Weiterleitung auf fremde Seite

MauD85 · 10.06.2016, 22:58

Hallo,

um es kurz zu machen - und weil ich auch tierisch müde bin, aber hoffe vllt dann morgen umso eher vllt Hilfe bekommen zu haben: ich habe seit gestern das Problem, dass der Laptop rumspinnt...alles verzögerte sich, aber damit konnte ich noch leben; heute morgen wurde ich dann oft wenn ich auf Links geklickt habe auf eine andere Seite (immer dieselbe Seite...Mark Steven Blog, aber mit nicht jugendfreien Inhalten geleitet, was ziemlich nervig ist). Ich habe verschiedene Sachen (Malware-Scanner etc) schon ausprobiert (auch wenn man das vllt nicht soll, aber ich hab gedacht, dass sich das Problem vllt lösen lässt...bin aber mit meinem Latein am Ende)...ich habe eine Testversion von Bitdefender Total Security, die habe ich auch eben durchlaufen lassen: sie zeigte mir zwar nichts mehr an, hat demnach ja aber auch nichts gelöscht oder repariert...jetzt gerade funktioniert im Internet auch komischerweise alles und er leitet mich nicht weiter (was ich grad etwas seltsam finde: Vorführeffekt?). Ich habe darum aber trotzdem gerade mal ein Logfile (Hijackthis) erstellt und hoffe mir kann vllt jemand weiterhelfen und sich kurz angucken, ob da etwas (sehr) schlimmes bei ist und wie man es ggf. wieder hinbiegen kann (formatieren wäre eher nur die absolute Notlösung). M.E. stimmt bei O17 was nicht...wenn ich die IP suche, ist die scheinbar in den Niederlanden...aber wie gesagt: ich bin absoluter Laie, habe mich heute nur den gesamten Tag fast damit befasst und immer gehofft es hinzukriegen, aber zu guter letzt kam ich doch zu der Erkenntnis: lass dir Hilfe von Profis geben - vllt sehen die ja was und haben noch den ein oder anderen guten Tipp ;-) Ich wollte es nur jetzt einmal checken lassen, nicht dass die Freude nur von kurzer Dauer währt und ich morgen wieder dieselben Probleme habe.

Hier also das Logfile von gerade eben (bei C\Users direkt am Anfang habe ich meinen Namen mit Sternchen ausgefüllt) und vielen Dank schonmal:

Code:

ATTFilter

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 23:44:33, on 10.06.2016
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.10586.0020)

FIREFOX: 47.0 (x86 de)
Boot mode: Normal

Running processes:
C:\Users\M*****\AppData\Local\Microsoft\OneDrive\OneDrive.exe
C:\Program Files (x86)\FreePDF_XP\fpassist.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
C:\Users\M****\Desktop\HijackThis_2.0.5.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Skype for Business Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL
O4 - HKLM\..\Run: [FreePDF Assistant] "C:\Program Files (x86)\FreePDF_XP\fpassist.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [PDFPrint] C:\Program Files (x86)\PDF24\pdf24.exe
O4 - HKLM\..\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] "C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized
O4 - HKCU\..\Run: [HP ENVY 4500 series (NET)] "C:\Program Files\HP\HP ENVY 4500 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN3CU2TDQM05X4:NW" -scfn "HP ENVY 4500 series (NET)" -AutoStart 1
O4 - HKCU\..\Run: [OneDrive] "C:\Users\Mandy85\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
O4 - HKCU\..\Run: [Dropbox Update] "C:\Users\Mandy85\AppData\Local\Dropbox\Update\DropboxUpdate.exe" /c
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: An OneNote s&enden - res://C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll/105
O8 - Extra context menu item: Free YouTube Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\Program Files\Microsoft Office\Office15\EXCEL.EXE/3000
O9 - Extra button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print\SmartPrintSetup.exe
O9 - Extra 'Tools' menuitem: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print\SmartPrintSetup.exe
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra button: Lync: Anruf per Mausklick - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra 'Tools' menuitem: Lync: Anruf per Mausklick - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O9 - Extra button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - (no file)
O9 - Extra 'Tools' menuitem: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - (no file)
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: *.localhost
O15 - ESC Trusted Zone: hxxp://*.update.microsoft.com
O16 - DPF: {538793D5-659C-4639-A56C-A179AD87ED44} (Cisco AnyConnect Secure Mobility Client Web Control) - https://vpn.gwdg.de/CACHE/stc/6/binaries/vpnweb.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{cd1ff5b1-c692-4e4d-aee3-93493828d56c}: NameServer = 138.201.86.45,8.8.8.8
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
O23 - Service: AdBlockerService - Unknown owner - C:\Program Files (x86)\AdBlocker\Service.WinServiceHost.exe (file missing)
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CCDMonitorService - Acer Incorporated - C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: Digital Wave Update Service (DigitalWave.Update.Service) - Digital Wave Ltd. - C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: FileOpen Manager Service (FileOpenManager) - FileOpen Systems Inc. - C:\Program Files\FileOpen\Services\FileOpenManager64.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService2.0.0.0) - Unknown owner - C:\WINDOWS\system32\igfxCUIService.exe (file missing)
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
O23 - Service: Intel(R) ME Service - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: LavasoftTcpService - Unknown owner - C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Launch Manager Service (LMSvc) - Acer Incorporate - C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: ProductAgentService - Bitdefender - C:\Program Files\Bitdefender Agent\ProductAgentService.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\WINDOWS\system32\TieringEngineService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: Bitdefender Desktop Update Service (UPDATESRV) - Bitdefender - C:\Program Files\Bitdefender\Bitdefender 2016\updatesrv.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: Cisco AnyConnect Secure Mobility Agent (vpnagent) - Cisco Systems, Inc. - C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: Bitdefender Virus Shield (VSSERV) - Bitdefender - C:\Program Files\Bitdefender\Bitdefender 2016\vsserv.exe
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 12451 bytes

M-K-D-B · 11.06.2016, 12:30

Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen.

Bitte beachte folgende Hinweise:

Falls wir Hinweise auf illegal erworbene Software finden, werden wir den Support unterbrechen bis jegliche Art von illegaler Software vom Rechner entfernt wurde.
Lies dir die Anleitungen sorgfältig durch. Solltest du Probleme haben, stoppe mit deiner Bearbeitung und beschreibe mir dein Problem so gut es geht.
Solltest du mir nicht innerhalb von 3 Tagen antworten, gehe ich davon aus, dass du keine Hilfe mehr benötigst. Dann lösche ich dein Thema aus meinem Abo. Solltest du einmal länger abwesend sein, so gib mir bitte Bescheid!
Während der Bereinigung bitte nichts installieren oder deinstallieren, außer ich bitte dich darum!
Bitte beachten: Download bei filepony.de: So ladet Ihr unsere Tools richtig!
Alle zu verwendenen Programme sind auf dem Desktop abzuspeichern und von dort als Administrator zu starten!
Einige Programme, die wir hier verwenden, können unter Umständen von deinem Antiviren- oder Anti-Malwareprogramm fälschlicherweise als Bedrohung eingestuft werden. Die Sicherheitsprogramme können aufgrund eines bestimmten Programmverhaltens nicht zwischen "gut" oder "böse" unterscheiden und schlagen Alarm. Dabei handelt es sich um Fehlalarme, welche du getrost ignorieren kannst. Gegebenenfalls musst du deine Sicherheitssoftware vor der Ausführung eines Programms deaktivieren, damit unsere Bereinigungsvorgänge nicht beeinträchtigt werden.

Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab und poste alle Logdateien in CODE-Tags:

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert deinem Helfer massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke aauf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

Danke für deine Mitarbeit!

1.
Hijackthis is für heutige Analysezwecke vollkommen nutzlos.

2.
Du sagtest, dass du bereits Tools selbst ausgeführt hast.
Welche Tools waren das?
Wo sind die Logdateien von diesen Tools? Bitte alle Logdateien posten!

Zur ersten Analyse bitte FRST und TDSS-Killer ausführen:

Schritt 1
Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

Schritt 2
Downloade dir bitte

TDSSKiller.exe und speichere diese Datei auf dem Desktop

Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
Drücke Start Scan
Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt

Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

Bitte poste mit deiner nächsten Antwort

die Beantwortung der gestellten Fragen,
die Logdateien von den bereits ausgeführten Tools,
die Logdatei von TDSS-Killer,
die beiden neuen Logdateien von FRST.

MauD85 · 11.06.2016, 15:10

Hallo und vielen Dank Matthias, dass du dich meinem Problem annimmst.

Komischerweise hatte ich heute bisher nicht einmal eine Weiterleitung auf eine andere Seite. Da ich jedoch gerade viel am PC arbeite und es nicht so gut wäre, wenn da doch noch irgendwas versteckt ist, wäre ich dir sehr dankbar, wenn wir das einmal angucken könnten.

btw: hast du dann einen guten Tipp für einen vernünftigen Virenscanner? Reichen kostenlose Programme wie Avira, oder sollte ich schon in eine Vollversion eines kostenpflichtigen Programmes investieren?

Zu deiner Frage: Ich habe - aufgrund einer englischen Anleitung - den AdwCleaner, Malwarebytes und das Junk Removal Tool gestern durchlaufen lassen. Blöderweise habe ich davon keine Logfiles erstellt bzw. diese gelöscht (ich sagte ja: absoluter Laie - da lern ich gerade drauf).

