 19:39 - 00042808 _____ () C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\PyQt5.QtWebChannel.pyd
2016-02-22 11:48 - 2016-01-12 19:49 - 00017864 _____ () C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\libEGL.dll
2016-02-22 11:48 - 2016-01-12 19:49 - 01631184 _____ () C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-12-13 10:50 - 2016-02-16 19:39 - 00024904 _____ () C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\_cffi_wpad_proxy_win_x752e3d61xdcfdcc84.pyd
2015-12-13 10:50 - 2016-02-16 19:39 - 00546096 _____ () C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\PyQt5.QtQuick.pyd
2015-12-13 10:50 - 2016-02-16 19:39 - 00357680 _____ () C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\PyQt5.QtQml.pyd
2015-03-04 22:45 - 2016-01-12 19:52 - 00697304 _____ () C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\QtQuick\Controls\qtquickcontrolsplugin.dll
2012-10-07 14:55 - 2009-02-27 15:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2012-09-23 20:43 - 2012-09-23 20:43 - 00010240 _____ () C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\locale\de_de\acrotray.deu
2015-06-17 13:56 - 2015-04-28 09:50 - 00376832 _____ () G:\Program Files (x86)\1Password 4\js3215R.dll
2014-04-13 13:18 - 2016-02-23 09:50 - 00325824 _____ () C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\AppVIsvStream32.dll
2016-02-22 12:03 - 2016-02-18 05:14 - 01630360 _____ () C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.116\libglesv2.dll
2016-02-22 12:03 - 2016-02-18 05:14 - 00085656 _____ () C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.116\libegl.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)

AlternateDataStreams: C:\ProgramData\TEMP:74603393
AlternateDataStreams: C:\Users\PinheiroLLB\.DS_Store:AFP_AfpInfo

==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)


==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)

IE trusted site: HKU\S-1-5-21-942671010-3624539665-887436449-1000\...\uni-koeln.de -> hxxps://vpngate.uni-koeln.de
IE trusted site: HKU\S-1-5-21-942671010-3624539665-887436449-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\uni-koeln.de -> hxxps://vpngate.uni-koeln.de
IE trusted site: HKU\S-1-5-21-942671010-3624539665-887436449-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\uni-koeln.de -> hxxps://vpngate.uni-koeln.de
IE trusted site: HKU\S-1-5-21-942671010-3624539665-887436449-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\uni-koeln.de -> hxxps://vpngate.uni-koeln.de

==================== Hosts Inhalt: ===============================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2006-11-02 13:34 - 2014-11-04 19:19 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1       localhost

==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-942671010-3624539665-887436449-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\PinheiroLLB\AppData\Local\Microsoft\Windows\Themes\img17.jpg
HKU\S-1-5-21-942671010-3624539665-887436449-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\PinheiroLLB\AppData\Local\Microsoft\Windows\Themes\img17.jpg
HKU\S-1-5-21-942671010-3624539665-887436449-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Control Panel\Desktop\\Wallpaper -> C:\Users\PinheiroLLB\AppData\Local\Microsoft\Windows\Themes\img17.jpg
HKU\S-1-5-21-942671010-3624539665-887436449-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\Control Panel\Desktop\\Wallpaper -> C:\Users\PinheiroLLB\AppData\Local\Microsoft\Windows\Themes\img17.jpg
HKU\S-1-5-21-942671010-3624539665-887436449-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> 
HKU\S-1-5-21-942671010-3624539665-887436449-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Control Panel\Desktop\\Wallpaper -> 
HKU\S-1-5-21-942671010-3624539665-887436449-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\Control Panel\Desktop\\Wallpaper -> 
HKU\S-1-5-21-942671010-3624539665-887436449-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
HKU\S-1-5-21-942671010-3624539665-887436449-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
HKU\S-1-5-21-942671010-3624539665-887436449-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKLM\...\StartupApproved\Run32: => "ControlCenter3"
HKU\S-1-5-21-942671010-3624539665-887436449-1000\...\StartupApproved\Run: => "SkyDrive"
HKU\S-1-5-21-942671010-3624539665-887436449-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "SkyDrive"
HKU\S-1-5-21-942671010-3624539665-887436449-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\StartupApproved\Run: => "SkyDrive"
HKU\S-1-5-21-942671010-3624539665-887436449-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\StartupApproved\Run: => "SkyDrive"

==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808
FirewallRules: [{DABF8B65-4EAD-47C6-A76A-6975F9BF0179}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{9080D6F9-11C2-4943-BD3A-590E7206B865}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{D44E990A-1C0E-471A-ABE4-396F9F7F716C}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{63AB1C45-34BD-4D72-AAA9-2579C3E52970}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{1DCDF590-12BC-412B-8E4D-EB237E660A9D}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{34A0857F-C12A-4857-BAF3-F3183506780C}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{F5F240FD-C28C-475F-8D57-12FE0409FF6E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{3DF0AC30-998F-4392-BDC9-04D11149AF0C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{46DB165E-B162-4947-BAED-DE0F73061D82}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{A06FB2EB-6751-4290-8ADF-808F1F95E459}] => (Allow) G:\Program Files (x86)\ATOMI\ActivePresenter\rlupdater.exe
FirewallRules: [{3FBA1DE5-90DB-4E5B-A899-EC39324C8758}] => (Allow) G:\Program Files (x86)\ATOMI\ActivePresenter\rlupdater.exe
FirewallRules: [{7D4A5320-14D6-4D2D-AAD6-14C4E76F22EB}] => (Allow) G:\Program Files (x86)\ATOMI\ActivePresenter\rlactivator.exe
FirewallRules: [{26ABC75B-081D-4BFA-9E34-D779EC269C7C}] => (Allow) G:\Program Files (x86)\ATOMI\ActivePresenter\rlactivator.exe
FirewallRules: [{1517D475-0977-4EB2-A9CC-8BBF78AE57FF}] => (Allow) G:\Program Files (x86)\ATOMI\ActivePresenter\rlhtmlrenderer.exe
FirewallRules: [{ABFCAD0D-7E63-4FF4-A893-347D268471B0}] => (Allow) G:\Program Files (x86)\ATOMI\ActivePresenter\rlhtmlrenderer.exe
FirewallRules: [{7E4A4DD7-EBE8-48E1-B6FD-8541EE2E117F}] => (Allow) G:\Program Files (x86)\ATOMI\ActivePresenter\ActivePresenter.exe
FirewallRules: [{E9E752E9-5DEE-472B-A115-6EFF96E20235}] => (Allow) G:\Program Files (x86)\ATOMI\ActivePresenter\ActivePresenter.exe
FirewallRules: [{B8F9E71D-A404-448E-B998-EB23552B5DE0}] => (Allow) G:\Program Files (x86)\ATOMI\ActivePresenter\rlupdater.exe
FirewallRules: [{79D79628-82B0-4F24-BAB8-2CF6172C7C32}] => (Allow) G:\Program Files (x86)\ATOMI\ActivePresenter\rlupdater.exe
FirewallRules: [{4D047BB9-FA13-412E-855D-692DBFA3A480}] => (Allow) G:\Program Files (x86)\ATOMI\ActivePresenter\rlactivator.exe
FirewallRules: [{BFFDFB52-BD9A-4B44-A540-2D634D7713C1}] => (Allow) G:\Program Files (x86)\ATOMI\ActivePresenter\rlactivator.exe
FirewallRules: [{D84594B8-98CF-407E-9821-BED784B894CB}] => (Allow) G:\Program Files (x86)\ATOMI\ActivePresenter\rlhtmlrenderer.exe
FirewallRules: [{F3943234-A711-4457-ACA4-5B150D204FA8}] => (Allow) G:\Program Files (x86)\ATOMI\ActivePresenter\rlhtmlrenderer.exe
FirewallRules: [{5B9AEDAF-67CD-4C6B-B1A7-3930D43F85DD}] => (Allow) G:\Program Files (x86)\ATOMI\ActivePresenter\ActivePresenter.exe
FirewallRules: [{D26CE3FE-3718-4490-BDB0-2968380BE985}] => (Allow) G:\Program Files (x86)\ATOMI\ActivePresenter\ActivePresenter.exe
FirewallRules: [UDP Query User{E0F078E5-80F8-432B-9BE2-6273EB952751}G:\program files (x86)\1password 4\1password.exe] => (Allow) G:\program files (x86)\1password 4\1password.exe
FirewallRules: [TCP Query User{3BF9C57B-CEAB-4E39-8FA4-4F3768757B80}G:\program files (x86)\1password 4\1password.exe] => (Allow) G:\program files (x86)\1password 4\1password.exe
FirewallRules: [{C1D66DB4-22F1-4051-9C54-F6B3BA25FE43}] => (Allow) C:\Program Files (x86)\StarMoney 10\app\StarMoney.exe
FirewallRules: [{0F552548-4FB8-4928-A0C4-91EB93ADF1D4}] => (Allow) C:\Program Files (x86)\StarMoney 10\app\StarMoney.exe
FirewallRules: [{BB98C012-9C7F-4C38-8F56-EE99D703B5BE}] => (Allow) C:\Program Files (x86)\StarMoney 10\ouservice\StarMoneyOnlineUpdate.exe
FirewallRules: [{8630D67C-7F10-4BB6-8D44-29B9C6950C68}] => (Allow) C:\Program Files (x86)\StarMoney 10\ouservice\StarMoneyOnlineUpdate.exe
FirewallRules: [{FE8617D4-1406-44EB-AD00-EC64AEFA4D78}] => (Allow) C:\Users\PinheiroLLB\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{D79C223F-85B8-4E9B-8DAB-E30279A3E188}] => (Allow) C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{507BDD47-791E-4A45-9CA4-875E7A922369}] => (Allow) C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{4C2A0F0D-84BC-46EE-9F39-67AFF1FAE1D2}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{9B4613FA-3B91-4499-AA4F-95F2847B0063}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{FE01352C-66CD-45A2-8539-5E7220DEC187}] => (Allow) LPort=4500
FirewallRules: [{CF7056F1-23C0-4B24-A238-EB0C4ABB181E}] => (Allow) LPort=10000
FirewallRules: [{D85A221E-73D2-47CD-8A86-CA370C816E06}] => (Allow) LPort=500
FirewallRules: [UDP Query User{F8D61252-179D-4599-9382-7B1513B8BE84}F:\microsoft games\microsoft flight simulator x\aerosoft\airbus x extended\airbusxconnectextended_ipad_mod_v1.4.exe] => (Allow) F:\microsoft games\microsoft flight simulator x\aerosoft\airbus x extended\airbusxconnectextended_ipad_mod_v1.4.exe
FirewallRules: [TCP Query User{DB04BFEF-4A51-4A8D-95B8-4F99B034EF3C}F:\microsoft games\microsoft flight simulator x\aerosoft\airbus x extended\airbusxconnectextended_ipad_mod_v1.4.exe] => (Allow) F:\microsoft games\microsoft flight simulator x\aerosoft\airbus x extended\airbusxconnectextended_ipad_mod_v1.4.exe
FirewallRules: [UDP Query User{A9CBE811-BD24-49BF-8E15-580CF9FC98F1}H:\program files (x86)\lockheed martin\prepar3d v2\aerosoft\airbus x extended\airbusxconnectextended.exe] => (Allow) H:\program files (x86)\lockheed martin\prepar3d v2\aerosoft\airbus x extended\airbusxconnectextended.exe
FirewallRules: [TCP Query User{82786FD4-1425-4C05-BE85-B725BCC2C878}H:\program files (x86)\lockheed martin\prepar3d v2\aerosoft\airbus x extended\airbusxconnectextended.exe] => (Allow) H:\program files (x86)\lockheed martin\prepar3d v2\aerosoft\airbus x extended\airbusxconnectextended.exe
FirewallRules: [{D093013E-0821-41DA-83D4-6EEEFFD480B9}] => (Allow) H:\Program Files (x86)\Lockheed Martin\Prepar3D v2\Prepar3D.exe
FirewallRules: [{3A762963-6493-4B6D-9EB3-B14251B0BC95}] => (Allow) H:\Program Files (x86)\Lockheed Martin\Prepar3D v2\Prepar3D.exe
FirewallRules: [UDP Query User{5A31A57E-D4CC-4318-8FD7-A3ABE2BCA9BC}F:\program files\ivao\ivai\ivai.exe] => (Allow) F:\program files\ivao\ivai\ivai.exe
FirewallRules: [TCP Query User{DDEC5E28-CC7C-4CB9-A741-3E24FE1AEED1}F:\program files\ivao\ivai\ivai.exe] => (Allow) F:\program files\ivao\ivai\ivai.exe
FirewallRules: [{51038772-1D25-49D1-8BE6-3F939F655994}] => (Allow) G:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{5D30B5BE-E3D4-42F1-80C9-5045A31DE548}] => (Allow) G:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [UDP Query User{67AC74AE-F3E2-4095-9813-744AB8E0C987}F:\program files (x86)\aivlasoft\efb\aivlasoft.efb.displayunit.exe] => (Allow) F:\program files (x86)\aivlasoft\efb\aivlasoft.efb.displayunit.exe
FirewallRules: [TCP Query User{4B96B91D-C891-4850-BADD-529CD5EBE506}F:\program files (x86)\aivlasoft\efb\aivlasoft.efb.displayunit.exe] => (Allow) F:\program files (x86)\aivlasoft\efb\aivlasoft.efb.displayunit.exe
FirewallRules: [UDP Query User{72B00CC3-A400-41D8-A027-C8482C163A11}C:\users\pinheirollb\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\pinheirollb\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [TCP Query User{3E711164-2730-4735-AE10-8D8E0A393D4B}C:\users\pinheirollb\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\pinheirollb\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{E28D8A5E-6ADD-43CF-8702-E18FAF86D751}F:\program files (x86)\aivlasoft\efb\aivlasoft.efb.dataprovider.exe] => (Allow) F:\program files (x86)\aivlasoft\efb\aivlasoft.efb.dataprovider.exe
FirewallRules: [TCP Query User{8D50B573-4756-4BC8-8EA8-8DE1E888C5E1}F:\program files (x86)\aivlasoft\efb\aivlasoft.efb.dataprovider.exe] => (Allow) F:\program files (x86)\aivlasoft\efb\aivlasoft.efb.dataprovider.exe
FirewallRules: [{3E31C00A-5DC9-4B81-B4C3-3710D245EF2C}] => (Allow) LPort=1900
FirewallRules: [{7220DCA1-8511-4950-B0AD-E1CCD4AF7B42}] => (Allow) LPort=2869
FirewallRules: [{36FCB705-AC62-43A4-9927-E6682197E73D}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{19D68882-2617-4759-B846-B5A344854A41}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{F91326F8-3F6A-458C-AA30-F0E7F8C00319}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [UDP Query User{6B7C2993-BAA9-40BB-88E5-ECF227ACADC0}H:\x-plane 10\x-plane-32bit.exe] => (Allow) H:\x-plane 10\x-plane-32bit.exe
FirewallRules: [TCP Query User{3F36C02A-F6EE-4F7D-8CF5-19B1AACBA089}H:\x-plane 10\x-plane-32bit.exe] => (Allow) H:\x-plane 10\x-plane-32bit.exe
FirewallRules: [UDP Query User{D02E9227-ECD3-4C95-BCAE-7AEA76AA77BC}F:\microsoft games\microsoft flight simulator x\aerosoft\airbus x extended\airbusxconnectextended.exe] => (Allow) F:\microsoft games\microsoft flight simulator x\aerosoft\airbus x extended\airbusxconnectextended.exe
FirewallRules: [TCP Query User{DFF071A9-8E9F-4041-848E-AE65E30CC6FA}F:\microsoft games\microsoft flight simulator x\aerosoft\airbus x extended\airbusxconnectextended.exe] => (Allow) F:\microsoft games\microsoft flight simulator x\aerosoft\airbus x extended\airbusxconnectextended.exe
FirewallRules: [UDP Query User{EFAE5E0B-AB66-46BC-B914-8E5E23EAD514}H:\x-plane 10\x-plane.exe] => (Allow) H:\x-plane 10\x-plane.exe
FirewallRules: [TCP Query User{3ADA6EFB-0E17-40CE-B989-8515A78E35A7}H:\x-plane 10\x-plane.exe] => (Allow) H:\x-plane 10\x-plane.exe
FirewallRules: [{AFFA48EF-62B0-4D5B-A60A-30EEDE5D6A7C}] => (Allow) LPort=54925
FirewallRules: [{1D481604-9168-4D80-8823-E8EB9A391C0F}] => (Allow) C:\Program Files (x86)\Brother\Brmfl07b\FAXRX.exe
FirewallRules: [{859F9BF3-5318-4FAD-8E64-B3ECF1BC1F1A}] => (Allow) C:\Program Files (x86)\Brother\Brmfl07b\FAXRX.exe
FirewallRules: [{858C7A23-E377-463C-9637-DF2046E41CF8}] => (Allow) G:\Program Files (x86)\StarMoney 8.0\app\StarMoney.exe
FirewallRules: [{5D17DB09-8083-4EE6-A9F0-31388644D735}] => (Allow) G:\Program Files (x86)\StarMoney 8.0\app\StarMoney.exe
FirewallRules: [{3CF72D51-4E7A-4E4D-9BAC-A9124934E19B}] => (Allow) G:\Program Files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe
FirewallRules: [{1C9BDFCE-7C41-45A9-9784-8669270E2371}] => (Allow) G:\Program Files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe
FirewallRules: [{E9D1C01F-8F2E-45F9-80A7-C5366AF5719E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{EE1E4EFA-EBFF-4241-914D-5F0151A50170}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{40291CBD-534A-4967-815A-104A7910DD39}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{EE9F1749-47FC-4F7D-AEB9-4A1B3E664280}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{83973102-9920-47E8-8CE9-BED29C2CED10}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{445E180C-2AE7-4FEF-A1CC-248CD1C0FBB5}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{EB36A764-5C91-4C27-ABFB-557AE031B835}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Wiederherstellungspunkte =========================

ACHTUNG: Systemwiederherstellung ist deaktiviert

==================== Fehlerhafte Geräte im Gerätemanager =============

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Unbekanntes USB-Gerät (Fehler beim Anfordern einer Gerätebeschreibung.)
Description: Unbekanntes USB-Gerät (Fehler beim Anfordern einer Gerätebeschreibung.)
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard-USB-Hostcontroller)
Service: 
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation. 


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (03/01/2016 09:29:19 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: AppleChromeDAV.exe, Version: 1.4.20.0, Zeitstempel: 0x5551e31d
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x003e002f
ID des fehlerhaften Prozesses: 0x30f8
Startzeit der fehlerhaften Anwendung: 0xAppleChromeDAV.exe0
Pfad der fehlerhaften Anwendung: AppleChromeDAV.exe1
Pfad des fehlerhaften Moduls: AppleChromeDAV.exe2
Berichtskennung: AppleChromeDAV.exe3
Vollständiger Name des fehlerhaften Pakets: AppleChromeDAV.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: AppleChromeDAV.exe5

Error: (03/01/2016 09:02:46 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: Earth1)
Description: Das Paket „Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy+CortanaUI“ wurde beendet, da das Anhalten zu lange dauerte.

Error: (03/01/2016 08:54:39 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: AppleChromeDAV.exe, Version: 1.4.20.0, Zeitstempel: 0x5551e31d
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x003e002f
ID des fehlerhaften Prozesses: 0x2b08
Startzeit der fehlerhaften Anwendung: 0xAppleChromeDAV.exe0
Pfad der fehlerhaften Anwendung: AppleChromeDAV.exe1
Pfad des fehlerhaften Moduls: AppleChromeDAV.exe2
Berichtskennung: AppleChromeDAV.exe3
Vollständiger Name des fehlerhaften Pakets: AppleChromeDAV.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: AppleChromeDAV.exe5

Error: (02/29/2016 10:01:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: AppleChromeDAV.exe, Version: 1.4.20.0, Zeitstempel: 0x5551e31d
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x003e002f
ID des fehlerhaften Prozesses: 0x2bac
Startzeit der fehlerhaften Anwendung: 0xAppleChromeDAV.exe0
Pfad der fehlerhaften Anwendung: AppleChromeDAV.exe1
Pfad des fehlerhaften Moduls: AppleChromeDAV.exe2
Berichtskennung: AppleChromeDAV.exe3
Vollständiger Name des fehlerhaften Pakets: AppleChromeDAV.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: AppleChromeDAV.exe5

Error: (02/29/2016 09:51:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: AppleChromeDAV.exe, Version: 1.4.20.0, Zeitstempel: 0x5551e31d
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x003e002f
ID des fehlerhaften Prozesses: 0x1d78
Startzeit der fehlerhaften Anwendung: 0xAppleChromeDAV.exe0
Pfad der fehlerhaften Anwendung: AppleChromeDAV.exe1
Pfad des fehlerhaften Moduls: AppleChromeDAV.exe2
Berichtskennung: AppleChromeDAV.exe3
Vollständiger Name des fehlerhaften Pakets: AppleChromeDAV.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: AppleChromeDAV.exe5

Error: (02/29/2016 09:40:13 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Earth1)
Description: Bei der Aktivierung der App „Microsoft.MicrosoftEdge_25.10586.0.0_neutral__8wekyb3d8bbwe:MicrosoftEdge.AppX9zvsr9qeth9e9a03yr0g7rpdrcrwgn5r.mca“ ist folgender Fehler aufgetreten: -2144927149. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (02/29/2016 09:31:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: AppleChromeDAV.exe, Version: 1.4.20.0, Zeitstempel: 0x5551e31d
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x003e002f
ID des fehlerhaften Prozesses: 0x1118
Startzeit der fehlerhaften Anwendung: 0xAppleChromeDAV.exe0
Pfad der fehlerhaften Anwendung: AppleChromeDAV.exe1
Pfad des fehlerhaften Moduls: AppleChromeDAV.exe2
Berichtskennung: AppleChromeDAV.exe3
Vollständiger Name des fehlerhaften Pakets: AppleChromeDAV.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: AppleChromeDAV.exe5

Error: (02/29/2016 09:24:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: AppleChromeDAV.exe, Version: 1.4.20.0, Zeitstempel: 0x5551e31d
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x003e002f
ID des fehlerhaften Prozesses: 0x20e8
Startzeit der fehlerhaften Anwendung: 0xAppleChromeDAV.exe0
Pfad der fehlerhaften Anwendung: AppleChromeDAV.exe1
Pfad des fehlerhaften Moduls: AppleChromeDAV.exe2
Berichtskennung: AppleChromeDAV.exe3
Vollständiger Name des fehlerhaften Pakets: AppleChromeDAV.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: AppleChromeDAV.exe5

Error: (02/29/2016 07:59:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: AppleChromeDAV.exe, Version: 1.4.20.0, Zeitstempel: 0x5551e31d
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x003e002f
ID des fehlerhaften Prozesses: 0x2864
Startzeit der fehlerhaften Anwendung: 0xAppleChromeDAV.exe0
Pfad der fehlerhaften Anwendung: AppleChromeDAV.exe1
Pfad des fehlerhaften Moduls: AppleChromeDAV.exe2
Berichtskennung: AppleChromeDAV.exe3
Vollständiger Name des fehlerhaften Pakets: AppleChromeDAV.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: AppleChromeDAV.exe5

Error: (02/29/2016 12:15:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: AppleChromeDAV.exe, Version: 1.4.20.0, Zeitstempel: 0x5551e31d
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x003e002f
ID des fehlerhaften Prozesses: 0x1250
Startzeit der fehlerhaften Anwendung: 0xAppleChromeDAV.exe0
Pfad der fehlerhaften Anwendung: AppleChromeDAV.exe1
Pfad des fehlerhaften Moduls: AppleChromeDAV.exe2
Berichtskennung: AppleChromeDAV.exe3
Vollständiger Name des fehlerhaften Pakets: AppleChromeDAV.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: AppleChromeDAV.exe5


Systemfehler:
=============
Error: (03/01/2016 09:31:43 AM) (Source: bowser) (EventID: 8003) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "FRITZ-NAS",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{E3750FE7-67B0-4170-B8E0-591DD6C63E62}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.

Error: (03/01/2016 08:54:07 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069

Error: (03/01/2016 08:54:07 AM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (03/01/2016 08:51:57 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "NetTcpActivator" ist vom Dienst "NetTcpPortSharing" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1058

Error: (02/29/2016 10:09:24 PM) (Source: DCOM) (EventID: 10010) (User: Earth1)
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (02/29/2016 10:09:24 PM) (Source: DCOM) (EventID: 10010) (User: Earth1)
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (02/29/2016 10:09:24 PM) (Source: DCOM) (EventID: 10010) (User: Earth1)
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (02/29/2016 10:09:24 PM) (Source: DCOM) (EventID: 10010) (User: Earth1)
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (02/29/2016 10:09:24 PM) (Source: DCOM) (EventID: 10010) (User: Earth1)
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (02/29/2016 10:09:24 PM) (Source: DCOM) (EventID: 10010) (User: Earth1)
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}


CodeIntegrity:
===================================
  Date: 2016-02-24 15:10:05.810
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.

  Date: 2016-02-24 15:10:05.732
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.

  Date: 2016-02-11 20:17:38.658
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-02-11 13:53:57.982
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.

  Date: 2016-02-11 13:53:57.883
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.

  Date: 2016-02-11 13:50:16.716
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.

  Date: 2016-02-11 13:50:16.665
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.

  Date: 2016-02-10 20:43:30.427
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-02-10 16:47:23.601
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-02-01 08:57:53.482
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.


==================== Speicherinformationen =========================== 

Prozessor: Intel(R) Core(TM) i7-3770K CPU @ 3.50GHz
Prozentuale Nutzung des RAM: 43%
Installierter physikalischer RAM: 8147 MB
Verfügbarer physikalischer RAM: 4570.31 MB
Summe virtueller Speicher: 16339 MB
Verfügbarer virtueller Speicher: 11992.02 MB

==================== Laufwerke ================================

Drive c: () (Fixed) (Total:118.7 GB) (Free:31.65 GB) NTFS
Drive d: () (Fixed) (Total:0.1 GB) (Free:0.05 GB) NTFS ==>[System mit Startkomponenten (eingeholt von Laufwerk)]
Drive f: (FSX) (Fixed) (Total:244.14 GB) (Free:164 GB) NTFS
Drive g: (Programme) (Fixed) (Total:48.83 GB) (Free:45.78 GB) NTFS
Drive h: (XPlane) (Fixed) (Total:292.97 GB) (Free:213.16 GB) NTFS
Drive i: (Data) (Fixed) (Total:345.56 GB) (Free:290.33 GB) NTFS
Drive j: (Backup HD) (Fixed) (Total:931.51 GB) (Free:654.3 GB) NTFS
Drive l: () (Fixed) (Total:14.9 GB) (Free:12.65 GB) FAT32

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 119.2 GB) (Disk ID: 7DB1A4CF)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=118.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 7F75FE5A)
Partition 1: (Not Active) - (Size=48.8 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=244.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=293 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=345.6 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 14.9 GB) (Disk ID: BD941F46)
Partition 1: (Not Active) - (Size=14.9 GB) - (Type=0C)

========================================================
Disk: 3 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 28FDA0DC)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== Ende von Addition.txt ============================
         
__________________


Alt 01.03.2016, 12:08   #3
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Win 10 Rogue.953320 Malware - Standard

Win 10 Rogue.953320 Malware



moin

ist das ein gewerblich genutzter Rechner?
__________________
__________________

Alt 01.03.2016, 12:18   #4
pinokw
 
Win 10 Rogue.953320 Malware - Standard

Win 10 Rogue.953320 Malware



nein, der Firmenlaptop ist glücklicherweise clean.
Es handelt sich um den Familienrechner! Wie kommst du dadrauf?

vg

Alt 01.03.2016, 13:09   #5
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Win 10 Rogue.953320 Malware - Standard

Win 10 Rogue.953320 Malware



Deswegen:

Zitat:
Adobe Acrobat XI Pro
Microsoft Office Professional Plus 2013
TOPCAT 2.74 Beta 1
Prepar3D v2 Academic
Professional Flight Planner X
Nur um mal ein paar zu nennen. Diese Ausstattung ist nicht gerade üblich im rein privaten Bereich

__________________
Logfiles bitte immer in CODE-Tags posten

Alt 01.03.2016, 13:20   #6
pinokw
 
Win 10 Rogue.953320 Malware - Standard

Win 10 Rogue.953320 Malware



ach so. Als Student bekommt man diese Produkte recht günstig (Office für 10€). Hat nichts mit der Firma zu tun.
Ich kann dir gerne per Email nachweise meiner beruflichen Tätigkeit erbringen, wenn du das möchtest. Die Flugsimulationssoftware deutet darauf hin ;-)

Alt 01.03.2016, 13:21   #7
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Win 10 Rogue.953320 Malware - Standard

Win 10 Rogue.953320 Malware



OK

Bitte Avira deinstallieren. Das Teil empfehlen wir schon seit Jahren aus mehreren Gründen nicht mehr. Ein Grund ist ne rel. hohe Fehlalarmquote, der zweite Hauptgrund ist, dass die immer noch mit ASK zusammenarbeiten (Avira Suchfunktion geht über ASK). Auch andere Freewareanbieter wie AVG, Avast oder Panda sprangen auf diesen Zug auf; so was ist bei Sicherheitssoftware einfach inakzeptabel. Vgl. Antivirensoftware: Schutz für Ihre Dateien, aber auf Kosten Ihrer Privatsphäre? | Emsisoft Blog

Wenn wir hier durch sind, kannst du auf einen anderen Virenscanner umsteigen.

