Sartseite verändert

ertanal · 06.04.2016, 18:57

Hallo ich habe ein Problem und zwar wurde meine Startseite verändert durch die Seite Searchhomepage, ich denk mal , dass ich mir einen Toolbar geholt habe.
Könntet ihr mal mir bitte helfen die Toolbar zu beseitigen evt. auch andere Schädlinge wenn es gibt? Danke im voraus.

M-K-D-B · 06.04.2016, 20:26

Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen.

Bitte beachte folgende Hinweise:

Falls wir Hinweise auf illegal erworbene Software finden, werden wir den Support unterbrechen bis jegliche Art von illegaler Software vom Rechner entfernt wurde.
Lies dir die Anleitungen sorgfältig durch. Solltest du Probleme haben, stoppe mit deiner Bearbeitung und beschreibe mir dein Problem so gut es geht.
Solltest du mir nicht innerhalb von 3 Tagen antworten, gehe ich davon aus, dass du keine Hilfe mehr benötigst. Dann lösche ich dein Thema aus meinem Abo. Solltest du einmal länger abwesend sein, so gib mir bitte Bescheid!
Während der Bereinigung bitte nichts installieren oder deinstallieren, außer ich bitte dich darum!
Bitte beachten: Download bei filepony.de: So ladet Ihr unsere Tools richtig!
Alle zu verwendenen Programme sind auf dem Desktop abzuspeichern und von dort als Administrator zu starten!

Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab und poste alle Logdateien in CODE-Tags:

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert deinem Helfer massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke aauf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

Danke für deine Mitarbeit!

Zur ersten Analyse bitte FRST und TDSS-Killer ausführen:

Schritt 1
Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

Schritt 2
Downloade dir bitte

TDSSKiller.exe und speichere diese Datei auf dem Desktop

Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
Drücke Start Scan
Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt

Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

Bitte poste mit deiner nächsten Antwort

die Logdatei von TDSS-Killer,
die beiden neuen Logdateien von FRST.

ertanal · 07.04.2016, 13:11

Code:

ATTFilter

Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
durchgeführt von optik (Administrator) auf TWINZ (07-04-2016 14:08:28)
Gestartet von C:\Users\optik\Desktop
Geladene Profile: optik (Verfügbare Profile: optik)
Platform: Windows 8.1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Hewlett-Packard ) C:\Program Files\IDT\WDM\Beats64.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(W. Rolke) C:\Users\optik\Desktop\GpuTmp64.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Power Software Ltd) C:\Program Files\PowerISO\PWRISOVM.EXE
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteUser.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\livecomm.exe
(AppWork GmbH) C:\JDownloader v2.0\JDownloader2.exe


==================== Registry (Nicht auf der Ausnahmeliste) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [37888 2012-09-19] (Hewlett-Packard )
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-09-19] (IDT, Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-10-16] (Apple Inc.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2789248 2016-02-17] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-08] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => c:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-02] (CyberLink Corp.)
HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7139256 2016-03-23] (AVAST Software)
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files\PowerISO\PWRISOVM.EXE [408888 2015-10-08] (Power Software Ltd)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [595480 2016-03-20] (Oracle Corporation)
HKU\S-1-5-21-2461873215-4186745203-1289361242-1001\...\Run: [PCKeeperLive] => "C:\Program Files\Essentware\PCKeeper\PCKeeper.exe" /autorun
HKU\S-1-5-21-2461873215-4186745203-1289361242-1001\...\Run: [PCKeeper Antivirus] => "C:\Program Files\Essentware\PCKAV\PCKAV.exe" /autorun
HKU\S-1-5-21-2461873215-4186745203-1289361242-1001\...\MountPoints2: G - "G:\install.exe" 
HKU\S-1-5-21-2461873215-4186745203-1289361242-1001\...\MountPoints2: H - "H:\AutoRun.exe" 
HKU\S-1-5-21-2461873215-4186745203-1289361242-1001\...\MountPoints2: I - "I:\AutoRunLauncher.exe" 
HKU\S-1-5-21-2461873215-4186745203-1289361242-1001\...\MountPoints2: J - "J:\AutoRunLauncher.exe" 
HKU\S-1-5-21-2461873215-4186745203-1289361242-1001\...\MountPoints2: K - "K:\AutoRunLauncher.exe" 
HKU\S-1-5-21-2461873215-4186745203-1289361242-1001\...\MountPoints2: L - "L:\hod3launch.exe" 
HKU\S-1-5-21-2461873215-4186745203-1289361242-1001\...\MountPoints2: M - "M:\autorun.exe" 
HKU\S-1-5-21-2461873215-4186745203-1289361242-1001\...\MountPoints2: N - "N:\autorun.exe" 
HKU\S-1-5-21-2461873215-4186745203-1289361242-1001\...\MountPoints2: O - "O:\Setup.exe" 
HKU\S-1-5-21-2461873215-4186745203-1289361242-1001\...\MountPoints2: P - "P:\FileRgn.exe" 
HKU\S-1-5-21-2461873215-4186745203-1289361242-1001\...\MountPoints2: T - "T:\CojLauncher.exe" 
HKU\S-1-5-21-2461873215-4186745203-1289361242-1001\...\MountPoints2: U - "U:\setup\rsrc\Autorun.exe" 
HKU\S-1-5-21-2461873215-4186745203-1289361242-1001\...\MountPoints2: V - "V:\setup\rsrc\Autorun.exe" 
HKU\S-1-5-21-2461873215-4186745203-1289361242-1001\...\MountPoints2: W - "W:\setup\rsrc\Autorun.exe" 
HKU\S-1-5-21-2461873215-4186745203-1289361242-1001\...\MountPoints2: X - "X:\autorun.exe" 
HKU\S-1-5-21-2461873215-4186745203-1289361242-1001\...\MountPoints2: {0b1c8cbf-93a0-11e5-bec1-b4b52fc7a0fe} - "G:\install.exe" 
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-02-07] (AVAST Software)

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Tcpip\..\Interfaces\{8FDBB051-95BF-412F-933F-373BC2F0A315}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{BF2A7DDF-191F-4DBA-9518-9620668B1B1F}: [NameServer] 62.109.121.2 62.109.121.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?trackid=sp-006
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-2461873215-4186745203-1289361242-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
HKU\S-1-5-21-2461873215-4186745203-1289361242-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxps://www.google.com/?trackid=sp-006
SearchScopes: HKLM -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = 
SearchScopes: HKLM -> {8218E8BC-E228-4079-8CE7-6EA6CCCEA191} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2461873215-4186745203-1289361242-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = 
SearchScopes: HKU\S-1-5-21-2461873215-4186745203-1289361242-1001 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-02-07] (AVAST Software)
BHO-x32: AcroIEHlprObj Class -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files (x86)\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [2003-11-03] (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\ssv.dll [2016-03-28] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-02-07] (AVAST Software)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\jp2ssv.dll [2016-03-28] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2012-07-09] (Hewlett-Packard)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\optik\AppData\Roaming\Mozilla\Firefox\Profiles\p9jyse6p.default-1431195495895
FF NewTab: google.com
FF SelectedSearchEngine: Yahoo®
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_21_0_0_197.dll [2016-03-24] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_197.dll [2016-03-24] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-08] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-07-18] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-07-18] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.77.2 -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\dtplugin\npDeployJava1.dll [2016-03-28] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.77.2 -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\plugin2\npjp2.dll [2016-03-28] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-02-23] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-02-23] (NVIDIA Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin HKU\S-1-5-21-2461873215-4186745203-1289361242-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\optik\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-06-17] (Unity Technologies ApS)
FF SearchPlugin: C:\Users\optik\AppData\Roaming\Mozilla\Firefox\Profiles\p9jyse6p.default-1431195495895\searchplugins\yahoo-lavasoft.xml [2015-11-25]
FF SearchPlugin: C:\Users\optik\AppData\Roaming\Mozilla\Firefox\Profiles\p9jyse6p.default-1431195495895\searchplugins\yahoo-ysp.xml [2015-11-27]
FF Extension: WOT - C:\Users\optik\AppData\Roaming\Mozilla\Firefox\Profiles\p9jyse6p.default-1431195495895\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2015-11-11]
FF Extension: Ant Video Downloader - C:\Users\optik\AppData\Roaming\Mozilla\Firefox\Profiles\p9jyse6p.default-1431195495895\extensions\anttoolbar@ant.com [2015-12-09]
FF Extension: MakeGIF Video Capture - C:\Users\optik\AppData\Roaming\Mozilla\Firefox\Profiles\p9jyse6p.default-1431195495895\extensions\makegifvideocapture@makegif.com.xpi [2015-12-09]
FF Extension: Greasemonkey - C:\Users\optik\AppData\Roaming\Mozilla\Firefox\Profiles\p9jyse6p.default-1431195495895\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2016-01-05]
FF Extension: Adblock Plus - C:\Users\optik\AppData\Roaming\Mozilla\Firefox\Profiles\p9jyse6p.default-1431195495895\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-11-24]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-02-07]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-02-07]

Chrome: 
=======
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-02-07]

==================== Dienste (Nicht auf der Ausnahmeliste) ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [237096 2016-02-07] (AVAST Software)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1164672 2016-02-17] (NVIDIA Corporation)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [85504 2012-08-15] (Hewlett-Packard Company) [Datei ist nicht signiert]
R2 HPConnectedRemote; c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe [35232 2012-08-29] (Hewlett-Packard)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [Datei ist nicht signiert]
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-18] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1880960 2016-02-17] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [6474112 2016-02-17] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2609024 2016-02-17] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2119688 2016-03-29] (Electronic Arts)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [321536 2012-09-19] (IDT, Inc.) [Datei ist nicht signiert]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
S3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [X]

===================== Treiber (Nicht auf der Ausnahmeliste) ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-02-07] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-03-23] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [107792 2016-03-09] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-02-07] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-02-07] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1070904 2016-03-09] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [463744 2016-02-23] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [165344 2016-02-07] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [287016 2016-02-10] (AVAST Software)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30264 2015-11-25] (Disc Soft Ltd)
S3 dtliteusbbus; C:\Windows\System32\drivers\dtliteusbbus.sys [47160 2015-11-25] (Disc Soft Ltd)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-03-02] (Malwarebytes)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
S3 Netaapl; C:\Windows\system32\DRIVERS\netaapl64.sys [23040 2013-08-06] (Apple Inc.) [Datei ist nicht signiert]
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [28032 2016-02-17] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [47760 2015-12-18] (NVIDIA Corporation)
S3 PDNMp50; C:\WINDOWS\SysWOW64\drivers\PDNMp50.sys [28224 2006-11-28] (Printing Communications Assoc., Inc. (PCAUSA))
S3 PDNSp50; C:\WINDOWS\SysWOW64\drivers\PDNSp50.sys [27072 2006-11-28] (Printing Communications Assoc., Inc. (PCAUSA))
R2 secdrv; C:\Windows\SysWow64\Drivers\secdrv.sys [11973 2016-03-28] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Datei ist nicht signiert]
S0 sfsync02; C:\Windows\System32\drivers\sfsync02.sys [22936 2006-07-10] (Protection Technology)
S2 tandpl; C:\Windows\SysWOW64\drivers\tandpl.sys [4736 2003-04-19] () [Datei ist nicht signiert]
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [71680 2014-04-30] (Microsoft Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
S2 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-04-07 14:08 - 2016-04-07 14:08 - 00021947 _____ C:\Users\optik\Desktop\FRST.txt
2016-04-07 14:08 - 2016-04-07 14:08 - 00000000 ____D C:\FRST
2016-04-07 14:07 - 2016-04-07 14:07 - 02374144 _____ (Farbar) C:\Users\optik\Desktop\FRST64.exe
2016-04-06 21:36 - 2016-04-07 14:06 - 00000000 ____D C:\Users\optik\Downloads\DMC3 SE
2016-04-06 16:10 - 2016-04-06 16:12 - 00000000 ____D C:\Users\optik\AppData\Local\Essentware
2016-04-06 16:09 - 2016-04-06 16:14 - 00000000 ____D C:\Program Files (x86)\SecureVPN.com
2016-04-06 16:09 - 2016-04-06 16:10 - 00000000 ____D C:\ProgramData\Essentware
2016-04-06 16:09 - 2016-04-06 16:09 - 00000000 ____D C:\Users\optik\AppData\Roaming\Video Downloader
2016-04-06 16:09 - 2016-04-06 16:09 - 00000000 ____D C:\Users\optik\AppData\Roaming\Microsoft\Windows\Start Menu\MyHomepage
2016-04-04 15:36 - 2016-04-04 17:25 - 937896567 _____ C:\Users\optik\Desktop\Tapestry of Passion 1976.mkv
2016-03-28 21:55 - 2016-03-28 21:55 - 00000000 ____D C:\NVIDIA
2016-03-28 19:49 - 2016-03-28 19:49 - 00001272 _____ C:\Users\optik\Desktop\Starsky.exe - Verknüpfung.lnk
2016-03-28 19:46 - 2016-03-28 19:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Empire Interactive
2016-03-28 19:44 - 2016-03-28 19:44 - 00000000 ____D C:\Program Files (x86)\Empire Interactive
2016-03-28 18:51 - 2016-03-28 19:19 - 00000000 ____D C:\Users\optik\Downloads\STARSKY AND HUTCH-DEViANCE
2016-03-26 15:59 - 2016-03-26 15:59 - 00001792 _____ C:\Users\optik\Desktop\Condemned.exe - Verknüpfung.lnk
2016-03-26 12:10 - 2016-03-26 15:06 - 00000000 ____D C:\Users\optik\Downloads\CONDEMNED
2016-03-25 16:37 - 2016-03-25 22:30 - 00000000 ____D C:\Users\optik\Downloads\Call of Juarez 1
2016-03-25 15:58 - 2016-03-25 15:58 - 00000860 _____ C:\Users\optik\AppData\Local\recently-used.xbel
2016-03-25 13:32 - 2003-04-19 01:32 - 00004736 _____ C:\WINDOWS\SysWOW64\Drivers\tandpl.sys
2016-03-25 13:32 - 2003-03-02 18:44 - 00007552 _____ C:\WINDOWS\SysWOW64\Drivers\enodpl.sys
2016-03-23 22:40 - 2016-04-06 16:09 - 00001297 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2016-03-23 22:40 - 2016-03-23 22:40 - 00037144 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2016-03-23 22:40 - 2016-03-23 22:40 - 00003064 _____ C:\WINDOWS\System32\Tasks\SafeZone scheduled Autoupdate 1458765619
2016-03-09 15:52 - 2016-02-20 17:45 - 01373184 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-03-09 15:52 - 2016-02-20 17:45 - 01168896 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-03-09 15:52 - 2016-02-20 17:45 - 00696832 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-03-09 15:52 - 2016-02-20 17:45 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2016-03-09 15:52 - 2016-02-20 17:45 - 00499200 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-03-09 15:52 - 2016-02-20 17:45 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-03-09 15:52 - 2016-02-11 16:21 - 00869576 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr120_clr0400.dll
2016-03-09 15:52 - 2016-02-11 16:21 - 00678600 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp120_clr0400.dll
2016-03-09 15:52 - 2016-02-11 16:20 - 00875720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr120_clr0400.dll
2016-03-09 15:52 - 2016-02-11 16:20 - 00536776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp120_clr0400.dll
2016-03-09 15:52 - 2016-02-08 23:05 - 20352512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-03-09 15:52 - 2016-02-08 22:39 - 00496640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2016-03-09 15:52 - 2016-02-08 22:34 - 02280448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-03-09 15:52 - 2016-02-08 22:29 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hlink.dll
2016-03-09 15:52 - 2016-02-08 22:28 - 00663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2016-03-09 15:52 - 2016-02-08 22:10 - 04611072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-03-09 15:52 - 2016-02-08 22:07 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2016-03-09 15:52 - 2016-02-08 22:05 - 25816576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-03-09 15:52 - 2016-02-08 22:03 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2016-03-09 15:52 - 2016-02-08 22:02 - 13012480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-03-09 15:52 - 2016-02-08 22:02 - 00687104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2016-03-09 15:52 - 2016-02-08 22:01 - 02050560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2016-03-09 15:52 - 2016-02-08 21:43 - 02121216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-03-09 15:52 - 2016-02-08 21:39 - 01311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-03-09 15:52 - 2016-02-08 21:38 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2016-03-09 15:52 - 2016-02-08 20:27 - 02887680 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-03-09 15:52 - 2016-02-08 20:26 - 00571904 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2016-03-09 15:52 - 2016-02-08 20:16 - 06052352 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-03-09 15:52 - 2016-02-08 20:14 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\hlink.dll
2016-03-09 15:52 - 2016-02-08 20:13 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2016-03-09 15:52 - 2016-02-08 19:51 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2016-03-09 15:52 - 2016-02-08 19:42 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2016-03-09 15:52 - 2016-02-08 19:37 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2016-03-09 15:52 - 2016-02-08 19:34 - 00798720 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-03-09 15:52 - 2016-02-08 19:33 - 14613504 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-03-09 15:52 - 2016-02-08 19:33 - 02123264 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2016-03-09 15:52 - 2016-02-08 19:19 - 02597376 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-03-09 15:52 - 2016-02-08 19:15 - 02880000 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2016-03-09 15:52 - 2016-02-08 19:07 - 01546752 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-03-09 15:52 - 2016-02-08 18:55 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2016-03-09 15:52 - 2016-02-06 18:58 - 00987648 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2016-03-09 15:52 - 2016-02-06 18:32 - 00801792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2016-03-09 15:52 - 2016-02-05 21:06 - 00046768 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2016-03-09 15:52 - 2016-02-05 16:59 - 07784960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-03-09 15:52 - 2016-02-05 16:55 - 05264384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2016-03-09 15:52 - 2016-02-05 16:48 - 07075840 _____ (Microsoft Corporation) C:\WINDOWS\system32\glcndFilter.dll
2016-03-09 15:52 - 2016-02-05 16:47 - 05268480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\glcndFilter.dll
2016-03-09 15:52 - 2016-02-03 22:37 - 01661576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-03-09 15:52 - 2016-02-03 22:36 - 01212248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2016-03-09 15:52 - 2016-02-03 17:09 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2016-03-09 15:52 - 2016-02-03 17:00 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\asycfilt.dll
2016-03-09 15:52 - 2016-02-03 17:00 - 00077824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\asycfilt.dll
2016-03-09 15:52 - 2016-01-24 20:19 - 00419160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2016-03-09 15:52 - 2016-01-24 20:19 - 00378712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2016-03-09 15:52 - 2016-01-24 20:19 - 00331608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Classpnp.sys
2016-03-09 15:52 - 2016-01-24 13:57 - 01335296 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll
2016-03-09 15:52 - 2016-01-24 13:45 - 01063424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll
2016-03-09 15:52 - 2016-01-09 03:49 - 00218448 _____ (Microsoft Corporation) C:\WINDOWS\system32\rsaenh.dll
2016-03-09 15:52 - 2016-01-09 03:49 - 00192120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rsaenh.dll
2016-03-09 15:52 - 2016-01-09 03:38 - 00091992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbehci.sys
2016-03-09 15:52 - 2016-01-07 01:46 - 00148752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscapi.dll
2016-03-09 15:52 - 2016-01-07 01:45 - 00177712 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscapi.dll
2016-03-09 15:52 - 2016-01-06 20:25 - 00416768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2016-03-09 15:52 - 2016-01-06 18:47 - 00146944 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll
2016-03-09 15:52 - 2015-12-30 23:53 - 02017624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2016-03-09 15:51 - 2016-02-12 21:14 - 00136904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2016-03-09 15:51 - 2016-02-12 17:14 - 03708416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-03-09 15:51 - 2016-02-12 16:55 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2016-03-09 15:51 - 2016-02-12 16:54 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2016-03-09 15:51 - 2016-02-12 16:54 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2016-03-09 15:51 - 2016-02-12 16:54 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2016-03-09 15:51 - 2016-02-12 16:51 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2016-03-09 15:51 - 2016-02-12 16:51 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2016-03-09 15:51 - 2016-02-12 16:51 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2016-03-09 15:51 - 2016-02-12 16:48 - 02244096 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2016-03-09 15:51 - 2016-02-12 16:47 - 00897024 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2016-03-09 15:51 - 2016-02-12 16:46 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2016-03-09 15:51 - 2016-02-06 20:08 - 00031744 _____ (Microsoft Corporation) C:\WINDOWS\system32\seclogon.dll
2016-03-09 15:51 - 2016-02-05 21:07 - 00292696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMASF.DLL
2016-03-09 15:51 - 2016-02-05 21:07 - 00243032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMASF.DLL
2016-03-09 15:51 - 2016-02-05 17:03 - 15432704 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2016-03-09 15:51 - 2016-02-05 17:00 - 13318144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2016-03-09 15:51 - 2016-02-04 20:18 - 04174336 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2016-03-09 15:51 - 2016-02-04 20:18 - 00358912 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2016-03-09 15:51 - 2016-02-04 20:12 - 00044032 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2016-03-09 15:51 - 2016-02-04 19:44 - 00301568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2016-03-09 15:51 - 2016-02-04 19:39 - 00035840 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2016-03-09 15:51 - 2016-02-04 19:24 - 00603648 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
2016-03-09 15:51 - 2016-02-04 19:02 - 00483328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
2016-03-09 15:51 - 2016-01-31 21:16 - 00148832 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBSTOR.SYS
2016-03-09 15:51 - 2016-01-15 18:56 - 02487296 _____ (Microsoft Corporation) C:\WINDOWS\system32\storagewmi.dll
2016-03-09 15:51 - 2016-01-15 18:45 - 01482240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\storagewmi.dll
2016-03-09 15:51 - 2016-01-10 18:41 - 01707008 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll
2016-03-09 15:51 - 2016-01-10 18:31 - 01344512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comsvcs.dll
2016-03-09 15:51 - 2016-01-05 17:00 - 00570880 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2016-03-09 15:51 - 2015-12-30 22:49 - 00470360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2016-03-09 15:51 - 2015-12-20 16:57 - 00839168 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2016-03-09 15:51 - 2015-12-20 16:56 - 00616960 _____ (Microsoft Corporation) C:\WINDOWS\system32\msra.exe
2016-03-09 15:51 - 2015-12-20 16:43 - 00696320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
2016-03-09 15:51 - 2015-11-19 16:33 - 00994760 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2016-03-09 15:51 - 2015-11-19 16:26 - 00922432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-04-07 14:05 - 2015-11-27 16:35 - 00000000 ____D C:\JDownloader v2.0
2016-04-07 13:53 - 2014-04-09 21:25 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-04-07 13:49 - 2014-11-19 23:49 - 00000000 ___RD C:\Users\optik\OneDrive
2016-04-07 09:54 - 2014-04-22 19:01 - 00000000 ____D C:\Users\optik\Downloads\Ant Videos
2016-04-07 09:37 - 2015-02-20 23:35 - 00000000 ____D C:\Users\optik\Desktop\Neuer Ordner (2)
2016-04-07 08:37 - 2014-11-04 22:52 - 00003918 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{09DED0F7-12EB-4DA8-8F2B-74E93CB86259}
2016-04-06 19:35 - 2014-04-09 20:03 - 00003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2461873215-4186745203-1289361242-1001
2016-04-06 16:09 - 2014-10-27 15:47 - 00001614 _____ C:\Users\optik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-04-06 16:09 - 2014-04-09 21:13 - 00001282 _____ C:\Users\optik\Desktop\Mozilla Firefox.lnk
2016-04-06 16:09 - 2014-04-09 20:25 - 00001323 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-04-05 16:21 - 2014-04-09 21:03 - 00000000 ____D C:\ProgramData\Origin
2016-04-04 15:10 - 2014-09-24 08:17 - 01980934 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-04-04 15:10 - 2014-09-24 07:43 - 00841326 _____ C:\WINDOWS\system32\perfh007.dat
2016-04-04 15:10 - 2014-09-24 07:43 - 00191558 _____ C:\WINDOWS\system32\perfc007.dat
2016-04-04 15:10 - 2013-08-22 15:36 - 00000000 ____D C:\WINDOWS\Inf
2016-04-03 21:51 - 2014-10-27 15:21 - 00000000 ____D C:\ProgramData\NVIDIA
2016-04-03 21:51 - 2013-08-22 16:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-04-03 21:51 - 2013-08-22 16:44 - 00351464 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-04-03 21:50 - 2013-08-22 15:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2016-03-29 21:14 - 2014-04-09 21:03 - 00000000 ____D C:\Program Files (x86)\Origin
2016-03-29 18:55 - 2015-12-19 13:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ubisoft
2016-03-29 18:55 - 2015-12-19 13:39 - 00000000 ____D C:\Program Files (x86)\Ubisoft
2016-03-29 18:55 - 2012-11-26 19:04 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-03-28 22:17 - 2016-01-10 01:37 - 00000000 ____D C:\Users\optik\AppData\Local\Midway
2016-03-28 22:17 - 2016-01-10 01:29 - 00000000 ____D C:\Program Files (x86)\R.G. Mechanics
2016-03-28 22:14 - 2014-04-09 20:47 - 00000000 ____D C:\Program Files (x86)\Steam
2016-03-28 21:54 - 2015-11-25 20:43 - 00011973 _____ (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) C:\WINDOWS\SysWOW64\Drivers\SECDRV.SYS
2016-03-28 13:36 - 2015-12-21 16:09 - 00097856 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2016-03-28 13:36 - 2015-12-21 16:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-03-28 13:36 - 2015-12-21 16:08 - 00000000 ____D C:\Program Files (x86)\Java
2016-03-28 13:36 - 2015-11-27 15:20 - 00000000 ____D C:\Users\optik\.oracle_jre_usage
2016-03-28 13:36 - 2014-04-15 12:20 - 00000000 ____D C:\ProgramData\Oracle
2016-03-26 15:56 - 2015-11-27 22:22 - 00000000 ____D C:\Users\Public\Documents\Monolith Productions
2016-03-26 15:53 - 2015-12-30 13:41 - 00000000 ____D C:\Program Files (x86)\SEGA
2016-03-26 15:53 - 2015-12-04 15:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SEGA
2016-03-25 17:16 - 2014-04-12 12:48 - 00000000 ____D C:\Users\optik\Documents\EA Games
2016-03-25 16:39 - 2014-04-09 21:16 - 00000000 ____D C:\Program Files (x86)\Origin Games
2016-03-25 15:58 - 2015-06-18 15:32 - 00000000 ____D C:\Users\optik\.gimp-2.8
2016-03-24 21:38 - 2012-07-26 09:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-03-24 21:37 - 2015-04-04 18:55 - 00000000 ___SD C:\WINDOWS\SysWOW64\GWX
2016-03-24 21:37 - 2015-04-04 18:55 - 00000000 ___SD C:\WINDOWS\system32\GWX
2016-03-24 20:53 - 2014-04-09 21:25 - 00003772 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2016-03-24 15:35 - 2016-03-05 13:56 - 00000000 ____D C:\Users\optik\AppData\Local\CrashDumps
2016-03-23 22:40 - 2014-06-12 13:29 - 00000000 ____D C:\Program Files\AVAST Software
2016-03-23 22:40 - 2014-06-12 13:28 - 00000000 ____D C:\ProgramData\AVAST Software
2016-03-20 16:12 - 2015-03-27 14:22 - 01426411 ____N C:\Users\optik\AppData\Local\Tempmusic.ogg
2016-03-18 15:46 - 2014-06-12 13:29 - 00004182 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update
2016-03-13 14:22 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\rescache
2016-03-11 16:31 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-03-09 23:12 - 2014-12-13 22:55 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-03-09 23:11 - 2014-04-10 12:06 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-03-09 23:06 - 2014-04-10 12:06 - 143659408 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-03-09 19:43 - 2014-06-12 13:29 - 01070904 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys
2016-03-09 19:43 - 2014-06-12 13:29 - 00107792 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswmonflt.sys
2016-03-09 15:53 - 2013-08-22 17:36 - 00000000 ___HD C:\Program Files\WindowsApps
2016-03-09 15:50 - 2015-12-09 16:46 - 00718336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2016-03-09 15:50 - 2015-12-09 16:46 - 00372224 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2016-03-08 09:00 - 2014-09-24 09:46 - 00829944 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-03-08 09:00 - 2014-09-24 09:46 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2012-03-11 02:46 - 2012-03-11 02:46 - 0101888 _____ (W. Rolke) C:\Program Files (x86)\GpuTmp64.exe
2010-11-11 16:34 - 2014-12-10 16:29 - 0201728 _____ (Freebyte.com) C:\Program Files (x86)\hjsplit.exe
2007-04-27 11:06 - 2014-10-27 01:23 - 0148416 _____ (Macrovision Corporation) C:\Program Files (x86)\_setup.dll
2015-05-17 18:39 - 2015-05-17 18:39 - 0000122 _____ () C:\Users\optik\AppData\Roaming\profiles.ini
2015-11-25 20:00 - 2015-11-25 20:00 - 0000026 _____ () C:\Users\optik\AppData\Local\isoworkshop.ini
2016-03-25 15:58 - 2016-03-25 15:58 - 0000860 _____ () C:\Users\optik\AppData\Local\recently-used.xbel
2015-03-27 14:22 - 2016-03-20 16:12 - 1426411 ____N () C:\Users\optik\AppData\Local\Tempmusic.ogg
2014-04-09 19:57 - 2014-04-09 19:57 - 0000141 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc

Dateien, die verschoben oder gelöscht werden sollten:
====================
C:\Users\optik\nolf.reg
C:\Users\optik\nolfcmds.bat


Einige Dateien in TEMP:
====================
C:\Users\optik\AppData\Local\Temp\6d3f-870c-885d-906d.exe
C:\Users\optik\AppData\Local\Temp\8eba-fb04-a585-0b6c.exe
C:\Users\optik\AppData\Local\Temp\a5b2-37c7-c907-05d7.exe
C:\Users\optik\AppData\Local\Temp\CojLauncher.exe
C:\Users\optik\AppData\Local\Temp\cres.dll
C:\Users\optik\AppData\Local\Temp\cshell.dll
C:\Users\optik\AppData\Local\Temp\drm_dialogs.dll
C:\Users\optik\AppData\Local\Temp\drm_dyndata_7320012.dll
C:\Users\optik\AppData\Local\Temp\e59f-0f81-b215-2a27.exe
C:\Users\optik\AppData\Local\Temp\jre-8u71-windows-au.exe
C:\Users\optik\AppData\Local\Temp\jre-8u73-windows-au.exe
C:\Users\optik\AppData\Local\Temp\jre-8u77-windows-au.exe
C:\Users\optik\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\optik\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\optik\AppData\Local\Temp\nvStInst.exe
C:\Users\optik\AppData\Local\Temp\proxy_vole1290298896546737358.dll
C:\Users\optik\AppData\Local\Temp\proxy_vole5041813566816123935.dll
C:\Users\optik\AppData\Local\Temp\proxy_vole794316270744441105.dll


==================== Bamital & volsnap =================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert


LastRegBack: 2016-04-04 16:43

==================== Ende von FRST.txt ============================

Code:

ATTFilter

Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
durchgeführt von optik (2016-04-07 14:09:14)
Gestartet von C:\Users\optik\Desktop
Windows 8.1 (X64) (2014-10-27 13:45:24)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-2461873215-4186745203-1289361242-500 - Administrator - Disabled)
Gast (S-1-5-21-2461873215-4186745203-1289361242-501 - Limited - Disabled)
optik (S-1-5-21-2461873215-4186745203-1289361242-1001 - Administrator - Enabled) => C:\Users\optik
UpdatusUser (S-1-5-21-2461873215-4186745203-1289361242-1002 - Limited - Enabled)

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

7-Zip 15.12 (x64 edition) (HKLM\...\{23170F69-40C1-2702-1512-000001000000}) (Version: 15.12.00.0 - Igor Pavlov)
8GadgetPack (HKLM-x32\...\{180B50DF-B2C8-43A1-AB97-2101AA62DDD3}) (Version: 12.0.0 - Helmut Buhler)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.197 - Adobe Systems Incorporated)
Adobe Reader 6.0.1 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A00000000001}) (Version: 006.000.001 - Adobe Systems Incorporated)
Alice-Installationsdateien entfernen (HKLM-x32\...\Alice) (Version:  - )
Among the Sleep Demo (HKLM-x32\...\Steam App 285540) (Version:  - Krillbite Studio)
Apple Application Support (32-Bit) (HKLM-x32\...\{649A1FD9-5892-46AD-8DF0-C4A43FF61CB7}) (Version: 4.1 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{0DE0A178-AC7B-4650-806C-CF226DE03766}) (Version: 4.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 11.1.2253 - AVAST Software)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Bully: Scholarship Edition (HKLM-x32\...\Steam App 12200) (Version:  - Rockstar New England)
calibre (HKLM-x32\...\{B4B62C79-A41D-47C6-B689-0416BEA6678F}) (Version: 2.35.0 - Kovid Goyal)
Condemned - Criminal Origins (HKLM-x32\...\{BB47D7EA-7EF1-475C-9C14-AF5B8FCA45E2}) (Version: 1.00.0000 - Monolith Productions)
Connected Music powered by Universal Music Group version 1.0 (HKLM-x32\...\{46037DC7-F927-46DF-935F-D6F122BDD34B}_is1) (Version: 1.0 - Snowite)
Cry of Fear (HKLM-x32\...\Steam App 223710) (Version:  - Team Psykskallar)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1.5510 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.1.1916 - CyberLink Corp.)
CyberLink PhotoDirector (HKLM-x32\...\InstallShield_{4862344A-A39C-4897-ACD4-A1BED5163C5A}) (Version: 2.0.1.3109 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.1.1902 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.1.1925 - CyberLink Corp.)
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.1.4319 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dead Space (HKLM-x32\...\{025A585C-0C66-413D-80D2-4C05CB699771}) (Version: 1.0.0.222 - Electronic Arts)
Dual-Core Optimizer (HKLM-x32\...\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}) (Version: 1.1.4.0169 - AMD)
EA SPORTS™ FIFA 15 Demo (HKLM-x32\...\{108C0C19-6316-4944-A62F-C744488F8639}) (Version: 1.0.0.0 - Electronic Arts)
FEAR (HKLM-x32\...\{2B653229-9854-4989-B780-D978F5F13EAB}) (Version: 1.00.0000 - Vivendi Universal Games, Inc.)
FIFA 13 Demo (HKLM-x32\...\{3F499657-766A-4A5F-AEE9-A1F8D295A4CE}) (Version: 1.0.0.0 - Electronic Arts)
FIFA 14 Demo (HKLM-x32\...\{7A6577E7-F341-430F-9173-91E14E2DE270}) (Version: 1.0.0.0 - Electronic Arts)
FIFA 16 DEMO (HKLM-x32\...\{D09AD1AE-6AAC-45EB-B9F6-C1F223DD8481}) (Version: 1.0.0.0 - Electronic Arts)
Free MP4 Video Converter version 5.0.37.327 (HKLM-x32\...\Free MP4 Video Converter_is1) (Version: 5.0.37.327 - DVDVideoSoft Ltd.)
Freemake Video Converter Version 4.1.4 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.4 - Ellora Assets Corporation)
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
GOM Player (HKLM-x32\...\GOM Player) (Version: 2.2.74.5237 - Gretech Corporation)
GpuTemp (HKLM\...\{0FFA85AB-D704-48A6-A009-25A0559152C3}) (Version: 2.1 - WR-Tools)
Grand Theft Auto IV (HKLM-x32\...\Steam App 12210) (Version:  - Rockstar North)
Grand Theft Auto: San Andreas (HKLM-x32\...\Steam App 12120) (Version:  - Rockstar Games)
GTAIII (HKLM-x32\...\{92B94569-6683-4617-8C54-EB27A1B51B30}) (Version:  - )
Hewlett-Packard ACLM.NET v1.2.0.0 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: v1.0 - Meridian Audio Ltd)
HP Connected Music (Meridian - player) (HKU\S-1-5-21-2461873215-4186745203-1289361242-1001\...\HPConnectedMusic) (Version: 1.1 (build 128) hp - Meridian Audio Ltd)
HP Connected Remote (HKLM-x32\...\{F243A34B-AB7F-4065-B770-B85B767C247C}) (Version: 1.0.1206 - Hewlett-Packard)
HP Registration Service (HKLM\...\{E4D6CCF2-0AAF-4B9C-9DE5-893EDC9B4BAA}) (Version: 1.0.5976.4186 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{FF27F674-821E-4BA2-985B-DDF539C2CD03}) (Version: 7.0.33.6 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 12.00.0000 - Hewlett-Packard)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6418.0 - IDT)
Instagiffer version 1.60 (HKLM-x32\...\{13DEF8F8-5280-4555-95A4-E815C3F9540F}_is1) (Version: 1.60 - Justin Todd)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.40 - Irfan Skiljan)
iTunes (HKLM\...\{E690A491-702F-4DEC-9977-C015D1DBB57C}) (Version: 12.3.1.23 - Apple Inc.)
Java 8 Update 77 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218077F0}) (Version: 8.0.770.3 - Oracle Corporation)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
K-Lite Codec Pack 10.4.0 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.4.0 - )
Malwarebytes Anti-Malware Version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Medal of Honor: Pacific Assault™ (HKLM-x32\...\{56CFA833-F44F-4199-8C58-7F8B38F2BC7B}) (Version: 1.2.1.280 - Electronic Arts)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{42AA4CA8-DCD8-4308-BCAB-0B6D75856A9D}) (Version: 3.5.95.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{67F42018-F647-4D3C-BE62-F8CB4FE2FCD5}) (Version: 3.5.67.0 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mozilla Firefox 38.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 38.0.1 (x86 de)) (Version: 38.0.1 - Mozilla)
Mozilla Firefox 43.0.4 (x86 de) (HKLM-x32\...\Mozilla Firefox 43.0.4 (x86 de)) (Version: 43.0.4 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 39.0 - Mozilla)
Need for Speed™ Most Wanted (HKLM-x32\...\{FB0127F3-985B-44CE-AE29-378CAF60B361}) (Version: 1.5.0.0 - Electronic Arts)
NVIDIA 3D Vision Controller-Treiber 352.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 352.65 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 362.00 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 362.00 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.10.2.40 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.10.2.40 - NVIDIA Corporation)
NVIDIA Grafiktreiber 362.00 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 362.00 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.34.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.4 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Origin (HKLM-x32\...\Origin) (Version: 9.4.6.2792 - Electronic Arts, Inc.)
PCSX2 - Playstation 2 Emulator (HKLM-x32\...\pcsx2-r4600) (Version:  - )
PCSX2 - Playstation 2 Emulator (HKLM-x32\...\pcsx2-r5350) (Version:  - )
PowerISO (HKLM-x32\...\PowerISO) (Version: 6.4 - Power Software Ltd)
Project64 1.6 (HKLM-x32\...\{9559F7CA-5E34-4237-A2D9-D856464AD727}) (Version: 1.6.1 - Project64)
QuickPar 0.9 (HKLM-x32\...\QuickPar) (Version: 0.9 - Peter B. Clements)
Rapture3D 2.3.22 Game (HKLM-x32\...\{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1) (Version:  - Blue Ripple Sound)
Recovery Manager (x32 Version: 5.5.0.5530 - CyberLink Corp.) Hidden
SafeZone Stable 1.48.2066.44 (x32 Version: 1.48.2066.44 - Avast Software) Hidden
SHIELD Streaming (Version: 5.1.0270 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.10.2.40 - NVIDIA Corporation) Hidden
Starsky & Hutch (HKLM-x32\...\Starsky & Hutch) (Version:  - Empire Interactive)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
Terrordrome_Final (HKLM-x32\...\{1EE65D14-6927-405F-A640-43ECBC9AB85C}) (Version: 2.9.5 - HuracanStudio)
Terrordrome_Final V2.9.5 (HKLM-x32\...\Terrordrome_Final V2.9.5) (Version: V2.9.5 - HuracanStudio)
The Darkness II (HKLM-x32\...\Steam App 67370) (Version:  - Digital Extremes)
THE HOUSE OF THE DEAD 3 (HKLM-x32\...\{B418F434-15CD-4B68-A022-CFE0DB92A6F9}) (Version: 1.00.000 - SEGA)
The Simpsons Hit & Run(TM) (HKLM-x32\...\{F79AAB3A-B8B4-4AC7-94AB-1C4C076C6A89}) (Version: 1.00.000 - )
Unity Web Player (HKU\S-1-5-21-2461873215-4186745203-1289361242-1001\...\UnityWebPlayer) (Version: 4.5.4f1 - Unity Technologies ApS)
Uplay (HKLM-x32\...\Uplay) (Version: 3.0 - Ubisoft)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

CustomCLSID: HKU\S-1-5-21-2461873215-4186745203-1289361242-1001_Classes\CLSID\{0B7AD8D3-094A-44DE-A348-83C6C3FA347C}\InprocServer32 -> C:\Users\optik\AppData\Local\Microsoft\Windows Sidebar\Gadgets\Clipboarder.gadget\Release\Clipboarder64.dll (Helmut Buhler)
CustomCLSID: HKU\S-1-5-21-2461873215-4186745203-1289361242-1001_Classes\CLSID\{0E7BE950-4ACC-47CB-834B-41A8B96BBFF9}\InprocServer32 -> C:\Users\optik\AppData\Local\Microsoft\Windows Sidebar\Gadgets\Sidebar7.gadget\Release\Sidebar7.64.dll (Helmut Buhler)

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {11101A89-1E47-4D88-B319-328F5B1A0EEF} - System32\Tasks\{3230BA38-CCC2-4A93-9FD2-92B9670F4E22} => pcalua.exe -a "M:\program files\Ubi Soft\Rayman3\Rayman3.exe" -d "M:\program files\Ubi Soft\Rayman3"
Task: {14622FD5-343E-43E2-AA67-CAA028E8E313} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-03-24] (Adobe Systems Incorporated)
Task: {26F2EE89-E087-47CE-A9AC-3023522ED98B} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-27] (Apple Inc.)
Task: {360FFC44-3B45-4D93-B6F3-069214AC3615} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-03-05] (AVAST Software)
Task: {5F798CC9-464A-4C9A-AE0E-D1DDBF1E34E0} - System32\Tasks\SafeZone scheduled Autoupdate 1458765619 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-02-01] (Avast Software)
Task: {6A99E002-2095-4572-8F7D-0E9D1C8581A8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-08-15] (Hewlett-Packard Company)
Task: {7000C388-1262-45F4-BF21-DDD9ADEDD3AD} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-03-09] (Microsoft Corporation)
Task: {73D44319-609F-4B3D-9B59-4B0F827AE841} - System32\Tasks\{270AD66E-5129-497E-BF0E-0E54870BE3AC} => pcalua.exe -a I:\Launch.exe -d I:\
Task: {8435C395-5D8F-49F4-A3F4-4BC9A83B33E3} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2012-08-07] (Hewlett-Packard Company)
Task: {992F4E7E-40ED-4F55-8304-65739920FCAF} - System32\Tasks\{B2A04B98-690D-4969-A68A-9A333E4D9779} => pcalua.exe -a M:\FileRgn.exe -d M:\
Task: {9C207940-0D1F-40E8-AE96-65490CA4E91C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-08-15] (Hewlett-Packard Company)
Task: {B61EF85C-8A42-40B7-B42D-011B9004FF18} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-02-07] (AVAST Software)
Task: {E15AC269-07EE-4C45-A79C-6A5F98F7860D} - System32\Tasks\{98ED1F75-53E1-4B7D-BE55-5479F6B65597} => pcalua.exe -a G:\DirectX\DX80en.exe -d G:\DirectX
Task: {F29078D9-C8A1-4E6C-8747-40828071D39D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-08-15] (Hewlett-Packard Company)
Task: {FF647FFB-7AE5-42EB-A2EC-2DD5A917A951} - System32\Tasks\{A1484182-16D1-4CEB-ADA0-E15D9B3BA8A6} => pcalua.exe -a "M:\program files\Ubi Soft\Rayman3\DirectX\dxsetup.exe" -d "M:\program files\Ubi Soft\Rayman3\DirectX"

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Verknüpfungen =============================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)

Shortcut: C:\Users\optik\Desktop\Terrordrome\Terrordrome Online.lnk -> C:\Program Files (x86)\HuracanStudio\Terrordrome_Final\launcher.bat ()
Shortcut: C:\Users\optik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MaxBatch.lnk -> C:\Program Files (x86)\Max Payne\MaxBatch.bat (Keine Datei)

ShortcutWithArgument: C:\Users\optik\Desktop\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://searchomepage.com/?uuid=57051a76188b6&ctoken=us3r9bhcv0nhdccy7cfr
ShortcutWithArgument: C:\Users\optik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://searchomepage.com/?uuid=57051a76188b6&ctoken=us3r9bhcv0nhdccy7cfr
ShortcutWithArgument: C:\Users\optik\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://searchomepage.com/?uuid=57051a76188b6&ctoken=us3r9bhcv0nhdccy7cfr
ShortcutWithArgument: C:\Users\optik\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://searchomepage.com/?uuid=57051a76188b6&ctoken=us3r9bhcv0nhdccy7cfr
ShortcutWithArgument: C:\Users\optik\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://searchomepage.com/?uuid=57051a76188b6&ctoken=us3r9bhcv0nhdccy7cfr
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk -> C:\Program Files\AVAST Software\SZBrowser\launcher.exe (Avast Software) -> hxxp://searchomepage.com/?uuid=57051a76188b6&ctoken=us3r9bhcv0nhdccy7cfr
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://searchomepage.com/?uuid=57051a76188b6&ctoken=us3r9bhcv0nhdccy7cfr

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2015-10-13 06:45 - 2015-10-13 06:45 - 00085800 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-10-13 06:45 - 2015-10-13 06:45 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-03-02 23:07 - 2016-02-17 08:56 - 01416064 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\MessageBus.dll
2016-03-02 22:26 - 2016-02-17 08:56 - 00299392 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll
2016-03-02 23:07 - 2016-02-17 08:56 - 03613056 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Poco.dll
2012-08-29 12:02 - 2012-08-29 12:02 - 00120224 _____ () c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPItunesModule.dll
2012-08-29 12:02 - 2012-08-29 12:02 - 00048544 _____ () c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPItunesProxy.dll
2012-08-29 12:02 - 2012-08-29 12:02 - 00180224 _____ () c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\zxing.dll
2014-10-27 15:21 - 2016-02-23 22:45 - 00133056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-10-27 16:11 - 2014-10-27 16:11 - 00120224 _____ () C:\Users\optik\AppData\Local\assembly\dl3\4K796MHC.KKM\9BQW35LW.Q7P\98a9c14b\0017145d_cd85cd01\HPItunesModule.DLL
2016-04-07 14:05 - 2016-04-07 14:05 - 00566439 _____ () C:\JDownloader v2.0\tmp\7zip\SevenZipJBinding-FKPz9\libgcc_s_sjlj-1.dll
2016-04-07 14:05 - 2016-04-07 14:05 - 04078962 _____ () C:\JDownloader v2.0\tmp\7zip\SevenZipJBinding-FKPz9\lib7-Zip-JBinding.dll
2016-02-07 23:05 - 2016-02-07 23:05 - 00113496 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2016-02-07 23:05 - 2016-02-07 23:05 - 00133768 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-04-03 21:33 - 2016-04-03 21:33 - 02850816 _____ () C:\Program Files\AVAST Software\Avast\defs\16040300\algo.dll
2016-02-07 23:05 - 2016-02-07 23:05 - 00480760 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2016-04-04 15:10 - 2016-04-04 15:10 - 02850816 _____ () C:\Program Files\AVAST Software\Avast\defs\16040400\algo.dll
2016-04-07 08:47 - 2016-04-07 08:47 - 02853376 _____ () C:\Program Files\AVAST Software\Avast\defs\16040603\algo.dll
2012-11-26 19:05 - 2012-07-18 10:50 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2016-03-02 23:07 - 2016-02-17 09:02 - 00020352 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2012-11-26 19:10 - 2012-06-08 05:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 13:34 - 2012-06-08 13:34 - 00016400 _____ () c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2015-12-04 16:13 - 2015-12-04 16:13 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)


==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)


==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)

IE trusted site: HKU\S-1-5-21-2461873215-4186745203-1289361242-1001\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-2461873215-4186745203-1289361242-1001\...\webcompanion.com -> hxxp://webcompanion.com

==================== Hosts Inhalt: ===============================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts


==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-2461873215-4186745203-1289361242-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\optik\AppData\Roaming\Mozilla\Firefox\Desktop-Hintergrund.bmp
DNS Servers: 62.109.121.2 - 62.109.121.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)