Hier jedenfalls die Logfiles wie von Dir gewünscht. Zunächst FRST:

Code:

ATTFilter

Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:10-06-2016
durchgeführt von Mandy85 (Administrator) auf MANDY (11-06-2016 16:00:10)
Gestartet von C:\Users\Mandy85\Desktop
Geladene Profile: Mandy85 (Verfügbare Profile: Mandy85)
Platform: Windows 10 Home Version 1511 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2016\vsserv.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(FileOpen Systems Inc.) C:\Program Files\FileOpen\Services\FileOpenManager64.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Digital Wave Ltd.) C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2016\updatesrv.exe
(Bitdefender) C:\Program Files\Bitdefender Agent\ProductAgentService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMTray.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(FileOpen Systems Inc.) C:\Program Files\FileOpen\Services\FileOpenBroker64.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP ENVY 4500 series\Bin\ScanToPCActivationApp.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP ENVY 4500 series\Bin\HPNetworkCommunicatorCom.exe
(Dolby Laboratories Inc.) C:\Dolby PCEE4\pcee4.exe
(shbox.de) C:\Program Files (x86)\FreePDF_XP\fpassist.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2016\bdagent.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2016\bdwtxag.exe


==================== Registry (Nicht auf der Ausnahmeliste) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13538376 2013-05-13] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1307720 2013-04-24] (Realtek Semiconductor)
HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation)
HKLM\...\Run: [FileOpenBroker] => C:\Program Files\FileOpen\Services\FileOpenBroker64.exe [1589104 2013-03-26] (FileOpen Systems Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3016944 2013-04-11] (Synaptics Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176952 2016-06-01] (Apple Inc.)
HKLM-x32\...\Run: [FreePDF Assistant] => C:\Program Files (x86)\FreePDF_XP\fpassist.exe [374784 2014-01-09] (shbox.de)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [217632 2015-07-13] (Geek Software GmbH)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [759696 2015-12-23] (Cisco Systems, Inc.)
HKU\S-1-5-21-2819549147-2898331595-3477625086-1001\...\Run: [HP ENVY 4500 series (NET)] => C:\Program Files\HP\HP ENVY 4500 series\Bin\ScanToPCActivationApp.exe [3487240 2014-03-06] (Hewlett-Packard Co.)
HKU\S-1-5-21-2819549147-2898331595-3477625086-1001\...\Run: [Dropbox Update] => C:\Users\Mandy85\AppData\Local\Dropbox\Update\DropboxUpdate.exe [143144 2016-05-07] (Dropbox, Inc.)
HKU\S-1-5-21-2819549147-2898331595-3477625086-1001\...\MountPoints2: {7dbe2de1-c2f3-11e3-be7c-089e01e6ef9a} - "D:\WD SmartWare.exe" autoplay=true
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mandy85\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mandy85\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mandy85\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mandy85\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mandy85\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mandy85\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mandy85\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2014-05-21]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Hosts: 127.0.0.1 clients2.google.com 
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{cd1ff5b1-c692-4e4d-aee3-93493828d56c}: [DhcpNameServer] 192.168.178.1
ManualProxies: 

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-2819549147-2898331595-3477625086-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2016-05-27] (Microsoft Corporation)
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\IEPlugIn.dll [2013-02-28] (Qualcomm Atheros Commnucations)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2016-05-17] (Microsoft Corporation)
BHO: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll [2014-11-20] (DVDVideoSoft Ltd.)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2016-05-27] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2016-05-17] (Microsoft Corporation)
DPF: HKLM-x32 {538793D5-659C-4639-A56C-A179AD87ED44} hxxps://vpn.gwdg.de/CACHE/stc/6/binaries/vpnweb.cab
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2016-05-17] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2016-02-01] (Skype Technologies)

FireFox:
========
FF ProfilePath: C:\Users\Mandy85\AppData\Roaming\Mozilla\Firefox\Profiles\4rjilx6g.default-1465565963730
FF Homepage: hxxp://www.google.de/
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_21_0_0_242.dll [2016-05-14] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_242.dll [2016-05-14] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-12-18] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.20 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-03-20] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-03-20] (Intel Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-11-18] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-05-27] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-11-18] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2016-05-27] (Adobe Systems Inc.)
FF Extension: Ad-Aware Ad Block - C:\Users\Mandy85\AppData\Roaming\Mozilla\Firefox\Profiles\4rjilx6g.default-1465565963730\Extensions\AdBlockerLavaSoftFF@lavasoft.com.xpi [2016-06-10]
FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2016\bdtbext
FF Extension: Bitdefender Antispam Toolbar - C:\Program Files\Bitdefender\Bitdefender 2016\bdtbext [2016-05-12] [ist nicht signiert]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => nicht gefunden
FF HKLM-x32\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2016\bdtbext

Chrome: 
=======
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx

==================== Dienste (Nicht auf der Ausnahmeliste) ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
R2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [2615368 2013-02-27] (Acer Incorporated)
R2 DigitalWave.Update.Service; C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe [388968 2016-03-23] (Digital Wave Ltd.)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [662088 2013-03-15] (Acer Incorporated)
R2 FileOpenManager; C:\Program Files\FileOpen\Services\FileOpenManager64.exe [337264 2013-03-19] (FileOpen Systems Inc.)
R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [370064 2015-09-30] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel(R) Corporation) [Datei ist nicht signiert]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-03-20] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-03-20] (Intel Corporation)
R2 LMSvc; C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe [431656 2013-04-26] (Acer Incorporate)
S2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [Datei ist nicht signiert]
S2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [Datei ist nicht signiert]
R2 ProductAgentService; C:\Program Files\Bitdefender Agent\ProductAgentService.exe [947640 2016-03-30] (Bitdefender)
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender 2016\updatesrv.exe [156016 2016-04-25] (Bitdefender)
R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender 2016\vsserv.exe [1693104 2016-05-11] (Bitdefender)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
S2 AdBlockerService; "C:\Program Files (x86)\AdBlocker\Service.WinServiceHost.exe" [X]
U2 LavasoftTcpService; C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe [X]