Gib Bescheid wenn Avira weg ist. Bitte bei der Gelegenheit auch alles von Lavasoft deinstallieren (Adaware - das ist nutzlose Software)
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 01.03.2016, 13:32   #8
pinokw
 
Win 10 Rogue.953320 Malware - Standard

Win 10 Rogue.953320 Malware



darüber hinaus ist die FS Software Standardsoftware, die von vielen Simmern verwendet wird:
hxxp://www.flightsimsoft.com/pfpx/
TOPCAT

da verstehe ich die Kritik nicht....

okay, mache ich... unfassbar. Habe mir gerade erst AVIRA gekauft für 50€..... könnte

Alt 01.03.2016, 13:39   #9
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Win 10 Rogue.953320 Malware - Standard

Win 10 Rogue.953320 Malware



das soll keine Kritik sein, ich hab EINFACH NUR GEFRAGT was diese Software soll, sowas sieht man nicht auf JEDEM privaten PC! Ist das so schwer zu verstehen?

Wie gesagt, von Avira raten wir ab. Ich weiß nicht wie genau die kostenpflichtige Version tickt, aber die Firma Avira ist ein rotes Tuch, wie kann man als Sicherheitsunternehmen (Anbieter von Virenscanner - einem Produkt, das SICHERHEIT bieten) soll mit sowas wie ASK zusammenarbeiten...Gier frisst Hirn
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 01.03.2016, 14:12   #10
pinokw
 
Win 10 Rogue.953320 Malware - Standard

Win 10 Rogue.953320 Malware



entschuldige bitte, war unhöflich ausgedrückt.

also avira und lavasoft programme sind gelöscht.

Alt 01.03.2016, 14:14   #11
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Win 10 Rogue.953320 Malware - Standard

Win 10 Rogue.953320 Malware



schon guut, ich hab mich nur gewundert wegen der Software

Malwarebytes Anti-Rootkit (MBAR)

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 01.03.2016, 14:30   #12
pinokw
 
Win 10 Rogue.953320 Malware - Standard

Win 10 Rogue.953320 Malware



okay MBAR sagt er habe nichts gefunden...

Code:
ATTFilter
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.09.3.1001

(c) Malwarebytes Corporation 2011-2012

OS version: 10.0.9200 Windows 10 x64

Account is Administrative

Internet Explorer version: 11.103.10586.0

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, F:\ DRIVE_FIXED, G:\ DRIVE_FIXED, H:\ DRIVE_FIXED, I:\ DRIVE_FIXED, J:\ DRIVE_FIXED, L:\ DRIVE_FIXED
CPU speed: 3.500000 GHz
Memory total: 8542752768, free: 4827906048

Downloaded database version: v2016.03.01.04
Downloaded database version: v2016.02.27.01
Downloaded database version: v2016.02.22.02
=======================================
Initializing...
------------ Kernel report ------------
     03/01/2016 14:21:39
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kd.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\System32\drivers\werkernel.sys
\SystemRoot\System32\drivers\CLFS.SYS
\SystemRoot\System32\drivers\tm.sys
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\System32\drivers\cmimcext.sys
\SystemRoot\System32\drivers\ntosext.sys
\SystemRoot\system32\CI.dll
\SystemRoot\System32\drivers\msrpc.sys
\SystemRoot\System32\drivers\FLTMGR.SYS
\SystemRoot\System32\drivers\ksecdd.sys
\SystemRoot\System32\drivers\clipsp.sys
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\System32\Drivers\acpiex.sys
\SystemRoot\System32\Drivers\WppRecorder.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\ACPI.sys
\SystemRoot\System32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\WindowsTrustedRT.sys
\SystemRoot\System32\drivers\WindowsTrustedRTProxy.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\drivers\msisadrv.sys
\SystemRoot\System32\drivers\pci.sys
\SystemRoot\System32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\pdc.sys
\SystemRoot\system32\drivers\CEA.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\System32\drivers\spaceport.sys
\SystemRoot\System32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\System32\drivers\storahci.sys
\SystemRoot\System32\drivers\storport.sys
\SystemRoot\System32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Wof.sys
\SystemRoot\System32\Drivers\NTFS.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\System32\drivers\wfplwfs.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\System32\drivers\iusb3hcs.sys
\SystemRoot\System32\drivers\volsnap.sys
\SystemRoot\system32\DRIVERS\snapman.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\system32\DRIVERS\hotcore3.sys
\SystemRoot\system32\DRIVERS\fltsrv.sys
\SystemRoot\System32\drivers\disk.sys
\SystemRoot\System32\drivers\CLASSPNP.SYS
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\drivers\cdrom.sys
\SystemRoot\system32\drivers\filecrypt.sys
\SystemRoot\system32\drivers\tbs.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\BasicDisplay.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\BasicRender.sys
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\drivers\vwififlt.sys
\SystemRoot\System32\drivers\pacer.sys
\SystemRoot\system32\drivers\netbios.sys
\SystemRoot\system32\DRIVERS\avkmgr.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\drivers\npsvctrig.sys
\SystemRoot\System32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\gpuenergydrv.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\ahcache.sys
\SystemRoot\system32\drivers\SaiBus.sys
\SystemRoot\System32\DriverStore\FileRepository\compositebus.inf_amd64_912dfdedc3d2f520\CompositeBus.sys
\SystemRoot\System32\drivers\kdnic.sys
\SystemRoot\System32\drivers\umbus.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\System32\drivers\HDAudBus.sys
\SystemRoot\System32\drivers\portcls.sys
\SystemRoot\System32\drivers\drmk.sys
\SystemRoot\System32\drivers\ks.sys
\SystemRoot\System32\drivers\USBXHCI.SYS
\SystemRoot\system32\drivers\ucx01000.sys
\SystemRoot\System32\drivers\HECIx64.sys
\SystemRoot\System32\drivers\usbehci.sys
\SystemRoot\System32\drivers\USBPORT.SYS
\SystemRoot\System32\drivers\rt640x64.sys
\SystemRoot\System32\drivers\serial.sys
\SystemRoot\System32\drivers\serenum.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\System32\drivers\intelppm.sys
\SystemRoot\System32\drivers\wmiacpi.sys
\SystemRoot\system32\DRIVERS\serscan.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\System32\drivers\NdisVirtualBus.sys
\SystemRoot\System32\drivers\swenum.sys
\SystemRoot\System32\drivers\rdpbus.sys
\SystemRoot\System32\drivers\SaiMini.sys
\SystemRoot\System32\drivers\HIDCLASS.SYS
\SystemRoot\System32\drivers\HIDPARSE.SYS
\SystemRoot\System32\drivers\usbhub.sys
\SystemRoot\System32\drivers\USBD.SYS
\SystemRoot\system32\drivers\nvhda64v.sys
\SystemRoot\System32\drivers\UsbHub3.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\System32\drivers\kbdhid.sys
\SystemRoot\System32\drivers\kbdclass.sys
\SystemRoot\System32\drivers\mouhid.sys
\SystemRoot\System32\drivers\mouclass.sys
\SystemRoot\System32\drivers\USBSTOR.SYS
\SystemRoot\System32\drivers\hidusb.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\System32\drivers\usbccgp.sys
\SystemRoot\system32\DRIVERS\lvuvc64.sys
\SystemRoot\system32\drivers\usbaudio.sys
\SystemRoot\system32\DRIVERS\lvrs64.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\win32kfull.sys
\SystemRoot\System32\win32kbase.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_storahci.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\drivers\dxgmms2.sys
\SystemRoot\System32\drivers\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\drivers\storqosflt.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\SystemRoot\System32\drivers\WpdUpFltr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\drivers\mslldp.sys
\SystemRoot\system32\drivers\lltdio.sys
\SystemRoot\system32\drivers\rspndr.sys
\SystemRoot\system32\DRIVERS\SaiH0461.sys
\SystemRoot\system32\drivers\mmcss.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\??\C:\Windows\system32\drivers\cpuz135_x64.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\??\C:\WINDOWS\system32\drivers\mbam.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\drivers\mqac.sys
\SystemRoot\system32\drivers\peauth.sys
\??\C:\WINDOWS\SysWOW64\speedfan.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\system32\drivers\Ndu.sys
\SystemRoot\System32\drivers\tunnel.sys
\??\C:\Program Files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.99.0\gzflt.sys
\SystemRoot\System32\drivers\condrv.sys
\SystemRoot\System32\ATMFD.DLL
\??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
\SystemRoot\system32\drivers\WdFilter.sys
\SystemRoot\system32\Drivers\WdNisDrv.sys
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
----------- End -----------
Done!

Scan started
Database versions:
  main:    v2016.03.01.04
  rootkit: v2016.02.27.01

<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffe001d9170060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffe001d91718f0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffe001d9170060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xffffe001d903ce40, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffffe001d9110060, DeviceName: \Device\00000027\, DriverName: \Driver\storahci\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 7DB1A4CF

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 204800
    Partition is bootable
    Partition file system is NTFS

    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 206848  Numsec = 248938496
    Partition is not bootable
    Partition file system is NTFS

    Partition 2 type is Other (0x27)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 249145344  Numsec = 921600
    Partition is not bootable
    Partition file system is NTFS

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition is not bootable

Disk Size: 128035676160 bytes
Sector size: 512 bytes

Done!
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xffffe001d916f060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffe001d9063b10, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffe001d916f060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
DevicePointer: 0xffffe001d9176e40, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffffe001d917a060, DeviceName: \Device\00000029\, DriverName: \Driver\storahci\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 7F75FE5A

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 63  Numsec = 102414312
    Partition is not bootable
    Partition file system is NTFS

    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 102414375  Numsec = 512007615
    Partition is not bootable
    Partition file system is NTFS

    Partition 2 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 614421990  Numsec = 614405925
    Partition is not bootable
    Partition file system is NTFS

    Partition 3 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 1228827915  Numsec = 724692150
    Partition is not bootable
    Partition file system is NTFS

Disk Size: 1000203804160 bytes
Sector size: 512 bytes

Done!
Physical Sector Size: 512
Drive: 2, DevicePointer: 0xffffe001d95f6510, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffe001d9633b10, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffe001d95f6510, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\disk\
DevicePointer: 0xffffe001d9635b10, DeviceName: \Device\00000043\, DriverName: \Driver\USBSTOR\
------------ End ----------
Alternate DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 2
Scanning MBR on drive 2...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: BD941F46

Partition information:

    Partition 0 type is Other (0xc)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 32  Numsec = 31266784
    Partition is not bootable
    Partition file system is FAT32

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition is not bootable

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition is not bootable

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition is not bootable

Disk Size: 16013942784 bytes
Sector size: 512 bytes

Done!
Physical Sector Size: 512
Drive: 3, DevicePointer: 0xffffe001d96c4060, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffe001d96c6610, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffe001d96c4060, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\disk\
DevicePointer: 0xffffe001d96ca060, DeviceName: \Device\00000045\, DriverName: \Driver\USBSTOR\
------------ End ----------
Alternate DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 3
Scanning MBR on drive 3...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 28FDA0DC

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 2048  Numsec = 1953519616
    Partition is not bootable
    Partition file system is NTFS

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition is not bootable

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition is not bootable

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition is not bootable

Disk Size: 1000204886016 bytes
Sector size: 512 bytes

Done!
File "C:\Windows\System32\KERNELBASE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\KERNELBASE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\apphelp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\psapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\user32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\gdi32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\advapi32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msvcrt.dll" is sparse (flags = 32768)
File "C:\Windows\System32\sechost.dll" is sparse (flags = 32768)
File "C:\Windows\System32\rpcrt4.dll" is sparse (flags = 32768)
File "C:\Windows\System32\sspicli.dll" is sparse (flags = 32768)
File "C:\Windows\System32\CRYPTBASE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\BCRYPTPRIMITIVES.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\imm32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\shlwapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\combase.dll" is sparse (flags = 32768)
File "C:\Windows\System32\shell32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\version.dll" is sparse (flags = 32768)
File "C:\Windows\System32\cfgmgr32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.STORAGE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.STORAGE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\KERNEL.APPCORE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\SHCore.dll" is sparse (flags = 32768)
File "C:\Windows\System32\powrprof.dll" is sparse (flags = 32768)
File "C:\Windows\System32\profapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ole32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\netapi32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wintrust.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msasn1.dll" is sparse (flags = 32768)
File "C:\Windows\System32\crypt32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wininet.dll" is sparse (flags = 32768)
File "C:\Windows\System32\imagehlp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\userenv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\mpr.dll" is sparse (flags = 32768)
File "C:\Windows\System32\sfc_os.dll" is sparse (flags = 32768)
File "C:\Windows\System32\netutils.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ws2_32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\comdlg32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\FIREWALLAPI.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\oleaut32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\winmm.dll" is sparse (flags = 32768)
File "C:\Windows\System32\winspool.drv" is sparse (flags = 32768)
File "C:\Windows\System32\davhlpr.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WINMMBASE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\bcrypt.dll" is sparse (flags = 32768)
File "C:\Windows\System32\cryptsp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\rsaenh.dll" is sparse (flags = 32768)
File "C:\Windows\System32\fwbase.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wkscli.dll" is sparse (flags = 32768)
File "C:\Windows\System32\cscapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\uxtheme.dll" is sparse (flags = 32768)
File "C:\Windows\System32\iertutil.dll" is sparse (flags = 32768)
File "C:\Windows\System32\iertutil.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ONDEMANDCONNROUTEHELPER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\IPHLPAPI.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\winhttp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\mswsock.dll" is sparse (flags = 32768)
File "C:\Windows\System32\nsi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\winnsi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dnsapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\urlmon.dll" is sparse (flags = 32768)
File "C:\Windows\System32\rasadhlp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\FWPUCLNT.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\msctf.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dwmapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dhcpcsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ntmarta.dll" is sparse (flags = 32768)
File "C:\Windows\System32\clbcatq.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wtsapi32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\winsta.dll" is sparse (flags = 32768)
File "C:\Windows\System32\efswrt.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WinTypes.dll" is sparse (flags = 32768)
File "C:\Windows\System32\edputil.dll" is sparse (flags = 32768)
File "C:\Windows\System32\propsys.dll" is sparse (flags = 32768)
File "C:\Windows\System32\mssprxy.dll" is sparse (flags = 32768)
File "C:\Windows\System32\smss.exe" is sparse (flags = 32768)
File "C:\Windows\System32\csrss.exe" is sparse (flags = 32768)
File "C:\Windows\System32\wininit.exe" is sparse (flags = 32768)
File "C:\Windows\System32\services.exe" is sparse (flags = 32768)
File "C:\Windows\System32\lsass.exe" is sparse (flags = 32768)
File "C:\Windows\System32\svchost.exe" is sparse (flags = 32768)
File "C:\Windows\System32\winlogon.exe" is sparse (flags = 32768)
File "C:\Windows\System32\dwm.exe" is sparse (flags = 32768)
File "C:\Windows\System32\setupapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\devobj.dll" is sparse (flags = 32768)
File "C:\Windows\System32\devrtl.dll" is sparse (flags = 32768)
File "C:\Windows\System32\SPInf.dll" is sparse (flags = 32768)
File "C:\Windows\System32\drvstore.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WUDFHost.exe" is sparse (flags = 32768)
File "C:\Windows\System32\msvcp60.dll" is sparse (flags = 32768)
File "C:\Windows\System32\rasapi32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\rasman.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dbghelp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dbgcore.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msxml6.dll" is sparse (flags = 32768)
File "C:\Windows\System32\DHCPCSVC6.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\NETSETUPSHIM.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\NETSETUPAPI.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\gpapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WinSCard.dll" is sparse (flags = 32768)
File "C:\Windows\System32\spoolsv.exe" is sparse (flags = 32768)
File "C:\Windows\System32\dasHost.exe" is sparse (flags = 32768)
File "C:\Windows\System32\sxs.dll" is sparse (flags = 32768)
File "C:\Windows\System32\httpapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\webio.dll" is sparse (flags = 32768)
File "C:\Windows\System32\schannel.dll" is sparse (flags = 32768)
File "C:\Windows\System32\MSKEYPROTECT.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\ncrypt.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ntasn1.dll" is sparse (flags = 32768)
File "C:\Windows\System32\NCRYPTSSLP.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\dpapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\mqsvc.exe" is sparse (flags = 32768)
File "C:\Windows\System32\cabinet.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wsock32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\upnp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ssdpapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wshqos.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WSHTCPIP.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\wship6.dll" is sparse (flags = 32768)
File "C:\Windows\System32\secur32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\mscoree.dll" is sparse (flags = 32768)
File "C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll" is sparse (flags = 32768)
File "C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll" is sparse (flags = 32768)
File "C:\Windows\System32\MSVCR120_CLR0400.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\MSVCR120_CLR0400.DLL" is sparse (flags = 32768)
File "C:\Windows\Microsoft.NET\Framework\v4.0.30319\clrjit.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System\c9b4fd28dc3c397b3d68f1082b65c3fc\System.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\aef92996898ded5b2ca78fecfa86d323\System.Core.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\dbc19a007569ea2001a975050da8b3af\System.Configuration.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\e556397747c99d9c4fc5f4f939c8c6f0\System.Xml.ni.dll" is sparse (flags = 32768)
File "C:\Windows\System32\pdh.dll" is sparse (flags = 32768)
File "C:\Windows\Microsoft.NET\Framework\v4.0.30319\PERFCOUNTER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\ASPNET_COUNTERS.DLL" is sparse (flags = 32768)
File "C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASPNET_PERF.DLL" is sparse (flags = 32768)
File "C:\Windows\Microsoft.NET\Framework\v2.0.50727\ASPNET_PERF.DLL" is sparse (flags = 32768)
File "C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9193_none_d09188224426efcd\msvcr80.dll" is sparse (flags = 32768)
File "C:\Windows\System32\browcli.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\9c808d0eeb670a8e8b1781c54c2b8b1e\System.Data.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\9f90efb52ff4cc437c4c19789ca2c5f3\System.Transactions.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualC\74c4d0f229613635264b9eea34d19217\Microsoft.VisualC.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Ente96d83b35#\f32330064138abf3a5c752b7f3d84b2b\System.EnterpriseServices.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Ente96d83b35#\f32330064138abf3a5c752b7f3d84b2b\System.EnterpriseServices.Wrapper.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\CustomMarshalers\187bd685c44f610586ac25dac5327c26\CustomMarshalers.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Compba577418#\fe3adf1c22cb1e3609dd675a87efd7ac\System.ComponentModel.Composition.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\0521c88cc609dcdfc595b00aeaffc1cc\WindowsBase.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\2be64c7b72fe6d610b0d9368d9ec88df\PresentationCore.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\cdb09dfde216cb81df179801e5fbc764\PresentationFramework.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\eea5df710c79332df59430bf7854018c\System.Xaml.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\29d45c65598ec75c9ad1f324ace8955c\System.Runtime.Serialization.ni.dll" is sparse (flags = 32768)
File "C:\Windows\System32\DWrite.dll" is sparse (flags = 32768)
File "C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFGFX_V0400.DLL" is sparse (flags = 32768)
File "C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\PRESENTATIONNATIVE_V0400.DLL" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Numerics\10a6336dea6e3c1f1fe4d9e2f75a236c\System.Numerics.ni.dll" is sparse (flags = 32768)
File "C:\Windows\Microsoft.NET\Framework\v4.0.30319\DIASYMREADER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\perfproc.dll" is sparse (flags = 32768)
File "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSVCHOST.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\wbem\WmiPrvSE.exe" is sparse (flags = 32768)
File "C:\Windows\System32\sihost.exe" is sparse (flags = 32768)
File "C:\Windows\System32\TASKHOSTW.EXE" is sparse (flags = 32768)
File "C:\Windows\explorer.exe" is sparse (flags = 32768)
File "C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\REMINDERSSERVER.EXE" is sparse (flags = 32768)
File "C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\REMINDERSSERVER.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\TWINAPI.APPCORE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\MrmCoreR.dll" is sparse (flags = 32768)
File "C:\Windows\System32\actxprxy.dll" is sparse (flags = 32768)
File "C:\Windows\System32\biwinrt.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.NETWORKING.CONNECTIVITY.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.NETWORKING.CONNECTIVITY.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.SECURITY.AUTHENTICATION.ONLINEID.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.SECURITY.AUTHENTICATION.ONLINEID.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\MMDevAPI.dll" is sparse (flags = 32768)
File "C:\Windows\System32\mfplat.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.NETWORKING.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\MFREADWRITE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\d3d11.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dxgi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.NETWORKING.HOSTNAME.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.NETWORKING.HOSTNAME.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\RTWorkQ.dll" is sparse (flags = 32768)
File "C:\Windows\System32\THREADPOOLWINRT.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\RUNTIMEBROKER.EXE" is sparse (flags = 32768)
File "C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\SHELLEXPERIENCEHOST.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\SEARCHINDEXER.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\FONTDRVHOST.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\APPLICATIONFRAMEHOST.EXE" is sparse (flags = 32768)
File "C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" is sparse (flags = 32768)
File "C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" is sparse (flags = 32768)
File "C:\Windows\System32\opengl32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\glu32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ddraw.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dciman32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\srvcli.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wbem\wbemprox.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wbemcomn.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wbem\wbemsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wbem\fastprox.dll" is sparse (flags = 32768)
File "C:\Windows\System32\DATAEXCHANGE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\dcomp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ieframe.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWSCODECS.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\ntshrui.dll" is sparse (flags = 32768)
File "C:\Windows\System32\THUMBCACHE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\ICONCODECSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\SETTINGSYNCHOST.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\SYSTEMSETTINGSBROKER.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\usp10.dll" is sparse (flags = 32768)
File "C:\Windows\System32\credui.dll" is sparse (flags = 32768)
File "C:\Windows\System32\hid.dll" is sparse (flags = 32768)
File "C:\Windows\System32\oleacc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ntdsapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\samcli.dll" is sparse (flags = 32768)
File "C:\Windows\System32\nlaapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\AudioSes.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wlanapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\Wpc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\MSVCP_WIN.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\ucrtbase.dll" is sparse (flags = 32768)
File "C:\Windows\System32\DIRECTMANIPULATION.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\EXPLORERFRAME.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\bthprops.cpl" is sparse (flags = 32768)
File "C:\Windows\System32\cryptnet.dll" is sparse (flags = 32768)
File "C:\Windows\System32\linkinfo.dll" is sparse (flags = 32768)
File "C:\Windows\System32\samlib.dll" is sparse (flags = 32768)
File "C:\Windows\System32\mscms.dll" is sparse (flags = 32768)
File "C:\Windows\System32\icm32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\coml2.dll" is sparse (flags = 32768)
File "C:\Windows\System32\shdocvw.dll" is sparse (flags = 32768)
File "C:\Windows\System32\MSMPEG2VDEC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\MFPERFHELPER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\msvproc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\D3DCOMPILER_47.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\d3d9.dll" is sparse (flags = 32768)
File "C:\Windows\System32\cryptui.dll" is sparse (flags = 32768)
File "C:\Windows\System32\cryptdll.dll" is sparse (flags = 32768)
File "C:\Program Files\Windows Defender\MsMpEng.exe" is sparse (flags = 32768)
File "C:\Program Files\Windows Defender\NisSrv.exe" is sparse (flags = 32768)
File "C:\Program Files\Windows Defender\MpCmdRun.exe" is sparse (flags = 32768)
File "C:\Program Files\Windows Defender\MSASCui.exe" is sparse (flags = 32768)
File "C:\Windows\System32\SEARCHPROTOCOLHOST.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\SEARCHFILTERHOST.EXE" is sparse (flags = 32768)
File "C:\Windows\SysWOW64\cmd.exe" is sparse (flags = 32768)
File "C:\Windows\System32\cmdext.dll" is sparse (flags = 32768)
File "C:\Windows\System32\conhost.exe" is sparse (flags = 32768)
File "C:\Windows\SysWOW64\ONEDRIVESETUP.EXE" is sparse (flags = 32768)
File "C:\Program Files\Windows Mail\wab.exe" is sparse (flags = 32768)
File "C:\Windows\System32\credssp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\userinit.exe" is sparse (flags = 32768)
File "C:\Windows\System32\scecli.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msv1_0.dll" is sparse (flags = 32768)
File "C:\Windows\System32\kerberos.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wdigest.dll" is sparse (flags = 32768)
File "C:\Windows\System32\TSpkg.dll" is sparse (flags = 32768)
File "C:\Windows\System32\pku2u.dll" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\1394ohci.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\flpydisk.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mspclock.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\acpiex.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\acpi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\isapnp.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\acpipmi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\Locator.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\amdk8.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\acpipagr.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\acpitime.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mpsdrv.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\afd.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BthhfHid.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\asyncmac.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\srv.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\AGP440.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\sdstor.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ahcache.sys" is sparse (flags = 32768)
File "C:\Windows\System32\alg.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BASICRENDER.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BASICRENDER.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\amdppm.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\circlass.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\appid.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\irenum.sys" is sparse (flags = 32768)
File "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASPNET_STATE.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\srv2.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\atapi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\pciide.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BASICDISPLAY.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BASICDISPLAY.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\Ndu.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\bthmodem.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\bowser.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BTHAVRCPTG.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BTHAVRCPTG.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\volmgr.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BUTTONCONVERTER.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BUTTONCONVERTER.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BTHHFENUM.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BTHHFENUM.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\udfs.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\uefi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\cdfs.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\clfs.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\cdrom.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mup.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\CmBatt.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\cng.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\CNGHWASSIST.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\dfsc.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\disk.sys" is sparse (flags = 32768)
File "C:\Windows\System32\dllhost.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\condrv.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\dam.sys" is sparse (flags = 32768)
File "C:\Windows\System32\DiagSvcs\DIAGNOSTICSHUB.STANDARDCOLLECTOR.SERVICE.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\DiagSvcs\DIAGNOSTICSHUB.STANDARDCOLLECTOR.SERVICE.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\dmvsc.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\drmkaud.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\drmkaud.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\serial.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\dxgkrnl.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\umpass.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\tcpip.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\EHSTORCLASS.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\EHSTORTCGDRV.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\EHSTORTCGDRV.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\errdev.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\fileinfo.sys" is sparse (flags = 32768)
File "C:\Windows\System32\FXSSVC.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\fdc.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\FILECRYPT.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vmstorfl.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ipfltdrv.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\FILETRACE.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\fltMgr.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\monitor.sys" is sparse (flags = 32768)
File "C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PRESENTATIONFONTCACHE.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\FSDEPENDS.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\srvnet.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mouclass.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\STORQOSFLT.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\fvevol.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\GAGP30KX.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\VMGENCOUNTER.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\VMGENCOUNTER.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ndisuio.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\MSGPIOCLX.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\WUDFRd.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\wanarp.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\GPUENERGYDRV.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\rasl2tp.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mrxsmb.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hdaudbus.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hidbatt.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hidbth.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\winusb.sys" is sparse (flags = 32768)
File "C:\Windows\System32\wbengine.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hidi2c.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\HIDINTERRUPT.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\HIDINTERRUPT.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hidir.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hidusb.sys" is sparse (flags = 32768)
File "C:\Windows\SysWOW64\perfhost.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\http.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hwpolicy.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hyperkbd.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ndproxy.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\i8042prt.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ioqos.sys" is sparse (flags = 32768)
File "C:\Windows\System32\IEETWCOLLECTOR.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\intelide.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\intelpep.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\intelppm.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\IPMIDrv.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ipnat.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\msiscsi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mssmbios.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\kbdclass.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\kbdhid.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ksecdd.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ksecpkg.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ksthunk.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\lltdio.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\luafv.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\pcmcia.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vwififlt.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mqac.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mmcss.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mskssrv.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\wimmount.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mrxdav.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\modem.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mspqm.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mouhid.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mountmgr.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mrxsmb10.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mrxsmb20.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\Ucx01000.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ufx01000.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\bridge.sys" is sparse (flags = 32768)
File "C:\Windows\System32\msdtc.exe" is sparse (flags = 32768)
File "C:\Windows\System32\VSSVC.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\MSGPIOWIN32.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\MSGPIOWIN32.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\MSHIDKMDF.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\MSHIDUMDF.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\msisadrv.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mstee.sys" is sparse (flags = 32768)
File "C:\Windows\System32\msiexec.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mslldp.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\MTConfig.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\nwifi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\netbios.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ndis.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ndiscap.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\NDISIMPLATFORM.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\tunnel.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ndistapi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbhub.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\NDISVIRTUALBUS.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ndiswan.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\netbt.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\NPSVCTRIG.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\NPSVCTRIG.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\nsiproxy.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\scfilter.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\WdFilter.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\NV_AGP.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbehci.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbohci.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbuhci.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\USBXHCI.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\parport.sys" is sparse (flags = 32768)
File "C:\Windows\System32\vds.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\partmgr.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\pci.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\pcw.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\pdc.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\PEAuth.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\qwavedrv.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\raspptp.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\processr.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\pacer.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\rasacd.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\rasacd.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\agilevpn.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\raspppoe.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\rassstp.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\rdbss.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\rdpbus.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\rdpdr.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\RDPVIDEOMINIPORT.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\rdyboost.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\rspndr.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vms3cap.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\swenum.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\sbp2port.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\sdbus.sys" is sparse (flags = 32768)
File "C:\Windows\System32\SENSORDATASERVICE.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\SerCx.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\SpbCx.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\serenum.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\SerCx2.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\sermouse.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\URSCX01000.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\sfloppy.sys" is sparse (flags = 32768)
File "C:\Windows\System32\snmptrap.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\Wdf01000.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\SPACEPORT.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\SPACEPORT.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\sppsvc.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\volmgrx.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\storahci.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\stornvme.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\storufs.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\storvsc.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\tcpipreg.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\tdx.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\tpm.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\terminpt.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vdrvroot.sys" is sparse (flags = 32768)
File "C:\Windows\System32\TIERINGENGINESERVICE.EXE" is sparse (flags = 32768)
File "C:\Windows\servicing\TRUSTEDINSTALLER.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\TsUsbFlt.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\TsUsbGD.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\UAGP35.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\uaspstor.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\UcmCx.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\Udecx.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbccgp.sys" is sparse (flags = 32768)
File "C:\Windows\System32\UI0DETECT.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ULIAGPKX.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\umbus.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\USBAUDIO.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbcir.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\USBHUB3.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbprint.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbser.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\USBSTOR.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\VERIFIEREXT.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vhdmp.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vhf.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vmbus.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\VMBusHID.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\volsnap.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vpci.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vsmraid.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vwifibus.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\wacompen.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\WdBoot.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\WdiWiFi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\WdNisDrv.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\wfplwfs.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\WINDOWSTRUSTEDRT.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\wmiacpi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\wbem\WmiApSrv.exe" is sparse (flags = 32768)
File "C:\Program Files\Windows Media Player\wmpnetwk.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\wpcfltr.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\WPDUPFLTR.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ws2ifsl.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\WSDPrint.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\WUDFPf.sys" is sparse (flags = 32768)
File "C:\Windows\System32\AJRouter.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.STATEREPOSITORY.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\AUDIOENDPOINTBUILDER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\AUDIOENDPOINTBUILDER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WALLETSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\APPXDEPLOYMENTSERVER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\EMBEDDEDMODESVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\inetsrv\APPHOSTSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\ipnathlp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\lsm.dll" is sparse (flags = 32768)
File "C:\Windows\System32\umpnpmgr.dll" is sparse (flags = 32768)
File "C:\Windows\System32\rpcss.dll" is sparse (flags = 32768)
File "C:\Windows\System32\appinfo.dll" is sparse (flags = 32768)
File "C:\Windows\System32\MESSAGINGSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\appidsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\AxInstSv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dcpsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\APPREADINESS.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\audiosrv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\RpcEpMap.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dssvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\bdesvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\BFE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\XBLAUTHMANAGER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\netman.dll" is sparse (flags = 32768)
File "C:\Windows\System32\DEVICESETUPMANAGER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\cdpsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\umpo.dll" is sparse (flags = 32768)
File "C:\Windows\System32\qmgr.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ListSvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\lltdsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\bisrv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dhcpcore.dll" is sparse (flags = 32768)
File "C:\Windows\System32\browser.dll" is sparse (flags = 32768)
File "C:\Windows\System32\BthHFSrv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\profsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\pnrpsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\bthserv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\provsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\das.dll" is sparse (flags = 32768)
File "C:\Windows\System32\LICENSEMANAGERSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\certprop.dll" is sparse (flags = 32768)
File "C:\Windows\System32\DMWAPPUSHSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\ClipSVC.dll" is sparse (flags = 32768)
File "C:\Windows\System32\COREMESSAGING.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\cryptsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\TETHERINGSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\moshost.dll" is sparse (flags = 32768)
File "C:\Windows\System32\DEFRAGSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\DEVQUERYBROKER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\wscsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WsmSvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wersvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wecsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wcmsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wkssvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dot3svc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\DIAGTRACK.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.INTERNAL.MANAGEMENT.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.INTERNAL.MANAGEMENT.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\MPSSVC.dll" is sparse (flags = 32768)
File "C:\Windows\System32\fdPHost.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dnsrslvr.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dps.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WERCPLSUPPORT.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\eapsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\efssvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ENTERPRISEAPPMGMTSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\FntCache.dll" is sparse (flags = 32768)
File "C:\Windows\System32\es.dll" is sparse (flags = 32768)
File "C:\Windows\System32\sdrsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\srvsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\FDResPub.dll" is sparse (flags = 32768)
File "C:\Windows\System32\upnphost.dll" is sparse (flags = 32768)
File "C:\Windows\System32\fhsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\gpsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\hidserv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\IKEEXT.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\iphlpsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\keyiso.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msdtckrm.dll" is sparse (flags = 32768)
File "C:\Windows\System32\lfsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\lmhsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\iscsiexe.dll" is sparse (flags = 32768)
File "C:\Windows\System32\nsisvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\nlasvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ngcsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\NcaSvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\NCDAUTOSETUP.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\NCBSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\netlogon.dll" is sparse (flags = 32768)
File "C:\Windows\System32\trkwks.dll" is sparse (flags = 32768)
File "C:\Windows\System32\NETPROFMSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\NETSETUPSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\icsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\NGCCTNRSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\APHOSTSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\pcasvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\p2psvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\PHONESERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\PIMINDEXMAINTENANCE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\pla.dll" is sparse (flags = 32768)
File "C:\Windows\System32\pnrpauto.dll" is sparse (flags = 32768)
File "C:\Windows\System32\IPSECSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\qwave.dll" is sparse (flags = 32768)
File "C:\Windows\System32\rasauto.dll" is sparse (flags = 32768)
File "C:\Windows\System32\rasmans.dll" is sparse (flags = 32768)
File "C:\Windows\System32\mprdim.dll" is sparse (flags = 32768)
File "C:\Windows\System32\regsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\RDXSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\schedsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\SCardSvr.dll" is sparse (flags = 32768)
File "C:\Windows\System32\XBLGAMESAVE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\SCDEVICEENUM.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\seclogon.dll" is sparse (flags = 32768)
File "C:\Windows\System32\Sens.dll" is sparse (flags = 32768)
File "C:\Windows\System32\SENSORSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\sensrsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\SessEnv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\shsvcs.dll" is sparse (flags = 32768)
File "C:\Windows\System32\TILEOBJSERVER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\smphost.dll" is sparse (flags = 32768)
File "C:\Windows\System32\SMSROUTERSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\SMSROUTERSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\StorSvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\sstpsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ssdpsrv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wiaservc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\svsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\swprv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\inetsrv\iisw3adm.dll" is sparse (flags = 32768)
File "C:\Windows\System32\sysmain.dll" is sparse (flags = 32768)
File "C:\Windows\System32\SYSTEMEVENTSBROKERSERVER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\SYSTEMEVENTSBROKERSERVER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\TabSvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\termsrv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\tapisrv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\THEMESERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\TIMEBROKERSERVER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\TZAUTOUPDATE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\umrdp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\Unistore.dll" is sparse (flags = 32768)
File "C:\Windows\System32\USERDATASERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\usermgr.dll" is sparse (flags = 32768)
File "C:\Windows\System32\usocore.dll" is sparse (flags = 32768)
File "C:\Windows\System32\vaultsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\w32time.dll" is sparse (flags = 32768)
File "C:\Windows\System32\inetsrv\w3logsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wbiosrvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wwansvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WUDFSvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wlidsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wlansvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wcncsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WebClnt.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WCSPLUGINSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\wdi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WEPHOSTSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\wiarpc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wbem\WMIsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WORKFOLDERSSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WPDBUSENUM.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WPNSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WSSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\wuaueng.dll" is sparse (flags = 32768)
File "C:\Windows\System32\XBOXNETAPISVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\rundll32.exe" is sparse (flags = 32768)
File "C:\Program Files\Windows Mail\WinMail.exe" is sparse (flags = 32768)
File "C:\Windows\System32\unregmp2.exe" is sparse (flags = 32768)
File "C:\Windows\System32\ie4uinit.exe" is sparse (flags = 32768)
File "C:\Windows\SysWOW64\rundll32.exe" is sparse (flags = 32768)
File "C:\Users\PinheiroLLB\AppData\Local\Comms\UnistoreDB\store.vol" is sparse (flags = 32768)
File "C:\Windows\System32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.dat" is sparse (flags = 32768)
Scan finished
=======================================


Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-1-206848-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-2-249145344-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-1-0-63-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-1-1-102414375-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-1-2-614421990-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-1-3-1228827915-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-2-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-2-0-32-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-2-r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-3-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-3-0-2048-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-3-r.mbam...
Removal finished
         

Alt 01.03.2016, 14:39   #13
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Win 10 Rogue.953320 Malware - Standard

Win 10 Rogue.953320 Malware



Adware/Junkware/Toolbars entfernen

Alte Versionen von adwCleaner und falls vorhanden JRT vorher löschen, danach neu runterladen auf den Desktop!
Virenscanner jetzt vor dem Einsatz dieser Tools bitte komplett deaktivieren!


1. Schritt: adwCleaner

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).




2. Schritt: JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




3. Schritt: Frisches Log mit FRST

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________
Logfiles bitte immer in CODE-Tags posten

Alt 01.03.2016, 15:23   #14
pinokw
 
Win 10 Rogue.953320 Malware - Standard

Win 10 Rogue.953320 Malware



okay hier adwclean:

Code:
ATTFilter
# AdwCleaner v5.037 - Bericht erstellt am 01/03/2016 um 15:01:02
# Aktualisiert am 28/02/2016 von Xplode
# Datenbank : 2016-02-28.2 [Lokal]
# Betriebssystem : Windows 10 Home  (x64)
# Benutzername : xxxx
# Gestartet von : C:\Users\PinheiroLLB\Desktop\AdwCleaner_5.037 (1).exe
# Option : Suchlauf
# Unterstützung : hxxp://toolslib.net/forum

***** [ Dienste ] *****


***** [ Ordner ] *****


***** [ Dateien ] *****


***** [ DLL ] *****


***** [ Verknüpfungen ] *****


***** [ Aufgabenplanung ] *****


***** [ Registrierungsdatenbank ] *****


***** [ Internetbrowser ] *****


*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [2568 Bytes] - [01/03/2016 15:00:18]
C:\AdwCleaner\AdwCleaner[R0].txt - [1085 Bytes] - [05/11/2014 15:27:36]
C:\AdwCleaner\AdwCleaner[S0].txt - [1138 Bytes] - [05/11/2014 15:28:32]
C:\AdwCleaner\AdwCleaner[S1].txt - [2616 Bytes] - [01/03/2016 14:59:15]
C:\AdwCleaner\AdwCleaner[S2].txt - [954 Bytes] - [01/03/2016 15:01:02]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1026 Bytes] ##########
         
und JRT

Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.3 (02.09.2016)
Operating System: Windows 10 Home x64 
Ran by XXXXX (Administrator) on 01.03.2016 at 15:03:01,77
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 2 

Successfully deleted: C:\ProgramData\esellerate (Folder) 
Successfully deleted: C:\WINDOWS\wininit.ini (File) 



Registry: 0 





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 01.03.2016 at 15:03:57,83
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
FRST

Code:
ATTFilter
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:27-02-2016
durchgeführt von XXXX (Administrator) auf EARTH1 (01-03-2016 15:04:59)
Gestartet von C:\Users\PinheiroLLB\Desktop
Geladene Profile: XXXXX (Verfügbare Profile: XXXXX & UpdatusUser & Annabelle)
Platform: Windows 10 Home Version 1511 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: Edge)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Nicht auf der Ausnahmeliste) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7560296 2011-12-12] (Realtek Semiconductor)
HKLM\...\Run: [ProfilerU] => C:\Program Files\SmartTechnology\Software\ProfilerU.exe [454144 2012-09-04] (Saitek)
HKLM\...\Run: [SaiMfd] => C:\Program Files\SmartTechnology\Software\SaiMfd.exe [158208 2012-09-04] (Saitek)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-12-17] (Apple Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60688 2015-12-17] (Apple Inc.)
HKLM-x32\...\Run: [BrMfcWnd] => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [WinampAgent] => G:\Program Files (x86)\Winamp\winampa.exe [85600 2013-11-26] (Nullsoft, Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3498720 2015-12-17] (Adobe Systems Inc.)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [707984 2014-11-19] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [Agile1pAgent] => G:\Program Files (x86)\1Password 4\Agile1pAgent.exe [4882360 2016-02-23] (AgileBits)
HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5564784 2015-07-20] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1085656 2015-12-13] (Adobe Systems Incorporated)
HKU\S-1-5-21-942671010-3624539665-887436449-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [60688 2015-10-21] (Apple Inc.)
HKU\S-1-5-21-942671010-3624539665-887436449-1000\...\Run: [SanDiskSecureAccess_Manager.exe] => C:\Users\PinheiroLLB\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe [30705792 2012-02-14] (Gemalto N.V.)
HKU\S-1-5-21-942671010-3624539665-887436449-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [61200 2015-10-21] (Apple Inc.)
HKU\S-1-5-21-942671010-3624539665-887436449-1000\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\AdobeCollabSync.exe [761056 2015-12-17] (Adobe Systems Incorporated)
HKU\S-1-5-21-942671010-3624539665-887436449-1000\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [103696 2015-10-21] (Apple Inc.)
HKU\S-1-5-21-942671010-3624539665-887436449-1000\...\Run: [AppleIEDAV] => C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe [1079592 2015-06-26] (Apple Inc.)
HKU\S-1-5-21-942671010-3624539665-887436449-1000\...\Run: [SkyDrive] => C:\Users\PinheiroLLB\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [277672 2015-03-21] (Microsoft Corporation)
HKU\S-1-5-21-942671010-3624539665-887436449-1000\...\Run: [Dropbox Update] => C:\Users\PinheiroLLB\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-16] (Dropbox, Inc.)
HKU\S-1-5-21-942671010-3624539665-887436449-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50605696 2016-02-10] (Skype Technologies S.A.)
HKU\S-1-5-21-942671010-3624539665-887436449-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8591272 2015-11-16] (Piriform Ltd)
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\PinheiroLLB\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918_6\amd64\SkyDriveShell64.dll [2015-03-21] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\PinheiroLLB\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918_6\amd64\SkyDriveShell64.dll [2015-03-21] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\PinheiroLLB\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918_6\amd64\SkyDriveShell64.dll [2015-03-21] (Microsoft Corporation)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\PinheiroLLB\AppData\Local\Microsoft\OneDrive\17.3.6301.0127_10\FileSyncShell.dll [2016-02-25] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\PinheiroLLB\AppData\Local\Microsoft\OneDrive\17.3.6301.0127_10\FileSyncShell.dll [2016-02-25] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\PinheiroLLB\AppData\Local\Microsoft\OneDrive\17.3.6301.0127_10\FileSyncShell.dll [2016-02-25] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-02-23] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-02-23] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-02-23] (Microsoft Corporation)
Startup: C:\Users\PinheiroLLB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk [2016-03-01]
ShortcutTarget: An OneNote senden.lnk -> C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe (Microsoft Corporation)
Startup: C:\Users\PinheiroLLB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2016-02-22]
ShortcutTarget: Dropbox.lnk -> C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\PinheiroLLB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HORNETDRIVE starten.lnk [2015-03-27]
ShortcutTarget: HORNETDRIVE starten.lnk -> C:\Program Files (x86)\HORNETDRIVE\HORNETDRIVE.exe (antispameurope GmbH)

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{e3750fe7-67b0-4170-b8e0-591dd6c63e62}: [DhcpNameServer] 192.168.178.1

Internet Explorer:
==================
HKU\S-1-5-21-942671010-3624539665-887436449-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung <======= ACHTUNG
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-942671010-3624539665-887436449-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-942671010-3624539665-887436449-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: 1Password -> {037C06D5-3893-49E8-9AC0-41F7524AFBF5} -> G:\Program Files (x86)\1Password 4\x64\Agile1pIE4.dll [2016-02-23] (AgileBits)
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2016-02-23] (Microsoft Corporation)
BHO: Kein Name -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> Keine Datei
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2015-12-17] (Adobe Systems Incorporated)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2016-02-23] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-02-23] (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2015-12-17] (Adobe Systems Incorporated)
BHO-x32: 1Password -> {037C06D5-3893-49E8-9AC0-41F7524AFBF5} -> G:\Program Files (x86)\1Password 4\x86\Agile1pIE4.dll [2016-02-23] (AgileBits)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2016-02-23] (Microsoft Corporation)
BHO-x32: Kein Name -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> Keine Datei
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-04-20] (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-12-03] (Adobe Systems Incorporated)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-02-23] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-20] (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-12-03] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2015-12-17] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-12-03] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-942671010-3624539665-887436449-1000 -> Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2015-12-17] (Adobe Systems Incorporated)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\PinheiroLLB\AppData\Roaming\Mozilla\Firefox\Profiles\5pzyhjcy.default
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_20_0_0_306.dll [2016-02-10] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-04-28] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_306.dll [2016-02-10] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll [2013-09-04] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-20] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-20] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-11-03] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2013-10-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2013-02-09] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2013-02-09] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> G:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2013-09-23] (VideoLAN)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2015-12-17] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-28] (Adobe Systems)
FF Extension: Avira Browser Safety - C:\Users\PinheiroLLB\AppData\Roaming\Mozilla\Firefox\Profiles\5pzyhjcy.default\Extensions\abs@avira.com.xpi [2016-02-26]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2016-01-15]
StartMenuInternet: FIREFOX.EXE - C:\Users\PinheiroLLB\Documents\Firefox Browser\App\Firefox\firefox.exe

Chrome: 
=======
CHR Profile: C:\Users\PinheiroLLB\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\PinheiroLLB\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-11-01]
CHR Extension: (Google Docs) - C:\Users\PinheiroLLB\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-11-01]
CHR Extension: (1Password: Password Manager and Secure Wallet) - C:\Users\PinheiroLLB\AppData\Local\Google\Chrome\User Data\Default\Extensions\aomjjhallfgjeglblehebfpbcfeobpgk [2016-01-22]
CHR Extension: (Google Drive) - C:\Users\PinheiroLLB\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-01]
CHR Extension: (YouTube) - C:\Users\PinheiroLLB\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-01]
CHR Extension: (Google Search) - C:\Users\PinheiroLLB\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-01]
CHR Extension: (Adobe Acrobat) - C:\Users\PinheiroLLB\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2015-11-10]
CHR Extension: (Google Sheets) - C:\Users\PinheiroLLB\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-11-01]
CHR Extension: (iCloud Bookmarks) - C:\Users\PinheiroLLB\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkepacicchenbjecpbpbclokcabebhah [2015-11-01]
CHR Extension: (Google Analytics Opt-out Add-on (by Google)) - C:\Users\PinheiroLLB\AppData\Local\Google\Chrome\User Data\Default\Extensions\fllaojicojecljbmefodhfapmkghcbnh [2015-11-01]
CHR Extension: (Avira Browser Safety) - C:\Users\PinheiroLLB\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2016-02-23]
CHR Extension: (Google Docs Offline) - C:\Users\PinheiroLLB\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-20]
CHR Extension: (Mailvelope) - C:\Users\PinheiroLLB\AppData\Local\Google\Chrome\User Data\Default\Extensions\kajibbejlbohfaggdiogboambcijhkke [2016-02-25]
CHR Extension: (Chrome Web Store Payments) - C:\Users\PinheiroLLB\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-11-01]
CHR Extension: (Gmail) - C:\Users\PinheiroLLB\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-11-01]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2015-12-17]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-01-08]
CHR HKLM-x32\...\Chrome\Extension: [ohgndokldibnndfnjnagojmheejlengn] - hxxps://clients2.google.com/service/update2/crx

==================== Dienste (Nicht auf der Ausnahmeliste) ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
S2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2016-01-08] (Microsoft Corporation)
S2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2016-01-08] (Microsoft Corporation)
S2 cjpcsc; C:\Windows\SysWOW64\cjpcsc.exe [514128 2012-03-19] (REINER SCT)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2809072 2016-01-20] (Microsoft Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [Datei ist nicht signiert]
S2 MBAMScheduler; G:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
S2 MBAMService; G:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S2 StarMoney 10 OnlineUpdate; C:\Program Files (x86)\StarMoney 10\ouservice\StarMoneyOnlineUpdate.exe [701760 2016-01-26] (Star Finanz-Software Entwicklung und Vertriebs GmbH)
S2 StarMoney 8.0 OnlineUpdate; G:\Program Files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe [699680 2012-12-21] (Star Finanz - Software Entwicklung und Vertriebs GmbH)
R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2015-10-28] (Western Digital Technologies, Inc.)
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [307576 2015-10-28] (Western Digital Technologies, Inc.)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)

===================== Treiber (Nicht auf der Ausnahmeliste) ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R4 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [35488 2016-01-16] (Avira Operations GmbH & Co. KG)
S3 cjusb; C:\Windows\system32\DRIVERS\cjusb.sys [34672 2011-03-29] (REINER SCT)
R0 hotcore3; C:\Windows\System32\DRIVERS\hotcore3.sys [37392 2009-08-31] (Paragon Software Group)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [589824 2015-10-30] (Realtek                                            )
R3 SaiH0461; C:\Windows\system32\DRIVERS\SaiH0461.sys [171144 2007-05-01] (Saitek)
S3 SaiH0763; C:\Windows\system32\DRIVERS\SaiH0763.sys [176640 2007-07-18] (Saitek)
R3 SaiMini; C:\Windows\System32\drivers\SaiMini.sys [24680 2012-09-05] (Saitek)
R3 SaiNtBus; C:\Windows\system32\drivers\SaiBus.sys [52200 2012-09-05] (Saitek)
S3 vpnva; C:\Windows\System32\drivers\vpnva64-6.sys [52592 2014-11-19] (Cisco Systems, Inc.)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
R4 gzflt; \??\C:\Program Files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.99.0\gzflt.sys [X]
U3 idsvc; kein ImagePath
U3 wpcsvc; kein ImagePath

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-03-01 15:04 - 2016-03-01 15:05 - 00027284 _____ C:\Users\PinheiroLLB\Desktop\FRST.txt
2016-03-01 15:04 - 2016-03-01 09:33 - 02371072 _____ (Farbar) C:\Users\PinheiroLLB\Desktop\FRST64.exe
2016-03-01 15:03 - 2016-03-01 15:03 - 00000666 _____ C:\Users\PinheiroLLB\Desktop\JRT.txt
2016-03-01 15:02 - 2016-03-01 15:02 - 01609216 _____ (Malwarebytes) C:\Users\PinheiroLLB\Desktop\JRT.exe
2016-03-01 14:57 - 2016-03-01 14:57 - 01518592 _____ C:\Users\PinheiroLLB\Desktop\AdwCleaner_5.037 (1).exe
2016-03-01 14:21 - 2016-03-01 14:30 - 00000000 ____D C:\Users\PinheiroLLB\Desktop\mbar
2016-03-01 14:21 - 2016-03-01 14:30 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2016-03-01 14:20 - 2016-03-01 14:20 - 16563352 _____ (Malwarebytes Corp.) C:\Users\PinheiroLLB\Desktop\mbar-1.09.3.1001.exe
2016-03-01 14:10 - 2016-03-01 14:10 - 00000000 _____ C:\ProgramData\rebootpending.txt
2016-03-01 13:35 - 2016-03-01 13:35 - 00000017 _____ C:\ProgramData\adaware-installer-reboot-required.tmp
2016-03-01 09:31 - 2016-03-01 15:04 - 00000000 ____D C:\Users\PinheiroLLB\Desktop\Rouge Malware
2016-02-29 21:40 - 2016-02-29 21:40 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2016-02-29 21:39 - 2016-02-29 21:41 - 00198726 _____ C:\WINDOWS\ntbtlog.txt
2016-02-29 21:21 - 2016-02-29 21:21 - 00000000 ____D C:\Users\PinheiroLLB\AppData\Local\Avira-Scout
2016-02-27 14:20 - 2016-02-27 14:20 - 00000000 ____D C:\Users\PinheiroLLB\SkyDrive
2016-02-27 12:01 - 2016-02-27 12:01 - 00000831 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2016-02-27 11:53 - 2016-02-27 11:56 - 00000000 ____D C:\AVZ
2016-02-27 10:46 - 2016-02-27 10:46 - 00000000 _____ C:\Users\PinheiroLLB\Desktop\Neues Textdokument (3).txt
2016-02-22 13:39 - 2016-02-22 18:27 - 00000000 ____D C:\Users\PinheiroLLB\Desktop\Dokumente
2016-02-22 11:48 - 2016-02-22 11:48 - 00000000 ____D C:\Users\PinheiroLLB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-02-13 16:52 - 2016-02-13 16:52 - 00000000 ____D C:\Users\PinheiroLLB\Desktop\Glasgow UB Box
2016-02-12 09:05 - 2016-02-12 09:05 - 00143554 _____ C:\Users\PinheiroLLB\Desktop\CCR12022016_00000.pdf
2016-02-11 12:34 - 2016-02-11 12:34 - 00000949 _____ C:\Users\Public\Desktop\King's Quest II.lnk
2016-02-11 12:34 - 2016-02-11 12:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AGD Interactive
2016-02-10 12:43 - 2016-01-29 07:57 - 04502352 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2016-02-10 12:43 - 2016-01-29 07:33 - 04064320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2016-02-10 12:43 - 2016-01-27 07:15 - 01557776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2016-02-10 12:43 - 2016-01-27 07:15 - 01542816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2016-02-10 12:43 - 2016-01-27 07:01 - 07476064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-02-10 12:43 - 2016-01-27 07:01 - 01997328 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2016-02-10 12:43 - 2016-01-27 07:01 - 01819720 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-02-10 12:43 - 2016-01-27 06:59 - 00304752 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemreset.exe
2016-02-10 12:43 - 2016-01-27 06:57 - 02919320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-02-10 12:43 - 2016-01-27 06:57 - 01824264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2016-02-10 12:43 - 2016-01-27 06:57 - 00820704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2016-02-10 12:43 - 2016-01-27 06:56 - 21124344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-02-10 12:43 - 2016-01-27 06:55 - 05242496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2016-02-10 12:43 - 2016-01-27 06:55 - 00081112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpenWith.exe
2016-02-10 12:43 - 2016-01-27 06:54 - 00295264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2016-02-10 12:43 - 2016-01-27 06:46 - 02606824 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2016-02-10 12:43 - 2016-01-27 06:46 - 01270072 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2016-02-10 12:43 - 2016-01-27 06:45 - 22564328 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-02-10 12:43 - 2016-01-27 06:45 - 06605544 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2016-02-10 12:43 - 2016-01-27 06:44 - 00604928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-02-10 12:43 - 2016-01-27 06:44 - 00085320 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpenWith.exe
2016-02-10 12:43 - 2016-01-27 06:43 - 00359776 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2016-02-10 12:43 - 2016-01-27 06:37 - 01998176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-02-10 12:43 - 2016-01-27 06:37 - 00576352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-02-10 12:43 - 2016-01-27 06:21 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msorcl32.dll
2016-02-10 12:43 - 2016-01-27 06:15 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ztrace_maps.dll
2016-02-10 12:43 - 2016-01-27 06:13 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininetlui.dll
2016-02-10 12:43 - 2016-01-27 06:12 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2016-02-10 12:43 - 2016-01-27 06:11 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mtxoci.dll
2016-02-10 12:43 - 2016-01-27 06:10 - 22394368 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-02-10 12:43 - 2016-01-27 06:10 - 00099840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hlink.dll
2016-02-10 12:43 - 2016-01-27 06:08 - 00299008 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll
2016-02-10 12:43 - 2016-01-27 06:08 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ztrace_maps.dll
2016-02-10 12:43 - 2016-01-27 06:07 - 00203264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iassam.dll
2016-02-10 12:43 - 2016-01-27 06:05 - 19339776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-02-10 12:43 - 2016-01-27 06:05 - 18678272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-02-10 12:43 - 2016-01-27 06:05 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininetlui.dll
2016-02-10 12:43 - 2016-01-27 06:05 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2016-02-10 12:43 - 2016-01-27 06:04 - 09918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-02-10 12:43 - 2016-01-27 06:04 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mtxoci.dll
2016-02-10 12:43 - 2016-01-27 06:03 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngckeyenum.dll
2016-02-10 12:43 - 2016-01-27 06:02 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\hlink.dll
2016-02-10 12:43 - 2016-01-27 06:01 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2016-02-10 12:43 - 2016-01-27 05:59 - 00258048 _____ (Microsoft Corporation) C:\WINDOWS\system32\iassam.dll
2016-02-10 12:43 - 2016-01-27 05:58 - 11545088 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-02-10 12:43 - 2016-01-27 05:57 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-02-10 12:43 - 2016-01-27 05:55 - 12125696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-02-10 12:43 - 2016-01-27 05:55 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-02-10 12:43 - 2016-01-27 05:54 - 24603136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-02-10 12:43 - 2016-01-27 05:52 - 00970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2016-02-10 12:43 - 2016-01-27 05:50 - 02230784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-02-10 12:43 - 2016-01-27 05:50 - 01504768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-02-10 12:43 - 2016-01-27 05:50 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2016-02-10 12:43 - 2016-01-27 05:49 - 05662208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-02-10 12:43 - 2016-01-27 05:48 - 13382656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-02-10 12:43 - 2016-01-27 05:44 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cfgbkend.dll
2016-02-10 12:43 - 2016-01-27 05:42 - 01387520 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-02-10 12:43 - 2016-01-27 05:41 - 03592704 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-02-10 12:43 - 2016-01-27 05:39 - 02275328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-02-10 12:43 - 2016-01-27 05:38 - 07835648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-02-10 12:43 - 2016-01-27 05:38 - 01734656 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-02-10 12:43 - 2016-01-27 05:37 - 04894720 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-02-10 12:43 - 2016-01-27 05:36 - 02757120 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-02-10 12:43 - 2016-01-27 05:32 - 01087488 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2016-02-10 12:43 - 2016-01-27 05:31 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\cfgbkend.dll
2016-02-10 10:29 - 2016-02-10 10:29 - 00002402 _____ C:\Users\Annabelle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-02-10 10:29 - 2016-02-10 10:29 - 00000000 ___RD C:\Users\Annabelle\OneDrive
2016-02-10 10:28 - 2016-02-10 10:29 - 00000000 ____D C:\Users\Annabelle\AppData\Local\Packages
2016-02-10 10:28 - 2016-02-10 10:28 - 00000020 ___SH C:\Users\Annabelle\ntuser.ini
2016-02-10 10:28 - 2016-02-10 10:28 - 00000000 ____D C:\Users\Annabelle\AppData\Local\TileDataLayer
2016-02-10 10:28 - 2016-02-10 10:28 - 00000000 ____D C:\Users\Annabelle\AppData\Local\Publishers
2016-02-01 09:39 - 2016-02-01 09:39 - 00000762 _____ C:\Users\PinheiroLLB\Desktop\SpeedFan.lnk
2016-02-01 09:03 - 2016-02-01 09:03 - 00000000 ____D C:\Program Files\Western Digital