==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [UDP Query User{1290F6E6-8A57-4451-BCC6-24FFC78A06AA}C:\users\optik\desktop\pyload-v0.4.9-win\pyload\dist\pyloadcore.exe] => (Block) C:\users\optik\desktop\pyload-v0.4.9-win\pyload\dist\pyloadcore.exe
FirewallRules: [TCP Query User{EA2FE541-DC25-4B04-A2EE-18A47391A251}C:\users\optik\desktop\pyload-v0.4.9-win\pyload\dist\pyloadcore.exe] => (Block) C:\users\optik\desktop\pyload-v0.4.9-win\pyload\dist\pyloadcore.exe
FirewallRules: [UDP Query User{DCC6B67A-69E0-447A-AF40-059D9DC9F1DB}C:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe
FirewallRules: [TCP Query User{4AA3DA39-96E4-47D0-ACC5-CCB39770F83C}C:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe
FirewallRules: [UDP Query User{22C48B7E-FC1D-4CBD-8655-843BEF3FE8CE}C:\program files (x86)\origin games\fifa 15 demo\fifa15_demo.exe] => (Allow) C:\program files (x86)\origin games\fifa 15 demo\fifa15_demo.exe
FirewallRules: [TCP Query User{29D859C4-9CEC-4EF4-9C1C-445AA912950F}C:\program files (x86)\origin games\fifa 15 demo\fifa15_demo.exe] => (Allow) C:\program files (x86)\origin games\fifa 15 demo\fifa15_demo.exe
FirewallRules: [{E0C52C12-0B7D-4D13-8B4B-5D95F6D1D7AA}] => (Allow) C:\Program Files (x86)\Origin Games\FIFA 15 DEMO\fifasetup\fifaconfig.exe
FirewallRules: [{23C45605-B5E2-47BE-9749-9040E171EBBA}] => (Allow) C:\Program Files (x86)\Origin Games\FIFA 15 DEMO\fifasetup\fifaconfig.exe
FirewallRules: [{B00B1C5A-DDEB-4DEC-BB60-A04BF87F1B72}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{21686015-0057-491B-A66F-5E0553F736AC}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{17A17685-47A0-44A1-A380-7DAD7EF24B88}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Grand Theft Auto San Andreas\gta-sa.exe
FirewallRules: [{60A61EFA-3CD6-40A5-9884-D4D71E5352E6}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Grand Theft Auto San Andreas\gta-sa.exe
FirewallRules: [{5DBEEF1B-0E0E-4F73-8C82-ED9DFF228538}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Grand Theft Auto IV\GTAIV\LaunchGTAIV.exe
FirewallRules: [{A50DB810-DADB-406B-87FD-77C9EB03D6EF}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Grand Theft Auto IV\GTAIV\LaunchGTAIV.exe
FirewallRules: [{C551166D-F754-4F4F-93DA-E861C2316BAD}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Darkness II\DarknessII.exe
FirewallRules: [{04A8AD80-1190-4C5B-A31A-2976739D2A6E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Darkness II\DarknessII.exe
FirewallRules: [{50414D68-36B5-43AC-AFA9-5FDBACCE44FD}] => (Allow) C:\Program Files (x86)\Origin Games\FIFA 13 Demo\Game\fifa13_demo.exe
FirewallRules: [{513E52D3-344D-4D06-BB3B-F5FCB898E342}] => (Allow) C:\Program Files (x86)\Origin Games\FIFA 13 Demo\Game\fifa13_demo.exe
FirewallRules: [{F23E50E8-86F1-4BF6-BE53-FA6261FF969B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Bully Scholarship Edition\Bully.exe
FirewallRules: [{06190683-94A7-462C-BF33-D8DE9DC73EF4}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Bully Scholarship Edition\Bully.exe
FirewallRules: [{B8C67915-FB09-461D-8B0F-15100BFE3F89}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{6FB048A7-2D57-4DEC-BEF4-2DE7CE153CF3}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{19AC9963-0DC4-4BEB-89CC-6FB224855B5B}] => (Allow) LPort=1900
FirewallRules: [{983C26A4-90CE-410F-A263-AF7EABCB1DDF}] => (Allow) LPort=2869
FirewallRules: [{08BAF4BB-DCF6-40DB-9D02-087D68AFD9AD}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{7BD47BC4-620E-4102-BDFE-DAA8CC2A555C}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{E664925A-B83A-4530-AF72-7D1F0C0C86FD}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [TCP Query User{1E1D9492-6244-4E47-AD58-427636C1C737}C:\program files (x86)\connectify\connectify.exe] => (Allow) C:\program files (x86)\connectify\connectify.exe
FirewallRules: [UDP Query User{FB64C4F3-7FAF-4A54-BCF1-97B1449BA50C}C:\program files (x86)\connectify\connectify.exe] => (Allow) C:\program files (x86)\connectify\connectify.exe
FirewallRules: [TCP Query User{CF791C29-ABDE-49EE-8553-A641960F5725}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe
FirewallRules: [UDP Query User{B2D8C3C5-41BF-472E-895E-6325AF6172A9}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe
FirewallRules: [{4974F657-632B-4F17-8A30-71778DA2F2E0}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{6542C786-4B80-4CBA-A5D4-1EAFC15B26E1}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{FFE1247B-468B-4247-A102-7D40160DA777}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{4C739E9C-9BED-468A-A397-73B5B40D9067}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{0CFD6A1A-6EA0-4B8E-9F0C-D376CE31378F}] => (Allow) C:\Program Files (x86)\Origin Games\FIFA 14 Demo\Game\fifa14_demo.exe
FirewallRules: [{9A55A05A-E229-4A83-AF7C-D6FC783C3A08}] => (Allow) C:\Program Files (x86)\Origin Games\FIFA 14 Demo\Game\fifa14_demo.exe
FirewallRules: [{52C3CB11-4EFF-4109-B303-3AC95DDB4831}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Cry of Fear\CoFLaunchApp.exe
FirewallRules: [{B4863902-1E2A-4702-B24F-1A637AE58BAE}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Cry of Fear\CoFLaunchApp.exe
FirewallRules: [TCP Query User{B85DF138-37D2-442B-A5FF-6F8E2A479346}C:\program files (x86)\steam\steamapps\common\cry of fear\cof.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\cry of fear\cof.exe
FirewallRules: [UDP Query User{38A5CF0A-38C0-49EA-9E13-B65F17FF964F}C:\program files (x86)\steam\steamapps\common\cry of fear\cof.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\cry of fear\cof.exe
FirewallRules: [{91223428-1506-4680-B804-8DBBFA875CAF}] => (Allow) C:\Users\optik\Desktop\firefox.exe
FirewallRules: [{A9DDB4AB-32D0-45E3-9D90-47B29DC1F0A8}] => (Allow) C:\Users\optik\Desktop\firefox.exe
FirewallRules: [TCP Query User{36457055-BC5F-43FD-B562-2CF06564AC71}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Block) C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [UDP Query User{100CAA9B-2EAB-4E0B-938E-14F1DA41E817}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Block) C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [{F5BB8811-A98A-4CEF-87D5-B0250828F215}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Among the Sleep Demo\Among the Sleep Demo.exe
FirewallRules: [{003784FA-4A0A-4779-9248-A38655C9730C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Among the Sleep Demo\Among the Sleep Demo.exe
FirewallRules: [TCP Query User{8B186FAC-BB5F-4B2D-81FE-C1558F2FA1AF}C:\program files (x86)\origin games\fifa 16 demo\fifa16_demo.exe] => (Allow) C:\program files (x86)\origin games\fifa 16 demo\fifa16_demo.exe
FirewallRules: [UDP Query User{A64728E4-E298-4A2C-B945-EC29AB0B58D5}C:\program files (x86)\origin games\fifa 16 demo\fifa16_demo.exe] => (Allow) C:\program files (x86)\origin games\fifa 16 demo\fifa16_demo.exe
FirewallRules: [{46207933-00AB-463D-B4A7-B10D08837DD8}] => (Block) C:\program files (x86)\origin games\fifa 16 demo\fifa16_demo.exe
FirewallRules: [{F8736320-B6F0-4BF5-9E3C-C8F7E679CBA3}] => (Block) C:\program files (x86)\origin games\fifa 16 demo\fifa16_demo.exe
FirewallRules: [{8D5481CE-EE10-4747-B921-C368EBDD2777}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{B05BDEE0-7A75-4509-8911-FBECC2C24434}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{038E4D1C-17EA-446B-9C4B-C69237CA0609}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{AAEBDD80-B578-4BB0-81CE-AA545862C77C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{BC6D894A-AEDA-497A-96BD-BA15CDC22307}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{6F283914-F546-4431-8D37-3CE795AC9C90}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{F59184D2-18AF-4EE7-AD3E-5D5BB386132E}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [TCP Query User{7A7E3250-7CE2-4D0C-807C-D8A8A4A33C8D}C:\program files (x86)\java\jre1.8.0_66\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_66\bin\javaw.exe
FirewallRules: [UDP Query User{9B84C064-4647-49C0-90C6-B0CEDAC6CA6D}C:\program files (x86)\java\jre1.8.0_66\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_66\bin\javaw.exe
FirewallRules: [{8013752C-CAD4-4EFE-8FBD-F6B7721D9F22}] => (Block) C:\program files (x86)\java\jre1.8.0_66\bin\javaw.exe
FirewallRules: [{2064C4D6-D831-40BC-8F90-11B996E55A52}] => (Block) C:\program files (x86)\java\jre1.8.0_66\bin\javaw.exe
FirewallRules: [{C9CC3AD6-3E69-49DE-A937-3D2844D9596D}] => (Allow) C:\Program Files (x86)\Sierra\FEAR\FEAR.exe
FirewallRules: [{38FA607D-DDD1-460E-9986-7A9370261D48}] => (Allow) C:\Program Files (x86)\Sierra\FEAR\FEAR.exe
FirewallRules: [{6B2C2D10-9193-4B3C-BA95-7F942769A3B2}] => (Allow) C:\Program Files (x86)\Origin Games\FIFA 16 DEMO\fifasetup\fifaconfig.exe
FirewallRules: [{28FCCF12-A04E-4261-88B0-BEC1EF35CB1A}] => (Allow) C:\Program Files (x86)\Origin Games\FIFA 16 DEMO\fifasetup\fifaconfig.exe
FirewallRules: [{40E84F7A-0A97-47C1-B848-0D4150E8187A}] => (Allow) C:\Program Files (x86)\Origin Games\Dead Space\Dead Space.exe
FirewallRules: [{95B23D7F-EE20-44CD-BD4C-620AA592AA59}] => (Allow) C:\Program Files (x86)\Origin Games\Dead Space\Dead Space.exe
FirewallRules: [TCP Query User{17C7600B-65F7-43E5-B78B-7C1122BDC3F2}C:\program files (x86)\r.g. mechanics\stranglehold\binaries\retail-stranglehold.exe] => (Block) C:\program files (x86)\r.g. mechanics\stranglehold\binaries\retail-stranglehold.exe
FirewallRules: [UDP Query User{7775C65B-4FB4-45DF-82CE-4F5CB9A8D78E}C:\program files (x86)\r.g. mechanics\stranglehold\binaries\retail-stranglehold.exe] => (Block) C:\program files (x86)\r.g. mechanics\stranglehold\binaries\retail-stranglehold.exe
FirewallRules: [{0407102A-1BC4-4D91-BD98-5364288E55BC}] => (Allow) C:\Program Files (x86)\Origin Games\Need for Speed(TM) Most Wanted\NFS13.exe
FirewallRules: [{B47A9204-F8AD-4FC9-B1C8-B0A1C5BB974E}] => (Allow) C:\Program Files (x86)\Origin Games\Need for Speed(TM) Most Wanted\NFS13.exe
FirewallRules: [TCP Query User{AF13D986-5B2A-48C4-A589-52A151B48795}C:\users\optik\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\optik\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [UDP Query User{144A41F0-BEDE-43D3-B22D-7DA0FC76A1C2}C:\users\optik\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\optik\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [{368B9B7B-7E93-47F4-9100-6077A466208C}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{13DFC5D0-95B9-4D53-A0A3-A5EDBECFE04B}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{64932311-4BF2-43B9-BD25-0CB444FBB116}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{7A345391-194B-4F81-ACFB-86D529C35A56}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{350C7948-1B54-4F41-B6B4-B34912607CA6}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{A5C9B7B9-B48A-4624-B34A-9F50A479C9CB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{0517F2F9-7F3C-4751-99A4-90E0A67B4257}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{927DAF2A-CB4F-4EC7-8D54-164C277A942C}] => (Allow) C:\Program Files (x86)\Origin Games\Medal of Honor Pacific Assault\mohpa.exe
FirewallRules: [{16B88443-D214-4C3A-9641-F2DCD37CEFC8}] => (Allow) C:\Program Files (x86)\Origin Games\Medal of Honor Pacific Assault\mohpa.exe
FirewallRules: [{24E109B0-0F72-4B2C-9F5C-EC68E3A39CDB}] => (Allow) C:\Program Files (x86)\Origin Games\Medal of Honor Pacific Assault\mohpa_setup.exe
FirewallRules: [{EB293D36-F626-42F7-B431-FCEBA88D5F19}] => (Allow) C:\Program Files (x86)\Origin Games\Medal of Honor Pacific Assault\mohpa_setup.exe
FirewallRules: [TCP Query User{9BA5FE86-62C8-40E8-8FEB-4F87914E9474}C:\program files (x86)\ubisoft\splinter cell pandora tomorrow\pandora.exe] => (Allow) C:\program files (x86)\ubisoft\splinter cell pandora tomorrow\pandora.exe
FirewallRules: [UDP Query User{CE3F6B29-4085-4DFA-8573-8D6901EB4841}C:\program files (x86)\ubisoft\splinter cell pandora tomorrow\pandora.exe] => (Allow) C:\program files (x86)\ubisoft\splinter cell pandora tomorrow\pandora.exe
FirewallRules: [{B6B84738-EDAE-4482-B8F7-D1B437D8A541}] => (Block) C:\program files (x86)\ubisoft\splinter cell pandora tomorrow\pandora.exe
FirewallRules: [{958186E6-E93A-4551-BEE0-9AA147650025}] => (Block) C:\program files (x86)\ubisoft\splinter cell pandora tomorrow\pandora.exe
FirewallRules: [{86C71B38-C499-4DD1-BF26-115160BBDD6D}] => (Allow) LPort=53000
FirewallRules: [{F3F38BAA-7971-405B-9C86-4E223308BD98}] => (Allow) LPort=52000

==================== Wiederherstellungspunkte =========================

17-03-2016 19:08:01 Geplanter Prüfpunkt
24-03-2016 21:36:32 Windows Update
25-03-2016 22:32:19 Installed Call of Juarez
28-03-2016 21:50:31 Installiert Splinter Cell Pandora Tomorrow
06-04-2016 16:11:43 Removed PCKeeper

==================== Fehlerhafte Geräte im Gerätemanager =============

Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (04/03/2016 09:53:20 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15516

Error: (04/03/2016 09:53:20 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15516

Error: (04/03/2016 09:53:20 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/01/2016 04:33:15 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15562

Error: (04/01/2016 04:33:15 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15562

Error: (04/01/2016 04:33:15 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (03/31/2016 04:45:22 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15578

Error: (03/31/2016 04:45:22 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15578

Error: (03/31/2016 04:45:22 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (03/31/2016 04:45:01 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: TWINZ)
Description: Bei der Aktivierung der App „microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.


Systemfehler:
=============
Error: (04/07/2016 01:49:04 PM) (Source: Schannel) (EventID: 4102) (User: NT-AUTORITÄT)
Description: Schwerwiegender Fehler beim Zugriff auf den privaten Schlüssel der Anmeldeinformationen Server für SSL. Der vom kryptografischen Modul zurückgegebene Fehlercode lautet 0x8009030d. Der interne Fehlerstatus ist 10001.

Error: (04/07/2016 01:48:50 PM) (Source: nvlddmkm) (EventID: 14) (User: )
Description: \Device\Video1CMDre 00000000 00000080 00000000 00000005 0000000b

Error: (04/07/2016 01:48:48 PM) (Source: nvlddmkm) (EventID: 14) (User: )
Description: \Device\Video1CMDre 00000000 00000080 00000000 00000005 0000000b

Error: (04/07/2016 08:34:08 AM) (Source: Schannel) (EventID: 4102) (User: NT-AUTORITÄT)
Description: Schwerwiegender Fehler beim Zugriff auf den privaten Schlüssel der Anmeldeinformationen Server für SSL. Der vom kryptografischen Modul zurückgegebene Fehlercode lautet 0x8009030d. Der interne Fehlerstatus ist 10001.

Error: (04/07/2016 08:33:55 AM) (Source: nvlddmkm) (EventID: 14) (User: )
Description: \Device\Video1CMDre 00000000 00000080 00000000 00000005 0000000b

Error: (04/07/2016 08:33:53 AM) (Source: nvlddmkm) (EventID: 14) (User: )
Description: \Device\Video1CMDre 00000000 00000080 00000000 00000005 0000000b

Error: (04/06/2016 07:21:19 PM) (Source: nvlddmkm) (EventID: 14) (User: )
Description: \Device\Video1CMDre 00000000 00000080 00000000 00000005 0000000b

Error: (04/06/2016 07:21:17 PM) (Source: nvlddmkm) (EventID: 14) (User: )
Description: \Device\Video1CMDre 00000000 00000080 00000000 00000005 0000000b

Error: (04/06/2016 04:37:19 PM) (Source: Schannel) (EventID: 4102) (User: NT-AUTORITÄT)
Description: Schwerwiegender Fehler beim Zugriff auf den privaten Schlüssel der Anmeldeinformationen Server für SSL. Der vom kryptografischen Modul zurückgegebene Fehlercode lautet 0x8009030d. Der interne Fehlerstatus ist 10001.

Error: (04/06/2016 04:13:31 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst PCKAVService erreicht.


CodeIntegrity:
===================================
  Date: 2015-07-28 13:23:48.269
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-05-13 22:14:11.429
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-05-13 22:14:11.085
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-05-13 22:14:10.788
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-05-13 22:14:10.585
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-05-13 22:14:10.178
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-05-13 22:14:09.897
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-05-13 22:14:06.741
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-05-13 22:14:06.569
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-05-13 22:14:06.319
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Speicherinformationen =========================== 

Prozessor: Intel(R) Core(TM) i7-3770 CPU @ 3.40GHz
Prozentuale Nutzung des RAM: 34%
Installierter physikalischer RAM: 8147.35 MB
Verfügbarer physikalischer RAM: 5353.86 MB
Summe virtueller Speicher: 8547.35 MB
Verfügbarer virtueller Speicher: 4947.15 MB

==================== Laufwerke ================================

Drive c: (OS) (Fixed) (Total:1849.89 GB) (Free:1018.49 GB) NTFS ==>[System mit Startkomponenten (eingeholt von Laufwerk)]
Drive d: (Recovery Image) (Fixed) (Total:11.21 GB) (Free:1.33 GB) NTFS ==>[System mit Startkomponenten (eingeholt von Laufwerk)]
Drive h: (FEAR) (CDROM) (Total:4.2 GB) (Free:0 GB) CDFS
Drive i: (Hit & Run 1) (CDROM) (Total:0.63 GB) (Free:0 GB) CDFS
Drive j: (Hit & Run 2) (CDROM) (Total:0.64 GB) (Free:0 GB) CDFS
Drive k: (Hit & Run 3) (CDROM) (Total:0.6 GB) (Free:0 GB) CDFS

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (Size: 1863 GB) (Disk ID: 59A27AD7)

Partition: GPT.

==================== Ende von Addition.txt ============================

ertanal · 07.04.2016, 13:17

Code:

ATTFilter

14:12:39.0302 0x1878  TDSS rootkit removing tool 3.1.0.9 Dec 11 2015 22:49:12
14:12:39.0302 0x1878  UEFI system
14:13:03.0140 0x1878  ============================================================
14:13:03.0140 0x1878  Current date / time: 2016/04/07 14:13:03.0140
14:13:03.0140 0x1878  SystemInfo:
14:13:03.0140 0x1878  
14:13:03.0140 0x1878  OS Version: 6.3.9600 ServicePack: 0.0
14:13:03.0140 0x1878  Product type: Workstation
14:13:03.0140 0x1878  ComputerName: TWINZ
14:13:03.0140 0x1878  UserName: optik
14:13:03.0140 0x1878  Windows directory: C:\WINDOWS
14:13:03.0140 0x1878  System windows directory: C:\WINDOWS
14:13:03.0140 0x1878  Running under WOW64
14:13:03.0140 0x1878  Processor architecture: Intel x64
14:13:03.0140 0x1878  Number of processors: 8
14:13:03.0140 0x1878  Page size: 0x1000
14:13:03.0140 0x1878  Boot type: Normal boot
14:13:03.0140 0x1878  ============================================================
14:13:03.0419 0x1878  KLMD registered as C:\WINDOWS\system32\drivers\39697500.sys
14:13:03.0708 0x1878  System UUID: {1B3EEA69-7C89-7A0D-5150-9DDE13CE2296}
14:13:04.0325 0x1878  Drive \Device\Harddisk0\DR0 - Size: 0x1D1C1116000 ( 1863.02 Gb ), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:13:04.0353 0x1878  ============================================================
14:13:04.0353 0x1878  \Device\Harddisk0\DR0:
14:13:04.0353 0x1878  GPT partitions:
14:13:04.0354 0x1878  \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {DD958599-A651-4208-88FD-4AF778BD4E3A}, Name: Basic data partition, StartLBA 0x800, BlocksNum 0x1FF800
14:13:04.0354 0x1878  \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {6A0652AE-4B87-4E93-A787-B7B0B83589DC}, Name: EFI system partition, StartLBA 0x200000, BlocksNum 0xB4000
14:13:04.0354 0x1878  \Device\Harddisk0\DR0\Partition3: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {B7C3CA68-D624-4587-92B6-70C0A9C51749}, Name: Microsoft reserved partition, StartLBA 0x2B4000, BlocksNum 0x40000
14:13:04.0354 0x1878  \Device\Harddisk0\DR0\Partition4: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {CB038F5A-F766-485B-B8DF-7438FD5D94E8}, Name: Basic data partition, StartLBA 0x2F4000, BlocksNum 0xE73C6800
14:13:04.0354 0x1878  \Device\Harddisk0\DR0\Partition5: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {9AD891FE-C8BA-4726-BF5C-6129388AE367}, Name: , StartLBA 0xE76BA800, BlocksNum 0xE1000
14:13:04.0354 0x1878  \Device\Harddisk0\DR0\Partition6: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {FFDB71F8-1CA8-46FF-B8AC-197D8D7C4D98}, Name: Basic data partition, StartLBA 0xE779B800, BlocksNum 0x166D000
14:13:04.0354 0x1878  MBR partitions:
14:13:04.0354 0x1878  ============================================================
14:13:04.0404 0x1878  C: <-> \Device\Harddisk0\DR0\Partition4
14:13:04.0434 0x1878  D: <-> \Device\Harddisk0\DR0\Partition6
14:13:04.0434 0x1878  ============================================================
14:13:04.0434 0x1878  Initialize success
14:13:04.0434 0x1878  ============================================================
14:14:28.0992 0x0060  ============================================================
14:14:28.0992 0x0060  Scan started
14:14:28.0992 0x0060  Mode: Manual; SigCheck; TDLFS; 
14:14:28.0992 0x0060  ============================================================
14:14:28.0992 0x0060  KSN ping started
14:14:31.0309 0x0060  KSN ping finished: true
14:14:33.0328 0x0060  ================ Scan system memory ========================
14:14:33.0329 0x0060  System memory - ok
14:14:33.0329 0x0060  ================ Scan services =============================
14:14:33.0537 0x0060  [ E1832BD9FD7E0FC2DC9FA5935DE3E8C1, 41FF7418887AFC8B9C96EF21C5950DD342CC9E3C0D87AFD60A05B988C1D6CC23 ] 1394ohci        C:\WINDOWS\System32\drivers\1394ohci.sys
14:14:33.0644 0x0060  1394ohci - ok
14:14:33.0688 0x0060  [ AD508A1A46EC21B740AB31C28EFDFDB1, 9B1046CF0B80723149BD359B55CC0B8B3ABBEAA9038469F542A4C345C503FB02 ] 3ware           C:\WINDOWS\system32\drivers\3ware.sys
14:14:33.0736 0x0060  3ware - ok
14:14:33.0790 0x0060  [ E796AE43DDD1844281DB4D57294D17C0, 21AE69615044A96041E46476BE814B52C22624B6C7EA6BFC77BB64F69C3C21F5 ] ACPI            C:\WINDOWS\system32\drivers\ACPI.sys
14:14:33.0841 0x0060  ACPI - ok
14:14:33.0864 0x0060  [ AC8279D229398BCF05C3154ADCA86813, 083E86CBE53244D24C334DB1511C77025133AE7875191845764B890A8CA5AFA9 ] acpiex          C:\WINDOWS\system32\Drivers\acpiex.sys
14:14:33.0907 0x0060  acpiex - ok
14:14:33.0928 0x0060  [ A8970D9BF23CD309E0403978A1B58F3F, 9946C8477104EEC7DB197E2222F9905307F101C398CCED4B5FD0F86A5622C791 ] acpipagr        C:\WINDOWS\System32\drivers\acpipagr.sys
14:14:33.0946 0x0060  acpipagr - ok
14:14:33.0971 0x0060  [ 111A89C99C5B4F1A7BCE5F643DD86F65, 41A2E49FF443927D05F7EF638518108227852984E68D4663C8761178C0B84A45 ] AcpiPmi         C:\WINDOWS\System32\drivers\acpipmi.sys
14:14:34.0002 0x0060  AcpiPmi - ok
14:14:34.0005 0x0060  [ 5758387D68A20AE7D3245011B07E36E7, 77832E200E8B0D259552F6F60FE454A887E3EBBB9EA2F3590E6645289A04E293 ] acpitime        C:\WINDOWS\System32\drivers\acpitime.sys
14:14:34.0019 0x0060  acpitime - ok
14:14:34.0106 0x0060  [ A9D55370A0CBADD1E1E2B4796ACD26DF, 9FD0C2B1206321B34D97FF3D01C5C811022DA76DA667DB6ECCF2746437A706A2 ] AdobeFlashPlayerUpdateSvc C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
14:14:34.0125 0x0060  AdobeFlashPlayerUpdateSvc - ok
14:14:34.0151 0x0060  [ 7C1FDF1B48298CBA7CE4BDD4978951AD, 80F4D536E1231B30E836F72ADC8814AE6AA9FEC573FB5F3F965FAC8ABCCAF0F8 ] ADP80XX         C:\WINDOWS\system32\drivers\ADP80XX.SYS
14:14:34.0218 0x0060  ADP80XX - ok
14:14:34.0264 0x0060  [ BCD58DACAA1EAAADC115EDD940478F6D, F31613F583C302F62A00E6766B031531C9E193CAED563689B178BA257715B992 ] AeLookupSvc     C:\WINDOWS\System32\aelupsvc.dll
14:14:34.0287 0x0060  AeLookupSvc - ok
14:14:34.0344 0x0060  [ A460C3AF3755A2A79A3C8EFE72E147B5, 62CEA85DA53D86D3E7B5D79F94095C6126FFF3DEE1427BBF3DEF5EA366B4513B ] AFD             C:\WINDOWS\system32\drivers\afd.sys
14:14:34.0371 0x0060  AFD - ok
14:14:34.0385 0x0060  [ 7DFAEBA9AD62D20102B576D5CAC45EC8, 9FA5207335303D1E8E9A3C9E1FB82C09AD21B04382F69D777A67E48EE91D2093 ] agp440          C:\WINDOWS\system32\drivers\agp440.sys
14:14:34.0425 0x0060  agp440 - ok
14:14:34.0449 0x0060  [ FE14D249D39368CA62D8DA6BC94AC694, E1036E22BFBD3750FD2D3DA6AB939B2DD54E824F4BD3E6539EF0E45AB5453DD1 ] ahcache         C:\WINDOWS\system32\DRIVERS\ahcache.sys
14:14:34.0485 0x0060  ahcache - ok
14:14:34.0516 0x0060  [ 14A45BE6F5678339F0EC5752D9849410, DD0F60E96FAC68FBD5B86382E541408C613BD0F871D0E0A1EF9AB6E7B26E545C ] ALG             C:\WINDOWS\System32\alg.exe
14:14:34.0525 0x0060  ALG - ok
14:14:34.0529 0x0060  [ 7589DE749DB6F71A68489DCE04158729, 5F35EDD50737985595C9D6703237CA2ADE49AA5443331020899698EB5114A0FB ] AmdK8           C:\WINDOWS\System32\drivers\amdk8.sys
14:14:34.0548 0x0060  AmdK8 - ok
14:14:34.0558 0x0060  [ B46D2D89AFF8A9490FA8C98C7A5616E3, BE0765B5423B690E0F097FECD9717FAA95BFDFFDC6CF1B93DE5A19A1B7797879 ] AmdPPM          C:\WINDOWS\System32\drivers\amdppm.sys
14:14:34.0574 0x0060  AmdPPM - ok
14:14:34.0578 0x0060  [ D2BF2F94A47D332814910FD47C6BBCD2, FE273D77D119D958676E1197D9EA7B008E3B05C6192B1962A81D4223ED204C35 ] amdsata         C:\WINDOWS\system32\drivers\amdsata.sys
14:14:34.0610 0x0060  amdsata - ok
14:14:34.0632 0x0060  [ A8E04943C7BBA7219AA50400272C3C6E, 794C0BD12DF0392654E9A37AE4A24B5BE2D83F1F24F74DD48A1A0BF3AB8B1FF8 ] amdsbs          C:\WINDOWS\system32\drivers\amdsbs.sys
14:14:34.0650 0x0060  amdsbs - ok
14:14:34.0660 0x0060  [ CEA5F4F27CFC08E3A44D576811B35F50, 89DF64B81BD109BAABAE93A4603C1617241219F38DDAF325EFE6BD35FF6FD717 ] amdxata         C:\WINDOWS\system32\drivers\amdxata.sys
14:14:34.0685 0x0060  amdxata - ok
14:14:34.0748 0x0060  [ 9DCB42905F1EBF9CEC57EE5DF0BDA965, 4C888AAD0DDE01565FD7FBB6B70A500158CF2E4CECF9ADD4AFD302A993587269 ] AppHostSvc      C:\WINDOWS\system32\inetsrv\apphostsvc.dll
14:14:34.0767 0x0060  AppHostSvc - ok
14:14:34.0782 0x0060  [ 415DD71628795197F7AFC176CBADC74E, 5F0359053A6CD6EE239139E0E6F46E1FA9A73F017C0CE9B7BC052216B2C846EC ] AppID           C:\WINDOWS\system32\drivers\appid.sys
14:14:34.0803 0x0060  AppID - ok
14:14:34.0827 0x0060  [ 88358135810B9DFD830A9D3A8C3D149A, DF914DA3828EE2310895D156342E3B3DF5E8C6F6F9B851C359E82A1F48180D4B ] AppIDSvc        C:\WINDOWS\System32\appidsvc.dll
14:14:34.0838 0x0060  AppIDSvc - ok
14:14:34.0868 0x0060  [ 680BFB820C5A943AB709BAA2B1EF27F2, A51D2A7976A762FE470C13C6D1BA0319A0FB19C9E66BF02AA44F83EAEC7130F8 ] Appinfo         C:\WINDOWS\System32\appinfo.dll
14:14:34.0878 0x0060  Appinfo - ok
14:14:34.0965 0x0060  [ 2D564BB1C4559A517B390A031955714D, 3048C187FD107C958D43DD8B954AB55FDD1BC538D3E0066CBFCB428C7A8A87E1 ] Apple Mobile Device Service C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
14:14:34.0977 0x0060  Apple Mobile Device Service - ok
14:14:35.0004 0x0060  [ 35E28923A23ADABAA5A1B43256D0AB58, A5F3AF8BBEE58B2165BAFACC5FF8B167B55B020998D3D1565C2229ED8753B269 ] AppReadiness    C:\WINDOWS\system32\AppReadiness.dll
14:14:35.0025 0x0060  AppReadiness - ok
14:14:35.0082 0x0060  [ 573542B5E97772021B73E854DA861DAA, C3FD00FA28060F8D7CDFD455BBB5FF8239CB76DDFFF2BDAE6AA944674DD993D3 ] AppXSvc         C:\WINDOWS\system32\appxdeploymentserver.dll
14:14:35.0111 0x0060  AppXSvc - ok
14:14:35.0126 0x0060  [ 65045784366F7EC5FB4E71BCF923187B, 53C215C64FF12E44B097F7CB88E8482438CE0ACBD3C68D8FD38BA0D0D8747FAA ] arcsas          C:\WINDOWS\system32\drivers\arcsas.sys
14:14:35.0153 0x0060  arcsas - ok
14:14:35.0277 0x0060  [ F15AB80B867D3332D5DDFB0A05B9CE04, 5A16577106246AB5DCC04FE0A0B00B7C5702557B75F958721E4C00383AB99809 ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
14:14:35.0293 0x0060  aspnet_state - ok
14:14:35.0308 0x0060  [ 7E66DFE6B62C6C34FD6B09DB6169E9F6, BCE908BBF35FD9471018BFC9DCE357529F558693692FF51DA868024F7FD0E868 ] aswHwid         C:\WINDOWS\system32\drivers\aswHwid.sys
14:14:35.0331 0x0060  aswHwid - ok
14:14:35.0365 0x0060  [ AECE9E699CAC76DC993BB988652B5AD8, 76DB04A9CA1D2EED9EB50F9D23197B02E9D42D96BF1C239C9EE5FA9CCA36F85A ] aswKbd          C:\WINDOWS\system32\drivers\aswKbd.sys
14:14:35.0383 0x0060  aswKbd - ok
14:14:35.0418 0x0060  [ 1459AAD5C6A66A458C2D57EE6E080FA5, 6A3D6EBCE1EDCFE307DF915CB0C3183668848BCEAA71EA58AB0F4F650F8EABDA ] aswMonFlt       C:\WINDOWS\system32\drivers\aswMonFlt.sys
14:14:35.0452 0x0060  aswMonFlt - ok
14:14:35.0475 0x0060  [ 0866D5FE02D614501B7B4AD5E1BC7B53, C34B4AF64DA9592EADC070C7A384070D564DCE3412337F671932A4818D8E12E8 ] aswRdr          C:\WINDOWS\system32\drivers\aswRdr2.sys
14:14:35.0488 0x0060  aswRdr - ok
14:14:35.0501 0x0060  [ 0AA12ADF5F87B4A70BDBAED77F54B978, 2C33F656EC2E51493A40FF32A5C934E209CF1475A8B0F3573396E97F8A10A76A ] aswRvrt         C:\WINDOWS\system32\drivers\aswRvrt.sys
14:14:35.0515 0x0060  aswRvrt - ok
14:14:35.0559 0x0060  [ 719B704109B933D819093CDDB156A7F1, 3FF75BFA8BBE5C4A817C8166BAD73B1E3C5609D6A1F0AE85B166E30DE61EB901 ] aswSnx          C:\WINDOWS\system32\drivers\aswSnx.sys
14:14:35.0650 0x0060  aswSnx - ok
14:14:35.0675 0x0060  [ 43F46E7D103F46EC345B1056BDD2A60B, 6F8D844F3EBFDC56A319758C88B2C87FBDE185E5B1E08F8627F29158F190DBFF ] aswSP           C:\WINDOWS\system32\drivers\aswSP.sys
14:14:35.0725 0x0060  aswSP - ok
14:14:35.0783 0x0060  [ 219D0E2348629FAE4E6E3478C21B23D6, 3545F59A966F31CE949596629217FD4D7119162411073D4D811575620728AC68 ] aswStm          C:\WINDOWS\system32\drivers\aswStm.sys
14:14:35.0791 0x0060  aswStm - ok
14:14:35.0826 0x0060  [ 9949BBD5BB70C4D317B7549896132579, DD92AAD8530C04365C24BD540C909FBDCFC92B18CB6ABB0E655F360EBC4DCD1E ] aswVmm          C:\WINDOWS\system32\drivers\aswVmm.sys
14:14:35.0865 0x0060  aswVmm - ok
14:14:35.0916 0x0060  [ 3DB7721F06BC2FEDB25029EA23AB27DA, 221861148C66FE53E4D6EE49C6E656479AB5804A2D348A280A1CD8093E8AB788 ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
14:14:35.0942 0x0060  AsyncMac - ok
14:14:35.0950 0x0060  [ 74B14192CF79A72F7536B27CB8814FBD, 0CF6BBB63FFE0C12777664D80B2797923844C8392D0FD81D7962EE5EE2C3C3D9 ] atapi           C:\WINDOWS\system32\drivers\atapi.sys
14:14:35.0985 0x0060  atapi - ok
14:14:36.0011 0x0060  [ 431FE56F5A2F5937994CB2DA330B47DB, E5AED551529A21494114959251FDF566802DD6D9B9D86A937A0EECE53338CAC7 ] AudioEndpointBuilder C:\WINDOWS\System32\AudioEndpointBuilder.dll
14:14:36.0024 0x0060  AudioEndpointBuilder - ok
14:14:36.0047 0x0060  [ 0F03CC00645D7F841879A048787D6AC7, 3ECD2486157469F2EDB63D4868338D1445F2909153DF0AFFE432083730EEE3F5 ] Audiosrv        C:\WINDOWS\System32\Audiosrv.dll
14:14:36.0066 0x0060  Audiosrv - ok
14:14:36.0121 0x0060  [ 501E11AE85EE28D305D228F5931AC76C, FB7052CFA143E5D431131EBB59D4EDAEEFCB56A017552E2395F1954F861613A0 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
14:14:36.0141 0x0060  avast! Antivirus - ok
14:14:36.0158 0x0060  AvastVBoxSvc - ok
14:14:36.0176 0x0060  [ 3C6ED74AF41DD1A5585CE5EF3D00915F, A742F576407776634E5A8E49C60023FFDF395DE0B2DE36662A23F85B79405ED2 ] AxInstSV        C:\WINDOWS\System32\AxInstSV.dll
14:14:36.0184 0x0060  AxInstSV - ok
14:14:36.0202 0x0060  [ A4A73F631FE2AA2826FBE4A399B04DEF, 973AACE8DC8DA669D0DF20F17EFDEEABB90AA046AC980948D16A62D39A606A79 ] b06bdrv         C:\WINDOWS\system32\drivers\bxvbda.sys
14:14:36.0226 0x0060  b06bdrv - ok
14:14:36.0261 0x0060  [ 8CC7F7E4AFCBA605921B137ED7992C68, 71406E6D6E9964740A6D90B05329D5492BB90AF40E0630CF2FBF4BA4BA14F2DD ] BasicDisplay    C:\WINDOWS\System32\drivers\BasicDisplay.sys
14:14:36.0308 0x0060  BasicDisplay - ok
14:14:36.0315 0x0060  [ 38A82F4EE8C416A6744B6D30381ED768, 9EAAE5F43BA09359130AC04B1DCA0F5D4DF32ED89C02DC5CEB640918948847F7 ] BasicRender     C:\WINDOWS\System32\drivers\BasicRender.sys
14:14:36.0370 0x0060  BasicRender - ok
14:14:36.0381 0x0060  [ C1ABB0F7E3BEA48A0417BDF6FF14AB21, 1CAC63A1A0FB9855A27EE977794576A860F6650C9EF7667FFB27F2A2FF721857 ] bcmfn2          C:\WINDOWS\System32\drivers\bcmfn2.sys
14:14:36.0452 0x0060  bcmfn2 - ok
14:14:36.0490 0x0060  [ 4B6F61BD394DCEDA9B06D702836531C2, 83C739467BD9A00FE09BCE83BB9409EA2DA62FCDD2384F9EE98626226223E918 ] BDESVC          C:\WINDOWS\System32\bdesvc.dll
14:14:36.0511 0x0060  BDESVC - ok
14:14:36.0537 0x0060  [ EC19013E4CF87609534165DF897274D6, 8ED45537CF2D58D759A587CCBFDADD5580C7447B0C3B172CF19ECC7585E073FC ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
14:14:36.0579 0x0060  Beep - ok
14:14:36.0627 0x0060  [ 8F2AD111B47A190F325EE7495D3C1803, C61F1506E74A9EFBB61B8A06B30886B6E891C33211F755F30B924EBA202ECEC5 ] BFE             C:\WINDOWS\System32\bfe.dll
14:14:36.0661 0x0060  BFE - ok
14:14:36.0705 0x0060  [ 48554994279BFE17A3D2B00076D0CB1A, 6521B1EC0BC6B01F63976370D89FE7DC2E7404899F68B6FAC37A9173B9C5D489 ] BITS            C:\WINDOWS\System32\qmgr.dll
14:14:36.0726 0x0060  BITS - ok
14:14:36.0772 0x0060  [ B5C2F92EE1106DFE7BB1CCE4D35B6037, E399C390687589194D8AAD385055F0CFA7D52AD9E837D8FF95008B8EB2B34E50 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
14:14:36.0790 0x0060  Bonjour Service - ok
14:14:36.0803 0x0060  [ 6B4FFFDDC618FCF64473CAA86E305697, 29EA66071D5822920F5C50533673ADAB5204F8B25C11027AD27450D881F1142D ] bowser          C:\WINDOWS\system32\DRIVERS\bowser.sys
14:14:36.0844 0x0060  bowser - ok
14:14:36.0883 0x0060  [ FA601515FF2B59F25FDD8EDB1D2A1104, 21DFB53241F8E880F7546B9ADF38F47D6AD0782EC7F8F0284ED69DE7CEF7DCB9 ] BrokerInfrastructure C:\WINDOWS\System32\bisrv.dll
14:14:36.0895 0x0060  BrokerInfrastructure - ok
14:14:36.0911 0x0060  [ BC111AADACD0BF59D56547461D13AB6E, 91E3619930C29EE4B2683683888BA7EE3CF6B1DDB0C19A14E0880470CBE40EF4 ] Browser         C:\WINDOWS\System32\browser.dll
14:14:36.0920 0x0060  Browser - ok
14:14:36.0932 0x0060  [ A8F23D453A424FF4DE04989C4727ECC7, AE4A9081395C7379F1C947EF8243F7609F90C843E086B8E77E1A2C06E36D4381 ] BthAvrcpTg      C:\WINDOWS\System32\drivers\BthAvrcpTg.sys
14:14:36.0945 0x0060  BthAvrcpTg - ok
14:14:36.0965 0x0060  [ 272A62B660A48AEF366F8A1836CED19F, 78EFAC6B1B2313482329BBFFBF0DDA6462BD88E5BE3C817C5E8E0EAF3074C925 ] BthHFEnum       C:\WINDOWS\System32\drivers\bthhfenum.sys
14:14:36.0996 0x0060  BthHFEnum - ok
14:14:37.0017 0x0060  [ 71FE2A48E4C93DDB9798C024880B6C07, 8E93DE29C61A5FA64216231228CB3C4A1A693FE87CAA2C070BCAD7BE2D8ED000 ] bthhfhid        C:\WINDOWS\System32\drivers\BthHFHid.sys
14:14:37.0048 0x0060  bthhfhid - ok
14:14:37.0074 0x0060  [ 9307A4B743D277C499CDA8E19E5687AC, 7A01989EC3D54581F292BDEDC9B9445F2ABD50165102617E3089BDD061C63A19 ] BthHFSrv        C:\WINDOWS\System32\BthHFSrv.dll
14:14:37.0086 0x0060  BthHFSrv - ok
14:14:37.0095 0x0060  [ EF4B9E7C9AD88C00C18A12B0D22D1894, 672537E75201E690D86CD65252B8AEF887C76EBD37AB0C419462D69164B350CC ] BTHMODEM        C:\WINDOWS\System32\drivers\bthmodem.sys
14:14:37.0133 0x0060  BTHMODEM - ok
14:14:37.0168 0x0060  [ 043A0F37631BF453F16D478B71320F46, C368296B802984F438852927B8A40EA3F4205724A05828F3173F08EC17228356 ] bthserv         C:\WINDOWS\system32\bthserv.dll
14:14:37.0175 0x0060  bthserv - ok
14:14:37.0185 0x0060  [ 2FA6510E33F7DEFEC03658B74101A9B9, 61C8C8E3F09B427711464C974EE22E1E01C48E10DB54A4EC9901F482FC36C978 ] cdfs            C:\WINDOWS\system32\DRIVERS\cdfs.sys
14:14:37.0226 0x0060  cdfs - ok
14:14:37.0265 0x0060  [ C6796EA22B513E3457514D92DCDB1A3D, 2B893F3950C6B913B934C2089B69F3B0B77F229AE1820907E598455CBB78139C ] cdrom           C:\WINDOWS\System32\drivers\cdrom.sys
14:14:37.0280 0x0060  cdrom - ok
14:14:37.0294 0x0060  [ 41C0D7B1A6D4AD119BA6AC0487EA5C8E, 516C2B34BA7507D0DA4148B4ABC0A8C36286570D4EA5C60B28647B1249C15018 ] CertPropSvc     C:\WINDOWS\System32\certprop.dll
14:14:37.0303 0x0060  CertPropSvc - ok
14:14:37.0315 0x0060  [ BE9936EDD3267FAAFF94A7835867F00B, 3CEEF2377D45ED38C7CD3CE4C746EC5EA7277EFEC728A5438F0EF5F62FC7C859 ] circlass        C:\WINDOWS\System32\drivers\circlass.sys
14:14:37.0340 0x0060  circlass - ok
14:14:37.0366 0x0060  [ 8EB7E70C2D348FE2476A2E3F2D585E3D, 2B5D407FACF1D049261026CC552A7C93B028A661B0F4E959815EAE7670054127 ] CLFS            C:\WINDOWS\system32\drivers\CLFS.sys
14:14:37.0403 0x0060  CLFS - ok
14:14:37.0443 0x0060  [ 075CCE75090786F124573A788C8656E6, AA188CFF2F8EE2D9F50701AB2315D24E15D7715FD84F5054D3FC175D4BD35734 ] CLVirtualDrive  C:\WINDOWS\system32\DRIVERS\CLVirtualDrive.sys
14:14:37.0475 0x0060  CLVirtualDrive - ok
14:14:37.0495 0x0060  [ EF6EF85DADC3184A10D8F2F7159973CB, 42FCB286CED95A5DEBC5C0C894FCBC4818A2C818BB71087142FB51A08A0BE96B ] CmBatt          C:\WINDOWS\System32\drivers\CmBatt.sys
14:14:37.0531 0x0060  CmBatt - ok
14:14:37.0566 0x0060  [ 0DE32A0BB1FE2A773666572F79584520, C417C12476B937265BEDC9A2C3C3F6C50FD19AEC096362337B0921627A2A92EA ] CNG             C:\WINDOWS\system32\Drivers\cng.sys
14:14:37.0600 0x0060  CNG - ok
14:14:37.0607 0x0060  [ 03AAED827C36F35D70900558B8274905, 8E44A23C6013FFAE7769F99CAA3B1D6288DE00A38937F9056903AC265B503AFA ] CompositeBus    C:\WINDOWS\System32\drivers\CompositeBus.sys
14:14:37.0640 0x0060  CompositeBus - ok
14:14:37.0642 0x0060  COMSysApp - ok
14:14:37.0663 0x0060  [ A1FF7DFBFBE164CF92603C651D304DD2, 470ACE5A75E64FC62C950037201199857E974803625DC73BEDBCF6FA4DDD496C ] condrv          C:\WINDOWS\system32\drivers\condrv.sys
14:14:37.0696 0x0060  condrv - ok
14:14:37.0720 0x0060  [ 6324F0D18FB52833BA64BC828E29054C, 04118FA1BDFC512F76E4A81FEF34C78B6BD98429DB1D65123B6802B4A1E30584 ] CryptSvc        C:\WINDOWS\system32\cryptsvc.dll
14:14:37.0729 0x0060  CryptSvc - ok
14:14:37.0735 0x0060  [ 315BA4BC19316D72B2E037534E048B93, 69613635DB23E6A935673B1025C2010ED3E195473D25368CF74234C4C36910BE ] dam             C:\WINDOWS\system32\drivers\dam.sys
14:14:37.0764 0x0060  dam - ok
14:14:37.0804 0x0060  [ A6F17C299A03BAFEFB9257C462A19E00, EB68967D28355271897166D7B6FD963D1E546D3C24AE1AEAAC561F94357A9345 ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
14:14:37.0823 0x0060  DcomLaunch - ok
14:14:37.0860 0x0060  [ 95E1ABFB27F8A62ED764805775F0D2F3, 692865DA60C93481E01592883678B2C51FD9AC9A835DFB00A8E3F2DFEE7AB0ED ] defragsvc       C:\WINDOWS\System32\defragsvc.dll
14:14:37.0888 0x0060  defragsvc - ok
14:14:37.0909 0x0060  [ FF086DEF5995558CCB1B5AAC2110195D, CED52FF01F9247BFDAFC5C7EFC538F8638146ED715574A422496EE0F846CB079 ] DeviceAssociationService C:\WINDOWS\system32\das.dll
14:14:37.0921 0x0060  DeviceAssociationService - ok
14:14:37.0936 0x0060  [ 2C02AFF8383D893F8DBEB07A84F6E77C, 7CC34BAC67E2988E3D16DD6EB6F6785CD2460E3EF7FBD0BD5F86E49793BD473E ] DeviceInstall   C:\WINDOWS\system32\umpnpmgr.dll
14:14:37.0947 0x0060  DeviceInstall - ok
14:14:37.0962 0x0060  [ A03F362C5557E238CBFA914689C77248, BAD0A1124E6A384C15028FBE121ADF650F7716442555AD3737B9EA1F58A69246 ] Dfsc            C:\WINDOWS\system32\Drivers\dfsc.sys
14:14:37.0985 0x0060  Dfsc - ok
14:14:38.0048 0x0060  [ 3EEAADA3125431980E5804ED7143458A, 381E12C83E3211C255B321D35536F4049D67E31061F8D82155E4D4509E97F43D ] Dhcp            C:\WINDOWS\system32\dhcpcore.dll
14:14:38.0070 0x0060  Dhcp - ok
14:14:38.0111 0x0060  [ 21EDAD8188372C912B7BB9B1C6CB0D38, 4A102745DE8A2A82D2C069B30503BF9FF2312A035A82854F84EF9C27E3533CEE ] DiagTrack       C:\WINDOWS\system32\diagtrack.dll
14:14:38.0140 0x0060  DiagTrack - ok
14:14:38.0150 0x0060  [ 4D40C9B33F738797CF50E77CB7C53E85, 7BA341342A47DEB15B51971C97A5237ACD8BDAD9033F63DF0000892BE43F8E13 ] disk            C:\WINDOWS\system32\drivers\disk.sys
14:14:38.0184 0x0060  disk - ok
14:14:38.0252 0x0060  [ EB70A894708D1BC176AFD690FF06085F, 0DD2A97F5E1B38D1F7C0D44E50F09EA222B18B3B074CC9C8CD25A7526CB1A112 ] dmvsc           C:\WINDOWS\System32\drivers\dmvsc.sys
14:14:38.0292 0x0060  dmvsc - ok
14:14:38.0334 0x0060  [ 33ADFB7453BF3271463712C4BCE61AD1, A1DB30F874BA7B2C4C653494D70B46B94BF7D39D0DD8559F6CA7A14B676FD617 ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
14:14:38.0351 0x0060  Dnscache - ok
14:14:38.0379 0x0060  [ 811EACBCC7C51A03AE11F13CC27B2AB6, FAB94F84950FFB7D3649BAFB8D96D43B880D7FDE8D5B879472AE26C4BC4203B0 ] dot3svc         C:\WINDOWS\System32\dot3svc.dll
14:14:38.0395 0x0060  dot3svc - ok
14:14:38.0413 0x0060  [ B99CB575986789A93A683DCF292A43A1, 6ACEA31C723B74003E106FC8303542FCC6DBC4952B6B523F6590D006BE57238D ] DPS             C:\WINDOWS\system32\dps.dll
14:14:38.0424 0x0060  DPS - ok
14:14:38.0438 0x0060  [ 00C594D5A1DBD22AD8B2902B9F6EFF94, 2920D62B5F7C49A8AFA80FCAD1E834BBAA670AEBDD7E6F21F0496D1D3CCB4E90 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
14:14:38.0464 0x0060  drmkaud - ok
14:14:38.0496 0x0060  [ 263625A4F616538EB867B6306A6590DB, 2A064720C247EAA3446EFDCC9E01D84CBA875905D78DFED0FBD62D1EE422D416 ] DsmSvc          C:\WINDOWS\System32\DeviceSetupManager.dll
14:14:38.0507 0x0060  DsmSvc - ok
14:14:38.0526 0x0060  [ 679FF716052109392D870F6A6C4A3535, BEF1784448CCA4AF1D67ED68BD0C7CFE01A7719E98CACF92C2DCBFAA916DC57E ] dtlitescsibus   C:\WINDOWS\System32\drivers\dtlitescsibus.sys
14:14:38.0552 0x0060  dtlitescsibus - ok
14:14:38.0571 0x0060  [ C0CF632820DB5F283562E049D929AE49, 37DB5892568FE908BADBF96F41B2EB411FC990BB68DB50800206069ECC517A3C ] dtliteusbbus    C:\WINDOWS\System32\drivers\dtliteusbbus.sys
14:14:38.0596 0x0060  dtliteusbbus - ok
14:14:38.0643 0x0060  [ E1BB0B6F00F470B451AB45EA13EBA0B3, 3A2FC2175B69A5EB98D6C2D563DBFDCB320647AB87A14E47FAE800423DCACDAB ] DXGKrnl         C:\WINDOWS\System32\drivers\dxgkrnl.sys
14:14:38.0691 0x0060  DXGKrnl - ok
14:14:38.0732 0x0060  [ E253530BD5EDE28F1FF6AF93C4D8034D, 787A70C3E946348F066FB8EB81FCE60157217D93FD78ADC631B5835E8D76A253 ] Eaphost         C:\WINDOWS\System32\eapsvc.dll
14:14:38.0754 0x0060  Eaphost - ok
14:14:38.0820 0x0060  [ 114BCFDF367FF37C3F1B0A96AF542E4D, D385BC1D91BC1406091C8C3691C07A90BD60EDE05B1384E5AA3506FCB909C857 ] ebdrv           C:\WINDOWS\system32\drivers\evbda.sys
14:14:38.0879 0x0060  ebdrv - ok
14:14:38.0893 0x0060  [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] EFS             C:\WINDOWS\System32\lsass.exe
14:14:38.0901 0x0060  EFS - ok
14:14:38.0914 0x0060  [ 43531A5993380CC5113242C29D265FD9, EE0076D96F7F3CF29884AC7A67C08A429115A7201354A1FB5DE45FD63ABB4960 ] EhStorClass     C:\WINDOWS\system32\drivers\EhStorClass.sys
14:14:38.0942 0x0060  EhStorClass - ok
14:14:38.0959 0x0060  [ 6F8E738A9505A388B1157FDDE7B3101B, 3696CA634102B41EEA11EB9DCA0B24439D8636AED4A7190C138C5E64A2EFB514 ] EhStorTcgDrv    C:\WINDOWS\system32\drivers\EhStorTcgDrv.sys
14:14:38.0987 0x0060  EhStorTcgDrv - ok
14:14:39.0005 0x0060  [ DFFFAE1442BA4076E18EED5E406FA0D3, 329FC6FB8D14BEACDBE2A5D4C496EDEA485E838B1DF27566E278F8F8E0D8E82E ] ErrDev          C:\WINDOWS\System32\drivers\errdev.sys
14:14:39.0032 0x0060  ErrDev - ok
14:14:39.0108 0x0060  [ F00C593994D57C75273F820653440536, 2DC986D9890EC907405FB2045E6F55ACC384169B45F0B56CCB1A953CF71D9A5D ] EventSystem     C:\WINDOWS\system32\es.dll
14:14:39.0130 0x0060  EventSystem - ok
14:14:39.0152 0x0060  [ 7729D294A555C7AEB281ED8E4D0E01E4, 7269E79D72CCE477AC108294D0DDFB59CF533B03C587599C5AB0507C43A0B6D4 ] exfat           C:\WINDOWS\system32\drivers\exfat.sys
14:14:39.0184 0x0060  exfat - ok
14:14:39.0202 0x0060  [ 7C4E0D5900B2A1D11EDD626D6DDB937B, 732F310F8F6016C56F432A81636B13CE0124A802FE8DD91287B618EED22C9A1D ] fastfat         C:\WINDOWS\system32\drivers\fastfat.sys
14:14:39.0234 0x0060  fastfat - ok
14:14:39.0262 0x141c  Object required for P2P: [ 501E11AE85EE28D305D228F5931AC76C ] avast! Antivirus
14:14:39.0268 0x0060  [ 304B6AEC4639A7CCCCF544C6BA6177B2, B75CDD52FD3890B3008E06C503945D1E36478F0EC5E067C8DBC2822D7935D24B ] Fax             C:\WINDOWS\system32\fxssvc.exe
14:14:39.0300 0x0060  Fax - ok
14:14:39.0310 0x0060  [ 5D8402613E778B3BD45E687A8372710B, EE9EA10805168D309A609B9019AEC5961EE46D18207B5E0EA2DE4064A5770AF8 ] fdc             C:\WINDOWS\System32\drivers\fdc.sys
14:14:39.0342 0x0060  fdc - ok
14:14:39.0365 0x0060  [ 020D2F29009F893ADEFF4405B4B44565, 9F8501064C72933D1442DA00E70392B30D0207EB7D60F50E6648FF363799E6F1 ] fdPHost         C:\WINDOWS\system32\fdPHost.dll
14:14:39.0372 0x0060  fdPHost - ok
14:14:39.0384 0x0060  [ E80D2EDD2F88B6E20076A0A4F5A5A245, E3CD6E0BE152B22E8A7340EFFD10CCDB1B632CD3EDF487E83F697D2E22A7D594 ] FDResPub        C:\WINDOWS\system32\fdrespub.dll
14:14:39.0392 0x0060  FDResPub - ok
14:14:39.0410 0x0060  [ 47AB7D16EDE434B934AA4D661456C2D5, D375A92FB3E4BB0A8DA5270DACC888E53FB9F514516039FE6DAE4D4EF6B9A970 ] fhsvc           C:\WINDOWS\system32\fhsvc.dll
14:14:39.0419 0x0060  fhsvc - ok
14:14:39.0432 0x0060  [ BCFD8B149B3ADF92D0DB1E909CAF0265, 002B085C131473642450176B4B8359F3E5B04350AFB659B9C0F9EB587D1181E7 ] FileInfo        C:\WINDOWS\system32\drivers\fileinfo.sys
14:14:39.0466 0x0060  FileInfo - ok
14:14:39.0484 0x0060  [ A1A66C4FDAFD6B0289523232AFB7D8AF, 0F5832F626BB62190D5F3A088CE6E048D8A400CCF9EA527F06973CAD96D3A81C ] Filetrace       C:\WINDOWS\system32\drivers\filetrace.sys
14:14:39.0516 0x0060  Filetrace - ok
14:14:39.0531 0x0060  [ BE743083CF7063C486A4398E3AEFE59A, 85796D89943DD6FE3932C1ED6CF01470C1B4DFD243C390B07055FFDA3C231551 ] flpydisk        C:\WINDOWS\System32\drivers\flpydisk.sys
14:14:39.0562 0x0060  flpydisk - ok
14:14:39.0594 0x0060  [ C1FB505A73FA2E9019D32444AB33B75A, 765F0635C18295855CA4C0394192E8B94BA2EA1C4D74F86B720358ABA019FFAA ] FltMgr          C:\WINDOWS\system32\drivers\fltmgr.sys
14:14:39.0633 0x0060  FltMgr - ok
14:14:39.0694 0x0060  [ 2F225BC85B84C04EA01BAB8D8DACFA83, 1F6E20C8F0FFD3FA60BDF556FB8392FE014E6519C3F314D1D22D394DB2A040CA ] FontCache       C:\WINDOWS\system32\FntCache.dll
14:14:39.0720 0x0060  FontCache - ok
14:14:39.0801 0x0060  [ 1C52387BF5A127F5F3BFB31288F30D93, 90D13F60170CD74304F3036A90D596AA3E1E134455A780310BDF67AC7815F2E7 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
14:14:39.0814 0x0060  FontCache3.0.0.0 - ok
14:14:39.0847 0x0060  [ A7C31B168F371E8E6796219F23E354DB, C51C9BF568F1E96CBBE57D2432B38F93F40520086DDB6AAAAC48CBCD1691B441 ] FsDepends       C:\WINDOWS\system32\drivers\FsDepends.sys
14:14:39.0914 0x0060  FsDepends - ok
14:14:39.0940 0x0060  [ 09F460AFEDCA03F3BF6E07D1CCC9AC42, B832091BC9B2C2FE38A4BCA132ABB58251E851F21EC6F39636E73777AB9A5791 ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
14:14:39.0963 0x0060  Fs_Rec - ok
14:14:40.0006 0x0060  [ F152D55E497E12256290C43B31C7D0CE, FFC54B14CCFBC1548948C07FB3866E40A11D0C05AC352BD000E71CEF053F6A6E ] fvevol          C:\WINDOWS\system32\DRIVERS\fvevol.sys
14:14:40.0070 0x0060  fvevol - ok
14:14:40.0087 0x0060  [ 9591D0B9351ED489EAFD9D1CE52A8015, AC64C236C3AE545FCE8ED44A4A87FB86265A453BA60026EC9A4DE2B631E99996 ] FxPPM           C:\WINDOWS\System32\drivers\fxppm.sys
14:14:40.0116 0x0060  FxPPM - ok
14:14:40.0138 0x0060  [ FC3EF65EE20D39F8749C2218DBA681CA, 12980F1DE99B25E6920A33556F3ABDA5EC9BFE4757BE602130B5E939D8D25CE3 ] gagp30kx        C:\WINDOWS\system32\drivers\gagp30kx.sys
14:14:40.0151 0x0060  gagp30kx - ok
14:14:40.0190 0x0060  [ 8E98D21EE06192492A5671A6144D092F, B8F656B34D361EA5AFB47F3A67AB2221580DADA59C8CD0CB83181E4AD8B562B4 ] GEARAspiWDM     C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
14:14:40.0217 0x0060  GEARAspiWDM - ok
14:14:40.0275 0x0060  [ 0BF5CAD281E25F1418E5B8875DC5ADD1, 0929AD8437DD78234553D8B2CDF0D6838FD54ACDE1918AFEBE48684EB32A07A3 ] gencounter      C:\WINDOWS\System32\drivers\vmgencounter.sys
14:14:40.0287 0x0060  gencounter - ok
14:14:40.0356 0x0060  [ C5FA929A389F11330C780C1E97EF0740, A83EAD4A2F4DB236CC569CCAD619021C1E011CD70DEE249FE8594E8822640BBF ] GfExperienceService C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
14:14:40.0377 0x0060  GfExperienceService - ok
14:14:40.0413 0x0060  [ 8DF1254093B5C354CE725EB6B9B0DE19, DE6C5661CC076DA44B8A5D044FDB7280EDCF38D322A98C14FDC82E25586B3014 ] GPIOClx0101     C:\WINDOWS\system32\Drivers\msgpioclx.sys
14:14:40.0428 0x0060  GPIOClx0101 - ok
14:14:40.0497 0x0060  [ 0D03F87D4FF4ADBAF8336DD80548155A, BC10CFA88EA2F41A8D96CB810B7953A4C168B79273A3E804A9F020F49AB58CD3 ] gpsvc           C:\WINDOWS\System32\gpsvc.dll
14:14:40.0523 0x0060  gpsvc - ok
14:14:40.0538 0x0060  [ D4B7ED39C7900384D9E5C1283F1E7926, F93F98858067B40F1C071EAD0F8E85442A78B95342BC692AF4D726540634923F ] HDAudBus        C:\WINDOWS\System32\drivers\HDAudBus.sys
14:14:40.0574 0x0060  HDAudBus - ok
14:14:40.0595 0x0060  [ 10A70BC1871CD955D85CD88372724906, 2480A74854D0A89FF028EE9BA41224D4B2F9B0863066BFC43097920794FEE08D ] HidBatt         C:\WINDOWS\System32\drivers\HidBatt.sys
14:14:40.0650 0x0060  HidBatt - ok
14:14:40.0682 0x0060  [ 42F88B57CAE42FC10059C887B3FCFCEA, 9363AA2B8E839A6935A7C6A36C491938DF78024886DCCE6D29CB18E1D6A6D806 ] HidBth          C:\WINDOWS\System32\drivers\hidbth.sys
14:14:40.0728 0x0060  HidBth - ok
14:14:40.0732 0x0060  [ C241A8BAFBBFC90176EA0F5240EACC17, 571E20B87818618BE9179986177D55739A240F04D1F740B3C1B7809B9427B767 ] hidi2c          C:\WINDOWS\System32\drivers\hidi2c.sys
14:14:40.0768 0x0060  hidi2c - ok
14:14:40.0781 0x0060  [ 9BDDEE26255421017E161CCB9D5EDA95, B766FD5E31708F29384F69418FC33C4BCC6E3064AA553D5B1D30EE0B8B1BFB40 ] HidIr           C:\WINDOWS\System32\drivers\hidir.sys
14:14:40.0820 0x0060  HidIr - ok
14:14:40.0887 0x0060  [ EA85B5093DF7B5C3E80362B053740AE2, 1D4251385402A2ADEE8FA1642F54180304F88337DA74989BDE44025ABB145FE5 ] hidserv         C:\WINDOWS\system32\hidserv.dll
14:14:40.0907 0x0060  hidserv - ok
14:14:40.0913 0x0060  [ 8DB8EAB9D0C6A5DF0BDCADEA239220B4, EDA23E6909EB83E5E148816DFB16CC29EA01BD6BD2F73AA46B3D820B85FB9C83 ] HidUsb          C:\WINDOWS\System32\drivers\hidusb.sys
14:14:40.0939 0x0060  HidUsb - ok
14:14:40.0964 0x0060  [ 93C4315F47F8D635C6DB0DF49FCE10EE, 70C52B8927D54ACD23F27948780B522974250FD5CD81AA9801C3F158C402889F ] hkmsvc          C:\WINDOWS\system32\kmsvc.dll
14:14:40.0973 0x0060  hkmsvc - ok
14:14:40.0995 0x0060  [ AC49522ED106BD4B545D6614D71C2445, 40BD738A301170378ECFC031635EB04E2F812B676376CADDD6607ECABEC9255F ] HomeGroupListener C:\WINDOWS\system32\ListSvc.dll
14:14:41.0006 0x0060  HomeGroupListener - ok
14:14:41.0045 0x0060  [ 99932E30CE0283B73BB6E5019E150394, 1F88C2F56A7B8E1F75E6359281F418F9661DA4FB7B7D7B14FA7F718B15D4DCE0 ] HomeGroupProvider C:\WINDOWS\system32\provsvc.dll
14:14:41.0059 0x0060  HomeGroupProvider - ok
14:14:41.0141 0x0060  [ E1C037A7E05FD39E6C1AF93CEEFDC53A, D20B056BE5CEB5D471170D6627157D8848376FF319BFE12C7331B0F2C0EBB4A4 ] HP Support Assistant Service C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
14:14:41.0148 0x0060  HP Support Assistant Service - detected UnsignedFile.Multi.Generic ( 1 )
14:14:41.0696 0x141c  Object send P2P result: true
14:14:43.0659 0x0060  HP Support Assistant Service ( UnsignedFile.Multi.Generic ) - warning
14:14:52.0054 0x0060  [ E2550FBBBA31E2D4F9757E0A533689F0, 0AE6B0D89E74E57F87A6431D005BFF4213AC4C98A74A7C796894FC2A8D42E0DD ] HPConnectedRemote c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe
14:14:52.0066 0x0060  HPConnectedRemote - ok
14:14:52.0112 0x0060  [ 9B7EDD3FE7C211C36E921D34D18A3A0A, 03A450F85A042F9668D1560FA2B8B89783568C87CDB1A8685CDA2AC9FE3761C3 ] hpqwmiex        C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
14:14:52.0130 0x0060  hpqwmiex - ok
14:14:52.0143 0x0060  [ A6AACEA4C785789BDA5912AD1FEDA80D, D197012A5DA6AB3F76FF298336DF0CF027C07ECC71267BAEF5912DE12893E096 ] HpSAMD          C:\WINDOWS\system32\drivers\HpSAMD.sys
14:14:52.0172 0x0060  HpSAMD - ok
14:14:52.0213 0x0060  [ E87A6D3B8FECD5B93BC0CFBB48C27970, 55C49B6F3822450447C082B40A263F3370694DB53AD0018ADEB911E4A9F65A88 ] HTTP            C:\WINDOWS\system32\drivers\HTTP.sys
14:14:52.0265 0x0060  HTTP - ok
14:14:52.0281 0x0060  [ 90656C0B3864804B090434EFC582404F, BDB60050B729AACB9E009AC7129BEBD6298BBD8A9DB14B817D02E8E13669BD6E ] hwpolicy        C:\WINDOWS\system32\drivers\hwpolicy.sys
14:14:52.0312 0x0060  hwpolicy - ok
14:14:52.0336 0x0060  [ 6D6F9E3BF0484967E52F7E846BFF1CA1, C982966BDE6A3E6773D9441ADA7A3B08D13511DFC68D04DF303248B942423F38 ] hyperkbd        C:\WINDOWS\System32\drivers\hyperkbd.sys
14:14:52.0348 0x0060  hyperkbd - ok
14:14:52.0355 0x0060  [ 907C870F8C31F8DDD6F090857B46AB25, 308664A31717383D06185875E76C6612407A9F04E7DB28404F574A5706C6715D ] HyperVideo      C:\WINDOWS\system32\DRIVERS\HyperVideo.sys
14:14:52.0386 0x0060  HyperVideo - ok
14:14:52.0423 0x0060  [ 49EE0AE9E5B64FFBBD06D55C4984B598, 8866627F9241B24A59C81D8BCC67A4DCA87576F589599BA291D0E323F679EB4D ] i8042prt        C:\WINDOWS\System32\drivers\i8042prt.sys
14:14:52.0438 0x0060  i8042prt - ok
14:14:52.0448 0x0060  [ 5D90E32E36CE5D4C535D17CE08AEAF05, 976A463343E8C8308AFBE9E64DF56C430D2241DE002430D00318AB065EB72E4A ] iaLPSSi_GPIO    C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys
14:14:52.0472 0x0060  iaLPSSi_GPIO - ok
14:14:52.0493 0x0060  [ DD05E7E80F52ADE9AEB292819920F32C, E71AB6A50B0F90C8F94569CE89F66F915A0A4A00D4AC091B2E5E750D88CFC334 ] iaLPSSi_I2C     C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys
14:14:52.0520 0x0060  iaLPSSi_I2C - ok
14:14:52.0544 0x0060  [ 08BFE413B0B4AA8DFA4B5684CE06D3DC, 95DEEBB203E12EE6E191F5247A74C04AEC0E16DE981FADDC4D6C42EE41D8D079 ] iaStorAV        C:\WINDOWS\system32\drivers\iaStorAV.sys
14:14:52.0596 0x0060  iaStorAV - ok
14:14:52.0625 0x0060  [ A2200C3033FA4EF249FC096A7A7D02A2, 5819F5C2020DE2EEE339B0C08CD4B1E3490EAFBBEA1277CE649DB5A5150986B0 ] iaStorV         C:\WINDOWS\system32\drivers\iaStorV.sys
14:14:52.0646 0x0060  iaStorV - ok
14:14:52.0720 0x0060  [ DAF66902F08796F9C694901660E5A64A, F4A4764DED05980426BAB54AAF040BC27A39C80315F5161E8D0B4C7F694BD8E6 ] IDriverT        C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
14:14:52.0729 0x0060  IDriverT - detected UnsignedFile.Multi.Generic ( 1 )
14:14:55.0164 0x0060  Detect skipped due to KSN trusted
14:14:55.0164 0x0060  IDriverT - ok
14:14:55.0168 0x0060  IEEtwCollectorService - ok
14:14:55.0229 0x0060  [ AF8A43C376F83A4A1E7DA16461EDE114, EBA10519B074888355A4FC11D52FF1E6A52F88F754B7F1F9863A8313638645CB ] IKEEXT          C:\WINDOWS\System32\ikeext.dll
14:14:55.0257 0x0060  IKEEXT - ok
14:14:55.0296 0x0060  [ C99F8E90DE4B8F0C7FE15BB1CBCD29DC, F791EE101EEF8B9F48102B6C63A89B78F7C0041C750C4F4C0D16D54B583B7B5C ] Intel(R) Capability Licensing Service Interface c:\Program Files\Intel\iCLS Client\HeciServer.exe
14:14:55.0310 0x0060  Intel(R) Capability Licensing Service Interface - ok
14:14:55.0339 0x0060  [ 30E9FAC23E2537D82F2836CB81AEE186, 03E5072D43ECED70EF004D2E6E654B4CCCE059825CC3C641C0534E4C0BC0C7E8 ] Intel(R) ME Service C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
14:14:55.0345 0x0060  Intel(R) ME Service - ok
14:14:55.0361 0x0060  [ 4E448FCFFD00E8D657CD9E48D3E47157, 4A958CF0BF8DAEAE5E008500BA67CE89B21388592811274331EE39CAC1043A00 ] intelide        C:\WINDOWS\system32\drivers\intelide.sys
14:14:55.0422 0x0060  intelide - ok
14:14:55.0453 0x0060  [ A770340FC02B999EF0DE6C2A6BC8437C, 214567BE706B21BEA7EC13AF6B10FBFF658000511DBBA79BAA28D1D4EFD029A7 ] intelpep        C:\WINDOWS\system32\drivers\intelpep.sys
14:14:55.0479 0x0060  intelpep - ok
14:14:55.0498 0x0060  [ 47E74A8E53C7C24DCE38311E1451C1D9, 79B06E37A552C8A847404D4C572CDB8CF525354D8AE3BEBC06892B7C3B330761 ] intelppm        C:\WINDOWS\System32\drivers\intelppm.sys
14:14:55.0528 0x0060  intelppm - ok
14:14:55.0543 0x0060  [ 9DB76D7F9E4E53EFE5DD8C53DE837514, 07BA4EDA9BE9139A689A2C3EFC1D1A4F3D1216625ED145F313398292A2CD5703 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
14:14:55.0559 0x0060  IpFilterDriver - ok
14:14:55.0608 0x0060  [ A5800036E4EA06697A34742A24ACFBE1, BA67060526E9213000B4206F86A74F904999AD7018EFCBE4FE9708650DA9D973 ] iphlpsvc        C:\WINDOWS\System32\iphlpsvc.dll
14:14:55.0628 0x0060  iphlpsvc - ok
14:14:55.0642 0x0060  [ 9C096BF5E10CA8BFA56F32522A89FAF1, 6C1151160799338DA351C7237AB049926C6C15F24F5E154BBF5929B4A96C0B8D ] IPMIDRV         C:\WINDOWS\System32\drivers\IPMIDrv.sys
14:14:55.0675 0x0060  IPMIDRV - ok
14:14:55.0704 0x0060  [ B7342B3C58E91107F6E946A93D9D4EFD, D5DA3C02C5C5A343785745EF6983CC9B5FBD3FB8D49FE9B450523E50212D1A32 ] IPNAT           C:\WINDOWS\system32\drivers\ipnat.sys
14:14:55.0719 0x0060  IPNAT - ok
14:14:55.0766 0x0060  [ 043A93A498B3C4A88CACA3BCBC9B54C7, C08C5A03940806C6CB75ADDCBE6183145AD2AFE84D77BC85E620E7C1542F0893 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
14:14:55.0779 0x0060  iPod Service - ok
14:14:55.0788 0x0060  [ AE44C526AB5F8A487D941CEB57B10C97, A783A2EAF7A6FF450FB3F189A5930036FA60D125C42171AC44B6FE2E3DBD6F7A ] IRENUM          C:\WINDOWS\system32\drivers\irenum.sys
14:14:55.0830 0x0060  IRENUM - ok
14:14:55.0847 0x0060  [ 8AFEEA3955AA43616A60F133B1D25F21, E99359A4F1D653790133F145CF7C9F97399FD75C5E135AA7E5F989BB660789AF ] isapnp          C:\WINDOWS\system32\drivers\isapnp.sys
14:14:55.0859 0x0060  isapnp - ok
14:14:55.0874 0x0060  [ D90AB68D0FAC9F357F663670FDBB511E, A82AAA5DF1B38EFBDCF834535A0C520D1BB2D7A4A906C18CFDD22BCF16BDB97D ] iScsiPrt        C:\WINDOWS\System32\drivers\msiscsi.sys
14:14:55.0909 0x0060  iScsiPrt - ok
14:14:55.0933 0x0060  [ 3C4002D339491AF73D663FFC7F6E5ECB, 0B53047989BDB781572253BC3AA757912FE54366870C1955E687972CE210C285 ] jhi_service     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
14:14:55.0939 0x0060  jhi_service - ok
14:14:55.0953 0x0060  [ 5917AFE4A3F695A54B99C1849C8207FE, DD57638966F2F0387DCF9DA4BBAEE3CDD8CC6F1A2D49581A0374D46A565BED4F ] kbdclass        C:\WINDOWS\System32\drivers\kbdclass.sys
14:14:55.0990 0x0060  kbdclass - ok
14:14:56.0010 0x0060  [ 8CD840A062F6BDF41DDE3ACB96164B72, AEAE867F3557C1CE6B931E19D7144A3BD3CBABD81B1542667680D54FC24DEBE1 ] kbdhid          C:\WINDOWS\System32\drivers\kbdhid.sys
14:14:56.0043 0x0060  kbdhid - ok
14:14:56.0066 0x0060  [ 813871C7D402A05F2E3A7075F9584A05, FF0C2F87EB083F8CE74C679D80C845CDFBFBBC70BE818F899F3336BBB54A3FFB ] kdnic           C:\WINDOWS\system32\DRIVERS\kdnic.sys
14:14:56.0095 0x0060  kdnic - ok
14:14:56.0115 0x0060  [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] KeyIso          C:\WINDOWS\system32\lsass.exe
14:14:56.0123 0x0060  KeyIso - ok
14:14:56.0136 0x0060  [ 4E829B18D5BAEC29893792A3C671A847, 64C3B99F53A9D1ACA802B46B09E820AD210B667D5A1CD0ADAF1F12944B15B52E ] KSecDD          C:\WINDOWS\system32\Drivers\ksecdd.sys
14:14:56.0157 0x0060  KSecDD - ok
14:14:56.0195 0x0060  [ 35C19AF2116F67914712D7C4CBE47B8C, 5F976726880A6E51D7ABFA7E3EF7294C6FB7F383DC5710A2C2EC8DD26DAEC204 ] KSecPkg         C:\WINDOWS\system32\Drivers\ksecpkg.sys
14:14:56.0225 0x0060  KSecPkg - ok
14:14:56.0238 0x0060  [ 11AFB527AA370B1DAFD5C36F35F6D45F, 757AD234284467ADB826F7CA0251F58D48866B91995BC867DEA4BAF676947163 ] ksthunk         C:\WINDOWS\system32\drivers\ksthunk.sys
14:14:56.0271 0x0060  ksthunk - ok
14:14:56.0297 0x0060  [ C1591A66028C71147A3E2EAB0B1CCB7E, 82F3D5DCC1614398A144D9791E4BAA814DBA9112677341FD57D5E9834CEDEB41 ] KtmRm           C:\WINDOWS\system32\msdtckrm.dll
14:14:56.0311 0x0060  KtmRm - ok
14:14:56.0325 0x0060  [ CA2828DDE4B09FEFFDB7CE68B3D8D00A, B514792FF1EF36C678BB51644A1C420105D5E2CD6DD5A89A3FB252D08277A40C ] LanmanServer    C:\WINDOWS\system32\srvsvc.dll
14:14:56.0338 0x0060  LanmanServer - ok
14:14:56.0354 0x0060  [ 3DBD9100745F9B8506B8FEC6FE6CCDE3, C3EF2856A1680AFDE133887E48946CF9CAB6755C3BDC07F0326965DCD4096F62 ] LanmanWorkstation C:\WINDOWS\System32\wkssvc.dll
14:14:56.0367 0x0060  LanmanWorkstation - ok
14:14:56.0401 0x0060  [ 8B9F3796EC1762CF255BDB324E5529C8, F73D6BEF19BE20AEB18DA82CB63E9D8B50ACBBE4ED9B646EF0C9F598F6B81F94 ] lfsvc           C:\WINDOWS\System32\GeofenceMonitorService.dll
14:14:56.0415 0x0060  lfsvc - ok
14:14:56.0430 0x0060  [ C09010B3680860131631F53E8FE7BAD8, 35F2A06D5F29478D22ABDCC20DA893EF9D96504C65594A0CEA674D1C21B04FF8 ] lltdio          C:\WINDOWS\system32\DRIVERS\lltdio.sys
14:14:56.0466 0x0060  lltdio - ok
14:14:56.0492 0x0060  [ DAE98CC96C5EE308BF4EA7B18F226CB8, 7A6CC56BF075010707715AB6608764291E358EDF27C806A025532869004C686B ] lltdsvc         C:\WINDOWS\System32\lltdsvc.dll
14:14:56.0504 0x0060  lltdsvc - ok
14:14:56.0519 0x0060  [ 1E2662D847B7D9995C65D90D254A7E0F, AFD4063D2071FFCB6B0EAC0715276D986F42326919C86E525DCE12E1109A93E2 ] lmhosts         C:\WINDOWS\System32\lmhsvc.dll
14:14:56.0528 0x0060  lmhosts - ok
14:14:56.0536 0x0060  [ 4269D44BB47A6DA5D80B11F4C8536458, 7A8FFC8F851DD9E5C43986BE0888831CB71D188138DF3CF7F787DADDA70915B0 ] LMS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
14:14:56.0544 0x0060  LMS - ok
14:14:56.0557 0x0060  [ C755AE4635457AA2A11F79C0DF857ABC, E03D1ACAC155287291FE1BD0B653953ADC94279A74D0152088D698FAA796460F ] LSI_SAS         C:\WINDOWS\system32\drivers\lsi_sas.sys
14:14:56.0603 0x0060  LSI_SAS - ok
14:14:56.0622 0x0060  [ ADAC09CBE7A2040B7F68B5E5C9A75141, 7865DA7E91404F3642BC444B97F6B7AA42B9523D5EDD7F6365DA236B8EC3410F ] LSI_SAS2        C:\WINDOWS\system32\drivers\lsi_sas2.sys
14:14:56.0649 0x0060  LSI_SAS2 - ok
14:14:56.0671 0x0060  [ 04D1274BB9BBCCF12BD12374002AA191, 4B9618F8D25F2278DE1610A70ACAADB074D171D162C3AF27D464F5DC800A8E60 ] LSI_SAS3        C:\WINDOWS\system32\drivers\lsi_sas3.sys
14:14:56.0697 0x0060  LSI_SAS3 - ok
14:14:56.0717 0x0060  [ 327469EEF3833D0C584B7E88A76AEC0C, 3D88B5A2D68F93F01B39C6E3D8D5C7A2A20686EFC756086E66AFFF1BC3019B85 ] LSI_SSS         C:\WINDOWS\system32\drivers\lsi_sss.sys
14:14:56.0730 0x0060  LSI_SSS - ok
14:14:56.0807 0x0060  [ 9A7A7E45DAED2E8C2816716D8D28236A, C94787988826E546A8DC752BD6BE4EA7423DC3762B2D371DB297A63F865A95FF ] LSM             C:\WINDOWS\System32\lsm.dll
14:14:56.0825 0x0060  LSM - ok
14:14:56.0838 0x0060  [ DDEE191AB32DFC22C6465002ECDF5EE4, 190C3930A8449118F9FEDF43C482837EF1C255E6D67F9651156E66A1E2BC6553 ] luafv           C:\WINDOWS\system32\drivers\luafv.sys
14:14:56.0875 0x0060  luafv - ok
14:14:56.0899 0x0060  [ CFBC6C6D8A492697CABD1D353EE64933, DDAA844908324740C891EB8F08E2A8BB00457063B31C4A762745C1C2415FC12D ] MBAMProtector   C:\WINDOWS\system32\drivers\mbam.sys
14:14:56.0915 0x0060  MBAMProtector - ok
14:14:56.0968 0x0060  [ 40C126CB15FAB7D6C66490DCA9C1AED2, B32CEE2D2409232C245427D5E9647FDF59AF1D8AB5E8A98EE2D1F1314599FD14 ] MBAMService     C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
14:14:56.0992 0x0060  MBAMService - ok
14:14:57.0018 0x0060  [ 78488AF2AB2111D67B3C4044707A519B, 7AA71B9C4C7949A1A21F60EF7CCEDE0079794990696B60557B5DC86F4D47223A ] MBAMSwissArmy   C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
14:14:57.0075 0x0060  MBAMSwissArmy - ok
14:14:57.0099 0x0060  [ 08DECFCB9BA97786165A69AB1015BC30, EDC8C8447B57BD412E2DEBCA9B5B1B58C19D40105DC7CE9520DE214081696B05 ] MBAMWebAccessControl C:\WINDOWS\system32\drivers\mwac.sys
14:14:57.0120 0x0060  MBAMWebAccessControl - ok
14:14:57.0130 0x0060  [ EB5C03A070F30D64A6DF80E53B22F53F, 12051B6AEBDEE1E28F24364F25A52BA3A6E282ECF86D6290E34BD38E6D4E066D ] megasas         C:\WINDOWS\system32\drivers\megasas.sys
14:14:57.0157 0x0060  megasas - ok
14:14:57.0184 0x0060  [ F6F13533196DE7A582D422B0241E4363, B3CD9B08937AFFF12141B38634AF3A56F5AC5FF3EF03941802B9841DEC559469 ] megasr          C:\WINDOWS\system32\drivers\megasr.sys
14:14:57.0209 0x0060  megasr - ok
14:14:57.0242 0x0060  [ 772A1DEEDFDBC244183B5C805D1B7D85, 7D821B8DF1F174E5414FFDEAB5207DB687740E9842F7203600AEBA086945AFC9 ] MEIx64          C:\WINDOWS\System32\drivers\HECIx64.sys
14:14:57.0253 0x0060  MEIx64 - ok
14:14:57.0270 0x0060  [ 4C5179DB61B9E14BEC15CDC4B152B2E9, 9048BEC7AD6A3F4B640E99B1F0365AC9A46740B188758FBB2C160EF30AD6E64B ] MMCSS           C:\WINDOWS\system32\mmcss.dll
14:14:57.0279 0x0060  MMCSS - ok
14:14:57.0315 0x0060  [ 8B38C44F69259987C95135C9627E2378, E698B82D4EFFF56D66C7FC9866369BA5736FDBDBE2028CC421C51E70DEA74727 ] Modem           C:\WINDOWS\system32\drivers\modem.sys
14:14:57.0341 0x0060  Modem - ok
14:14:57.0357 0x0060  [ 601589000CC90F0DF8DA2CC254A3CCC9, D1238A386C41B6C368D9A44B7C112C943995B5403E2A5B4B7346B266DDB0C5A0 ] monitor         C:\WINDOWS\System32\drivers\monitor.sys
14:14:57.0369 0x0060  monitor - ok
14:14:57.0378 0x0060  [ 08374E4E5B8914DE6067CBA99F61E930, CBB1390D6523FC968BEDF78FD13699488621ACB2CD1DF55D1606316090548661 ] mouclass        C:\WINDOWS\System32\drivers\mouclass.sys
14:14:57.0389 0x0060  mouclass - ok
14:14:57.0427 0x0060  [ 5FCBAB60598AE119E02B4C27DE6B99EA, 36F30094F700DE41C293047ACB49ED1961DD927BEDAD8DFDAB7023D4D24CB0DE ] mouhid          C:\WINDOWS\System32\drivers\mouhid.sys
14:14:57.0463 0x0060  mouhid - ok
14:14:57.0480 0x0060  [ 9A788037D768809DFD677F4BA08A224A, E0686B3318F924E440ADA439D6671D44D3FF97C13D45C2E0A3A7B9E23DA38350 ] mountmgr        C:\WINDOWS\system32\drivers\mountmgr.sys
14:14:57.0494 0x0060  mountmgr - ok
14:14:57.0552 0x0060  [ 22A7042C70F90F8261840740DDBB5176, AD0075C97D2D7C568D5CFB1C3A02DCE3BC01941844A759B29CD4DE4AF2F5FC45 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
14:14:57.0559 0x0060  MozillaMaintenance - ok
14:14:57.0580 0x0060  [ 6FC047578785B0435F4E2660946D1ADC, 8AEA5659F01FC2F75160922C69622502DABA39F33CB90D5178DD679A1CDE617D ] mpsdrv          C:\WINDOWS\system32\drivers\mpsdrv.sys
14:14:57.0616 0x0060  mpsdrv - ok
14:14:57.0660 0x0060  [ C18AA14126ADC66478E8E962B2DFAA98, A6F8CE9D88D590DC083253004392572C3BD02C33433CD6C0D9117D2AA7171EEC ] MpsSvc          C:\WINDOWS\system32\mpssvc.dll
14:14:57.0679 0x0060  MpsSvc - ok
14:14:57.0719 0x0060  [ D2AC8F07995CE6CD18848C129435B481, 839B04116B49A757950E049150F6AADE41335914CC699ED73BE886BECAC39D36 ] MRxDAV          C:\WINDOWS\system32\drivers\mrxdav.sys
14:14:57.0771 0x0060  MRxDAV - ok
14:14:57.0817 0x0060  [ 61000E7155E92342D0D5338CE05D102A, BCFA1A82B9727040C496A84F42D4613B96EC445018BDFBF2E180889B1B561559 ] mrxsmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
14:14:57.0871 0x0060  mrxsmb - ok
14:14:57.0914 0x0060  [ BCBD64220AD85C26823453FF1DC3EFBD, 0245E3659E9135B9276F3CCFBEA0CEFFC4F4C0826F6D19B6329057620235F087 ] mrxsmb10        C:\WINDOWS\system32\DRIVERS\mrxsmb10.sys
14:14:57.0953 0x0060  mrxsmb10 - ok
14:14:57.0968 0x0060  [ B0A106352DEF6D52332EA39E00462EA7, 274422C1E172B673130944F2FF2A2D9A9A364CFFC02FD04DD7D6D45B34C5022A ] mrxsmb20        C:\WINDOWS\system32\DRIVERS\mrxsmb20.sys
14:14:58.0000 0x0060  mrxsmb20 - ok
14:14:58.0029 0x0060  [ F3C060444777A59FC63D920719E43CCD, 8766A2746E3DFB0749E902F458141269335CA6F0CEDCA3D5F8C204637C19E783 ] MsBridge        C:\WINDOWS\system32\DRIVERS\bridge.sys
14:14:58.0065 0x0060  MsBridge - ok
14:14:58.0087 0x0060  [ 915747E010A9414B069173284A9B93F4, 8A335C28FE1EF96DD71485877F2E86155D24B5614ACE05468F4B07E2ACD56331 ] MSDTC           C:\WINDOWS\System32\msdtc.exe
14:14:58.0097 0x0060  MSDTC - ok
14:14:58.0131 0x0060  [ D13329FBF8345B28AB30F44CC247DC08, 9C7EC2D4D65E6510EB5B9E61BB0D14F725D7E8FE98D65161C3971E43EF1AB6EB ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
14:14:58.0171 0x0060  Msfs - ok
14:14:58.0200 0x0060  [ C6B474E46F9E543B875981ED3FFE6ADD, E16687E52FB649C23D92159A1F036CB662202C1E58D961EECDAA528AA4FA669A ] msgpiowin32     C:\WINDOWS\System32\drivers\msgpiowin32.sys
14:14:58.0218 0x0060  msgpiowin32 - ok
14:14:58.0236 0x0060  [ 65C92EB9D08DB5C69F28C7FFD4E84E31, D709BA4723225321F665B1157A33A4AE230420752308EF535DA9A41CAC164628 ] mshidkmdf       C:\WINDOWS\System32\drivers\mshidkmdf.sys
14:14:58.0272 0x0060  mshidkmdf - ok
14:14:58.0295 0x0060  [ 52299F086AC2DAFD100DD5DC4A8614BA, B36BE0FC96798E5EB8C193C318970E3906961E3ABC3BFAAD73138C76D9A95B0B ] mshidumdf       C:\WINDOWS\System32\drivers\mshidumdf.sys
14:14:58.0343 0x0060  mshidumdf - ok
14:14:58.0362 0x0060  [ 36D92AF3343C3A3E57FEF11C449AEA4C, ECC85AA1E530DF55B4A4545798219F87F0FCA66DDD2E37BCEF0850D3C9129DD2 ] msisadrv        C:\WINDOWS\system32\drivers\msisadrv.sys
14:14:58.0394 0x0060  msisadrv - ok
14:14:58.0419 0x0060  [ 4EAEEBAC8CFF4E0D717DFA920BC58A90, A65CB1BB3392B6A04B978348CAC18A414560A6B04A727F22DFC0ADB20DD3AF6B ] MSiSCSI         C:\WINDOWS\system32\iscsiexe.dll
14:14:58.0433 0x0060  MSiSCSI - ok
14:14:58.0436 0x0060  msiserver - ok
14:14:58.0445 0x0060  [ A9BBBD2BAE6142253B9195E949AC2E8D, 599D2952D4E0B0B3E02D91E38A30F4900B1ADA330716B887B156A1CB9A3E6EE9 ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
14:14:58.0475 0x0060  MSKSSRV - ok
14:14:58.0496 0x0060  [ 51B3AC0560848CD6D65AC2033E293113, 73A27E88774C6929328E6C9FC9C389F4DF76D4D4D5CBFC4F51651CC308829628 ] MsLldp          C:\WINDOWS\system32\DRIVERS\mslldp.sys
14:14:58.0529 0x0060  MsLldp - ok
14:14:58.0551 0x0060  [ 7B2128EB875DCBC006E6A913211006D6, 97BBD7FF770741FBFC0F181A609AD0954EA926DA203B742E8F08C89AD8FE476E ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
14:14:58.0563 0x0060  MSPCLOCK - ok
14:14:58.0574 0x0060  [ 1E88171579B218115C7A772F8DE04BD8, B9EAA835D0BF8F9C4DF8403D95EF1400E8AE38F28F9DBA87657DE2129FEF02D2 ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
14:14:58.0604 0x0060  MSPQM - ok
14:14:58.0629 0x0060  [ BBE2A455053E63BECBF42C2F9B21FAE0, 7C5DF563499DF59DF9895A1581E47ADF5FD54C94ECEF6C886CDB60E5E95A6DAE ] MsRPC           C:\WINDOWS\system32\drivers\MsRPC.sys
14:14:58.0671 0x0060  MsRPC - ok
14:14:58.0691 0x0060  [ 8D6B7D515C5CBCDB75B928A0B73C3C5E, 1EB4DC3DD21D2627C78EC3F9931D9E5D033169087E43B5D7C17BF1FF2A0028CD ] mssmbios        C:\WINDOWS\System32\drivers\mssmbios.sys
14:14:58.0704 0x0060  mssmbios - ok
14:14:58.0710 0x0060  [ 115019AE01E0EB9C048530D2928AB4A2, 6E2275E85EACF2D0FC784792E0D72A165589D33CBAB3BCFA8E271CA09566C925 ] MSTEE           C:\WINDOWS\system32\drivers\MSTEE.sys
14:14:58.0741 0x0060  MSTEE - ok
14:14:58.0761 0x0060  [ 96D604A35070360F0DD4A7A8AF410B5E, F94DD1A3566C7C8D0A76D6E1E2530552A9B7F99C5DA0DE11829325EAB9F8B7ED ] MTConfig        C:\WINDOWS\System32\drivers\MTConfig.sys
14:14:58.0792 0x0060  MTConfig - ok
14:14:58.0818 0x0060  [ 619CA29326B82372621DB2C0964D8365, 4091F08E266DB45A6E33A4A8B1CE9FA78BB294B3111526AA9E3868620F30AFDF ] Mup             C:\WINDOWS\system32\Drivers\mup.sys
14:14:58.0830 0x0060  Mup - ok
14:14:58.0841 0x0060  [ B8C35C94DCB2DFEAF03BB42131F2F77F, F0FCF367CA8F722D6ABCF7F363CD406D890D71452E91C3FC6677B47AD74D6324 ] mvumis          C:\WINDOWS\system32\drivers\mvumis.sys
14:14:58.0894 0x0060  mvumis - ok
14:14:58.0931 0x0060  [ 8DF30698BDD9492A9D45A4B94FB4A82A, 26B1B2D7E785E29B8BCB74C467C66AE4EBDD481ACFF36334F3BDF4506B778244 ] napagent        C:\WINDOWS\system32\qagentRT.dll
14:14:58.0955 0x0060  napagent - ok
14:14:58.0986 0x0060  [ 008F7CED69FD5B30CBDE1E03C6F36A27, D4ADA7834C470B17A3CD976012DC5A511B32545B9F91D23D09A85722E0B75320 ] NativeWifiP     C:\WINDOWS\system32\DRIVERS\nwifi.sys
14:14:59.0009 0x0060  NativeWifiP - ok
14:14:59.0055 0x0060  [ BFCE1225D10619029E68946929CEB64C, 499F560331FFBA82E3D673B47F027FDAB7BEE4F2CB5B811D69E0218839F6E6A5 ] NcaSvc          C:\WINDOWS\System32\ncasvc.dll
14:14:59.0066 0x0060  NcaSvc - ok
14:14:59.0090 0x0060  [ 267C97373110B7AFD3B46DF60B6CBB85, CEBB99F71D47634BB9C04DF2836DF6B47F15B3073FEFC237F85526DF01E4E38B ] NcbService      C:\WINDOWS\System32\ncbservice.dll
14:14:59.0101 0x0060  NcbService - ok
14:14:59.0138 0x0060  [ 0813B71EAF097208DC76CE0605B48AF0, A93A2E6A8FB77B58AC4D580E6F8BF307A25BADC9493994F9BE235EBFB0E1DB22 ] NcdAutoSetup    C:\WINDOWS\System32\NcdAutoSetup.dll
14:14:59.0147 0x0060  NcdAutoSetup - ok
14:14:59.0181 0x0060  [ 97DC5967F65503213FD1F1B3E4A6F983, 3EC515856C7CE9B30032F963DC04190F66EE62402A819781DC45B7D088C84229 ] NDIS            C:\WINDOWS\system32\drivers\ndis.sys
14:14:59.0250 0x0060  NDIS - ok
14:14:59.0278 0x0060  [ 8CECC8DA55F3274181FD1EA28AD76664, 188112424CEF97FB926A0FB915260B803555A775DD2E1846725A9C8616300F42 ] NdisCap         C:\WINDOWS\system32\DRIVERS\ndiscap.sys
14:14:59.0313 0x0060  NdisCap - ok
14:14:59.0343 0x0060  [ 269882812E9A68FFF1AFE1283D428322, 50B99EBC42DA9B46A8C2C28C9BADCF58AE3079535CDD1227D0F5C86291C715FF ] NdisImPlatform  C:\WINDOWS\system32\DRIVERS\NdisImPlatform.sys
14:14:59.0394 0x0060  NdisImPlatform - ok
14:14:59.0410 0x0060  [ 82821F4EEC776B4CF11695A38F3ABA46, 23184F9D31E662855DC4D23EFE7C2FE00E5487D3762B6024704A5D8C87762E1C ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
14:14:59.0452 0x0060  NdisTapi - ok
14:14:59.0475 0x0060  [ B832B35055BA2B7B4181861FF94D8E59, 2E60E5D503E88D27E35ECFEE265D51328E93A9C7B9B931F86D9CBC947636BB00 ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
14:14:59.0494 0x0060  Ndisuio - ok
14:14:59.0520 0x0060  [ 1F58E48EF75F34C35D8E93A0DC535CFE, D65619A6C4B1747F8B05DA08A44EF0E46B5CC384880E04E4755A2BA6CDB3C4EA ] NdisVirtualBus  C:\WINDOWS\System32\drivers\NdisVirtualBus.sys
14:14:59.0552 0x0060  NdisVirtualBus - ok
14:14:59.0576 0x0060  [ DEC29080202D4F9F17F55E18BCFCC41A, F7E543741B1F4F637A99C40543D6AEC6EBF893F74359BBA769D1F882E0AFB571 ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
14:14:59.0600 0x0060  NdisWan - ok
14:14:59.0605 0x0060  [ DEC29080202D4F9F17F55E18BCFCC41A, F7E543741B1F4F637A99C40543D6AEC6EBF893F74359BBA769D1F882E0AFB571 ] NdisWanLegacy   C:\WINDOWS\system32\DRIVERS\ndiswan.sys
14:14:59.0622 0x0060  NdisWanLegacy - ok
14:14:59.0653 0x0060  [ DDD7F92A83F74D1476B71FBA9530A8DC, D3F94FC9F48854E09B0B77CE5E1C1DB948D54EAC63C5583437051BB893B5A386 ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
14:14:59.0696 0x0060  NDProxy - ok
14:14:59.0720 0x0060  [ 3083926D1CC5B56EA0786527B557DD1B, 3C3F0CA0D43398576DBE8F677B353ADDA7E8F56829874958CE668E31261C1590 ] Ndu             C:\WINDOWS\system32\drivers\Ndu.sys
14:14:59.0792 0x0060  Ndu - ok
14:14:59.0827 0x0060  [ EE00C544C025958AF50C7B199F3C8595, D774DB020D9C46D1AA0B2DB9FA2C36C4A9C38D904CC6929695321D32ACA0D4D1 ] Netaapl         C:\WINDOWS\system32\DRIVERS\netaapl64.sys
14:14:59.0832 0x0060  Netaapl - detected UnsignedFile.Multi.Generic ( 1 )
14:15:02.0175 0x0060  Detect skipped due to KSN trusted
14:15:02.0175 0x0060  Netaapl - ok
14:15:02.0210 0x0060  [ 42FF4975D032CAE558AE4BB8448F6E5A, 0B8FACF3382443DED79A8004A6AA14C32471A6A1C6BAA543AA9F3FEC52620A6D ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
14:15:02.0243 0x0060  NetBIOS - ok
14:15:02.0264 0x0060  [ 0217532E19A748F0E5D569307363D5FD, C40C2E7AFA276057E7327A7BB173122689D6CEC9AE443C3850C3F94AF03DFBF5 ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
14:15:02.0300 0x0060  NetBT - ok
14:15:02.0323 0x0060  [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] Netlogon        C:\WINDOWS\system32\lsass.exe
14:15:02.0331 0x0060  Netlogon - ok
14:15:02.0348 0x0060  [ 8F074B62E66B6117D9598C62A12069C5, 5FDB19045D3E2F6D0F0C5158AC2ECB0D5404CD2AF7A319755D7E3753CA3B7CF3 ] Netman          C:\WINDOWS\System32\netman.dll
14:15:02.0360 0x0060  Netman - ok
14:15:02.0396 0x0060  [ 4A04B1CD5BFB4A978C5F60E86D6C3E45, A946922C1C38ADD3CF9D3B09DDCC301AE4DAC960A081B2F42B32BE1E7095B3FD ] netprofm        C:\WINDOWS\System32\netprofmsvc.dll
14:15:02.0412 0x0060  netprofm - ok
14:15:02.0477 0x0060  [ 1092B3190E69E0C5ECBCE90F171DE047, C16106EEFC324EE80E5F659CB71A5DD69FA800D36D829F5B0E6AD3393BD1BAF7 ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:15:02.0485 0x0060  NetTcpPortSharing - ok
14:15:02.0508 0x0060  [ D4DCE03870314D3354F3501F9DDD4123, 5BFE8299B3F72B8C39A4965365CBF5BA151024451F02DD872FAD1CC35CF94CEA ] netvsc          C:\WINDOWS\System32\drivers\netvsc63.sys