===================== Treiber (Nicht auf der Ausnahmeliste) ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [1623536 2016-03-18] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [842152 2016-03-18] (BitDefender)
S0 bdelam; C:\Windows\System32\drivers\bdelam.sys [23568 2013-09-08] (Bitdefender)
R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [127312 2016-02-22] (BitDefender LLC)
R1 BDVEDISK; C:\Windows\system32\DRIVERS\bdvedisk.sys [87912 2015-12-04] (BitDefender)
R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [182936 2015-12-16] (BitDefender LLC)
S3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [46960 2016-06-10] ()
R0 ignis; C:\Windows\system32\DRIVERS\ignis.sys [298736 2016-03-03] (Bitdefender)
R3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21360 2013-01-10] (Acer Incorporated)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-06-10] (Malwarebytes)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-12-19] (Intel Corporation)
S3 QRDCIO; C:\Windows\System32\drivers\QRDCIO.sys [9728 2009-10-20] (QUANTA)
R3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [15704 2013-01-10] (Acer Incorporated)
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [751632 2015-05-14] (Realsil Semiconductor Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [31984 2013-04-11] (Synaptics Incorporated)
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [511320 2016-02-22] (BitDefender S.R.L.)
S3 vpnva; C:\Windows\System32\drivers\vpnva64-6.sys [52592 2014-07-21] (Cisco Systems, Inc.)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-06-11 16:00 - 2016-06-11 16:00 - 00018315 _____ C:\Users\Mandy85\Desktop\FRST.txt
2016-06-11 15:59 - 2016-06-11 16:00 - 00000000 ____D C:\FRST
2016-06-11 15:59 - 2016-06-11 15:59 - 02385408 _____ (Farbar) C:\Users\Mandy85\Desktop\FRST64.exe
2016-06-10 20:26 - 2016-06-10 20:26 - 00046960 _____ C:\WINDOWS\system32\Drivers\hitmanpro37.sys
2016-06-10 17:09 - 2016-06-10 19:07 - 00000000 ____D C:\Program Files\Reason
2016-06-10 15:28 - 2016-06-10 15:28 - 00000578 _____ C:\WINDOWS\system32\.crusader
2016-06-10 15:22 - 2016-06-10 15:22 - 00000385 _____ C:\Users\Mandy85\AppData\Roaminguser_gensett.xml
2016-06-10 15:17 - 2016-06-11 11:01 - 00004718 _____ C:\bdlog.txt
2016-06-10 15:16 - 2016-06-10 15:16 - 00000000 ____D C:\Users\Mandy85\AppData\Temp
2016-06-10 15:06 - 2016-06-10 15:06 - 00000385 _____ C:\WINDOWS\system32\user_gensett.xml
2016-06-10 15:04 - 2016-06-10 15:04 - 00002278 _____ C:\Users\Public\Desktop\Bitdefender 2016.lnk
2016-06-10 15:04 - 2016-06-10 15:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitdefender 2016
2016-06-10 15:03 - 2016-06-10 15:03 - 00000000 ____D C:\ProgramData\BDLogging
2016-06-10 15:03 - 2013-09-08 20:04 - 00023568 _____ (Bitdefender) C:\WINDOWS\system32\Drivers\bdelam.sys
2016-06-10 15:03 - 2007-04-11 11:11 - 00511328 _____ (Microsoft Corporation) C:\WINDOWS\capicom.dll
2016-06-10 15:02 - 2016-06-10 15:11 - 00000000 ____D C:\Users\Mandy85\AppData\Roaming\Bitdefender
2016-06-10 15:02 - 2016-03-18 06:58 - 00842152 _____ (BitDefender) C:\WINDOWS\system32\Drivers\avckf.sys
2016-06-10 15:02 - 2016-03-18 06:56 - 01623536 _____ (BitDefender) C:\WINDOWS\system32\Drivers\avc3.sys
2016-06-10 15:02 - 2016-03-03 01:36 - 00298736 _____ (Bitdefender) C:\WINDOWS\system32\Drivers\ignis.sys
2016-06-10 15:02 - 2015-12-04 19:27 - 00087912 _____ (BitDefender) C:\WINDOWS\system32\Drivers\bdvedisk.sys
2016-06-10 14:57 - 2016-06-10 15:12 - 00000000 ____D C:\ProgramData\Bitdefender
2016-06-10 14:57 - 2016-06-10 14:57 - 00000000 ____D C:\Users\Mandy85\AppData\Roaming\QuickScan
2016-06-10 14:57 - 2016-06-10 14:57 - 00000000 ____D C:\Program Files\Common Files\Bitdefender
2016-06-10 14:57 - 2016-06-10 14:57 - 00000000 ____D C:\Program Files\Bitdefender
2016-06-10 14:57 - 2016-02-22 15:13 - 00511320 _____ (BitDefender S.R.L.) C:\WINDOWS\system32\Drivers\trufos.sys
2016-06-10 14:57 - 2015-12-16 05:53 - 00182936 _____ (BitDefender LLC) C:\WINDOWS\system32\Drivers\gzflt.sys
2016-06-10 14:49 - 2016-06-10 14:49 - 00019992 _____ C:\Users\Mandy85\Desktop\bookmarks-2016-06-10.json
2016-06-10 14:26 - 2016-06-10 20:27 - 00000000 ____D C:\Program Files\HitmanPro
2016-06-10 14:25 - 2016-06-10 15:28 - 00000000 ____D C:\ProgramData\HitmanPro
2016-06-10 13:06 - 2016-06-10 20:25 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-06-10 13:05 - 2016-06-10 13:05 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-06-10 12:48 - 2016-06-10 12:57 - 00000000 ____D C:\AdwCleaner
2016-06-10 12:43 - 2016-06-10 12:43 - 00000000 ____D C:\ProgramData\Simply Super Software
2016-06-10 12:36 - 2016-06-10 12:36 - 00003794 _____ C:\WINDOWS\System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864
2016-06-10 12:34 - 2016-06-11 15:53 - 00000000 ____D C:\Program Files\Bitdefender Agent
2016-06-10 12:34 - 2016-06-10 12:34 - 00000000 ____D C:\ProgramData\Bitdefender Agent
2016-06-10 12:13 - 2016-04-22 09:57 - 00453288 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2016-06-10 12:05 - 2016-06-10 12:05 - 00000000 ____D C:\OETemp
2016-06-10 12:03 - 2016-06-10 12:21 - 00000000 ____D C:\WINDOWS\system32\SSL
2016-06-10 12:03 - 2016-06-10 12:09 - 00031443 _____ C:\WINDOWS\bfb7fa6bca096f3265eaf861e87a9130.ps1
2016-06-10 12:03 - 2016-06-10 12:09 - 00003718 _____ C:\WINDOWS\System32\Tasks\bfb7fa6bca096f3265eaf861e87a9130
2016-06-10 12:02 - 2016-06-10 12:02 - 00001542 ____S C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Моzilla Firefoх.lnk
2016-06-10 12:02 - 2016-06-10 12:02 - 00000000 ____D C:\ProgramData\VideoFetcher
2016-06-10 10:47 - 2016-06-10 11:52 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-06-07 15:34 - 2016-06-07 15:34 - 00000000 ____D C:\Users\Mandy85\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-06-06 13:52 - 2016-06-06 13:52 - 01661549 _____ C:\Users\Mandy85\Desktop\BKK Bonusprogramm Hrube.pdf
2016-06-06 11:00 - 2016-06-06 11:00 - 00001826 _____ C:\Users\Public\Desktop\iTunes.lnk
2016-06-06 11:00 - 2016-06-06 11:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2016-06-06 10:59 - 2016-06-06 11:00 - 00000000 ____D C:\Program Files\iTunes
2016-06-06 10:59 - 2016-06-06 10:59 - 00000000 ____D C:\Program Files\iPod
2016-06-06 10:59 - 2016-06-06 10:59 - 00000000 ____D C:\Program Files (x86)\iTunes
2016-05-29 10:49 - 2016-05-29 11:03 - 00000000 ____D C:\Users\Mandy85\Desktop\Bewerbung
2016-05-28 15:32 - 2016-05-28 15:32 - 00000000 ____D C:\$SysReset
2016-05-17 10:33 - 2016-05-17 10:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-06-11 15:55 - 2015-10-30 09:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-06-11 15:55 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-06-11 15:55 - 2014-04-08 18:50 - 00000000 ____D C:\Users\Mandy85\AppData\Local\Packages
2016-06-11 15:53 - 2016-03-13 11:48 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2016-06-11 15:53 - 2014-08-29 13:23 - 00000000 __SHD C:\Users\Mandy85\IntelGraphicsProfiles
2016-06-11 11:47 - 2014-04-13 00:05 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-06-11 11:31 - 2016-05-07 11:26 - 00001244 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-2819549147-2898331595-3477625086-1001UA.job
2016-06-11 11:31 - 2016-05-07 11:26 - 00001192 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-2819549147-2898331595-3477625086-1001Core.job
2016-06-11 11:24 - 2016-03-13 12:40 - 00000000 ____D C:\Users\Mandy85\AppData\Local\Deployment
2016-06-11 11:01 - 2016-03-13 12:18 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-06-11 11:01 - 2015-10-30 08:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2016-06-11 10:57 - 2015-10-30 09:21 - 00000000 ____D C:\WINDOWS\INF
2016-06-11 10:36 - 2014-08-31 14:59 - 00004156 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{E328451F-3FA5-4D5A-A3C6-266B1F172D19}
2016-06-10 20:17 - 2014-04-10 17:03 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2016-06-10 20:13 - 2012-07-26 07:26 - 00000234 _____ C:\WINDOWS\win.ini
2016-06-10 19:27 - 2015-08-30 11:39 - 00000000 ____D C:\ProgramData\PDF Architect 3
2016-06-10 19:26 - 2015-12-27 13:40 - 00000000 ____D C:\ProgramData\PDF Architect 4
2016-06-10 18:15 - 2015-10-30 08:28 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2016-06-10 18:10 - 2014-04-08 19:15 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-06-10 16:47 - 2014-04-08 18:50 - 00000000 ____D C:\Users\Mandy85\AppData\Local\VirtualStore
2016-06-10 16:19 - 2014-08-08 10:13 - 00000000 ____D C:\ProgramData\Package Cache
2016-06-10 15:56 - 2014-05-21 10:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2016-06-10 15:56 - 2014-05-21 10:58 - 00000000 ____D C:\Program Files (x86)\HP
2016-06-10 13:47 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\Provisioning
2016-06-10 12:58 - 2015-08-30 11:37 - 00000000 ____D C:\Users\Mandy85\AppData\Roaming\Lavasoft
2016-06-10 12:58 - 2015-08-30 11:37 - 00000000 ____D C:\Program Files (x86)\Lavasoft
2016-06-10 12:57 - 2015-08-30 11:36 - 00000000 ____D C:\ProgramData\Lavasoft
2016-06-10 12:23 - 2014-04-08 19:16 - 00000000 ____D C:\ProgramData\Avira
2016-06-10 12:08 - 2014-04-08 19:16 - 00000000 ____D C:\Program Files (x86)\Avira
2016-06-10 12:07 - 2014-04-08 19:20 - 00000000 ____D C:\Users\Mandy85\AppData\Roaming\Avira
2016-06-10 11:53 - 2012-03-11 20:27 - 00000000 ___RD C:\Users\Mandy85\Desktop\Diverses
2016-06-10 11:52 - 2014-04-10 14:29 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-06-09 17:35 - 2016-05-02 10:07 - 00000783 _____ C:\Users\Mandy85\Desktop\to do allgemein.txt
2016-06-09 17:04 - 2015-10-30 20:35 - 00776766 _____ C:\WINDOWS\system32\perfh007.dat
2016-06-09 17:04 - 2015-10-30 20:35 - 00155544 _____ C:\WINDOWS\system32\perfc007.dat
2016-06-09 17:04 - 2015-10-20 22:15 - 01799166 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-06-07 15:34 - 2014-04-13 17:27 - 00000000 ____D C:\Users\Mandy85\AppData\Roaming\Dropbox
2016-06-06 10:59 - 2014-04-13 17:20 - 00000000 ____D C:\Program Files\Common Files\Apple
2016-06-05 17:54 - 2014-06-29 16:40 - 00000000 ____D C:\Users\Mandy85\Desktop\Musik
2016-06-05 10:10 - 2016-03-28 10:29 - 00000000 ____D C:\Users\Mandy85\AppData\Roaming\DVDVideoSoft
2016-06-03 15:41 - 2014-04-08 19:16 - 00000000 ____D C:\Users\Mandy85\AppData\Roaming\Skype
2016-06-03 15:37 - 2014-04-08 19:15 - 00000000 ____D C:\ProgramData\Skype
2016-06-02 17:41 - 2014-08-31 18:12 - 00000000 ____D C:\Users\Mandy85\AppData\Local\PokerStars.EU
2016-06-02 17:41 - 2014-08-31 18:12 - 00000000 ____D C:\Program Files (x86)\PokerStars.EU
2016-06-02 13:44 - 2015-11-22 15:32 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-05-28 15:18 - 2016-02-01 12:46 - 00000000 ____D C:\Users\Mandy85\AppData\Local\MicrosoftEdge
2016-05-19 11:56 - 2015-10-20 22:34 - 00002432 _____ C:\Users\Mandy85\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-05-19 11:56 - 2015-10-20 22:34 - 00000000 ___RD C:\Users\Mandy85\OneDrive
2016-05-17 18:57 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\rescache
2016-05-17 10:33 - 2014-04-10 14:09 - 00000000 ____D C:\ProgramData\Cisco
2016-05-17 10:33 - 2014-04-10 14:09 - 00000000 ____D C:\Program Files (x86)\Cisco
2016-05-14 16:53 - 2016-03-13 11:53 - 00000000 ____D C:\Users\Mandy85
2016-05-14 13:51 - 2015-10-30 09:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-05-13 11:21 - 2015-09-10 07:37 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-05-12 18:28 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\ELAMBKUP
2016-05-12 17:15 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-05-12 17:15 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-05-12 17:14 - 2015-10-30 20:44 - 00000000 ____D C:\Program Files\Windows Journal
2016-05-12 17:14 - 2015-10-30 09:24 - 00015703 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
2016-05-12 17:14 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-05-12 10:17 - 2014-12-25 16:30 - 00003972 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2014-07-10 11:52 - 2014-07-10 11:52 - 0000057 _____ () C:\ProgramData\Ament.ini
2013-10-05 17:45 - 2013-10-05 17:45 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2014-05-21 10:57 - 2016-06-10 18:13 - 0002894 _____ () C:\ProgramData\hpzinstall.log
2015-08-15 11:51 - 2015-08-25 21:00 - 0000528 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.64.bc

Einige Dateien in TEMP:
====================
C:\Users\Mandy85\AppData\Local\Temp\adblocker4.exe
C:\Users\Mandy85\AppData\Local\Temp\avgnt.exe
C:\Users\Mandy85\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpz7p5tx.dll
C:\Users\Mandy85\AppData\Local\Temp\HitmanPro.exe
C:\Users\Mandy85\AppData\Local\Temp\libeay32.dll
C:\Users\Mandy85\AppData\Local\Temp\msvcr120.dll
C:\Users\Mandy85\AppData\Local\Temp\sparpilot_installmonster.exe
C:\Users\Mandy85\AppData\Local\Temp\sqlite3.dll
C:\Users\Mandy85\AppData\Local\Temp\startipm.bat.exe
C:\Users\Mandy85\AppData\Local\Temp\VideoBox.exe