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-03-01 15:04 - 2014-10-30 14:00 - 00000000 ____D C:\FRST
2016-03-01 15:01 - 2014-11-05 15:27 - 00000000 ____D C:\AdwCleaner
2016-03-01 15:01 - 2012-12-09 15:26 - 00001132 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-03-01 15:00 - 2015-09-20 18:27 - 00008192 _____ C:\WINDOWS\SysWOW64\WDPABKP.dat
2016-03-01 14:49 - 2015-06-16 08:53 - 00001248 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-942671010-3624539665-887436449-1000UA.job
2016-03-01 14:36 - 2012-10-03 14:32 - 00000000 ____D C:\Users\PinheiroLLB\AppData\Local\3687D008-A3F4-44C5-9AB9-7FFCC06ABFD1.aplzod
2016-03-01 14:24 - 2012-10-13 17:15 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-03-01 14:21 - 2014-11-05 15:11 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-03-01 14:11 - 2013-12-15 18:30 - 00000000 ____D C:\ProgramData\Package Cache
2016-03-01 14:11 - 2012-10-02 19:02 - 00000000 ____D C:\ProgramData\Avira
2016-03-01 14:11 - 2012-10-02 19:02 - 00000000 ____D C:\Program Files (x86)\Avira
2016-03-01 14:06 - 2014-11-05 15:12 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-03-01 14:01 - 2012-12-09 15:26 - 00001128 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-03-01 13:49 - 2015-06-16 08:53 - 00001196 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-942671010-3624539665-887436449-1000Core.job
2016-03-01 12:21 - 2014-12-03 14:18 - 00004162 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{261599DF-B78D-4986-93D8-1E134244C5C4}
2016-03-01 08:56 - 2016-01-16 12:35 - 02113870 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-03-01 08:56 - 2015-10-30 19:35 - 00898280 _____ C:\WINDOWS\system32\perfh007.dat
2016-03-01 08:56 - 2015-10-30 19:35 - 00201766 _____ C:\WINDOWS\system32\perfc007.dat
2016-03-01 08:56 - 2015-10-30 08:21 - 00000000 ____D C:\WINDOWS\INF
2016-03-01 08:53 - 2015-03-27 15:43 - 00000000 ___RD C:\Users\PinheiroLLB\Documents\Drives
2016-03-01 08:53 - 2015-03-27 15:42 - 00000000 ____D C:\Users\PinheiroLLB\AppData\Roaming\HORNETDRIVE
2016-03-01 08:53 - 2014-11-05 15:21 - 00000000 ___RD C:\Users\PinheiroLLB\iCloudDrive
2016-03-01 08:53 - 2013-07-25 09:15 - 00000000 ____D C:\Users\PinheiroLLB\AppData\Roaming\Dropbox
2016-03-01 08:51 - 2016-01-16 12:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-03-01 08:51 - 2016-01-16 12:35 - 00000000 ____D C:\ProgramData\NVIDIA
2016-02-29 22:09 - 2015-10-30 07:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2016-02-29 22:00 - 2014-06-03 17:32 - 00000000 ____D C:\Users\PinheiroLLB\AppData\Roaming\Skype
2016-02-29 20:42 - 2015-06-17 13:57 - 00000000 ____D C:\Users\PinheiroLLB\AppData\Roaming\AgileBits
2016-02-27 14:20 - 2016-01-16 12:36 - 00000000 ____D C:\Users\PinheiroLLB
2016-02-27 12:31 - 2015-07-03 09:51 - 00000000 ____D C:\Users\PinheiroLLB\Desktop\Dirk Projekte
2016-02-27 12:11 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-02-27 12:01 - 2014-11-05 15:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2016-02-27 11:50 - 2016-01-16 12:47 - 00000000 ____D C:\Users\PinheiroLLB\AppData\Local\Packages
2016-02-27 10:38 - 2015-05-23 13:15 - 00000000 ____D C:\Program Files (x86)\StarMoney 10
2016-02-26 13:54 - 2012-10-07 14:55 - 00000974 _____ C:\WINDOWS\Brpfx04a.ini
2016-02-26 12:08 - 2015-10-30 08:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-02-26 12:07 - 2015-03-21 20:46 - 00000000 ___RD C:\Users\PinheiroLLB\OneDrive
2016-02-26 11:15 - 2012-10-23 14:02 - 00000000 ____D C:\Users\PinheiroLLB\AppData\Roaming\PC-FAX TX
2016-02-25 22:48 - 2016-01-17 16:30 - 00002437 _____ C:\Users\PinheiroLLB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-02-24 09:20 - 2015-10-30 08:24 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-02-24 09:19 - 2013-10-09 12:24 - 00000000 ____D C:\Program Files\Microsoft Office 15
2016-02-22 12:03 - 2015-11-01 12:39 - 00002264 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-02-17 13:58 - 2016-01-16 12:32 - 00000000 ____D C:\Windows.old
2016-02-16 10:27 - 2014-06-03 17:32 - 00000000 ____D C:\ProgramData\Skype
2016-02-13 12:07 - 2014-11-05 15:21 - 00000000 ____D C:\Users\PinheiroLLB\AppData\Local\Apple Inc
2016-02-12 09:29 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\rescache
2016-02-10 20:43 - 2016-01-16 12:47 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-02-10 17:12 - 2015-10-30 19:44 - 00000000 ____D C:\Program Files\Windows Journal
2016-02-10 12:47 - 2015-10-30 08:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-02-10 12:47 - 2014-08-23 13:21 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-02-10 12:43 - 2014-08-23 13:21 - 146614896 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-02-10 10:29 - 2016-01-16 12:36 - 00000000 ____D C:\Users\Annabelle
2016-02-10 10:29 - 2015-08-27 16:44 - 00000000 ___RD C:\Users\Annabelle\iCloudDrive
2016-02-10 10:28 - 2015-08-27 16:36 - 00002354 _____ C:\Users\Annabelle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-02-10 10:28 - 2015-08-27 16:36 - 00002324 _____ C:\Users\Annabelle\Desktop\Google Chrome.lnk
2016-02-05 16:35 - 2015-11-26 17:38 - 00000000 ____D C:\ProgramData\RavensburgerTipToi3
2016-02-05 16:35 - 2015-11-26 17:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\tiptoi® Manager
2016-02-05 16:34 - 2015-11-26 17:30 - 00000000 ____D C:\Users\PinheiroLLB\.oracle_jre_usage
2016-02-05 16:34 - 2014-10-09 15:32 - 00000000 ____D C:\ProgramData\RavensburgerTipToi
2016-02-03 20:01 - 2015-10-30 08:26 - 00828920 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-02-03 20:01 - 2015-10-30 08:26 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-02-03 17:41 - 2016-01-16 12:58 - 00000000 ____D C:\Users\PinheiroLLB\AppData\Local\MicrosoftEdge
2016-02-02 13:56 - 2012-12-09 15:26 - 00004190 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-02-02 13:56 - 2012-12-09 15:26 - 00003958 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2016-02-01 09:39 - 2015-04-30 09:34 - 00000045 _____ C:\WINDOWS\SysWOW64\initdebug.nfo
2016-02-01 09:03 - 2015-09-20 10:18 - 00000000 ____D C:\ProgramData\Western Digital
2016-02-01 09:03 - 2015-09-20 10:18 - 00000000 ____D C:\Program Files\Common Files\Western Digital
2016-02-01 09:03 - 2015-09-20 10:18 - 00000000 ____D C:\Program Files (x86)\Western Digital
2016-02-01 01:06 - 2015-10-30 08:24 - 00000000 ___SD C:\WINDOWS\system32\F12
2016-02-01 01:06 - 2015-10-30 08:24 - 00000000 ___RD C:\WINDOWS\PurchaseDialog
2016-02-01 01:06 - 2015-10-30 08:24 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-02-01 01:06 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2016-02-01 01:06 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-02-01 01:06 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-02-01 01:06 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\bcastdvr

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2014-06-12 14:45 - 2014-06-12 14:45 - 0038515 _____ () C:\Users\PinheiroLLB\AppData\Roaming\Durch Trennzeichen getrennte Werte.ADR
2015-02-03 09:30 - 2015-02-03 09:41 - 0000600 _____ () C:\Users\PinheiroLLB\AppData\Local\PUTTY.RND
2013-03-31 21:56 - 2015-04-19 15:52 - 0007636 _____ () C:\Users\PinheiroLLB\AppData\Local\resmon.resmoncfg
2012-12-12 15:36 - 2013-12-11 21:20 - 0000080 _____ () C:\Users\PinheiroLLB\AppData\Local\X-Plane Installer.prf
2012-12-12 10:59 - 2014-03-15 18:34 - 0000073 _____ () C:\Users\PinheiroLLB\AppData\Local\X-Plane_drm.prf
2012-12-12 11:03 - 2012-12-26 20:13 - 0000047 _____ () C:\Users\PinheiroLLB\AppData\Local\x-plane_install_10.txt
2016-03-01 13:35 - 2016-03-01 13:35 - 0000017 _____ () C:\ProgramData\adaware-installer-reboot-required.tmp
2016-03-01 14:10 - 2016-03-01 14:10 - 0000000 _____ () C:\ProgramData\rebootpending.txt

Dateien, die verschoben oder gelöscht werden sollten:
====================
C:\Users\PinheiroLLB\FSDreamTeam_GSX.reg
C:\Users\PinheiroLLB\FSDreamTeam_JFK V2.reg
C:\Users\PinheiroLLB\FSDreamTeam_JFK.reg
C:\Users\PinheiroLLB\FSDreamTeam_KLAS.reg
C:\Users\PinheiroLLB\FSDreamTeam_Los Angeles V2.reg
C:\Users\PinheiroLLB\QualityWings_Ultimate 757 Collection.reg


Einige Dateien in TEMP:
====================
C:\Users\Annabelle\AppData\Local\Temp\avgnt.exe
C:\Users\PinheiroLLB\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap =================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert


LastRegBack: 2016-02-29 15:31

==================== Ende von FRST.txt ============================
         
und die Addition

Code:
ATTFilter
Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:27-02-2016
durchgeführt von XXXXX(2016-03-01 15:05:22)
Gestartet von C:\Users\PinheiroLLB\Desktop
Windows 10 Home Version 1511 (X64) (2016-01-16 11:47:43)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-942671010-3624539665-887436449-500 - Administrator - Disabled)
Annabelle (S-1-5-21-942671010-3624539665-887436449-1005 - Limited - Enabled) => C:\Users\Annabelle
DefaultAccount (S-1-5-21-942671010-3624539665-887436449-503 - Limited - Disabled)
Gast (S-1-5-21-942671010-3624539665-887436449-501 - Limited - Disabled)
XXXXX (S-1-5-21-942671010-3624539665-887436449-1000 - Administrator - Enabled) => C:\Users\PinheiroLLB
UpdatusUser (S-1-5-21-942671010-3624539665-887436449-1002 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

Active Sky Advanced (HKLM-x32\...\{9B091E1C-781A-4769-9A8D-9AFB6A39EBCC}) (Version: 1.00.0316 - HiFi Flightware)
Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.14 - Adobe Systems)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.306 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\{BCFB58FF-181E-472F-A9DB-827B75C1EDF7}) (Version: 12.0.4.144 - Adobe Systems, Inc)
Aerosoft's - Aerosoft Launcher (HKLM-x32\...\{EE11CFFC-898C-4875-8A63-8B732A9AD43B}) (Version: 1.2.0.3 - Aerosoft)
Aerosoft's - Airbus A318-A319 - PREPAR3D V2.x (HKLM-x32\...\Airbus A318-A319 - PREPAR3D V2.x) (Version: 1.00 - Aerosoft)
Aerosoft's - Airbus X Extended - FSX (HKLM-x32\...\Airbus X Extended - FSX) (Version: 1.16 - Aerosoft)
Aerosoft's - Airbus X Extended - PrePar3D (HKLM-x32\...\Airbus X Extended - PrePar3D) (Version: 1.16 - Aerosoft)
Aerosoft's - Anchorage X (HKLM-x32\...\{3D88DF20-8778-422F-933D-4C4D74210045}) (Version: 1.00 - Aerosoft)
aerosoft's - FlightSim Commander 9 (HKLM-x32\...\{F941AABE-E868-42D9-9F38-884250F7898A}) (Version: 9.2.2.0 - aerosoft)
Aerosoft's - Manhattan X (HKLM-x32\...\{6ED3756D-BA23-4938-94F9-7C2BFC9B86FC}) (Version: 1.20 - Aerosoft)
aerosoft's - Mega Airport Frankfurt X (HKLM-x32\...\{BAEE0C24-C8C2-4820-9DF4-887909F1A286}) (Version: 1.04 - aerosoft)
aerosoft's - Nice Cote dAzur X (HKLM-x32\...\{90447E05-DE8E-470D-8D3E-C871D2AE74AF}) (Version: 1.10 - aerosoft)
aerosoft's - USCitiesX - San Francisco (HKLM-x32\...\{DF91C497-0315-43F9-BB85-24D82FE5B11A}) (Version: 1.01 - aerosoft)
Airbus Series 2 - Evolution Upgrade (FSX) (HKLM-x32\...\Airbus Series 2 - Evolution Upgrade (FSX)) (Version:  - )
Airbus Series Vol.2 (FS X) (HKU\S-1-5-21-942671010-3624539665-887436449-1000\...\Airbus Series Vol.2 (FS X)) (Version:  - )
Airport Amsterdam (HKLM-x32\...\Airport Amsterdam) (Version: 1.0.0.0 - Aerosoft GmbH)
Airport Zurich (HKLM-x32\...\Airport Zurich) (Version: 1.1.0.0 - Aerosoft GmbH)
AivlaSoft EFB (HKLM-x32\...\AivlaSoft EFB) (Version: 1.3.7 - AivlaSoft GmbH)
AlacrityPC (HKLM-x32\...\{B6D0F294-B844-4FAF-9993-FAC10E9E0F94}) (Version: 1.0.0 - Ken Salter)
Amazon Kindle (HKU\S-1-5-21-942671010-3624539665-887436449-1000\...\Amazon Kindle) (Version:  - Amazon)
Apple Application Support (32-Bit) (HKLM-x32\...\{7FA9ECCF-A2DE-4DA1-BFF3-81260DBDA68F}) (Version: 4.1.2 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{691F30EB-9009-475A-B8A9-E1BF39598FD5}) (Version: 4.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
BlackBox Simulation - Airbus Xtreme (Prologue) (HKLM-x32\...\BlackBox Simulation-Airbus Xtreme (Prologue)) (Version: 0.75.0 - BlackBox Simulation)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Brother MFL-Pro Suite MFC-7440N (HKLM-x32\...\{46E1B1F2-A279-4356-9B17-029F9CC72EAE}) (Version: 1.0.1.0 - Brother Industries, Ltd.)
calibre (HKLM-x32\...\{1752D07B-9BEB-414F-9B51-AA529101F0E5}) (Version: 0.9.12 - Kovid Goyal)
Canon SELPHY CP800 (HKLM\...\Canon SELPHY CP800) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 5.12 - Piriform)
Cisco AnyConnect Secure Mobility Client  (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.06073 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.06073 - Cisco Systems, Inc.) Hidden
Cisco Systems VPN Client 5.0.07.0440 (HKLM\...\{5FDC06BF-3D3D-4367-8FFB-4FAFCB61972D}) (Version: 5.0.7 - Cisco Systems, Inc.)
Citavi (HKLM-x32\...\{E12C6653-1FF0-4686-ADB8-589C13AE761F}) (Version: 3.4.0.2 - Swiss Academic Software)
Citavi 4 (HKLM-x32\...\{CC0A85B2-734A-45B3-B678-05F6A6499AC7}) (Version: 4.4.0.28 - Swiss Academic Software)
cyberJack Base Components (HKLM-x32\...\{FC338210-F594-11D3-BA24-00001C3AB4DF}) (Version: 6.10.0 - REINER SCT)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dropbox (HKU\S-1-5-21-942671010-3624539665-887436449-1000\...\Dropbox) (Version: 3.14.7 - Dropbox, Inc.)
FileZilla Client 3.9.0.3 (HKLM-x32\...\FileZilla Client) (Version: 3.9.0.3 - Tim Kosse)
Firefox Browser (remove only) (HKLM-x32\...\Firefox Browser) (Version:  - )
FlightParis Bundle (HKU\S-1-5-21-942671010-3624539665-887436449-1000\...\FlightParis Bundle) (Version:  - )
FormatFactory 3.3.5.0 (HKLM-x32\...\FormatFactory) (Version: 3.3.5.0 - Format Factory)
Fotogalerie (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
FS Global 2010 (HKLM-x32\...\FS Global 2010) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 48.0.2564.116 - Google Inc.)
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
HORNETDRIVE (HKLM-x32\...\HORNETDRIVE) (Version: 3.3.1.1086 - antispameurope GmbH)
iCloud (HKLM\...\{4B48E22A-2FB0-4EFA-B99E-954B1E50CD69}) (Version: 5.1.0.34 - Apple Inc.)
iFly Jets - The 747-400 V2 for FSX - Hotfix 1 (HKLM-x32\...\iFly Jets - The 747-400 V2 for FSX - Hotfix 1) (Version:  - )
iFly Jets - The 747-400 V2 for FSX (HKLM-x32\...\iFly Jets - The 747-400 V2 for FSX) (Version:  - )
iTunes (HKLM\...\{FBEB98F8-64E4-4FA3-A15E-4A9F42FF962E}) (Version: 12.3.2.35 - Apple Inc.)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
Junk Mail filter update (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
KeyTweak - Keyboard Remapper (remove only) (HKLM-x32\...\KeyTweak) (Version:  - )
LFPN - Toussus Le Noble FSX (HKU\S-1-5-21-942671010-3624539665-887436449-1000\...\LFPN - Toussus Le Noble FSX) (Version:  - )
Microsoft .NET Framework 1.1 (HKLM-x32\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM-x32\...\M2698023) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM-x32\...\M2833941) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM-x32\...\M979906) (Version:  - )
Microsoft .NET Framework 1.1 SP1 (HKLM\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version:  - )
Microsoft .NET Framework 1.1 SP1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft ESP SimConnect Client v1.0.20.0 (HKLM-x32\...\{C0A9FCC1-9725-4679-8AC2-FE501B139B63}) (Version: 1.0.20.0 - Microsoft Corporation)
Microsoft Flight Simulator SimConnect Client v10.0.60905.0 (HKLM-x32\...\{D1AC9B0B-2727-4811-91DC-1FC3C4E47A9B}) (Version: 10.0.60905.0 - Microsoft Corporation)
Microsoft Flight Simulator SimConnect Client v10.0.61242.0 (HKLM-x32\...\{85DF6786-66AA-42EE-8616-AE456B07BD99}) (Version: 10.0.61242.0 - Microsoft Corporation)
Microsoft Flight Simulator SimConnect Client v10.0.61259.0 (HKLM-x32\...\{D61CA184-3F6D-4A50-B2CC-7A18447D6A8D}) (Version: 10.0.61259.0 - Microsoft Corporation)
Microsoft Flight Simulator X Service Pack 2 (HKLM-x32\...\{E7CC4B85-DC2F-463F-8FEB-E7398E25C19A}) (Version: 10.0.61472.0 - Microsoft Game Studios)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0407-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 - de-de (HKLM\...\ProPlusRetail - de-de) (Version: 15.0.4797.1003 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-942671010-3624539665-887436449-1000\...\OneDriveSetup.exe) (Version: 17.3.1229.0918 - Microsoft Corporation)
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit (HKLM-x32\...\{95140000-007D-0409-0000-0000000FF1CE}) (Version: 14.0.5120.5000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 - ENU (HKLM-x32\...\{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 Runtime (HKLM-x32\...\{299C0434-4F4E-341F-A916-4E07AEB35E79}) (Version: 9.0.30729 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser und SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
NavDataPro (HKLM-x32\...\NavDataPro) (Version: 1.0.1.6 - Aerosoft GmbH)
NVIDIA 3D Vision Controller-Treiber 314.07 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 314.07 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 314.07 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 314.07 - NVIDIA Corporation)
NVIDIA Grafiktreiber 314.07 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 314.07 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.23.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.23.1 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.12.1031 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA Update 1.12.12 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.12.12 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4797.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4797.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4797.1003 - Microsoft Corporation) Hidden
Paragon Festplatten Manager 10 - Drive Backup (HKLM-x32\...\{F8013DD1-574B-4921-A473-88A2F7A34D16}) (Version: 90.00.0003 - Paragon Software)
Paragon Festplatten Manager 10 - Partition Manager (HKLM\...\{986A654F-F1E4-11DD-9FCA-005056C00008}) (Version: 90.00.0003 - Paragon Software)
Parallels runtime modules (x32 Version: 1.00.0000 - Parallels) Hidden
Parallels USB Driver (x32 Version: 6.00.23046 - Parallels) Hidden
PMDG 737 6700 NGX RTM (HKLM-x32\...\{C7EE862A-D83D-4A9F-B746-CBDE39BD7001}) (Version: 1.00.3219 - PMDG Simulations, LLC.)
PMDG 737 8900 NGX (HKLM-x32\...\{20708FD5-E94D-4097-A21E-E28564CDBC06}) (Version: 1.00.3219 - PMDG Simulations, LLC.)
PMDG 777-200LR/F Base Package FSX (HKLM-x32\...\{0F16340B-5B5B-4531-8D87-4952E3BCA6E6}) (Version: 1.10.6061 - PMDG Simulations, LLC.)
PMDG MD-11 (FSX version of COMBO) (HKLM-x32\...\{CED6EAB9-9FFD-44B2-939A-D77905AD35F3}) (Version: 1.00.0003 - Precision Manuals Development Group)
PMDGMD11X_GE_AA (HKLM-x32\...\{ABB4DB59-0284-414D-9346-4992E1856E7F}) (Version: 1.00.0000 - Precision Manuals Development Group)
PMDGMD11X_GE_LH (HKLM-x32\...\{3DB1F8B4-96A5-45B8-9C50-CB5828A0B1C6}) (Version: 1.00.0000 - Precision Manuals Development Group)
PMDGMD11X_PW_SR1 (HKLM-x32\...\{E5F249B9-4A7F-482E-951D-005F47F06A43}) (Version: 1.00.0000 - Precision Manuals Development Group)
PMDGMD11XF_GE_LHF (HKLM-x32\...\{93ACD680-40F5-4D37-BC07-52FD96AFDDCD}) (Version: 1.00.0000 - Precision Manuals Development Group)
Prepar3D v2 Academic (HKLM-x32\...\{92B3FF8A-3C33-4EFC-850D-CF29E54292D9}) (Version: 2.4.11570.0 - Lockheed Martin)
Prepar3D v2 Academic (x32 Version: 2.0.9448.0 - Lockheed Martin) Hidden
Professional Flight Planner X (HKLM-x32\...\{1A5D2729-4A3B-4CD5-85C8-4896FD44B78D}) (Version: 1.19 - aerosoft)
RAAS Professional by FS2Crew (LOCKED) (HKLM-x32\...\RAAS Professional by FS2Crew (LOCKED)) (Version:  - )
Ravensburger tiptoi (HKLM-x32\...\Ravensburger tiptoi) (Version:  - )
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.49.927.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6526 - Realtek Semiconductor Corp.)
REX Essential Plus Overdrive (HKLM-x32\...\{9F30A684-44DC-4BDF-89ED-70F9021B851F}) (Version: 3.5.2012.1029 - REX Game Studios)
SanDiskSecureAccess_Manager.exe (HKU\S-1-5-21-942671010-3624539665-887436449-1000\...\@@__UNKNOWN__@@SanDiskSecureAccess_Manager.exe) (Version: 1.1.19755 - Gemalto N.V.)
Sigel Beschriftungs-Software für Überweisung und Lastschrift (HKLM-x32\...\Sigel Beschriftungs-Software für Überweisung und Lastschrift) (Version:  - )
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.0.0.9103 - Microsoft Corporation)
Skype™ 7.18 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.18.112 - Skype Technologies S.A.)
Smart Technology Programming Software 7.0.19.4 (HKLM\...\{1970C821-567B-415F-982C-134CB8FB8DAA}) (Version: 7.0.19.4 - Mad Catz)
SnapAPI (x32 Version: 4.2.709 - Acronis) Hidden
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
StarMoney (x32 Version: 3.0.5.8 - StarFinanz) Hidden
StarMoney (x32 Version: 5.0.0.226 - StarFinanz) Hidden
StarMoney 10  (HKLM-x32\...\{86B730BC-FFDF-4B50-9127-851A6F152A68}) (Version: 10 - Star Finanz GmbH)
StarMoney 8.0  (HKLM-x32\...\{EF2BE7ED-FE44-49B4-A6C3-919CE4790FDE}) (Version: 8.0 - Star Finanz GmbH)
Streamripper (Remove only) (HKLM-x32\...\Streamripper) (Version:  - )
Streamripper Plugin 1.61.27 (Remove only) (HKLM-x32\...\Streamripper.Plugin) (Version:  - )
sv.net (HKLM-x32\...\sv.net) (Version: 15.0 - ITSG GmbH)
syngo fastView (HKLM-x32\...\{4CF46E90-60EC-4177-9BE7-5F4BE89BC2E7}) (Version: VX57L38 - Siemens MedSW)
tiptoi® Manager 3.0.9 (HKLM-x32\...\9978-5763-2995-5228) (Version: 3.0.9 - Ravensburger AG)
TOPCAT 2.74 Beta 1 - Take-Off and Landing Performance Calculation Tool (HKLM-x32\...\TOPCAT) (Version: 2.74 Beta 1 - FSS GmbH)
UK2000 Heathrow Xtreme FSX  (HKLM-x32\...\UK2000 Heathrow Xtreme FSX) (Version: 3.0 - UK2000 Scenery)
Ultimate Terrain X - Europe (HKU\S-1-5-21-942671010-3624539665-887436449-1000\...\Ultimate Terrain X - Europe) (Version:  - )
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 2.1.0 (HKLM-x32\...\VLC media player) (Version: 2.1.0 - VideoLAN)
vroute.info premium - 1  (HKU\S-1-5-21-942671010-3624539665-887436449-1000\...\b4d9024f4f0aca8c) (Version: 2.1.0.8 - vroute)
vroute.info premium (HKU\S-1-5-21-942671010-3624539665-887436449-1000\...\e16201be0cba039f) (Version: 2.0.7.6 - vroute)
WD Quick View (HKLM-x32\...\{4D0776BB-71B7-49A2-A439-24791A4620E1}) (Version: 2.4.14.13 - Western Digital Technologies, Inc.)
WD SmartWare (HKLM\...\{37BF2365-3EC7-45E4-9D88-61489F932A0B}) (Version: 2.4.14.13 - Western Digital Technologies, Inc.)
WD SmartWare Installer (HKLM-x32\...\{e72369b3-306a-4d10-a766-3433a65e8dc2}) (Version: 2.4.14.13 - Western Digital Technologies, Inc.)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
Winamp Erkennungs-Plug-in (HKU\S-1-5-21-942671010-3624539665-887436449-1000\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
WinRAR (HKLM\...\WinRAR archiver) (Version:  - )
WISO Steuer-Sparbuch 2014 (HKLM-x32\...\{4C810612-124B-4610-93ED-EF7357EA3EDC}) (Version: 21.00.8480 - Buhl Data Service GmbH)
X-FMC (HKLM-x32\...\{D215611B-8A8A-4914-9C23-2EF36D8926CF}) (Version: 2.02 - X-FMC)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

CustomCLSID: HKU\S-1-5-21-942671010-3624539665-887436449-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-942671010-3624539665-887436449-1000_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\PinheiroLLB\AppData\Local\Microsoft\OneDrive\17.3.6301.0127_10\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-942671010-3624539665-887436449-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-942671010-3624539665-887436449-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-942671010-3624539665-887436449-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-942671010-3624539665-887436449-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-942671010-3624539665-887436449-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-942671010-3624539665-887436449-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-942671010-3624539665-887436449-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-942671010-3624539665-887436449-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-942671010-3624539665-887436449-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-942671010-3624539665-887436449-1000_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll (Dropbox, Inc.)