14:15:02.0552 0x0060  netvsc - ok
14:15:02.0587 0x0060  [ E94EB2A95D7D016E119C4D6868788831, 3E4A925D23262FBA0A6432DD635FBE94B0CEF76BD9BB323254B66977497FEE2A ] NlaSvc          C:\WINDOWS\System32\nlasvc.dll
14:15:02.0606 0x0060  NlaSvc - ok
14:15:02.0616 0x0060  [ 8F44A2F57C9F1A19AC9C6288C10FB351, 310274DDBAC0FE4BE54ECD3B90C97D82A0F9F5CFCA7A35711A36164DE4B94074 ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
14:15:02.0659 0x0060  Npfs - ok
14:15:02.0690 0x0060  [ CBDB4F0871C88DF930FC0E8588CA67FC, 7E4AA3EA81A9D532F236FD7896744F07ED07CA9B37A9F18A9778BCCCC67490F2 ] npsvctrig       C:\WINDOWS\System32\drivers\npsvctrig.sys
14:15:02.0702 0x0060  npsvctrig - ok
14:15:02.0719 0x0060  [ 0F12A72A753CFD7FB0631EE8D08FE983, 860A96471F6CD90DDA9AB3A48E95CEAD826C87D2FA98A00EF91B61C44A4C8B82 ] nsi             C:\WINDOWS\system32\nsisvc.dll
14:15:02.0728 0x0060  nsi - ok
14:15:02.0739 0x0060  [ 0E046FF5823B95326D10CF1B4AF23541, 39D22715003746527AB4BFEDED8C34B695DAF589091AE7F3A2A2C4B8A35675A9 ] nsiproxy        C:\WINDOWS\system32\drivers\nsiproxy.sys
14:15:02.0770 0x0060  nsiproxy - ok
14:15:02.0833 0x0060  [ 9980B262DBE439AE6BDC91AA985F19EE, E998E4CAE9CD103ADA9CA3C737C4DAD017D056828BFA42A41C7B4E4E108FB13C ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
14:15:02.0917 0x0060  Ntfs - ok
14:15:02.0936 0x0060  [ EF1B290FC9F0E47CC0B537292BEE5904, DBC07BBC54EBC2D2E576B23A4CE116B3DA988577AD0D96CB7289A6748A60F9EA ] Null            C:\WINDOWS\system32\drivers\Null.sys
14:15:02.0962 0x0060  Null - ok
14:15:02.0986 0x0060  [ D812362E8AF615B521AD4DF19A93BD5A, B1F04122DFE9FCC3FC56BE327D86912D624C89F2EFB9684BE66FC22115D0E19F ] NVHDA           C:\WINDOWS\system32\drivers\nvhda64v.sys
14:15:02.0994 0x0060  NVHDA - ok
14:15:03.0223 0x0060  [ 96811ECB02AC97AEE6495B0CBE1662FB, B964795C9634441394347CC5E4F6F69D1746927058397D6812D795B1A48D041B ] nvlddmkm        C:\WINDOWS\system32\DRIVERS\nvlddmkm.sys
14:15:03.0389 0x0060  nvlddmkm - ok
14:15:03.0494 0x0060  [ 3D596244C1B93A506292DA07CC2B123F, 1604F8B4B89D599C1944E6FF9A0D35DDB1E34BAEC0315E23070180959644DCF2 ] NvNetworkService C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
14:15:03.0527 0x0060  NvNetworkService - ok
14:15:03.0542 0x0060  [ BC6B5942AFF25EBAF62DE43C3807EDF8, CB0FA194084B8C309039D571B5760FDA800E9531B8660C499B4F9977BA5C36D5 ] nvraid          C:\WINDOWS\system32\drivers\nvraid.sys
14:15:03.0581 0x0060  nvraid - ok
14:15:03.0605 0x0060  [ 1F43ABFFAC3D6CA356851D517392966E, 6FD7621F67BA94B0E1D8F43BEC2951DBCDEEA1E848BB265AC169E27C01DA68F2 ] nvstor          C:\WINDOWS\system32\drivers\nvstor.sys
14:15:03.0632 0x0060  nvstor - ok
14:15:03.0673 0x0060  [ 27DF221148B9C1A3EA8900D87ABC30F5, 904B4C99EB039C6D2474E30A0E03B700486BED61D226A1A5095BFF729B91C3F2 ] NvStreamKms     C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys
14:15:03.0701 0x0060  NvStreamKms - ok
14:15:03.0850 0x0060  [ 4B8F9A38BBE8ACCA6D48E253FFE2393A, 11D9ED3E3C5C3D544E83284E24A93632B9B5FF277639DF18046C0564FB838155 ] NvStreamNetworkSvc C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
14:15:03.0939 0x0060  NvStreamNetworkSvc - ok
14:15:03.0992 0x0060  [ 2035827FCA3BDF5F37A3B64C8D284176, B3CCCF3AEBBF1D5BC756EEA433CD06A7650294CA4FF09FBCD985085B4692B846 ] NvStreamSvc     C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
14:15:04.0031 0x0060  NvStreamSvc - ok
14:15:04.0086 0x0060  [ 6FEB9E059772EE875E3F63F39B9AB789, C0E3C8236A0D9AE2A6C0F0A498D59D4EEDB4570F8C014646B2C57B69E9BC8387 ] nvsvc           C:\WINDOWS\system32\nvvsvc.exe
14:15:04.0110 0x0060  nvsvc - ok
14:15:04.0128 0x0060  [ 64E8275CEAD43D3CA8E3A311B2F4B64A, 99E683890B9AF3243100B387317760B5F91745EF9F7FF2ABA2DC7B6551A6EAB6 ] nvvad_WaveExtensible C:\WINDOWS\system32\drivers\nvvad64v.sys
14:15:04.0140 0x0060  nvvad_WaveExtensible - ok
14:15:04.0155 0x0060  [ 6934A936A7369DFE37B7DBA93F5E5E49, 0900FEEB0CE8D09F0FC60630B5B986034A8BCD3882ED66E47170810C32492892 ] nv_agp          C:\WINDOWS\system32\drivers\nv_agp.sys
14:15:04.0169 0x0060  nv_agp - ok
14:15:04.0260 0x0060  [ EABD6FC38504B46913E2B1B739DAD185, A6225F8A939E6DA467777F85FAB02A218FB4B7ECDF68C34FE156E85BEA6E04BB ] Origin Client Service C:\Program Files (x86)\Origin\OriginClientService.exe
14:15:04.0292 0x0060  Origin Client Service - ok
14:15:04.0335 0x0060  [ 26657F3B4F39A0E64AF859278B599C4E, 3DD65E0BCEF3045DBA29FB8171CA3FCC9781AED3A1C7A160CF26388CE80A3683 ] p2pimsvc        C:\WINDOWS\system32\pnrpsvc.dll
14:15:04.0355 0x0060  p2pimsvc - ok
14:15:04.0384 0x0060  [ FD8F61F0D1F64BBB3D835F39A3F979C9, E5C5F86576488EA7F605E26C06EE5AFB36506A446F60C894D55E0A148BF7F02D ] p2psvc          C:\WINDOWS\system32\p2psvc.dll
14:15:04.0411 0x0060  p2psvc - ok
14:15:04.0427 0x0060  [ 764B1121867B2D9B31C491668AC72B2B, 32C04B6FCE1DDD09697B81473A23BDCED8BEEFBCD0D2D58DDC9A11A33C756967 ] Parport         C:\WINDOWS\System32\drivers\parport.sys
14:15:04.0453 0x0060  Parport - ok
14:15:04.0479 0x0060  [ BAFF6122CFC9F95CA175AD8C348179A4, 079A912D951DF6A57BC1BDB0D182977EE9592751EC9DDCDA2932BDEDB333850C ] partmgr         C:\WINDOWS\system32\drivers\partmgr.sys
14:15:04.0514 0x0060  partmgr - ok
14:15:04.0544 0x0060  [ ABE95ABE27A8BD9701782BBCD82C9925, AE3BA1E9ECDE692374D8DAC95A8DAA289DD2470E3D8D58EFAD9F83A37F3AC8E5 ] PcaSvc          C:\WINDOWS\System32\pcasvc.dll
14:15:04.0560 0x0060  PcaSvc - ok
14:15:04.0573 0x0060  [ 91ED124E261EA8FAA1C0FFDF2A71B0C4, 20E41A38067395D03184938983A9BE459717A1941352972DBC28D83D542319EC ] pci             C:\WINDOWS\system32\drivers\pci.sys
14:15:04.0591 0x0060  pci - ok
14:15:04.0602 0x0060  [ 346E38FCC6859A727DD28AFAD1F0AFF4, FF3DA26F79B3BC3A5B8A8AA0B9139B9EF70297F4EA1203B1E68FB5A212C3AA58 ] pciide          C:\WINDOWS\system32\drivers\pciide.sys
14:15:04.0633 0x0060  pciide - ok
14:15:04.0656 0x0060  [ 4D3BDCC1C7B40C9D7B6AD990E6DEC397, 27A7AF2127B699F4579CB77936F38DC102211E26E5E2947DB808756FE06FC98E ] pcmcia          C:\WINDOWS\system32\drivers\pcmcia.sys
14:15:04.0693 0x0060  pcmcia - ok
14:15:04.0714 0x0060  [ BF28771D1436C88BE1D297D3098B0F7D, 5F7630916A76A8CF31289E9C577F522B999C74C39E541CD40E62BD53004BEF74 ] pcw             C:\WINDOWS\system32\drivers\pcw.sys
14:15:04.0726 0x0060  pcw - ok
14:15:04.0743 0x0060  [ 24A8DFC07E4BAF29AEA26E383D4CC886, 1B903FE52CD816662D37A8113930B4B7019B6996D49F1982D8F42933A3525A67 ] pdc             C:\WINDOWS\system32\drivers\pdc.sys
14:15:04.0770 0x0060  pdc - ok
14:15:04.0772 0x0060  PDNMp50 - ok
14:15:04.0774 0x0060  PDNSp50 - ok
14:15:04.0814 0x0060  [ 0ECEE590F2E2EF969FB74A6FC583A1E6, 1C611D9225C863CF32125F684B324C58BDE1942F4F283F5674133200AC505D44 ] PEAUTH          C:\WINDOWS\system32\drivers\peauth.sys
14:15:04.0830 0x0060  PEAUTH - ok
14:15:04.0903 0x0060  [ 8E3C640FFF5A963F570233AE99C0FFF3, 3DE978B005BF2E88BA858CE37D9E27BD3584642B8412E22C300A1E739743838A ] PerfHost        C:\WINDOWS\SysWow64\perfhost.exe
14:15:04.0912 0x0060  PerfHost - ok
14:15:04.0986 0x0060  [ 70B39E7241F750A248798CE82C44596D, 54A72199EB277EE586611DCBC21654786FD2196F91D5884C4F531297893CC3EC ] pla             C:\WINDOWS\system32\pla.dll
14:15:05.0022 0x0060  pla - ok
14:15:05.0043 0x0060  [ 2C02AFF8383D893F8DBEB07A84F6E77C, 7CC34BAC67E2988E3D16DD6EB6F6785CD2460E3EF7FBD0BD5F86E49793BD473E ] PlugPlay        C:\WINDOWS\system32\umpnpmgr.dll
14:15:05.0055 0x0060  PlugPlay - ok
14:15:05.0070 0x0060  [ 4570F8A37D221660F3A09D6F4DD4BA94, 0EA190CFFA53DF9CCA2D53A4EF1BCB837BA3F2489A3AC5BD11F6D6ED811D118E ] PNRPAutoReg     C:\WINDOWS\system32\pnrpauto.dll
14:15:05.0079 0x0060  PNRPAutoReg - ok
14:15:05.0087 0x0060  [ 26657F3B4F39A0E64AF859278B599C4E, 3DD65E0BCEF3045DBA29FB8171CA3FCC9781AED3A1C7A160CF26388CE80A3683 ] PNRPsvc         C:\WINDOWS\system32\pnrpsvc.dll
14:15:05.0101 0x0060  PNRPsvc - ok
14:15:05.0130 0x0060  [ BDD52AB4AEBB8B1904568DBD0CCB70CB, C3D1DBA349C79B43DCDD9EF5255C5EE973EFB844235B808B5EF9B63A51FF00AA ] PolicyAgent     C:\WINDOWS\System32\ipsecsvc.dll
14:15:05.0144 0x0060  PolicyAgent - ok
14:15:05.0156 0x0060  [ C8DD82C3035E60D671B8CC5DF128D3A9, 6AABF632CBEDA9A7B553BC9134FF100CB6FDC88000D499D2883408FCEDD97576 ] Power           C:\WINDOWS\system32\umpo.dll
14:15:05.0167 0x0060  Power - ok
14:15:05.0176 0x0060  [ E075CC071022BD4E9BE7C024717C0E0A, BE65A8C1082AE8DF8C37CA06B2BCC521478AC153EA7388B03F7FAE3913920E75 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
14:15:05.0220 0x0060  PptpMiniport - ok
14:15:05.0380 0x0060  [ E3514CE7CB4AF80ECCA383F065BC77C0, 1EA06D358A07EB9DFB703CEFC4EB834B947B899E0ACFE1C494E2DAED63F1D4B5 ] PrintNotify     C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll
14:15:05.0427 0x0060  PrintNotify - ok
14:15:05.0439 0x0060  [ ECD373F9571C745894367CC2635EA44F, E08B2A1017DAE1BF10B986DAFAD14BDE20D79703E0EF3A8C700A3753908C1392 ] Processor       C:\WINDOWS\System32\drivers\processr.sys
14:15:05.0469 0x0060  Processor - ok
14:15:05.0500 0x0060  [ 6E409D818C6B342544EAE741B1422B85, B4ADFB7809FC42C432C984C3AC13FAFD1B7AD53BCC7FB16E86371DE4C829DD1A ] ProfSvc         C:\WINDOWS\system32\profsvc.dll
14:15:05.0513 0x0060  ProfSvc - ok
14:15:05.0533 0x0060  [ FC0141B4A5AD6D637D883C1A89FC45C5, DCE8942C02EEDAE7A57707CA60CAC3A8CD6BA68E6571E405CA882D4DD6D69E43 ] Psched          C:\WINDOWS\system32\DRIVERS\pacer.sys
14:15:05.0562 0x0060  Psched - ok
14:15:05.0587 0x0060  [ DAA9DEE0A5D5F238C4EE54C2C7FB67C5, 7EC8C603BD92699AC35BDCD294F13BEE90D5C2C195FD93A3F16928BFCF53CA93 ] QWAVE           C:\WINDOWS\system32\qwave.dll
14:15:05.0599 0x0060  QWAVE - ok
14:15:05.0622 0x0060  [ 83868EB2924E6BC21A54337C65D614D1, 8D1BE01EBD190231153B867C32120DC8FBFBD32050448A778134D435D76A0B07 ] QWAVEdrv        C:\WINDOWS\system32\drivers\qwavedrv.sys
14:15:05.0653 0x0060  QWAVEdrv - ok
14:15:05.0677 0x0060  [ B337B1F1E82A83E20A1743E008E25C0F, A2E8AF041B4CAB78AEE28A2147A189FF0F9D2FCEFB167D60FBBA0A787A5A5BE7 ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
14:15:05.0690 0x0060  RasAcd - ok
14:15:05.0756 0x0060  [ E8FFD8BE3C50E7A71C5FBB87BDD1128E, 3E3EB906CC9A1CCA09580DA9F94DD0E1162CABD343874B76718DC4F2E9069C4E ] RasAgileVpn     C:\WINDOWS\system32\DRIVERS\AgileVpn.sys
14:15:05.0808 0x0060  RasAgileVpn - ok
14:15:05.0848 0x0060  [ 044638489B4A5FE5334F46C5314A0826, E06CC2A9EF369794DAD69FBB5AFD1676D4283DDAB2AD5E3EFE454C473F62F955 ] RasAuto         C:\WINDOWS\System32\rasauto.dll
14:15:05.0873 0x0060  RasAuto - ok
14:15:05.0918 0x0060  [ BBB6272B7F46C4640A8CDB8A70C3450F, 4266C3ABD0D1D0219F715EA0F155744F7C1E3A7B722BE863831B57AE785419A2 ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
14:15:05.0976 0x0060  Rasl2tp - ok
14:15:06.0012 0x0060  [ F83B38FCD4F69157B3D158433FA149CC, AB103BD3E2B3B134CB355C556DF70BCF0CF4DB11EFF7DB4A9876D5AA43D81293 ] RasMan          C:\WINDOWS\System32\rasmans.dll
14:15:06.0030 0x0060  RasMan - ok
14:15:06.0043 0x0060  [ 5247F308C4103CDC4FE12AE1D235800A, E567CD33CA1897D53795E071B7AFBAF98B2C8F725F8BED0BA90F5EF611520E48 ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
14:15:06.0077 0x0060  RasPppoe - ok
14:15:06.0096 0x0060  [ 41F631007A158FEBB67F0E2AD1601BBA, EB5EA7277F4178BC27E55BF850AEBCD84B6BED80B2383CFB29548824AAFED135 ] RasSstp         C:\WINDOWS\system32\DRIVERS\rassstp.sys
14:15:06.0125 0x0060  RasSstp - ok
14:15:06.0146 0x0060  [ A1A5E79C0D1352AFDC08328A623DA051, 01546DDE6F1FF159A7EB7F2BF104910445D3D863F1F37DEA695579BA60D84280 ] rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
14:15:06.0191 0x0060  rdbss - ok
14:15:06.0219 0x0060  [ 6B21EBF892CD8CACB71669B35AB5DE32, 0AD8E14FEF16FB2559F5FC8AFBC9D49E4E24F43CF65F480DBF9FAB593269B419 ] rdpbus          C:\WINDOWS\System32\drivers\rdpbus.sys
14:15:06.0247 0x0060  rdpbus - ok
14:15:06.0272 0x0060  [ 680C1DAE268B6FB67FA21B389A8B79EF, 856911F77BDD8830C3D683EBE8AF399FB3A54C7D8D0B34EA37D903377F0A39BD ] RDPDR           C:\WINDOWS\system32\drivers\rdpdr.sys
14:15:06.0302 0x0060  RDPDR - ok
14:15:06.0323 0x0060  [ BC8A79C625568DDB7DCA49D0C2741A64, AB0A7ED9EC2282EC0356D27EA4F70515943E41C2112428B787636B8BEC278933 ] RdpVideoMiniport C:\WINDOWS\system32\drivers\rdpvideominiport.sys
14:15:06.0351 0x0060  RdpVideoMiniport - ok
14:15:06.0375 0x0060  [ A26AEC49F318FEE141DDDB2C5F99B3E6, 246AD79FF27E79DEDCB0AAA7C22A8EA6349DEDAC863413A1E378E68FD94C9C4F ] rdyboost        C:\WINDOWS\system32\drivers\rdyboost.sys
14:15:06.0404 0x0060  rdyboost - ok
14:15:06.0433 0x0060  [ 615DFD97DEA56CE1C3A52185A3038FF8, 707BF5F9FAE478A12656D15013F507CC1335E7B72BD21CA99BB813CB95E37BC0 ] ReFS            C:\WINDOWS\system32\drivers\ReFS.sys
14:15:06.0480 0x0060  ReFS - ok
14:15:06.0498 0x0060  [ 0CF7CB56BF2D5E9DBCEE0185CB626FAD, 2BD2E2FB1D2EADD1F70EF55E8523C353F95D4FEB1BAD5017FA4D94F790F27825 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
14:15:06.0509 0x0060  RemoteAccess - ok
14:15:06.0526 0x0060  [ AC8785B53F8436058C90450DA1840AE7, CC1FFC2713910211F8A6AD532DBB9253ACD188CBD784F1BE6613DF382825A3C1 ] RemoteRegistry  C:\WINDOWS\system32\regsvc.dll
14:15:06.0537 0x0060  RemoteRegistry - ok
14:15:06.0547 0x0060  [ 65B9FDE300A6DECC03BA44C4616DCAD6, CAD992982733DD20282A3453DC4E554AE1FC077C35479C0CA4E8BC3A9DCD3BB0 ] RpcEptMapper    C:\WINDOWS\System32\RpcEpMap.dll
14:15:06.0558 0x0060  RpcEptMapper - ok
14:15:06.0570 0x0060  [ A737B433ABAF3F2DCB2BD7B4CC582B26, 3B5706B0CF0969A9F82060FD4DCC745F2D83C066B663FE8A4F0F493B64032C9C ] RpcLocator      C:\WINDOWS\system32\locator.exe
14:15:06.0579 0x0060  RpcLocator - ok
14:15:06.0620 0x0060  [ A6F17C299A03BAFEFB9257C462A19E00, EB68967D28355271897166D7B6FD963D1E546D3C24AE1AEAAC561F94357A9345 ] RpcSs           C:\WINDOWS\system32\rpcss.dll
14:15:06.0657 0x0060  RpcSs - ok
14:15:06.0668 0x0060  [ 2D05A5508F4685412F2B89E8C2189ABC, 82F12B4E0E73411A121EFD35FBD3B44CBBC0AE96ACFBB45D8C3C3777E2EA320D ] rspndr          C:\WINDOWS\system32\DRIVERS\rspndr.sys
14:15:06.0690 0x0060  rspndr - ok
14:15:06.0734 0x0060  [ 19764658C1468C2C0CEF133D28414A6B, 87AD4056F6C67052433A366B200B75613148B69B9B9D502AD926A7F7F037B8DE ] RTL8168         C:\WINDOWS\system32\DRIVERS\Rt630x64.sys
14:15:06.0781 0x0060  RTL8168 - ok
14:15:06.0802 0x0060  [ 1A063730F221B2746FF00457AE17E4F0, 39A3C258CBFE3BC566C63528C9020A3BC9409736AE5289C08A7BA471D8409263 ] s3cap           C:\WINDOWS\System32\drivers\vms3cap.sys
14:15:06.0837 0x0060  s3cap - ok
14:15:06.0856 0x0060  [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] SamSs           C:\WINDOWS\system32\lsass.exe
14:15:06.0875 0x0060  SamSs - ok
14:15:06.0892 0x0060  [ C624A1B32211C3166EDB3F4AB02A30B7, 6B2A4607DB52D74242787ED9DF9067058983D310431D8612D2B0236E6201E681 ] sbp2port        C:\WINDOWS\system32\drivers\sbp2port.sys
14:15:06.0955 0x0060  sbp2port - ok
14:15:06.0995 0x0060  [ 74A3B67F03877D06B09B1B40C5ED582E, A8FF9BF416F0BF365BFB4E1796859825C811A74B5E54DDDCE8345193BEEBE206 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.dll
14:15:07.0019 0x0060  SCardSvr - ok
14:15:07.0053 0x0060  [ 005C51653E3A94B31E4E2DB8447644FA, 77C0C706EB1D9582F3CC08E3AC289E6366F46C4A727781B37D3139B63FC7A320 ] SCDEmu          C:\WINDOWS\system32\drivers\SCDEmu.sys
14:15:07.0097 0x0060  SCDEmu - ok
14:15:07.0124 0x0060  [ 8B9C4D55B4A536FB01C360DDB9533574, 9B939FE68F6F9C171ED0D91E2CE1E67515295D34EC23606BCDFD097DCC8CFD4A ] ScDeviceEnum    C:\WINDOWS\System32\ScDeviceEnum.dll
14:15:07.0136 0x0060  ScDeviceEnum - ok
14:15:07.0146 0x0060  [ 13BEA6C882D4D877A5A85CA149C86BC1, 8E9BE5C2A36D5881D9985C3A31309FE03966EA13A3541D3C5B542AB67FA0D55F ] scfilter        C:\WINDOWS\system32\DRIVERS\scfilter.sys
14:15:07.0162 0x0060  scfilter - ok
14:15:07.0197 0x0060  [ 3151A020E03DDE31AAC49F35C5EFB4DB, 5ABB1103009979F86C862357E28F37C2744979F2C99F7CF6ABB4EB1B8416B3F6 ] Schedule        C:\WINDOWS\system32\schedsvc.dll
14:15:07.0222 0x0060  Schedule - ok
14:15:07.0243 0x0060  [ 41C0D7B1A6D4AD119BA6AC0487EA5C8E, 516C2B34BA7507D0DA4148B4ABC0A8C36286570D4EA5C60B28647B1249C15018 ] SCPolicySvc     C:\WINDOWS\System32\certprop.dll
14:15:07.0253 0x0060  SCPolicySvc - ok
14:15:07.0282 0x0060  [ C54B6B2170BF628FD42F799A66956D75, BCF460A124CAA6F1F1A9A7BCBDCC2D5E39B0404D96B7C9FFAC806E041782B91E ] sdbus           C:\WINDOWS\System32\drivers\sdbus.sys
14:15:07.0320 0x0060  sdbus - ok
14:15:07.0346 0x0060  [ 0B1E929D11A8E358106955603FAC65E8, A5EC91BFC0873EC6AB1D0DB4E91654BD35339BD680E7E82DA2DC64996B4AE515 ] sdstor          C:\WINDOWS\System32\drivers\sdstor.sys
14:15:07.0378 0x0060  sdstor - ok
14:15:07.0395 0x0060  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\WINDOWS\system32\drivers\secdrv.sys
14:15:07.0418 0x0060  secdrv - ok
14:15:07.0451 0x0060  [ 6627154693B6C2B8A59727F5B38728E8, F08251EE3436400295F120D48F3763E6F11BBF4132D674AD3E8112B6B3538455 ] seclogon        C:\WINDOWS\system32\seclogon.dll
14:15:07.0461 0x0060  seclogon - ok
14:15:07.0473 0x0060  [ 81FE9A81EDF8016816C9E91FBFBF7D35, 87FB92A3D15F312F0B9C423EF851061A944B013E5668D8C9A441B4DC0EB690AF ] SENS            C:\WINDOWS\System32\sens.dll
14:15:07.0485 0x0060  SENS - ok
14:15:07.0523 0x0060  [ 6E4012AE67F09F867EF620C8D5524C0B, 63933E51F8E413E63481369CE2F9FD224560550FBD3BD2B4573E9F4AD88708A2 ] SensrSvc        C:\WINDOWS\system32\sensrsvc.dll
14:15:07.0535 0x0060  SensrSvc - ok
14:15:07.0546 0x0060  [ DB2FF24CE0BDD15FE75870AFE312BA89, 7DB0D978C92CD0A0A81F7AB46FE323B4929CEA01585B0F330921E6DFA7DE1B85 ] SerCx           C:\WINDOWS\system32\drivers\SerCx.sys
14:15:07.0570 0x0060  SerCx - ok
14:15:07.0586 0x0060  [ 0044B31F93946D5D41982314381FE431, 95B8A94BA9EF770F29ACD5B23D447EC2B6CF1CB3D0030343BA1550AC31F6E2A5 ] SerCx2          C:\WINDOWS\system32\drivers\SerCx2.sys
14:15:07.0620 0x0060  SerCx2 - ok
14:15:07.0637 0x0060  [ 3CD600C089C1251BEEB4CD4CD5164F9E, D9F81951B4454B24E821E33ACA53A851A61F3135E8EC6FBE6761A1A3E1CDCBE2 ] Serenum         C:\WINDOWS\System32\drivers\serenum.sys
14:15:07.0666 0x0060  Serenum - ok
14:15:07.0685 0x0060  [ D864381BC9C725FAB01D94C060660166, 132FED95222BBE3B0B25B3F1F0EFC5903D04564BD047BA4D2042AD51E3FDA724 ] Serial          C:\WINDOWS\System32\drivers\serial.sys
14:15:07.0719 0x0060  Serial - ok
14:15:07.0750 0x0060  [ 148195AE95D9BC7375A08846439FDAC1, 3A2F78FD18AA7A6D659921E19335E943894530874AC5AB5E7219CEF28FA54F7A ] sermouse        C:\WINDOWS\System32\drivers\sermouse.sys
14:15:07.0764 0x0060  sermouse - ok
14:15:07.0789 0x0060  [ 3A2F1A7472C3B7CC9B89C8516C726488, 9BCBBAC10C900EA7B30822B463A77EE5067F217C4B490857A09E5277983CB89B ] SessionEnv      C:\WINDOWS\system32\sessenv.dll
14:15:07.0802 0x0060  SessionEnv - ok
14:15:07.0805 0x0060  [ 472B7A5AC181C050888DB454663DD764, C950A8615D57BFD455E18880398350642B2E1D6B951EC9754FD8D429F3418835 ] sfloppy         C:\WINDOWS\System32\drivers\sfloppy.sys
14:15:07.0819 0x0060  sfloppy - ok
14:15:07.0845 0x0060  [ 40CF333266E10137F805B8956FE19031, 9A0C296465E0D9E1F7534E6970090378646A21D168E67CB90810C642F7F33C9E ] sfsync02        C:\WINDOWS\system32\drivers\sfsync02.sys
14:15:07.0855 0x0060  sfsync02 - ok
14:15:07.0874 0x0060  [ 8081FF3DAE8159FE8956B09BC29CE983, AC0F305AEE8B1AB2E1275F1D33EC1D2F3E23F234F831BD9D41F415A94A19D3AB ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
14:15:07.0888 0x0060  SharedAccess - ok
14:15:07.0921 0x0060  [ 7FD9A61A3523A61FC135D61D6E160314, 409E1CF7A62FD90CBC31AEAFBB7230B02DBEC6CFCA2D266D221A7643FAEBA13B ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
14:15:07.0939 0x0060  ShellHWDetection - ok
14:15:07.0948 0x0060  [ 2F518D13DD6F3053837FE606F1A2EA1F, 64109296CE95BD233525688A350D575CF97B9464659AA07CF78B307B6ADBC835 ] SiSRaid2        C:\WINDOWS\system32\drivers\SiSRaid2.sys
14:15:07.0960 0x0060  SiSRaid2 - ok
14:15:07.0974 0x0060  [ 1AC9A200A9C49C4508F04AAFFCA34A3F, 972BCB2A39169155F74111FAC74ACCD8F50E34EADCF087833B0980827627BBF4 ] SiSRaid4        C:\WINDOWS\system32\drivers\sisraid4.sys
14:15:08.0004 0x0060  SiSRaid4 - ok
14:15:08.0051 0x0060  [ 3C84DCCE5B322F745A75CA8BA3A0F6B3, 1FB94A8A1C63D6FDB82E28ED5B696B3CB1F64183A89A3B5153B266C292CB7815 ] smphost         C:\WINDOWS\System32\smphost.dll
14:15:08.0072 0x0060  smphost - ok
14:15:08.0099 0x0060  [ D0EB0DF8C603BBA084351A92732B1CBE, E24ED8F78EF41C1BC17386AE4BBCE0DC892C5B89B12C03FC9FB61D359B13F1B4 ] SNMPTRAP        C:\WINDOWS\System32\snmptrap.exe
14:15:08.0119 0x0060  SNMPTRAP - ok
14:15:08.0162 0x0060  [ B45AE0970B2D66CCE756DE6989E23EEC, 8393CF2DC4F65CD48D4D7B3C8C2D29E26728593B652D6CEAB65B50AEDA0884B7 ] spaceport       C:\WINDOWS\system32\drivers\spaceport.sys
14:15:08.0189 0x0060  spaceport - ok
14:15:08.0197 0x0060  [ F337BE11071818FC3F5DC2940B6BDE34, D5CFF00E5DF37045F71AEE101AC9B270EBB29F372F404757B58600E9966C7E4D ] SpbCx           C:\WINDOWS\system32\drivers\SpbCx.sys
14:15:08.0216 0x0060  SpbCx - ok
14:15:08.0256 0x0060  [ FCB156A6745631A67DEA61827061D483, 9275ABFA1E1E595969A71C0DA228D18D1B868BF46E097E1276142BD80F8A32C9 ] Spooler         C:\WINDOWS\System32\spoolsv.exe
14:15:08.0276 0x0060  Spooler - ok
14:15:08.0435 0x0060  [ C993A0B97BECD3AAF5158E3869878465, 8B86F37DEFCBE55DE507D830EC4980EBB39B3CCA30C2B3E76B588AAB282A50FC ] sppsvc          C:\WINDOWS\system32\sppsvc.exe
14:15:08.0547 0x0060  sppsvc - ok
14:15:08.0590 0x0060  [ 8003E034E3EA0E29DA54215A770FC27C, 28AB1FDEA372D33540A26DAE413A10336409D33B91F51DC0AE144D451022A2A7 ] srv             C:\WINDOWS\system32\DRIVERS\srv.sys
14:15:08.0625 0x0060  srv - ok
14:15:08.0665 0x0060  [ 00D8AC8E3053290BDE6EA2FB6810D2FC, 957FEF84CBBAE71829529AE99A1B24F52D7831BD666442D0132FBB825409A75D ] srv2            C:\WINDOWS\system32\DRIVERS\srv2.sys
14:15:08.0728 0x0060  srv2 - ok
14:15:08.0750 0x0060  [ D047CD668E6277FD80F0C613946F034C, BD0209E7FD89F9295D4DE48C9652DF2A2990277C16AFA473B96704B1CBD2F338 ] srvnet          C:\WINDOWS\system32\DRIVERS\srvnet.sys
14:15:08.0789 0x0060  srvnet - ok
14:15:08.0813 0x0060  [ CF6C3037839CF78421A94F9060C2886F, CA98C180AE03F5BE8FEFFBA75BD98DEE2AD4FA975E1EF83215C9CD2476946811 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
14:15:08.0825 0x0060  SSDPSRV - ok
14:15:08.0847 0x0060  [ 198A737DBA666F4808D62E9A8277A6B7, 90B6E5E2ACE95D850C913A3A1DA1F966C44955C530004C228FA93B2A536F5C27 ] SstpSvc         C:\WINDOWS\system32\sstpsvc.dll
14:15:08.0859 0x0060  SstpSvc - ok
14:15:08.0930 0x0060  [ 97F839E8AEC48EE271509BF4BC764C24, 7B9B791E987ADC8991C128CD52CB253F295E41DF502BF8933DF388994E84560D ] STacSV          C:\Program Files\IDT\WDM\STacSV64.exe
14:15:08.0948 0x0060  STacSV - detected UnsignedFile.Multi.Generic ( 1 )
14:15:11.0300 0x0060  Detect skipped due to KSN trusted
14:15:11.0300 0x0060  STacSV - ok
14:15:11.0402 0x0060  [ A831D5A4D2F5138E332AC1B98315EBB1, 2FF5C256A83ACFB5CEC17B9FA7875048F770B793C37657D6D4E37C70B2F857A8 ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe
14:15:11.0431 0x0060  Steam Client Service - ok
14:15:11.0529 0x0060  [ EDD9D444AC18FF36C5DA452A98AF9CD4, 2BC568305516576F2B63C67BC0E9DDE01248CA83CE9A36CF62D4FCD80893ADF8 ] Stereo Service  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
14:15:11.0549 0x0060  Stereo Service - ok
14:15:11.0559 0x0060  [ 366DEA74BBA65B362BCCFC6FC2ADFD8B, 4D28122AB9D8DAB724021E6513B4474BD34FCEDF47769B1D27AC7551FCA002F8 ] stexstor        C:\WINDOWS\system32\drivers\stexstor.sys
14:15:11.0570 0x0060  stexstor - ok
14:15:11.0620 0x0060  [ 7E89F65EB250463EE8665CFE19566FC3, 45849BAFA62E72A97103C5F02962D346D3F79DE9DB07297D1073FF355A506D9C ] STHDA           C:\WINDOWS\system32\DRIVERS\stwrt64.sys
14:15:11.0662 0x0060  STHDA - ok
14:15:11.0705 0x0060  [ 63E9CE568CF1192771A5F0460DE7D2B9, C27B21FD2C14AD41A59EF62EB8AC95C08EB13CCB1CEECD8378B8CDD4DC352E69 ] stisvc          C:\WINDOWS\System32\wiaservc.dll
14:15:11.0734 0x0060  stisvc - ok
14:15:11.0745 0x0060  [ 0ED2E318ABB68C1A35A8B8038BDB4C90, 5C3ABC245F4BCFE64E646D9C0E2F5E211244956C84D03084C71FF6A7E0CDED30 ] storahci        C:\WINDOWS\system32\drivers\storahci.sys
14:15:11.0771 0x0060  storahci - ok
14:15:11.0799 0x0060  [ 8B9486B64E5FC17FB9CC04CA10B77A34, C1EAC9D27DC83E4C56B890D97988C3CCFAE3877309610601F2E3FFFE97686D43 ] storflt         C:\WINDOWS\system32\drivers\vmstorfl.sys
14:15:11.0828 0x0060  storflt - ok
14:15:11.0847 0x0060  [ 6B06E2D11E604BE2B1A406C4CB3B90DE, 2DDEA1568A85AD64FCE5D10D348304FCD9BE6E96C2313353EF70A2933306D188 ] stornvme        C:\WINDOWS\system32\drivers\stornvme.sys
14:15:11.0863 0x0060  stornvme - ok
14:15:11.0880 0x0060  [ A45F5AC9D8069D0EC66E3CA73103073B, 996788F1C58E016E8E5CF3FD1D220A3C40AFFD6C21361A34636415DB12E0D381 ] StorSvc         C:\WINDOWS\system32\storsvc.dll
14:15:11.0892 0x0060  StorSvc - ok
14:15:11.0905 0x0060  [ 548759755BC73DAD663250239D7E0B9F, D31A05A8CE800B539420B6E545F1F4BF6E4B02EAF8366DE89CAF13A83C6CA48D ] storvsc         C:\WINDOWS\system32\drivers\storvsc.sys
14:15:11.0935 0x0060  storvsc - ok
14:15:11.0958 0x0060  [ E395BE02F80A79A6CF973BA38DBB8135, 4C6F85B0EB8E7725BA720F9742561D229726C0D7C17505D1E79F19A5626F6325 ] svsvc           C:\WINDOWS\system32\svsvc.dll
14:15:11.0970 0x0060  svsvc - ok
14:15:12.0004 0x0060  [ 65454187E0F8B6C0DCECB0287D06EC43, 87550000CF5B3C1DF3E69633934AFE8554AE40B6638F190D3185AD63F1D7A2EE ] swenum          C:\WINDOWS\System32\drivers\swenum.sys
14:15:12.0019 0x0060  swenum - ok
14:15:12.0058 0x0060  [ 1C71D72D4997A284128FBEE770726330, 21682BDE74A1108FED1124FB1EA35A03CBFA94ABE1B89CC0FADB4DD82596C43E ] swprv           C:\WINDOWS\System32\swprv.dll
14:15:12.0084 0x0060  swprv - ok
14:15:12.0119 0x0060  [ 7E85DB0463AD2403AE84AD162B162279, 996C42ECAFC6E24C623068AFAFCC0A2612526333AF9315F7536C6D40C2570632 ] SysMain         C:\WINDOWS\system32\sysmain.dll
14:15:12.0144 0x0060  SysMain - ok
14:15:12.0183 0x0060  [ D73DBBB96CEE90C2856164AAD8543425, D11ADB5D4C5DD355314CA656D375D0062CAE7462E866F94F1B26D5803F65DCB2 ] SystemEventsBroker C:\WINDOWS\System32\SystemEventsBrokerServer.dll
14:15:12.0197 0x0060  SystemEventsBroker - ok
14:15:12.0222 0x0060  [ D6A71B95ACF71ACA63B67232059F1BCD, C5CEC032E7AB507500D1CC7A4E65DA6322412C798201A9D770CBDE892E50DFC8 ] TabletInputService C:\WINDOWS\System32\TabSvc.dll
14:15:12.0232 0x0060  TabletInputService - ok
14:15:12.0234 0x0060  tandpl - ok
14:15:12.0257 0x0060  [ 5A5BAB1CA9621E73E25EE4744B67CDA6, 479EBD7BAE1E2AD431153FDC016742F7A8D824716EAB1A4CA87EBBD21D61DECD ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
14:15:12.0270 0x0060  TapiSrv - ok
14:15:12.0330 0x0060  [ 746DDF7D59AB8D721C88D48434597E8D, 78BDBAB8D1E86A11804FEB19B355C0FAD04ACE8DD4BDDFDADCE5461E259BCE82 ] Tcpip           C:\WINDOWS\system32\drivers\tcpip.sys
14:15:12.0416 0x0060  Tcpip - ok
14:15:12.0469 0x0060  [ 746DDF7D59AB8D721C88D48434597E8D, 78BDBAB8D1E86A11804FEB19B355C0FAD04ACE8DD4BDDFDADCE5461E259BCE82 ] TCPIP6          C:\WINDOWS\system32\DRIVERS\tcpip.sys
14:15:12.0535 0x0060  TCPIP6 - ok
14:15:12.0576 0x0060  [ 41CF802064F72E55F50CA0A221FD36D4, 70ABCDF9E96611E8C83042C581575E26649FE479475E8E118CD3FF6CB1C84C3F ] tcpipreg        C:\WINDOWS\system32\drivers\tcpipreg.sys
14:15:12.0601 0x0060  tcpipreg - ok
14:15:12.0616 0x0060  [ E0BD2D83875464FEEEB242CBA8B7E073, A3067165128F36035FA9F3CBA55CFED736E180C495497FA7332B3D97908C3D90 ] tdx             C:\WINDOWS\system32\DRIVERS\tdx.sys
14:15:12.0632 0x0060  tdx - ok
14:15:12.0650 0x0060  [ 232D185D2337F141311D0CF1983E1431, 02EB56D3F26174AF1741C1A444CE30DE84D5BAF583C1A52C7A953BCC52445547 ] terminpt        C:\WINDOWS\System32\drivers\terminpt.sys
14:15:12.0662 0x0060  terminpt - ok
14:15:12.0706 0x0060  [ C50997E282576DA492EBA66B059D4196, EBD793CB396F9503376207FA60353F5672DEDB620C8E01C8D6AE0030B3B03339 ] TermService     C:\WINDOWS\System32\termsrv.dll
14:15:12.0729 0x0060  TermService - ok
14:15:12.0748 0x0060  [ 2180DBCE75B914E5E5BBFFFAAE97AA21, 8000AECC8855903DB50ABA7E304396D1FCEAE8DC9ADD4FC50275CF24B4D914DE ] Themes          C:\WINDOWS\system32\themeservice.dll
14:15:12.0758 0x0060  Themes - ok
14:15:12.0778 0x0060  [ 4C5179DB61B9E14BEC15CDC4B152B2E9, 9048BEC7AD6A3F4B640E99B1F0365AC9A46740B188758FBB2C160EF30AD6E64B ] THREADORDER     C:\WINDOWS\system32\mmcss.dll
14:15:12.0788 0x0060  THREADORDER - ok
14:15:12.0822 0x0060  [ B5ED9CC61798C7D44BD535D40B89EFB5, 1BDCEAA9AF2096381870D92129C748F4EE06A1167ABA9367B9DD43BAF27E3F5B ] TimeBroker      C:\WINDOWS\System32\TimeBrokerServer.dll
14:15:12.0835 0x0060  TimeBroker - ok
14:15:12.0859 0x0060  [ 80A2FC1A089A71F2DBE5D8394FFB009F, DEA30E751F6EA42E43E16869713FC7E37832B15DAFA0062B1798DFA476981385 ] TPM             C:\WINDOWS\system32\drivers\tpm.sys
14:15:12.0885 0x0060  TPM - ok
14:15:12.0903 0x0060  [ 884113C2BB703FE806C8608B75F34831, 24DE5750CA4363455412BABB0B1FAB08497153E8F158ED44958F100410F93506 ] TrkWks          C:\WINDOWS\System32\trkwks.dll
14:15:12.0914 0x0060  TrkWks - ok
14:15:12.0950 0x0060  [ 44A94FB4C76528D2382FFE04B05827C3, B0BCDF7CD1D65E61A9061D539D83527A89B69583958F8A26C6BF9766C1B61E0C ] TrustedInstaller C:\WINDOWS\servicing\TrustedInstaller.exe
14:15:12.0959 0x0060  TrustedInstaller - ok
14:15:12.0969 0x0060  [ BF8F54CA37E9C9D6582C31C5761F8C93, 337C566792F6FB9B7FD5D1D4384B767CFE4CF5DBB2E4688CCC36CBB018A0DD0F ] TsUsbFlt        C:\WINDOWS\system32\drivers\tsusbflt.sys
14:15:12.0984 0x0060  TsUsbFlt - ok
14:15:13.0005 0x0060  [ 20185BEB7512EDE4EFECDFA148AC9F99, 6F539478493C0F87F3DDF67A4A6D4D41E9474EEF21434E856350CE149A34EA9F ] TsUsbGD         C:\WINDOWS\System32\drivers\TsUsbGD.sys
14:15:13.0018 0x0060  TsUsbGD - ok
14:15:13.0027 0x0060  [ E85916632CD3B9E9B546968DB950BF42, DECE3852C763CC6293C7D1B772296C43A0AE1E47BBCC4979C96B3B2AD70413F3 ] tunnel          C:\WINDOWS\system32\DRIVERS\tunnel.sys
14:15:13.0057 0x0060  tunnel - ok
14:15:13.0083 0x0060  [ F6EEAD052943B5A3104C1405BB856C54, FE422813E6C1012E9F392EFF2AE4C6D3A4DBD9CB2BD5E6A5CAB57D4E89A29468 ] uagp35          C:\WINDOWS\system32\drivers\uagp35.sys
14:15:13.0110 0x0060  uagp35 - ok
14:15:13.0133 0x0060  [ FE6067B1FD4E63650C667B33D080565B, 2C330ED00E49BA55E25564230E0DFB8A35F2B5320EB18D4AF7CAACFA9A449044 ] UASPStor        C:\WINDOWS\System32\drivers\uaspstor.sys
14:15:13.0161 0x0060  UASPStor - ok
14:15:13.0188 0x0060  [ 807F8CF3E973305FC435C61CBBEE2A49, 43CDEAC2BFC5091C11DFC0E7F7171AF9A598AE56CB056C3CF382AE7807F79EF0 ] UCX01000        C:\WINDOWS\System32\drivers\ucx01000.sys
14:15:13.0224 0x0060  UCX01000 - ok
14:15:13.0254 0x0060  [ C61EAF8E1E4B2F62BA4FDF457440B2C6, 961F76A789925234AC27F56AAE34556FA06088D71580B42C24B0BC209EAFD67E ] udfs            C:\WINDOWS\system32\DRIVERS\udfs.sys
14:15:13.0273 0x0060  udfs - ok
14:15:13.0283 0x0060  [ 9578691F297E1B1F519970FE6D47CB21, 080C352AAF22A16A4F3C4AB4DCEA5BFA656457C73F735CEBA30516FDACCF6301 ] UEFI            C:\WINDOWS\System32\drivers\UEFI.sys
14:15:13.0312 0x0060  UEFI - ok
14:15:13.0332 0x0060  [ A867F0F978EE64C87FADC3B100869EE4, 2686BE85F963D0D0BB275E92E5B543280D8742CF10772303E3189D0719B6A277 ] UI0Detect       C:\WINDOWS\system32\UI0Detect.exe
14:15:13.0342 0x0060  UI0Detect - ok
14:15:13.0348 0x0060  [ 5EAB5117DDB24FC4D39E6FFFCF1837B9, 2BC709240867F161E94BE6625A04F478EAAA3EEE7BC7C37ED0DFA9EEA5928E98 ] uliagpkx        C:\WINDOWS\system32\drivers\uliagpkx.sys
14:15:13.0360 0x0060  uliagpkx - ok
14:15:13.0367 0x0060  [ DA34C39A18E60E7C3FA0630566408034, 2F162504214053894C72760D9933D01DBF3578609FE5E2376C3272818599FE32 ] umbus           C:\WINDOWS\System32\drivers\umbus.sys
14:15:13.0399 0x0060  umbus - ok
14:15:13.0416 0x0060  [ AE8294875E5446E359B1E8035D40C05E, AE0357BAB47C07C3576BC76951CD258C009BC5A1B93259D2122A841BD9CDA8FA ] UmPass          C:\WINDOWS\System32\drivers\umpass.sys
14:15:13.0445 0x0060  UmPass - ok
14:15:13.0483 0x0060  [ A023F267A262D5DA6CE1436D9C5E8FD9, 92AD7AF91184C244A7E392F49663143193A80D5D81114546A00F18227DE31D23 ] UmRdpService    C:\WINDOWS\System32\umrdp.dll
14:15:13.0495 0x0060  UmRdpService - ok
14:15:13.0525 0x0060  [ DBE2E6388379D5CC78099650541E9566, 1914BC929F109A49FB18ED31F239A9813A010B0A3914BC8CD0D6A94A67A072D7 ] UNS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
14:15:13.0534 0x0060  UNS - ok
14:15:13.0571 0x0060  [ C98493DD8E6A50154FAC75C15E1C36BB, CECD1C826C8F7AF05468871BF6A0ACDBB6B0202F4F87F48C6D367E5BD699E800 ] upnphost        C:\WINDOWS\System32\upnphost.dll
14:15:13.0587 0x0060  upnphost - ok
14:15:13.0602 0x0060  [ F957092C63CD71D85903CA0D8370F473, 4DEC2FC20329F248135DA24CB6694FD972DCCE8B1BBEA8D872FDE41939E96AAF ] USBAAPL64       C:\WINDOWS\System32\Drivers\usbaapl64.sys
14:15:13.0629 0x0060  USBAAPL64 - ok
14:15:13.0634 0x0060  [ FF78D053A05E5A394F4E3C1816CC65A8, 5DAE02414271231F5FDBB751AFEB99874779B467947020815D4AE54432D4269D ] usbccgp         C:\WINDOWS\System32\drivers\usbccgp.sys
14:15:13.0649 0x0060  usbccgp - ok
14:15:13.0679 0x0060  [ 0139248F6B95CF0D837B5B46A2722D40, 38E3E704E0364F07732DB418AEBD126B040FB3CDB7D78EA36E8605D50D528A80 ] usbcir          C:\WINDOWS\System32\drivers\usbcir.sys
14:15:13.0694 0x0060  usbcir - ok
14:15:13.0706 0x0060  [ C996CBEF922B5653A01E3F50DDCE2F86, 231EB5A36E7EE242197E796D3B4AB12F945D2C8570587BC8D57D45530A0C59B4 ] usbehci         C:\WINDOWS\System32\drivers\usbehci.sys
14:15:13.0742 0x0060  usbehci - ok
14:15:13.0787 0x0060  [ CD81683F4553677B9BF5163A922153EB, 6B304B0D68B9BFF0245EC755CDAAF9DF59DF3A081727E32CB66672929F0DBC50 ] usbhub          C:\WINDOWS\System32\drivers\usbhub.sys
14:15:13.0832 0x0060  usbhub - ok
14:15:13.0873 0x0060  [ 5C90D5379B53590FBB24BBAD4FA682EE, DC036340510C1C0999AB1CB845F8E6EB8B7696BAC9BBE6E936454C0000D1E9D4 ] USBHUB3         C:\WINDOWS\System32\drivers\UsbHub3.sys
14:15:13.0920 0x0060  USBHUB3 - ok
14:15:13.0957 0x0060  [ A0F0484C97D6441ED6A75D7426ECCC9E, FF928ADE1C5464E581BF929F7383D5762D110EA6C7E31A6F0887EA7357ADBEFE ] usbohci         C:\WINDOWS\System32\drivers\usbohci.sys
14:15:13.0986 0x0060  usbohci - ok
14:15:14.0024 0x0060  [ 4D655E3B684BE9B0F7FFD8A2935C348C, 3A7FC1748C5AEA8CFE0E7C22ADC77E3DCA475455FC16D9C6A5C16EB5E949A516 ] usbprint        C:\WINDOWS\System32\drivers\usbprint.sys
14:15:14.0053 0x0060  usbprint - ok
14:15:14.0097 0x0060  [ 9D168BFA334D47BE404367EB58D4E130, 23279CBE6ACBD074E7B268BA2EDA14E2255C41F8117173B2BBE653D8259ECFA2 ] USBSTOR         C:\WINDOWS\System32\drivers\USBSTOR.SYS
14:15:14.0128 0x0060  USBSTOR - ok
14:15:14.0145 0x0060  [ FC974B03C8B87455F44F734C8F31A3C8, D69F6EE8030F7DF96FF151D9EAA6AE65417ACAC5A267C7DB96E9611D5BC42D2C ] usbuhci         C:\WINDOWS\System32\drivers\usbuhci.sys
14:15:14.0180 0x0060  usbuhci - ok
14:15:14.0209 0x0060  [ 44603DA5A87FB491EF59C889EBBB4DDB, 59AA9B6B0B5D66F9312CD3F999D0D9F12F1A2C5D230365AD7287CD71FD86961C ] USBXHCI         C:\WINDOWS\System32\drivers\USBXHCI.SYS
14:15:14.0244 0x0060  USBXHCI - ok
14:15:14.0264 0x0060  [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] VaultSvc        C:\WINDOWS\system32\lsass.exe
14:15:14.0272 0x0060  VaultSvc - ok
14:15:14.0298 0x0060  VBoxAswDrv - ok
14:15:14.0300 0x0060  [ FEB26E3B8345A7E8D62F945C4AE86562, 3AAFE87C402FC8E92542DFE60EC9540559863065F88D429A16D7B1BF829223FF ] vdrvroot        C:\WINDOWS\system32\drivers\vdrvroot.sys
14:15:14.0312 0x0060  vdrvroot - ok
14:15:14.0341 0x0060  [ 8A4D808D1EC7C1C47B2C8BF488A9A07A, 63C07312ADB6F8A8BDE93361C30AC63DAB4DE1141AF54630EEF11E54B0BF983D ] vds             C:\WINDOWS\System32\vds.exe
14:15:14.0368 0x0060  vds - ok
14:15:14.0378 0x0060  [ A026EDEAA5EECAE0B08E2748B616D4BD, 2525A54DC7F49DDFBB999C22BF3FAB6D9E9F70C0806E58D81E90AC59F9F46089 ] VerifierExt     C:\WINDOWS\system32\drivers\VerifierExt.sys
14:15:14.0409 0x0060  VerifierExt - ok
14:15:14.0441 0x0060  [ C06E8481E068F170A258441639AC5792, 2F550530BACB511A195D5047F003B01CB6E04FA9A0DCCF638CB3D51FF5467DC7 ] vhdmp           C:\WINDOWS\System32\drivers\vhdmp.sys
14:15:14.0479 0x0060  vhdmp - ok
14:15:14.0502 0x0060  [ 06D38968028E9AB19DE9B618C7B6D199, 62022297A47F440D1C82CA0B0E57C0C8E9D5033D83DD3B40492B218DF65EBF68 ] viaide          C:\WINDOWS\system32\drivers\viaide.sys
14:15:14.0513 0x0060  viaide - ok
14:15:14.0530 0x0060  [ 511AD3FF957A0127E6BD336FF6F89C38, 55325BFD0857A1204F7F6F8ED8C91C07B0E20A50402105708E7365ECD9E25A21 ] vmbus           C:\WINDOWS\system32\drivers\vmbus.sys
14:15:14.0559 0x0060  vmbus - ok
14:15:14.0576 0x0060  [ DA40BEA0A863CE768C940CA9723BF81F, 567C0C3F422325635808B0CF76E05D3B6187F96845C33F85F92F98C9FE53A5B8 ] VMBusHID        C:\WINDOWS\System32\drivers\VMBusHID.sys
14:15:14.0589 0x0060  VMBusHID - ok
14:15:14.0636 0x0060  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicguestinterface C:\WINDOWS\System32\ICSvc.dll
14:15:14.0652 0x0060  vmicguestinterface - ok
14:15:14.0662 0x0060  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicheartbeat   C:\WINDOWS\System32\ICSvc.dll
14:15:14.0677 0x0060  vmicheartbeat - ok
14:15:14.0686 0x0060  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmickvpexchange C:\WINDOWS\System32\ICSvc.dll
14:15:14.0701 0x0060  vmickvpexchange - ok
14:15:14.0712 0x0060  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicrdv         C:\WINDOWS\System32\ICSvc.dll
14:15:14.0727 0x0060  vmicrdv - ok
14:15:14.0745 0x0060  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicshutdown    C:\WINDOWS\System32\ICSvc.dll
14:15:14.0760 0x0060  vmicshutdown - ok
14:15:14.0770 0x0060  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmictimesync    C:\WINDOWS\System32\ICSvc.dll
14:15:14.0784 0x0060  vmictimesync - ok
14:15:14.0794 0x0060  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicvss         C:\WINDOWS\System32\ICSvc.dll
14:15:14.0809 0x0060  vmicvss - ok
14:15:14.0813 0x0060  [ 55D7D963DE85162F1C49721E502F9744, 5AD34D6DB707EF3E5242BD8CA67B21D6258EE7E7FC477D5227BD15500AE7F45F ] volmgr          C:\WINDOWS\system32\drivers\volmgr.sys
14:15:14.0827 0x0060  volmgr - ok
14:15:14.0848 0x0060  [ CCB9E901F7254BF96D28EB1B0E5329B7, F0E3CA4EFA544CDAEF4092284CF3EC7DF07F806A770285E281816457AD8813F5 ] volmgrx         C:\WINDOWS\system32\drivers\volmgrx.sys
14:15:14.0888 0x0060  volmgrx - ok
14:15:14.0898 0x0060  [ 64CA2B4A49A8EAF495E435623ECCE7DB, 81151F295A54DE2B8B88C7F48C86BF58CDFF96F98493509C06D6F41484594386 ] volsnap         C:\WINDOWS\system32\drivers\volsnap.sys
14:15:14.0923 0x0060  volsnap - ok
14:15:14.0948 0x0060  [ EF31713EE4C7CCFE4049F7E7F15645A2, 35D198D3F1061E19A7EF89FA1E75377049CD6BCA9702F8076B9F95BB8737E0D4 ] vpci            C:\WINDOWS\System32\drivers\vpci.sys
14:15:14.0961 0x0060  vpci - ok
14:15:14.0975 0x0060  [ 4539F45F9F4C9757A86A56C949421E07, DEC362314B2C66414F39354AFE79C02B18BF4EEF90787FB58307F6EB62237E2C ] vsmraid         C:\WINDOWS\system32\drivers\vsmraid.sys
14:15:14.0997 0x0060  vsmraid - ok
14:15:15.0054 0x0060  [ 94FAFD473CDD80CE19A21FB9503D7ED1, 953E5E8C753C0017E1258695A76F60CC05D283F7476B9D9C5C8AC78B8E3FCE18 ] VSS             C:\WINDOWS\system32\vssvc.exe
14:15:15.0084 0x0060  VSS - ok
14:15:15.0102 0x0060  [ 0849B7260F26FE05EA56DED0672E2F4B, 7EAC0E7988F45CB4133A15932955B7B03CE715C967A3BAC9999D81543EBCAEC5 ] VSTXRAID        C:\WINDOWS\system32\drivers\vstxraid.sys
14:15:15.0136 0x0060  VSTXRAID - ok
14:15:15.0170 0x0060  [ BE970C369E43B509C1EDA2B8FA7CECB0, 18951F2AA842A0795AA79A4E164EE925A35E6270EBE4C4CDB19D0A891830E383 ] vwifibus        C:\WINDOWS\System32\drivers\vwifibus.sys
14:15:15.0207 0x0060  vwifibus - ok
14:15:15.0235 0x0060  [ DC821E811EFBB65CDD77FBB8B6ECA385, B7C8AACDF81DBA298F2F384983D36B269876C31F0398D89BF9070217A069B96F ] W32Time         C:\WINDOWS\system32\w32time.dll
14:15:15.0250 0x0060  W32Time - ok
14:15:15.0328 0x0060  [ 8E553C859C83784DEC08B10AFC3EAC92, 41D8DBA1500DBD3AC9783169ACF545805EF05069F12866238992A30794369254 ] w3logsvc        C:\WINDOWS\system32\inetsrv\w3logsvc.dll
14:15:15.0339 0x0060  w3logsvc - ok
14:15:15.0419 0x0060  [ 0910AB9ED404C1434E2D0376C2AD5D8B, 62585CA5F1375BDA440D28D5DF1ADDC9DE3DDFA196D49BBFF3456A5A09EE1C6B ] WacomPen        C:\WINDOWS\System32\drivers\wacompen.sys
14:15:15.0464 0x0060  WacomPen - ok
14:15:15.0493 0x0060  [ 6505C9E72910F91D4C317EECF22D1DE6, 838BAEA6F0BBA916B3291EB165F65DA2F4EC35395678D450EEEB1E540A123FC4 ] WANARP          C:\WINDOWS\system32\DRIVERS\wanarp.sys
14:15:15.0533 0x0060  WANARP - ok
14:15:15.0536 0x0060  [ 6505C9E72910F91D4C317EECF22D1DE6, 838BAEA6F0BBA916B3291EB165F65DA2F4EC35395678D450EEEB1E540A123FC4 ] Wanarpv6        C:\WINDOWS\system32\DRIVERS\wanarp.sys
14:15:15.0557 0x0060  Wanarpv6 - ok
14:15:15.0611 0x0060  [ 9BAE40BD31E3EE0B0C70BEF167E0A2BC, 2419AC815C95F2629E1832973501983D06F788728755605D42D6C8565C3CBBF1 ] WAS             C:\WINDOWS\system32\inetsrv\iisw3adm.dll
14:15:15.0635 0x0060  WAS - ok
14:15:15.0698 0x0060  [ A81988DCC4FA440AA88B84CA452F5E22, 3573AAA09971E8ADB6FEFA778E02B2D8EE5E4249267CF37A524D9F019CC836FB ] wbengine        C:\WINDOWS\system32\wbengine.exe
14:15:15.0729 0x0060  wbengine - ok
14:15:15.0749 0x0060  [ 0F1DFA2FED73FA78B8C3CDE332A870F6, 1089F6F585F5350D349A640EBD3117832DF6B3657EB6667CB00AE217E04ACA17 ] WbioSrvc        C:\WINDOWS\System32\wbiosrvc.dll
14:15:15.0765 0x0060  WbioSrvc - ok
14:15:15.0776 0x0060  [ 0EAEC313B24837613621B4A2536ED382, 61C194ED7FA7D65BBE61A546D5FCA52F52AB08324E084D3EC23C9706E9BF0175 ] Wcmsvc          C:\WINDOWS\System32\wcmsvc.dll
14:15:15.0790 0x0060  Wcmsvc - ok
14:15:15.0807 0x0060  [ F6B4C2280FF7C7156AC8A4687B9DA35E, 1899D584D7469BB49355D84080051E2575B033E6312009D9C6C1DD3F7F9AA4C5 ] wcncsvc         C:\WINDOWS\System32\wcncsvc.dll
14:15:15.0822 0x0060  wcncsvc - ok
14:15:15.0837 0x0060  [ B7BF1D783F5B2484E8CE1C0C78257F16, 468601199FCCF63DBAE86EE6B8825EA85B2A1EE177413353FFA2CC9CA5249FCD ] WcsPlugInService C:\WINDOWS\System32\WcsPlugInService.dll
14:15:15.0847 0x0060  WcsPlugInService - ok
14:15:15.0876 0x0060  [ 81285DDC994F03379DB46419300B2DCB, 98D3622E11F375718AEA1DE3B5F0104DDAB4F96B6D4C19788C14F7B338A6F235 ] WdBoot          C:\WINDOWS\system32\drivers\WdBoot.sys
14:15:15.0888 0x0060  WdBoot - ok
14:15:15.0911 0x0060  [ CB6C63FF8342B467E2EF76E98D5B934D, BE017CE91E3BAB293DE6ECF143797CCE3F33CC63024437472B4E38C6961AD884 ] Wdf01000        C:\WINDOWS\system32\drivers\Wdf01000.sys
14:15:15.0939 0x0060  Wdf01000 - ok
14:15:15.0958 0x0060  [ 26B8FED3F3B85F5F0C4BD03FD00B9941, 7F94FE7954498223B33C025258DB588A3AC9FF25C58EEAD204514FD20652FE40 ] WdFilter        C:\WINDOWS\system32\drivers\WdFilter.sys
14:15:15.0976 0x0060  WdFilter - ok
14:15:15.0995 0x0060  [ F581F9C9D6953FABFA24E67105F0B614, 5A7BB72523D1C53BBE68700537D7AE0D150BC7E4B8227A916B2E29EE4CA267A9 ] WdiServiceHost  C:\WINDOWS\system32\wdi.dll
14:15:16.0019 0x0060  WdiServiceHost - ok
14:15:16.0023 0x0060  [ F581F9C9D6953FABFA24E67105F0B614, 5A7BB72523D1C53BBE68700537D7AE0D150BC7E4B8227A916B2E29EE4CA267A9 ] WdiSystemHost   C:\WINDOWS\system32\wdi.dll
14:15:16.0037 0x0060  WdiSystemHost - ok
14:15:16.0050 0x0060  [ CE67080F00E0AF32755096CEA6430ABA, 0E5D626F9F76C0BC63B2D246AD66D9CBF7D92F34B56398417BCFD0C331DBD282 ] WdNisDrv        C:\WINDOWS\system32\Drivers\WdNisDrv.sys
14:15:16.0080 0x0060  WdNisDrv - ok
14:15:16.0111 0x0060  WdNisSvc - ok
14:15:16.0130 0x0060  [ 40F83492DB9ABBA59773A45FB487C8B2, 0D0DE0B0C9B929FEFD2674CCF17F5F2FC4B16EAB8E1981BBCE51B0305FD7D75E ] WebClient       C:\WINDOWS\System32\webclnt.dll
14:15:16.0142 0x0060  WebClient - ok
14:15:16.0160 0x0060  [ 384E1D04FE20845B2559D292F17A9FA1, AD3B0B2B2219691AC30FEEC8AFDB3BBB74B51BB7D02038AE2B4DEA514E245315 ] Wecsvc          C:\WINDOWS\system32\wecsvc.dll
14:15:16.0173 0x0060  Wecsvc - ok
14:15:16.0188 0x0060  [ 455014F4E48B67EBE0F032E2B0E06BF2, A36435784A034B27056A0E606683A20C69F1B0AB2B6BAEDEAEAA190F6287CAEF ] WEPHOSTSVC      C:\WINDOWS\system32\wephostsvc.dll
14:15:16.0198 0x0060  WEPHOSTSVC - ok
14:15:16.0205 0x0060  [ F13DBA57CEA9B7074B95EDCA6AD2635E, 1D9BA4841EF1343A5D9096B5FE27FC65DC1901D6683DD13516171638549666B5 ] wercplsupport   C:\WINDOWS\System32\wercplsupport.dll
14:15:16.0228 0x0060  wercplsupport - ok
14:15:16.0244 0x0060  [ FD7E58B6AA3EABF2D12B9762A20E11E4, 4C5E2E246C5C70074866BB3DBC2AAF483ECE4345004CCB8D1FE285047268685D ] WerSvc          C:\WINDOWS\System32\WerSvc.dll
14:15:16.0256 0x0060  WerSvc - ok
14:15:16.0287 0x0060  [ 715ABA3DD164D06457A2A3C92F6EA9D5, E6F8269D2FFC4A548B65724C0A3F53756ED15E47229861FBD40B656EE40FE166 ] WFPLWFS         C:\WINDOWS\system32\DRIVERS\wfplwfs.sys
14:15:16.0302 0x0060  WFPLWFS - ok
14:15:16.0314 0x0060  [ 8C840E1FD7584E74BD0CC1EA581EC187, 148E534A94B4882E7396B13FABE17407802292E7890713540080D03D5629C81D ] WiaRpc          C:\WINDOWS\System32\wiarpc.dll
14:15:16.0325 0x0060  WiaRpc - ok
14:15:16.0345 0x0060  [ 5F66B7BB330AA80067FC66149A692620, 92C5D7115A168A23108B65EEEB5FBA8FA43D781855355792596D2419160263C2 ] WIMMount        C:\WINDOWS\system32\drivers\wimmount.sys
14:15:16.0370 0x0060  WIMMount - ok
14:15:16.0371 0x0060  WinDefend - ok
14:15:16.0405 0x0060  [ 10DAD6A7FC617A221313BD584E3C3A00, F139B878668ECF38FE59831E8595A207D5CEEE76C6FFDA8C9F735435E601A763 ] WinHttpAutoProxySvc C:\WINDOWS\system32\winhttp.dll
14:15:16.0425 0x0060  WinHttpAutoProxySvc - ok
14:15:16.0522 0x0060  [ FC8BD690321216C32BB58B035B6D5674, D61698DB19D9DB2593B60B6BA13F7B7735667206F41D751D507135469D6D3CDD ] Winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
14:15:16.0546 0x0060  Winmgmt - ok
14:15:16.0650 0x0060  [ 75436315AA383CF527695C6D49D0CA59, E3D55F2ACBD45D4D031FA6CA799394459C89BE50FF6ADE4FE36F2CAB2D2E63D0 ] WinRM           C:\WINDOWS\system32\WsmSvc.dll
14:15:16.0695 0x0060  WinRM - ok
14:15:16.0751 0x0060  [ 3AF1FA17F1C4ACBDB660D8F98B1A9C13, 99B0851410B462685F6705EBF832D10943FB9634030B02D15BF5D0C66F26F2C2 ] WinUsb          C:\WINDOWS\System32\drivers\WinUsb.sys
14:15:16.0790 0x0060  WinUsb - ok
14:15:16.0840 0x0060  [ DC079BA8390089E4EBCA63D27EEA3ECB, 4D549217A68292E2B16C09FD9F84317011EE54A2DAF4E2AB85554267DF0D3249 ] WlanSvc         C:\WINDOWS\System32\wlansvc.dll
14:15:16.0874 0x0060  WlanSvc - ok
14:15:16.0947 0x0060  [ 06BF5897949A8F24893F792E876B71F5, 9D3719492A86BF52A56E2EA798FD6FDB5862A03F6D360FCC4B0CEA9BE9792AE4 ] wlidsvc         C:\WINDOWS\system32\wlidsvc.dll
14:15:16.0978 0x0060  wlidsvc - ok
14:15:17.0009 0x0060  [ 2834D9D3B4F554A39C72F00EA3F0E128, D10124343C67FE9A0B711AD569BB8080495FCEA0ECEF9AC3F3FBD6865F436A44 ] WmiAcpi         C:\WINDOWS\System32\drivers\wmiacpi.sys
14:15:17.0020 0x0060  WmiAcpi - ok
14:15:17.0044 0x0060  [ B96F7A1236C3F21212DE2C40A3DDB005, 5A29EBB6DA036E303611EB1304192655021405BB05452FD37886DDE604FF0D9D ] wmiApSrv        C:\WINDOWS\system32\wbem\WmiApSrv.exe
14:15:17.0054 0x0060  wmiApSrv - ok
14:15:17.0064 0x0060  WMPNetworkSvc - ok
14:15:17.0072 0x0060  [ 7FC5667DF73D4B04AA457CC3A4180E09, CB7B014945DCA16B6D120DBE0E5876C4C867A4ACD3C3536AEADC14B908613D4E ] Wof             C:\WINDOWS\system32\drivers\Wof.sys
14:15:17.0087 0x0060  Wof - ok
14:15:17.0125 0x0060  [ 588040D595BBF0856CA1ADD941A8ED17, CBC92BB5453FE1BEA6F33239B7CE884F312559591383408EA5F95A006156C5D3 ] workfolderssvc  C:\WINDOWS\system32\workfolderssvc.dll
14:15:17.0155 0x0060  workfolderssvc - ok
14:15:17.0170 0x0060  [ A2468CC3509394A33C4C32F99563D845, 62690C7D41F382DF74B8F4B942647842858E37DE35FF2DE028192E4D09ABB2C5 ] wpcfltr         C:\WINDOWS\system32\DRIVERS\wpcfltr.sys
14:15:17.0191 0x0060  wpcfltr - ok
14:15:17.0203 0x0060  [ 19F4DF69876DA7E9C4965351560FE6B7, 127247A7964F55EE3AF842D25120F5ACD387632BEE2BF3D28FAC05840CEA19BA ] WPCSvc          C:\WINDOWS\System32\wpcsvc.dll
14:15:17.0212 0x0060  WPCSvc - ok
14:15:17.0225 0x0060  [ 2ADE11F3D84709C5F6781E4C59F11683, F003C43396CF8FCF44EAB87583650DB4D2A233322D28D6A78D1694945D9073BB ] WPDBusEnum      C:\WINDOWS\system32\wpdbusenum.dll
14:15:17.0234 0x0060  WPDBusEnum - ok
14:15:17.0262 0x0060  [ 9F2904B55F6CECCD1A8D986B5CE2609A, E19ED4DD3CEF3A22C058FC324824604FB3FC98A029C94E6C2A3389F938D680B6 ] WpdUpFltr       C:\WINDOWS\system32\drivers\WpdUpFltr.sys
14:15:17.0300 0x0060  WpdUpFltr - ok
14:15:17.0317 0x0060  [ AE072B0339D0A18E455DC21666CAD572, AB1DAEA25E2C7AD610818D4B4783F6D4190D85EBB3963BBAD410E8CEA7899EDB ] ws2ifsl         C:\WINDOWS\system32\drivers\ws2ifsl.sys
14:15:17.0348 0x0060  ws2ifsl - ok
14:15:17.0381 0x0060  [ 501D5EFAB9711039479AE48401386D2B, C8C1184DE93E9D2C4E8A60E4E9980745C4E5470E5DA9B59165D18705330ADEFE ] wscsvc          C:\WINDOWS\System32\wscsvc.dll
14:15:17.0393 0x0060  wscsvc - ok
14:15:17.0396 0x0060  WSearch - ok
14:15:17.0500 0x0060  [ 6B2D71124C1EA86B74412F414C42431D, 078CC6C9667EF6BDA3E6900BC26A5A5B030CAA66928A6BBB7B7DC43C5C199EDC ] WSService       C:\WINDOWS\System32\WSService.dll
14:15:17.0565 0x0060  WSService - ok
14:15:17.0685 0x0060  [ 020F47C655ED1F63BBA834AA53575D5C, 7E36BB83B937CEA8B5D1EAF1DF63D32D64CA8045DA377DF5237D2F4DC16574CC ] wuauserv        C:\WINDOWS\system32\wuaueng.dll
14:15:17.0741 0x0060  wuauserv - ok
14:15:17.0752 0x0060  [ 481286719402E4BAEFEA0604AB1B5113, F3CF65DF2AB39F79AE4C1335831408418E40726706E0242677E8B96B0FAD988F ] WudfPf          C:\WINDOWS\system32\drivers\WudfPf.sys
14:15:17.0787 0x0060  WudfPf - ok
14:15:17.0829 0x0060  [ D7B4859227B02BCC1055B279A63C937F, 82C99844CC596C2723523B1B98573488FF23337947B78AA04BA21E58394BB751 ] WUDFRd          C:\WINDOWS\System32\drivers\WUDFRd.sys
14:15:17.0858 0x0060  WUDFRd - ok
14:15:17.0864 0x0060  [ D7B4859227B02BCC1055B279A63C937F, 82C99844CC596C2723523B1B98573488FF23337947B78AA04BA21E58394BB751 ] WUDFSensorLP    C:\WINDOWS\System32\drivers\WUDFRd.sys
14:15:17.0880 0x0060  WUDFSensorLP - ok
14:15:17.0906 0x0060  [ 51D28F7F1F888DDCF2C67DCF3B79A5D3, 74FF2936AFCEB9A36175D5B00EB91A5AD614B52BE3FB3FA9B994A025A484D2B7 ] wudfsvc         C:\WINDOWS\System32\WUDFSvc.dll
14:15:17.0917 0x0060  wudfsvc - ok
14:15:17.0922 0x0060  [ D7B4859227B02BCC1055B279A63C937F, 82C99844CC596C2723523B1B98573488FF23337947B78AA04BA21E58394BB751 ] WUDFWpdFs       C:\WINDOWS\System32\drivers\WUDFRd.sys
14:15:17.0938 0x0060  WUDFWpdFs - ok
14:15:17.0944 0x0060  [ D7B4859227B02BCC1055B279A63C937F, 82C99844CC596C2723523B1B98573488FF23337947B78AA04BA21E58394BB751 ] WUDFWpdMtp      C:\WINDOWS\System32\drivers\WUDFRd.sys
14:15:17.0960 0x0060  WUDFWpdMtp - ok
14:15:17.0991 0x0060  [ A0900F8F628B5AF6841414EB3CF11E50, 8A531F2472FF4B4D895D469D28C215C834ECADBEF539894B8F3F606079A86184 ] WwanSvc         C:\WINDOWS\System32\wwansvc.dll
14:15:18.0021 0x0060  WwanSvc - ok
14:15:18.0080 0x0060  [ A0F661902AFCAAD77CC2ED3894927A10, 0DCD860F7F4029EBFE1F409BA23CC8BAA55BC22084C81940FF170B665E4804BD ] xusb22          C:\WINDOWS\System32\drivers\xusb22.sys
14:15:18.0141 0x0060  xusb22 - ok
14:15:18.0144 0x0060  ================ Scan global ===============================
14:15:18.0183 0x0060  [ 05B08C20B8428ECE088CB5635696A48D, 471642A2D0E5C3BB235962FC8D86A49AC30D7DDE80B97E348425BBFCDE4DCDC3 ] C:\WINDOWS\system32\basesrv.dll
14:15:18.0201 0x0060  [ EAB311B0A7A8EA0346F14F08D4BC8F46, 11168E4074679F8A69DA714C0ABD0C68BA49D171B379343F14783C9C563202CA ] C:\WINDOWS\system32\winsrv.dll
14:15:18.0221 0x0060  [ 3600ED7EA8AED849E20700551C0BD63B, 4A8C346C1646E80B58EF93F87F915A41E05CA2E993BB1C96955AE62A0669AF66 ] C:\WINDOWS\system32\sxssrv.dll
14:15:18.0252 0x0060  [ E0C7813A97CA7947FF5C18A8F3B61A45, 083BB4F3B20419C87DB656F1465E5F782ACDE76838CDE6207F26AAD035C69DE0 ] C:\WINDOWS\system32\services.exe
14:15:18.0259 0x0060  [ Global ] - ok
14:15:18.0259 0x0060  ================ Scan MBR ==================================
14:15:18.0270 0x0060  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk0\DR0
14:15:18.0374 0x0060  \Device\Harddisk0\DR0 - ok
14:15:18.0374 0x0060  ================ Scan VBR ==================================
14:15:18.0400 0x0060  [ A9FEB23E7752BD2E020B3C7884C2673D ] \Device\Harddisk0\DR0\Partition1
14:15:18.0439 0x0060  \Device\Harddisk0\DR0\Partition1 - ok
14:15:18.0451 0x0060  [ 0FD768DA065B9C05712FA373E9BA89BF ] \Device\Harddisk0\DR0\Partition2
14:15:18.0485 0x0060  \Device\Harddisk0\DR0\Partition2 - ok
14:15:18.0499 0x0060  [ 301177562C2958491787108707C7E8E1 ] \Device\Harddisk0\DR0\Partition3
14:15:18.0500 0x0060  \Device\Harddisk0\DR0\Partition3 - ok
14:15:18.0512 0x0060  [ 659E499A4B94211FEC492CBB11699FDA ] \Device\Harddisk0\DR0\Partition4
14:15:18.0550 0x0060  \Device\Harddisk0\DR0\Partition4 - ok
14:15:18.0579 0x0060  [ 6600625D0C21EAC5A51579C9C877B209 ] \Device\Harddisk0\DR0\Partition5
14:15:18.0582 0x0060  \Device\Harddisk0\DR0\Partition5 - ok
14:15:18.0595 0x0060  [ EF9AB4B286B4E8B8E1F1705515E62524 ] \Device\Harddisk0\DR0\Partition6
14:15:18.0598 0x0060  \Device\Harddisk0\DR0\Partition6 - ok
14:15:18.0598 0x0060  ================ Scan generic autorun ======================
14:15:18.0627 0x0060  [ 49BD5663071AA799AC0B1E6B48EB9257, 39364B7E08C87545B4E48264509D73800FE5B0A76E34E0B169DA489895820B22 ] C:\Program Files\IDT\WDM\beats64.exe
14:15:18.0647 0x0060  BeatsOSDApp - detected UnsignedFile.Multi.Generic ( 1 )
14:15:21.0018 0x0060  Detect skipped due to KSN trusted
14:15:21.0018 0x0060  BeatsOSDApp - ok
14:15:21.0064 0x0060  [ 94BFCE236D6340011721470E394056E3, 42A7808F6C53C268354E9E47F0689FE2B4717F61E97CBAA0ABF33E0275B908EF ] C:\Program Files\IDT\WDM\sttray64.exe
14:15:21.0090 0x0060  SysTrayApp - detected UnsignedFile.Multi.Generic ( 1 )
14:15:23.0421 0x0060  Detect skipped due to KSN trusted
14:15:23.0421 0x0060  SysTrayApp - ok
14:15:23.0472 0x0060  [ 1BF113E377E570DB915EE7D228E594D6, FF4D198D412CA21C49E0A3E6FE52EAD69786B305429095B5BD25CB4FAFD33B51 ] C:\Program Files\iTunes\iTunesHelper.exe
14:15:23.0486 0x0060  iTunesHelper - ok
14:15:23.0546 0x0060  [ BC293F3C9621D40E1924A5715417F77C, 3EB1B0040566CE0DBA3FC65C5005B0F1E79BE9AB39CAD1398A45AAC3AB7AD733 ] C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
14:15:23.0587 0x0060  NvBackend - ok
14:15:23.0595 0x0060  [ 6C308D32AFA41D26CE2A0EA8F7B79565, 5CC2C563D89257964C4B446F54AFE1E57BBEE49315A9FC001FF5A6BCB6650393 ] C:\WINDOWS\system32\rundll32.exe
14:15:23.0636 0x0060  ShadowPlay - ok
14:15:23.0671 0x0060  [ 724CB7A116F7E1A67009D751BCF86586, F0C4BE7451C5573AD584F5EF125C0702841E30D928909B5B3EA702831EF2FD9B ] c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
14:15:23.0677 0x0060  CLMLServer_For_P2G8 - ok
14:15:23.0702 0x0060  [ B35B97FC934A9A7D02232094128CD636, 08F9E36F7DB86325986712210DF1B235DAC4F76FB599D2756E863A9FAFEBD57B ] c:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe
14:15:23.0712 0x0060  CLVirtualDrive - ok
14:15:23.0740 0x0060  [ EBC0E8C0A4DDA2C32A7D5863462A321A, 2F410138DB66D0219254339F1F098E401CEDAA032596F1F67BC54F394256FC68 ] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
14:15:23.0757 0x0060  amd_dc_opt - detected UnsignedFile.Multi.Generic ( 1 )
14:15:24.0567 0x0698  Object required for P2P: [ 6FEB9E059772EE875E3F63F39B9AB789 ] nvsvc
14:15:26.0091 0x0060  Detect skipped due to KSN trusted
14:15:26.0091 0x0060  amd_dc_opt - ok
14:15:26.0271 0x0060  [ 82B7AE85A3C197514055DA16D658D8C1, 6FB05B89FBD5FA39F86B7A260CF2C6A692F01FAF79828B18B00735D5A59BC81B ] C:\Program Files\AVAST Software\Avast\AvastUI.exe
14:15:26.0381 0x0060  AvastUI.exe - ok
14:15:26.0429 0x0060  [ B69ED65E4A0C09EA7B52E745010156C7, A328D69F81D05F550FB3521296B7E2E03079D69256E316411E0E5D116872C7E0 ] C:\Program Files\PowerISO\PWRISOVM.EXE
14:15:26.0438 0x0060  PWRISOVM.EXE - ok
14:15:26.0466 0x0060  [ C9B67BCB8E384064A8C2263740B0C437, F2609406A84F3A8E256DD250F84A774EF43F92C9F8B373E297A99ACF95B3CCE4 ] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
14:15:26.0478 0x0060  SunJavaUpdateSched - ok
14:15:26.0479 0x0060  PCKeeperLive - ok
14:15:26.0480 0x0060  PCKeeper Antivirus - ok
14:15:26.0481 0x0060  Waiting for KSN requests completion. In queue: 218
14:15:27.0012 0x0698  Object send P2P result: true
14:15:27.0012 0x0698  Object required for P2P: [ EABD6FC38504B46913E2B1B739DAD185 ] Origin Client Service
14:15:27.0481 0x0060  Waiting for KSN requests completion. In queue: 215
14:15:28.0481 0x0060  Waiting for KSN requests completion. In queue: 210
14:15:28.0820 0x0f28  Object required for P2P: [ 82B7AE85A3C197514055DA16D658D8C1 ] C:\Program Files\AVAST Software\Avast\AvastUI.exe
14:15:29.0451 0x0698  Object send P2P result: true
14:15:29.0482 0x0060  Waiting for KSN requests completion. In queue: 3
14:15:30.0482 0x0060  Waiting for KSN requests completion. In queue: 3
14:15:31.0287 0x0f28  Object send P2P result: true
14:15:31.0500 0x0060  AV detected via SS2: Windows Defender, C:\Program Files\Windows Defender\MSASCui.exe ( 4.8.207.0 ), 0x60100 ( disabled : updated )
14:15:31.0507 0x0060  AV detected via SS2: avast! Antivirus, C:\Program Files\AVAST Software\Avast\VisthAux.exe ( 11.1.2253.1653 ), 0x41000 ( enabled : updated )
14:15:31.0510 0x0060  Win FW state via NFP2: enabled ( trusted )
14:15:33.0886 0x0060  ============================================================
14:15:33.0886 0x0060  Scan finished
14:15:33.0886 0x0060  ============================================================
14:15:33.0897 0x1450  Detected object count: 1
14:15:33.0897 0x1450  Actual detected object count: 1
14:16:18.0662 0x1450  HP Support Assistant Service ( UnsignedFile.Multi.Generic ) - skipped by user
14:16:18.0662 0x1450  HP Support Assistant Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
14:16:29.0476 0x184c  Deinitialize success