==================== Bamital & volsnap =================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert


LastRegBack: 2016-06-06 10:49

==================== Ende von FRST.txt ============================

Und hier die Addition.txt:

Code:

ATTFilter

Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:10-06-2016
durchgeführt von Mandy85 (2016-06-11 16:01:31)
Gestartet von C:\Users\Mandy85\Desktop
Windows 10 Home Version 1511 (X64) (2016-03-13 10:24:46)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-2819549147-2898331595-3477625086-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2819549147-2898331595-3477625086-503 - Limited - Disabled)
Gast (S-1-5-21-2819549147-2898331595-3477625086-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2819549147-2898331595-3477625086-1005 - Limited - Enabled)
Mandy85 (S-1-5-21-2819549147-2898331595-3477625086-1001 - Administrator - Enabled) => C:\Users\Mandy85

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Bitdefender Antivirus (Enabled - Up to date) {3FB17364-4FCC-0FA7-6BBF-973897395371}
AS: Bitdefender Spyware-Schutz (Enabled - Up to date) {84D09280-69F6-0029-510F-AC4AECBE19CC}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Bitdefender Firewall (Enabled) {078AF241-05A3-0EFF-40E0-3E0D69EA140A}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

4500_Help (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Acer Launch Manager (HKLM\...\{C18D55BD-1EC6-466D-B763-8EEDDDA9100E}) (Version: 8.00.3004 - Acer Incorporated)
Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.3013 - Acer Incorporated)
Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.3016 - Acer Incorporated)
Acer USB Charge Manager (HKLM\...\{07E867C5-0C48-40FF-A013-DDAF4565AD47}) (Version: 2.00.3004 - Acer Incorporated)
AcerCloud Docs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.01.2008 - Acer Incorporated)
AcerCloud Portal (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 2.02.2022 - Acer Incorporated)
AdBlocker (HKLM-x32\...\{3ad3263c-cc1b-432e-bf08-9059586c7d7a}) (Version: 4.1.1.0 - StarkIndustry) <==== ACHTUNG
AdBlocker (x32 Version: 4.1.1.0 - StarkIndustry) Hidden <==== ACHTUNG
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.016.20045 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.242 - Adobe Systems Incorporated)
AFPL Ghostscript 8.54 (HKLM-x32\...\AFPL Ghostscript 8.54) (Version:  - )
AFPL Ghostscript Fonts (HKLM-x32\...\AFPL Ghostscript Fonts) (Version:  - )
Apple Application Support (32-Bit) (HKLM-x32\...\{26356515-5821-40FA-9C3D-9785052A1062}) (Version: 4.3.1 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{C2651553-6CA3-4822-B2E6-BC4ACA6E0EA2}) (Version: 4.3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Bitdefender Agent (HKLM\...\Bitdefender Agent) (Version: 20.0.26.1436 - Bitdefender)
Bitdefender Total Security 2016 (HKLM\...\Bitdefender) (Version: 20.0.28.1478 - Bitdefender)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
bpd_scan (x32 Version: 3.00.0000 - Hewlett-Packard) Hidden
BPDSoftware (x32 Version: 140.0.001.000 - Hewlett-Packard) Hidden
BPDSoftware_Ini (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
BufferChm (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
Cisco AnyConnect Secure Mobility Client  (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.13015 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.13015 - Cisco Systems, Inc.) Hidden
clear.fi Media (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.02.2012 - Acer Incorporated)
clear.fi Photo (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 2.02.2016 - Acer Incorporated)
clear.fi SDK - Video 2 (x32 Version: 2.1.2606 - CyberLink Corp.) Hidden
clear.fi SDK- Movie 2 (x32 Version: 2.1.2606 - CyberLink Corp.) Hidden
Destinations (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
DocProc (x32 Version: 140.0.185.000 - Hewlett-Packard) Hidden
Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.8000.17 - Dolby Laboratories Inc)
Dropbox (HKU\S-1-5-21-2819549147-2898331595-3477625086-1001\...\Dropbox) (Version: 4.4.29 - Dropbox, Inc.)
ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 17.3.19290 - Landesfinanzdirektion Thüringen)
Fax (x32 Version: 140.0.307.000 - Hewlett-Packard) Hidden
FileOpen Client (x64) B928 (HKLM\...\{3ED9A79B-1419-4C5F-BA88-EFD6F180EBE5}) (Version: 3.0.95.928 - FileOpen Systems, Inc.)
FreePDF (Remove only) (HKLM-x32\...\FreePDF_XP) (Version:  - )
GPBaseService2 (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
HP ENVY 4500 series - Grundlegende Software für das Gerät (HKLM\...\{7A564D11-817E-48B1-9830-91420BF6E339}) (Version: 32.2.188.47710 - Hewlett-Packard Co.)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Officejet J4500 Series 14.0 Rel. 6 (HKLM\...\{EACF146B-01D2-4185-B773-9604A0E5902A}) (Version: 14.0 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Update (HKLM-x32\...\{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}) (Version: 5.002.006.003 - Hewlett-Packard)
HPDiagnosticCoreDll (HKLM-x32\...\{9262B08F-E183-4FED-A2BD-23FF1A84EB79}) (Version: 1.0.15.0 - Hewlett Packard)
HPProductAssistant (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.3006 - Acer Incorporated)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.0.1428 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3621 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.5.0.1066 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.63463 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.40 - Irfan Skiljan)
iTunes (HKLM\...\{9F4BF859-C3A4-4AB6-BDD1-9C5D58188598}) (Version: 12.4.1.6 - Apple Inc.)
J4500 (x32 Version: 140.0.001.000 - Hewlett-Packard) Hidden
Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.3010 - Acer Incorporated)
Microsoft IntelliPoint 8.2 (HKLM\...\Microsoft IntelliPoint 8.2) (Version: 8.20.468.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 DEU (HKLM-x32\...\{0125D081-30D0-4A97-82A8-C28D444B6256}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 DEU (HKLM\...\{C3EAE456-7E7A-451F-80EF-F34C7A13C558}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 47.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 47.0 (x86 de)) (Version: 47.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 47.0.0.5999 - Mozilla)
OCR Software by I.R.I.S. 14.0 (HKLM\...\HPOCR) (Version: 14.0 - HP)
Office Addin (HKLM-x32\...\{6D2BBE1D-E600-4695-BA37-0B0E605542CC}) (Version: 2.02.2008 - Acer)
Outils de vérification linguistique 2013 de Microsoft Office*- Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 2.2.2 - pdfforge)
PokerStars.eu (HKLM-x32\...\PokerStars.eu) (Version:  - PokerStars.eu)
ProductContext (x32 Version: 140.0.001.000 - Hewlett-Packard) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.222 - Qualcomm Atheros Communications)
Qualcomm Atheros WLAN and Bluetooth Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 11.43 - Qualcomm Atheros)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.14.327.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6909 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C9661090-C134-46E8-90B2-76D72355C2A6}) (Version: 6.2.9200.21222 - Realtek Semiconductor Corp.)
RedMon - Redirection Port Monitor (HKLM\...\Redirection Port Monitor) (Version: 1.90 - Ghostgum Software Pty Ltd)
Scan (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version:  - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version:  - Microsoft) Hidden
Skype™ 7.24 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.24.104 - Skype Technologies S.A.)
SolutionCenter (x32 Version: 140.0.299.000 - Hewlett-Packard) Hidden
Status (x32 Version: 140.0.342.000 - Hewlett-Packard) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.3.12.34 - Synaptics Incorporated)
Toolbox (x32 Version: 140.0.596.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
Update for Skype for Business 2015 (KB3039776) 64-Bit Edition (HKLM\...\{90150000-012B-0407-1000-0000000FF1CE}_Office15.PROPLUS_{5D2260D6-DB16-41DC-915B-A39BF4F66362}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB3115033) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{F258B6E3-BF41-4FEE-BE45-D7518C3B7FC1}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB3115033) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{F258B6E3-BF41-4FEE-BE45-D7518C3B7FC1}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB3115033) 64-Bit Edition (HKLM\...\{90150000-012B-0407-1000-0000000FF1CE}_Office15.PROPLUS_{F258B6E3-BF41-4FEE-BE45-D7518C3B7FC1}) (Version:  - Microsoft)
Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
Web Companion (HKLM-x32\...\{aff566ab-c960-452f-9b59-77f0981ce4d7}) (Version: 2.3.1384.2669 - Lavasoft)
WebReg (x32 Version: 140.0.297.017 - Hewlett-Packard) Hidden
Winamp (HKLM-x32\...\Winamp) (Version: 5.666  - Nullsoft, Inc)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