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {02D25461-8A94-4339-A4D5-72C73FD06B6C} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe
Task: {0F573DF1-69F4-4F53-BFBA-5FC40A9A94B5} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-11-16] (Piriform Ltd)
Task: {1532C4A2-9F69-4730-90F8-87E7A44A77EB} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> Keine Datei <==== ACHTUNG
Task: {1ED0FEE3-A4D0-4AF9-AAD3-505787FD7706} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe
Task: {24C3E746-6452-459A-9E93-1D4A301F67D8} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Keine Datei <==== ACHTUNG
Task: {24FE594B-CC16-4D77-9ED0-7C8E004CD7C2} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Keine Datei <==== ACHTUNG
Task: {25C56614-3CEB-425E-B763-7EC3A508A8AF} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
Task: {2890FDBB-5547-411D-B472-DDE879ADECF1} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe
Task: {33CC8B4F-0F03-4A72-9D9B-A4E7A5401D58} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Keine Datei <==== ACHTUNG
Task: {3C8E7229-112A-4E9D-95CD-B4653A68A123} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe
Task: {42DFD782-7241-449A-9C16-3000CE033C0A} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {450FDACD-9D90-47E7-BADD-C82B624584E3} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {4B09F0D2-A506-4779-9266-C98EA768DA2C} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe
Task: {4E59ED50-C5D8-4246-B1B7-C6ADB65E1BBB} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated)
Task: {4F953E1E-7E9C-4C24-AF6C-86D67D0CDE06} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {5749FA15-E717-4A30-B3C4-9BACA05290F3} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {594C849D-DC95-4323-8508-0708E7A37F53} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe
Task: {5BD7EE29-8843-48EB-A95A-6EA3038E324B} - System32\Tasks\{00710EDC-947D-4257-A20C-2F1780679420} => pcalua.exe -a C:\Users\PinheiroLLB\Downloads\HiJackThis204.exe -d C:\Users\PinheiroLLB\Downloads
Task: {5F1EEA42-3777-40A9-8848-E702D088879E} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Keine Datei <==== ACHTUNG
Task: {5F9C8D7F-FFD1-424B-9A3B-28358D50D00A} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Keine Datei <==== ACHTUNG
Task: {6022AE36-967A-4366-A241-0B17AECD3994} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe
Task: {63036FEE-3754-4790-89F4-1ED53D884167} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe
Task: {68EE2EE5-CEE9-4781-8896-8CCACB349052} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-942671010-3624539665-887436449-1000Core => C:\Users\PinheiroLLB\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-16] (Dropbox, Inc.)
Task: {6E49DF11-B1BF-4839-B13B-43D9265A4662} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-01-12] (Microsoft Corporation)
Task: {712C6861-2B14-4E72-92BA-22B6921FE2B7} - System32\Tasks\Microsoft\Windows\Wired\GatherWiredInfo => C:\Windows\system32\gatherWiredInfo.vbs
Task: {72F91625-792E-40F4-AFDE-2057734E5437} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {772513A8-461E-40B1-87E1-4D62F8FABC73} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-01] (Google Inc.)
Task: {7E0C0633-D75D-4E6A-AE88-7D42E6BB5D2C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-01] (Google Inc.)
Task: {8632EC4F-0DF6-4982-A891-19549646C625} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> Keine Datei <==== ACHTUNG
Task: {8C7F210B-7703-4060-A8DC-CBD99340D288} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-942671010-3624539665-887436449-1000UA => C:\Users\PinheiroLLB\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-16] (Dropbox, Inc.)
Task: {8CFC4F80-28AD-4DCB-9F59-BDB30B2DA204} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {93738455-319D-416A-B75D-67EA051F549C} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Keine Datei <==== ACHTUNG
Task: {99D23324-7E7F-440F-84AE-619A09734666} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Keine Datei <==== ACHTUNG
Task: {9B3BF89F-8FEB-485D-9B24-A0A9B726B7AA} - System32\Tasks\{F52C3292-A378-48F7-A667-A31DC6B87BB1} => pcalua.exe -a C:\Users\PinheiroLLB\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe -c --uninstall
Task: {A798075D-9298-4A5C-8106-5A9354F2C71D} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe
Task: {B1F34822-C928-4172-BEC2-E216460AD834} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-10-27] (Microsoft Corporation)
Task: {B49948F7-0663-4509-8CA6-74FD32D92D78} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe
Task: {B57A3EAC-F055-412B-BC48-A3BCFD9A5CB1} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Keine Datei <==== ACHTUNG
Task: {B6493125-CB5A-44E4-8066-2A83AEA5FC4B} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-26] (Apple Inc.)
Task: {B9659609-4FBC-4382-83CF-A12B9611AA77} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Keine Datei <==== ACHTUNG
Task: {C1D527F1-8D21-4B03-96A2-9933D46769E2} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {CB89D200-0D95-4C40-A985-BB43DDC565C3} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe
Task: {CBCB9AF3-FFCB-4AA5-9056-60961A31B62A} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {CE93E2C0-739D-4B04-B488-81855FD931D2} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-01-12] (Microsoft Corporation)
Task: {D2CCA1E3-A332-44F1-9A9A-4A1504CAA72E} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe
Task: {D7E167E5-6342-4269-86B4-3A08BD29135A} - System32\Tasks\{955920E4-E7F9-47CF-94C4-F8E6A61CB687} => pcalua.exe -a E:\.\windows\setup.exe -d E:\ -c .\windows
Task: {DC69A008-8069-4715-B7E8-FB5259456527} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Keine Datei <==== ACHTUNG
Task: {DDCC7B16-F1DF-42C3-A419-6F0CE2D85D11} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-10-27] (Microsoft Corporation)
Task: {E841B6A3-96C0-4E06-8611-A489C577F14A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-02-10] (Adobe Systems Incorporated)
Task: {E91D6474-70CC-42BE-80FF-8BED8AF557ED} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs
Task: {EAE387B3-2F6F-42BD-8A03-CF8A8B0EA352} - System32\Tasks\Western Digital\SmartWare\____Volume_cdbdcca7_0ca1_11e2_be20_806e6f6e6963__uuid_73656761_7465_7375_636b_0090a93953b9_SmartWare_ => C:\Program Files (x86)\Western Digital\WD SmartWare\BackupTask.exe [2015-10-28] (Western Digital Technologies, Inc.)
Task: {F544E0DA-E797-45D4-A13A-609AFD9B3E99} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe
Task: {FE2F7AF1-CDDD-4CB5-ACBF-B8D6C2318E16} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-942671010-3624539665-887436449-1000Core.job => C:\Users\PinheiroLLB\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-942671010-3624539665-887436449-1000UA.job => C:\Users\PinheiroLLB\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Verknüpfungen =============================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2015-10-30 08:17 - 2015-10-30 08:17 - 00028672 _____ () C:\WINDOWS\SYSTEM32\efsext.dll
2015-10-30 08:18 - 2015-10-30 08:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2012-10-07 14:55 - 2005-04-22 12:36 - 00143360 _____ () C:\WINDOWS\system32\BrSNMP64.dll
2016-01-16 12:32 - 2016-01-16 12:32 - 02653816 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-01-16 12:32 - 2016-01-16 12:32 - 02653816 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2014-05-01 20:29 - 2014-05-01 20:29 - 00098304 _____ () G:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2012-10-07 19:37 - 2010-03-15 10:28 - 00166400 _____ () G:\Program Files\WinRAR\rarext.dll
2014-08-12 09:11 - 2015-10-13 04:34 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2016-01-22 09:43 - 2016-01-22 09:43 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2015-02-13 04:20 - 2015-02-13 04:20 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-10-13 05:45 - 2015-10-13 05:45 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-01-16 12:32 - 2016-01-16 12:32 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-01-16 12:32 - 2016-01-16 12:32 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-01-16 12:32 - 2016-01-16 12:32 - 00936960 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2016-01-29 17:25 - 2016-01-16 06:10 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-01-29 17:25 - 2016-01-16 06:13 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-01-16 12:32 - 2016-01-16 12:32 - 00529408 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.NodeWinrtWrap.dll
2015-10-30 08:18 - 2015-10-30 19:44 - 00037888 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\winrt-projections\bin\Winrt_Projections.node
2015-10-30 08:18 - 2015-10-30 19:44 - 00796160 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.web.http\bin\NodeRT_Windows_Web_Http.node
2015-10-30 08:18 - 2015-10-30 19:44 - 00961024 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.web.http.headers\bin\NodeRT_Windows_Web_Http_Headers.node
2015-10-30 08:18 - 2015-10-30 19:44 - 00206336 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.web.http.filters\bin\NodeRT_Windows_Web_Http_Filters.node
2015-10-30 08:18 - 2015-10-30 19:44 - 00558592 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.storage.streams\bin\NodeRT_Windows_Storage_Streams.node
2015-10-30 08:18 - 2015-10-30 19:44 - 00397824 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.foundation\bin\NodeRT_Windows_Foundation.node
2015-10-30 08:18 - 2015-10-30 19:44 - 00181248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\nodert-buffer-utils\bin\NodeRT_Buffer_Utils.node
2015-10-30 08:18 - 2015-10-30 19:44 - 00093696 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.security.cryptography\bin\NodeRT_Windows_Security_Cryptography.node
2015-10-30 08:18 - 2015-10-30 19:43 - 00200192 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.cortana.pal\bin\NodeRT_Windows_Cortana_PAL.node
2016-01-16 12:32 - 2016-01-16 12:32 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-01-16 12:32 - 2016-01-16 12:32 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-10-30 08:18 - 2015-10-30 08:18 - 00218456 _____ () c:\windows\system32\WerEtw.dll
2014-11-19 16:36 - 2014-11-19 16:36 - 00063376 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
2015-10-13 05:46 - 2015-10-13 05:46 - 01040144 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2015-10-13 05:45 - 2015-10-13 05:45 - 00237328 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll
2016-01-22 09:43 - 2016-01-22 09:43 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-01-22 09:43 - 2016-01-22 09:43 - 22330368 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkyWrap.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)

AlternateDataStreams: C:\ProgramData\TEMP:74603393
AlternateDataStreams: C:\Users\PinheiroLLB\.DS_Store:AFP_AfpInfo

==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)


==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)

IE trusted site: HKU\S-1-5-21-942671010-3624539665-887436449-1000\...\uni-koeln.de -> hxxps://vpngate.uni-koeln.de

==================== Hosts Inhalt: ===============================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2006-11-02 13:34 - 2014-11-04 19:19 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1       localhost

==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-942671010-3624539665-887436449-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\PinheiroLLB\AppData\Local\Microsoft\Windows\Themes\img17.jpg
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKLM\...\StartupApproved\Run32: => "ControlCenter3"
HKU\S-1-5-21-942671010-3624539665-887436449-1000\...\StartupApproved\Run: => "SkyDrive"

==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808
FirewallRules: [{DABF8B65-4EAD-47C6-A76A-6975F9BF0179}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{9080D6F9-11C2-4943-BD3A-590E7206B865}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{D44E990A-1C0E-471A-ABE4-396F9F7F716C}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{63AB1C45-34BD-4D72-AAA9-2579C3E52970}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{1DCDF590-12BC-412B-8E4D-EB237E660A9D}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{34A0857F-C12A-4857-BAF3-F3183506780C}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{F5F240FD-C28C-475F-8D57-12FE0409FF6E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{3DF0AC30-998F-4392-BDC9-04D11149AF0C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{46DB165E-B162-4947-BAED-DE0F73061D82}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{A06FB2EB-6751-4290-8ADF-808F1F95E459}] => (Allow) G:\Program Files (x86)\ATOMI\ActivePresenter\rlupdater.exe
FirewallRules: [{3FBA1DE5-90DB-4E5B-A899-EC39324C8758}] => (Allow) G:\Program Files (x86)\ATOMI\ActivePresenter\rlupdater.exe
FirewallRules: [{7D4A5320-14D6-4D2D-AAD6-14C4E76F22EB}] => (Allow) G:\Program Files (x86)\ATOMI\ActivePresenter\rlactivator.exe
FirewallRules: [{26ABC75B-081D-4BFA-9E34-D779EC269C7C}] => (Allow) G:\Program Files (x86)\ATOMI\ActivePresenter\rlactivator.exe
FirewallRules: [{1517D475-0977-4EB2-A9CC-8BBF78AE57FF}] => (Allow) G:\Program Files (x86)\ATOMI\ActivePresenter\rlhtmlrenderer.exe
FirewallRules: [{ABFCAD0D-7E63-4FF4-A893-347D268471B0}] => (Allow) G:\Program Files (x86)\ATOMI\ActivePresenter\rlhtmlrenderer.exe
FirewallRules: [{7E4A4DD7-EBE8-48E1-B6FD-8541EE2E117F}] => (Allow) G:\Program Files (x86)\ATOMI\ActivePresenter\ActivePresenter.exe
FirewallRules: [{E9E752E9-5DEE-472B-A115-6EFF96E20235}] => (Allow) G:\Program Files (x86)\ATOMI\ActivePresenter\ActivePresenter.exe
FirewallRules: [{B8F9E71D-A404-448E-B998-EB23552B5DE0}] => (Allow) G:\Program Files (x86)\ATOMI\ActivePresenter\rlupdater.exe
FirewallRules: [{79D79628-82B0-4F24-BAB8-2CF6172C7C32}] => (Allow) G:\Program Files (x86)\ATOMI\ActivePresenter\rlupdater.exe
FirewallRules: [{4D047BB9-FA13-412E-855D-692DBFA3A480}] => (Allow) G:\Program Files (x86)\ATOMI\ActivePresenter\rlactivator.exe
FirewallRules: [{BFFDFB52-BD9A-4B44-A540-2D634D7713C1}] => (Allow) G:\Program Files (x86)\ATOMI\ActivePresenter\rlactivator.exe
FirewallRules: [{D84594B8-98CF-407E-9821-BED784B894CB}] => (Allow) G:\Program Files (x86)\ATOMI\ActivePresenter\rlhtmlrenderer.exe
FirewallRules: [{F3943234-A711-4457-ACA4-5B150D204FA8}] => (Allow) G:\Program Files (x86)\ATOMI\ActivePresenter\rlhtmlrenderer.exe
FirewallRules: [{5B9AEDAF-67CD-4C6B-B1A7-3930D43F85DD}] => (Allow) G:\Program Files (x86)\ATOMI\ActivePresenter\ActivePresenter.exe
FirewallRules: [{D26CE3FE-3718-4490-BDB0-2968380BE985}] => (Allow) G:\Program Files (x86)\ATOMI\ActivePresenter\ActivePresenter.exe
FirewallRules: [UDP Query User{E0F078E5-80F8-432B-9BE2-6273EB952751}G:\program files (x86)\1password 4\1password.exe] => (Allow) G:\program files (x86)\1password 4\1password.exe
FirewallRules: [TCP Query User{3BF9C57B-CEAB-4E39-8FA4-4F3768757B80}G:\program files (x86)\1password 4\1password.exe] => (Allow) G:\program files (x86)\1password 4\1password.exe
FirewallRules: [{C1D66DB4-22F1-4051-9C54-F6B3BA25FE43}] => (Allow) C:\Program Files (x86)\StarMoney 10\app\StarMoney.exe
FirewallRules: [{0F552548-4FB8-4928-A0C4-91EB93ADF1D4}] => (Allow) C:\Program Files (x86)\StarMoney 10\app\StarMoney.exe
FirewallRules: [{BB98C012-9C7F-4C38-8F56-EE99D703B5BE}] => (Allow) C:\Program Files (x86)\StarMoney 10\ouservice\StarMoneyOnlineUpdate.exe
FirewallRules: [{8630D67C-7F10-4BB6-8D44-29B9C6950C68}] => (Allow) C:\Program Files (x86)\StarMoney 10\ouservice\StarMoneyOnlineUpdate.exe
FirewallRules: [{FE8617D4-1406-44EB-AD00-EC64AEFA4D78}] => (Allow) C:\Users\PinheiroLLB\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{D79C223F-85B8-4E9B-8DAB-E30279A3E188}] => (Allow) C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{507BDD47-791E-4A45-9CA4-875E7A922369}] => (Allow) C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{4C2A0F0D-84BC-46EE-9F39-67AFF1FAE1D2}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{9B4613FA-3B91-4499-AA4F-95F2847B0063}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{FE01352C-66CD-45A2-8539-5E7220DEC187}] => (Allow) LPort=4500
FirewallRules: [{CF7056F1-23C0-4B24-A238-EB0C4ABB181E}] => (Allow) LPort=10000
FirewallRules: [{D85A221E-73D2-47CD-8A86-CA370C816E06}] => (Allow) LPort=500
FirewallRules: [UDP Query User{F8D61252-179D-4599-9382-7B1513B8BE84}F:\microsoft games\microsoft flight simulator x\aerosoft\airbus x extended\airbusxconnectextended_ipad_mod_v1.4.exe] => (Allow) F:\microsoft games\microsoft flight simulator x\aerosoft\airbus x extended\airbusxconnectextended_ipad_mod_v1.4.exe
FirewallRules: [TCP Query User{DB04BFEF-4A51-4A8D-95B8-4F99B034EF3C}F:\microsoft games\microsoft flight simulator x\aerosoft\airbus x extended\airbusxconnectextended_ipad_mod_v1.4.exe] => (Allow) F:\microsoft games\microsoft flight simulator x\aerosoft\airbus x extended\airbusxconnectextended_ipad_mod_v1.4.exe
FirewallRules: [UDP Query User{A9CBE811-BD24-49BF-8E15-580CF9FC98F1}H:\program files (x86)\lockheed martin\prepar3d v2\aerosoft\airbus x extended\airbusxconnectextended.exe] => (Allow) H:\program files (x86)\lockheed martin\prepar3d v2\aerosoft\airbus x extended\airbusxconnectextended.exe
FirewallRules: [TCP Query User{82786FD4-1425-4C05-BE85-B725BCC2C878}H:\program files (x86)\lockheed martin\prepar3d v2\aerosoft\airbus x extended\airbusxconnectextended.exe] => (Allow) H:\program files (x86)\lockheed martin\prepar3d v2\aerosoft\airbus x extended\airbusxconnectextended.exe
FirewallRules: [{D093013E-0821-41DA-83D4-6EEEFFD480B9}] => (Allow) H:\Program Files (x86)\Lockheed Martin\Prepar3D v2\Prepar3D.exe
FirewallRules: [{3A762963-6493-4B6D-9EB3-B14251B0BC95}] => (Allow) H:\Program Files (x86)\Lockheed Martin\Prepar3D v2\Prepar3D.exe
FirewallRules: [UDP Query User{5A31A57E-D4CC-4318-8FD7-A3ABE2BCA9BC}F:\program files\ivao\ivai\ivai.exe] => (Allow) F:\program files\ivao\ivai\ivai.exe
FirewallRules: [TCP Query User{DDEC5E28-CC7C-4CB9-A741-3E24FE1AEED1}F:\program files\ivao\ivai\ivai.exe] => (Allow) F:\program files\ivao\ivai\ivai.exe
FirewallRules: [{51038772-1D25-49D1-8BE6-3F939F655994}] => (Allow) G:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{5D30B5BE-E3D4-42F1-80C9-5045A31DE548}] => (Allow) G:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [UDP Query User{67AC74AE-F3E2-4095-9813-744AB8E0C987}F:\program files (x86)\aivlasoft\efb\aivlasoft.efb.displayunit.exe] => (Allow) F:\program files (x86)\aivlasoft\efb\aivlasoft.efb.displayunit.exe
FirewallRules: [TCP Query User{4B96B91D-C891-4850-BADD-529CD5EBE506}F:\program files (x86)\aivlasoft\efb\aivlasoft.efb.displayunit.exe] => (Allow) F:\program files (x86)\aivlasoft\efb\aivlasoft.efb.displayunit.exe
FirewallRules: [UDP Query User{72B00CC3-A400-41D8-A027-C8482C163A11}C:\users\pinheirollb\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\pinheirollb\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [TCP Query User{3E711164-2730-4735-AE10-8D8E0A393D4B}C:\users\pinheirollb\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\pinheirollb\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{E28D8A5E-6ADD-43CF-8702-E18FAF86D751}F:\program files (x86)\aivlasoft\efb\aivlasoft.efb.dataprovider.exe] => (Allow) F:\program files (x86)\aivlasoft\efb\aivlasoft.efb.dataprovider.exe
FirewallRules: [TCP Query User{8D50B573-4756-4BC8-8EA8-8DE1E888C5E1}F:\program files (x86)\aivlasoft\efb\aivlasoft.efb.dataprovider.exe] => (Allow) F:\program files (x86)\aivlasoft\efb\aivlasoft.efb.dataprovider.exe
FirewallRules: [{3E31C00A-5DC9-4B81-B4C3-3710D245EF2C}] => (Allow) LPort=1900
FirewallRules: [{7220DCA1-8511-4950-B0AD-E1CCD4AF7B42}] => (Allow) LPort=2869
FirewallRules: [{36FCB705-AC62-43A4-9927-E6682197E73D}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{19D68882-2617-4759-B846-B5A344854A41}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{F91326F8-3F6A-458C-AA30-F0E7F8C00319}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [UDP Query User{6B7C2993-BAA9-40BB-88E5-ECF227ACADC0}H:\x-plane 10\x-plane-32bit.exe] => (Allow) H:\x-plane 10\x-plane-32bit.exe
FirewallRules: [TCP Query User{3F36C02A-F6EE-4F7D-8CF5-19B1AACBA089}H:\x-plane 10\x-plane-32bit.exe] => (Allow) H:\x-plane 10\x-plane-32bit.exe
FirewallRules: [UDP Query User{D02E9227-ECD3-4C95-BCAE-7AEA76AA77BC}F:\microsoft games\microsoft flight simulator x\aerosoft\airbus x extended\airbusxconnectextended.exe] => (Allow) F:\microsoft games\microsoft flight simulator x\aerosoft\airbus x extended\airbusxconnectextended.exe
FirewallRules: [TCP Query User{DFF071A9-8E9F-4041-848E-AE65E30CC6FA}F:\microsoft games\microsoft flight simulator x\aerosoft\airbus x extended\airbusxconnectextended.exe] => (Allow) F:\microsoft games\microsoft flight simulator x\aerosoft\airbus x extended\airbusxconnectextended.exe
FirewallRules: [UDP Query User{EFAE5E0B-AB66-46BC-B914-8E5E23EAD514}H:\x-plane 10\x-plane.exe] => (Allow) H:\x-plane 10\x-plane.exe
FirewallRules: [TCP Query User{3ADA6EFB-0E17-40CE-B989-8515A78E35A7}H:\x-plane 10\x-plane.exe] => (Allow) H:\x-plane 10\x-plane.exe
FirewallRules: [{AFFA48EF-62B0-4D5B-A60A-30EEDE5D6A7C}] => (Allow) LPort=54925
FirewallRules: [{1D481604-9168-4D80-8823-E8EB9A391C0F}] => (Allow) C:\Program Files (x86)\Brother\Brmfl07b\FAXRX.exe
FirewallRules: [{859F9BF3-5318-4FAD-8E64-B3ECF1BC1F1A}] => (Allow) C:\Program Files (x86)\Brother\Brmfl07b\FAXRX.exe
FirewallRules: [{858C7A23-E377-463C-9637-DF2046E41CF8}] => (Allow) G:\Program Files (x86)\StarMoney 8.0\app\StarMoney.exe
FirewallRules: [{5D17DB09-8083-4EE6-A9F0-31388644D735}] => (Allow) G:\Program Files (x86)\StarMoney 8.0\app\StarMoney.exe
FirewallRules: [{3CF72D51-4E7A-4E4D-9BAC-A9124934E19B}] => (Allow) G:\Program Files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe
FirewallRules: [{1C9BDFCE-7C41-45A9-9784-8669270E2371}] => (Allow) G:\Program Files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe
FirewallRules: [{E9D1C01F-8F2E-45F9-80A7-C5366AF5719E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{EE1E4EFA-EBFF-4241-914D-5F0151A50170}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{40291CBD-534A-4967-815A-104A7910DD39}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{EE9F1749-47FC-4F7D-AEB9-4A1B3E664280}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{83973102-9920-47E8-8CE9-BED29C2CED10}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{445E180C-2AE7-4FEF-A1CC-248CD1C0FBB5}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{EB36A764-5C91-4C27-ABFB-557AE031B835}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Wiederherstellungspunkte =========================

ACHTUNG: Systemwiederherstellung ist deaktiviert

==================== Fehlerhafte Geräte im Gerätemanager =============

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Unbekanntes USB-Gerät (Fehler beim Anfordern einer Gerätebeschreibung.)
Description: Unbekanntes USB-Gerät (Fehler beim Anfordern einer Gerätebeschreibung.)
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard-USB-Hostcontroller)
Service: 
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation. 


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (03/01/2016 03:04:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: AppleChromeDAV.exe, Version: 1.4.20.0, Zeitstempel: 0x5551e31d
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x003e002f
ID des fehlerhaften Prozesses: 0x35c0
Startzeit der fehlerhaften Anwendung: 0xAppleChromeDAV.exe0
Pfad der fehlerhaften Anwendung: AppleChromeDAV.exe1
Pfad des fehlerhaften Moduls: AppleChromeDAV.exe2
Berichtskennung: AppleChromeDAV.exe3
Vollständiger Name des fehlerhaften Pakets: AppleChromeDAV.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: AppleChromeDAV.exe5

Error: (03/01/2016 03:01:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: AppleChromeDAV.exe, Version: 1.4.20.0, Zeitstempel: 0x5551e31d
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x003e002f
ID des fehlerhaften Prozesses: 0x15e0
Startzeit der fehlerhaften Anwendung: 0xAppleChromeDAV.exe0
Pfad der fehlerhaften Anwendung: AppleChromeDAV.exe1
Pfad des fehlerhaften Moduls: AppleChromeDAV.exe2
Berichtskennung: AppleChromeDAV.exe3
Vollständiger Name des fehlerhaften Pakets: AppleChromeDAV.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: AppleChromeDAV.exe5

Error: (03/01/2016 03:00:19 PM) (Source: Perflib) (EventID: 1010) (User: )
Description: C:\Windows\System32\winspool.drvSpooler4

Error: (03/01/2016 03:00:19 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: rdyboost4

Error: (03/01/2016 02:05:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: WINWORD.EXE, Version: 15.0.4797.1003, Zeitstempel: 0x56bf0292
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000
ID des fehlerhaften Prozesses: 0x2788
Startzeit der fehlerhaften Anwendung: 0xWINWORD.EXE0
Pfad der fehlerhaften Anwendung: WINWORD.EXE1
Pfad des fehlerhaften Moduls: WINWORD.EXE2
Berichtskennung: WINWORD.EXE3
Vollständiger Name des fehlerhaften Pakets: WINWORD.EXE4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: WINWORD.EXE5

Error: (03/01/2016 02:04:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: AppleChromeDAV.exe, Version: 1.4.20.0, Zeitstempel: 0x5551e31d
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x003e002f
ID des fehlerhaften Prozesses: 0x2fac
Startzeit der fehlerhaften Anwendung: 0xAppleChromeDAV.exe0
Pfad der fehlerhaften Anwendung: AppleChromeDAV.exe1
Pfad des fehlerhaften Moduls: AppleChromeDAV.exe2
Berichtskennung: AppleChromeDAV.exe3
Vollständiger Name des fehlerhaften Pakets: AppleChromeDAV.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: AppleChromeDAV.exe5

Error: (03/01/2016 01:36:56 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Earth1)
Description: Bei der Aktivierung der App „Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (03/01/2016 01:36:07 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: WmiApRplC:\WINDOWS\system32\wbem\wmiaprpl.dll4

Error: (03/01/2016 01:36:07 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: rdyboost4

Error: (03/01/2016 01:36:07 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description: 


Systemfehler:
=============
Error: (03/01/2016 03:00:48 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Windows Search" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler: 
%%1056

Error: (03/01/2016 03:00:18 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Volumeschattenkopie" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (03/01/2016 03:00:18 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "iPod-Dienst" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (03/01/2016 03:00:18 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (03/01/2016 03:00:18 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "WD Backup" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts.

Error: (03/01/2016 03:00:18 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "StarMoney 8.0 OnlineUpdate" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (03/01/2016 03:00:18 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "MBAMScheduler" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (03/01/2016 03:00:18 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Microsoft Office-Klick-und-Los-Dienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts.

Error: (03/01/2016 03:00:18 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "WD Drive Manager" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (03/01/2016 03:00:18 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "StarMoney 10 OnlineUpdate" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.