M-K-D-B · 07.04.2016, 15:12

Servus,

Schritt 1
Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Schritt 2
Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Schritt 3

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

Schritt 4

Starte die FRST.exe erneut. Setze einen Haken vor Addition.txt und drücke auf Scan.
FRST erstellt nun zwei Logdateien (FRST.txt und Addition.txt).
Poste mir beide Logdateien mit deiner nächsten Antwort.

Bitte poste mit deiner nächsten Antwort

die Logdatei von AdwCleaner,
die Logdatei von MBAM,
die Logdatei von JRT,
die beiden neuen Logdateien von FRST.

ertanal · 08.04.2016, 12:36

Code:

ATTFilter

# AdwCleaner v5.109 - Bericht erstellt am 08/04/2016 um 12:51:24
# Aktualisiert am 04/04/2016 von Xplode
# Datenbank : 2016-04-07.1 [Server]
# Betriebssystem : Windows 8.1  (x64)
# Benutzername : optik - TWINZ
# Gestartet von : C:\Users\optik\Desktop\AdwCleaner_5.109.exe
# Option : Löschen
# Unterstützung : hxxp://toolslib.net/forum

***** [ Dienste ] *****


***** [ Ordner ] *****

[-] Ordner gelöscht : C:\Users\optik\AppData\Local\Essentware
[-] Ordner gelöscht : C:\Users\optik\AppData\Roaming\Video downloader
[-] Ordner gelöscht : C:\Users\optik\AppData\Roaming\Mozilla\Firefox\Profiles\p9jyse6p.default-1431195495895\extensions\anttoolbar@ant.com

***** [ Dateien ] *****

[-] Datei gelöscht : C:\Users\optik\AppData\Roaming\Mozilla\Firefox\Profiles\p9jyse6p.default-1431195495895\searchplugins\yahoo-lavasoft.xml
[-] Datei gelöscht : C:\WINDOWS\SysNative\LavasoftTcpService64.dll
[-] Datei gelöscht : C:\WINDOWS\SysNative\LavasoftTcpServiceOff.ini
[-] Datei gelöscht : C:\WINDOWS\SysWOW64\lavasofttcpservice.dll
[-] Datei gelöscht : C:\WINDOWS\SysWOW64\LavasoftTcpServiceOff.ini

***** [ DLLs ] *****


***** [ Verknüpfungen ] *****


***** [ Aufgabenplanung ] *****


***** [ Registrierungsdatenbank ] *****

[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd.1
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\ScriptHelper.NativeApi
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\ScriptHelper.NativeApi.1
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\CLSID\{0015CAC9-FC30-4CD0-BFAA-7412CC2C4DD9}
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\CLSID\{26C7AFDB-3690-449E-B979-B0AF5CC56DD4}
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3A5A5381-DAAF-4C0D-B032-2C66B3EE4A8D}
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\CLSID\{472EF1D2-4AAE-470D-AE85-6AF8177916FD}
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\CLSID\{8F010D54-C023-457F-AF03-497EACB6D519}
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\CLSID\{9A754403-27B1-4ED7-96D7-588F07888EBF}
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CB31FF8F-BF80-4D2B-ADBE-12C6F5347890}
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FCAA532B-E807-4027-940C-BA16B9D50105}
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{ED62BC6E-64F1-46BE-866F-4C8DC0DF7057}
[-] Schlüssel gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{990F7D4F-09EF-47DF-9ABE-BAF2DCCF5C4B}
[-] Schlüssel gelöscht : HKCU\Software\Essentware
[-] Schlüssel gelöscht : HKCU\Software\OCS
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Lavasoft\Web Companion
[-] Schlüssel gelöscht : [x64] HKLM\SOFTWARE\Essentware
[-] Wert gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [PCKeeper Antivirus]
[#] Wert gelöscht : HKU\S-1-5-21-2461873215-4186745203-1289361242-1001\Software\Microsoft\Windows\CurrentVersion\Run [PCKeeper Antivirus]
[-] Wert gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [PCKeeperLive]
[#] Wert gelöscht : HKU\S-1-5-21-2461873215-4186745203-1289361242-1001\Software\Microsoft\Windows\CurrentVersion\Run [PCKeeperLive]
[-] Wert gelöscht : HKU\S-1-5-21-2461873215-4186745203-1289361242-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [Web Companion]

***** [ Internetbrowser ] *****


*************************

:: "Tracing" schlüssel löschen
:: Proxy Einstellungen zurückgesetzt
:: Winsock Einstellungen zurückgesetzt
:: Internet Explorer Richtlinien gelöscht
:: Chrome Richtlinien gelöscht

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [522 Bytes] - [08/04/2016 12:49:45]
C:\AdwCleaner\AdwCleaner[C2].txt - [3718 Bytes] - [08/04/2016 12:51:24]
C:\AdwCleaner\AdwCleaner[S1].txt - [3781 Bytes] - [08/04/2016 12:48:19]
C:\AdwCleaner\AdwCleaner[S2].txt - [3754 Bytes] - [08/04/2016 12:50:36]

########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [3937 Bytes] ##########

Code:

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlaufdatum: 08.04.2016
Suchlaufzeit: 13:00
Protokolldatei: mbam.txt
Administrator: Ja

Version: 2.2.1.1043
Malware-Datenbank: v2016.04.08.02
Rootkit-Datenbank: v2016.04.03.01
Lizenz: Kostenlose Version
Malware-Schutz: Deaktiviert
Schutz vor bösartigen Websites: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 8.1
CPU: x64
Dateisystem: NTFS
Benutzer: optik

Suchlauftyp: Bedrohungssuchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 392658
Abgelaufene Zeit: 19 Min., 55 Sek.

Speicher: Aktiviert
Start: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(keine bösartigen Elemente erkannt)

Module: 0
(keine bösartigen Elemente erkannt)

Registrierungsschlüssel: 21
PUP.Optional.OpenCandy, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}, In Quarantäne, [f56deac28f0ae4523620e836af56e719], 
PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\INTERFACE\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}, In Quarantäne, [f56deac28f0ae4523620e836af56e719], 
PUP.Optional.OpenCandy, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}, In Quarantäne, [f56deac28f0ae4523620e836af56e719], 
PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}, In Quarantäne, [f56deac28f0ae4523620e836af56e719], 
PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}, In Quarantäne, [f56deac28f0ae4523620e836af56e719], 
PUP.Optional.OpenCandy, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{B9D64D3B-BE75-4FA2-B94A-C4AE772A0146}, In Quarantäne, [f56deac28f0ae4523620e836af56e719], 
PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\TYPELIB\{1112F282-7099-4624-A439-DB29D6551552}, In Quarantäne, [f56deac28f0ae4523620e836af56e719], 
PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\INTERFACE\{FA7B2795-C0C8-4A58-8672-3F8D80CC0270}, In Quarantäne, [f56deac28f0ae4523620e836af56e719], 
PUP.Optional.OpenCandy, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{FA7B2795-C0C8-4A58-8672-3F8D80CC0270}, In Quarantäne, [f56deac28f0ae4523620e836af56e719], 
PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{FA7B2795-C0C8-4A58-8672-3F8D80CC0270}, In Quarantäne, [f56deac28f0ae4523620e836af56e719], 
PUP.Optional.OpenCandy, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{1112F282-7099-4624-A439-DB29D6551552}, In Quarantäne, [f56deac28f0ae4523620e836af56e719], 
PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{1112F282-7099-4624-A439-DB29D6551552}, In Quarantäne, [f56deac28f0ae4523620e836af56e719], 
PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\OCComSDK.ComSDK.1, In Quarantäne, [f56deac28f0ae4523620e836af56e719], 
PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\OCComSDK.ComSDK, In Quarantäne, [f56deac28f0ae4523620e836af56e719], 
PUP.Optional.OpenCandy, HKLM\SOFTWARE\WOW6432NODE\CLASSES\OCComSDK.ComSDK, In Quarantäne, [f56deac28f0ae4523620e836af56e719], 
PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\WOW6432NODE\OCComSDK.ComSDK, In Quarantäne, [f56deac28f0ae4523620e836af56e719], 
PUP.Optional.OpenCandy, HKLM\SOFTWARE\WOW6432NODE\CLASSES\OCComSDK.ComSDK.1, In Quarantäne, [f56deac28f0ae4523620e836af56e719], 
PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\WOW6432NODE\OCComSDK.ComSDK.1, In Quarantäne, [f56deac28f0ae4523620e836af56e719], 
PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{B9D64D3B-BE75-4FA2-B94A-C4AE772A0146}, In Quarantäne, [f56deac28f0ae4523620e836af56e719], 
PUP.Optional.PCKeeper, HKLM\SOFTWARE\MICROSOFT\TRACING\PCKeeper_RASAPI32, In Quarantäne, [02607c30c8d15dd9d1cad0606d97de22], 
PUP.Optional.PCKeeper, HKLM\SOFTWARE\MICROSOFT\TRACING\PCKeeper_RASMANCS, In Quarantäne, [550d7a32eaaf86b0a7f4db55eb197987], 

Registrierungswerte: 0
(keine bösartigen Elemente erkannt)

Registrierungsdaten: 0
(keine bösartigen Elemente erkannt)

Ordner: 0
(keine bösartigen Elemente erkannt)

Dateien: 6
PUP.Optional.PCKeeper, C:\Users\optik\AppData\Local\Temp\8eba-fb04-a585-0b6c.exe, In Quarantäne, [6ef4efbde2b781b51f5782cf7293b44c], 
PUP.Optional.OpenCandy, C:\Users\optik\AppData\Local\Temp\HYD9D14.tmp.1456087708\HTA\install.1456087708.zip, In Quarantäne, [66fcac004851bf77d5812df1d233de22], 
PUP.Optional.OpenCandy, C:\Users\optik\AppData\Local\Temp\HYD9D14.tmp.1456087708\HTA\3rdparty\OCComSDK.dll, In Quarantäne, [f56deac28f0ae4523620e836af56e719], 
PUP.Optional.OpenCandy, C:\Users\optik\AppData\Local\Temp\HYD9D14.tmp.1456087708\HTA\3rdparty\OCSetupHlp.dll, In Quarantäne, [9ec45458485159dd657658ec50b512ee], 
PUP.Optional.OpenCandy, C:\Users\optik\AppData\Local\Temp\HYDE59E.tmp.1456085891\HTA\install.1456085891.zip, In Quarantäne, [f171119b1e7b8aac99bd57c7eb1a619f], 
PUP.Optional.OpenCandy, C:\Users\optik\AppData\Local\Temp\HYDE59E.tmp.1456085891\HTA\3rdparty\OCComSDK.dll, In Quarantäne, [59097d2f1287fe386bebb7678d78e61a], 

Physische Sektoren: 0
(keine bösartigen Elemente erkannt)


(end)

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.4 (03.14.2016)
Operating System: Windows 8.1 x64 
Ran by optik (Administrator) on 08.04.2016 at 13:28:48,57
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 4 

Successfully deleted: C:\Users\optik\AppData\Local\{0D9576BD-05DB-4AE8-8A35-D8B9363B5800} (Empty Folder)
Successfully deleted: C:\Users\optik\AppData\Local\{BAFDF0A4-FCCD-4F26-84A4-F5071DAD9279} (Empty Folder)
Successfully deleted: C:\Users\optik\AppData\Local\{DE32C0A7-C6E2-4BBD-8174-D5C620898754} (Empty Folder)
Successfully deleted: C:\Users\optik\AppData\Roaming\Mozilla\Firefox\Profiles\p9jyse6p.default-1431195495895\extensions\anttoolbar@ant.com (Folder) 



Registry: 1 

Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC} (Registry Key)




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 08.04.2016 at 13:31:40,58
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Code:

ATTFilter

Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
durchgeführt von optik (Administrator) auf TWINZ (08-04-2016 13:34:12)
Gestartet von C:\Users\optik\Desktop
Geladene Profile: optik (Verfügbare Profile: optik)
Platform: Windows 8.1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteUser.exe
(W. Rolke) C:\Users\optik\Desktop\GpuTmp64.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Nicht auf der Ausnahmeliste) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [37888 2012-09-19] (Hewlett-Packard )
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-09-19] (IDT, Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-10-16] (Apple Inc.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2789248 2016-02-17] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-08] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => c:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-02] (CyberLink Corp.)
HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7139256 2016-03-23] (AVAST Software)
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files\PowerISO\PWRISOVM.EXE [408888 2015-10-08] (Power Software Ltd)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [595480 2016-03-20] (Oracle Corporation)
HKU\S-1-5-21-2461873215-4186745203-1289361242-1001\...\MountPoints2: G - "G:\setup.exe" 
HKU\S-1-5-21-2461873215-4186745203-1289361242-1001\...\MountPoints2: H - "H:\AutoRun.exe" 
HKU\S-1-5-21-2461873215-4186745203-1289361242-1001\...\MountPoints2: I - "I:\AutoRunLauncher.exe" 
HKU\S-1-5-21-2461873215-4186745203-1289361242-1001\...\MountPoints2: J - "J:\AutoRunLauncher.exe" 
HKU\S-1-5-21-2461873215-4186745203-1289361242-1001\...\MountPoints2: K - "K:\AutoRunLauncher.exe" 
HKU\S-1-5-21-2461873215-4186745203-1289361242-1001\...\MountPoints2: L - "L:\hod3launch.exe" 
HKU\S-1-5-21-2461873215-4186745203-1289361242-1001\...\MountPoints2: M - "M:\autorun.exe" 
HKU\S-1-5-21-2461873215-4186745203-1289361242-1001\...\MountPoints2: N - "N:\autorun.exe" 
HKU\S-1-5-21-2461873215-4186745203-1289361242-1001\...\MountPoints2: O - "O:\Setup.exe" 
HKU\S-1-5-21-2461873215-4186745203-1289361242-1001\...\MountPoints2: P - "P:\FileRgn.exe" 
HKU\S-1-5-21-2461873215-4186745203-1289361242-1001\...\MountPoints2: T - "T:\CojLauncher.exe" 
HKU\S-1-5-21-2461873215-4186745203-1289361242-1001\...\MountPoints2: U - "U:\setup\rsrc\Autorun.exe" 
HKU\S-1-5-21-2461873215-4186745203-1289361242-1001\...\MountPoints2: V - "V:\setup\rsrc\Autorun.exe" 
HKU\S-1-5-21-2461873215-4186745203-1289361242-1001\...\MountPoints2: W - "W:\setup\rsrc\Autorun.exe" 
HKU\S-1-5-21-2461873215-4186745203-1289361242-1001\...\MountPoints2: X - "X:\autorun.exe" 
HKU\S-1-5-21-2461873215-4186745203-1289361242-1001\...\MountPoints2: {0b1c8cbf-93a0-11e5-bec1-b4b52fc7a0fe} - "G:\install.exe" 
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-02-07] (AVAST Software)

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Tcpip\..\Interfaces\{8FDBB051-95BF-412F-933F-373BC2F0A315}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{BF2A7DDF-191F-4DBA-9518-9620668B1B1F}: [NameServer] 62.109.121.1 62.109.121.2

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?trackid=sp-006
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-2461873215-4186745203-1289361242-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
HKU\S-1-5-21-2461873215-4186745203-1289361242-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxps://www.google.com/?trackid=sp-006
SearchScopes: HKLM -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = 
SearchScopes: HKLM -> {8218E8BC-E228-4079-8CE7-6EA6CCCEA191} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2461873215-4186745203-1289361242-1001 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-02-07] (AVAST Software)
BHO-x32: AcroIEHlprObj Class -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files (x86)\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [2003-11-03] (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\ssv.dll [2016-03-28] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-02-07] (AVAST Software)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\jp2ssv.dll [2016-03-28] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2012-07-09] (Hewlett-Packard)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\optik\AppData\Roaming\Mozilla\Firefox\Profiles\p9jyse6p.default-1431195495895
FF NewTab: google.com
FF SelectedSearchEngine: Yahoo®
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_21_0_0_213.dll [2016-04-07] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_213.dll [2016-04-07] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-08] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-07-18] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-07-18] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.77.2 -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\dtplugin\npDeployJava1.dll [2016-03-28] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.77.2 -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\plugin2\npjp2.dll [2016-03-28] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-02-23] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-02-23] (NVIDIA Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin HKU\S-1-5-21-2461873215-4186745203-1289361242-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\optik\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-06-17] (Unity Technologies ApS)
FF SearchPlugin: C:\Users\optik\AppData\Roaming\Mozilla\Firefox\Profiles\p9jyse6p.default-1431195495895\searchplugins\yahoo-ysp.xml [2015-11-27]
FF Extension: WOT - C:\Users\optik\AppData\Roaming\Mozilla\Firefox\Profiles\p9jyse6p.default-1431195495895\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2015-11-11]
FF Extension: MakeGIF Video Capture - C:\Users\optik\AppData\Roaming\Mozilla\Firefox\Profiles\p9jyse6p.default-1431195495895\extensions\makegifvideocapture@makegif.com.xpi [2015-12-09]
FF Extension: Greasemonkey - C:\Users\optik\AppData\Roaming\Mozilla\Firefox\Profiles\p9jyse6p.default-1431195495895\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2016-01-05]
FF Extension: Adblock Plus - C:\Users\optik\AppData\Roaming\Mozilla\Firefox\Profiles\p9jyse6p.default-1431195495895\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-11-24]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-02-07]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-02-07]

Chrome: 
=======
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-02-07]

==================== Dienste (Nicht auf der Ausnahmeliste) ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [237096 2016-02-07] (AVAST Software)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1164672 2016-02-17] (NVIDIA Corporation)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [85504 2012-08-15] (Hewlett-Packard Company) [Datei ist nicht signiert]
R2 HPConnectedRemote; c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe [35232 2012-08-29] (Hewlett-Packard)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [Datei ist nicht signiert]
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-18] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1880960 2016-02-17] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [6474112 2016-02-17] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2609024 2016-02-17] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2119688 2016-03-29] (Electronic Arts)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [321536 2012-09-19] (IDT, Inc.) [Datei ist nicht signiert]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
S3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [X]

===================== Treiber (Nicht auf der Ausnahmeliste) ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-02-07] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-03-23] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [107792 2016-03-09] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-02-07] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-02-07] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1070904 2016-03-09] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [463744 2016-02-23] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [165344 2016-02-07] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [287016 2016-02-10] (AVAST Software)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30264 2015-11-25] (Disc Soft Ltd)
S3 dtliteusbbus; C:\Windows\System32\drivers\dtliteusbbus.sys [47160 2015-11-25] (Disc Soft Ltd)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
S3 Netaapl; C:\Windows\system32\DRIVERS\netaapl64.sys [23040 2013-08-06] (Apple Inc.) [Datei ist nicht signiert]
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [28032 2016-02-17] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [47760 2015-12-18] (NVIDIA Corporation)
S3 PDNMp50; C:\WINDOWS\SysWOW64\drivers\PDNMp50.sys [28224 2006-11-28] (Printing Communications Assoc., Inc. (PCAUSA))
S3 PDNSp50; C:\WINDOWS\SysWOW64\drivers\PDNSp50.sys [27072 2006-11-28] (Printing Communications Assoc., Inc. (PCAUSA))
R2 secdrv; C:\Windows\SysWow64\Drivers\secdrv.sys [11973 2016-03-28] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Datei ist nicht signiert]
S0 sfsync02; C:\Windows\System32\drivers\sfsync02.sys [22936 2006-07-10] (Protection Technology)
S2 tandpl; C:\Windows\SysWOW64\drivers\tandpl.sys [4736 2003-04-19] () [Datei ist nicht signiert]
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [71680 2014-04-30] (Microsoft Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
S2 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-04-08 13:31 - 2016-04-08 13:31 - 00001143 _____ C:\Users\optik\Desktop\JRT.txt
2016-04-08 13:27 - 2016-04-08 13:27 - 01610352 _____ (Malwarebytes) C:\Users\optik\Desktop\JRT.exe
2016-04-08 13:26 - 2016-04-08 13:26 - 00005105 _____ C:\Users\optik\Desktop\mbam.txt
2016-04-08 12:45 - 2016-04-08 12:51 - 00000000 ____D C:\AdwCleaner
2016-04-08 12:45 - 2016-04-08 12:45 - 03119168 _____ C:\Users\optik\Desktop\AdwCleaner_5.109.exe
2016-04-07 16:16 - 2016-04-07 16:16 - 00001820 _____ C:\Users\optik\Desktop\DMC3SE.exe - Verknüpfung.lnk
2016-04-07 16:11 - 2016-04-07 16:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CAPCOM
2016-04-07 16:09 - 2016-04-07 16:09 - 00000000 ____D C:\Program Files (x86)\CAPCOM
2016-04-07 14:48 - 2016-04-07 14:48 - 00000860 _____ C:\Users\optik\AppData\Local\recently-used.xbel
2016-04-07 14:12 - 2016-04-07 14:16 - 00230270 _____ C:\TDSSKiller.3.1.0.9_07.04.2016_14.12.39_log.txt
2016-04-07 14:12 - 2016-04-07 14:12 - 04727984 _____ (Kaspersky Lab ZAO) C:\Users\optik\Desktop\tdsskiller.exe
2016-04-07 14:09 - 2016-04-07 14:09 - 00049336 _____ C:\Users\optik\Desktop\Addition.txt
2016-04-07 14:08 - 2016-04-08 13:34 - 00019764 _____ C:\Users\optik\Desktop\FRST.txt
2016-04-07 14:08 - 2016-04-08 13:34 - 00000000 ____D C:\FRST
2016-04-07 14:07 - 2016-04-07 14:07 - 02374144 _____ (Farbar) C:\Users\optik\Desktop\FRST64.exe
2016-04-06 21:36 - 2016-04-07 16:04 - 00000000 ____D C:\Users\optik\Downloads\DMC3 SE
2016-04-06 16:09 - 2016-04-06 16:14 - 00000000 ____D C:\Program Files (x86)\SecureVPN.com
2016-04-06 16:09 - 2016-04-06 16:09 - 00000000 ____D C:\Users\optik\AppData\Roaming\Microsoft\Windows\Start Menu\MyHomepage
2016-03-28 21:55 - 2016-03-28 21:55 - 00000000 ____D C:\NVIDIA
2016-03-28 19:49 - 2016-03-28 19:49 - 00001272 _____ C:\Users\optik\Desktop\Starsky.exe - Verknüpfung.lnk
2016-03-28 19:46 - 2016-03-28 19:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Empire Interactive
2016-03-28 19:44 - 2016-03-28 19:44 - 00000000 ____D C:\Program Files (x86)\Empire Interactive
2016-03-28 18:51 - 2016-03-28 19:19 - 00000000 ____D C:\Users\optik\Downloads\STARSKY AND HUTCH-DEViANCE
2016-03-26 15:59 - 2016-03-26 15:59 - 00001792 _____ C:\Users\optik\Desktop\Condemned.exe - Verknüpfung.lnk
2016-03-26 12:10 - 2016-03-26 15:06 - 00000000 ____D C:\Users\optik\Downloads\CONDEMNED
2016-03-25 16:37 - 2016-03-25 22:30 - 00000000 ____D C:\Users\optik\Downloads\Call of Juarez 1
2016-03-25 13:32 - 2003-04-19 01:32 - 00004736 _____ C:\WINDOWS\SysWOW64\Drivers\tandpl.sys
2016-03-25 13:32 - 2003-03-02 18:44 - 00007552 _____ C:\WINDOWS\SysWOW64\Drivers\enodpl.sys
2016-03-23 22:40 - 2016-04-06 16:09 - 00001297 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2016-03-23 22:40 - 2016-03-23 22:40 - 00037144 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2016-03-23 22:40 - 2016-03-23 22:40 - 00003064 _____ C:\WINDOWS\System32\Tasks\SafeZone scheduled Autoupdate 1458765619
2016-03-09 15:52 - 2016-02-20 17:45 - 01373184 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-03-09 15:52 - 2016-02-20 17:45 - 01168896 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-03-09 15:52 - 2016-02-20 17:45 - 00696832 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-03-09 15:52 - 2016-02-20 17:45 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2016-03-09 15:52 - 2016-02-20 17:45 - 00499200 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-03-09 15:52 - 2016-02-20 17:45 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-03-09 15:52 - 2016-02-11 16:21 - 00869576 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr120_clr0400.dll
2016-03-09 15:52 - 2016-02-11 16:21 - 00678600 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp120_clr0400.dll
2016-03-09 15:52 - 2016-02-11 16:20 - 00875720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr120_clr0400.dll
2016-03-09 15:52 - 2016-02-11 16:20 - 00536776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp120_clr0400.dll
2016-03-09 15:52 - 2016-02-08 23:05 - 20352512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-03-09 15:52 - 2016-02-08 22:39 - 00496640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2016-03-09 15:52 - 2016-02-08 22:34 - 02280448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-03-09 15:52 - 2016-02-08 22:29 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hlink.dll
2016-03-09 15:52 - 2016-02-08 22:28 - 00663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2016-03-09 15:52 - 2016-02-08 22:10 - 04611072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-03-09 15:52 - 2016-02-08 22:07 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2016-03-09 15:52 - 2016-02-08 22:05 - 25816576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-03-09 15:52 - 2016-02-08 22:03 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2016-03-09 15:52 - 2016-02-08 22:02 - 13012480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-03-09 15:52 - 2016-02-08 22:02 - 00687104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2016-03-09 15:52 - 2016-02-08 22:01 - 02050560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2016-03-09 15:52 - 2016-02-08 21:43 - 02121216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-03-09 15:52 - 2016-02-08 21:39 - 01311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-03-09 15:52 - 2016-02-08 21:38 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2016-03-09 15:52 - 2016-02-08 20:27 - 02887680 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-03-09 15:52 - 2016-02-08 20:26 - 00571904 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2016-03-09 15:52 - 2016-02-08 20:16 - 06052352 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-03-09 15:52 - 2016-02-08 20:14 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\hlink.dll
2016-03-09 15:52 - 2016-02-08 20:13 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2016-03-09 15:52 - 2016-02-08 19:51 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2016-03-09 15:52 - 2016-02-08 19:42 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2016-03-09 15:52 - 2016-02-08 19:37 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2016-03-09 15:52 - 2016-02-08 19:34 - 00798720 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-03-09 15:52 - 2016-02-08 19:33 - 14613504 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-03-09 15:52 - 2016-02-08 19:33 - 02123264 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2016-03-09 15:52 - 2016-02-08 19:19 - 02597376 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-03-09 15:52 - 2016-02-08 19:15 - 02880000 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2016-03-09 15:52 - 2016-02-08 19:07 - 01546752 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-03-09 15:52 - 2016-02-08 18:55 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2016-03-09 15:52 - 2016-02-06 18:58 - 00987648 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2016-03-09 15:52 - 2016-02-06 18:32 - 00801792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2016-03-09 15:52 - 2016-02-05 21:06 - 00046768 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2016-03-09 15:52 - 2016-02-05 16:59 - 07784960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-03-09 15:52 - 2016-02-05 16:55 - 05264384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2016-03-09 15:52 - 2016-02-05 16:48 - 07075840 _____ (Microsoft Corporation) C:\WINDOWS\system32\glcndFilter.dll
2016-03-09 15:52 - 2016-02-05 16:47 - 05268480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\glcndFilter.dll
2016-03-09 15:52 - 2016-02-03 22:37 - 01661576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-03-09 15:52 - 2016-02-03 22:36 - 01212248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2016-03-09 15:52 - 2016-02-03 17:09 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2016-03-09 15:52 - 2016-02-03 17:00 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\asycfilt.dll
2016-03-09 15:52 - 2016-02-03 17:00 - 00077824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\asycfilt.dll
2016-03-09 15:52 - 2016-01-24 20:19 - 00419160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2016-03-09 15:52 - 2016-01-24 20:19 - 00378712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2016-03-09 15:52 - 2016-01-24 20:19 - 00331608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Classpnp.sys
2016-03-09 15:52 - 2016-01-24 13:57 - 01335296 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll
2016-03-09 15:52 - 2016-01-24 13:45 - 01063424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll
2016-03-09 15:52 - 2016-01-09 03:49 - 00218448 _____ (Microsoft Corporation) C:\WINDOWS\system32\rsaenh.dll
2016-03-09 15:52 - 2016-01-09 03:49 - 00192120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rsaenh.dll
2016-03-09 15:52 - 2016-01-09 03:38 - 00091992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbehci.sys
2016-03-09 15:52 - 2016-01-07 01:46 - 00148752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscapi.dll
2016-03-09 15:52 - 2016-01-07 01:45 - 00177712 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscapi.dll
2016-03-09 15:52 - 2016-01-06 20:25 - 00416768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2016-03-09 15:52 - 2016-01-06 18:47 - 00146944 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll
2016-03-09 15:52 - 2015-12-30 23:53 - 02017624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2016-03-09 15:51 - 2016-02-12 21:14 - 00136904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2016-03-09 15:51 - 2016-02-12 17:14 - 03708416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-03-09 15:51 - 2016-02-12 16:55 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2016-03-09 15:51 - 2016-02-12 16:54 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2016-03-09 15:51 - 2016-02-12 16:54 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2016-03-09 15:51 - 2016-02-12 16:54 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2016-03-09 15:51 - 2016-02-12 16:51 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2016-03-09 15:51 - 2016-02-12 16:51 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2016-03-09 15:51 - 2016-02-12 16:51 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2016-03-09 15:51 - 2016-02-12 16:48 - 02244096 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2016-03-09 15:51 - 2016-02-12 16:47 - 00897024 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2016-03-09 15:51 - 2016-02-12 16:46 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2016-03-09 15:51 - 2016-02-06 20:08 - 00031744 _____ (Microsoft Corporation) C:\WINDOWS\system32\seclogon.dll
2016-03-09 15:51 - 2016-02-05 21:07 - 00292696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMASF.DLL
2016-03-09 15:51 - 2016-02-05 21:07 - 00243032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMASF.DLL
2016-03-09 15:51 - 2016-02-05 17:03 - 15432704 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2016-03-09 15:51 - 2016-02-05 17:00 - 13318144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2016-03-09 15:51 - 2016-02-04 20:18 - 04174336 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2016-03-09 15:51 - 2016-02-04 20:18 - 00358912 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2016-03-09 15:51 - 2016-02-04 20:12 - 00044032 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2016-03-09 15:51 - 2016-02-04 19:44 - 00301568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2016-03-09 15:51 - 2016-02-04 19:39 - 00035840 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2016-03-09 15:51 - 2016-02-04 19:24 - 00603648 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
2016-03-09 15:51 - 2016-02-04 19:02 - 00483328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
2016-03-09 15:51 - 2016-01-31 21:16 - 00148832 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBSTOR.SYS
2016-03-09 15:51 - 2016-01-15 18:56 - 02487296 _____ (Microsoft Corporation) C:\WINDOWS\system32\storagewmi.dll
2016-03-09 15:51 - 2016-01-15 18:45 - 01482240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\storagewmi.dll
2016-03-09 15:51 - 2016-01-10 18:41 - 01707008 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll
2016-03-09 15:51 - 2016-01-10 18:31 - 01344512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comsvcs.dll
2016-03-09 15:51 - 2016-01-05 17:00 - 00570880 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2016-03-09 15:51 - 2015-12-30 22:49 - 00470360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2016-03-09 15:51 - 2015-12-20 16:57 - 00839168 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2016-03-09 15:51 - 2015-12-20 16:56 - 00616960 _____ (Microsoft Corporation) C:\WINDOWS\system32\msra.exe
2016-03-09 15:51 - 2015-12-20 16:43 - 00696320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
2016-03-09 15:51 - 2015-11-19 16:33 - 00994760 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2016-03-09 15:51 - 2015-11-19 16:26 - 00922432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-04-08 13:28 - 2014-04-09 20:03 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2461873215-4186745203-1289361242-1001
2016-04-08 13:23 - 2015-08-01 21:38 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-04-08 13:22 - 2014-11-19 23:49 - 00000000 ___RD C:\Users\optik\OneDrive
2016-04-08 13:22 - 2013-08-22 16:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-04-08 13:21 - 2014-10-27 15:21 - 00000000 ____D C:\ProgramData\NVIDIA
2016-04-08 13:21 - 2013-08-22 15:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2016-04-08 13:16 - 2014-04-22 19:01 - 00000000 ____D C:\Users\optik\Downloads\Ant Videos
2016-04-08 12:58 - 2015-08-01 21:38 - 00001120 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2016-04-08 12:58 - 2015-08-01 21:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2016-04-08 12:58 - 2015-08-01 21:38 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2016-04-08 12:54 - 2014-06-12 13:29 - 00004182 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update
2016-04-08 12:54 - 2013-08-22 15:36 - 00000000 ____D C:\WINDOWS\Inf
2016-04-08 12:50 - 2016-03-05 13:56 - 00000000 ____D C:\Users\optik\AppData\Local\CrashDumps
2016-04-08 12:49 - 2015-11-25 17:44 - 00000000 ____D C:\Program Files (x86)\Lavasoft
2016-04-08 12:44 - 2014-11-04 22:52 - 00003918 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{09DED0F7-12EB-4DA8-8F2B-74E93CB86259}
2016-04-07 21:53 - 2014-04-09 21:25 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-04-07 20:53 - 2014-04-09 21:25 - 00003772 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2016-04-07 16:09 - 2012-11-26 19:04 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-04-07 16:06 - 2015-11-27 16:35 - 00000000 ____D C:\JDownloader v2.0
2016-04-07 15:52 - 2014-04-09 21:03 - 00000000 ____D C:\ProgramData\Origin
2016-04-07 14:57 - 2015-06-18 15:32 - 00000000 ____D C:\Users\optik\.gimp-2.8
2016-04-07 09:37 - 2015-02-20 23:35 - 00000000 ____D C:\Users\optik\Desktop\Neuer Ordner (2)
2016-04-06 16:09 - 2014-10-27 15:47 - 00001614 _____ C:\Users\optik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-04-06 16:09 - 2014-04-09 21:13 - 00001282 _____ C:\Users\optik\Desktop\Mozilla Firefox.lnk
2016-04-06 16:09 - 2014-04-09 20:25 - 00001323 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-04-04 15:10 - 2014-09-24 08:17 - 01980934 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-04-04 15:10 - 2014-09-24 07:43 - 00841326 _____ C:\WINDOWS\system32\perfh007.dat
2016-04-04 15:10 - 2014-09-24 07:43 - 00191558 _____ C:\WINDOWS\system32\perfc007.dat
2016-04-03 21:51 - 2013-08-22 16:44 - 00351464 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-03-29 21:14 - 2014-04-09 21:03 - 00000000 ____D C:\Program Files (x86)\Origin
2016-03-29 18:55 - 2015-12-19 13:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ubisoft
2016-03-29 18:55 - 2015-12-19 13:39 - 00000000 ____D C:\Program Files (x86)\Ubisoft
2016-03-28 22:17 - 2016-01-10 01:37 - 00000000 ____D C:\Users\optik\AppData\Local\Midway
2016-03-28 22:17 - 2016-01-10 01:29 - 00000000 ____D C:\Program Files (x86)\R.G. Mechanics
2016-03-28 22:14 - 2014-04-09 20:47 - 00000000 ____D C:\Program Files (x86)\Steam
2016-03-28 21:54 - 2015-11-25 20:43 - 00011973 _____ (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) C:\WINDOWS\SysWOW64\Drivers\SECDRV.SYS
2016-03-28 13:36 - 2015-12-21 16:09 - 00097856 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2016-03-28 13:36 - 2015-12-21 16:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-03-28 13:36 - 2015-12-21 16:08 - 00000000 ____D C:\Program Files (x86)\Java
2016-03-28 13:36 - 2015-11-27 15:20 - 00000000 ____D C:\Users\optik\.oracle_jre_usage
2016-03-28 13:36 - 2014-04-15 12:20 - 00000000 ____D C:\ProgramData\Oracle
2016-03-26 15:56 - 2015-11-27 22:22 - 00000000 ____D C:\Users\Public\Documents\Monolith Productions
2016-03-26 15:53 - 2015-12-30 13:41 - 00000000 ____D C:\Program Files (x86)\SEGA
2016-03-26 15:53 - 2015-12-04 15:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SEGA
2016-03-25 17:16 - 2014-04-12 12:48 - 00000000 ____D C:\Users\optik\Documents\EA Games
2016-03-25 16:39 - 2014-04-09 21:16 - 00000000 ____D C:\Program Files (x86)\Origin Games
2016-03-24 21:38 - 2012-07-26 09:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-03-24 21:37 - 2015-04-04 18:55 - 00000000 ___SD C:\WINDOWS\SysWOW64\GWX
2016-03-24 21:37 - 2015-04-04 18:55 - 00000000 ___SD C:\WINDOWS\system32\GWX
2016-03-23 22:40 - 2014-06-12 13:29 - 00000000 ____D C:\Program Files\AVAST Software
2016-03-23 22:40 - 2014-06-12 13:28 - 00000000 ____D C:\ProgramData\AVAST Software
2016-03-20 16:12 - 2015-03-27 14:22 - 01426411 ____N C:\Users\optik\AppData\Local\Tempmusic.ogg
2016-03-13 14:22 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\rescache
2016-03-11 16:31 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-03-10 14:09 - 2015-08-01 21:38 - 00065408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-03-10 14:08 - 2015-08-01 21:38 - 00140672 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-03-10 14:08 - 2015-08-01 21:38 - 00027008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-03-09 23:12 - 2014-12-13 22:55 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-03-09 23:11 - 2014-04-10 12:06 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-03-09 23:06 - 2014-04-10 12:06 - 143659408 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-03-09 19:43 - 2014-06-12 13:29 - 01070904 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys
2016-03-09 19:43 - 2014-06-12 13:29 - 00107792 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswmonflt.sys
2016-03-09 15:53 - 2013-08-22 17:36 - 00000000 ___HD C:\Program Files\WindowsApps
2016-03-09 15:50 - 2015-12-09 16:46 - 00718336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2016-03-09 15:50 - 2015-12-09 16:46 - 00372224 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2012-03-11 02:46 - 2012-03-11 02:46 - 0101888 _____ (W. Rolke) C:\Program Files (x86)\GpuTmp64.exe
2010-11-11 16:34 - 2014-12-10 16:29 - 0201728 _____ (Freebyte.com) C:\Program Files (x86)\hjsplit.exe
2007-04-27 11:06 - 2014-10-27 01:23 - 0148416 _____ (Macrovision Corporation) C:\Program Files (x86)\_setup.dll
2015-05-17 18:39 - 2015-05-17 18:39 - 0000122 _____ () C:\Users\optik\AppData\Roaming\profiles.ini
2015-11-25 20:00 - 2015-11-25 20:00 - 0000026 _____ () C:\Users\optik\AppData\Local\isoworkshop.ini
2016-04-07 14:48 - 2016-04-07 14:48 - 0000860 _____ () C:\Users\optik\AppData\Local\recently-used.xbel
2015-03-27 14:22 - 2016-03-20 16:12 - 1426411 ____N () C:\Users\optik\AppData\Local\Tempmusic.ogg
2014-04-09 19:57 - 2014-04-09 19:57 - 0000141 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc

Dateien, die verschoben oder gelöscht werden sollten:
====================
C:\Users\optik\nolf.reg
C:\Users\optik\nolfcmds.bat


Einige Dateien in TEMP:
====================
C:\Users\optik\AppData\Local\Temp\6d3f-870c-885d-906d.exe
C:\Users\optik\AppData\Local\Temp\a5b2-37c7-c907-05d7.exe
C:\Users\optik\AppData\Local\Temp\CojLauncher.exe
C:\Users\optik\AppData\Local\Temp\cres.dll
C:\Users\optik\AppData\Local\Temp\cshell.dll
C:\Users\optik\AppData\Local\Temp\drm_dialogs.dll
C:\Users\optik\AppData\Local\Temp\drm_dyndata_7320012.dll
C:\Users\optik\AppData\Local\Temp\e59f-0f81-b215-2a27.exe
C:\Users\optik\AppData\Local\Temp\jre-8u71-windows-au.exe
C:\Users\optik\AppData\Local\Temp\jre-8u73-windows-au.exe
C:\Users\optik\AppData\Local\Temp\jre-8u77-windows-au.exe
C:\Users\optik\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\optik\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\optik\AppData\Local\Temp\nvStInst.exe
C:\Users\optik\AppData\Local\Temp\proxy_vole1290298896546737358.dll
C:\Users\optik\AppData\Local\Temp\proxy_vole5041813566816123935.dll
C:\Users\optik\AppData\Local\Temp\proxy_vole794316270744441105.dll


==================== Bamital & volsnap =================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert


LastRegBack: 2016-04-04 16:43

==================== Ende von FRST.txt ============================

Code:

ATTFilter

Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
durchgeführt von optik (2016-04-08 13:34:44)
Gestartet von C:\Users\optik\Desktop
Windows 8.1 (X64) (2014-10-27 13:45:24)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-2461873215-4186745203-1289361242-500 - Administrator - Disabled)
Gast (S-1-5-21-2461873215-4186745203-1289361242-501 - Limited - Disabled)
optik (S-1-5-21-2461873215-4186745203-1289361242-1001 - Administrator - Enabled) => C:\Users\optik
UpdatusUser (S-1-5-21-2461873215-4186745203-1289361242-1002 - Limited - Enabled)

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

7-Zip 15.12 (x64 edition) (HKLM\...\{23170F69-40C1-2702-1512-000001000000}) (Version: 15.12.00.0 - Igor Pavlov)
8GadgetPack (HKLM-x32\...\{180B50DF-B2C8-43A1-AB97-2101AA62DDD3}) (Version: 12.0.0 - Helmut Buhler)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.213 - Adobe Systems Incorporated)
Adobe Reader 6.0.1 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A00000000001}) (Version: 006.000.001 - Adobe Systems Incorporated)
Alice-Installationsdateien entfernen (HKLM-x32\...\Alice) (Version:  - )
Among the Sleep Demo (HKLM-x32\...\Steam App 285540) (Version:  - Krillbite Studio)
Apple Application Support (32-Bit) (HKLM-x32\...\{649A1FD9-5892-46AD-8DF0-C4A43FF61CB7}) (Version: 4.1 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{0DE0A178-AC7B-4650-806C-CF226DE03766}) (Version: 4.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 11.1.2253 - AVAST Software)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Bully: Scholarship Edition (HKLM-x32\...\Steam App 12200) (Version:  - Rockstar New England)
calibre (HKLM-x32\...\{B4B62C79-A41D-47C6-B689-0416BEA6678F}) (Version: 2.35.0 - Kovid Goyal)
Condemned - Criminal Origins (HKLM-x32\...\{BB47D7EA-7EF1-475C-9C14-AF5B8FCA45E2}) (Version: 1.00.0000 - Monolith Productions)
Connected Music powered by Universal Music Group version 1.0 (HKLM-x32\...\{46037DC7-F927-46DF-935F-D6F122BDD34B}_is1) (Version: 1.0 - Snowite)
Cry of Fear (HKLM-x32\...\Steam App 223710) (Version:  - Team Psykskallar)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1.5510 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.1.1916 - CyberLink Corp.)
CyberLink PhotoDirector (HKLM-x32\...\InstallShield_{4862344A-A39C-4897-ACD4-A1BED5163C5A}) (Version: 2.0.1.3109 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.1.1902 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.1.1925 - CyberLink Corp.)
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.1.4319 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dead Space (HKLM-x32\...\{025A585C-0C66-413D-80D2-4C05CB699771}) (Version: 1.0.0.222 - Electronic Arts)
Devil May Cry 3 Special Edition (HKLM-x32\...\{D4A8FCAB-9D30-4509-A3F1-D0B7E1BE9F00}) (Version: 1.00.000 - CAPCOM)
Dual-Core Optimizer (HKLM-x32\...\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}) (Version: 1.1.4.0169 - AMD)
EA SPORTS™ FIFA 15 Demo (HKLM-x32\...\{108C0C19-6316-4944-A62F-C744488F8639}) (Version: 1.0.0.0 - Electronic Arts)
FEAR (HKLM-x32\...\{2B653229-9854-4989-B780-D978F5F13EAB}) (Version: 1.00.0000 - Vivendi Universal Games, Inc.)
FIFA 13 Demo (HKLM-x32\...\{3F499657-766A-4A5F-AEE9-A1F8D295A4CE}) (Version: 1.0.0.0 - Electronic Arts)
FIFA 14 Demo (HKLM-x32\...\{7A6577E7-F341-430F-9173-91E14E2DE270}) (Version: 1.0.0.0 - Electronic Arts)
FIFA 16 DEMO (HKLM-x32\...\{D09AD1AE-6AAC-45EB-B9F6-C1F223DD8481}) (Version: 1.0.0.0 - Electronic Arts)
Free MP4 Video Converter version 5.0.37.327 (HKLM-x32\...\Free MP4 Video Converter_is1) (Version: 5.0.37.327 - DVDVideoSoft Ltd.)
Freemake Video Converter Version 4.1.4 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.4 - Ellora Assets Corporation)
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
GOM Player (HKLM-x32\...\GOM Player) (Version: 2.2.74.5237 - Gretech Corporation)
GpuTemp (HKLM\...\{0FFA85AB-D704-48A6-A009-25A0559152C3}) (Version: 2.1 - WR-Tools)
Grand Theft Auto IV (HKLM-x32\...\Steam App 12210) (Version:  - Rockstar North)
Grand Theft Auto: San Andreas (HKLM-x32\...\Steam App 12120) (Version:  - Rockstar Games)
GTAIII (HKLM-x32\...\{92B94569-6683-4617-8C54-EB27A1B51B30}) (Version:  - )
Hewlett-Packard ACLM.NET v1.2.0.0 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: v1.0 - Meridian Audio Ltd)
HP Connected Music (Meridian - player) (HKU\S-1-5-21-2461873215-4186745203-1289361242-1001\...\HPConnectedMusic) (Version: 1.1 (build 128) hp - Meridian Audio Ltd)
HP Connected Remote (HKLM-x32\...\{F243A34B-AB7F-4065-B770-B85B767C247C}) (Version: 1.0.1206 - Hewlett-Packard)
HP Registration Service (HKLM\...\{E4D6CCF2-0AAF-4B9C-9DE5-893EDC9B4BAA}) (Version: 1.0.5976.4186 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{FF27F674-821E-4BA2-985B-DDF539C2CD03}) (Version: 7.0.33.6 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 12.00.0000 - Hewlett-Packard)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6418.0 - IDT)
Instagiffer version 1.60 (HKLM-x32\...\{13DEF8F8-5280-4555-95A4-E815C3F9540F}_is1) (Version: 1.60 - Justin Todd)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.40 - Irfan Skiljan)
iTunes (HKLM\...\{E690A491-702F-4DEC-9977-C015D1DBB57C}) (Version: 12.3.1.23 - Apple Inc.)
Java 8 Update 77 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218077F0}) (Version: 8.0.770.3 - Oracle Corporation)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
K-Lite Codec Pack 10.4.0 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.4.0 - )
Malwarebytes Anti-Malware Version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Medal of Honor: Pacific Assault™ (HKLM-x32\...\{56CFA833-F44F-4199-8C58-7F8B38F2BC7B}) (Version: 1.2.1.280 - Electronic Arts)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{42AA4CA8-DCD8-4308-BCAB-0B6D75856A9D}) (Version: 3.5.95.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{67F42018-F647-4D3C-BE62-F8CB4FE2FCD5}) (Version: 3.5.67.0 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mozilla Firefox 38.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 38.0.1 (x86 de)) (Version: 38.0.1 - Mozilla)
Mozilla Firefox 43.0.4 (x86 de) (HKLM-x32\...\Mozilla Firefox 43.0.4 (x86 de)) (Version: 43.0.4 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 39.0 - Mozilla)
Need for Speed™ Most Wanted (HKLM-x32\...\{FB0127F3-985B-44CE-AE29-378CAF60B361}) (Version: 1.5.0.0 - Electronic Arts)
NVIDIA 3D Vision Controller-Treiber 352.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 352.65 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 362.00 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 362.00 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.10.2.40 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.10.2.40 - NVIDIA Corporation)
NVIDIA Grafiktreiber 362.00 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 362.00 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.34.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.4 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Origin (HKLM-x32\...\Origin) (Version: 9.4.6.2792 - Electronic Arts, Inc.)
PCSX2 - Playstation 2 Emulator (HKLM-x32\...\pcsx2-r4600) (Version:  - )
PCSX2 - Playstation 2 Emulator (HKLM-x32\...\pcsx2-r5350) (Version:  - )
PowerISO (HKLM-x32\...\PowerISO) (Version: 6.4 - Power Software Ltd)
Project64 1.6 (HKLM-x32\...\{9559F7CA-5E34-4237-A2D9-D856464AD727}) (Version: 1.6.1 - Project64)
QuickPar 0.9 (HKLM-x32\...\QuickPar) (Version: 0.9 - Peter B. Clements)
Rapture3D 2.3.22 Game (HKLM-x32\...\{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1) (Version:  - Blue Ripple Sound)
Recovery Manager (x32 Version: 5.5.0.5530 - CyberLink Corp.) Hidden
SafeZone Stable 1.48.2066.44 (x32 Version: 1.48.2066.44 - Avast Software) Hidden
SHIELD Streaming (Version: 5.1.0270 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.10.2.40 - NVIDIA Corporation) Hidden
Starsky & Hutch (HKLM-x32\...\Starsky & Hutch) (Version:  - Empire Interactive)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
Terrordrome_Final (HKLM-x32\...\{1EE65D14-6927-405F-A640-43ECBC9AB85C}) (Version: 2.9.5 - HuracanStudio)
Terrordrome_Final V2.9.5 (HKLM-x32\...\Terrordrome_Final V2.9.5) (Version: V2.9.5 - HuracanStudio)
The Darkness II (HKLM-x32\...\Steam App 67370) (Version:  - Digital Extremes)
THE HOUSE OF THE DEAD 3 (HKLM-x32\...\{B418F434-15CD-4B68-A022-CFE0DB92A6F9}) (Version: 1.00.000 - SEGA)
The Simpsons Hit & Run(TM) (HKLM-x32\...\{F79AAB3A-B8B4-4AC7-94AB-1C4C076C6A89}) (Version: 1.00.000 - )
Unity Web Player (HKU\S-1-5-21-2461873215-4186745203-1289361242-1001\...\UnityWebPlayer) (Version: 4.5.4f1 - Unity Technologies ApS)
Uplay (HKLM-x32\...\Uplay) (Version: 3.0 - Ubisoft)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

CustomCLSID: HKU\S-1-5-21-2461873215-4186745203-1289361242-1001_Classes\CLSID\{0B7AD8D3-094A-44DE-A348-83C6C3FA347C}\InprocServer32 -> C:\Users\optik\AppData\Local\Microsoft\Windows Sidebar\Gadgets\Clipboarder.gadget\Release\Clipboarder64.dll (Helmut Buhler)
CustomCLSID: HKU\S-1-5-21-2461873215-4186745203-1289361242-1001_Classes\CLSID\{0E7BE950-4ACC-47CB-834B-41A8B96BBFF9}\InprocServer32 -> C:\Users\optik\AppData\Local\Microsoft\Windows Sidebar\Gadgets\Sidebar7.gadget\Release\Sidebar7.64.dll (Helmut Buhler)

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {11101A89-1E47-4D88-B319-328F5B1A0EEF} - System32\Tasks\{3230BA38-CCC2-4A93-9FD2-92B9670F4E22} => pcalua.exe -a "M:\program files\Ubi Soft\Rayman3\Rayman3.exe" -d "M:\program files\Ubi Soft\Rayman3"
Task: {14622FD5-343E-43E2-AA67-CAA028E8E313} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-04-07] (Adobe Systems Incorporated)
Task: {26F2EE89-E087-47CE-A9AC-3023522ED98B} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-27] (Apple Inc.)
Task: {360FFC44-3B45-4D93-B6F3-069214AC3615} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-03-05] (AVAST Software)
Task: {5F798CC9-464A-4C9A-AE0E-D1DDBF1E34E0} - System32\Tasks\SafeZone scheduled Autoupdate 1458765619 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-02-01] (Avast Software)
Task: {6A99E002-2095-4572-8F7D-0E9D1C8581A8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-08-15] (Hewlett-Packard Company)
Task: {7000C388-1262-45F4-BF21-DDD9ADEDD3AD} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-03-09] (Microsoft Corporation)
Task: {73D44319-609F-4B3D-9B59-4B0F827AE841} - System32\Tasks\{270AD66E-5129-497E-BF0E-0E54870BE3AC} => pcalua.exe -a I:\Launch.exe -d I:\
Task: {8435C395-5D8F-49F4-A3F4-4BC9A83B33E3} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2012-08-07] (Hewlett-Packard Company)
Task: {992F4E7E-40ED-4F55-8304-65739920FCAF} - System32\Tasks\{B2A04B98-690D-4969-A68A-9A333E4D9779} => pcalua.exe -a M:\FileRgn.exe -d M:\
Task: {9C207940-0D1F-40E8-AE96-65490CA4E91C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-08-15] (Hewlett-Packard Company)
Task: {B61EF85C-8A42-40B7-B42D-011B9004FF18} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-02-07] (AVAST Software)
Task: {E15AC269-07EE-4C45-A79C-6A5F98F7860D} - System32\Tasks\{98ED1F75-53E1-4B7D-BE55-5479F6B65597} => pcalua.exe -a G:\DirectX\DX80en.exe -d G:\DirectX
Task: {F29078D9-C8A1-4E6C-8747-40828071D39D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-08-15] (Hewlett-Packard Company)
Task: {FF647FFB-7AE5-42EB-A2EC-2DD5A917A951} - System32\Tasks\{A1484182-16D1-4CEB-ADA0-E15D9B3BA8A6} => pcalua.exe -a "M:\program files\Ubi Soft\Rayman3\DirectX\dxsetup.exe" -d "M:\program files\Ubi Soft\Rayman3\DirectX"

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Verknüpfungen =============================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)

Shortcut: C:\Users\optik\Desktop\Terrordrome\Terrordrome Online.lnk -> C:\Program Files (x86)\HuracanStudio\Terrordrome_Final\launcher.bat ()
Shortcut: C:\Users\optik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MaxBatch.lnk -> C:\Program Files (x86)\Max Payne\MaxBatch.bat (Keine Datei)

ShortcutWithArgument: C:\Users\optik\Desktop\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://searchomepage.com/?uuid=57051a76188b6&ctoken=us3r9bhcv0nhdccy7cfr
ShortcutWithArgument: C:\Users\optik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://searchomepage.com/?uuid=57051a76188b6&ctoken=us3r9bhcv0nhdccy7cfr
ShortcutWithArgument: C:\Users\optik\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://searchomepage.com/?uuid=57051a76188b6&ctoken=us3r9bhcv0nhdccy7cfr
ShortcutWithArgument: C:\Users\optik\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://searchomepage.com/?uuid=57051a76188b6&ctoken=us3r9bhcv0nhdccy7cfr
ShortcutWithArgument: C:\Users\optik\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://searchomepage.com/?uuid=57051a76188b6&ctoken=us3r9bhcv0nhdccy7cfr
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk -> C:\Program Files\AVAST Software\SZBrowser\launcher.exe (Avast Software) -> hxxp://searchomepage.com/?uuid=57051a76188b6&ctoken=us3r9bhcv0nhdccy7cfr
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://searchomepage.com/?uuid=57051a76188b6&ctoken=us3r9bhcv0nhdccy7cfr

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2015-10-13 06:45 - 2015-10-13 06:45 - 00085800 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-10-13 06:45 - 2015-10-13 06:45 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-03-02 23:07 - 2016-02-17 08:56 - 01416064 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\MessageBus.dll
2016-03-02 22:26 - 2016-02-17 08:56 - 00299392 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll
2016-03-02 23:07 - 2016-02-17 08:56 - 03613056 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Poco.dll
2012-08-29 12:02 - 2012-08-29 12:02 - 00120224 _____ () c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPItunesModule.dll
2012-08-29 12:02 - 2012-08-29 12:02 - 00048544 _____ () c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPItunesProxy.dll
2012-08-29 12:02 - 2012-08-29 12:02 - 00180224 _____ () c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\zxing.dll
2014-10-27 16:11 - 2014-10-27 16:11 - 00120224 _____ () C:\Users\optik\AppData\Local\assembly\dl3\4K796MHC.KKM\9BQW35LW.Q7P\98a9c14b\0017145d_cd85cd01\HPItunesModule.DLL
2016-02-07 23:05 - 2016-02-07 23:05 - 00113496 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2016-02-07 23:05 - 2016-02-07 23:05 - 00133768 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-04-08 12:54 - 2016-04-08 12:54 - 02875392 _____ () C:\Program Files\AVAST Software\Avast\defs\16040800\algo.dll
2016-02-07 23:05 - 2016-02-07 23:05 - 00480760 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2015-12-04 16:13 - 2015-12-04 16:13 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2012-11-26 19:05 - 2012-07-18 10:50 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)


==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)


==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)

IE trusted site: HKU\S-1-5-21-2461873215-4186745203-1289361242-1001\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-2461873215-4186745203-1289361242-1001\...\webcompanion.com -> hxxp://webcompanion.com

==================== Hosts Inhalt: ===============================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts


==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-2461873215-4186745203-1289361242-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\optik\AppData\Roaming\Mozilla\Firefox\Desktop-Hintergrund.bmp
DNS Servers: 62.109.121.1 - 62.109.121.2
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)


==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [UDP Query User{1290F6E6-8A57-4451-BCC6-24FFC78A06AA}C:\users\optik\desktop\pyload-v0.4.9-win\pyload\dist\pyloadcore.exe] => (Block) C:\users\optik\desktop\pyload-v0.4.9-win\pyload\dist\pyloadcore.exe
FirewallRules: [TCP Query User{EA2FE541-DC25-4B04-A2EE-18A47391A251}C:\users\optik\desktop\pyload-v0.4.9-win\pyload\dist\pyloadcore.exe] => (Block) C:\users\optik\desktop\pyload-v0.4.9-win\pyload\dist\pyloadcore.exe
FirewallRules: [UDP Query User{DCC6B67A-69E0-447A-AF40-059D9DC9F1DB}C:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe
FirewallRules: [TCP Query User{4AA3DA39-96E4-47D0-ACC5-CCB39770F83C}C:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe
FirewallRules: [UDP Query User{22C48B7E-FC1D-4CBD-8655-843BEF3FE8CE}C:\program files (x86)\origin games\fifa 15 demo\fifa15_demo.exe] => (Allow) C:\program files (x86)\origin games\fifa 15 demo\fifa15_demo.exe
FirewallRules: [TCP Query User{29D859C4-9CEC-4EF4-9C1C-445AA912950F}C:\program files (x86)\origin games\fifa 15 demo\fifa15_demo.exe] => (Allow) C:\program files (x86)\origin games\fifa 15 demo\fifa15_demo.exe
FirewallRules: [{E0C52C12-0B7D-4D13-8B4B-5D95F6D1D7AA}] => (Allow) C:\Program Files (x86)\Origin Games\FIFA 15 DEMO\fifasetup\fifaconfig.exe
FirewallRules: [{23C45605-B5E2-47BE-9749-9040E171EBBA}] => (Allow) C:\Program Files (x86)\Origin Games\FIFA 15 DEMO\fifasetup\fifaconfig.exe
FirewallRules: [{B00B1C5A-DDEB-4DEC-BB60-A04BF87F1B72}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{21686015-0057-491B-A66F-5E0553F736AC}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{17A17685-47A0-44A1-A380-7DAD7EF24B88}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Grand Theft Auto San Andreas\gta-sa.exe
FirewallRules: [{60A61EFA-3CD6-40A5-9884-D4D71E5352E6}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Grand Theft Auto San Andreas\gta-sa.exe
FirewallRules: [{5DBEEF1B-0E0E-4F73-8C82-ED9DFF228538}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Grand Theft Auto IV\GTAIV\LaunchGTAIV.exe
FirewallRules: [{A50DB810-DADB-406B-87FD-77C9EB03D6EF}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Grand Theft Auto IV\GTAIV\LaunchGTAIV.exe
FirewallRules: [{C551166D-F754-4F4F-93DA-E861C2316BAD}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Darkness II\DarknessII.exe
FirewallRules: [{04A8AD80-1190-4C5B-A31A-2976739D2A6E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Darkness II\DarknessII.exe
FirewallRules: [{50414D68-36B5-43AC-AFA9-5FDBACCE44FD}] => (Allow) C:\Program Files (x86)\Origin Games\FIFA 13 Demo\Game\fifa13_demo.exe
FirewallRules: [{513E52D3-344D-4D06-BB3B-F5FCB898E342}] => (Allow) C:\Program Files (x86)\Origin Games\FIFA 13 Demo\Game\fifa13_demo.exe
FirewallRules: [{F23E50E8-86F1-4BF6-BE53-FA6261FF969B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Bully Scholarship Edition\Bully.exe
FirewallRules: [{06190683-94A7-462C-BF33-D8DE9DC73EF4}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Bully Scholarship Edition\Bully.exe
FirewallRules: [{B8C67915-FB09-461D-8B0F-15100BFE3F89}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{6FB048A7-2D57-4DEC-BEF4-2DE7CE153CF3}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{19AC9963-0DC4-4BEB-89CC-6FB224855B5B}] => (Allow) LPort=1900
FirewallRules: [{983C26A4-90CE-410F-A263-AF7EABCB1DDF}] => (Allow) LPort=2869
FirewallRules: [{08BAF4BB-DCF6-40DB-9D02-087D68AFD9AD}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{7BD47BC4-620E-4102-BDFE-DAA8CC2A555C}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{E664925A-B83A-4530-AF72-7D1F0C0C86FD}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [TCP Query User{1E1D9492-6244-4E47-AD58-427636C1C737}C:\program files (x86)\connectify\connectify.exe] => (Allow) C:\program files (x86)\connectify\connectify.exe
FirewallRules: [UDP Query User{FB64C4F3-7FAF-4A54-BCF1-97B1449BA50C}C:\program files (x86)\connectify\connectify.exe] => (Allow) C:\program files (x86)\connectify\connectify.exe
FirewallRules: [TCP Query User{CF791C29-ABDE-49EE-8553-A641960F5725}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe
FirewallRules: [UDP Query User{B2D8C3C5-41BF-472E-895E-6325AF6172A9}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe
FirewallRules: [{4974F657-632B-4F17-8A30-71778DA2F2E0}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{6542C786-4B80-4CBA-A5D4-1EAFC15B26E1}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{FFE1247B-468B-4247-A102-7D40160DA777}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{4C739E9C-9BED-468A-A397-73B5B40D9067}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{0CFD6A1A-6EA0-4B8E-9F0C-D376CE31378F}] => (Allow) C:\Program Files (x86)\Origin Games\FIFA 14 Demo\Game\fifa14_demo.exe
FirewallRules: [{9A55A05A-E229-4A83-AF7C-D6FC783C3A08}] => (Allow) C:\Program Files (x86)\Origin Games\FIFA 14 Demo\Game\fifa14_demo.exe
FirewallRules: [{52C3CB11-4EFF-4109-B303-3AC95DDB4831}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Cry of Fear\CoFLaunchApp.exe
FirewallRules: [{B4863902-1E2A-4702-B24F-1A637AE58BAE}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Cry of Fear\CoFLaunchApp.exe
FirewallRules: [TCP Query User{B85DF138-37D2-442B-A5FF-6F8E2A479346}C:\program files (x86)\steam\steamapps\common\cry of fear\cof.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\cry of fear\cof.exe
FirewallRules: [UDP Query User{38A5CF0A-38C0-49EA-9E13-B65F17FF964F}C:\program files (x86)\steam\steamapps\common\cry of fear\cof.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\cry of fear\cof.exe
FirewallRules: [{91223428-1506-4680-B804-8DBBFA875CAF}] => (Allow) C:\Users\optik\Desktop\firefox.exe
FirewallRules: [{A9DDB4AB-32D0-45E3-9D90-47B29DC1F0A8}] => (Allow) C:\Users\optik\Desktop\firefox.exe
FirewallRules: [TCP Query User{36457055-BC5F-43FD-B562-2CF06564AC71}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Block) C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [UDP Query User{100CAA9B-2EAB-4E0B-938E-14F1DA41E817}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Block) C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [{F5BB8811-A98A-4CEF-87D5-B0250828F215}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Among the Sleep Demo\Among the Sleep Demo.exe
FirewallRules: [{003784FA-4A0A-4779-9248-A38655C9730C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Among the Sleep Demo\Among the Sleep Demo.exe
FirewallRules: [TCP Query User{8B186FAC-BB5F-4B2D-81FE-C1558F2FA1AF}C:\program files (x86)\origin games\fifa 16 demo\fifa16_demo.exe] => (Allow) C:\program files (x86)\origin games\fifa 16 demo\fifa16_demo.exe
FirewallRules: [UDP Query User{A64728E4-E298-4A2C-B945-EC29AB0B58D5}C:\program files (x86)\origin games\fifa 16 demo\fifa16_demo.exe] => (Allow) C:\program files (x86)\origin games\fifa 16 demo\fifa16_demo.exe
FirewallRules: [{46207933-00AB-463D-B4A7-B10D08837DD8}] => (Block) C:\program files (x86)\origin games\fifa 16 demo\fifa16_demo.exe
FirewallRules: [{F8736320-B6F0-4BF5-9E3C-C8F7E679CBA3}] => (Block) C:\program files (x86)\origin games\fifa 16 demo\fifa16_demo.exe
FirewallRules: [{8D5481CE-EE10-4747-B921-C368EBDD2777}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{B05BDEE0-7A75-4509-8911-FBECC2C24434}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{038E4D1C-17EA-446B-9C4B-C69237CA0609}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{AAEBDD80-B578-4BB0-81CE-AA545862C77C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{BC6D894A-AEDA-497A-96BD-BA15CDC22307}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{6F283914-F546-4431-8D37-3CE795AC9C90}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{F59184D2-18AF-4EE7-AD3E-5D5BB386132E}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [TCP Query User{7A7E3250-7CE2-4D0C-807C-D8A8A4A33C8D}C:\program files (x86)\java\jre1.8.0_66\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_66\bin\javaw.exe
FirewallRules: [UDP Query User{9B84C064-4647-49C0-90C6-B0CEDAC6CA6D}C:\program files (x86)\java\jre1.8.0_66\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_66\bin\javaw.exe
FirewallRules: [{8013752C-CAD4-4EFE-8FBD-F6B7721D9F22}] => (Block) C:\program files (x86)\java\jre1.8.0_66\bin\javaw.exe
FirewallRules: [{2064C4D6-D831-40BC-8F90-11B996E55A52}] => (Block) C:\program files (x86)\java\jre1.8.0_66\bin\javaw.exe
FirewallRules: [{C9CC3AD6-3E69-49DE-A937-3D2844D9596D}] => (Allow) C:\Program Files (x86)\Sierra\FEAR\FEAR.exe
FirewallRules: [{38FA607D-DDD1-460E-9986-7A9370261D48}] => (Allow) C:\Program Files (x86)\Sierra\FEAR\FEAR.exe
FirewallRules: [{6B2C2D10-9193-4B3C-BA95-7F942769A3B2}] => (Allow) C:\Program Files (x86)\Origin Games\FIFA 16 DEMO\fifasetup\fifaconfig.exe
FirewallRules: [{28FCCF12-A04E-4261-88B0-BEC1EF35CB1A}] => (Allow) C:\Program Files (x86)\Origin Games\FIFA 16 DEMO\fifasetup\fifaconfig.exe
FirewallRules: [{40E84F7A-0A97-47C1-B848-0D4150E8187A}] => (Allow) C:\Program Files (x86)\Origin Games\Dead Space\Dead Space.exe
FirewallRules: [{95B23D7F-EE20-44CD-BD4C-620AA592AA59}] => (Allow) C:\Program Files (x86)\Origin Games\Dead Space\Dead Space.exe
FirewallRules: [TCP Query User{17C7600B-65F7-43E5-B78B-7C1122BDC3F2}C:\program files (x86)\r.g. mechanics\stranglehold\binaries\retail-stranglehold.exe] => (Block) C:\program files (x86)\r.g. mechanics\stranglehold\binaries\retail-stranglehold.exe
FirewallRules: [UDP Query User{7775C65B-4FB4-45DF-82CE-4F5CB9A8D78E}C:\program files (x86)\r.g. mechanics\stranglehold\binaries\retail-stranglehold.exe] => (Block) C:\program files (x86)\r.g. mechanics\stranglehold\binaries\retail-stranglehold.exe
FirewallRules: [{0407102A-1BC4-4D91-BD98-5364288E55BC}] => (Allow) C:\Program Files (x86)\Origin Games\Need for Speed(TM) Most Wanted\NFS13.exe
FirewallRules: [{B47A9204-F8AD-4FC9-B1C8-B0A1C5BB974E}] => (Allow) C:\Program Files (x86)\Origin Games\Need for Speed(TM) Most Wanted\NFS13.exe
FirewallRules: [TCP Query User{AF13D986-5B2A-48C4-A589-52A151B48795}C:\users\optik\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\optik\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [UDP Query User{144A41F0-BEDE-43D3-B22D-7DA0FC76A1C2}C:\users\optik\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\optik\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [{368B9B7B-7E93-47F4-9100-6077A466208C}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{13DFC5D0-95B9-4D53-A0A3-A5EDBECFE04B}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{64932311-4BF2-43B9-BD25-0CB444FBB116}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{7A345391-194B-4F81-ACFB-86D529C35A56}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{350C7948-1B54-4F41-B6B4-B34912607CA6}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{A5C9B7B9-B48A-4624-B34A-9F50A479C9CB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{0517F2F9-7F3C-4751-99A4-90E0A67B4257}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{927DAF2A-CB4F-4EC7-8D54-164C277A942C}] => (Allow) C:\Program Files (x86)\Origin Games\Medal of Honor Pacific Assault\mohpa.exe
FirewallRules: [{16B88443-D214-4C3A-9641-F2DCD37CEFC8}] => (Allow) C:\Program Files (x86)\Origin Games\Medal of Honor Pacific Assault\mohpa.exe
FirewallRules: [{24E109B0-0F72-4B2C-9F5C-EC68E3A39CDB}] => (Allow) C:\Program Files (x86)\Origin Games\Medal of Honor Pacific Assault\mohpa_setup.exe
FirewallRules: [{EB293D36-F626-42F7-B431-FCEBA88D5F19}] => (Allow) C:\Program Files (x86)\Origin Games\Medal of Honor Pacific Assault\mohpa_setup.exe
FirewallRules: [TCP Query User{9BA5FE86-62C8-40E8-8FEB-4F87914E9474}C:\program files (x86)\ubisoft\splinter cell pandora tomorrow\pandora.exe] => (Allow) C:\program files (x86)\ubisoft\splinter cell pandora tomorrow\pandora.exe
FirewallRules: [UDP Query User{CE3F6B29-4085-4DFA-8573-8D6901EB4841}C:\program files (x86)\ubisoft\splinter cell pandora tomorrow\pandora.exe] => (Allow) C:\program files (x86)\ubisoft\splinter cell pandora tomorrow\pandora.exe
FirewallRules: [{B6B84738-EDAE-4482-B8F7-D1B437D8A541}] => (Block) C:\program files (x86)\ubisoft\splinter cell pandora tomorrow\pandora.exe
FirewallRules: [{958186E6-E93A-4551-BEE0-9AA147650025}] => (Block) C:\program files (x86)\ubisoft\splinter cell pandora tomorrow\pandora.exe
FirewallRules: [{8FC58791-B37F-4776-9230-664BEC7F3B0C}] => (Allow) LPort=53000
FirewallRules: [{2BA51381-3BF5-4DDF-8AE6-2986FCD62799}] => (Allow) LPort=52000

==================== Wiederherstellungspunkte =========================

17-03-2016 19:08:01 Geplanter Prüfpunkt
24-03-2016 21:36:32 Windows Update
25-03-2016 22:32:19 Installed Call of Juarez
28-03-2016 21:50:31 Installiert Splinter Cell Pandora Tomorrow
06-04-2016 16:11:43 Removed PCKeeper
08-04-2016 13:29:25 JRT Pre-Junkware Removal

==================== Fehlerhafte Geräte im Gerätemanager =============

Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (04/08/2016 12:49:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: AdwCleaner_5.109.exe, Version: 5.1.0.9, Zeitstempel: 0x5702c144
Name des fehlerhaften Moduls: AdwCleaner_5.109.exe, Version: 5.1.0.9, Zeitstempel: 0x5702c144
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00020fea
ID des fehlerhaften Prozesses: 0x12c8
Startzeit der fehlerhaften Anwendung: 0xAdwCleaner_5.109.exe0
Pfad der fehlerhaften Anwendung: AdwCleaner_5.109.exe1
Pfad des fehlerhaften Moduls: AdwCleaner_5.109.exe2
Berichtskennung: AdwCleaner_5.109.exe3
Vollständiger Name des fehlerhaften Pakets: AdwCleaner_5.109.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: AdwCleaner_5.109.exe5

Error: (04/07/2016 04:19:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: DMC3SE.exe, Version: 1.3.0.0, Zeitstempel: 0x45dd7346
Name des fehlerhaften Moduls: DMC3SE.exe, Version: 1.3.0.0, Zeitstempel: 0x45dd7346
Ausnahmecode: 0xc0000094
Fehleroffset: 0x00239894
ID des fehlerhaften Prozesses: 0xd38
Startzeit der fehlerhaften Anwendung: 0xDMC3SE.exe0
Pfad der fehlerhaften Anwendung: DMC3SE.exe1
Pfad des fehlerhaften Moduls: DMC3SE.exe2
Berichtskennung: DMC3SE.exe3
Vollständiger Name des fehlerhaften Pakets: DMC3SE.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: DMC3SE.exe5

Error: (04/07/2016 04:16:53 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm DMC3SE.exe, Version 1.3.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 18d0

Startzeit: 01d190d81da938af

Endzeit: 4294967295

Anwendungspfad: C:\Program Files (x86)\CAPCOM\Devil May Cry 3 Special Edition\DMC3SE.exe

Berichts-ID: 602c0247-fccb-11e5-bee9-b4b52fc7a0fe

Vollständiger Name des fehlerhaften Pakets: 

Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (04/07/2016 04:16:02 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm DMC3SE.exe, Version 1.3.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: a1c

Startzeit: 01d190d7d8a7f560

Endzeit: 4294967295

Anwendungspfad: C:\Program Files (x86)\CAPCOM\Devil May Cry 3 Special Edition\DMC3SE.exe

Berichts-ID: 417a2ae5-fccb-11e5-bee9-b4b52fc7a0fe

Vollständiger Name des fehlerhaften Pakets: 

Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (04/07/2016 04:14:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: dmc3se.exe, Version: 1.3.0.0, Zeitstempel: 0x45dd7346
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000
ID des fehlerhaften Prozesses: 0x5f0
Startzeit der fehlerhaften Anwendung: 0xdmc3se.exe0
Pfad der fehlerhaften Anwendung: dmc3se.exe1
Pfad des fehlerhaften Moduls: dmc3se.exe2
Berichtskennung: dmc3se.exe3
Vollständiger Name des fehlerhaften Pakets: dmc3se.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: dmc3se.exe5

Error: (04/07/2016 04:14:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: dmc3se.exe, Version: 1.3.0.0, Zeitstempel: 0x45dd7346
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000
ID des fehlerhaften Prozesses: 0x1594
Startzeit der fehlerhaften Anwendung: 0xdmc3se.exe0
Pfad der fehlerhaften Anwendung: dmc3se.exe1
Pfad des fehlerhaften Moduls: dmc3se.exe2
Berichtskennung: dmc3se.exe3
Vollständiger Name des fehlerhaften Pakets: dmc3se.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: dmc3se.exe5

Error: (04/03/2016 09:53:20 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15516

Error: (04/03/2016 09:53:20 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15516

Error: (04/03/2016 09:53:20 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/01/2016 04:33:15 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15562


Systemfehler:
=============
Error: (04/08/2016 01:29:59 PM) (Source: Schannel) (EventID: 4102) (User: NT-AUTORITÄT)
Description: Schwerwiegender Fehler beim Zugriff auf den privaten Schlüssel der Anmeldeinformationen Server für SSL. Der vom kryptografischen Modul zurückgegebene Fehlercode lautet 0x8009030d. Der interne Fehlerstatus ist 10001.

Error: (04/08/2016 01:29:53 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "NVIDIA Display Driver Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (04/08/2016 01:24:55 PM) (Source: Schannel) (EventID: 4102) (User: NT-AUTORITÄT)
Description: Schwerwiegender Fehler beim Zugriff auf den privaten Schlüssel der Anmeldeinformationen Server für SSL. Der vom kryptografischen Modul zurückgegebene Fehlercode lautet 0x8009030d. Der interne Fehlerstatus ist 10001.

Error: (04/08/2016 01:24:45 PM) (Source: Schannel) (EventID: 4102) (User: NT-AUTORITÄT)
Description: Schwerwiegender Fehler beim Zugriff auf den privaten Schlüssel der Anmeldeinformationen Server für SSL. Der vom kryptografischen Modul zurückgegebene Fehlercode lautet 0x8009030d. Der interne Fehlerstatus ist 10001.

Error: (04/08/2016 01:22:21 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "VBoxAsw Support Driver" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (04/08/2016 01:22:21 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \SystemRoot\SysWow64\drivers\tandpl.sys

Error: (04/08/2016 01:21:22 PM) (Source: Application Popup) (EventID: 875) (User: )
Description: sfsync02.sys

Error: (04/08/2016 01:20:51 PM) (Source: Schannel) (EventID: 4102) (User: NT-AUTORITÄT)
Description: Schwerwiegender Fehler beim Zugriff auf den privaten Schlüssel der Anmeldeinformationen Server für SSL. Der vom kryptografischen Modul zurückgegebene Fehlercode lautet 0x8009030d. Der interne Fehlerstatus ist 10001.

Error: (04/08/2016 12:56:22 PM) (Source: Schannel) (EventID: 4102) (User: NT-AUTORITÄT)
Description: Schwerwiegender Fehler beim Zugriff auf den privaten Schlüssel der Anmeldeinformationen Server für SSL. Der vom kryptografischen Modul zurückgegebene Fehlercode lautet 0x8009030d. Der interne Fehlerstatus ist 10001.

Error: (04/08/2016 12:56:19 PM) (Source: Schannel) (EventID: 4102) (User: NT-AUTORITÄT)
Description: Schwerwiegender Fehler beim Zugriff auf den privaten Schlüssel der Anmeldeinformationen Server für SSL. Der vom kryptografischen Modul zurückgegebene Fehlercode lautet 0x8009030d. Der interne Fehlerstatus ist 10001.


CodeIntegrity:
===================================
  Date: 2015-07-28 13:23:48.269
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-05-13 22:14:11.429
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-05-13 22:14:11.085
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-05-13 22:14:10.788
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-05-13 22:14:10.585
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-05-13 22:14:10.178
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-05-13 22:14:09.897
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-05-13 22:14:06.741
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-05-13 22:14:06.569
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-05-13 22:14:06.319
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Speicherinformationen =========================== 

Prozessor: Intel(R) Core(TM) i7-3770 CPU @ 3.40GHz
Prozentuale Nutzung des RAM: 27%
Installierter physikalischer RAM: 8147.35 MB
Verfügbarer physikalischer RAM: 5901.28 MB
Summe virtueller Speicher: 8547.35 MB
Verfügbarer virtueller Speicher: 6117.4 MB

==================== Laufwerke ================================

Drive c: (OS) (Fixed) (Total:1849.89 GB) (Free:1003.68 GB) NTFS ==>[System mit Startkomponenten (eingeholt von Laufwerk)]
Drive d: (Recovery Image) (Fixed) (Total:11.21 GB) (Free:1.33 GB) NTFS ==>[System mit Startkomponenten (eingeholt von Laufwerk)]
Drive g: (DMC3_SE) (CDROM) (Total:3.81 GB) (Free:0 GB) CDFS
Drive h: (FEAR) (CDROM) (Total:4.2 GB) (Free:0 GB) CDFS
Drive i: (Hit & Run 1) (CDROM) (Total:0.63 GB) (Free:0 GB) CDFS
Drive j: (Hit & Run 2) (CDROM) (Total:0.64 GB) (Free:0 GB) CDFS
Drive k: (Hit & Run 3) (CDROM) (Total:0.6 GB) (Free:0 GB) CDFS

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (Size: 1863 GB) (Disk ID: 59A27AD7)

Partition: GPT.

==================== Ende von Addition.txt ============================

M-K-D-B · 08.04.2016, 21:34

Servus,

wir entfernen die letzten Reste und kontrollieren nochmal alles.

Hinweis: Der Suchlauf mit ESET kann länger dauern.

Schritt 1
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

start
CloseProcesses:
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?trackid=sp-006
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-2461873215-4186745203-1289361242-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
HKU\S-1-5-21-2461873215-4186745203-1289361242-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxps://www.google.com/?trackid=sp-006
SearchScopes: HKLM -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = 
SearchScopes: HKLM -> {8218E8BC-E228-4079-8CE7-6EA6CCCEA191} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2461873215-4186745203-1289361242-1001 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
FF NewTab: google.com
FF SelectedSearchEngine: Yahoo®
FF Homepage: about:home
ShortcutWithArgument: C:\Users\optik\Desktop\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://searchomepage.com/?uuid=57051a76188b6&ctoken=us3r9bhcv0nhdccy7cfr
ShortcutWithArgument: C:\Users\optik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://searchomepage.com/?uuid=57051a76188b6&ctoken=us3r9bhcv0nhdccy7cfr
ShortcutWithArgument: C:\Users\optik\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://searchomepage.com/?uuid=57051a76188b6&ctoken=us3r9bhcv0nhdccy7cfr
ShortcutWithArgument: C:\Users\optik\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://searchomepage.com/?uuid=57051a76188b6&ctoken=us3r9bhcv0nhdccy7cfr
ShortcutWithArgument: C:\Users\optik\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://searchomepage.com/?uuid=57051a76188b6&ctoken=us3r9bhcv0nhdccy7cfr
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk -> C:\Program Files\AVAST Software\SZBrowser\launcher.exe (Avast Software) -> hxxp://searchomepage.com/?uuid=57051a76188b6&ctoken=us3r9bhcv0nhdccy7cfr
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://searchomepage.com/?uuid=57051a76188b6&ctoken=us3r9bhcv0nhdccy7cfr
IE trusted site: HKU\S-1-5-21-2461873215-4186745203-1289361242-1001\...\webcompanion.com -> hxxp://webcompanion.com
RemoveProxy:
CMD: ipconfig /flushdns
CMD: netsh winsock reset
EmptyTemp:
end

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Schritt 2

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Schritt 3
Downloade dir die passende Version von HitmanPro auf deinen Desktop: HitmanPro - 32 Bit | HitmanPro - 64 Bit.

Starte die HitmanPro.exe
Klicke auf
Entferne den Haken bei
Klicke auf
und
Akzeptiere die Lizenzbedingungen und klicke auf
Klicke auf

und auf
Wenn der Scan beendet wurde, nichts löschen lassen etc. sondern wähle unten links auf der Button-Leiste
und speichere die Logdatei auf Deinem Desktop.
Schließe HitmanPro und poste mir das Log.

Schritt 4

Starte die FRST.exe erneut. Setze einen Haken vor Addition.txt und Shortcut.txt und drücke auf Untersuchen.
FRST erstellt nun drei Logdateien (FRST.txt, Addition.txt und Shortcut.txt).
Poste mir alle drei Logdateien mit deiner nächsten Antwort.

Gibt es jetzt noch Probleme mit dem PC? Wenn ja, welche?

Bitte poste mit deiner nächsten Antwort

die Logdatei des FRST-Fix,
die Logdatei von ESET,
die Logdatei von HitmanPro,
die drei neuen Logdateien von FRST,
die Beantwortung der gestellten Fragen.

ertanal · 10.04.2016, 10:02

Merhaba Matthias

Code:

ATTFilter

Entferungsergebnis von Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
durchgeführt von optik (2016-04-10 09:15:59) Run:1
Gestartet von C:\Users\optik\Desktop
Geladene Profile: optik (Verfügbare Profile: optik)
Start-Modus: Normal
==============================================

fixlist Inhalt:
*****************
start
CloseProcesses:
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?trackid=sp-006
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-2461873215-4186745203-1289361242-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
HKU\S-1-5-21-2461873215-4186745203-1289361242-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxps://www.google.com/?trackid=sp-006
SearchScopes: HKLM -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = 
SearchScopes: HKLM -> {8218E8BC-E228-4079-8CE7-6EA6CCCEA191} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2461873215-4186745203-1289361242-1001 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
FF NewTab: google.com
FF SelectedSearchEngine: Yahoo®
FF Homepage: about:home
ShortcutWithArgument: C:\Users\optik\Desktop\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://searchomepage.com/?uuid=57051a76188b6&ctoken=us3r9bhcv0nhdccy7cfr
ShortcutWithArgument: C:\Users\optik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://searchomepage.com/?uuid=57051a76188b6&ctoken=us3r9bhcv0nhdccy7cfr
ShortcutWithArgument: C:\Users\optik\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://searchomepage.com/?uuid=57051a76188b6&ctoken=us3r9bhcv0nhdccy7cfr
ShortcutWithArgument: C:\Users\optik\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://searchomepage.com/?uuid=57051a76188b6&ctoken=us3r9bhcv0nhdccy7cfr
ShortcutWithArgument: C:\Users\optik\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://searchomepage.com/?uuid=57051a76188b6&ctoken=us3r9bhcv0nhdccy7cfr
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk -> C:\Program Files\AVAST Software\SZBrowser\launcher.exe (Avast Software) -> hxxp://searchomepage.com/?uuid=57051a76188b6&ctoken=us3r9bhcv0nhdccy7cfr
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://searchomepage.com/?uuid=57051a76188b6&ctoken=us3r9bhcv0nhdccy7cfr
IE trusted site: HKU\S-1-5-21-2461873215-4186745203-1289361242-1001\...\webcompanion.com -> hxxp://webcompanion.com
RemoveProxy:
CMD: ipconfig /flushdns
CMD: netsh winsock reset
EmptyTemp:
end
         
*****************

Prozess erfolgreich geschlossen.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Wert erfolgreich wiederhergestellt
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Wert erfolgreich wiederhergestellt
HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => Wert erfolgreich wiederhergestellt
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => Wert erfolgreich wiederhergestellt
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => Wert erfolgreich wiederhergestellt
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => Wert erfolgreich wiederhergestellt
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => Wert erfolgreich wiederhergestellt
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => Wert erfolgreich wiederhergestellt
HKU\S-1-5-21-2461873215-4186745203-1289361242-1001\Software\Microsoft\Internet Explorer\Main\\Search Page => Wert erfolgreich wiederhergestellt
HKU\S-1-5-21-2461873215-4186745203-1289361242-1001\Software\Microsoft\Internet Explorer\Main\\Search Bar => Wert erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2f23ab71-4ac6-41f2-a955-ea576e553146}" => Schlüssel erfolgreich entfernt
HKCR\CLSID\{2f23ab71-4ac6-41f2-a955-ea576e553146} => Schlüssel nicht gefunden. 
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8218E8BC-E228-4079-8CE7-6EA6CCCEA191}" => Schlüssel erfolgreich entfernt
HKCR\CLSID\{8218E8BC-E228-4079-8CE7-6EA6CCCEA191} => Schlüssel nicht gefunden. 
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}" => Schlüssel erfolgreich entfernt
HKCR\CLSID\{D944BB61-2E34-4DBF-A683-47E505C587DC} => Schlüssel nicht gefunden. 
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{E9410C70-B6AE-41FF-AB71-32F4B279EA5F}" => Schlüssel erfolgreich entfernt
HKCR\Wow6432Node\CLSID\{E9410C70-B6AE-41FF-AB71-32F4B279EA5F} => Schlüssel nicht gefunden. 
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Wert erfolgreich entfernt
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Wert erfolgreich entfernt
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Wert erfolgreich entfernt
"HKU\S-1-5-21-2461873215-4186745203-1289361242-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E9410C70-B6AE-41FF-AB71-32F4B279EA5F}" => Schlüssel erfolgreich entfernt
HKCR\CLSID\{E9410C70-B6AE-41FF-AB71-32F4B279EA5F} => Schlüssel nicht gefunden. 
Firefox "newtab" erfolgreich entfernt
Firefox SelectedSearchEngine erfolgreich entfernt
Firefox "homepage" erfolgreich entfernt
C:\Users\optik\Desktop\Mozilla Firefox.lnk => Verknüpfung Eigenschaft erfolgreich entfernt.
C:\Users\optik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk => Verknüpfung Eigenschaft erfolgreich entfernt.
C:\Users\optik\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk => Verknüpfung Eigenschaft erfolgreich entfernt.
C:\Users\optik\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk => Verknüpfung Eigenschaft erfolgreich entfernt.
C:\Users\optik\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk => Verknüpfung Eigenschaft erfolgreich entfernt.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk => Verknüpfung Eigenschaft erfolgreich entfernt.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk => Verknüpfung Eigenschaft erfolgreich entfernt.
"HKU\S-1-5-21-2461873215-4186745203-1289361242-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com" => Schlüssel erfolgreich entfernt

========= RemoveProxy: =========

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => Wert erfolgreich entfernt
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => Wert erfolgreich entfernt
HKU\S-1-5-21-2461873215-4186745203-1289361242-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => Wert erfolgreich entfernt
HKU\S-1-5-21-2461873215-4186745203-1289361242-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => Wert erfolgreich entfernt


========= Ende von RemoveProxy: =========


=========  ipconfig /flushdns =========


Windows-IP-Konfiguration

Der DNS-Aufl�sungscache wurde geleert.

========= Ende von CMD: =========


=========  netsh winsock reset =========


Der Winsock-Katalog wurde zur�ckgesetzt.
Sie m�ssen den Computer neu starten, um den Vorgang abzuschlie�en.


========= Ende von CMD: =========

EmptyTemp: => 704 MB temporäre Dateien entfernt.


Das System musste neu gestartet werden.

==== Ende von Fixlog 09:16:34 ====

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=50f5cc24563af940b5ca85ad56573c18
# end=init
# utc_time=2016-04-10 07:23:18
# local_time=2016-04-10 09:23:18 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.2.9200 NT 
Update Init
Update Download
Update Finalize
Updated modules version: 28989
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=50f5cc24563af940b5ca85ad56573c18
# end=updated
# utc_time=2016-04-10 07:27:34
# local_time=2016-04-10 09:27:34 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.2.9200 NT 
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=50f5cc24563af940b5ca85ad56573c18
# engine=28989
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2016-04-10 08:51:08
# local_time=2016-04-10 10:51:08 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT 
# compatibility_mode_1='avast! Antivirus'
# compatibility_mode=788 16777213 100 98 565216 57705722 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 20951111 24067838 0 0
# scanned=307330
# found=0
# cleaned=0
# scan_time=5014

Code:

ATTFilter


	Code: 

 ATTFilter

  
	HitmanPro 3.7.13.258
www.hitmanpro.com

   Computer name . . . . : TWINZ
   Windows . . . . . . . : 6.3.0.9600.X64/8
   User name . . . . . . : TWINZ\optik
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Free

   Scan date . . . . . . : 2016-04-10 10:54:08
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 4m 28s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No

   Threats . . . . . . . : 1
   Traces  . . . . . . . : 9

   Objects scanned . . . : 1.904.850
   Files scanned . . . . : 56.324
   Remnants scanned  . . : 573.605 files / 1.274.921 keys

Malware _____________________________________________________________________

   C:\WINDOWS\SysWOW64\verkleinerer17b.exe
      Size . . . . . . . : 289.792 bytes
      Age  . . . . . . . : 302.8 days (2015-06-12 14:53:30)
      Entropy  . . . . . : 6.7
      SHA-256  . . . . . : 62C7E8DD08D9E253A0DD5925F08360A4625B5F9DFE844E344D471CD39A6C888F
      Product  . . . . . : Der grandiose Bildverkleinerer
      Publisher  . . . . : Dr. Wuro Industries
      LanguageID . . . . : 0
    > HitmanPro  . . . . : Malware
      Fuzzy  . . . . . . : 105.0


Suspicious files ____________________________________________________________

   C:\Users\optik\Desktop\FRST64.exe
      Size . . . . . . . : 2.374.144 bytes
      Age  . . . . . . . : 2.9 days (2016-04-07 14:07:43)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 1CB35A93213562911D4E4218EFFCB9FC5A946B6E1A99509BCD2B5C936898D159
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.