CustomCLSID: HKU\S-1-5-21-2819549147-2898331595-3477625086-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Mandy85\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2819549147-2898331595-3477625086-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Mandy85\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2819549147-2898331595-3477625086-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Mandy85\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2819549147-2898331595-3477625086-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mandy85\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2819549147-2898331595-3477625086-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mandy85\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2819549147-2898331595-3477625086-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mandy85\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2819549147-2898331595-3477625086-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mandy85\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2819549147-2898331595-3477625086-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mandy85\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2819549147-2898331595-3477625086-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mandy85\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2819549147-2898331595-3477625086-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mandy85\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2819549147-2898331595-3477625086-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mandy85\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2819549147-2898331595-3477625086-1001_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Mandy85\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {009C2EAD-BCCE-428B-8764-FA0FE89C67DA} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2819549147-2898331595-3477625086-1001UA => C:\Users\Mandy85\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-05-07] (Dropbox, Inc.)
Task: {0DF17164-6E75-4C74-86AB-5EA7988A1FAA} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Keine Datei <==== ACHTUNG
Task: {219292A0-E379-4E1E-8BE8-55DC79AEAD1D} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Keine Datei <==== ACHTUNG
Task: {23969FDE-1588-404A-AE41-51F3760E9905} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Keine Datei <==== ACHTUNG
Task: {28E478A1-BD8B-420D-B002-87FE4B04C11A} - System32\Tasks\Launch Manager => C:\Program Files\Acer\Acer Launch Manager\LMLauncher.exe [2013-04-26] (Acer Incorporate)
Task: {31988C96-2A9C-4316-95FB-4484ED042B0A} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Keine Datei <==== ACHTUNG
Task: {330A7D6E-B7AC-4A57-93E6-709BF7402126} - System32\Tasks\ALU => C:\Program Files (x86)\Acer\Live Updater\updater.exe [2013-03-13] ()
Task: {39F28A47-0D3E-4C86-90FD-D0EF768E8179} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {3AF54698-227D-4EE5-8D87-91D9FD5C04C3} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2819549147-2898331595-3477625086-1001Core => C:\Users\Mandy85\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-05-07] (Dropbox, Inc.)
Task: {552ED0A1-D4A0-49D7-A22D-6392EF807322} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Keine Datei <==== ACHTUNG
Task: {575145B1-F06C-44FF-9BAC-9C782313EEC1} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-05-11] (Microsoft Corporation)
Task: {6FF28BBC-80F5-420B-A3C0-B55A144BF03C} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {7738D642-2C81-4F34-9527-53B972F0554F} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-04-22] (Adobe Systems Incorporated)
Task: {84843A29-6A20-4951-921F-85A1AD08A7B6} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> Keine Datei <==== ACHTUNG
Task: {931A48DE-860F-4B3E-8BB6-97F75A48AED3} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {974AE9E6-D2CA-4431-9F86-B33D1A78F0CE} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe [2013-01-22] ()
Task: {A615A25C-5CCE-46F5-A76F-7CE29AD6DB80} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Keine Datei <==== ACHTUNG
Task: {B0C4191A-59B4-447B-8F04-69017BA89B2F} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-08-01] (Microsoft Corporation)
Task: {C00BE087-1242-4F15-9BCD-2FE67A927D22} - System32\Tasks\Dolby Selector => C:\Dolby PCEE4\pcee4.exe [2012-08-31] (Dolby Laboratories Inc.)
Task: {C4B6A259-F0AC-4A76-80FC-9278A25D8B3B} - System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 => C:\Program Files\Bitdefender Agent\WatchDog.exe [2016-03-30] (Bitdefender)
Task: {CA7D06D2-26FD-4CB1-A507-907D493876B0} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Keine Datei <==== ACHTUNG
Task: {CE810D14-84E3-4AF4-8AF9-B97792B13978} - System32\Tasks\Microsoft\Windows\Media Center\VideoFetcher => C:\ProgramData\VideoFetcher\VideoFetcher.exe [2016-05-25] () <==== ACHTUNG
Task: {CF83D749-069F-4351-A617-3A2796FD7C71} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Keine Datei <==== ACHTUNG
Task: {D8AE62FC-6424-44AF-B768-0A1CB9F27F6D} - System32\Tasks\bfb7fa6bca096f3265eaf861e87a9130 => powershell.exe -NoProfile -NoLogo -NonInteractive -ExecutionPolicy Bypass -File C:\WINDOWS\bfb7fa6bca096f3265eaf861e87a9130.ps1
Task: {DDA4AC88-DA03-44A2-9EB5-19F4B8253AEC} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\BrowserChoice\browserchoice.exe
Task: {E3201634-DB57-4D3E-A28B-A501CC9C0168} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Keine Datei <==== ACHTUNG
Task: {E7BE02EC-B677-4A4D-BBCD-6FF28000BBF1} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTray.exe [2013-03-15] (Acer Incorporated)
Task: {E7C36DA6-BA32-4825-8E33-6127E1DF742D} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {F74F3580-506E-4AD3-A7D8-6389C27C5122} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-05-14] (Adobe Systems Incorporated)
Task: {FB5DD166-45D2-4E6D-B259-56E52A17C6CA} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Keine Datei <==== ACHTUNG

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-2819549147-2898331595-3477625086-1001Core.job => C:\Users\Mandy85\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-2819549147-2898331595-3477625086-1001UA.job => C:\Users\Mandy85\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

==================== Verknüpfungen =============================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2016-06-10 15:02 - 2013-09-03 14:29 - 00101328 _____ () C:\Program Files\Bitdefender\Bitdefender 2016\bdmetrics.dll
2016-06-10 15:02 - 2016-05-09 11:29 - 01006336 _____ () C:\Program Files\Bitdefender\Bitdefender 2016\otengines_001_001\ashttpbr.mdl
2016-06-10 15:02 - 2016-05-09 11:29 - 00541952 _____ () C:\Program Files\Bitdefender\Bitdefender 2016\otengines_001_001\ashttpdsp.mdl
2016-06-10 15:02 - 2016-05-09 11:29 - 03035488 _____ () C:\Program Files\Bitdefender\Bitdefender 2016\otengines_001_001\ashttpph.mdl
2016-06-10 15:02 - 2016-05-09 11:29 - 01541440 _____ () C:\Program Files\Bitdefender\Bitdefender 2016\otengines_001_001\ashttprbl.mdl
2016-03-18 22:56 - 2016-03-18 22:56 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-04-22 01:07 - 2016-04-22 01:07 - 01337144 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-10-30 09:18 - 2015-10-30 09:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-04-13 08:21 - 2016-03-29 12:20 - 02656952 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-04-13 08:21 - 2016-03-29 12:20 - 02656952 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-05-19 11:56 - 2016-05-19 11:56 - 00959168 _____ () C:\Users\Mandy85\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\ClientTelemetry.dll
2015-09-30 20:39 - 2015-09-30 20:39 - 00415128 _____ () C:\WINDOWS\system32\igfxTray.exe
2016-03-13 11:35 - 2016-03-13 11:35 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-05-11 14:21 - 2016-04-23 06:25 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-05-11 14:22 - 2016-04-23 06:02 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-05-11 14:22 - 2016-04-23 05:58 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-05-11 14:22 - 2016-04-23 05:58 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-05-11 14:22 - 2016-04-23 06:01 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-12-23 15:27 - 2015-12-23 15:27 - 00063376 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
2014-10-25 13:23 - 2016-03-23 14:06 - 00110952 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\zlib1.dll
2014-10-25 13:23 - 2016-03-23 14:06 - 00253800 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\collector.dll
2014-10-25 13:23 - 2016-03-23 14:06 - 00295272 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\stat.dll
2014-10-25 13:23 - 2016-03-23 14:06 - 00104296 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\boost_filesystem-vc120-mt-1_56.dll
2014-10-25 13:23 - 2016-03-23 14:06 - 00020328 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\boost_system-vc120-mt-1_56.dll
2014-10-25 13:23 - 2016-03-23 14:06 - 00044392 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\boost_date_time-vc120-mt-1_56.dll
2013-10-05 17:21 - 2013-03-20 09:47 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2016-05-19 11:56 - 2016-05-19 11:56 - 00679624 _____ () C:\Users\Mandy85\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\ClientTelemetry.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)

AlternateDataStreams: C:\Users\Mandy85\Desktop\FRST64.exe:BDU [0]

==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)


==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)

IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-2819549147-2898331595-3477625086-1001\...\localhost -> localhost

==================== Hosts Inhalt: ===============================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2013-08-22 15:25 - 2016-06-11 15:52 - 00000858 ____A C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 clients2.google.com 

==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-2819549147-2898331595-3477625086-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Mandy85\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKLM\...\StartupApproved\StartupFolder: => "HP Digital Imaging Monitor.lnk"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "PDFPrint"
HKU\S-1-5-21-2819549147-2898331595-3477625086-1001\...\StartupApproved\Run: => "BrowserChoice"