CodeIntegrity:
===================================
  Date: 2016-03-01 14:57:12.784
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-03-01 14:57:12.769
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-03-01 14:53:33.191
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-03-01 14:53:33.023
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-03-01 14:53:32.914
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-03-01 14:53:32.804
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-03-01 14:53:32.705
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-03-01 14:53:32.594
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-03-01 14:53:32.417
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-03-01 14:53:32.347
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Speicherinformationen =========================== 

Prozessor: Intel(R) Core(TM) i7-3770K CPU @ 3.50GHz
Prozentuale Nutzung des RAM: 32%
Installierter physikalischer RAM: 8147 MB
Verfügbarer physikalischer RAM: 5495.84 MB
Summe virtueller Speicher: 16339 MB
Verfügbarer virtueller Speicher: 14205.07 MB

==================== Laufwerke ================================

Drive c: () (Fixed) (Total:118.7 GB) (Free:33.48 GB) NTFS
Drive d: () (Fixed) (Total:0.1 GB) (Free:0.05 GB) NTFS ==>[System mit Startkomponenten (eingeholt von Laufwerk)]
Drive f: (FSX) (Fixed) (Total:244.14 GB) (Free:164 GB) NTFS
Drive g: (Programme) (Fixed) (Total:48.83 GB) (Free:45.78 GB) NTFS
Drive h: (XPlane) (Fixed) (Total:292.97 GB) (Free:213.16 GB) NTFS
Drive i: (Data) (Fixed) (Total:345.56 GB) (Free:290.3 GB) NTFS
Drive j: (Backup HD) (Fixed) (Total:931.51 GB) (Free:654.3 GB) NTFS
Drive l: () (Fixed) (Total:14.9 GB) (Free:12.65 GB) FAT32

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 119.2 GB) (Disk ID: 7DB1A4CF)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=118.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 7F75FE5A)
Partition 1: (Not Active) - (Size=48.8 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=244.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=293 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=345.6 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 14.9 GB) (Disk ID: BD941F46)
Partition 1: (Not Active) - (Size=14.9 GB) - (Type=0C)

========================================================
Disk: 3 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 28FDA0DC)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== Ende von Addition.txt ============================
         
oh sorry, ich hatte den defender noch laufen... das ganze nochmal...

Also ADW

Code:
ATTFilter
# AdwCleaner v5.037 - Bericht erstellt am 01/03/2016 um 15:18:06
# Aktualisiert am 28/02/2016 von Xplode
# Datenbank : 2016-02-28.2 [Lokal]
# Betriebssystem : Windows 10 Home  (x64)
# Benutzername : XXXX - EARTH1
# Gestartet von : C:\Users\PinheiroLLB\Desktop\AdwCleaner_5.037 (2).exe
# Option : Suchlauf
# Unterstützung : hxxp://toolslib.net/forum

***** [ Dienste ] *****


***** [ Ordner ] *****


***** [ Dateien ] *****


***** [ DLL ] *****


***** [ Verknüpfungen ] *****


***** [ Aufgabenplanung ] *****


***** [ Registrierungsdatenbank ] *****


***** [ Internetbrowser ] *****

[C:\Users\PinheiroLLB\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Gefunden : avherald.com
[C:\Users\PinheiroLLB\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Gefunden : cloud-search.linkury.com
[C:\Users\PinheiroLLB\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Gefunden : websearch.ask.com
[C:\Users\PinheiroLLB\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Gefunden : juris.de

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [2568 Bytes] - [01/03/2016 15:00:18]
C:\AdwCleaner\AdwCleaner[R0].txt - [1085 Bytes] - [05/11/2014 15:27:36]
C:\AdwCleaner\AdwCleaner[S0].txt - [1138 Bytes] - [05/11/2014 15:28:32]
C:\AdwCleaner\AdwCleaner[S1].txt - [2616 Bytes] - [01/03/2016 14:59:15]
C:\AdwCleaner\AdwCleaner[S2].txt - [1105 Bytes] - [01/03/2016 15:01:02]
C:\AdwCleaner\AdwCleaner[S3].txt - [1524 Bytes] - [01/03/2016 15:18:06]

########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [1597 Bytes] ##########
         
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.3 (02.09.2016)
Operating System: Windows 10 Home x64 
Ran by XXXX (Administrator) on 01.03.2016 at 15:19:28,31
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 0 




Registry: 0 





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 01.03.2016 at 15:20:18,38
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         

Alt 01.03.2016, 15:28   #15
pinokw
 
Win 10 Rogue.953320 Malware - Standard

Win 10 Rogue.953320 Malware



und FRST

Code:
ATTFilter
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:27-02-2016
durchgeführt von XXXXXX (Administrator) auf EARTH1 (01-03-2016 15:21:18)
Gestartet von C:\Users\PinheiroLLB\Desktop
Geladene Profile: XXXXXX (Verfügbare Profile: XXXXXX & UpdatusUser & Annabelle)
Platform: Windows 10 Home Version 1511 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: Edge)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Nicht auf der Ausnahmeliste) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7560296 2011-12-12] (Realtek Semiconductor)
HKLM\...\Run: [ProfilerU] => C:\Program Files\SmartTechnology\Software\ProfilerU.exe [454144 2012-09-04] (Saitek)
HKLM\...\Run: [SaiMfd] => C:\Program Files\SmartTechnology\Software\SaiMfd.exe [158208 2012-09-04] (Saitek)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-12-17] (Apple Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60688 2015-12-17] (Apple Inc.)
HKLM-x32\...\Run: [BrMfcWnd] => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [WinampAgent] => G:\Program Files (x86)\Winamp\winampa.exe [85600 2013-11-26] (Nullsoft, Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3498720 2015-12-17] (Adobe Systems Inc.)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [707984 2014-11-19] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [Agile1pAgent] => G:\Program Files (x86)\1Password 4\Agile1pAgent.exe [4882360 2016-02-23] (AgileBits)
HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5564784 2015-07-20] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1085656 2015-12-13] (Adobe Systems Incorporated)
HKU\S-1-5-21-942671010-3624539665-887436449-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [60688 2015-10-21] (Apple Inc.)
HKU\S-1-5-21-942671010-3624539665-887436449-1000\...\Run: [SanDiskSecureAccess_Manager.exe] => C:\Users\PinheiroLLB\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe [30705792 2012-02-14] (Gemalto N.V.)
HKU\S-1-5-21-942671010-3624539665-887436449-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [61200 2015-10-21] (Apple Inc.)
HKU\S-1-5-21-942671010-3624539665-887436449-1000\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\AdobeCollabSync.exe [761056 2015-12-17] (Adobe Systems Incorporated)
HKU\S-1-5-21-942671010-3624539665-887436449-1000\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [103696 2015-10-21] (Apple Inc.)
HKU\S-1-5-21-942671010-3624539665-887436449-1000\...\Run: [AppleIEDAV] => C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe [1079592 2015-06-26] (Apple Inc.)
HKU\S-1-5-21-942671010-3624539665-887436449-1000\...\Run: [SkyDrive] => C:\Users\PinheiroLLB\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [277672 2015-03-21] (Microsoft Corporation)
HKU\S-1-5-21-942671010-3624539665-887436449-1000\...\Run: [Dropbox Update] => C:\Users\PinheiroLLB\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-16] (Dropbox, Inc.)
HKU\S-1-5-21-942671010-3624539665-887436449-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50605696 2016-02-10] (Skype Technologies S.A.)
HKU\S-1-5-21-942671010-3624539665-887436449-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8591272 2015-11-16] (Piriform Ltd)
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\PinheiroLLB\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918_6\amd64\SkyDriveShell64.dll [2015-03-21] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\PinheiroLLB\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918_6\amd64\SkyDriveShell64.dll [2015-03-21] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\PinheiroLLB\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918_6\amd64\SkyDriveShell64.dll [2015-03-21] (Microsoft Corporation)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\PinheiroLLB\AppData\Local\Microsoft\OneDrive\17.3.6301.0127_10\FileSyncShell.dll [2016-02-25] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\PinheiroLLB\AppData\Local\Microsoft\OneDrive\17.3.6301.0127_10\FileSyncShell.dll [2016-02-25] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\PinheiroLLB\AppData\Local\Microsoft\OneDrive\17.3.6301.0127_10\FileSyncShell.dll [2016-02-25] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-02-23] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-02-23] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-02-23] (Microsoft Corporation)
Startup: C:\Users\PinheiroLLB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk [2016-03-01]
ShortcutTarget: An OneNote senden.lnk -> C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe (Microsoft Corporation)
Startup: C:\Users\PinheiroLLB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2016-02-22]
ShortcutTarget: Dropbox.lnk -> C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\PinheiroLLB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HORNETDRIVE starten.lnk [2015-03-27]
ShortcutTarget: HORNETDRIVE starten.lnk -> C:\Program Files (x86)\HORNETDRIVE\HORNETDRIVE.exe (antispameurope GmbH)

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{e3750fe7-67b0-4170-b8e0-591dd6c63e62}: [DhcpNameServer] 192.168.178.1

Internet Explorer:
==================
HKU\S-1-5-21-942671010-3624539665-887436449-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung <======= ACHTUNG
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-942671010-3624539665-887436449-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-942671010-3624539665-887436449-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: 1Password -> {037C06D5-3893-49E8-9AC0-41F7524AFBF5} -> G:\Program Files (x86)\1Password 4\x64\Agile1pIE4.dll [2016-02-23] (AgileBits)
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2016-02-23] (Microsoft Corporation)
BHO: Kein Name -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> Keine Datei
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2015-12-17] (Adobe Systems Incorporated)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2016-02-23] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-02-23] (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2015-12-17] (Adobe Systems Incorporated)
BHO-x32: 1Password -> {037C06D5-3893-49E8-9AC0-41F7524AFBF5} -> G:\Program Files (x86)\1Password 4\x86\Agile1pIE4.dll [2016-02-23] (AgileBits)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2016-02-23] (Microsoft Corporation)
BHO-x32: Kein Name -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> Keine Datei
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-04-20] (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-12-03] (Adobe Systems Incorporated)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-02-23] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-20] (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-12-03] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2015-12-17] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-12-03] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-942671010-3624539665-887436449-1000 -> Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2015-12-17] (Adobe Systems Incorporated)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\PinheiroLLB\AppData\Roaming\Mozilla\Firefox\Profiles\5pzyhjcy.default
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_20_0_0_306.dll [2016-02-10] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-04-28] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_306.dll [2016-02-10] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll [2013-09-04] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-20] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-20] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-11-03] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2013-10-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2013-02-09] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2013-02-09] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> G:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2013-09-23] (VideoLAN)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2015-12-17] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-28] (Adobe Systems)
FF Extension: Avira Browser Safety - C:\Users\PinheiroLLB\AppData\Roaming\Mozilla\Firefox\Profiles\5pzyhjcy.default\Extensions\abs@avira.com.xpi [2016-02-26]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2016-01-15]
StartMenuInternet: FIREFOX.EXE - C:\Users\PinheiroLLB\Documents\Firefox Browser\App\Firefox\firefox.exe

Chrome: 
=======
CHR Profile: C:\Users\PinheiroLLB\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\PinheiroLLB\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-11-01]
CHR Extension: (Google Docs) - C:\Users\PinheiroLLB\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-11-01]
CHR Extension: (1Password: Password Manager and Secure Wallet) - C:\Users\PinheiroLLB\AppData\Local\Google\Chrome\User Data\Default\Extensions\aomjjhallfgjeglblehebfpbcfeobpgk [2016-01-22]
CHR Extension: (Google Drive) - C:\Users\PinheiroLLB\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-01]
CHR Extension: (YouTube) - C:\Users\PinheiroLLB\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-01]
CHR Extension: (Google Search) - C:\Users\PinheiroLLB\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-01]
CHR Extension: (Adobe Acrobat) - C:\Users\PinheiroLLB\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2015-11-10]
CHR Extension: (Google Sheets) - C:\Users\PinheiroLLB\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-11-01]
CHR Extension: (iCloud Bookmarks) - C:\Users\PinheiroLLB\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkepacicchenbjecpbpbclokcabebhah [2015-11-01]
CHR Extension: (Google Analytics Opt-out Add-on (by Google)) - C:\Users\PinheiroLLB\AppData\Local\Google\Chrome\User Data\Default\Extensions\fllaojicojecljbmefodhfapmkghcbnh [2015-11-01]
CHR Extension: (Avira Browser Safety) - C:\Users\PinheiroLLB\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2016-02-23]
CHR Extension: (Google Docs Offline) - C:\Users\PinheiroLLB\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-20]
CHR Extension: (Mailvelope) - C:\Users\PinheiroLLB\AppData\Local\Google\Chrome\User Data\Default\Extensions\kajibbejlbohfaggdiogboambcijhkke [2016-02-25]
CHR Extension: (Chrome Web Store Payments) - C:\Users\PinheiroLLB\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-11-01]
CHR Extension: (Gmail) - C:\Users\PinheiroLLB\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-11-01]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2015-12-17]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-01-08]
CHR HKLM-x32\...\Chrome\Extension: [ohgndokldibnndfnjnagojmheejlengn] - hxxps://clients2.google.com/service/update2/crx

==================== Dienste (Nicht auf der Ausnahmeliste) ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
S2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2016-01-08] (Microsoft Corporation)
S2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2016-01-08] (Microsoft Corporation)
S2 cjpcsc; C:\Windows\SysWOW64\cjpcsc.exe [514128 2012-03-19] (REINER SCT)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2809072 2016-01-20] (Microsoft Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [Datei ist nicht signiert]
S2 MBAMScheduler; G:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
S2 MBAMService; G:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S2 StarMoney 10 OnlineUpdate; C:\Program Files (x86)\StarMoney 10\ouservice\StarMoneyOnlineUpdate.exe [701760 2016-01-26] (Star Finanz-Software Entwicklung und Vertriebs GmbH)
S2 StarMoney 8.0 OnlineUpdate; G:\Program Files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe [699680 2012-12-21] (Star Finanz - Software Entwicklung und Vertriebs GmbH)
R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2015-10-28] (Western Digital Technologies, Inc.)
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [307576 2015-10-28] (Western Digital Technologies, Inc.)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)

===================== Treiber (Nicht auf der Ausnahmeliste) ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R4 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [35488 2016-01-16] (Avira Operations GmbH & Co. KG)
S3 cjusb; C:\Windows\system32\DRIVERS\cjusb.sys [34672 2011-03-29] (REINER SCT)
R0 hotcore3; C:\Windows\System32\DRIVERS\hotcore3.sys [37392 2009-08-31] (Paragon Software Group)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [589824 2015-10-30] (Realtek                                            )
R3 SaiH0461; C:\Windows\system32\DRIVERS\SaiH0461.sys [171144 2007-05-01] (Saitek)
S3 SaiH0763; C:\Windows\system32\DRIVERS\SaiH0763.sys [176640 2007-07-18] (Saitek)
R3 SaiMini; C:\Windows\System32\drivers\SaiMini.sys [24680 2012-09-05] (Saitek)
R3 SaiNtBus; C:\Windows\system32\drivers\SaiBus.sys [52200 2012-09-05] (Saitek)
S3 vpnva; C:\Windows\System32\drivers\vpnva64-6.sys [52592 2014-11-19] (Cisco Systems, Inc.)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
R4 gzflt; \??\C:\Program Files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.99.0\gzflt.sys [X]
U3 idsvc; kein ImagePath
U3 wpcsvc; kein ImagePath

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-03-01 15:13 - 2016-03-01 15:19 - 01609216 _____ (Malwarebytes) C:\Users\PinheiroLLB\Desktop\JRT (1).exe
2016-03-01 15:13 - 2016-03-01 15:15 - 01518592 _____ C:\Users\PinheiroLLB\Desktop\AdwCleaner_5.037 (2).exe
2016-03-01 15:05 - 2016-03-01 15:05 - 00065678 _____ C:\Users\PinheiroLLB\Desktop\Addition.txt
2016-03-01 15:04 - 2016-03-01 15:21 - 00027259 _____ C:\Users\PinheiroLLB\Desktop\FRST.txt
2016-03-01 15:04 - 2016-03-01 09:33 - 02371072 _____ (Farbar) C:\Users\PinheiroLLB\Desktop\FRST64.exe
2016-03-01 15:03 - 2016-03-01 15:20 - 00000553 _____ C:\Users\PinheiroLLB\Desktop\JRT.txt
2016-03-01 14:21 - 2016-03-01 14:30 - 00000000 ____D C:\Users\PinheiroLLB\Desktop\mbar
2016-03-01 14:21 - 2016-03-01 14:30 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2016-03-01 14:20 - 2016-03-01 14:20 - 16563352 _____ (Malwarebytes Corp.) C:\Users\PinheiroLLB\Desktop\mbar-1.09.3.1001.exe
2016-03-01 14:10 - 2016-03-01 14:10 - 00000000 _____ C:\ProgramData\rebootpending.txt
2016-03-01 13:35 - 2016-03-01 13:35 - 00000017 _____ C:\ProgramData\adaware-installer-reboot-required.tmp
2016-03-01 09:31 - 2016-03-01 15:20 - 00000000 ____D C:\Users\PinheiroLLB\Desktop\Rouge Malware
2016-02-29 21:40 - 2016-02-29 21:40 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2016-02-29 21:39 - 2016-02-29 21:41 - 00198726 _____ C:\WINDOWS\ntbtlog.txt
2016-02-29 21:21 - 2016-02-29 21:21 - 00000000 ____D C:\Users\PinheiroLLB\AppData\Local\Avira-Scout
2016-02-27 14:20 - 2016-02-27 14:20 - 00000000 ____D C:\Users\PinheiroLLB\SkyDrive
2016-02-27 12:01 - 2016-02-27 12:01 - 00000831 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2016-02-27 11:53 - 2016-02-27 11:56 - 00000000 ____D C:\AVZ
2016-02-27 10:46 - 2016-02-27 10:46 - 00000000 _____ C:\Users\PinheiroLLB\Desktop\Neues Textdokument (3).txt
2016-02-22 13:39 - 2016-02-22 18:27 - 00000000 ____D C:\Users\PinheiroLLB\Desktop\Dokumente
2016-02-22 11:48 - 2016-02-22 11:48 - 00000000 ____D C:\Users\PinheiroLLB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-02-13 16:52 - 2016-02-13 16:52 - 00000000 ____D C:\Users\PinheiroLLB\Desktop\Glasgow UB Box
2016-02-12 09:05 - 2016-02-12 09:05 - 00143554 _____ C:\Users\PinheiroLLB\Desktop\CCR12022016_00000.pdf
2016-02-11 12:34 - 2016-02-11 12:34 - 00000949 _____ C:\Users\Public\Desktop\King's Quest II.lnk
2016-02-11 12:34 - 2016-02-11 12:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AGD Interactive
2016-02-10 12:43 - 2016-01-29 07:57 - 04502352 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2016-02-10 12:43 - 2016-01-29 07:33 - 04064320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2016-02-10 12:43 - 2016-01-27 07:15 - 01557776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2016-02-10 12:43 - 2016-01-27 07:15 - 01542816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2016-02-10 12:43 - 2016-01-27 07:01 - 07476064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-02-10 12:43 - 2016-01-27 07:01 - 01997328 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2016-02-10 12:43 - 2016-01-27 07:01 - 01819720 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-02-10 12:43 - 2016-01-27 06:59 - 00304752 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemreset.exe
2016-02-10 12:43 - 2016-01-27 06:57 - 02919320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-02-10 12:43 - 2016-01-27 06:57 - 01824264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2016-02-10 12:43 - 2016-01-27 06:57 - 00820704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2016-02-10 12:43 - 2016-01-27 06:56 - 21124344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-02-10 12:43 - 2016-01-27 06:55 - 05242496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2016-02-10 12:43 - 2016-01-27 06:55 - 00081112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpenWith.exe
2016-02-10 12:43 - 2016-01-27 06:54 - 00295264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2016-02-10 12:43 - 2016-01-27 06:46 - 02606824 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2016-02-10 12:43 - 2016-01-27 06:46 - 01270072 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2016-02-10 12:43 - 2016-01-27 06:45 - 22564328 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-02-10 12:43 - 2016-01-27 06:45 - 06605544 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2016-02-10 12:43 - 2016-01-27 06:44 - 00604928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-02-10 12:43 - 2016-01-27 06:44 - 00085320 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpenWith.exe
2016-02-10 12:43 - 2016-01-27 06:43 - 00359776 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2016-02-10 12:43 - 2016-01-27 06:37 - 01998176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-02-10 12:43 - 2016-01-27 06:37 - 00576352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-02-10 12:43 - 2016-01-27 06:21 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msorcl32.dll
2016-02-10 12:43 - 2016-01-27 06:15 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ztrace_maps.dll
2016-02-10 12:43 - 2016-01-27 06:13 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininetlui.dll
2016-02-10 12:43 - 2016-01-27 06:12 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2016-02-10 12:43 - 2016-01-27 06:11 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mtxoci.dll
2016-02-10 12:43 - 2016-01-27 06:10 - 22394368 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-02-10 12:43 - 2016-01-27 06:10 - 00099840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hlink.dll
2016-02-10 12:43 - 2016-01-27 06:08 - 00299008 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll
2016-02-10 12:43 - 2016-01-27 06:08 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ztrace_maps.dll
2016-02-10 12:43 - 2016-01-27 06:07 - 00203264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iassam.dll
2016-02-10 12:43 - 2016-01-27 06:05 - 19339776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-02-10 12:43 - 2016-01-27 06:05 - 18678272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-02-10 12:43 - 2016-01-27 06:05 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininetlui.dll
2016-02-10 12:43 - 2016-01-27 06:05 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2016-02-10 12:43 - 2016-01-27 06:04 - 09918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-02-10 12:43 - 2016-01-27 06:04 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mtxoci.dll
2016-02-10 12:43 - 2016-01-27 06:03 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngckeyenum.dll
2016-02-10 12:43 - 2016-01-27 06:02 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\hlink.dll
2016-02-10 12:43 - 2016-01-27 06:01 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2016-02-10 12:43 - 2016-01-27 05:59 - 00258048 _____ (Microsoft Corporation) C:\WINDOWS\system32\iassam.dll
2016-02-10 12:43 - 2016-01-27 05:58 - 11545088 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-02-10 12:43 - 2016-01-27 05:57 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-02-10 12:43 - 2016-01-27 05:55 - 12125696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-02-10 12:43 - 2016-01-27 05:55 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-02-10 12:43 - 2016-01-27 05:54 - 24603136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-02-10 12:43 - 2016-01-27 05:52 - 00970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2016-02-10 12:43 - 2016-01-27 05:50 - 02230784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-02-10 12:43 - 2016-01-27 05:50 - 01504768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-02-10 12:43 - 2016-01-27 05:50 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2016-02-10 12:43 - 2016-01-27 05:49 - 05662208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-02-10 12:43 - 2016-01-27 05:48 - 13382656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-02-10 12:43 - 2016-01-27 05:44 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cfgbkend.dll
2016-02-10 12:43 - 2016-01-27 05:42 - 01387520 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-02-10 12:43 - 2016-01-27 05:41 - 03592704 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-02-10 12:43 - 2016-01-27 05:39 - 02275328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-02-10 12:43 - 2016-01-27 05:38 - 07835648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-02-10 12:43 - 2016-01-27 05:38 - 01734656 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-02-10 12:43 - 2016-01-27 05:37 - 04894720 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-02-10 12:43 - 2016-01-27 05:36 - 02757120 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-02-10 12:43 - 2016-01-27 05:32 - 01087488 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2016-02-10 12:43 - 2016-01-27 05:31 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\cfgbkend.dll
2016-02-10 10:29 - 2016-02-10 10:29 - 00002402 _____ C:\Users\Annabelle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-02-10 10:29 - 2016-02-10 10:29 - 00000000 ___RD C:\Users\Annabelle\OneDrive
2016-02-10 10:28 - 2016-02-10 10:29 - 00000000 ____D C:\Users\Annabelle\AppData\Local\Packages
2016-02-10 10:28 - 2016-02-10 10:28 - 00000020 ___SH C:\Users\Annabelle\ntuser.ini
2016-02-10 10:28 - 2016-02-10 10:28 - 00000000 ____D C:\Users\Annabelle\AppData\Local\TileDataLayer
2016-02-10 10:28 - 2016-02-10 10:28 - 00000000 ____D C:\Users\Annabelle\AppData\Local\Publishers
2016-02-01 09:39 - 2016-02-01 09:39 - 00000762 _____ C:\Users\PinheiroLLB\Desktop\SpeedFan.lnk
2016-02-01 09:03 - 2016-02-01 09:03 - 00000000 ____D C:\Program Files\Western Digital

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-03-01 15:21 - 2014-10-30 14:00 - 00000000 ____D C:\FRST
2016-03-01 15:18 - 2014-11-05 15:27 - 00000000 ____D C:\AdwCleaner
2016-03-01 15:01 - 2012-12-09 15:26 - 00001132 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-03-01 15:00 - 2015-09-20 18:27 - 00008192 _____ C:\WINDOWS\SysWOW64\WDPABKP.dat
2016-03-01 14:49 - 2015-06-16 08:53 - 00001248 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-942671010-3624539665-887436449-1000UA.job
2016-03-01 14:36 - 2012-10-03 14:32 - 00000000 ____D C:\Users\PinheiroLLB\AppData\Local\3687D008-A3F4-44C5-9AB9-7FFCC06ABFD1.aplzod
2016-03-01 14:24 - 2012-10-13 17:15 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-03-01 14:21 - 2014-11-05 15:11 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-03-01 14:11 - 2013-12-15 18:30 - 00000000 ____D C:\ProgramData\Package Cache
2016-03-01 14:11 - 2012-10-02 19:02 - 00000000 ____D C:\ProgramData\Avira
2016-03-01 14:11 - 2012-10-02 19:02 - 00000000 ____D C:\Program Files (x86)\Avira
2016-03-01 14:06 - 2014-11-05 15:12 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-03-01 14:01 - 2012-12-09 15:26 - 00001128 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-03-01 13:49 - 2015-06-16 08:53 - 00001196 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-942671010-3624539665-887436449-1000Core.job
2016-03-01 12:21 - 2014-12-03 14:18 - 00004162 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{261599DF-B78D-4986-93D8-1E134244C5C4}
2016-03-01 08:56 - 2016-01-16 12:35 - 02113870 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-03-01 08:56 - 2015-10-30 19:35 - 00898280 _____ C:\WINDOWS\system32\perfh007.dat
2016-03-01 08:56 - 2015-10-30 19:35 - 00201766 _____ C:\WINDOWS\system32\perfc007.dat
2016-03-01 08:56 - 2015-10-30 08:21 - 00000000 ____D C:\WINDOWS\INF
2016-03-01 08:53 - 2015-03-27 15:43 - 00000000 ___RD C:\Users\PinheiroLLB\Documents\Drives
2016-03-01 08:53 - 2015-03-27 15:42 - 00000000 ____D C:\Users\PinheiroLLB\AppData\Roaming\HORNETDRIVE
2016-03-01 08:53 - 2014-11-05 15:21 - 00000000 ___RD C:\Users\PinheiroLLB\iCloudDrive
2016-03-01 08:53 - 2013-07-25 09:15 - 00000000 ____D C:\Users\PinheiroLLB\AppData\Roaming\Dropbox
2016-03-01 08:51 - 2016-01-16 12:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-03-01 08:51 - 2016-01-16 12:35 - 00000000 ____D C:\ProgramData\NVIDIA
2016-02-29 22:09 - 2015-10-30 07:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2016-02-29 22:00 - 2014-06-03 17:32 - 00000000 ____D C:\Users\PinheiroLLB\AppData\Roaming\Skype
2016-02-29 20:42 - 2015-06-17 13:57 - 00000000 ____D C:\Users\PinheiroLLB\AppData\Roaming\AgileBits
2016-02-27 14:20 - 2016-01-16 12:36 - 00000000 ____D C:\Users\PinheiroLLB
2016-02-27 12:31 - 2015-07-03 09:51 - 00000000 ____D C:\Users\PinheiroLLB\Desktop\Dirk Projekte
2016-02-27 12:11 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-02-27 12:01 - 2014-11-05 15:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2016-02-27 11:50 - 2016-01-16 12:47 - 00000000 ____D C:\Users\PinheiroLLB\AppData\Local\Packages
2016-02-27 10:38 - 2015-05-23 13:15 - 00000000 ____D C:\Program Files (x86)\StarMoney 10
2016-02-26 13:54 - 2012-10-07 14:55 - 00000974 _____ C:\WINDOWS\Brpfx04a.ini
2016-02-26 12:08 - 2015-10-30 08:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-02-26 12:07 - 2015-03-21 20:46 - 00000000 ___RD C:\Users\PinheiroLLB\OneDrive
2016-02-26 11:15 - 2012-10-23 14:02 - 00000000 ____D C:\Users\PinheiroLLB\AppData\Roaming\PC-FAX TX
2016-02-25 22:48 - 2016-01-17 16:30 - 00002437 _____ C:\Users\PinheiroLLB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-02-24 09:20 - 2015-10-30 08:24 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-02-24 09:19 - 2013-10-09 12:24 - 00000000 ____D C:\Program Files\Microsoft Office 15
2016-02-22 12:03 - 2015-11-01 12:39 - 00002264 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-02-17 13:58 - 2016-01-16 12:32 - 00000000 ____D C:\Windows.old
2016-02-16 10:27 - 2014-06-03 17:32 - 00000000 ____D C:\ProgramData\Skype
2016-02-13 12:07 - 2014-11-05 15:21 - 00000000 ____D C:\Users\PinheiroLLB\AppData\Local\Apple Inc
2016-02-12 09:29 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\rescache
2016-02-10 20:43 - 2016-01-16 12:47 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-02-10 17:12 - 2015-10-30 19:44 - 00000000 ____D C:\Program Files\Windows Journal
2016-02-10 12:47 - 2015-10-30 08:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-02-10 12:47 - 2014-08-23 13:21 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-02-10 12:43 - 2014-08-23 13:21 - 146614896 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-02-10 10:29 - 2016-01-16 12:36 - 00000000 ____D C:\Users\Annabelle
2016-02-10 10:29 - 2015-08-27 16:44 - 00000000 ___RD C:\Users\Annabelle\iCloudDrive
2016-02-10 10:28 - 2015-08-27 16:36 - 00002354 _____ C:\Users\Annabelle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-02-10 10:28 - 2015-08-27 16:36 - 00002324 _____ C:\Users\Annabelle\Desktop\Google Chrome.lnk
2016-02-05 16:35 - 2015-11-26 17:38 - 00000000 ____D C:\ProgramData\RavensburgerTipToi3
2016-02-05 16:35 - 2015-11-26 17:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\tiptoi® Manager
2016-02-05 16:34 - 2015-11-26 17:30 - 00000000 ____D C:\Users\PinheiroLLB\.oracle_jre_usage
2016-02-05 16:34 - 2014-10-09 15:32 - 00000000 ____D C:\ProgramData\RavensburgerTipToi
2016-02-03 20:01 - 2015-10-30 08:26 - 00828920 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-02-03 20:01 - 2015-10-30 08:26 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-02-03 17:41 - 2016-01-16 12:58 - 00000000 ____D C:\Users\PinheiroLLB\AppData\Local\MicrosoftEdge
2016-02-02 13:56 - 2012-12-09 15:26 - 00004190 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-02-02 13:56 - 2012-12-09 15:26 - 00003958 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2016-02-01 09:39 - 2015-04-30 09:34 - 00000045 _____ C:\WINDOWS\SysWOW64\initdebug.nfo
2016-02-01 09:03 - 2015-09-20 10:18 - 00000000 ____D C:\ProgramData\Western Digital
2016-02-01 09:03 - 2015-09-20 10:18 - 00000000 ____D C:\Program Files\Common Files\Western Digital
2016-02-01 09:03 - 2015-09-20 10:18 - 00000000 ____D C:\Program Files (x86)\Western Digital
2016-02-01 01:06 - 2015-10-30 08:24 - 00000000 ___SD C:\WINDOWS\system32\F12
2016-02-01 01:06 - 2015-10-30 08:24 - 00000000 ___RD C:\WINDOWS\PurchaseDialog
2016-02-01 01:06 - 2015-10-30 08:24 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-02-01 01:06 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2016-02-01 01:06 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-02-01 01:06 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-02-01 01:06 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\bcastdvr