Potential Unwanted Programs _________________________________________________

   HKLM\SOFTWARE\Classes\AppID\{0d45aa19-e850-49d3-a5a7-26cc49aac62b}\ (GreatFind)
   HKLM\SOFTWARE\Classes\AppID\{6768c435-b8a5-418e-a09d-ac391d4949dc}\ (GreatFind)
   HKLM\SOFTWARE\Classes\Wow6432Node\AppID\{0d45aa19-e850-49d3-a5a7-26cc49aac62b}\ (GreatFind)
   HKLM\SOFTWARE\Classes\Wow6432Node\AppID\{6768c435-b8a5-418e-a09d-ac391d4949dc}\ (GreatFind)
   HKU\S-1-5-21-2461873215-4186745203-1289361242-1001\Software\Classes\Wow6432Node\Interface\{3B3F3AAD-FB97-49FF-BFEE-D22869AC4326}\ (UniDeals)
   HKU\S-1-5-21-2461873215-4186745203-1289361242-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\SnapDo.exe (FLV Player)
   HKU\S-1-5-21-2461873215-4186745203-1289361242-1001_Classes\Wow6432Node\Interface\{3B3F3AAD-FB97-49FF-BFEE-D22869AC4326}\ (UniDeals)

Code:

ATTFilter

Untersuchungsergebnis der Verknüpfungen des Benutzers (x64) Version:05-03-2016 01
durchgeführt von optik (2016-04-10 11:01:33)
Gestartet von C:\Users\optik\Desktop
Start-Modus: Normal

==================== Verknüpfungen =============================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)



Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SEGA\THE HOUSE OF THE DEAD3_EU\Uninstall Game.lnk -> C:\Program Files (x86)\InstallShield Installation Information\{B418F434-15CD-4B68-A022-CFE0DB92A6F9}\uninstall.bat ()
Shortcut: C:\Users\optik\Desktop\Terrordrome\Terrordrome Online.lnk -> C:\Program Files (x86)\HuracanStudio\Terrordrome_Final\launcher.bat ()
Shortcut: C:\Users\optik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MaxBatch.lnk -> C:\Program Files (x86)\Max Payne\MaxBatch.bat (Keine Datei)


Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 6.0.lnk -> C:\Windows\Installer\{AC76BA86-7AD7-1033-7B44-A00000000001}\SC_Reader_PM.ico ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk -> C:\Windows\Installer\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}\AppleSoftwareUpdateIco.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk -> C:\Program Files\AVAST Software\SZBrowser\launcher.exe (Avast Software)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Camera.lnk -> C:\Windows\Camera\Camera.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Connected Music powered by Meridian.lnk -> C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe (Meridian Audio Ltd)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Connected Music powered by Universal Music Group.lnk -> C:\Program Files (x86)\Connected Music powered by Universal Music Group\Connected Music powered by Universal Music Group.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileManager.lnk -> C:\Windows\FileManager\FileManager.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Immersive Control Panel.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office.lnk -> C:\Windows\Installer\{95140000-0070-0000-0000-0000000FF1CE}\oobeicon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotosApp.lnk -> C:\Windows\FileManager\PhotosApp.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk -> C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk -> C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Store.lnk -> C:\Windows\WinStore\WinStore.htm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live\Windows Live Writer.lnk -> C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriter.exe (Microsoft Corp.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vivendi Universal Games\The Simpsons Hit & Run\Readme.lnk -> C:\Program Files (x86)\Vivendi Universal Games\The Simpsons Hit & Run\README.rtf ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vivendi Universal Games\The Simpsons Hit & Run\The Simpsons Hit & Run.lnk -> C:\Program Files (x86)\Vivendi Universal Games\The Simpsons Hit & Run\Simpsons.exe (Vivendi Universal Games)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\Documentation.lnk -> C:\Program Files (x86)\VideoLAN\VLC\Documentation.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\Release Notes.lnk -> C:\Program Files (x86)\VideoLAN\VLC\NEWS.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VideoLAN Website.lnk -> C:\Program Files (x86)\VideoLAN\VLC\VideoLAN Website.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player.lnk -> C:\Program Files (x86)\VideoLAN\VLC\vlc.exe (VideoLAN)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools\Windows Easy Transfer.lnk -> C:\Windows\System32\migwiz\migwiz.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam\Steam.lnk -> C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sierra\FEAR\F.E.A.R. Configuration Utility.lnk -> C:\Program Files (x86)\Sierra\FEAR\config.exe (Monolith Productions, Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sierra\FEAR\F.E.A.R. Dedicated Server.lnk -> C:\Program Files (x86)\Sierra\FEAR\FEARServer.exe (Monolith Productions, Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sierra\FEAR\F.E.A.R..lnk -> C:\Program Files (x86)\Sierra\FEAR\FEAR.exe (Monolith Productions, Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sierra\FEAR\Shortcut to User directory.lnk -> C:\Users\Public\Documents\Monolith Productions\FEAR ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sierra\FEAR\View F.E.A.R. ReadMe.lnk -> C:\Program Files (x86)\Sierra\FEAR\readme.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SEGA\THE HOUSE OF THE DEAD3_EU\THE HOUSE OF THE DEAD3.lnk -> C:\Program Files (x86)\SEGA\THE HOUSE OF THE DEAD3_EU\hod3launch.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SEGA\Condemned - Criminal Origins\Condemned - Criminal Origins - Konfigurationseinstellung.lnk -> C:\Program Files (x86)\SEGA\Condemned - Criminal Origins\Config.exe (Monolith Productions, Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SEGA\Condemned - Criminal Origins\Condemned - Criminal Origins.lnk -> C:\Program Files (x86)\SEGA\Condemned - Criminal Origins\Condemned.exe (Monolith Productions, Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SEGA\Condemned - Criminal Origins\Daten Ordner des Spielers ansehen.lnk -> C:\Users\Public\Documents\Monolith Productions\Condemned ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SEGA\Condemned - Criminal Origins\Die Condemned - Criminal Origins LiesMich Datei ansehen.lnk -> C:\Program Files (x86)\SEGA\Condemned - Criminal Origins\Liesmich.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security and Protection\Recovery Manager\PowerRecover.lnk -> C:\Program Files (x86)\Hewlett-Packard\Recovery\RecoveryMgr.exe (CyberLink)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security and Protection\Recovery Manager\Recovery Disc Creation.lnk -> C:\Program Files (x86)\Hewlett-Packard\Recovery\CDCreator.exe (CyberLink)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rockstar Games\GTAIII\Play GTAIII.lnk -> C:\Program Files (x86)\Rockstar Games\GTAIII\gta3.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rockstar Games\GTAIII\Read Me.lnk -> C:\Program Files (x86)\Rockstar Games\GTAIII\ReadMe\ReadMe_GERMAN.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rockstar Games\GTAIII\Uninstall GTAIII.lnk -> C:\Program Files (x86)\InstallShield Installation Information\{92B94569-6683-4617-8C54-EB27A1B51B30}\Setup.exe (InstallShield Software Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rockstar Games\GTAIII\Visit RockstarGames Website.lnk -> C:\Program Files (x86)\Rockstar Games\GTAIII\Website\website.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Radical Games\Scarface\Register Scarface.lnk -> C:\Program Files (x86)\Radical Games\Scarface\register.url (Keine Datei)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Radical Games\Scarface\Scarface.lnk -> C:\Program Files (x86)\Radical Games\Scarface\Scarface.exe (Keine Datei)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Radical Games\Scarface\Vivendi Games.lnk -> C:\Program Files (x86)\Radical Games\Scarface\sierra.url (Keine Datei)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Radical Games\Scarface\Help\Scarface.lnk -> C:\Program Files (x86)\Radical Games\Scarface\scarface.url (Keine Datei)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Radical Games\Scarface\Help\View End User License Agreement.lnk -> C:\Program Files (x86)\Radical Games\Scarface\EULA.rtf (Keine Datei)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Radical Games\Scarface\Help\View Readme File.lnk -> C:\Program Files (x86)\Radical Games\Scarface\ReadMe.txt (Keine Datei)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickPar\QuickPar.lnk -> C:\Program Files (x86)\QuickPar\QuickPar.exe (Peter B Clements)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickPar\Uninstall.lnk -> C:\Program Files (x86)\QuickPar\uninst.exe (Peter B Clements)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickPar\Website.lnk -> C:\Program Files (x86)\QuickPar\QuickPar.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Productivity and Tools\CyberLink LabelPrint.lnk -> C:\Program Files (x86)\CyberLink\LabelPrint\LabelPrint.exe (CyberLink Corp.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Productivity and Tools\CyberLink Power2Go.lnk -> C:\Program Files (x86)\CyberLink\Power2Go8\Power2Go8.exe (CyberLink Corp.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Productivity and Tools\Desktop Burning Gadget.lnk -> C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe (CyberLink Corp.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Productivity and Tools\ISO Viewer.lnk -> C:\Program Files (x86)\CyberLink\Power2Go8\IsoViewer8.exe (CyberLink Corp.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Productivity and Tools\Virtual Drive.lnk -> C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe (CyberLink Corp.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PrintMe Internet Printing\Download Driver.lnk -> C:\Program Files (x86)\Adobe\Acrobat 6.0\Reader\plug_ins\Printme\ConsoleApp.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PrintMe Internet Printing\Learn More.lnk -> C:\Program Files (x86)\Adobe\Acrobat 6.0\Reader\plug_ins\Printme\PMAdobeIndex.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerISO\PowerISO Help.lnk -> C:\Program Files\PowerISO\PowerISO.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerISO\PowerISO Virtual Drive Manager.lnk -> C:\Program Files\PowerISO\PWRISOVM.EXE (Power Software Ltd)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerISO\PowerISO.lnk -> C:\Program Files\PowerISO\PowerISO.exe (Power Software Ltd)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerISO\Uninstall PowerISO.lnk -> C:\Program Files\PowerISO\uninstall.exe (Power Software Ltd)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PCSX2\Frequently Asked Questions 0.9.8.lnk -> C:\Users\optik\Desktop\PCSX2 0.9.8\Docs\PCSX2_FAQ_0.9.8.pdf (Keine Datei)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PCSX2\Frequently Asked Questions.lnk -> C:\Users\optik\Desktop\PCSX2 1.0.0\Docs\PCSX2_FAQ.pdf ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PCSX2\PCSX2 0.9.8 (r4600).lnk -> C:\Users\optik\Desktop\PCSX2 0.9.8\pcsx2-r4600.exe (Keine Datei)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PCSX2\PCSX2 1.0.0 (r5350).lnk -> C:\Users\optik\Desktop\PCSX2 1.0.0\pcsx2-r5350.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PCSX2\Readme 0.9.8.lnk -> C:\Users\optik\Desktop\PCSX2 0.9.8\Docs\PCSX2_Readme_0.9.8.pdf (Keine Datei)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PCSX2\Readme.lnk -> C:\Users\optik\Desktop\PCSX2 1.0.0\Docs\PCSX2_Readme.pdf ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PCSX2\Uninstall PCSX2 0.9.8 (r4600).lnk -> C:\Users\optik\Desktop\PCSX2 0.9.8\Uninst-pcsx2-r4600.exe (Keine Datei)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PCSX2\Uninstall PCSX2 1.0.0 (r5350).lnk -> C:\Users\optik\Desktop\PCSX2 1.0.0\Uninst-pcsx2-r5350.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation\GeForce Experience.lnk -> C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\LaunchGFExperience.exe (NVIDIA Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Music, Photos and Videos\Beats Audio Control Panel.lnk -> C:\Windows\System32\IDTNC64.cpl (IDT, Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Music, Photos and Videos\Connected Music powered by Meridian.lnk -> C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe (Meridian Audio Ltd)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Music, Photos and Videos\CyberLink Media Suite.lnk -> C:\Program Files (x86)\CyberLink\Media Suite\PS.exe (CyberLink Corp.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Music, Photos and Videos\CyberLink PhotoDirector.lnk -> C:\Program Files (x86)\CyberLink\PhotoDirector\PhotoDirector.exe (CyberLink Corp.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Music, Photos and Videos\CyberLink PowerDirector 10.lnk -> C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.exe (CyberLink Corp.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Music, Photos and Videos\CyberLink PowerDVD.lnk -> C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.exe (CyberLink Corp.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Music, Photos and Videos\HP Connected Remote.lnk -> C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteMgmtUI.exe (Hewlett-Packard)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight\Microsoft Silverlight.lnk -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\Silverlight.Configuration.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows Marketplace\Games for Windows Marketplace.lnk -> C:\Program Files (x86)\Microsoft Games for Windows - LIVE\Client\GFWLive.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware \Malwarebytes Anti-Malware entfernen.lnk -> C:\Program Files (x86)\ Malwarebytes Anti-Malware \unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware \Malwarebytes Anti-Malware Notifications.lnk -> C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Malwarebytes)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware \ Malwarebytes Anti-Malware .lnk -> C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Malwarebytes)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware \Tools\Malwarebytes Anti-Malware Chameleon.lnk -> C:\Program Files (x86)\ Malwarebytes Anti-Malware \Chameleon\Windows\chameleon.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Media Player Classic.lnk -> C:\Program Files (x86)\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe (MPC-HC Team)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Uninstall\Uninstall K-Lite Codec Pack.lnk -> C:\Program Files (x86)\K-Lite Codec Pack\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Help\Frequently Asked Questions.lnk -> C:\Program Files (x86)\K-Lite Codec Pack\Info\faq.htm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Java konfigurieren.lnk -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\javacpl.exe (Oracle Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes\iTunes.lnk -> C:\Program Files\iTunes\iTunes.exe (Apple Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes\Über iTunes.lnk -> C:\Program Files\iTunes\iTunes.Resources\de.lproj\About iTunes.rtf ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Instagiffer\Instagiffer.lnk -> C:\Program Files (x86)\Instagiffer\instagiffer.exe (Justin Todd)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Instagiffer\Uninstall Instagiffer.lnk -> C:\Program Files (x86)\Instagiffer\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support\HP Support Assistant.lnk -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe (Hewlett-Packard Company)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support\HP support information.lnk -> C:\Program Files (x86)\Hewlett-Packard\HP Support Information\HPSysInfo.exe (Hewlett-Packard Development Company, L.P.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOM Player\GOM Player.lnk -> C:\Program Files (x86)\GRETECH\GomPlayer\GOM.EXE (Gretech Corp.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOM Player\Uninstall.lnk -> C:\Program Files (x86)\GRETECH\GomPlayer\Uninstall.exe (Gretech Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freemake\Freemake Video Converter.lnk -> C:\Program Files (x86)\Freemake\Freemake Video Converter\FreemakeVideoConverter.exe (Freemake)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Empire Interactive\Starsky & Hutch\Readme.lnk -> C:\Program Files (x86)\Empire Interactive\Starsky & Hutch\Readme.htm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Empire Interactive\Starsky & Hutch\Starsky & Hutch.lnk -> C:\Program Files (x86)\Empire Interactive\Starsky & Hutch\Starsky.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Empire Interactive\Starsky & Hutch\Uninstall.lnk -> C:\Program Files (x86)\Empire Interactive\Starsky & Hutch\Uninstall.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft\Free MP4 Video Converter.lnk -> C:\Program Files (x86)\DVDVideoSoft\Free MP4 Video Converter\FreeMP4VideoConverter.exe (DVDVideoSoft Ltd.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft\Log Report.lnk -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\DVSSysReport.exe (DVDVideoSoft Ltd.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft\Premium Membership.lnk -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\PremiumMembershipOffer.exe (DVDVideoSoft Ltd.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft\Uninstall.lnk -> C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\Uninstall.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CAPCOM\Devil May Cry 3 Special Edition\Devil May Cry 3 Special Edition.lnk -> C:\Program Files (x86)\CAPCOM\Devil May Cry 3 Special Edition\DMC3SE.exe (CAPCOM CO., LTD.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CAPCOM\Devil May Cry 3 Special Edition\Readme.lnk -> C:\Program Files (x86)\CAPCOM\Devil May Cry 3 Special Edition\readme.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre - E-book Management\calibre - E-book management.lnk -> C:\Program Files (x86)\Calibre2\calibre.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre - E-book Management\E-book viewer.lnk -> C:\Program Files (x86)\Calibre2\ebook-viewer.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre - E-book Management\Edit E-book.lnk -> C:\Program Files (x86)\Calibre2\ebook-edit.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre - E-book Management\LRF viewer.lnk -> C:\Program Files (x86)\Calibre2\lrfviewer.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blue Ripple Sound\Rapture3D - Help.lnk -> C:\Program Files (x86)\BRS\rapture3dgame.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blue Ripple Sound\Rapture3D - Speaker Layout.lnk -> C:\Program Files (x86)\BRS\UserLayout.exe (Blue Ripple Sound Limited)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Component Services.lnk -> C:\Windows\System32\comexp.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\dfrgui.lnk -> C:\Windows\System32\dfrgui.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Disk Cleanup.lnk -> C:\Windows\System32\cleanmgr.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk -> C:\Windows\System32\iscsicpl.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk -> C:\Windows\System32\MdSched.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\ODBC Data Sources (32-bit).lnk -> C:\Windows\SysWOW64\odbcad32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\ODBC Data Sources (64-bit).lnk -> C:\Windows\System32\odbcad32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk -> C:\Windows\System32\services.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration.lnk -> C:\Windows\System32\msconfig.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Information.lnk -> C:\Windows\System32\msinfo32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk -> C:\Windows\System32\WF.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows PowerShell (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows PowerShell ISE (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows PowerShell ISE.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Calculator.lnk -> C:\Windows\System32\calc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Math Input Panel.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\mip.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Paint.lnk -> C:\Windows\System32\mspaint.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk -> C:\Windows\System32\mstsc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Snipping Tool.lnk -> C:\Windows\System32\SnippingTool.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sound Recorder.lnk -> C:\Windows\System32\SoundRecorder.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Steps Recorder.lnk -> C:\Windows\System32\psr.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sticky Notes.lnk -> C:\Windows\System32\StikyNot.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Fax and Scan.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\XPS Viewer.lnk -> C:\Windows\System32\xpsrchvw.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\Windows Journal.lnk -> C:\Program Files\Windows Journal\Journal.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Character Map.lnk -> C:\Windows\System32\charmap.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\8GadgetPack\8GadgetPack Tools.lnk -> C:\Program Files (x86)\Windows Sidebar\8GadgetPack.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip\7-Zip File Manager.lnk -> C:\Program Files\7-Zip\7zFM.exe (Igor Pavlov)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip\7-Zip Help.lnk -> C:\Program Files\7-Zip\7-zip.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\GameExplorer\{8CA65E83-6CD7-4BF5-A253-75399846A958}\PlayTasks\1\Pure DEMO Hilfe.lnk -> C:\Program Files (x86)\Disney Interactive Studios\Pure DEMO\Readme_GER.txt (Keine Datei)
Shortcut: C:\ProgramData\Microsoft\Windows\GameExplorer\{8CA65E83-6CD7-4BF5-A253-75399846A958}\PlayTasks\0\Start Pure DEMO.lnk -> C:\Program Files (x86)\Disney Interactive Studios\Pure DEMO\PureDEMO.exe (Keine Datei)
Shortcut: C:\ProgramData\Microsoft\Windows\GameExplorer\{3BA339B3-4011-4F64-92B9-36D03AE02D6A}\PlayTasks\4\Detect Tool.lnk -> C:\Program Files (x86)\Ubisoft\Assassin's Creed\Detection\Detection.exe (Keine Datei)
Shortcut: C:\ProgramData\Microsoft\Windows\GameExplorer\{3BA339B3-4011-4F64-92B9-36D03AE02D6A}\PlayTasks\3\Spielehandbuch.lnk -> C:\Program Files (x86)\Ubisoft\Assassin's Creed\Support\Manual\AssassinsCreed.pdf (Keine Datei)
Shortcut: C:\ProgramData\Microsoft\Windows\GameExplorer\{3BA339B3-4011-4F64-92B9-36D03AE02D6A}\PlayTasks\2\Liesmich.txt.lnk -> C:\Program Files (x86)\Ubisoft\Assassin's Creed\Support\ReadMe\Liesmich.txt (Keine Datei)
Shortcut: C:\ProgramData\Microsoft\Windows\GameExplorer\{3BA339B3-4011-4F64-92B9-36D03AE02D6A}\PlayTasks\1\Registrieren.lnk -> C:\Program Files (x86)\Ubisoft\Assassin's Creed\Register\RegistrationReminder.exe (Keine Datei)
Shortcut: C:\ProgramData\Microsoft\Windows\GameExplorer\{3BA339B3-4011-4F64-92B9-36D03AE02D6A}\PlayTasks\0\Spielen.lnk -> C:\Program Files (x86)\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe (Keine Datei)
Shortcut: C:\ProgramData\Microsoft\Windows\GameExplorer\{2F5C9486-850F-45D4-A0A8-AF2DC9131519}\PlayTasks\0\Launch.lnk -> C:\Program Files (x86)\Steam\SteamApps\common\Grand Theft Auto IV\GTAIV\LaunchGTAIV.exe (Sony DADC Austria AG)
Shortcut: C:\ProgramData\Media Center Programs\Tomb Raider - Anniversary.lnk -> C:\Program Files (x86)\Tomb Raider - Anniversary\tra.mcl (Keine Datei)
Shortcut: C:\ProgramData\Hewlett-Packard\Recovery\Links\RM.lnk -> C:\Program Files (x86)\Hewlett-Packard\Recovery\RecoveryMgr.exe (CyberLink)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk -> C:\Users\optik\Documents ()
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk -> C:\Users\optik\Pictures ()
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Windows.Defender.lnk -> C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk -> C:\Windows\System32\compmgmt.msc ()
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk -> C:\Windows\System32\diskmgmt.msc ()
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk -> C:\Windows\System32\eventvwr.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation)
Shortcut: C:\Users\optik\Music\Dokumente - Verknüpfung.lnk -> C:\Users\optik\Documents ()
Shortcut: C:\Users\optik\Links\Desktop.lnk -> C:\Users\optik\Desktop ()
Shortcut: C:\Users\optik\Links\Downloads.lnk -> C:\Users\optik\Downloads ()
Shortcut: C:\Users\optik\Documents\OneDrive - Verknüpfung.lnk -> C:\Users\optik\OneDrive ()
Shortcut: C:\Users\optik\Desktop\Condemned.exe - Verknüpfung.lnk -> C:\Program Files (x86)\SEGA\Condemned - Criminal Origins\Condemned.exe (Monolith Productions, Inc.)
Shortcut: C:\Users\optik\Desktop\DMC3SE.exe - Verknüpfung.lnk -> C:\Program Files (x86)\CAPCOM\Devil May Cry 3 Special Edition\DMC3SE.exe (CAPCOM CO., LTD.)
Shortcut: C:\Users\optik\Desktop\FEAR.exe - Verknüpfung.lnk -> C:\Program Files (x86)\Sierra\FEAR\FEAR.exe (Monolith Productions, Inc.)
Shortcut: C:\Users\optik\Desktop\GIMP 2.lnk -> C:\Program Files\GIMP 2\bin\gimp-2.8.exe (Spencer Kimball, Peter Mattis and the GIMP Development Team)
Shortcut: C:\Users\optik\Desktop\gta3.exe - Verknüpfung.lnk -> C:\Program Files (x86)\Rockstar Games\GTAIII\gta3.exe ()
Shortcut: C:\Users\optik\Desktop\IrfanView.lnk -> C:\Program Files (x86)\IrfanView\i_view32.exe (Irfan Skiljan)
Shortcut: C:\Users\optik\Desktop\JDownloader 2.lnk -> C:\JDownloader v2.0\JDownloader2.exe (AppWork GmbH)
Shortcut: C:\Users\optik\Desktop\MansionV10.exe - Verknüpfung.lnk -> C:\Users\optik\Downloads\MansionV10\MansionV10\MansionV10.exe ()
Shortcut: C:\Users\optik\Desktop\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
Shortcut: C:\Users\optik\Desktop\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\optik\Desktop\QuickPar.lnk -> C:\Program Files (x86)\QuickPar\QuickPar.exe (Peter B Clements)
Shortcut: C:\Users\optik\Desktop\Simpsons.exe - Verknüpfung.lnk -> C:\Program Files (x86)\Vivendi Universal Games\The Simpsons Hit & Run\Simpsons.exe (Vivendi Universal Games)
Shortcut: C:\Users\optik\Desktop\Starsky.exe - Verknüpfung.lnk -> C:\Program Files (x86)\Empire Interactive\Starsky & Hutch\Starsky.exe ()
Shortcut: C:\Users\optik\Desktop\Uplay.lnk -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\Uplay.exe (Keine Datei)
Shortcut: C:\Users\optik\Desktop\Terrordrome\Terrordrome_Final.lnk -> C:\Program Files (x86)\HuracanStudio\Terrordrome_Final\Terrordrome_Final_2_9_5.exe ((C)2001 ENTERBRAIN,INC / OUTBACK)
Shortcut: C:\Users\optik\AppData\Roaming\Microsoft\Windows\Start Menu\GOM Player.lnk -> C:\Program Files (x86)\GRETECH\GomPlayer\GOM.EXE (Gretech Corp.)
Shortcut: C:\Users\optik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dark Orbit.lnk -> C:\Users\optik\AppData\Local\Pokki\Engine\HostAppService.exe (Keine Datei)
Shortcut: C:\Users\optik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk -> C:\Users\optik\Documents ()
Shortcut: C:\Users\optik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\optik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk -> C:\Users\optik\OneDrive ()
Shortcut: C:\Users\optik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk -> C:\Users\optik\Pictures ()
Shortcut: C:\Users\optik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WR-Tools\GpuTemp.lnk -> C:\Users\optik\AppData\Roaming\Microsoft\Installer\{0FFA85AB-D704-48A6-A009-25A0559152C3}\_A5AC919E994752F5F3DB7D.exe ()
Shortcut: C:\Users\optik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft\Uplay\Uninstall.lnk -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\Uninstall.exe (Keine Datei)
Shortcut: C:\Users\optik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft\Uplay\Uplay.lnk -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\Uplay.exe (Keine Datei)
Shortcut: C:\Users\optik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\optik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Windows.Defender.lnk -> C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
Shortcut: C:\Users\optik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\project64 1.6\Project64 1.6.lnk -> C:\Program Files (x86)\Project64 1.6\Project64.exe (Keine Datei)
Shortcut: C:\Users\optik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JDownloader\JDownloader 2 Deinstallationsprogramm.lnk -> C:\JDownloader v2.0\Uninstall JDownloader.exe (AppWork GmbH)
Shortcut: C:\Users\optik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JDownloader\JDownloader 2 Update & Rescue.lnk -> C:\JDownloader v2.0\JDownloader2Update.exe (AppWork GmbH)
Shortcut: C:\Users\optik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JDownloader\JDownloader 2.lnk -> C:\JDownloader v2.0\JDownloader2.exe (AppWork GmbH)
Shortcut: C:\Users\optik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freemake\Uninstall\Uninstall Freemake Video Converter.lnk -> C:\Program Files (x86)\Freemake\Freemake Video Converter\Uninstall\unins000.exe ()
Shortcut: C:\Users\optik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Alice\Alice Einrichtungsassistent.lnk -> C:\Program Files (x86)\Alice\Signup\AliceCnf.exe (ProDyne)
Shortcut: C:\Users\optik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Alice\Alice Einwahlassistent.lnk -> C:\Program Files (x86)\Alice\Signup\AliceCnn.exe (Hansenet)
Shortcut: C:\Users\optik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Alice\Alice Installieren.lnk -> C:\Program Files (x86)\Alice\isw.exe (ProDyne)
Shortcut: C:\Users\optik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Alice\Alice Supportassistent.lnk -> C:\Program Files (x86)\Alice\Support\Alicesup.exe (Hansenet)
Shortcut: C:\Users\optik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\optik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\optik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\optik\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\GOM Player.lnk -> C:\Program Files (x86)\GRETECH\GomPlayer\GOM.EXE (Gretech Corp.)
Shortcut: C:\Users\optik\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\JDownloader 2.lnk -> C:\JDownloader v2.0\JDownloader2.exe (AppWork GmbH)
Shortcut: C:\Users\optik\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\optik\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\GOM.EXE.lnk -> C:\Program Files (x86)\GRETECH\GomPlayer\GOM.EXE (Gretech Corp.)
Shortcut: C:\Users\optik\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\optik\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
Shortcut: C:\Users\optik\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\optik\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\optik\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\optik\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\optik\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk -> C:\Windows\System32\compmgmt.msc ()
Shortcut: C:\Users\optik\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk -> C:\Windows\System32\diskmgmt.msc ()
Shortcut: C:\Users\optik\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk -> C:\Windows\System32\eventvwr.exe (Microsoft Corporation)
Shortcut: C:\Users\optik\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation)
Shortcut: C:\Users\optik\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation)
Shortcut: C:\Users\optik\AppData\Local\Microsoft\GFWLive\Logs\InstallLog.lnk -> C:\Users\optik\AppData\Local\Microsoft\GFWLive\Install\Logs ()
Shortcut: C:\Users\optik\AppData\Local\Microsoft\GFWLive\Install\Logs\ClientLog.lnk -> C:\Users\optik\AppData\Local\Microsoft\GFWLive\Logs ()
Shortcut: C:\Users\Public\Desktop\Avast Free Antivirus.lnk -> C:\Program Files\AVAST Software\Avast\avastui.exe (AVAST Software)
Shortcut: C:\Users\Public\Desktop\calibre - E-book management.lnk -> C:\Program Files (x86)\Calibre2\calibre.exe ()
Shortcut: C:\Users\Public\Desktop\Connected Music powered by Universal Music Group.lnk -> C:\Program Files (x86)\Connected Music powered by Universal Music Group\Connected Music powered by Universal Music Group.exe ()
Shortcut: C:\Users\Public\Desktop\Connected Remote.lnk -> C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteMgmtUI.exe (Hewlett-Packard)
Shortcut: C:\Users\Public\Desktop\Free MP4 Video Converter.lnk -> C:\Program Files (x86)\DVDVideoSoft\Free MP4 Video Converter\FreeMP4VideoConverter.exe (DVDVideoSoft Ltd.)
Shortcut: C:\Users\Public\Desktop\Freemake Video Converter.lnk -> C:\Program Files (x86)\Freemake\Freemake Video Converter\FreemakeVideoConverter.exe (Freemake)
Shortcut: C:\Users\Public\Desktop\GeForce Experience.lnk -> C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\LaunchGFExperience.exe (NVIDIA Corporation)
Shortcut: C:\Users\Public\Desktop\GOM Player.lnk -> C:\Program Files (x86)\GRETECH\GomPlayer\GOM.EXE (Gretech Corp.)
Shortcut: C:\Users\Public\Desktop\Instagiffer.lnk -> C:\Program Files (x86)\Instagiffer\instagiffer.exe (Justin Todd)
Shortcut: C:\Users\Public\Desktop\iTunes.lnk -> C:\Program Files\iTunes\iTunes.exe (Apple Inc.)
Shortcut: C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk -> C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Malwarebytes)
Shortcut: C:\Users\Public\Desktop\Origin.lnk -> C:\Program Files (x86)\Origin\Origin.exe (Electronic Arts)
Shortcut: C:\Users\Public\Desktop\PowerISO.lnk -> C:\Program Files\PowerISO\PowerISO.exe (Power Software Ltd)
Shortcut: C:\Users\Public\Desktop\Snapfish Fotos.lnk -> C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe ()
Shortcut: C:\Users\Public\Desktop\Steam.lnk -> C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
Shortcut: C:\Users\Public\Desktop\VLC media player.lnk -> C:\Program Files (x86)\VideoLAN\VLC\vlc.exe (VideoLAN)


ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shopping and Services\eBay.lnk -> C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe () -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=onlinesvs&s=ebay&pf=cndt&locale=de_de&bd=all&c=124
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Music, Photos and Videos\Snapfish Fotos.lnk -> C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe () -> hxxp://www.snapfish.com/hp_desktop_desktopicon_2012_de


ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> -sta {C90FB8CA-3295-4462-A721-2935E83694BA}
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vivendi Universal Games\The Simpsons Hit & Run\Uninstall The Simpsons Hit & Run.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{F79AAB3A-B8B4-4AC7-94AB-1C4C076C6A89}\setup.exe" -l0x9
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player - reset preferences and cache files.lnk -> C:\Program Files (x86)\VideoLAN\VLC\vlc.exe (VideoLAN) -> --reset-config --reset-plugins-cache vlc://quit
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player skinned.lnk -> C:\Program Files (x86)\VideoLAN\VLC\vlc.exe (VideoLAN) -> -Iskins
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools\Default Programs.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DefaultPrograms
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools\Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft Corporation) -> /7
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sierra\FEAR\Uninstall FEAR.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{2B653229-9854-4989-B780-D978F5F13EAB}\setup.exe" -l0x9
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SEGA\Condemned - Criminal Origins\Deinstalliere Condemned - Criminal Origins.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{BB47D7EA-7EF1-475C-9C14-AF5B8FCA45E2}\setup.exe" -l0x7
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Radical Games\Scarface\Uninstall Scarface.lnk -> C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriver.exe (Macrovision Corporation) -> /M{28142407-ACAD-4ECD-A6B6-9FA8471F6062}
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Auf Updates prüfen.lnk -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\javacpl.exe (Oracle Corporation) -> -tab update
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Info zu Java.lnk -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\javacpl.exe (Oracle Corporation) -> -tab about
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support\WSG.lnk -> C:\SWSETUP\HP Documentation\eDocLauncher.exe (Hewlett-Packard) -> P004H7B2 WSG
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support\HP User Manuals\OPS.lnk -> C:\SWSETUP\HP Documentation\eDocLauncher.exe (Hewlett-Packard) -> P004GZB2 OPS
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support\HP User Manuals\SCG.lnk -> C:\SWSETUP\HP Documentation\eDocLauncher.exe (Hewlett-Packard) -> P004GZB2 SCG
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support\HP User Manuals\SRI.lnk -> C:\SWSETUP\HP Documentation\eDocLauncher.exe (Hewlett-Packard) -> P004GZB2 SRI
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support\HP User Manuals\TMG.lnk -> C:\SWSETUP\HP Documentation\eDocLauncher.exe (Hewlett-Packard) -> P004GZB2 TMG
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Embedded Lockdown Manager\Embedded Lockdown Manager.lnk -> C:\Windows\System32\mmc.exe (Microsoft Corporation) -> "%windir%\system32\EmbeddedLockdown.msc"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Elaborate Bytes\VirtualCloneDrive\Uninstall.lnk -> C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\Vcd-uninst.exe () -> /D="C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA Games\Need For Speed Hot Pursuit 2 Demo\Uninstall Need For Speed Hot Pursuit 2 Demo.lnk -> C:\Program Files (x86)\Common Files\InstallShield\Driver\7\Intel 32\IDriver.exe () -> /M{69EA6470-D4D3-49A3-89C8-0530C416ADB9}
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CAPCOM\Devil May Cry 3 Special Edition\Uninstall.lnk -> C:\Program Files (x86)\InstallShield Installation Information\{D4A8FCAB-9D30-4509-A3F1-D0B7E1BE9F00}\setup.exe (Macrovision Corporation) -> /removeonly
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Computer Management.lnk -> C:\Windows\System32\compmgmt.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Embedded Lockdown Manager.lnk -> C:\Windows\System32\mmc.exe (Microsoft Corporation) -> "%windir%\system32\EmbeddedLockdown.msc"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Event Viewer.lnk -> C:\Windows\System32\eventvwr.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk -> C:\Windows\System32\perfmon.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Resource Monitor.lnk -> C:\Windows\System32\perfmon.exe (Microsoft Corporation) -> /res
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk -> C:\Windows\System32\taskschd.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility\Speech Recognition.lnk -> C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation) -> -SpeechUX
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\8GadgetPack\Gadgets.lnk -> C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) -> /showGadgets
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\8GadgetPack\Uninstall 8GadgetPack.lnk -> C:\Windows\System32\msiexec.exe (Microsoft Corporation) -> /x {180B50DF-B2C8-43A1-AB97-2101AA62DDD3}
ShortcutWithArgument: C:\ProgramData\Hewlett-Packard\Recovery\Links\Apps.lnk -> C:\Program Files (x86)\Hewlett-Packard\Recovery\RecoveryMgr.exe (CyberLink) -> /ReinstallApp
ShortcutWithArgument: C:\ProgramData\Hewlett-Packard\Recovery\Links\DelRP.lnk -> C:\Program Files (x86)\Hewlett-Packard\Recovery\RecoveryMgr.exe (CyberLink) -> /DelRP
ShortcutWithArgument: C:\ProgramData\Hewlett-Packard\Recovery\Links\Driver.lnk -> C:\Program Files (x86)\Hewlett-Packard\Recovery\RecoveryMgr.exe (CyberLink) -> /ReinstallDriver
ShortcutWithArgument: C:\ProgramData\Hewlett-Packard\Recovery\Links\Report.lnk -> C:\Program Files (x86)\Hewlett-Packard\Recovery\RecoveryMgr.exe (CyberLink) -> /RecoveryReport
ShortcutWithArgument: C:\ProgramData\Hewlett-Packard\Recovery\Links\RMC.lnk -> C:\Program Files (x86)\Hewlett-Packard\Recovery\RecoveryMgr.exe (CyberLink) -> /CDCreator
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - Network Connections.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> ::{7007ACC7-3202-11D1-AAD2-00805FC1270E}
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DeviceManager
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\06 - System.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.System
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\08 - Power Options.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.PowerOptions
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\10 - Programs and Features.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.ProgramsAndFeatures
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f8-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> /e,::{20D04FE0-3AEA-1069-A2D8-08002B30309D}
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft Corporation) -> /0
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{3080F90D-D7AD-11D9-BD98-0000947B0257}
ShortcutWithArgument: C:\Users\optik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\project64 1.6\Uninstall Project64 1.6.lnk -> C:\Windows\SysWOW64\msiexec.exe (Microsoft Corporation) -> /x {9559F7CA-5E34-4237-A2D9-D856464AD727}
ShortcutWithArgument: C:\Users\optik\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\optik\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
ShortcutWithArgument: C:\Users\optik\AppData\Local\Microsoft\Windows Sidebar\Gadgets\Control_System.gadget\Hibernate.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> PowrProf,SetSuspendState Hibernate
ShortcutWithArgument: C:\Users\optik\AppData\Local\Microsoft\Windows Sidebar\Gadgets\Control_System.gadget\Logoff.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> user32.dll, LockWorkStation
ShortcutWithArgument: C:\Users\optik\AppData\Local\Microsoft\Windows Sidebar\Gadgets\Control_System.gadget\Restart.lnk -> C:\Windows\System32\shutdown.exe (Microsoft Corporation) -> -r -f -t 01
ShortcutWithArgument: C:\Users\optik\AppData\Local\Microsoft\Windows Sidebar\Gadgets\Control_System.gadget\Shutdown.lnk -> C:\Windows\System32\shutdown.exe (Microsoft Corporation) -> -s -f -t 01
ShortcutWithArgument: C:\Users\optik\AppData\Local\Microsoft\Windows Sidebar\Gadgets\Control_System.gadget\Standby.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> PowrProf,SetSuspendState
ShortcutWithArgument: C:\Users\optik\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - Network Connections.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> ::{7007ACC7-3202-11D1-AAD2-00805FC1270E}
ShortcutWithArgument: C:\Users\optik\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DeviceManager
ShortcutWithArgument: C:\Users\optik\AppData\Local\Microsoft\Windows\WinX\Group3\06 - System.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.System
ShortcutWithArgument: C:\Users\optik\AppData\Local\Microsoft\Windows\WinX\Group3\08 - Power Options.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.PowerOptions
ShortcutWithArgument: C:\Users\optik\AppData\Local\Microsoft\Windows\WinX\Group3\10 - Programs and Features.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.ProgramsAndFeatures
ShortcutWithArgument: C:\Users\optik\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\optik\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f8-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\optik\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> /e,::{20D04FE0-3AEA-1069-A2D8-08002B30309D}
ShortcutWithArgument: C:\Users\optik\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft Corporation) -> /0
ShortcutWithArgument: C:\Users\optik\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{3080F90D-D7AD-11D9-BD98-0000947B0257}


InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vivendi Universal Games\The Simpsons Hit & Run\Register.url -> hxxps://reg.vugames.com/prodreg.php?sku=72132
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam\Steam Support Center.url -> hxxp://support.steampowered.com/
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sierra\FEAR\Play F.E.A.R. Online with GameSpy Arcade.url -> hxxp://www.gamespyarcade.com/features/launch.asp?svcname=fear&distID=1089
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sierra\FEAR\Register F.E.A.R Online.url -> hxxp://www.vugames-europe.com/Eregistrations/init.aspx?lang=UK
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SEGA\Condemned - Criminal Origins\Condemned - Criminal Origins Web Site.url -> hxxp://www.condemnedgame.com
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Besuchen Sie Java.com.url -> hxxp://java.com/
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Hilfe aufrufen.url -> hxxp://java.com/help
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Instagiffer\Visit www.instagiffer.com.url -> hxxp://www.instagiffer.com
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOM Player\Homepage.url -> hxxp://www.gomlab.com/
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre - E-book Management\Get Involved.url -> hxxp://calibre-ebook.com/get-involved
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre - E-book Management\User Manual.url -> hxxp://manual.calibre-ebook.com/
InternetURL: C:\Users\Default\Favorites\Links\Amazon.de – online einkaufen.url -> hxxp://redirect.hp.com/svs/rdr?locale=de_de&c=124&bd=pavilion&tp=iefavbar&s=amazon&pf=cndt&TYPE=4
InternetURL: C:\Users\Default\Favorites\HP\Amazon.de – online einkaufen.url -> hxxp://redirect.hp.com/svs/rdr?locale=de_de&c=124&bd=pavilion&tp=iefavs&s=amazon&pf=cndt&TYPE=4
InternetURL: C:\Users\Default\Favorites\HP\eBay.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=ebay&pf=cndt&locale=de_de&bd=all&c=124
InternetURL: C:\Users\Default\Favorites\HP\Snapfish Fotos.url -> hxxp://www.snapfish.com/hp_desktop_desktopicon_2012_de
InternetURL: C:\Users\optik\Favorites\Bing.url -> hxxp://go.microsoft.com/fwlink/p/?LinkId=255142
InternetURL: C:\Users\optik\Favorites\Links\Amazon.de – online einkaufen.url -> hxxp://redirect.hp.com/svs/rdr?locale=de_de&c=124&bd=pavilion&tp=iefavbar&s=amazon&pf=cndt&TYPE=4
InternetURL: C:\Users\optik\Favorites\HP\Amazon.de – online einkaufen.url -> hxxp://redirect.hp.com/svs/rdr?locale=de_de&c=124&bd=pavilion&tp=iefavs&s=amazon&pf=cndt&TYPE=4
InternetURL: C:\Users\optik\Favorites\HP\eBay.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=ebay&pf=cndt&locale=de_de&bd=all&c=124
InternetURL: C:\Users\optik\Favorites\HP\Snapfish Fotos.url -> hxxp://www.snapfish.com/hp_desktop_desktopicon_2012_de
InternetURL: C:\Users\optik\Desktop\Project64 1.6\Docs\Project64 Message Board.url -> hxxp://www.emutalk.net/forumdisplay.php?s=&forumid=6
InternetURL: C:\Users\optik\Desktop\Project64 1.6\Docs\3rd Party Plugins\N-Rage\Homepage.url -> hxxp://go.to/nrage
InternetURL: C:\Users\optik\AppData\Roaming\Microsoft\Windows\Start Menu\MyHomepage\uninstall.url -> 0

==================== Ende von Shortcut.txt =============================

ertanal · 10.04.2016, 10:12

Code:

ATTFilter

Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
durchgeführt von optik (2016-04-10 11:01:01)
Gestartet von C:\Users\optik\Desktop
Windows 8.1 (X64) (2014-10-27 13:45:24)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-2461873215-4186745203-1289361242-500 - Administrator - Disabled)
Gast (S-1-5-21-2461873215-4186745203-1289361242-501 - Limited - Disabled)
optik (S-1-5-21-2461873215-4186745203-1289361242-1001 - Administrator - Enabled) => C:\Users\optik
UpdatusUser (S-1-5-21-2461873215-4186745203-1289361242-1002 - Limited - Enabled)

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

7-Zip 15.12 (x64 edition) (HKLM\...\{23170F69-40C1-2702-1512-000001000000}) (Version: 15.12.00.0 - Igor Pavlov)
8GadgetPack (HKLM-x32\...\{180B50DF-B2C8-43A1-AB97-2101AA62DDD3}) (Version: 12.0.0 - Helmut Buhler)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.213 - Adobe Systems Incorporated)
Adobe Reader 6.0.1 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A00000000001}) (Version: 006.000.001 - Adobe Systems Incorporated)
Alice-Installationsdateien entfernen (HKLM-x32\...\Alice) (Version:  - )
Among the Sleep Demo (HKLM-x32\...\Steam App 285540) (Version:  - Krillbite Studio)
Apple Application Support (32-Bit) (HKLM-x32\...\{649A1FD9-5892-46AD-8DF0-C4A43FF61CB7}) (Version: 4.1 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{0DE0A178-AC7B-4650-806C-CF226DE03766}) (Version: 4.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 11.1.2253 - AVAST Software)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Bully: Scholarship Edition (HKLM-x32\...\Steam App 12200) (Version:  - Rockstar New England)
calibre (HKLM-x32\...\{B4B62C79-A41D-47C6-B689-0416BEA6678F}) (Version: 2.35.0 - Kovid Goyal)
Condemned - Criminal Origins (HKLM-x32\...\{BB47D7EA-7EF1-475C-9C14-AF5B8FCA45E2}) (Version: 1.00.0000 - Monolith Productions)
Connected Music powered by Universal Music Group version 1.0 (HKLM-x32\...\{46037DC7-F927-46DF-935F-D6F122BDD34B}_is1) (Version: 1.0 - Snowite)
Cry of Fear (HKLM-x32\...\Steam App 223710) (Version:  - Team Psykskallar)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1.5510 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.1.1916 - CyberLink Corp.)
CyberLink PhotoDirector (HKLM-x32\...\InstallShield_{4862344A-A39C-4897-ACD4-A1BED5163C5A}) (Version: 2.0.1.3109 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.1.1902 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.1.1925 - CyberLink Corp.)
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.1.4319 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dead Space (HKLM-x32\...\{025A585C-0C66-413D-80D2-4C05CB699771}) (Version: 1.0.0.222 - Electronic Arts)
Devil May Cry 3 Special Edition (HKLM-x32\...\{D4A8FCAB-9D30-4509-A3F1-D0B7E1BE9F00}) (Version: 1.00.000 - CAPCOM)
Dual-Core Optimizer (HKLM-x32\...\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}) (Version: 1.1.4.0169 - AMD)
EA SPORTS™ FIFA 15 Demo (HKLM-x32\...\{108C0C19-6316-4944-A62F-C744488F8639}) (Version: 1.0.0.0 - Electronic Arts)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
FEAR (HKLM-x32\...\{2B653229-9854-4989-B780-D978F5F13EAB}) (Version: 1.00.0000 - Vivendi Universal Games, Inc.)
FIFA 13 Demo (HKLM-x32\...\{3F499657-766A-4A5F-AEE9-A1F8D295A4CE}) (Version: 1.0.0.0 - Electronic Arts)
FIFA 14 Demo (HKLM-x32\...\{7A6577E7-F341-430F-9173-91E14E2DE270}) (Version: 1.0.0.0 - Electronic Arts)
FIFA 16 DEMO (HKLM-x32\...\{D09AD1AE-6AAC-45EB-B9F6-C1F223DD8481}) (Version: 1.0.0.0 - Electronic Arts)
Free MP4 Video Converter version 5.0.37.327 (HKLM-x32\...\Free MP4 Video Converter_is1) (Version: 5.0.37.327 - DVDVideoSoft Ltd.)
Freemake Video Converter Version 4.1.4 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.4 - Ellora Assets Corporation)
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
GOM Player (HKLM-x32\...\GOM Player) (Version: 2.2.74.5237 - Gretech Corporation)
GpuTemp (HKLM\...\{0FFA85AB-D704-48A6-A009-25A0559152C3}) (Version: 2.1 - WR-Tools)
Grand Theft Auto IV (HKLM-x32\...\Steam App 12210) (Version:  - Rockstar North)
Grand Theft Auto: San Andreas (HKLM-x32\...\Steam App 12120) (Version:  - Rockstar Games)
GTAIII (HKLM-x32\...\{92B94569-6683-4617-8C54-EB27A1B51B30}) (Version:  - )
Hewlett-Packard ACLM.NET v1.2.0.0 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: v1.0 - Meridian Audio Ltd)
HP Connected Music (Meridian - player) (HKU\S-1-5-21-2461873215-4186745203-1289361242-1001\...\HPConnectedMusic) (Version: 1.1 (build 128) hp - Meridian Audio Ltd)
HP Connected Remote (HKLM-x32\...\{F243A34B-AB7F-4065-B770-B85B767C247C}) (Version: 1.0.1206 - Hewlett-Packard)
HP Registration Service (HKLM\...\{E4D6CCF2-0AAF-4B9C-9DE5-893EDC9B4BAA}) (Version: 1.0.5976.4186 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{FF27F674-821E-4BA2-985B-DDF539C2CD03}) (Version: 7.0.33.6 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 12.00.0000 - Hewlett-Packard)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6418.0 - IDT)
Instagiffer version 1.60 (HKLM-x32\...\{13DEF8F8-5280-4555-95A4-E815C3F9540F}_is1) (Version: 1.60 - Justin Todd)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.40 - Irfan Skiljan)
iTunes (HKLM\...\{E690A491-702F-4DEC-9977-C015D1DBB57C}) (Version: 12.3.1.23 - Apple Inc.)
Java 8 Update 77 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218077F0}) (Version: 8.0.770.3 - Oracle Corporation)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
K-Lite Codec Pack 10.4.0 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.4.0 - )
Malwarebytes Anti-Malware Version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Medal of Honor: Pacific Assault™ (HKLM-x32\...\{56CFA833-F44F-4199-8C58-7F8B38F2BC7B}) (Version: 1.2.1.280 - Electronic Arts)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{42AA4CA8-DCD8-4308-BCAB-0B6D75856A9D}) (Version: 3.5.95.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{67F42018-F647-4D3C-BE62-F8CB4FE2FCD5}) (Version: 3.5.67.0 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mozilla Firefox 38.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 38.0.1 (x86 de)) (Version: 38.0.1 - Mozilla)
Mozilla Firefox 43.0.4 (x86 de) (HKLM-x32\...\Mozilla Firefox 43.0.4 (x86 de)) (Version: 43.0.4 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 39.0 - Mozilla)
Need for Speed™ Most Wanted (HKLM-x32\...\{FB0127F3-985B-44CE-AE29-378CAF60B361}) (Version: 1.5.0.0 - Electronic Arts)
NVIDIA 3D Vision Controller-Treiber 352.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 352.65 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 362.00 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 362.00 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.10.2.40 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.10.2.40 - NVIDIA Corporation)
NVIDIA Grafiktreiber 362.00 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 362.00 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.34.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.4 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Origin (HKLM-x32\...\Origin) (Version: 9.4.6.2792 - Electronic Arts, Inc.)
PCSX2 - Playstation 2 Emulator (HKLM-x32\...\pcsx2-r4600) (Version:  - )
PCSX2 - Playstation 2 Emulator (HKLM-x32\...\pcsx2-r5350) (Version:  - )
PowerISO (HKLM-x32\...\PowerISO) (Version: 6.4 - Power Software Ltd)
Project64 1.6 (HKLM-x32\...\{9559F7CA-5E34-4237-A2D9-D856464AD727}) (Version: 1.6.1 - Project64)
QuickPar 0.9 (HKLM-x32\...\QuickPar) (Version: 0.9 - Peter B. Clements)
Rapture3D 2.3.22 Game (HKLM-x32\...\{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1) (Version:  - Blue Ripple Sound)
Recovery Manager (x32 Version: 5.5.0.5530 - CyberLink Corp.) Hidden
SafeZone Stable 1.48.2066.44 (x32 Version: 1.48.2066.44 - Avast Software) Hidden
SHIELD Streaming (Version: 5.1.0270 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.10.2.40 - NVIDIA Corporation) Hidden
Starsky & Hutch (HKLM-x32\...\Starsky & Hutch) (Version:  - Empire Interactive)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
Terrordrome_Final (HKLM-x32\...\{1EE65D14-6927-405F-A640-43ECBC9AB85C}) (Version: 2.9.5 - HuracanStudio)
Terrordrome_Final V2.9.5 (HKLM-x32\...\Terrordrome_Final V2.9.5) (Version: V2.9.5 - HuracanStudio)
The Darkness II (HKLM-x32\...\Steam App 67370) (Version:  - Digital Extremes)
THE HOUSE OF THE DEAD 3 (HKLM-x32\...\{B418F434-15CD-4B68-A022-CFE0DB92A6F9}) (Version: 1.00.000 - SEGA)
The Simpsons Hit & Run(TM) (HKLM-x32\...\{F79AAB3A-B8B4-4AC7-94AB-1C4C076C6A89}) (Version: 1.00.000 - )
Unity Web Player (HKU\S-1-5-21-2461873215-4186745203-1289361242-1001\...\UnityWebPlayer) (Version: 4.5.4f1 - Unity Technologies ApS)
Uplay (HKLM-x32\...\Uplay) (Version: 3.0 - Ubisoft)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

CustomCLSID: HKU\S-1-5-21-2461873215-4186745203-1289361242-1001_Classes\CLSID\{0B7AD8D3-094A-44DE-A348-83C6C3FA347C}\InprocServer32 -> C:\Users\optik\AppData\Local\Microsoft\Windows Sidebar\Gadgets\Clipboarder.gadget\Release\Clipboarder64.dll (Helmut Buhler)
CustomCLSID: HKU\S-1-5-21-2461873215-4186745203-1289361242-1001_Classes\CLSID\{0E7BE950-4ACC-47CB-834B-41A8B96BBFF9}\InprocServer32 -> C:\Users\optik\AppData\Local\Microsoft\Windows Sidebar\Gadgets\Sidebar7.gadget\Release\Sidebar7.64.dll (Helmut Buhler)