==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{FE16DB55-3448-41B4-AEBB-6B0D5139FDFF}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{A10B8F0E-BC5F-4BBD-9984-DACACF091B94}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{3C82A3AA-44CF-4DB2-A42B-2F1A17F7D0CB}] => (Allow) C:\Program Files\HP\HP ENVY 4500 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{726538A5-3BCE-41FB-8E5C-F068CCDDF1CB}] => (Allow) LPort=5357
FirewallRules: [{3731ECD6-96F2-4875-8A29-A93E0777BA3D}] => (Allow) C:\Program Files\HP\HP ENVY 4500 series\Bin\DeviceSetup.exe
FirewallRules: [{834FADE1-CBBE-4F12-ABD0-D24A4C978059}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [{D0627080-2107-42E9-9D6F-A55DA805090A}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [{E77F4DCB-DEED-480D-BC55-17A4A9589883}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{C2714E79-59AF-4429-9A06-E70D9E4CFA78}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{F735367C-889F-4A83-917C-5AB8BB9C08B0}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{80F933EF-B441-42A8-BED9-370EBF11F053}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqfxt08.exe
FirewallRules: [{FDEDE01A-0AD2-4F5E-8691-688D1D5F9774}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxs08.exe
FirewallRules: [{A9247B39-67D4-4687-AEAE-59A9CB7DB090}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{BF054137-D8BB-41B1-8131-892016F8311D}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{E38BB25F-F9E1-47CE-BA4E-0C5872373956}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpzwiz01.exe
FirewallRules: [{7EAB9F98-68F5-4147-AA22-5EE8EEE010AD}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{A6E78499-1F62-40A8-9692-59B9B1FE8832}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{CA47D9D6-D151-41FB-8530-87C18646810E}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{AC72F3E7-DD52-4C40-8911-D920DE52448D}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposfx08.exe
FirewallRules: [{D5F72E62-61BC-4A22-A352-35ECCDDF440D}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxm08.exe
FirewallRules: [{133DBA7E-71BF-4714-85D9-E76B17757309}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{FFC6105F-3FDB-4041-89EE-A5D399A1FAE6}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{78BDA0A5-8379-4E3F-9DD8-4BB20F3E950A}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{60ED60ED-A553-465F-907D-4BB761AE265C}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{FCBC375E-6537-428F-981A-E8EBF8D11242}] => (Allow) C:\Users\Mandy85\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{F684E320-6333-427A-A285-09D6FAB2D2C1}] => (Allow) C:\Users\Mandy85\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{F9C587CE-B4DD-45AA-9E15-36915C96F8D9}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{0CC6346B-C836-495B-B70D-C36652E0BF04}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{ACBB40FA-0747-4562-9562-4546B7BC58B0}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{E5933716-2F7C-4D8C-A736-1BB175A9A2C9}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{7C145D6A-789F-4542-896C-1AE84640A05B}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{5D7C4460-1404-4AA0-BAAD-FF2CACEA4F14}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{605BB654-018F-4AF8-BD35-9CCBA2184B75}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{29891796-F3C2-4651-9A1C-E5318EA7F5E7}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{560DD717-0809-4E71-881F-7973A916AD96}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{147DD520-8B5B-4E0F-8139-04F38517F780}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\virtualdrive.exe
FirewallRules: [{75833E1C-313A-4269-BF0E-F6C3A39EAEA2}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\virtualdrive.exe
FirewallRules: [{32E4CE4F-1B82-42FB-8C10-BB9D269DE2E7}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\Sdd.exe
FirewallRules: [{8CF1B0BD-91BA-458C-A66F-AFF7936A1236}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\Sdd.exe
FirewallRules: [{AF748F03-5979-4B89-B0F8-1ECF60ADBBD6}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\ccd.exe
FirewallRules: [{2AC2B658-5E33-457F-A20C-58FFF42F31AB}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\ccd.exe
FirewallRules: [{9793FCFC-1FC5-492C-973E-B2AA4086167F}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\WindowsUpnp.exe
FirewallRules: [{B3A0E4D6-44A0-4934-A22A-D42119335FC7}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\WindowsUpnp.exe
FirewallRules: [{A02F5DD8-503B-4E18-BEF8-AD7AAAE7C47D}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\DMCDaemon.exe
FirewallRules: [{B8FCC90B-5CAE-49F8-A5FE-354FD3481893}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\DMCDaemon.exe
FirewallRules: [{8A287AFF-AEAF-47FB-A2D2-8F2B56ECA7A8}] => (Allow) C:\Program Files (x86)\Acer\clear.fi SDK21\Movie\PlayMovie.exe
FirewallRules: [{AA24E7A9-7EDE-46A8-A815-FAEE7AFFF659}] => (Allow) C:\Program Files (x86)\Acer\clear.fi SDK21\Video\MusicPlayer.exe
FirewallRules: [{47453C64-ED6A-40F3-BD3C-48834B70203F}] => (Allow) C:\Program Files (x86)\Acer\clear.fi SDK21\Video\VideoPlayer.exe
FirewallRules: [{3B2FBB27-4092-4B9B-94E6-0B427F493B0E}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\WindowsUpnpMV.exe
FirewallRules: [{42FF2468-0E05-4A6C-9563-FAE7E6517E35}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\WindowsUpnpMV.exe
FirewallRules: [{BCCBFC24-F941-4A26-892A-1A0D9BB81465}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\DMCDaemon.exe
FirewallRules: [{814039D2-D9A5-46DD-AEC8-E28F63B94CD8}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\DMCDaemon.exe
FirewallRules: [{8E578593-A08D-4D6B-BB46-38C977439879}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{8AA7C6A4-925A-42D4-B203-5166ACF9BD63}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{AD9751DC-1387-4474-B15E-1B944D565CB5}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{50F41FC0-DD8A-45E6-9563-62F8E297C04B}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{64465223-B060-4B3A-A4CC-2DD80071E511}] => (Allow) C:\Program Files (x86)\Nero\Nero 12\Nero BackItUp\BackItUp.exe
FirewallRules: [{F2ECEB75-552B-42E5-8E41-1064C2DFC3CC}] => (Allow) C:\Program Files (x86)\Nero\Nero 12\Nero BackItUp\BackItUp.exe
FirewallRules: [{202F81ED-B0F5-4B69-83C0-14BD04CC68CE}] => (Allow) C:\Program Files\Common Files\mcafee\platform\mcsvchost\McSvHost.exe
FirewallRules: [{59D9E35E-3977-42AC-A56E-2D01D1B78C7F}] => (Allow) C:\Program Files\Common Files\mcafee\platform\mcsvchost\McSvHost.exe
FirewallRules: [{26273E9A-A545-4382-95D9-7D34CD5B8EB6}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{43155AB8-E284-43EA-83EE-5E461A5B576C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{1AA8DED2-5885-490A-A493-F8FD7A079865}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{785E8305-1D7A-4094-A42D-5FBFD0638181}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{A24D72F6-4ED7-4DA4-8973-1BC727B37D65}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{A9060493-1071-4DF4-A653-7CAE0A456711}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{E1D6B457-BA76-44C8-9FC5-29D80E624DF4}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{B0CCC29B-00F7-439F-8FBC-579D84143473}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{55F60B9F-33DC-4A9D-BF34-E561EAB9FC36}] => (Allow) C:\Program Files\iTunes\iTunes.exe

==================== Wiederherstellungspunkte =========================

26-05-2016 12:21:15 Geplanter Prüfpunkt
02-06-2016 16:37:00 Geplanter Prüfpunkt
10-06-2016 12:02:30 AdBlocker
10-06-2016 19:40:09 JRT Pre-Junkware Removal
10-06-2016 19:44:41 JRT Pre-Junkware Removal

==================== Fehlerhafte Geräte im Gerätemanager =============

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (06/11/2016 10:57:41 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm ApplicationFrameHost.exe, Version 10.0.10586.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Systemsteuerung "Sicherheit und Wartung", um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1620

Startzeit: 01d1c3bd8d6265dd

Beendigungszeit: 9

Anwendungspfad: C:\Windows\System32\ApplicationFrameHost.exe

Berichts-ID: 8931b023-2fb2-11e6-bed9-089e01e6ef9a

Vollständiger Name des fehlerhaften Pakets: 

Auf das fehlerhafte Paket bezogene Anwendungs-ID:

Error: (06/11/2016 10:57:39 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: Mandy)
Description: Das Paket „windows.immersivecontrolpanel_6.2.0.0_neutral_neutral_cw5n1h2txyewy+microsoft.windows.immersivecontrolpanel“ wurde beendet, da das Anhalten zu lange dauerte.

Error: (06/10/2016 08:30:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: svchost.exe, Version: 10.0.10586.0, Zeitstempel: 0x5632d7ba
Name des fehlerhaften Moduls: ESENT.dll, Version: 10.0.10586.212, Zeitstempel: 0x56fa1686
Ausnahmecode: 0xc0000602
Fehleroffset: 0x000000000022885f
ID des fehlerhaften Prozesses: 0xbc8
Startzeit der fehlerhaften Anwendung: 0xsvchost.exe0
Pfad der fehlerhaften Anwendung: svchost.exe1
Pfad des fehlerhaften Moduls: svchost.exe2
Berichtskennung: svchost.exe3
Vollständiger Name des fehlerhaften Pakets: svchost.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: svchost.exe5

Error: (06/10/2016 08:30:09 PM) (Source: ESENT) (EventID: 908) (User: )
Description: svchost (3016) Der Prozess wird aufgrund eines nicht behebbaren Fehlers beendet: PV: 10.0.10586.0 SV: 10.0.10586.0 GLE: 0 ERR: 206(bf.cxx:22073): dllentry.cxx(103) (ESENT[10.0.10586.0] RETAIL RTM MBCS)

Error: (06/10/2016 07:44:42 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.

System Error:
Zugriff verweigert
.

Error: (06/10/2016 07:40:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: SystemSettings.exe, Version: 10.0.10586.11, Zeitstempel: 0x56457cb1
Name des fehlerhaften Moduls: CoreUIComponents.dll, Version: 0.0.0.0, Zeitstempel: 0x56fa0e13
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000000782c7
ID des fehlerhaften Prozesses: 0x1118
Startzeit der fehlerhaften Anwendung: 0xSystemSettings.exe0
Pfad der fehlerhaften Anwendung: SystemSettings.exe1
Pfad des fehlerhaften Moduls: SystemSettings.exe2
Berichtskennung: SystemSettings.exe3
Vollständiger Name des fehlerhaften Pakets: SystemSettings.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: SystemSettings.exe5

Error: (06/10/2016 07:40:25 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.

System Error:
Zugriff verweigert
.

Error: (06/10/2016 07:27:45 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10007) (User: Mandy)
Description: Die Anwendung oder der Dienst "PDF Architect 3 Creator" konnte nicht neu gestartet werden.

Error: (06/10/2016 07:26:17 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10007) (User: Mandy)
Description: Die Anwendung oder der Dienst "PDF Architect 4 Creator" konnte nicht neu gestartet werden.

Error: (06/10/2016 06:09:04 PM) (Source: MsiInstaller) (EventID: 11920) (User: Mandy)
Description: Продукт: AdBlocker -- Ошибка 1920. Не удалось запустить службу "AdBlockerService" (AdBlockerService). Убедитесь в наличии необходимых прав для запуска системных служб.


Systemfehler:
=============
Error: (06/11/2016 03:56:22 PM) (Source: DCOM) (EventID: 10010) (User: NT-AUTORITÄT)
Description: {784E29F4-5EBE-4279-9948-1E8FE941646D}

Error: (06/11/2016 12:19:25 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Synchronisierungshost_37ba4" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (06/11/2016 12:19:25 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalAktivierung{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (06/11/2016 11:05:41 AM) (Source: DCOM) (EventID: 10010) (User: NT-AUTORITÄT)
Description: {784E29F4-5EBE-4279-9948-1E8FE941646D}

Error: (06/11/2016 11:02:12 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "LavasoftTcpService" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (06/11/2016 11:02:12 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "AdBlockerService" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (06/11/2016 11:01:11 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst VSSERV erreicht.

Error: (06/11/2016 11:00:38 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Synchronisierungshost_12f96c7" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (06/11/2016 11:00:37 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalAktivierung{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (06/11/2016 10:59:24 AM) (Source: Schannel) (EventID: 4101) (User: NT-AUTORITÄT)
Description: Das Zertifikat der Client-Anmeldeinformationen für TLS hat keine angefügte Eigenschaft für Privatschlüsselinformationen. Dies kommt häufig vor, wenn ein Zertifikat nicht ordnungsgemäß gesichert ist und anschließend wiederhergestellt wird. Diese Nachricht wird auch bei einem Zertifikatregistrierungsfehler angezeigt.


CodeIntegrity:
===================================
  Date: 2016-05-15 11:30:38.864
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-05-14 16:41:39.064
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-05-13 11:20:32.043
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-05-12 09:25:28.217
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-04-15 07:04:59.768
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-04-13 16:59:15.963
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-04-13 08:39:15.948
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-03-23 19:12:40.829
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-03-20 13:22:42.631
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-03-18 13:12:07.490
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.