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2014-06-12 14:45 - 2014-06-12 14:45 - 0038515 _____ () C:\Users\PinheiroLLB\AppData\Roaming\Durch Trennzeichen getrennte Werte.ADR
2015-02-03 09:30 - 2015-02-03 09:41 - 0000600 _____ () C:\Users\PinheiroLLB\AppData\Local\PUTTY.RND
2013-03-31 21:56 - 2015-04-19 15:52 - 0007636 _____ () C:\Users\PinheiroLLB\AppData\Local\resmon.resmoncfg
2012-12-12 15:36 - 2013-12-11 21:20 - 0000080 _____ () C:\Users\PinheiroLLB\AppData\Local\X-Plane Installer.prf
2012-12-12 10:59 - 2014-03-15 18:34 - 0000073 _____ () C:\Users\PinheiroLLB\AppData\Local\X-Plane_drm.prf
2012-12-12 11:03 - 2012-12-26 20:13 - 0000047 _____ () C:\Users\PinheiroLLB\AppData\Local\x-plane_install_10.txt
2016-03-01 13:35 - 2016-03-01 13:35 - 0000017 _____ () C:\ProgramData\adaware-installer-reboot-required.tmp
2016-03-01 14:10 - 2016-03-01 14:10 - 0000000 _____ () C:\ProgramData\rebootpending.txt

Dateien, die verschoben oder gelöscht werden sollten:
====================
C:\Users\PinheiroLLB\FSDreamTeam_GSX.reg
C:\Users\PinheiroLLB\FSDreamTeam_JFK V2.reg
C:\Users\PinheiroLLB\FSDreamTeam_JFK.reg
C:\Users\PinheiroLLB\FSDreamTeam_KLAS.reg
C:\Users\PinheiroLLB\FSDreamTeam_Los Angeles V2.reg
C:\Users\PinheiroLLB\QualityWings_Ultimate 757 Collection.reg


Einige Dateien in TEMP:
====================
C:\Users\Annabelle\AppData\Local\Temp\avgnt.exe
C:\Users\PinheiroLLB\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap =================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert


LastRegBack: 2016-02-29 15:31

==================== Ende von FRST.txt ============================
         
und die Addition

Code:
ATTFilter
Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:27-02-2016
durchgeführt von XXX(2016-03-01 15:25:27)
Gestartet von C:\Users\PinheiroLLB\Desktop
Windows 10 Home Version 1511 (X64) (2016-01-16 11:47:43)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-942671010-3624539665-887436449-500 - Administrator - Disabled)
Annabelle (S-1-5-21-942671010-3624539665-887436449-1005 - Limited - Enabled) => C:\Users\Annabelle
DefaultAccount (S-1-5-21-942671010-3624539665-887436449-503 - Limited - Disabled)
Gast (S-1-5-21-942671010-3624539665-887436449-501 - Limited - Disabled)
YYYY (S-1-5-21-942671010-3624539665-887436449-1000 - Administrator - Enabled) => C:\Users\PinheiroLLB
UpdatusUser (S-1-5-21-942671010-3624539665-887436449-1002 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

Active Sky Advanced (HKLM-x32\...\{9B091E1C-781A-4769-9A8D-9AFB6A39EBCC}) (Version: 1.00.0316 - HiFi Flightware)
Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.14 - Adobe Systems)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.306 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\{BCFB58FF-181E-472F-A9DB-827B75C1EDF7}) (Version: 12.0.4.144 - Adobe Systems, Inc)
Aerosoft's - Aerosoft Launcher (HKLM-x32\...\{EE11CFFC-898C-4875-8A63-8B732A9AD43B}) (Version: 1.2.0.3 - Aerosoft)
Aerosoft's - Airbus A318-A319 - PREPAR3D V2.x (HKLM-x32\...\Airbus A318-A319 - PREPAR3D V2.x) (Version: 1.00 - Aerosoft)
Aerosoft's - Airbus X Extended - FSX (HKLM-x32\...\Airbus X Extended - FSX) (Version: 1.16 - Aerosoft)
Aerosoft's - Airbus X Extended - PrePar3D (HKLM-x32\...\Airbus X Extended - PrePar3D) (Version: 1.16 - Aerosoft)
Aerosoft's - Anchorage X (HKLM-x32\...\{3D88DF20-8778-422F-933D-4C4D74210045}) (Version: 1.00 - Aerosoft)
aerosoft's - FlightSim Commander 9 (HKLM-x32\...\{F941AABE-E868-42D9-9F38-884250F7898A}) (Version: 9.2.2.0 - aerosoft)
Aerosoft's - Manhattan X (HKLM-x32\...\{6ED3756D-BA23-4938-94F9-7C2BFC9B86FC}) (Version: 1.20 - Aerosoft)
aerosoft's - Mega Airport Frankfurt X (HKLM-x32\...\{BAEE0C24-C8C2-4820-9DF4-887909F1A286}) (Version: 1.04 - aerosoft)
aerosoft's - Nice Cote dAzur X (HKLM-x32\...\{90447E05-DE8E-470D-8D3E-C871D2AE74AF}) (Version: 1.10 - aerosoft)
aerosoft's - USCitiesX - San Francisco (HKLM-x32\...\{DF91C497-0315-43F9-BB85-24D82FE5B11A}) (Version: 1.01 - aerosoft)
Airbus Series 2 - Evolution Upgrade (FSX) (HKLM-x32\...\Airbus Series 2 - Evolution Upgrade (FSX)) (Version:  - )
Airbus Series Vol.2 (FS X) (HKU\S-1-5-21-942671010-3624539665-887436449-1000\...\Airbus Series Vol.2 (FS X)) (Version:  - )
Airport Amsterdam (HKLM-x32\...\Airport Amsterdam) (Version: 1.0.0.0 - Aerosoft GmbH)
Airport Zurich (HKLM-x32\...\Airport Zurich) (Version: 1.1.0.0 - Aerosoft GmbH)
AivlaSoft EFB (HKLM-x32\...\AivlaSoft EFB) (Version: 1.3.7 - AivlaSoft GmbH)
AlacrityPC (HKLM-x32\...\{B6D0F294-B844-4FAF-9993-FAC10E9E0F94}) (Version: 1.0.0 - Ken Salter)
Amazon Kindle (HKU\S-1-5-21-942671010-3624539665-887436449-1000\...\Amazon Kindle) (Version:  - Amazon)
Apple Application Support (32-Bit) (HKLM-x32\...\{7FA9ECCF-A2DE-4DA1-BFF3-81260DBDA68F}) (Version: 4.1.2 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{691F30EB-9009-475A-B8A9-E1BF39598FD5}) (Version: 4.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
BlackBox Simulation - Airbus Xtreme (Prologue) (HKLM-x32\...\BlackBox Simulation-Airbus Xtreme (Prologue)) (Version: 0.75.0 - BlackBox Simulation)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Brother MFL-Pro Suite MFC-7440N (HKLM-x32\...\{46E1B1F2-A279-4356-9B17-029F9CC72EAE}) (Version: 1.0.1.0 - Brother Industries, Ltd.)
calibre (HKLM-x32\...\{1752D07B-9BEB-414F-9B51-AA529101F0E5}) (Version: 0.9.12 - Kovid Goyal)
Canon SELPHY CP800 (HKLM\...\Canon SELPHY CP800) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 5.12 - Piriform)
Cisco AnyConnect Secure Mobility Client  (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.06073 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.06073 - Cisco Systems, Inc.) Hidden
Cisco Systems VPN Client 5.0.07.0440 (HKLM\...\{5FDC06BF-3D3D-4367-8FFB-4FAFCB61972D}) (Version: 5.0.7 - Cisco Systems, Inc.)
Citavi (HKLM-x32\...\{E12C6653-1FF0-4686-ADB8-589C13AE761F}) (Version: 3.4.0.2 - Swiss Academic Software)
Citavi 4 (HKLM-x32\...\{CC0A85B2-734A-45B3-B678-05F6A6499AC7}) (Version: 4.4.0.28 - Swiss Academic Software)
cyberJack Base Components (HKLM-x32\...\{FC338210-F594-11D3-BA24-00001C3AB4DF}) (Version: 6.10.0 - REINER SCT)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dropbox (HKU\S-1-5-21-942671010-3624539665-887436449-1000\...\Dropbox) (Version: 3.14.7 - Dropbox, Inc.)
FileZilla Client 3.9.0.3 (HKLM-x32\...\FileZilla Client) (Version: 3.9.0.3 - Tim Kosse)
Firefox Browser (remove only) (HKLM-x32\...\Firefox Browser) (Version:  - )
FlightParis Bundle (HKU\S-1-5-21-942671010-3624539665-887436449-1000\...\FlightParis Bundle) (Version:  - )
FormatFactory 3.3.5.0 (HKLM-x32\...\FormatFactory) (Version: 3.3.5.0 - Format Factory)
Fotogalerie (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
FS Global 2010 (HKLM-x32\...\FS Global 2010) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 48.0.2564.116 - Google Inc.)
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
HORNETDRIVE (HKLM-x32\...\HORNETDRIVE) (Version: 3.3.1.1086 - antispameurope GmbH)
iCloud (HKLM\...\{4B48E22A-2FB0-4EFA-B99E-954B1E50CD69}) (Version: 5.1.0.34 - Apple Inc.)
iFly Jets - The 747-400 V2 for FSX - Hotfix 1 (HKLM-x32\...\iFly Jets - The 747-400 V2 for FSX - Hotfix 1) (Version:  - )
iFly Jets - The 747-400 V2 for FSX (HKLM-x32\...\iFly Jets - The 747-400 V2 for FSX) (Version:  - )
iTunes (HKLM\...\{FBEB98F8-64E4-4FA3-A15E-4A9F42FF962E}) (Version: 12.3.2.35 - Apple Inc.)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
Junk Mail filter update (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
KeyTweak - Keyboard Remapper (remove only) (HKLM-x32\...\KeyTweak) (Version:  - )
LFPN - Toussus Le Noble FSX (HKU\S-1-5-21-942671010-3624539665-887436449-1000\...\LFPN - Toussus Le Noble FSX) (Version:  - )
Microsoft .NET Framework 1.1 (HKLM-x32\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM-x32\...\M2698023) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM-x32\...\M2833941) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM-x32\...\M979906) (Version:  - )
Microsoft .NET Framework 1.1 SP1 (HKLM\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version:  - )
Microsoft .NET Framework 1.1 SP1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft ESP SimConnect Client v1.0.20.0 (HKLM-x32\...\{C0A9FCC1-9725-4679-8AC2-FE501B139B63}) (Version: 1.0.20.0 - Microsoft Corporation)
Microsoft Flight Simulator SimConnect Client v10.0.60905.0 (HKLM-x32\...\{D1AC9B0B-2727-4811-91DC-1FC3C4E47A9B}) (Version: 10.0.60905.0 - Microsoft Corporation)
Microsoft Flight Simulator SimConnect Client v10.0.61242.0 (HKLM-x32\...\{85DF6786-66AA-42EE-8616-AE456B07BD99}) (Version: 10.0.61242.0 - Microsoft Corporation)
Microsoft Flight Simulator SimConnect Client v10.0.61259.0 (HKLM-x32\...\{D61CA184-3F6D-4A50-B2CC-7A18447D6A8D}) (Version: 10.0.61259.0 - Microsoft Corporation)
Microsoft Flight Simulator X Service Pack 2 (HKLM-x32\...\{E7CC4B85-DC2F-463F-8FEB-E7398E25C19A}) (Version: 10.0.61472.0 - Microsoft Game Studios)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0407-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 - de-de (HKLM\...\ProPlusRetail - de-de) (Version: 15.0.4797.1003 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-942671010-3624539665-887436449-1000\...\OneDriveSetup.exe) (Version: 17.3.1229.0918 - Microsoft Corporation)
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit (HKLM-x32\...\{95140000-007D-0409-0000-0000000FF1CE}) (Version: 14.0.5120.5000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 - ENU (HKLM-x32\...\{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 Runtime (HKLM-x32\...\{299C0434-4F4E-341F-A916-4E07AEB35E79}) (Version: 9.0.30729 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser und SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
NavDataPro (HKLM-x32\...\NavDataPro) (Version: 1.0.1.6 - Aerosoft GmbH)
NVIDIA 3D Vision Controller-Treiber 314.07 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 314.07 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 314.07 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 314.07 - NVIDIA Corporation)
NVIDIA Grafiktreiber 314.07 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 314.07 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.23.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.23.1 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.12.1031 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA Update 1.12.12 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.12.12 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4797.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4797.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4797.1003 - Microsoft Corporation) Hidden
Paragon Festplatten Manager 10 - Drive Backup (HKLM-x32\...\{F8013DD1-574B-4921-A473-88A2F7A34D16}) (Version: 90.00.0003 - Paragon Software)
Paragon Festplatten Manager 10 - Partition Manager (HKLM\...\{986A654F-F1E4-11DD-9FCA-005056C00008}) (Version: 90.00.0003 - Paragon Software)
Parallels runtime modules (x32 Version: 1.00.0000 - Parallels) Hidden
Parallels USB Driver (x32 Version: 6.00.23046 - Parallels) Hidden
PMDG 737 6700 NGX RTM (HKLM-x32\...\{C7EE862A-D83D-4A9F-B746-CBDE39BD7001}) (Version: 1.00.3219 - PMDG Simulations, LLC.)
PMDG 737 8900 NGX (HKLM-x32\...\{20708FD5-E94D-4097-A21E-E28564CDBC06}) (Version: 1.00.3219 - PMDG Simulations, LLC.)
PMDG 777-200LR/F Base Package FSX (HKLM-x32\...\{0F16340B-5B5B-4531-8D87-4952E3BCA6E6}) (Version: 1.10.6061 - PMDG Simulations, LLC.)
PMDG MD-11 (FSX version of COMBO) (HKLM-x32\...\{CED6EAB9-9FFD-44B2-939A-D77905AD35F3}) (Version: 1.00.0003 - Precision Manuals Development Group)
PMDGMD11X_GE_AA (HKLM-x32\...\{ABB4DB59-0284-414D-9346-4992E1856E7F}) (Version: 1.00.0000 - Precision Manuals Development Group)
PMDGMD11X_GE_LH (HKLM-x32\...\{3DB1F8B4-96A5-45B8-9C50-CB5828A0B1C6}) (Version: 1.00.0000 - Precision Manuals Development Group)
PMDGMD11X_PW_SR1 (HKLM-x32\...\{E5F249B9-4A7F-482E-951D-005F47F06A43}) (Version: 1.00.0000 - Precision Manuals Development Group)
PMDGMD11XF_GE_LHF (HKLM-x32\...\{93ACD680-40F5-4D37-BC07-52FD96AFDDCD}) (Version: 1.00.0000 - Precision Manuals Development Group)
Prepar3D v2 Academic (HKLM-x32\...\{92B3FF8A-3C33-4EFC-850D-CF29E54292D9}) (Version: 2.4.11570.0 - Lockheed Martin)
Prepar3D v2 Academic (x32 Version: 2.0.9448.0 - Lockheed Martin) Hidden
Professional Flight Planner X (HKLM-x32\...\{1A5D2729-4A3B-4CD5-85C8-4896FD44B78D}) (Version: 1.19 - aerosoft)
RAAS Professional by FS2Crew (LOCKED) (HKLM-x32\...\RAAS Professional by FS2Crew (LOCKED)) (Version:  - )
Ravensburger tiptoi (HKLM-x32\...\Ravensburger tiptoi) (Version:  - )
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.49.927.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6526 - Realtek Semiconductor Corp.)
REX Essential Plus Overdrive (HKLM-x32\...\{9F30A684-44DC-4BDF-89ED-70F9021B851F}) (Version: 3.5.2012.1029 - REX Game Studios)
SanDiskSecureAccess_Manager.exe (HKU\S-1-5-21-942671010-3624539665-887436449-1000\...\@@__UNKNOWN__@@SanDiskSecureAccess_Manager.exe) (Version: 1.1.19755 - Gemalto N.V.)
Sigel Beschriftungs-Software für Überweisung und Lastschrift (HKLM-x32\...\Sigel Beschriftungs-Software für Überweisung und Lastschrift) (Version:  - )
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.0.0.9103 - Microsoft Corporation)
Skype™ 7.18 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.18.112 - Skype Technologies S.A.)
Smart Technology Programming Software 7.0.19.4 (HKLM\...\{1970C821-567B-415F-982C-134CB8FB8DAA}) (Version: 7.0.19.4 - Mad Catz)
SnapAPI (x32 Version: 4.2.709 - Acronis) Hidden
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
StarMoney (x32 Version: 3.0.5.8 - StarFinanz) Hidden
StarMoney (x32 Version: 5.0.0.226 - StarFinanz) Hidden
StarMoney 10  (HKLM-x32\...\{86B730BC-FFDF-4B50-9127-851A6F152A68}) (Version: 10 - Star Finanz GmbH)
StarMoney 8.0  (HKLM-x32\...\{EF2BE7ED-FE44-49B4-A6C3-919CE4790FDE}) (Version: 8.0 - Star Finanz GmbH)
Streamripper (Remove only) (HKLM-x32\...\Streamripper) (Version:  - )
Streamripper Plugin 1.61.27 (Remove only) (HKLM-x32\...\Streamripper.Plugin) (Version:  - )
sv.net (HKLM-x32\...\sv.net) (Version: 15.0 - ITSG GmbH)
syngo fastView (HKLM-x32\...\{4CF46E90-60EC-4177-9BE7-5F4BE89BC2E7}) (Version: VX57L38 - Siemens MedSW)
tiptoi® Manager 3.0.9 (HKLM-x32\...\9978-5763-2995-5228) (Version: 3.0.9 - Ravensburger AG)
TOPCAT 2.74 Beta 1 - Take-Off and Landing Performance Calculation Tool (HKLM-x32\...\TOPCAT) (Version: 2.74 Beta 1 - FSS GmbH)
UK2000 Heathrow Xtreme FSX  (HKLM-x32\...\UK2000 Heathrow Xtreme FSX) (Version: 3.0 - UK2000 Scenery)
Ultimate Terrain X - Europe (HKU\S-1-5-21-942671010-3624539665-887436449-1000\...\Ultimate Terrain X - Europe) (Version:  - )
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 2.1.0 (HKLM-x32\...\VLC media player) (Version: 2.1.0 - VideoLAN)
vroute.info premium - 1  (HKU\S-1-5-21-942671010-3624539665-887436449-1000\...\b4d9024f4f0aca8c) (Version: 2.1.0.8 - vroute)
vroute.info premium (HKU\S-1-5-21-942671010-3624539665-887436449-1000\...\e16201be0cba039f) (Version: 2.0.7.6 - vroute)
WD Quick View (HKLM-x32\...\{4D0776BB-71B7-49A2-A439-24791A4620E1}) (Version: 2.4.14.13 - Western Digital Technologies, Inc.)
WD SmartWare (HKLM\...\{37BF2365-3EC7-45E4-9D88-61489F932A0B}) (Version: 2.4.14.13 - Western Digital Technologies, Inc.)
WD SmartWare Installer (HKLM-x32\...\{e72369b3-306a-4d10-a766-3433a65e8dc2}) (Version: 2.4.14.13 - Western Digital Technologies, Inc.)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
Winamp Erkennungs-Plug-in (HKU\S-1-5-21-942671010-3624539665-887436449-1000\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
WinRAR (HKLM\...\WinRAR archiver) (Version:  - )
WISO Steuer-Sparbuch 2014 (HKLM-x32\...\{4C810612-124B-4610-93ED-EF7357EA3EDC}) (Version: 21.00.8480 - Buhl Data Service GmbH)
X-FMC (HKLM-x32\...\{D215611B-8A8A-4914-9C23-2EF36D8926CF}) (Version: 2.02 - X-FMC)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

CustomCLSID: HKU\S-1-5-21-942671010-3624539665-887436449-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-942671010-3624539665-887436449-1000_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\PinheiroLLB\AppData\Local\Microsoft\OneDrive\17.3.6301.0127_10\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-942671010-3624539665-887436449-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-942671010-3624539665-887436449-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-942671010-3624539665-887436449-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-942671010-3624539665-887436449-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-942671010-3624539665-887436449-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-942671010-3624539665-887436449-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-942671010-3624539665-887436449-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-942671010-3624539665-887436449-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-942671010-3624539665-887436449-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-942671010-3624539665-887436449-1000_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll (Dropbox, Inc.)

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {02D25461-8A94-4339-A4D5-72C73FD06B6C} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe
Task: {0F573DF1-69F4-4F53-BFBA-5FC40A9A94B5} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-11-16] (Piriform Ltd)
Task: {1532C4A2-9F69-4730-90F8-87E7A44A77EB} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> Keine Datei <==== ACHTUNG
Task: {1ED0FEE3-A4D0-4AF9-AAD3-505787FD7706} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe
Task: {24C3E746-6452-459A-9E93-1D4A301F67D8} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Keine Datei <==== ACHTUNG
Task: {24FE594B-CC16-4D77-9ED0-7C8E004CD7C2} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Keine Datei <==== ACHTUNG
Task: {25C56614-3CEB-425E-B763-7EC3A508A8AF} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
Task: {2890FDBB-5547-411D-B472-DDE879ADECF1} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe
Task: {33CC8B4F-0F03-4A72-9D9B-A4E7A5401D58} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Keine Datei <==== ACHTUNG
Task: {3C8E7229-112A-4E9D-95CD-B4653A68A123} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe
Task: {42DFD782-7241-449A-9C16-3000CE033C0A} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {450FDACD-9D90-47E7-BADD-C82B624584E3} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {4B09F0D2-A506-4779-9266-C98EA768DA2C} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe
Task: {4E59ED50-C5D8-4246-B1B7-C6ADB65E1BBB} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated)
Task: {4F953E1E-7E9C-4C24-AF6C-86D67D0CDE06} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {5749FA15-E717-4A30-B3C4-9BACA05290F3} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {594C849D-DC95-4323-8508-0708E7A37F53} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe
Task: {5BD7EE29-8843-48EB-A95A-6EA3038E324B} - System32\Tasks\{00710EDC-947D-4257-A20C-2F1780679420} => pcalua.exe -a C:\Users\PinheiroLLB\Downloads\HiJackThis204.exe -d C:\Users\PinheiroLLB\Downloads
Task: {5F1EEA42-3777-40A9-8848-E702D088879E} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Keine Datei <==== ACHTUNG
Task: {5F9C8D7F-FFD1-424B-9A3B-28358D50D00A} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Keine Datei <==== ACHTUNG
Task: {6022AE36-967A-4366-A241-0B17AECD3994} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe
Task: {63036FEE-3754-4790-89F4-1ED53D884167} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe
Task: {68EE2EE5-CEE9-4781-8896-8CCACB349052} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-942671010-3624539665-887436449-1000Core => C:\Users\PinheiroLLB\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-16] (Dropbox, Inc.)
Task: {6E49DF11-B1BF-4839-B13B-43D9265A4662} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-01-12] (Microsoft Corporation)
Task: {712C6861-2B14-4E72-92BA-22B6921FE2B7} - System32\Tasks\Microsoft\Windows\Wired\GatherWiredInfo => C:\Windows\system32\gatherWiredInfo.vbs
Task: {72F91625-792E-40F4-AFDE-2057734E5437} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {772513A8-461E-40B1-87E1-4D62F8FABC73} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-01] (Google Inc.)
Task: {7E0C0633-D75D-4E6A-AE88-7D42E6BB5D2C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-01] (Google Inc.)
Task: {8632EC4F-0DF6-4982-A891-19549646C625} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> Keine Datei <==== ACHTUNG
Task: {8C7F210B-7703-4060-A8DC-CBD99340D288} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-942671010-3624539665-887436449-1000UA => C:\Users\PinheiroLLB\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-16] (Dropbox, Inc.)
Task: {8CFC4F80-28AD-4DCB-9F59-BDB30B2DA204} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {93738455-319D-416A-B75D-67EA051F549C} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Keine Datei <==== ACHTUNG
Task: {99D23324-7E7F-440F-84AE-619A09734666} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Keine Datei <==== ACHTUNG
Task: {9B3BF89F-8FEB-485D-9B24-A0A9B726B7AA} - System32\Tasks\{F52C3292-A378-48F7-A667-A31DC6B87BB1} => pcalua.exe -a C:\Users\PinheiroLLB\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe -c --uninstall
Task: {A798075D-9298-4A5C-8106-5A9354F2C71D} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe
Task: {B1F34822-C928-4172-BEC2-E216460AD834} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-10-27] (Microsoft Corporation)
Task: {B49948F7-0663-4509-8CA6-74FD32D92D78} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe
Task: {B57A3EAC-F055-412B-BC48-A3BCFD9A5CB1} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Keine Datei <==== ACHTUNG
Task: {B6493125-CB5A-44E4-8066-2A83AEA5FC4B} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-26] (Apple Inc.)
Task: {B9659609-4FBC-4382-83CF-A12B9611AA77} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Keine Datei <==== ACHTUNG
Task: {C1D527F1-8D21-4B03-96A2-9933D46769E2} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {CB89D200-0D95-4C40-A985-BB43DDC565C3} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe
Task: {CBCB9AF3-FFCB-4AA5-9056-60961A31B62A} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {CE93E2C0-739D-4B04-B488-81855FD931D2} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-01-12] (Microsoft Corporation)
Task: {D2CCA1E3-A332-44F1-9A9A-4A1504CAA72E} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe
Task: {D7E167E5-6342-4269-86B4-3A08BD29135A} - System32\Tasks\{955920E4-E7F9-47CF-94C4-F8E6A61CB687} => pcalua.exe -a E:\.\windows\setup.exe -d E:\ -c .\windows
Task: {DC69A008-8069-4715-B7E8-FB5259456527} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Keine Datei <==== ACHTUNG
Task: {DDCC7B16-F1DF-42C3-A419-6F0CE2D85D11} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-10-27] (Microsoft Corporation)
Task: {E841B6A3-96C0-4E06-8611-A489C577F14A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-02-10] (Adobe Systems Incorporated)
Task: {E91D6474-70CC-42BE-80FF-8BED8AF557ED} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs
Task: {EAE387B3-2F6F-42BD-8A03-CF8A8B0EA352} - System32\Tasks\Western Digital\SmartWare\____Volume_cdbdcca7_0ca1_11e2_be20_806e6f6e6963__uuid_73656761_7465_7375_636b_0090a93953b9_SmartWare_ => C:\Program Files (x86)\Western Digital\WD SmartWare\BackupTask.exe [2015-10-28] (Western Digital Technologies, Inc.)
Task: {F544E0DA-E797-45D4-A13A-609AFD9B3E99} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe
Task: {FE2F7AF1-CDDD-4CB5-ACBF-B8D6C2318E16} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-942671010-3624539665-887436449-1000Core.job => C:\Users\PinheiroLLB\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-942671010-3624539665-887436449-1000UA.job => C:\Users\PinheiroLLB\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Verknüpfungen =============================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2015-10-30 08:17 - 2015-10-30 08:17 - 00028672 _____ () C:\WINDOWS\SYSTEM32\efsext.dll
2015-10-30 08:18 - 2015-10-30 08:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2012-10-07 14:55 - 2005-04-22 12:36 - 00143360 _____ () C:\WINDOWS\system32\BrSNMP64.dll
2016-01-16 12:32 - 2016-01-16 12:32 - 02653816 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-01-16 12:32 - 2016-01-16 12:32 - 02653816 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2014-05-01 20:29 - 2014-05-01 20:29 - 00098304 _____ () G:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2012-10-07 19:37 - 2010-03-15 10:28 - 00166400 _____ () G:\Program Files\WinRAR\rarext.dll
2014-08-12 09:11 - 2015-10-13 04:34 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2016-01-22 09:43 - 2016-01-22 09:43 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2015-02-13 04:20 - 2015-02-13 04:20 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-10-13 05:45 - 2015-10-13 05:45 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-01-16 12:32 - 2016-01-16 12:32 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-01-16 12:32 - 2016-01-16 12:32 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-01-16 12:32 - 2016-01-16 12:32 - 00936960 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2016-01-29 17:25 - 2016-01-16 06:10 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-01-29 17:25 - 2016-01-16 06:13 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-01-16 12:32 - 2016-01-16 12:32 - 00529408 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.NodeWinrtWrap.dll
2015-10-30 08:18 - 2015-10-30 19:44 - 00037888 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\winrt-projections\bin\Winrt_Projections.node
2015-10-30 08:18 - 2015-10-30 19:44 - 00796160 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.web.http\bin\NodeRT_Windows_Web_Http.node
2015-10-30 08:18 - 2015-10-30 19:44 - 00961024 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.web.http.headers\bin\NodeRT_Windows_Web_Http_Headers.node
2015-10-30 08:18 - 2015-10-30 19:44 - 00206336 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.web.http.filters\bin\NodeRT_Windows_Web_Http_Filters.node
2015-10-30 08:18 - 2015-10-30 19:44 - 00558592 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.storage.streams\bin\NodeRT_Windows_Storage_Streams.node
2015-10-30 08:18 - 2015-10-30 19:44 - 00397824 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.foundation\bin\NodeRT_Windows_Foundation.node
2015-10-30 08:18 - 2015-10-30 19:44 - 00181248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\nodert-buffer-utils\bin\NodeRT_Buffer_Utils.node
2015-10-30 08:18 - 2015-10-30 19:44 - 00093696 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.security.cryptography\bin\NodeRT_Windows_Security_Cryptography.node
2015-10-30 08:18 - 2015-10-30 19:43 - 00200192 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.cortana.pal\bin\NodeRT_Windows_Cortana_PAL.node
2016-01-16 12:32 - 2016-01-16 12:32 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-01-16 12:32 - 2016-01-16 12:32 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2014-11-19 16:36 - 2014-11-19 16:36 - 00063376 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
2015-10-13 05:46 - 2015-10-13 05:46 - 01040144 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2015-10-13 05:45 - 2015-10-13 05:45 - 00237328 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll
2016-01-22 09:43 - 2016-01-22 09:43 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-01-22 09:43 - 2016-01-22 09:43 - 22330368 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2016-02-22 12:03 - 2016-02-18 05:14 - 01630360 _____ () C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.116\libglesv2.dll
2016-02-22 12:03 - 2016-02-18 05:14 - 00085656 _____ () C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.116\libegl.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)