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {11101A89-1E47-4D88-B319-328F5B1A0EEF} - System32\Tasks\{3230BA38-CCC2-4A93-9FD2-92B9670F4E22} => pcalua.exe -a "M:\program files\Ubi Soft\Rayman3\Rayman3.exe" -d "M:\program files\Ubi Soft\Rayman3"
Task: {14622FD5-343E-43E2-AA67-CAA028E8E313} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-04-07] (Adobe Systems Incorporated)
Task: {26F2EE89-E087-47CE-A9AC-3023522ED98B} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-27] (Apple Inc.)
Task: {360FFC44-3B45-4D93-B6F3-069214AC3615} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-03-05] (AVAST Software)
Task: {5F798CC9-464A-4C9A-AE0E-D1DDBF1E34E0} - System32\Tasks\SafeZone scheduled Autoupdate 1458765619 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-02-01] (Avast Software)
Task: {6A99E002-2095-4572-8F7D-0E9D1C8581A8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-08-15] (Hewlett-Packard Company)
Task: {7000C388-1262-45F4-BF21-DDD9ADEDD3AD} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-03-09] (Microsoft Corporation)
Task: {73D44319-609F-4B3D-9B59-4B0F827AE841} - System32\Tasks\{270AD66E-5129-497E-BF0E-0E54870BE3AC} => pcalua.exe -a I:\Launch.exe -d I:\
Task: {8435C395-5D8F-49F4-A3F4-4BC9A83B33E3} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2012-08-07] (Hewlett-Packard Company)
Task: {992F4E7E-40ED-4F55-8304-65739920FCAF} - System32\Tasks\{B2A04B98-690D-4969-A68A-9A333E4D9779} => pcalua.exe -a M:\FileRgn.exe -d M:\
Task: {9C207940-0D1F-40E8-AE96-65490CA4E91C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-08-15] (Hewlett-Packard Company)
Task: {B61EF85C-8A42-40B7-B42D-011B9004FF18} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-02-07] (AVAST Software)
Task: {E15AC269-07EE-4C45-A79C-6A5F98F7860D} - System32\Tasks\{98ED1F75-53E1-4B7D-BE55-5479F6B65597} => pcalua.exe -a G:\DirectX\DX80en.exe -d G:\DirectX
Task: {F29078D9-C8A1-4E6C-8747-40828071D39D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-08-15] (Hewlett-Packard Company)
Task: {FF647FFB-7AE5-42EB-A2EC-2DD5A917A951} - System32\Tasks\{A1484182-16D1-4CEB-ADA0-E15D9B3BA8A6} => pcalua.exe -a "M:\program files\Ubi Soft\Rayman3\DirectX\dxsetup.exe" -d "M:\program files\Ubi Soft\Rayman3\DirectX"

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Verknüpfungen =============================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)

Shortcut: C:\Users\optik\Desktop\Terrordrome\Terrordrome Online.lnk -> C:\Program Files (x86)\HuracanStudio\Terrordrome_Final\launcher.bat ()
Shortcut: C:\Users\optik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MaxBatch.lnk -> C:\Program Files (x86)\Max Payne\MaxBatch.bat (Keine Datei)

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2014-10-27 15:21 - 2016-02-23 22:45 - 00133056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-10-13 06:45 - 2015-10-13 06:45 - 00085800 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-10-13 06:45 - 2015-10-13 06:45 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-03-02 23:07 - 2016-02-17 08:56 - 01416064 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\MessageBus.dll
2016-03-02 22:26 - 2016-02-17 08:56 - 00299392 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll
2016-03-02 23:07 - 2016-02-17 08:56 - 03613056 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Poco.dll
2012-08-29 12:02 - 2012-08-29 12:02 - 00120224 _____ () c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPItunesModule.dll
2012-08-29 12:02 - 2012-08-29 12:02 - 00048544 _____ () c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPItunesProxy.dll
2012-08-29 12:02 - 2012-08-29 12:02 - 00180224 _____ () c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\zxing.dll
2014-10-27 16:11 - 2014-10-27 16:11 - 00120224 _____ () C:\Users\optik\AppData\Local\assembly\dl3\4K796MHC.KKM\9BQW35LW.Q7P\98a9c14b\0017145d_cd85cd01\HPItunesModule.DLL
2016-02-07 23:05 - 2016-02-07 23:05 - 00113496 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2016-02-07 23:05 - 2016-02-07 23:05 - 00133768 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-04-09 20:27 - 2016-04-09 20:27 - 02876416 _____ () C:\Program Files\AVAST Software\Avast\defs\16040901\algo.dll
2016-02-07 23:05 - 2016-02-07 23:05 - 00480760 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2016-02-07 23:05 - 2016-02-07 23:05 - 00307808 _____ () C:\Program Files\AVAST Software\Avast\browser_pass.dll
2016-04-10 10:49 - 2016-04-10 10:49 - 02876416 _____ () C:\Program Files\AVAST Software\Avast\defs\16041000\algo.dll
2016-03-02 23:07 - 2016-02-17 09:02 - 00020352 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2012-11-26 19:10 - 2012-06-08 05:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 13:34 - 2012-06-08 13:34 - 00016400 _____ () c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2015-12-04 16:13 - 2015-12-04 16:13 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2012-11-26 19:05 - 2012-07-18 10:50 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)


==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)


==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)

IE trusted site: HKU\S-1-5-21-2461873215-4186745203-1289361242-1001\...\localhost -> localhost

==================== Hosts Inhalt: ===============================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts


==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-2461873215-4186745203-1289361242-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\optik\AppData\Roaming\Mozilla\Firefox\Desktop-Hintergrund.bmp
DNS Servers: 62.109.121.2 - 62.109.121.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)


==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [UDP Query User{1290F6E6-8A57-4451-BCC6-24FFC78A06AA}C:\users\optik\desktop\pyload-v0.4.9-win\pyload\dist\pyloadcore.exe] => (Block) C:\users\optik\desktop\pyload-v0.4.9-win\pyload\dist\pyloadcore.exe
FirewallRules: [TCP Query User{EA2FE541-DC25-4B04-A2EE-18A47391A251}C:\users\optik\desktop\pyload-v0.4.9-win\pyload\dist\pyloadcore.exe] => (Block) C:\users\optik\desktop\pyload-v0.4.9-win\pyload\dist\pyloadcore.exe
FirewallRules: [UDP Query User{DCC6B67A-69E0-447A-AF40-059D9DC9F1DB}C:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe
FirewallRules: [TCP Query User{4AA3DA39-96E4-47D0-ACC5-CCB39770F83C}C:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe
FirewallRules: [UDP Query User{22C48B7E-FC1D-4CBD-8655-843BEF3FE8CE}C:\program files (x86)\origin games\fifa 15 demo\fifa15_demo.exe] => (Allow) C:\program files (x86)\origin games\fifa 15 demo\fifa15_demo.exe
FirewallRules: [TCP Query User{29D859C4-9CEC-4EF4-9C1C-445AA912950F}C:\program files (x86)\origin games\fifa 15 demo\fifa15_demo.exe] => (Allow) C:\program files (x86)\origin games\fifa 15 demo\fifa15_demo.exe
FirewallRules: [{E0C52C12-0B7D-4D13-8B4B-5D95F6D1D7AA}] => (Allow) C:\Program Files (x86)\Origin Games\FIFA 15 DEMO\fifasetup\fifaconfig.exe
FirewallRules: [{23C45605-B5E2-47BE-9749-9040E171EBBA}] => (Allow) C:\Program Files (x86)\Origin Games\FIFA 15 DEMO\fifasetup\fifaconfig.exe
FirewallRules: [{B00B1C5A-DDEB-4DEC-BB60-A04BF87F1B72}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{21686015-0057-491B-A66F-5E0553F736AC}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{17A17685-47A0-44A1-A380-7DAD7EF24B88}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Grand Theft Auto San Andreas\gta-sa.exe
FirewallRules: [{60A61EFA-3CD6-40A5-9884-D4D71E5352E6}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Grand Theft Auto San Andreas\gta-sa.exe
FirewallRules: [{5DBEEF1B-0E0E-4F73-8C82-ED9DFF228538}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Grand Theft Auto IV\GTAIV\LaunchGTAIV.exe
FirewallRules: [{A50DB810-DADB-406B-87FD-77C9EB03D6EF}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Grand Theft Auto IV\GTAIV\LaunchGTAIV.exe
FirewallRules: [{C551166D-F754-4F4F-93DA-E861C2316BAD}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Darkness II\DarknessII.exe
FirewallRules: [{04A8AD80-1190-4C5B-A31A-2976739D2A6E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Darkness II\DarknessII.exe
FirewallRules: [{50414D68-36B5-43AC-AFA9-5FDBACCE44FD}] => (Allow) C:\Program Files (x86)\Origin Games\FIFA 13 Demo\Game\fifa13_demo.exe
FirewallRules: [{513E52D3-344D-4D06-BB3B-F5FCB898E342}] => (Allow) C:\Program Files (x86)\Origin Games\FIFA 13 Demo\Game\fifa13_demo.exe
FirewallRules: [{F23E50E8-86F1-4BF6-BE53-FA6261FF969B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Bully Scholarship Edition\Bully.exe
FirewallRules: [{06190683-94A7-462C-BF33-D8DE9DC73EF4}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Bully Scholarship Edition\Bully.exe
FirewallRules: [{B8C67915-FB09-461D-8B0F-15100BFE3F89}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{6FB048A7-2D57-4DEC-BEF4-2DE7CE153CF3}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{19AC9963-0DC4-4BEB-89CC-6FB224855B5B}] => (Allow) LPort=1900
FirewallRules: [{983C26A4-90CE-410F-A263-AF7EABCB1DDF}] => (Allow) LPort=2869
FirewallRules: [{08BAF4BB-DCF6-40DB-9D02-087D68AFD9AD}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{7BD47BC4-620E-4102-BDFE-DAA8CC2A555C}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{E664925A-B83A-4530-AF72-7D1F0C0C86FD}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [TCP Query User{1E1D9492-6244-4E47-AD58-427636C1C737}C:\program files (x86)\connectify\connectify.exe] => (Allow) C:\program files (x86)\connectify\connectify.exe
FirewallRules: [UDP Query User{FB64C4F3-7FAF-4A54-BCF1-97B1449BA50C}C:\program files (x86)\connectify\connectify.exe] => (Allow) C:\program files (x86)\connectify\connectify.exe
FirewallRules: [TCP Query User{CF791C29-ABDE-49EE-8553-A641960F5725}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe
FirewallRules: [UDP Query User{B2D8C3C5-41BF-472E-895E-6325AF6172A9}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe
FirewallRules: [{4974F657-632B-4F17-8A30-71778DA2F2E0}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{6542C786-4B80-4CBA-A5D4-1EAFC15B26E1}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{FFE1247B-468B-4247-A102-7D40160DA777}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{4C739E9C-9BED-468A-A397-73B5B40D9067}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{0CFD6A1A-6EA0-4B8E-9F0C-D376CE31378F}] => (Allow) C:\Program Files (x86)\Origin Games\FIFA 14 Demo\Game\fifa14_demo.exe
FirewallRules: [{9A55A05A-E229-4A83-AF7C-D6FC783C3A08}] => (Allow) C:\Program Files (x86)\Origin Games\FIFA 14 Demo\Game\fifa14_demo.exe
FirewallRules: [{52C3CB11-4EFF-4109-B303-3AC95DDB4831}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Cry of Fear\CoFLaunchApp.exe
FirewallRules: [{B4863902-1E2A-4702-B24F-1A637AE58BAE}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Cry of Fear\CoFLaunchApp.exe
FirewallRules: [TCP Query User{B85DF138-37D2-442B-A5FF-6F8E2A479346}C:\program files (x86)\steam\steamapps\common\cry of fear\cof.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\cry of fear\cof.exe
FirewallRules: [UDP Query User{38A5CF0A-38C0-49EA-9E13-B65F17FF964F}C:\program files (x86)\steam\steamapps\common\cry of fear\cof.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\cry of fear\cof.exe
FirewallRules: [{91223428-1506-4680-B804-8DBBFA875CAF}] => (Allow) C:\Users\optik\Desktop\firefox.exe
FirewallRules: [{A9DDB4AB-32D0-45E3-9D90-47B29DC1F0A8}] => (Allow) C:\Users\optik\Desktop\firefox.exe
FirewallRules: [TCP Query User{36457055-BC5F-43FD-B562-2CF06564AC71}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Block) C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [UDP Query User{100CAA9B-2EAB-4E0B-938E-14F1DA41E817}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Block) C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [{F5BB8811-A98A-4CEF-87D5-B0250828F215}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Among the Sleep Demo\Among the Sleep Demo.exe
FirewallRules: [{003784FA-4A0A-4779-9248-A38655C9730C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Among the Sleep Demo\Among the Sleep Demo.exe
FirewallRules: [TCP Query User{8B186FAC-BB5F-4B2D-81FE-C1558F2FA1AF}C:\program files (x86)\origin games\fifa 16 demo\fifa16_demo.exe] => (Allow) C:\program files (x86)\origin games\fifa 16 demo\fifa16_demo.exe
FirewallRules: [UDP Query User{A64728E4-E298-4A2C-B945-EC29AB0B58D5}C:\program files (x86)\origin games\fifa 16 demo\fifa16_demo.exe] => (Allow) C:\program files (x86)\origin games\fifa 16 demo\fifa16_demo.exe
FirewallRules: [{46207933-00AB-463D-B4A7-B10D08837DD8}] => (Block) C:\program files (x86)\origin games\fifa 16 demo\fifa16_demo.exe
FirewallRules: [{F8736320-B6F0-4BF5-9E3C-C8F7E679CBA3}] => (Block) C:\program files (x86)\origin games\fifa 16 demo\fifa16_demo.exe
FirewallRules: [{8D5481CE-EE10-4747-B921-C368EBDD2777}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{B05BDEE0-7A75-4509-8911-FBECC2C24434}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{038E4D1C-17EA-446B-9C4B-C69237CA0609}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{AAEBDD80-B578-4BB0-81CE-AA545862C77C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{BC6D894A-AEDA-497A-96BD-BA15CDC22307}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{6F283914-F546-4431-8D37-3CE795AC9C90}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{F59184D2-18AF-4EE7-AD3E-5D5BB386132E}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [TCP Query User{7A7E3250-7CE2-4D0C-807C-D8A8A4A33C8D}C:\program files (x86)\java\jre1.8.0_66\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_66\bin\javaw.exe
FirewallRules: [UDP Query User{9B84C064-4647-49C0-90C6-B0CEDAC6CA6D}C:\program files (x86)\java\jre1.8.0_66\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_66\bin\javaw.exe
FirewallRules: [{8013752C-CAD4-4EFE-8FBD-F6B7721D9F22}] => (Block) C:\program files (x86)\java\jre1.8.0_66\bin\javaw.exe
FirewallRules: [{2064C4D6-D831-40BC-8F90-11B996E55A52}] => (Block) C:\program files (x86)\java\jre1.8.0_66\bin\javaw.exe
FirewallRules: [{C9CC3AD6-3E69-49DE-A937-3D2844D9596D}] => (Allow) C:\Program Files (x86)\Sierra\FEAR\FEAR.exe
FirewallRules: [{38FA607D-DDD1-460E-9986-7A9370261D48}] => (Allow) C:\Program Files (x86)\Sierra\FEAR\FEAR.exe
FirewallRules: [{6B2C2D10-9193-4B3C-BA95-7F942769A3B2}] => (Allow) C:\Program Files (x86)\Origin Games\FIFA 16 DEMO\fifasetup\fifaconfig.exe
FirewallRules: [{28FCCF12-A04E-4261-88B0-BEC1EF35CB1A}] => (Allow) C:\Program Files (x86)\Origin Games\FIFA 16 DEMO\fifasetup\fifaconfig.exe
FirewallRules: [{40E84F7A-0A97-47C1-B848-0D4150E8187A}] => (Allow) C:\Program Files (x86)\Origin Games\Dead Space\Dead Space.exe
FirewallRules: [{95B23D7F-EE20-44CD-BD4C-620AA592AA59}] => (Allow) C:\Program Files (x86)\Origin Games\Dead Space\Dead Space.exe
FirewallRules: [TCP Query User{17C7600B-65F7-43E5-B78B-7C1122BDC3F2}C:\program files (x86)\r.g. mechanics\stranglehold\binaries\retail-stranglehold.exe] => (Block) C:\program files (x86)\r.g. mechanics\stranglehold\binaries\retail-stranglehold.exe
FirewallRules: [UDP Query User{7775C65B-4FB4-45DF-82CE-4F5CB9A8D78E}C:\program files (x86)\r.g. mechanics\stranglehold\binaries\retail-stranglehold.exe] => (Block) C:\program files (x86)\r.g. mechanics\stranglehold\binaries\retail-stranglehold.exe
FirewallRules: [{0407102A-1BC4-4D91-BD98-5364288E55BC}] => (Allow) C:\Program Files (x86)\Origin Games\Need for Speed(TM) Most Wanted\NFS13.exe
FirewallRules: [{B47A9204-F8AD-4FC9-B1C8-B0A1C5BB974E}] => (Allow) C:\Program Files (x86)\Origin Games\Need for Speed(TM) Most Wanted\NFS13.exe
FirewallRules: [TCP Query User{AF13D986-5B2A-48C4-A589-52A151B48795}C:\users\optik\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\optik\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [UDP Query User{144A41F0-BEDE-43D3-B22D-7DA0FC76A1C2}C:\users\optik\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\optik\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [{368B9B7B-7E93-47F4-9100-6077A466208C}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{13DFC5D0-95B9-4D53-A0A3-A5EDBECFE04B}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{64932311-4BF2-43B9-BD25-0CB444FBB116}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{7A345391-194B-4F81-ACFB-86D529C35A56}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{350C7948-1B54-4F41-B6B4-B34912607CA6}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{A5C9B7B9-B48A-4624-B34A-9F50A479C9CB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{0517F2F9-7F3C-4751-99A4-90E0A67B4257}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{927DAF2A-CB4F-4EC7-8D54-164C277A942C}] => (Allow) C:\Program Files (x86)\Origin Games\Medal of Honor Pacific Assault\mohpa.exe
FirewallRules: [{16B88443-D214-4C3A-9641-F2DCD37CEFC8}] => (Allow) C:\Program Files (x86)\Origin Games\Medal of Honor Pacific Assault\mohpa.exe
FirewallRules: [{24E109B0-0F72-4B2C-9F5C-EC68E3A39CDB}] => (Allow) C:\Program Files (x86)\Origin Games\Medal of Honor Pacific Assault\mohpa_setup.exe
FirewallRules: [{EB293D36-F626-42F7-B431-FCEBA88D5F19}] => (Allow) C:\Program Files (x86)\Origin Games\Medal of Honor Pacific Assault\mohpa_setup.exe
FirewallRules: [TCP Query User{9BA5FE86-62C8-40E8-8FEB-4F87914E9474}C:\program files (x86)\ubisoft\splinter cell pandora tomorrow\pandora.exe] => (Allow) C:\program files (x86)\ubisoft\splinter cell pandora tomorrow\pandora.exe
FirewallRules: [UDP Query User{CE3F6B29-4085-4DFA-8573-8D6901EB4841}C:\program files (x86)\ubisoft\splinter cell pandora tomorrow\pandora.exe] => (Allow) C:\program files (x86)\ubisoft\splinter cell pandora tomorrow\pandora.exe
FirewallRules: [{B6B84738-EDAE-4482-B8F7-D1B437D8A541}] => (Block) C:\program files (x86)\ubisoft\splinter cell pandora tomorrow\pandora.exe
FirewallRules: [{958186E6-E93A-4551-BEE0-9AA147650025}] => (Block) C:\program files (x86)\ubisoft\splinter cell pandora tomorrow\pandora.exe
FirewallRules: [{8FBB571F-C234-4C45-8B90-6B3DFFBD0086}] => (Allow) LPort=53000
FirewallRules: [{55F90C49-FACB-42A3-8B7E-99926E7C2690}] => (Allow) LPort=52000

==================== Wiederherstellungspunkte =========================

17-03-2016 19:08:01 Geplanter Prüfpunkt
24-03-2016 21:36:32 Windows Update
25-03-2016 22:32:19 Installed Call of Juarez
28-03-2016 21:50:31 Installiert Splinter Cell Pandora Tomorrow
06-04-2016 16:11:43 Removed PCKeeper
08-04-2016 13:29:25 JRT Pre-Junkware Removal

==================== Fehlerhafte Geräte im Gerätemanager =============

Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (04/10/2016 10:51:55 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_a9ec6aab013aafee.manifest.

Error: (04/10/2016 10:51:46 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_a9ec6aab013aafee.manifest.

Error: (04/10/2016 09:55:43 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_a9ec6aab013aafee.manifest.

Error: (04/10/2016 09:23:53 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_a9ec6aab013aafee.manifest.

Error: (04/10/2016 09:23:14 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_a9ec6aab013aafee.manifest.

Error: (04/10/2016 09:23:12 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_a9ec6aab013aafee.manifest.

Error: (04/10/2016 09:23:01 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_a9ec6aab013aafee.manifest.

Error: (04/10/2016 09:22:58 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_a9ec6aab013aafee.manifest.

Error: (04/08/2016 12:49:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: AdwCleaner_5.109.exe, Version: 5.1.0.9, Zeitstempel: 0x5702c144
Name des fehlerhaften Moduls: AdwCleaner_5.109.exe, Version: 5.1.0.9, Zeitstempel: 0x5702c144
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00020fea
ID des fehlerhaften Prozesses: 0x12c8
Startzeit der fehlerhaften Anwendung: 0xAdwCleaner_5.109.exe0
Pfad der fehlerhaften Anwendung: AdwCleaner_5.109.exe1
Pfad des fehlerhaften Moduls: AdwCleaner_5.109.exe2
Berichtskennung: AdwCleaner_5.109.exe3
Vollständiger Name des fehlerhaften Pakets: AdwCleaner_5.109.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: AdwCleaner_5.109.exe5

Error: (04/07/2016 04:19:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: DMC3SE.exe, Version: 1.3.0.0, Zeitstempel: 0x45dd7346
Name des fehlerhaften Moduls: DMC3SE.exe, Version: 1.3.0.0, Zeitstempel: 0x45dd7346
Ausnahmecode: 0xc0000094
Fehleroffset: 0x00239894
ID des fehlerhaften Prozesses: 0xd38
Startzeit der fehlerhaften Anwendung: 0xDMC3SE.exe0
Pfad der fehlerhaften Anwendung: DMC3SE.exe1
Pfad des fehlerhaften Moduls: DMC3SE.exe2
Berichtskennung: DMC3SE.exe3
Vollständiger Name des fehlerhaften Pakets: DMC3SE.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: DMC3SE.exe5


Systemfehler:
=============
Error: (04/10/2016 09:24:42 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1275

Error: (04/10/2016 09:24:42 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\optik\AppData\Local\Temp\ehdrv.sys

Error: (04/10/2016 09:24:41 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\optik\AppData\Local\Temp\ehdrv.sys

Error: (04/10/2016 09:24:41 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1275

Error: (04/10/2016 09:24:41 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1275

Error: (04/10/2016 09:24:41 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\optik\AppData\Local\Temp\ehdrv.sys

Error: (04/10/2016 09:20:52 AM) (Source: Schannel) (EventID: 4102) (User: NT-AUTORITÄT)
Description: Schwerwiegender Fehler beim Zugriff auf den privaten Schlüssel der Anmeldeinformationen Server für SSL. Der vom kryptografischen Modul zurückgegebene Fehlercode lautet 0x8009030d. Der interne Fehlerstatus ist 10001.

Error: (04/10/2016 09:20:46 AM) (Source: Schannel) (EventID: 4102) (User: NT-AUTORITÄT)
Description: Schwerwiegender Fehler beim Zugriff auf den privaten Schlüssel der Anmeldeinformationen Server für SSL. Der vom kryptografischen Modul zurückgegebene Fehlercode lautet 0x8009030d. Der interne Fehlerstatus ist 10001.

Error: (04/10/2016 09:18:15 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "VBoxAsw Support Driver" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (04/10/2016 09:18:15 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \SystemRoot\SysWow64\drivers\tandpl.sys


CodeIntegrity:
===================================
  Date: 2015-07-28 13:23:48.269
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-05-13 22:14:11.429
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-05-13 22:14:11.085
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-05-13 22:14:10.788
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-05-13 22:14:10.585
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-05-13 22:14:10.178
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-05-13 22:14:09.897
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-05-13 22:14:06.741
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-05-13 22:14:06.569
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-05-13 22:14:06.319
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Speicherinformationen =========================== 

Prozessor: Intel(R) Core(TM) i7-3770 CPU @ 3.40GHz
Prozentuale Nutzung des RAM: 28%
Installierter physikalischer RAM: 8147.35 MB
Verfügbarer physikalischer RAM: 5799.07 MB
Summe virtueller Speicher: 8547.35 MB
Verfügbarer virtueller Speicher: 5699.23 MB

==================== Laufwerke ================================

Drive c: (OS) (Fixed) (Total:1849.89 GB) (Free:984.11 GB) NTFS ==>[System mit Startkomponenten (eingeholt von Laufwerk)]
Drive d: (Recovery Image) (Fixed) (Total:11.21 GB) (Free:1.33 GB) NTFS ==>[System mit Startkomponenten (eingeholt von Laufwerk)]
Drive g: (DMC3_SE) (CDROM) (Total:3.81 GB) (Free:0 GB) CDFS
Drive h: (FEAR) (CDROM) (Total:4.2 GB) (Free:0 GB) CDFS
Drive i: (Hit & Run 1) (CDROM) (Total:0.63 GB) (Free:0 GB) CDFS
Drive j: (Hit & Run 2) (CDROM) (Total:0.64 GB) (Free:0 GB) CDFS
Drive k: (Hit & Run 3) (CDROM) (Total:0.6 GB) (Free:0 GB) CDFS

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (Size: 1863 GB) (Disk ID: 59A27AD7)

Partition: GPT.

==================== Ende von Addition.txt ============================

Code:

ATTFilter

Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
durchgeführt von optik (Administrator) auf TWINZ (10-04-2016 11:00:36)
Gestartet von C:\Users\optik\Desktop
Geladene Profile: optik (Verfügbare Profile: optik)
Platform: Windows 8.1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Hewlett-Packard ) C:\Program Files\IDT\WDM\Beats64.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Power Software Ltd) C:\Program Files\PowerISO\PWRISOVM.EXE
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(W. Rolke) C:\Users\optik\Desktop\GpuTmp64.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteUser.exe
(SurfRight B.V.) C:\Users\optik\Desktop\HitmanPro_x64.exe


==================== Registry (Nicht auf der Ausnahmeliste) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [37888 2012-09-19] (Hewlett-Packard )
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-09-19] (IDT, Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-10-16] (Apple Inc.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2789248 2016-02-17] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-08] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => c:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-02] (CyberLink Corp.)
HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7139256 2016-03-23] (AVAST Software)
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files\PowerISO\PWRISOVM.EXE [408888 2015-10-08] (Power Software Ltd)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [595480 2016-03-20] (Oracle Corporation)
HKU\S-1-5-21-2461873215-4186745203-1289361242-1001\...\MountPoints2: G - "G:\setup.exe" 
HKU\S-1-5-21-2461873215-4186745203-1289361242-1001\...\MountPoints2: H - "H:\AutoRun.exe" 
HKU\S-1-5-21-2461873215-4186745203-1289361242-1001\...\MountPoints2: I - "I:\AutoRunLauncher.exe" 
HKU\S-1-5-21-2461873215-4186745203-1289361242-1001\...\MountPoints2: J - "J:\AutoRunLauncher.exe" 
HKU\S-1-5-21-2461873215-4186745203-1289361242-1001\...\MountPoints2: K - "K:\AutoRunLauncher.exe" 
HKU\S-1-5-21-2461873215-4186745203-1289361242-1001\...\MountPoints2: L - "L:\hod3launch.exe" 
HKU\S-1-5-21-2461873215-4186745203-1289361242-1001\...\MountPoints2: M - "M:\autorun.exe" 
HKU\S-1-5-21-2461873215-4186745203-1289361242-1001\...\MountPoints2: N - "N:\autorun.exe" 
HKU\S-1-5-21-2461873215-4186745203-1289361242-1001\...\MountPoints2: O - "O:\Setup.exe" 
HKU\S-1-5-21-2461873215-4186745203-1289361242-1001\...\MountPoints2: P - "P:\FileRgn.exe" 
HKU\S-1-5-21-2461873215-4186745203-1289361242-1001\...\MountPoints2: T - "T:\CojLauncher.exe" 
HKU\S-1-5-21-2461873215-4186745203-1289361242-1001\...\MountPoints2: U - "U:\setup\rsrc\Autorun.exe" 
HKU\S-1-5-21-2461873215-4186745203-1289361242-1001\...\MountPoints2: V - "V:\setup\rsrc\Autorun.exe" 
HKU\S-1-5-21-2461873215-4186745203-1289361242-1001\...\MountPoints2: W - "W:\setup\rsrc\Autorun.exe" 
HKU\S-1-5-21-2461873215-4186745203-1289361242-1001\...\MountPoints2: X - "X:\autorun.exe" 
HKU\S-1-5-21-2461873215-4186745203-1289361242-1001\...\MountPoints2: {0b1c8cbf-93a0-11e5-bec1-b4b52fc7a0fe} - "G:\install.exe" 
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-02-07] (AVAST Software)

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Tcpip\..\Interfaces\{8FDBB051-95BF-412F-933F-373BC2F0A315}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{BF2A7DDF-191F-4DBA-9518-9620668B1B1F}: [NameServer] 62.109.121.2 62.109.121.1

Internet Explorer:
==================
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-02-07] (AVAST Software)
BHO-x32: AcroIEHlprObj Class -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files (x86)\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [2003-11-03] (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\ssv.dll [2016-03-28] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-02-07] (AVAST Software)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\jp2ssv.dll [2016-03-28] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2012-07-09] (Hewlett-Packard)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\optik\AppData\Roaming\Mozilla\Firefox\Profiles\p9jyse6p.default-1431195495895
FF Homepage: google.com
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_21_0_0_213.dll [2016-04-07] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_213.dll [2016-04-07] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-08] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-07-18] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-07-18] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.77.2 -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\dtplugin\npDeployJava1.dll [2016-03-28] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.77.2 -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\plugin2\npjp2.dll [2016-03-28] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-02-23] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-02-23] (NVIDIA Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin HKU\S-1-5-21-2461873215-4186745203-1289361242-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\optik\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-06-17] (Unity Technologies ApS)
FF SearchPlugin: C:\Users\optik\AppData\Roaming\Mozilla\Firefox\Profiles\p9jyse6p.default-1431195495895\searchplugins\yahoo-ysp.xml [2015-11-27]
FF Extension: WOT - C:\Users\optik\AppData\Roaming\Mozilla\Firefox\Profiles\p9jyse6p.default-1431195495895\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2015-11-11]
FF Extension: MakeGIF Video Capture - C:\Users\optik\AppData\Roaming\Mozilla\Firefox\Profiles\p9jyse6p.default-1431195495895\extensions\makegifvideocapture@makegif.com.xpi [2015-12-09]
FF Extension: Greasemonkey - C:\Users\optik\AppData\Roaming\Mozilla\Firefox\Profiles\p9jyse6p.default-1431195495895\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2016-01-05]
FF Extension: Ant Video Downloader - C:\Users\optik\AppData\Roaming\Mozilla\Firefox\Profiles\p9jyse6p.default-1431195495895\extensions\anttoolbar@ant.com [2016-04-08]
FF Extension: Adblock Plus - C:\Users\optik\AppData\Roaming\Mozilla\Firefox\Profiles\p9jyse6p.default-1431195495895\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-11-24]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-02-07]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-02-07]

Chrome: 
=======
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-02-07]

==================== Dienste (Nicht auf der Ausnahmeliste) ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [237096 2016-02-07] (AVAST Software)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1164672 2016-02-17] (NVIDIA Corporation)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [85504 2012-08-15] (Hewlett-Packard Company) [Datei ist nicht signiert]
R2 HPConnectedRemote; c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe [35232 2012-08-29] (Hewlett-Packard)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [Datei ist nicht signiert]
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-18] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1880960 2016-02-17] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [6474112 2016-02-17] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2609024 2016-02-17] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2119688 2016-03-29] (Electronic Arts)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [321536 2012-09-19] (IDT, Inc.) [Datei ist nicht signiert]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
S3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [X]

===================== Treiber (Nicht auf der Ausnahmeliste) ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-02-07] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-03-23] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [107792 2016-03-09] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-02-07] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-02-07] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1070904 2016-03-09] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [463744 2016-02-23] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [165344 2016-02-07] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [287016 2016-02-10] (AVAST Software)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30264 2015-11-25] (Disc Soft Ltd)
S3 dtliteusbbus; C:\Windows\System32\drivers\dtliteusbbus.sys [47160 2015-11-25] (Disc Soft Ltd)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [49584 2016-04-10] ()
S3 Netaapl; C:\Windows\system32\DRIVERS\netaapl64.sys [23040 2013-08-06] (Apple Inc.) [Datei ist nicht signiert]
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [28032 2016-02-17] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [47760 2015-12-18] (NVIDIA Corporation)
S3 PDNMp50; C:\WINDOWS\SysWOW64\drivers\PDNMp50.sys [28224 2006-11-28] (Printing Communications Assoc., Inc. (PCAUSA))
S3 PDNSp50; C:\WINDOWS\SysWOW64\drivers\PDNSp50.sys [27072 2006-11-28] (Printing Communications Assoc., Inc. (PCAUSA))
R2 secdrv; C:\Windows\SysWow64\Drivers\secdrv.sys [11973 2016-03-28] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Datei ist nicht signiert]
S0 sfsync02; C:\Windows\System32\drivers\sfsync02.sys [22936 2006-07-10] (Protection Technology)
S2 tandpl; C:\Windows\SysWOW64\drivers\tandpl.sys [4736 2003-04-19] () [Datei ist nicht signiert]
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [71680 2014-04-30] (Microsoft Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
S2 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-04-10 10:54 - 2016-04-10 10:54 - 00049584 _____ C:\WINDOWS\system32\Drivers\hitmanpro37.sys
2016-04-10 10:53 - 2016-04-10 10:54 - 00000000 ____D C:\ProgramData\HitmanPro
2016-04-10 10:52 - 2016-04-10 10:53 - 11441744 _____ (SurfRight B.V.) C:\Users\optik\Desktop\HitmanPro_x64.exe
2016-04-10 09:23 - 2016-04-10 09:23 - 00000000 ____D C:\Program Files (x86)\ESET
2016-04-10 09:22 - 2016-04-10 09:22 - 02870984 _____ (ESET) C:\Users\optik\Desktop\esetsmartinstaller_deu.exe
2016-04-10 09:15 - 2016-04-10 09:16 - 00009763 _____ C:\Users\optik\Desktop\Fixlog.txt
2016-04-08 13:31 - 2016-04-08 13:31 - 00001143 _____ C:\Users\optik\Desktop\JRT.txt
2016-04-08 13:27 - 2016-04-08 13:27 - 01610352 _____ (Malwarebytes) C:\Users\optik\Desktop\JRT.exe
2016-04-08 13:26 - 2016-04-08 13:26 - 00005105 _____ C:\Users\optik\Desktop\mbam.txt
2016-04-08 12:45 - 2016-04-08 12:51 - 00000000 ____D C:\AdwCleaner
2016-04-08 12:45 - 2016-04-08 12:45 - 03119168 _____ C:\Users\optik\Desktop\AdwCleaner_5.109.exe
2016-04-07 16:16 - 2016-04-07 16:16 - 00001820 _____ C:\Users\optik\Desktop\DMC3SE.exe - Verknüpfung.lnk
2016-04-07 16:11 - 2016-04-07 16:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CAPCOM
2016-04-07 16:09 - 2016-04-07 16:09 - 00000000 ____D C:\Program Files (x86)\CAPCOM
2016-04-07 14:48 - 2016-04-07 14:48 - 00000860 _____ C:\Users\optik\AppData\Local\recently-used.xbel
2016-04-07 14:12 - 2016-04-07 14:16 - 00230270 _____ C:\TDSSKiller.3.1.0.9_07.04.2016_14.12.39_log.txt
2016-04-07 14:12 - 2016-04-07 14:12 - 04727984 _____ (Kaspersky Lab ZAO) C:\Users\optik\Desktop\tdsskiller.exe
2016-04-07 14:09 - 2016-04-08 13:35 - 00052204 _____ C:\Users\optik\Desktop\Addition.txt
2016-04-07 14:08 - 2016-04-10 11:00 - 00018763 _____ C:\Users\optik\Desktop\FRST.txt
2016-04-07 14:08 - 2016-04-10 11:00 - 00000000 ____D C:\FRST
2016-04-07 14:07 - 2016-04-07 14:07 - 02374144 _____ (Farbar) C:\Users\optik\Desktop\FRST64.exe
2016-04-06 21:36 - 2016-04-07 16:04 - 00000000 ____D C:\Users\optik\Downloads\DMC3 SE
2016-04-06 16:09 - 2016-04-06 16:14 - 00000000 ____D C:\Program Files (x86)\SecureVPN.com
2016-04-06 16:09 - 2016-04-06 16:09 - 00000000 ____D C:\Users\optik\AppData\Roaming\Microsoft\Windows\Start Menu\MyHomepage
2016-03-28 21:55 - 2016-03-28 21:55 - 00000000 ____D C:\NVIDIA
2016-03-28 19:49 - 2016-03-28 19:49 - 00001272 _____ C:\Users\optik\Desktop\Starsky.exe - Verknüpfung.lnk
2016-03-28 19:46 - 2016-03-28 19:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Empire Interactive
2016-03-28 19:44 - 2016-03-28 19:44 - 00000000 ____D C:\Program Files (x86)\Empire Interactive
2016-03-28 18:51 - 2016-03-28 19:19 - 00000000 ____D C:\Users\optik\Downloads\STARSKY AND HUTCH-DEViANCE
2016-03-26 15:59 - 2016-03-26 15:59 - 00001792 _____ C:\Users\optik\Desktop\Condemned.exe - Verknüpfung.lnk
2016-03-26 12:10 - 2016-03-26 15:06 - 00000000 ____D C:\Users\optik\Downloads\CONDEMNED
2016-03-25 16:37 - 2016-03-25 22:30 - 00000000 ____D C:\Users\optik\Downloads\Call of Juarez 1
2016-03-25 13:32 - 2003-04-19 01:32 - 00004736 _____ C:\WINDOWS\SysWOW64\Drivers\tandpl.sys
2016-03-25 13:32 - 2003-03-02 18:44 - 00007552 _____ C:\WINDOWS\SysWOW64\Drivers\enodpl.sys
2016-03-23 22:40 - 2016-04-10 09:16 - 00001179 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2016-03-23 22:40 - 2016-03-23 22:40 - 00037144 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2016-03-23 22:40 - 2016-03-23 22:40 - 00003064 _____ C:\WINDOWS\System32\Tasks\SafeZone scheduled Autoupdate 1458765619

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-04-10 10:53 - 2014-04-09 21:25 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-04-10 10:44 - 2015-09-09 20:15 - 00000000 ____D C:\Users\optik\AppData\Roaming\vlc
2016-04-10 10:41 - 2014-04-22 19:01 - 00000000 ____D C:\Users\optik\Downloads\Ant Videos
2016-04-10 09:52 - 2014-04-09 20:03 - 00003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2461873215-4186745203-1289361242-1001
2016-04-10 09:18 - 2014-11-19 23:49 - 00000000 ___RD C:\Users\optik\OneDrive
2016-04-10 09:18 - 2013-08-22 16:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-04-10 09:17 - 2014-10-27 15:21 - 00000000 ____D C:\ProgramData\NVIDIA
2016-04-10 09:17 - 2013-08-22 15:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2016-04-10 09:16 - 2014-10-27 15:47 - 00001180 _____ C:\Users\optik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-04-10 09:16 - 2014-08-04 14:08 - 00000000 ____D C:\Users\optik\AppData\LocalLow\Temp
2016-04-10 09:16 - 2014-04-09 21:13 - 00001067 _____ C:\Users\optik\Desktop\Mozilla Firefox.lnk
2016-04-10 09:16 - 2014-04-09 20:25 - 00001079 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-04-10 09:06 - 2014-11-04 22:52 - 00003918 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{09DED0F7-12EB-4DA8-8F2B-74E93CB86259}
2016-04-09 21:38 - 2014-04-09 21:03 - 00000000 ____D C:\ProgramData\Origin
2016-04-09 10:06 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-04-08 23:04 - 2015-11-27 16:35 - 00000000 ____D C:\JDownloader v2.0
2016-04-08 13:23 - 2015-08-01 21:38 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-04-08 12:58 - 2015-08-01 21:38 - 00001120 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2016-04-08 12:58 - 2015-08-01 21:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2016-04-08 12:58 - 2015-08-01 21:38 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2016-04-08 12:54 - 2014-06-12 13:29 - 00004182 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update
2016-04-08 12:54 - 2013-08-22 15:36 - 00000000 ____D C:\WINDOWS\Inf
2016-04-08 12:50 - 2016-03-05 13:56 - 00000000 ____D C:\Users\optik\AppData\Local\CrashDumps
2016-04-08 12:49 - 2015-11-25 17:44 - 00000000 ____D C:\Program Files (x86)\Lavasoft
2016-04-07 20:53 - 2014-04-09 21:25 - 00003772 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2016-04-07 16:09 - 2012-11-26 19:04 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-04-07 14:57 - 2015-06-18 15:32 - 00000000 ____D C:\Users\optik\.gimp-2.8
2016-04-07 09:37 - 2015-02-20 23:35 - 00000000 ____D C:\Users\optik\Desktop\Neuer Ordner (2)
2016-04-04 15:10 - 2014-09-24 08:17 - 01980934 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-04-04 15:10 - 2014-09-24 07:43 - 00841326 _____ C:\WINDOWS\system32\perfh007.dat
2016-04-04 15:10 - 2014-09-24 07:43 - 00191558 _____ C:\WINDOWS\system32\perfc007.dat
2016-04-03 21:51 - 2013-08-22 16:44 - 00351464 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-03-29 21:14 - 2014-04-09 21:03 - 00000000 ____D C:\Program Files (x86)\Origin
2016-03-29 18:55 - 2015-12-19 13:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ubisoft
2016-03-29 18:55 - 2015-12-19 13:39 - 00000000 ____D C:\Program Files (x86)\Ubisoft
2016-03-28 22:17 - 2016-01-10 01:37 - 00000000 ____D C:\Users\optik\AppData\Local\Midway
2016-03-28 22:17 - 2016-01-10 01:29 - 00000000 ____D C:\Program Files (x86)\R.G. Mechanics
2016-03-28 22:14 - 2014-04-09 20:47 - 00000000 ____D C:\Program Files (x86)\Steam
2016-03-28 21:54 - 2015-11-25 20:43 - 00011973 _____ (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) C:\WINDOWS\SysWOW64\Drivers\SECDRV.SYS
2016-03-28 13:36 - 2015-12-21 16:09 - 00097856 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2016-03-28 13:36 - 2015-12-21 16:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-03-28 13:36 - 2015-12-21 16:08 - 00000000 ____D C:\Program Files (x86)\Java
2016-03-28 13:36 - 2015-11-27 15:20 - 00000000 ____D C:\Users\optik\.oracle_jre_usage
2016-03-28 13:36 - 2014-04-15 12:20 - 00000000 ____D C:\ProgramData\Oracle
2016-03-26 15:56 - 2015-11-27 22:22 - 00000000 ____D C:\Users\Public\Documents\Monolith Productions
2016-03-26 15:53 - 2015-12-30 13:41 - 00000000 ____D C:\Program Files (x86)\SEGA
2016-03-26 15:53 - 2015-12-04 15:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SEGA
2016-03-25 17:16 - 2014-04-12 12:48 - 00000000 ____D C:\Users\optik\Documents\EA Games
2016-03-25 16:39 - 2014-04-09 21:16 - 00000000 ____D C:\Program Files (x86)\Origin Games
2016-03-24 21:38 - 2012-07-26 09:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-03-24 21:37 - 2015-04-04 18:55 - 00000000 ___SD C:\WINDOWS\SysWOW64\GWX
2016-03-24 21:37 - 2015-04-04 18:55 - 00000000 ___SD C:\WINDOWS\system32\GWX
2016-03-23 22:40 - 2014-06-12 13:29 - 00000000 ____D C:\Program Files\AVAST Software
2016-03-23 22:40 - 2014-06-12 13:28 - 00000000 ____D C:\ProgramData\AVAST Software
2016-03-20 16:12 - 2015-03-27 14:22 - 01426411 ____N C:\Users\optik\AppData\Local\Tempmusic.ogg
2016-03-13 14:22 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\rescache

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2012-03-11 02:46 - 2012-03-11 02:46 - 0101888 _____ (W. Rolke) C:\Program Files (x86)\GpuTmp64.exe
2010-11-11 16:34 - 2014-12-10 16:29 - 0201728 _____ (Freebyte.com) C:\Program Files (x86)\hjsplit.exe
2007-04-27 11:06 - 2014-10-27 01:23 - 0148416 _____ (Macrovision Corporation) C:\Program Files (x86)\_setup.dll
2015-05-17 18:39 - 2015-05-17 18:39 - 0000122 _____ () C:\Users\optik\AppData\Roaming\profiles.ini
2015-11-25 20:00 - 2015-11-25 20:00 - 0000026 _____ () C:\Users\optik\AppData\Local\isoworkshop.ini
2016-04-07 14:48 - 2016-04-07 14:48 - 0000860 _____ () C:\Users\optik\AppData\Local\recently-used.xbel
2015-03-27 14:22 - 2016-03-20 16:12 - 1426411 ____N () C:\Users\optik\AppData\Local\Tempmusic.ogg
2014-04-09 19:57 - 2014-04-09 19:57 - 0000141 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc

Dateien, die verschoben oder gelöscht werden sollten:
====================
C:\Users\optik\nolf.reg
C:\Users\optik\nolfcmds.bat


==================== Bamital & volsnap =================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert


LastRegBack: 2016-04-10 09:52

==================== Ende von FRST.txt ============================

M-K-D-B · 10.04.2016, 14:58

Servus,

Reste entfernen
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

CloseProcesses:
DeleteKey: HKLM\SOFTWARE\Classes\AppID\{0d45aa19-e850-49d3-a5a7-26cc49aac62b}
DeleteKey: HKLM\SOFTWARE\Classes\AppID\{6768c435-b8a5-418e-a09d-ac391d4949dc}
DeleteKey: HKLM\SOFTWARE\Classes\Wow6432Node\AppID\{0d45aa19-e850-49d3-a5a7-26cc49aac62b}
DeleteKey: HKLM\SOFTWARE\Classes\Wow6432Node\AppID\{6768c435-b8a5-418e-a09d-ac391d4949dc}
DeleteKey: HKU\S-1-5-21-2461873215-4186745203-1289361242-1001\Software\Classes\Wow6432Node\Interface\{3B3F3AAD-FB97-49FF-BFEE-D22869AC4326}
DeleteKey: HKU\S-1-5-21-2461873215-4186745203-1289361242-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\SnapDo.exe
DeleteKey: HKU\S-1-5-21-2461873215-4186745203-1289361242-1001_Classes\Wow6432Node\Interface\{3B3F3AAD-FB97-49FF-BFEE-D22869AC4326}
Reboot:
end

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Die Fixlog von FRST gleich posten, da diese sonst mit DelFix (siehe weiter unten) automatisch entfernt wird!

Hinweis: Registry Cleaner

Ich sehe, dass du sogenannte Registry Cleaner installiert hast.
In deinem Fall CCleaner.

Wir raten von der Verwendung jeglicher Art von Registry Cleaner ab.

Der Grund ist ganz einfach:
Die Registry ist das Hirn des Systems. Funktioniert das Hirn nicht, funktioniert der Rest nicht mehr wirklich.
Man sollte nicht unnötigerweise an der Registry rumbasteln. Schon ein kleiner Fehler kann gravierende Folgen haben und auch Programme machen manchmal Fehler.
Zerstörst du die Registry, zerstörst du Windows.

Zudem ist der Nutzen zur Performancesteigerung umstritten und meist kaum im wahrnehmbaren Bereich.

Ich würde dir empfehlen, Registry Cleaner nicht weiterhin zu verwenden und über

Start --> Systemsteuerung --> Software (bei Windows XP)
Start --> Systemsteuerung --> Programme und Funktionen (bei Vista / Win 7)

zu deinstallieren.

Wenn du keine Probleme mehr mit Malware hast, dann sind wir hier fertig. Deine Logdateien sind sauber.

Zum Schluss müssen wir noch ein paar abschließende Schritte unternehmen, um deinen Pc aufzuräumen und abzusichern.

Cleanup:
Alle Logs gepostet? Dann lade Dir bitte

DelFix herunter.

Schließe alle offenen Programme.
Starte die delfix.exe mit einem Doppelklick.
Setze vor jede Funktion ein Häkchen.
Klicke auf Start.

Hinweis:
DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
Starte Deinen Rechner anschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen.

Absicherung:
Beim Betriebsystem Windows die automatischen Updates aktivieren. Auch die sicherheitsrelevante Software sollte immer nur in der aktuellsten Version vorliegen:
Browser
Java
Flash-Player
PDF-Reader

Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren.
Ich empfehle z.B. die Verwendung von Mozilla Firefox statt des Internet Explorers. Zudem lassen sich mit dem Firefox auch PDF-Dokumente öffnen.

Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig.

Sofern du noch unentschieden bist, verwende ein einziges der folgenden Antivirusprogramme mit Echtzeitscanner und stets aktueller Signaturendatenbank:

	Emsisoft	Microsoft Security Essentials	ESET

Microsoft Security Essentials (MSE) ist ab Windows 8 fest eingebaut, wenn du also Windows 8, 8.1 oder 10 und dich für MSE entschieden hast, brauchst du nicht extra MSE zu installieren. Bei Windows 7 muss es aber manuell installiert oder über die Windows Updates als optionales Update bezogen werden. Selbstverständlich ist ein legales/aktiviertes Windows Voraussetzung dafür.

Zusätzlich kannst Du Deinen PC regelmäßig mit Malwarebytes Anti-Malware und ESET scannen.

Optional:

Adblock Plus Kann Banner, Pop-ups, Videowerbung, Tracking und Malware-Seiten blockieren.

NoScript Verhindert das Ausführen von aktiven Inhalten (Java, JavaScript, Flash,...) für sämtliche Websites. Man kann aber nach dem Prinzip einer Whitelist festlegen, auf welchen Seiten Scripts erlaubt werden sollen.

Malwarebytes Anti Exploit: Schützt die Anwendungen des Computers vor der Ausnutzung bekannter Schwachstellen.

Lade Software von einem sauberen Portal wie

.
Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen, fürs Programm, irrelevanten Ergänzungen.
Um Adware wieder los zu werden, empfiehlt sich zunächst die Deinstallation sowie die anschließende Resteentfernung mit Adwcleaner .

Abschließend noch ein paar grundsätzliche Bemerkungen:

Ändere regelmäßig Deine wichtigen Online-Passwörter und erstelle regelmäßig Backups Deiner wichtigen Dateien oder des Systems.
Lade keine Software von Chip, Softonic oder SourceForge. Die dort angebotene Software wird häufig mit einem sog. "Installer" verteilt, mit dem man sich nur unerwünschte Software oder Adware installiert.
Der Nutzen von Registry-Cleanern, Optimizern usw. zur Performancesteigerung ist umstritten. Selbst Microsoft unterstützt sog. Registry-Cleaner nicht. Ich empfehle deshalb, die Finger von der Registry zu lassen und lieber die windowseigene Datenträgerbereinigung zu verwenden.

Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...

und/oder das Forum mit einer kleinen Spende unterstützen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so dass ich dieses Thema aus meinen Abos löschen kann.

ertanal · 11.04.2016, 09:55

Code:

ATTFilter

Entferungsergebnis von Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
durchgeführt von optik (2016-04-11 10:36:38) Run:2
Gestartet von C:\Users\optik\Desktop
Geladene Profile: optik (Verfügbare Profile: optik)
Start-Modus: Normal
==============================================

fixlist Inhalt:
*****************
CloseProcesses:
DeleteKey: HKLM\SOFTWARE\Classes\AppID\{0d45aa19-e850-49d3-a5a7-26cc49aac62b}
DeleteKey: HKLM\SOFTWARE\Classes\AppID\{6768c435-b8a5-418e-a09d-ac391d4949dc}
DeleteKey: HKLM\SOFTWARE\Classes\Wow6432Node\AppID\{0d45aa19-e850-49d3-a5a7-26cc49aac62b}
DeleteKey: HKLM\SOFTWARE\Classes\Wow6432Node\AppID\{6768c435-b8a5-418e-a09d-ac391d4949dc}
DeleteKey: HKU\S-1-5-21-2461873215-4186745203-1289361242-1001\Software\Classes\Wow6432Node\Interface\{3B3F3AAD-FB97-49FF-BFEE-D22869AC4326}
DeleteKey: HKU\S-1-5-21-2461873215-4186745203-1289361242-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\SnapDo.exe
DeleteKey: HKU\S-1-5-21-2461873215-4186745203-1289361242-1001_Classes\Wow6432Node\Interface\{3B3F3AAD-FB97-49FF-BFEE-D22869AC4326}
Reboot:
end
      
*****************

Prozess erfolgreich geschlossen.
HKLM\SOFTWARE\Classes\AppID\{0d45aa19-e850-49d3-a5a7-26cc49aac62b} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Classes\AppID\{6768c435-b8a5-418e-a09d-ac391d4949dc} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Classes\Wow6432Node\AppID\{0d45aa19-e850-49d3-a5a7-26cc49aac62b} => Schlüssel nicht gefunden. 
HKLM\SOFTWARE\Classes\Wow6432Node\AppID\{6768c435-b8a5-418e-a09d-ac391d4949dc} => Schlüssel nicht gefunden. 
HKU\S-1-5-21-2461873215-4186745203-1289361242-1001\Software\Classes\Wow6432Node\Interface\{3B3F3AAD-FB97-49FF-BFEE-D22869AC4326} => konnte nicht entfernt werden im ersten Versuch (ErrorCode: C0000121), siehe nächste Zeile.
HKU\S-1-5-21-2461873215-4186745203-1289361242-1001\Software\Classes\Wow6432Node\Interface\{3B3F3AAD-FB97-49FF-BFEE-D22869AC4326} => Schlüssel erfolgreich entfernt
HKU\S-1-5-21-2461873215-4186745203-1289361242-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\SnapDo.exe => Schlüssel nicht gefunden. 
HKU\S-1-5-21-2461873215-4186745203-1289361242-1001_Classes\Wow6432Node\Interface\{3B3F3AAD-FB97-49FF-BFEE-D22869AC4326} => Schlüssel nicht gefunden. 


Das System musste neu gestartet werden.

==== Ende von Fixlog 10:36:39 ====

Alles beim alten Kumpel

M-K-D-B · 11.04.2016, 20:37

Ich bin froh, dass wir helfen konnten

In diesem Forum kannst du eine kurze Rückmeldung zur Bereinigung abgeben, sofern du das möchtest:
Lob, Kritik und Wünsche
Klicke dazu auf den Button "NEUES THEMA" und poste ein kleines Feedback. Vielen Dank!

Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Solltest Du das Thema erneut brauchen, schicke mir bitte eine PM.

Jeder andere bitte hier klicken und einen eigenen Thread erstellen.

Sartseite verändert

Plagegeister aller Art und deren Bekämpfung: Sartseite verändert