==================== Speicherinformationen =========================== 

Prozessor: Intel(R) Celeron(R) 2955U @ 1.40GHz
Prozentuale Nutzung des RAM: 49%
Installierter physikalischer RAM: 3976.27 MB
Verfügbarer physikalischer RAM: 2017.88 MB
Summe virtueller Speicher: 4680.27 MB
Verfügbarer virtueller Speicher: 2579.23 MB

==================== Laufwerke ================================

Drive c: (Acer) (Fixed) (Total:449.51 GB) (Free:375 GB) NTFS

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 9C6396F5)

Partition: GPT.

==================== Ende von Addition.txt ============================

MauD85 · 11.06.2016, 15:14

Und hier das TDSS-Logfile (gefunden wurde nichts....zum Posten: ich musste es teilen, weil der Text über 120000 Zeichen umfasst und damit zu lang war):

Code:

ATTFilter

6:06:45.0208 0x1c98  TDSS rootkit removing tool 3.1.0.9 Dec 11 2015 22:49:12
16:06:45.0208 0x1c98  UEFI system
16:06:55.0295 0x1c98  ============================================================
16:06:55.0295 0x1c98  Current date / time: 2016/06/11 16:06:55.0295
16:06:55.0295 0x1c98  SystemInfo:
16:06:55.0296 0x1c98  
16:06:55.0296 0x1c98  OS Version: 10.0.10586 ServicePack: 0.0
16:06:55.0296 0x1c98  Product type: Workstation
16:06:55.0296 0x1c98  ComputerName: MANDY
16:06:55.0296 0x1c98  UserName: Mandy85
16:06:55.0296 0x1c98  Windows directory: C:\WINDOWS
16:06:55.0296 0x1c98  System windows directory: C:\WINDOWS
16:06:55.0296 0x1c98  Running under WOW64
16:06:55.0296 0x1c98  Processor architecture: Intel x64
16:06:55.0296 0x1c98  Number of processors: 2
16:06:55.0296 0x1c98  Page size: 0x1000
16:06:55.0296 0x1c98  Boot type: Normal boot
16:06:55.0296 0x1c98  ============================================================
16:06:56.0138 0x1c98  KLMD registered as C:\WINDOWS\system32\drivers\20458133.sys
16:06:56.0778 0x1c98  System UUID: {0BCD0F0E-7B3C-36E4-C012-DAE1AA50A28F}
16:06:57.0583 0x1c98  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:06:57.0590 0x1c98  ============================================================
16:06:57.0590 0x1c98  \Device\Harddisk0\DR0:
16:06:57.0591 0x1c98  GPT partitions:
16:06:57.0592 0x1c98  \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {42252903-7468-4BAA-A18B-B588C6BF4172}, Name: Basic data partition, StartLBA 0x800, BlocksNum 0xC8000
16:06:57.0592 0x1c98  \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {FE5A604F-F25A-4CE3-9C3C-11C4F2C8F483}, Name: EFI system partition, StartLBA 0xC8800, BlocksNum 0x96000
16:06:57.0592 0x1c98  \Device\Harddisk0\DR0\Partition3: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {DA9A938F-B803-4DF5-8C09-59B7C0A0CDCD}, Name: Microsoft reserved partition, StartLBA 0x15E800, BlocksNum 0x40000
16:06:57.0592 0x1c98  \Device\Harddisk0\DR0\Partition4: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {7931D13D-4768-403C-A61E-E0606106AF24}, Name: Basic data partition, StartLBA 0x19E800, BlocksNum 0x38306800
16:06:57.0592 0x1c98  \Device\Harddisk0\DR0\Partition5: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {1B735EEB-4D60-4F34-86E3-F497F18178F9}, Name: , StartLBA 0x384A5000, BlocksNum 0xE1000
16:06:57.0592 0x1c98  \Device\Harddisk0\DR0\Partition6: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {6DE5CC29-7FB9-4FDB-B443-3B970C0AC98B}, Name: Basic data partition, StartLBA 0x38586000, BlocksNum 0x1E00000
16:06:57.0592 0x1c98  MBR partitions:
16:06:57.0592 0x1c98  ============================================================
16:06:57.0616 0x1c98  C: <-> \Device\Harddisk0\DR0\Partition4
16:06:57.0616 0x1c98  ============================================================
16:06:57.0616 0x1c98  Initialize success
16:06:57.0616 0x1c98  ============================================================
16:07:32.0116 0x1b54  ============================================================
16:07:32.0116 0x1b54  Scan started
16:07:32.0116 0x1b54  Mode: Manual; SigCheck; TDLFS; 
16:07:32.0116 0x1b54  ============================================================
16:07:32.0116 0x1b54  KSN ping started
16:07:34.0509 0x1b54  KSN ping finished: true
16:07:36.0798 0x1b54  ================ Scan system memory ========================
16:07:36.0798 0x1b54  System memory - ok
16:07:36.0799 0x1b54  ================ Scan services =============================
16:07:36.0988 0x1b54  [ DF1C3D7E6C7929AD83BE22852B5B08CB, 9ECF6211CCD30273A23247E87C31B3A2ACDA623133CEF6E9B3243463C0609C5F ] 1394ohci        C:\WINDOWS\System32\drivers\1394ohci.sys
16:07:37.0072 0x1b54  1394ohci - ok
16:07:37.0113 0x1b54  [ 2C5B3035B86770ADD2FE9BFBAF5B35A4, 19E16F9144FE3E33B5FF248CF0040AB079ACAE22290B1369CC72AE4CB5FE3A90 ] 3ware           C:\WINDOWS\system32\drivers\3ware.sys
16:07:37.0164 0x1b54  3ware - ok
16:07:37.0218 0x1b54  [ 469441BAE3FF8A16826FC62C51EF5E18, E1204677B87F47222D05F670F8DF3DB65EA0881782A8DCFBE0103478ED71187C ] ACPI            C:\WINDOWS\system32\drivers\ACPI.sys
16:07:37.0279 0x1b54  ACPI - ok
16:07:37.0308 0x1b54  [ 7EADED8087C392876521F7EBCE846EF4, 99BF1BD948F97C1ECBC049C7F949B71D73D0B41FB505B2F75B208E655F7DC8A3 ] acpiex          C:\WINDOWS\system32\Drivers\acpiex.sys
16:07:37.0352 0x1b54  acpiex - ok
16:07:37.0382 0x1b54  [ C498887123327CDFD73A05E7A2780920, B45392C46254FCB8D79B6C3A82C8D894063199E6167D8E5F7EA7D60C75CD16EA ] acpipagr        C:\WINDOWS\System32\drivers\acpipagr.sys
16:07:37.0435 0x1b54  acpipagr - ok
16:07:37.0465 0x1b54  [ C8DBE6EFFCF014CAA010B9BDDAC833EC, 96FC29340C62A6B0910DCCBF8945F32089FC300F45B451A540B8854D53734298 ] AcpiPmi         C:\WINDOWS\System32\drivers\acpipmi.sys
16:07:37.0526 0x1b54  AcpiPmi - ok
16:07:37.0546 0x1b54  [ 17039DBEB3B7B9ADCDB4B4533AA9771F, A4D38B144639A20B8B31E4F35FB776A028DB502FAC849FC73EECEB3CCD91830B ] acpitime        C:\WINDOWS\System32\drivers\acpitime.sys
16:07:37.0608 0x1b54  acpitime - ok
16:07:37.0651 0x1b54  [ AAA8E68E685DB1B68747E3DF68F96368, 1A5BE239B2D0C6F727303A98CFFC91070B6A05ECD6B9CD05AB326AC1910ECEBF ] acsock          C:\WINDOWS\system32\DRIVERS\acsock64.sys
16:07:37.0705 0x1b54  acsock - ok
16:07:37.0756 0x1b54  AdBlockerService - ok
16:07:37.0825 0x1b54  [ 36114214BF8D7C464D1E92E4EB6B2DD3, 8E7CB266D4ABCDF332A3D4D341753811D51B72985E36F24A7E757DCA11A65A2A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
16:07:37.0863 0x1b54  AdobeARMservice - ok
16:07:37.0966 0x1b54  [ 6A050671F2C76FB48131F12786802807, 71B37A9CEAE5AB1B069FB010BC547E14445461885B74FA879E63F9F2DAF644A5 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
16:07:38.0028 0x1b54  AdobeFlashPlayerUpdateSvc - ok
16:07:38.0099 0x1b54  [ F7D0CD345D2DA42E7042ABCD73662403, 03183F90A994D69066F15C3DFC1D7D7514AEAF46A5AAC059B1FB327F8C30A35C ] ADP80XX         C:\WINDOWS\system32\drivers\ADP80XX.SYS
16:07:38.0201 0x1b54  ADP80XX - ok
16:07:38.0253 0x1b54  [ 70148EFA9A562E7185B75BBE7D376BF7, 8200E3349A1AFA1040B3D956A17BAF3CDC784A1A3CA396125E7872B36C03D84A ] AFD             C:\WINDOWS\system32\drivers\afd.sys
16:07:38.0310 0x1b54  AFD - ok
16:07:38.0333 0x1b54  [ 870F1A2C936F92B5D053DF7EC75B352F, D617524FD5886D6D3BC2EFBBB5EA310E906454CD7CA7257C3D7BDEA8C4F2DA71 ] agp440          C:\WINDOWS\system32\drivers\agp440.sys