AlternateDataStreams: C:\ProgramData\TEMP:74603393
AlternateDataStreams: C:\Users\PinheiroLLB\.DS_Store:AFP_AfpInfo

==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)


==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)

IE trusted site: HKU\S-1-5-21-942671010-3624539665-887436449-1000\...\uni-koeln.de -> hxxps://vpngate.uni-koeln.de

==================== Hosts Inhalt: ===============================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2006-11-02 13:34 - 2014-11-04 19:19 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1       localhost

==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-942671010-3624539665-887436449-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\PinheiroLLB\AppData\Local\Microsoft\Windows\Themes\img17.jpg
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKLM\...\StartupApproved\Run32: => "ControlCenter3"
HKU\S-1-5-21-942671010-3624539665-887436449-1000\...\StartupApproved\Run: => "SkyDrive"

==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808
FirewallRules: [{DABF8B65-4EAD-47C6-A76A-6975F9BF0179}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{9080D6F9-11C2-4943-BD3A-590E7206B865}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{D44E990A-1C0E-471A-ABE4-396F9F7F716C}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{63AB1C45-34BD-4D72-AAA9-2579C3E52970}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{1DCDF590-12BC-412B-8E4D-EB237E660A9D}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{34A0857F-C12A-4857-BAF3-F3183506780C}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{F5F240FD-C28C-475F-8D57-12FE0409FF6E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{3DF0AC30-998F-4392-BDC9-04D11149AF0C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{46DB165E-B162-4947-BAED-DE0F73061D82}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{A06FB2EB-6751-4290-8ADF-808F1F95E459}] => (Allow) G:\Program Files (x86)\ATOMI\ActivePresenter\rlupdater.exe
FirewallRules: [{3FBA1DE5-90DB-4E5B-A899-EC39324C8758}] => (Allow) G:\Program Files (x86)\ATOMI\ActivePresenter\rlupdater.exe
FirewallRules: [{7D4A5320-14D6-4D2D-AAD6-14C4E76F22EB}] => (Allow) G:\Program Files (x86)\ATOMI\ActivePresenter\rlactivator.exe
FirewallRules: [{26ABC75B-081D-4BFA-9E34-D779EC269C7C}] => (Allow) G:\Program Files (x86)\ATOMI\ActivePresenter\rlactivator.exe
FirewallRules: [{1517D475-0977-4EB2-A9CC-8BBF78AE57FF}] => (Allow) G:\Program Files (x86)\ATOMI\ActivePresenter\rlhtmlrenderer.exe
FirewallRules: [{ABFCAD0D-7E63-4FF4-A893-347D268471B0}] => (Allow) G:\Program Files (x86)\ATOMI\ActivePresenter\rlhtmlrenderer.exe
FirewallRules: [{7E4A4DD7-EBE8-48E1-B6FD-8541EE2E117F}] => (Allow) G:\Program Files (x86)\ATOMI\ActivePresenter\ActivePresenter.exe
FirewallRules: [{E9E752E9-5DEE-472B-A115-6EFF96E20235}] => (Allow) G:\Program Files (x86)\ATOMI\ActivePresenter\ActivePresenter.exe
FirewallRules: [{B8F9E71D-A404-448E-B998-EB23552B5DE0}] => (Allow) G:\Program Files (x86)\ATOMI\ActivePresenter\rlupdater.exe
FirewallRules: [{79D79628-82B0-4F24-BAB8-2CF6172C7C32}] => (Allow) G:\Program Files (x86)\ATOMI\ActivePresenter\rlupdater.exe
FirewallRules: [{4D047BB9-FA13-412E-855D-692DBFA3A480}] => (Allow) G:\Program Files (x86)\ATOMI\ActivePresenter\rlactivator.exe
FirewallRules: [{BFFDFB52-BD9A-4B44-A540-2D634D7713C1}] => (Allow) G:\Program Files (x86)\ATOMI\ActivePresenter\rlactivator.exe
FirewallRules: [{D84594B8-98CF-407E-9821-BED784B894CB}] => (Allow) G:\Program Files (x86)\ATOMI\ActivePresenter\rlhtmlrenderer.exe
FirewallRules: [{F3943234-A711-4457-ACA4-5B150D204FA8}] => (Allow) G:\Program Files (x86)\ATOMI\ActivePresenter\rlhtmlrenderer.exe
FirewallRules: [{5B9AEDAF-67CD-4C6B-B1A7-3930D43F85DD}] => (Allow) G:\Program Files (x86)\ATOMI\ActivePresenter\ActivePresenter.exe
FirewallRules: [{D26CE3FE-3718-4490-BDB0-2968380BE985}] => (Allow) G:\Program Files (x86)\ATOMI\ActivePresenter\ActivePresenter.exe
FirewallRules: [UDP Query User{E0F078E5-80F8-432B-9BE2-6273EB952751}G:\program files (x86)\1password 4\1password.exe] => (Allow) G:\program files (x86)\1password 4\1password.exe
FirewallRules: [TCP Query User{3BF9C57B-CEAB-4E39-8FA4-4F3768757B80}G:\program files (x86)\1password 4\1password.exe] => (Allow) G:\program files (x86)\1password 4\1password.exe
FirewallRules: [{C1D66DB4-22F1-4051-9C54-F6B3BA25FE43}] => (Allow) C:\Program Files (x86)\StarMoney 10\app\StarMoney.exe
FirewallRules: [{0F552548-4FB8-4928-A0C4-91EB93ADF1D4}] => (Allow) C:\Program Files (x86)\StarMoney 10\app\StarMoney.exe
FirewallRules: [{BB98C012-9C7F-4C38-8F56-EE99D703B5BE}] => (Allow) C:\Program Files (x86)\StarMoney 10\ouservice\StarMoneyOnlineUpdate.exe
FirewallRules: [{8630D67C-7F10-4BB6-8D44-29B9C6950C68}] => (Allow) C:\Program Files (x86)\StarMoney 10\ouservice\StarMoneyOnlineUpdate.exe
FirewallRules: [{FE8617D4-1406-44EB-AD00-EC64AEFA4D78}] => (Allow) C:\Users\PinheiroLLB\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{D79C223F-85B8-4E9B-8DAB-E30279A3E188}] => (Allow) C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{507BDD47-791E-4A45-9CA4-875E7A922369}] => (Allow) C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{4C2A0F0D-84BC-46EE-9F39-67AFF1FAE1D2}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{9B4613FA-3B91-4499-AA4F-95F2847B0063}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{FE01352C-66CD-45A2-8539-5E7220DEC187}] => (Allow) LPort=4500
FirewallRules: [{CF7056F1-23C0-4B24-A238-EB0C4ABB181E}] => (Allow) LPort=10000
FirewallRules: [{D85A221E-73D2-47CD-8A86-CA370C816E06}] => (Allow) LPort=500
FirewallRules: [UDP Query User{F8D61252-179D-4599-9382-7B1513B8BE84}F:\microsoft games\microsoft flight simulator x\aerosoft\airbus x extended\airbusxconnectextended_ipad_mod_v1.4.exe] => (Allow) F:\microsoft games\microsoft flight simulator x\aerosoft\airbus x extended\airbusxconnectextended_ipad_mod_v1.4.exe
FirewallRules: [TCP Query User{DB04BFEF-4A51-4A8D-95B8-4F99B034EF3C}F:\microsoft games\microsoft flight simulator x\aerosoft\airbus x extended\airbusxconnectextended_ipad_mod_v1.4.exe] => (Allow) F:\microsoft games\microsoft flight simulator x\aerosoft\airbus x extended\airbusxconnectextended_ipad_mod_v1.4.exe
FirewallRules: [UDP Query User{A9CBE811-BD24-49BF-8E15-580CF9FC98F1}H:\program files (x86)\lockheed martin\prepar3d v2\aerosoft\airbus x extended\airbusxconnectextended.exe] => (Allow) H:\program files (x86)\lockheed martin\prepar3d v2\aerosoft\airbus x extended\airbusxconnectextended.exe
FirewallRules: [TCP Query User{82786FD4-1425-4C05-BE85-B725BCC2C878}H:\program files (x86)\lockheed martin\prepar3d v2\aerosoft\airbus x extended\airbusxconnectextended.exe] => (Allow) H:\program files (x86)\lockheed martin\prepar3d v2\aerosoft\airbus x extended\airbusxconnectextended.exe
FirewallRules: [{D093013E-0821-41DA-83D4-6EEEFFD480B9}] => (Allow) H:\Program Files (x86)\Lockheed Martin\Prepar3D v2\Prepar3D.exe
FirewallRules: [{3A762963-6493-4B6D-9EB3-B14251B0BC95}] => (Allow) H:\Program Files (x86)\Lockheed Martin\Prepar3D v2\Prepar3D.exe
FirewallRules: [UDP Query User{5A31A57E-D4CC-4318-8FD7-A3ABE2BCA9BC}F:\program files\ivao\ivai\ivai.exe] => (Allow) F:\program files\ivao\ivai\ivai.exe
FirewallRules: [TCP Query User{DDEC5E28-CC7C-4CB9-A741-3E24FE1AEED1}F:\program files\ivao\ivai\ivai.exe] => (Allow) F:\program files\ivao\ivai\ivai.exe
FirewallRules: [{51038772-1D25-49D1-8BE6-3F939F655994}] => (Allow) G:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{5D30B5BE-E3D4-42F1-80C9-5045A31DE548}] => (Allow) G:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [UDP Query User{67AC74AE-F3E2-4095-9813-744AB8E0C987}F:\program files (x86)\aivlasoft\efb\aivlasoft.efb.displayunit.exe] => (Allow) F:\program files (x86)\aivlasoft\efb\aivlasoft.efb.displayunit.exe
FirewallRules: [TCP Query User{4B96B91D-C891-4850-BADD-529CD5EBE506}F:\program files (x86)\aivlasoft\efb\aivlasoft.efb.displayunit.exe] => (Allow) F:\program files (x86)\aivlasoft\efb\aivlasoft.efb.displayunit.exe
FirewallRules: [UDP Query User{72B00CC3-A400-41D8-A027-C8482C163A11}C:\users\pinheirollb\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\pinheirollb\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [TCP Query User{3E711164-2730-4735-AE10-8D8E0A393D4B}C:\users\pinheirollb\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\pinheirollb\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{E28D8A5E-6ADD-43CF-8702-E18FAF86D751}F:\program files (x86)\aivlasoft\efb\aivlasoft.efb.dataprovider.exe] => (Allow) F:\program files (x86)\aivlasoft\efb\aivlasoft.efb.dataprovider.exe
FirewallRules: [TCP Query User{8D50B573-4756-4BC8-8EA8-8DE1E888C5E1}F:\program files (x86)\aivlasoft\efb\aivlasoft.efb.dataprovider.exe] => (Allow) F:\program files (x86)\aivlasoft\efb\aivlasoft.efb.dataprovider.exe
FirewallRules: [{3E31C00A-5DC9-4B81-B4C3-3710D245EF2C}] => (Allow) LPort=1900
FirewallRules: [{7220DCA1-8511-4950-B0AD-E1CCD4AF7B42}] => (Allow) LPort=2869
FirewallRules: [{36FCB705-AC62-43A4-9927-E6682197E73D}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{19D68882-2617-4759-B846-B5A344854A41}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{F91326F8-3F6A-458C-AA30-F0E7F8C00319}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [UDP Query User{6B7C2993-BAA9-40BB-88E5-ECF227ACADC0}H:\x-plane 10\x-plane-32bit.exe] => (Allow) H:\x-plane 10\x-plane-32bit.exe
FirewallRules: [TCP Query User{3F36C02A-F6EE-4F7D-8CF5-19B1AACBA089}H:\x-plane 10\x-plane-32bit.exe] => (Allow) H:\x-plane 10\x-plane-32bit.exe
FirewallRules: [UDP Query User{D02E9227-ECD3-4C95-BCAE-7AEA76AA77BC}F:\microsoft games\microsoft flight simulator x\aerosoft\airbus x extended\airbusxconnectextended.exe] => (Allow) F:\microsoft games\microsoft flight simulator x\aerosoft\airbus x extended\airbusxconnectextended.exe
FirewallRules: [TCP Query User{DFF071A9-8E9F-4041-848E-AE65E30CC6FA}F:\microsoft games\microsoft flight simulator x\aerosoft\airbus x extended\airbusxconnectextended.exe] => (Allow) F:\microsoft games\microsoft flight simulator x\aerosoft\airbus x extended\airbusxconnectextended.exe
FirewallRules: [UDP Query User{EFAE5E0B-AB66-46BC-B914-8E5E23EAD514}H:\x-plane 10\x-plane.exe] => (Allow) H:\x-plane 10\x-plane.exe
FirewallRules: [TCP Query User{3ADA6EFB-0E17-40CE-B989-8515A78E35A7}H:\x-plane 10\x-plane.exe] => (Allow) H:\x-plane 10\x-plane.exe
FirewallRules: [{AFFA48EF-62B0-4D5B-A60A-30EEDE5D6A7C}] => (Allow) LPort=54925
FirewallRules: [{1D481604-9168-4D80-8823-E8EB9A391C0F}] => (Allow) C:\Program Files (x86)\Brother\Brmfl07b\FAXRX.exe
FirewallRules: [{859F9BF3-5318-4FAD-8E64-B3ECF1BC1F1A}] => (Allow) C:\Program Files (x86)\Brother\Brmfl07b\FAXRX.exe
FirewallRules: [{858C7A23-E377-463C-9637-DF2046E41CF8}] => (Allow) G:\Program Files (x86)\StarMoney 8.0\app\StarMoney.exe
FirewallRules: [{5D17DB09-8083-4EE6-A9F0-31388644D735}] => (Allow) G:\Program Files (x86)\StarMoney 8.0\app\StarMoney.exe
FirewallRules: [{3CF72D51-4E7A-4E4D-9BAC-A9124934E19B}] => (Allow) G:\Program Files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe
FirewallRules: [{1C9BDFCE-7C41-45A9-9784-8669270E2371}] => (Allow) G:\Program Files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe
FirewallRules: [{E9D1C01F-8F2E-45F9-80A7-C5366AF5719E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{EE1E4EFA-EBFF-4241-914D-5F0151A50170}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{40291CBD-534A-4967-815A-104A7910DD39}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{EE9F1749-47FC-4F7D-AEB9-4A1B3E664280}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{83973102-9920-47E8-8CE9-BED29C2CED10}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{445E180C-2AE7-4FEF-A1CC-248CD1C0FBB5}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{EB36A764-5C91-4C27-ABFB-557AE031B835}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Wiederherstellungspunkte =========================

ACHTUNG: Systemwiederherstellung ist deaktiviert

==================== Fehlerhafte Geräte im Gerätemanager =============

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Unbekanntes USB-Gerät (Fehler beim Anfordern einer Gerätebeschreibung.)
Description: Unbekanntes USB-Gerät (Fehler beim Anfordern einer Gerätebeschreibung.)
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard-USB-Hostcontroller)
Service: 
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation. 


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (03/01/2016 03:21:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: AppleChromeDAV.exe, Version: 1.4.20.0, Zeitstempel: 0x5551e31d
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x003e002f
ID des fehlerhaften Prozesses: 0x2dac
Startzeit der fehlerhaften Anwendung: 0xAppleChromeDAV.exe0
Pfad der fehlerhaften Anwendung: AppleChromeDAV.exe1
Pfad des fehlerhaften Moduls: AppleChromeDAV.exe2
Berichtskennung: AppleChromeDAV.exe3
Vollständiger Name des fehlerhaften Pakets: AppleChromeDAV.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: AppleChromeDAV.exe5

Error: (03/01/2016 03:19:53 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528.manifest.

Error: (03/01/2016 03:08:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: AppleChromeDAV.exe, Version: 1.4.20.0, Zeitstempel: 0x5551e31d
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x003e002f
ID des fehlerhaften Prozesses: 0x1fd4
Startzeit der fehlerhaften Anwendung: 0xAppleChromeDAV.exe0
Pfad der fehlerhaften Anwendung: AppleChromeDAV.exe1
Pfad des fehlerhaften Moduls: AppleChromeDAV.exe2
Berichtskennung: AppleChromeDAV.exe3
Vollständiger Name des fehlerhaften Pakets: AppleChromeDAV.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: AppleChromeDAV.exe5

Error: (03/01/2016 03:04:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: AppleChromeDAV.exe, Version: 1.4.20.0, Zeitstempel: 0x5551e31d
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x003e002f
ID des fehlerhaften Prozesses: 0x35c0
Startzeit der fehlerhaften Anwendung: 0xAppleChromeDAV.exe0
Pfad der fehlerhaften Anwendung: AppleChromeDAV.exe1
Pfad des fehlerhaften Moduls: AppleChromeDAV.exe2
Berichtskennung: AppleChromeDAV.exe3
Vollständiger Name des fehlerhaften Pakets: AppleChromeDAV.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: AppleChromeDAV.exe5

Error: (03/01/2016 03:01:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: AppleChromeDAV.exe, Version: 1.4.20.0, Zeitstempel: 0x5551e31d
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x003e002f
ID des fehlerhaften Prozesses: 0x15e0
Startzeit der fehlerhaften Anwendung: 0xAppleChromeDAV.exe0
Pfad der fehlerhaften Anwendung: AppleChromeDAV.exe1
Pfad des fehlerhaften Moduls: AppleChromeDAV.exe2
Berichtskennung: AppleChromeDAV.exe3
Vollständiger Name des fehlerhaften Pakets: AppleChromeDAV.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: AppleChromeDAV.exe5

Error: (03/01/2016 03:00:19 PM) (Source: Perflib) (EventID: 1010) (User: )
Description: C:\Windows\System32\winspool.drvSpooler4

Error: (03/01/2016 03:00:19 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: rdyboost4

Error: (03/01/2016 02:05:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: WINWORD.EXE, Version: 15.0.4797.1003, Zeitstempel: 0x56bf0292
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000
ID des fehlerhaften Prozesses: 0x2788
Startzeit der fehlerhaften Anwendung: 0xWINWORD.EXE0
Pfad der fehlerhaften Anwendung: WINWORD.EXE1
Pfad des fehlerhaften Moduls: WINWORD.EXE2
Berichtskennung: WINWORD.EXE3
Vollständiger Name des fehlerhaften Pakets: WINWORD.EXE4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: WINWORD.EXE5

Error: (03/01/2016 02:04:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: AppleChromeDAV.exe, Version: 1.4.20.0, Zeitstempel: 0x5551e31d
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x003e002f
ID des fehlerhaften Prozesses: 0x2fac
Startzeit der fehlerhaften Anwendung: 0xAppleChromeDAV.exe0
Pfad der fehlerhaften Anwendung: AppleChromeDAV.exe1
Pfad des fehlerhaften Moduls: AppleChromeDAV.exe2
Berichtskennung: AppleChromeDAV.exe3
Vollständiger Name des fehlerhaften Pakets: AppleChromeDAV.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: AppleChromeDAV.exe5

Error: (03/01/2016 01:36:56 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Earth1)
Description: Bei der Aktivierung der App „Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.


Systemfehler:
=============
Error: (03/01/2016 03:00:48 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Windows Search" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler: 
%%1056

Error: (03/01/2016 03:00:18 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Volumeschattenkopie" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (03/01/2016 03:00:18 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "iPod-Dienst" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (03/01/2016 03:00:18 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (03/01/2016 03:00:18 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "WD Backup" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts.

Error: (03/01/2016 03:00:18 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "StarMoney 8.0 OnlineUpdate" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (03/01/2016 03:00:18 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "MBAMScheduler" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (03/01/2016 03:00:18 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Microsoft Office-Klick-und-Los-Dienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts.

Error: (03/01/2016 03:00:18 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "WD Drive Manager" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (03/01/2016 03:00:18 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "StarMoney 10 OnlineUpdate" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.


CodeIntegrity:
===================================
  Date: 2016-03-01 14:57:12.784
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-03-01 14:57:12.769
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-03-01 14:53:33.191
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-03-01 14:53:33.023
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-03-01 14:53:32.914
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-03-01 14:53:32.804
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-03-01 14:53:32.705
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-03-01 14:53:32.594
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-03-01 14:53:32.417
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-03-01 14:53:32.347
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Speicherinformationen =========================== 

Prozessor: Intel(R) Core(TM) i7-3770K CPU @ 3.50GHz
Prozentuale Nutzung des RAM: 35%
Installierter physikalischer RAM: 8147 MB
Verfügbarer physikalischer RAM: 5268.45 MB
Summe virtueller Speicher: 16339 MB
Verfügbarer virtueller Speicher: 13833.02 MB

==================== Laufwerke ================================

Drive c: () (Fixed) (Total:118.7 GB) (Free:33.48 GB) NTFS
Drive d: () (Fixed) (Total:0.1 GB) (Free:0.05 GB) NTFS ==>[System mit Startkomponenten (eingeholt von Laufwerk)]
Drive f: (FSX) (Fixed) (Total:244.14 GB) (Free:164 GB) NTFS
Drive g: (Programme) (Fixed) (Total:48.83 GB) (Free:45.78 GB) NTFS
Drive h: (XPlane) (Fixed) (Total:292.97 GB) (Free:213.16 GB) NTFS
Drive i: (Data) (Fixed) (Total:345.56 GB) (Free:290.3 GB) NTFS
Drive j: (Backup HD) (Fixed) (Total:931.51 GB) (Free:654.3 GB) NTFS
Drive l: () (Fixed) (Total:14.9 GB) (Free:12.65 GB) FAT32

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 119.2 GB) (Disk ID: 7DB1A4CF)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=118.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 7F75FE5A)
Partition 1: (Not Active) - (Size=48.8 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=244.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=293 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=345.6 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 14.9 GB) (Disk ID: BD941F46)
Partition 1: (Not Active) - (Size=14.9 GB) - (Type=0C)

========================================================
Disk: 3 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 28FDA0DC)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== Ende von Addition.txt ============================
         

Antwort

Themen zu Win 10 Rogue.953320 Malware
avira, code, datei, dateien, dnsapi.dll, explorer.exe, google analytics, infizierte, log, lsass.exe, malware, malware antivir entfernen, malwarebytes, modul, problem, programm, prozesse, recovery, recovery cd, sihost.exe, spoolsv.exe, svchost.exe, temp, tmp, trojanische pferd, versteckte, websites, windows, windowsapps, winlogon.exe




Ähnliche Themen: Win 10 Rogue.953320 Malware


  1. Antivirenprogramm hat Malware und (trojan) TR/Rogue.693248.2 gefunden
    Log-Analyse und Auswertung - 07.12.2014 (23)
  2. Windows7 - UptUpdater.exe, TR/Rogue.2715923 (in Logfiles: TR/Rogue.174117)
    Log-Analyse und Auswertung - 28.10.2014 (29)
  3. 1812 Bedrohungen lt. Spy Hunter 4, Kuang 2 Web Updater, Rogue.PCSpeed Maximizer, Malware.Generic, usw
    Plagegeister aller Art und deren Bekämpfung - 18.01.2014 (36)
  4. email link Malware Funde Heur.PE@4294967295, Malware@#nwdk01o66rpro, Malware@#2x6qrvr63cjrw
    Plagegeister aller Art und deren Bekämpfung - 29.10.2012 (10)
  5. Malware TR/Rogue.kdv.663444' [trojan] + andere Meldungen
    Log-Analyse und Auswertung - 12.07.2012 (26)
  6. Rogue-Malware und "malicious website"
    Plagegeister aller Art und deren Bekämpfung - 30.10.2011 (4)
  7. Verseucht - Windows läuft kaum noch. Rogue.FakeHDD; Trojan.FakeMS; Rogue.AntiMalware; Trojan.Agent
    Log-Analyse und Auswertung - 08.06.2011 (22)
  8. Rogue-Securitytool
    Log-Analyse und Auswertung - 19.04.2011 (14)
  9. 'Windows Recovery' Rogue Malware / nun unerwünschte Umleitungen auf andere Seiten
    Log-Analyse und Auswertung - 14.04.2011 (1)
  10. Rogue-Malware "EASY SCAN" alias "HDD Low" Problem beseitigt?
    Plagegeister aller Art und deren Bekämpfung - 30.12.2010 (9)
  11. Rogue-Malware hdd low auf meinem PC: Was tun?
    Plagegeister aller Art und deren Bekämpfung - 28.12.2010 (1)
  12. Malwarebytes' Anti-Malware 1.46; Rogue.Installer oder Fehlalarm
    Log-Analyse und Auswertung - 25.08.2010 (1)
  13. FraudTool, Malware.Packer.Gen, Rogue.ARManager...logfiles inside
    Plagegeister aller Art und deren Bekämpfung - 08.05.2010 (7)
  14. Rogue, Malware Scanner: SmitFraudFix
    Anleitungen, FAQs & Links - 20.01.2010 (1)
  15. Rogue.Link bzw. Rogue.Installer
    Plagegeister aller Art und deren Bekämpfung - 17.09.2009 (16)

Zum Thema Win 10 Rogue.953320 Malware - Hallo, mein AVIRA hat seit einigen Tagen einen Fund der "Rogue.953320" Malware gemeldet (s. Log). Daraufhin habe ich auch MBAM laufen lassen. Leider konnte die infizierte Datei nicht umbenannt/gelöscht werden. - Win 10 Rogue.953320 Malware...
Archiv
Du betrachtest: Win 10 Rogue.953320 Malware auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.