16:07:38.0371 0x1b54  agp440 - ok
16:07:38.0404 0x1b54  [ 3DF7751D5DC6525E7DC6617FBB45054F, 8E6D4C809DB3B66E7558C4829E01F5C227EE614AC82F33FD99DCC629770D1BE3 ] ahcache         C:\WINDOWS\system32\DRIVERS\ahcache.sys
16:07:38.0458 0x1b54  ahcache - ok
16:07:38.0490 0x1b54  [ 19707ECBCEA71080A85DB2336580DB39, A09AE69C9DE2F3765417F212453B6927C317A94801AE68FBA6A8E8A7CB16CED7 ] AJRouter        C:\WINDOWS\System32\AJRouter.dll
16:07:38.0531 0x1b54  AJRouter - ok
16:07:38.0562 0x1b54  [ AA91A5E156D0364ABA7B01658C2EB014, F61055D581745023939C741CAB3370074D1416BB5A0BE0BD47642D5A75669E12 ] ALG             C:\WINDOWS\System32\alg.exe
16:07:38.0604 0x1b54  ALG - ok
16:07:38.0639 0x1b54  [ B70F0F2F54B4A4DB6E9C830454752F5A, C882DEAC30812E5FA4479A8CB688603C6AF269EF08236688F4C5E7EBED1D4572 ] AmdK8           C:\WINDOWS\System32\drivers\amdk8.sys
16:07:38.0669 0x1b54  AmdK8 - ok
16:07:38.0686 0x1b54  [ 35E890482C9728DD5C552B85DA8A5AB2, 1E0EB7D902AB4C38E23CAFC0BEA250E7F6E180E8814385B4F29730BFC373A191 ] AmdPPM          C:\WINDOWS\System32\drivers\amdppm.sys
16:07:38.0736 0x1b54  AmdPPM - ok
16:07:38.0758 0x1b54  [ 5B30BCFE6E02E45D3EE268FF001BC5E0, 9901DB728885CE36911F79998629B2DD42D56AF9633B5277834F498CC59B0346 ] amdsata         C:\WINDOWS\system32\drivers\amdsata.sys
16:07:38.0791 0x1b54  amdsata - ok
16:07:38.0815 0x1b54  [ F20B30F35A5C7888441B4DCA001ECF8E, 695A5BC1F18B65992EB06A202AD3CBFA17228E76DDFD1AE6977FD315724F75C2 ] amdsbs          C:\WINDOWS\system32\drivers\amdsbs.sys
16:07:38.0845 0x1b54  amdsbs - ok
16:07:38.0862 0x1b54  [ AFE838D7576C581D6483529621AB10CC, 14476A04CC64E7A0F1BBFDACCBD7A87F384BE1877C27656DBB973AF3975D4AE2 ] amdxata         C:\WINDOWS\system32\drivers\amdxata.sys
16:07:38.0893 0x1b54  amdxata - ok
16:07:38.0915 0x1b54  [ EDDB0D726DBECDFC1DBCC6DB464E5A13, 98D128D1E6FA270ED9ADBFE50078F68A794C00D4CBB86E28EC6161FFAD0CA8FF ] AppID           C:\WINDOWS\system32\drivers\appid.sys
16:07:38.0984 0x1b54  AppID - ok
16:07:39.0031 0x1b54  [ 7A55F9237F726D1667073A47B0D1B90F, 7C2D9AA84F1D4CC6C1FAF6848DF9479A534E01029C4387E8C0647745F1E74603 ] AppIDSvc        C:\WINDOWS\System32\appidsvc.dll
16:07:39.0109 0x1b54  AppIDSvc - ok
16:07:39.0135 0x1b54  [ 56E219DF92BE16F62308F884739BE022, FE189EE8A52BC5A0E6B76C632021F84F60307A182F2A67C0C0C7CAA72DEFC723 ] Appinfo         C:\WINDOWS\System32\appinfo.dll
16:07:39.0195 0x1b54  Appinfo - ok
16:07:39.0285 0x1b54  [ 3B3774C868868257533EC7E715BB6D53, 4AF1DADCEDBD80BE6EDEC696DF59E65B51D31E33F4C84413CA03C7BD959FF4E5 ] Apple Mobile Device Service C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
16:07:39.0328 0x1b54  Apple Mobile Device Service - ok
16:07:39.0388 0x1b54  [ 610499A73DF3599608EBB6B3F9929052, A9CA49C4A39A825916AB3791090BCFC7044FDB6B2C3538E01F0CFBC2A9931152 ] AppReadiness    C:\WINDOWS\system32\AppReadiness.dll
16:07:39.0468 0x1b54  AppReadiness - ok
16:07:39.0630 0x1b54  [ 087FBBC026DCC0F693E91079B9901B7E, 544DEC1255923DBDC8351B6CE2220FBC9929F2FFE52C91062C23DE7734DA7A2F ] AppXSvc         C:\WINDOWS\system32\appxdeploymentserver.dll
16:07:39.0785 0x1b54  AppXSvc - ok
16:07:39.0811 0x1b54  [ E3FE8F610B1CC12BC3B2E6BC43DC97E2, 0E18542CF2095A9ADA1759AB8F986E78B0A50A3C6B2AD4EACD80A23D832A2C6D ] arcsas          C:\WINDOWS\system32\drivers\arcsas.sys
16:07:39.0846 0x1b54  arcsas - ok
16:07:39.0862 0x1b54  [ 5E00748A1AD246CAECBBB7553BED36CC, DAD2C93F0894E7BB5E5D8D767D8286A909086B49172C504A01097C3A180998C6 ] AsyncMac        C:\WINDOWS\System32\drivers\asyncmac.sys
16:07:39.0901 0x1b54  AsyncMac - ok
16:07:39.0919 0x1b54  [ 492B99D2E3D5D7BFD5F0AE1BE7BD37DD, A3F6BFC4FDC1933FBF3145019B118689A414108B04F43E2563946B2673C89324 ] atapi           C:\WINDOWS\system32\drivers\atapi.sys
16:07:39.0942 0x1b54  atapi - ok
16:07:40.0197 0x1b54  [ 41DFF214D30294F18F64257167F1CCBA, 87BB8BC1AB5EC4F5DAD84CB0B16CDD4634F10DC687264E4C84E47EFEFF4310F6 ] athr            C:\WINDOWS\System32\drivers\athw8x.sys
16:07:40.0460 0x1b54  athr - ok
16:07:40.0513 0x1b54  [ 42BF7FA295F453618104B5A50BEE105B, AB44BA2AD2FC5AF3B6BE4489C444C03FD1AB02C22109BF5F39BE459294C4CB18 ] AudioEndpointBuilder C:\WINDOWS\System32\AudioEndpointBuilder.dll
16:07:40.0566 0x1b54  AudioEndpointBuilder - ok
16:07:40.0656 0x1b54  [ 2A2C0983B6FE62F02E7183335B1F5C20, 07845269FE72894D31D3FC927EECE26333AE9A2149A995DA4AE007276B05C647 ] Audiosrv        C:\WINDOWS\System32\Audiosrv.dll
16:07:40.0760 0x1b54  Audiosrv - ok
16:07:40.0891 0x1b54  [ 2E81F74AB70EDC4B14EB6F1EED7D4E9E, 829ACFA43743E757DE8907D1B111AE3B6030AF8C981AC7B3F3646B2180AF127E ] avc3            C:\WINDOWS\system32\DRIVERS\avc3.sys
16:07:40.0980 0x1b54  avc3 - ok
16:07:41.0042 0x1b54  [ 32612167C1BF3F6B41BFF12FEF3E5E4C, 87E6BC09894CA005556F8759495AB5C62E33C8B104526A052681553A36AAE370 ] avckf           C:\WINDOWS\system32\DRIVERS\avckf.sys
16:07:41.0099 0x1b54  avckf - ok
16:07:41.0130 0x1b54  [ 7062CE507814D5306DCA5D6A15B7B6B6, 9D60506003A66C2E516B1FCB70CC5B26FB3A9948B95D97C828DD0328E76F2C91 ] AxInstSV        C:\WINDOWS\System32\AxInstSV.dll
16:07:41.0181 0x1b54  AxInstSV - ok
16:07:41.0243 0x1b54  [ 6447BA6FA709514B6C803D159B4C7D1E, 549DDCEAD93DF333F6BBD56A9258A867E4DA219741C00D48C68F8F230A87B11A ] b06bdrv         C:\WINDOWS\system32\drivers\bxvbda.sys
16:07:41.0290 0x1b54  b06bdrv - ok
16:07:41.0306 0x1b54  [ B4AC08B1D04D0CE085435E5CD0E663C5, 61E641388E5692B2EB351E44BA1DB86B5305DD105EE56865D59072CA9407C8AC ] BasicDisplay    C:\WINDOWS\System32\drivers\BasicDisplay.sys
16:07:41.0352 0x1b54  BasicDisplay - ok
16:07:41.0368 0x1b54  [ 25B5BB369DEE2BAE4BF459C978FF9035, DBC2157B2AC0BC92B4011CE5E01F2DCDAAE71E37D9D21102503C6455FAAC4DCA ] BasicRender     C:\WINDOWS\System32\drivers\BasicRender.sys
16:07:41.0415 0x1b54  BasicRender - ok
16:07:41.0431 0x1b54  [ 3F5523DCEFE42B385659C5CB46A6B810, CA24A3DF002B19E7BDEDE9B5EB60623F299D0E78B2E4F58DCFC028D76DEFE52D ] bcmfn           C:\WINDOWS\System32\drivers\bcmfn.sys
16:07:41.0462 0x1b54  bcmfn - ok
16:07:41.0477 0x1b54  [ 0B750A6A6D847E73CA48ADD7A0F5A393, 6A43020F23846EFB1AFA3C070465B0059E9DF60DEB16899E09559462DF30939F ] bcmfn2          C:\WINDOWS\System32\drivers\bcmfn2.sys
16:07:41.0524 0x1b54  bcmfn2 - ok
16:07:41.0556 0x1b54  [ 3701D3BF4AC12EAACB1F58847C1D32FC, 29F3DA7E4C1706934BE92D03CB6F633C47D0251E5580958E823B6148DA5E5E73 ] bdelam          C:\WINDOWS\system32\drivers\bdelam.sys
16:07:41.0571 0x1b54  bdelam - ok
16:07:41.0618 0x1b54  [ F374C27099807E99A156953F8416D34A, D267B8CD837290F9FC6B4FFD2DB8F54867D808FB155698FC7713BCAB3AE475B5 ] BDESVC          C:\WINDOWS\System32\bdesvc.dll
16:07:41.0665 0x1b54  BDESVC - ok
16:07:41.0743 0x1b54  [ BCC56866F6A9BD35B2BC4787787C1F32, 491D2205673D50CD8A5DDE9273B7A36704AE55BCD5810B20D82D95CE31F18E7F ] bdfwfpf         C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys
16:07:41.0790 0x1b54  bdfwfpf - ok
16:07:41.0837 0x1b54  [ D8FAF7CFBC81E5E15CA7A7EC8EE1B409, 75E60DF2147DFB109E628FDF80EB1BFA5360E5935BB9237B67053588F906E1B1 ] BDVEDISK        C:\WINDOWS\system32\DRIVERS\bdvedisk.sys
16:07:41.0868 0x1b54  BDVEDISK - ok
16:07:41.0899 0x1b54  [ 5A88834AEE15D97695FAE0837B73B3E4, 03035FB51DE218B8EDB15129A0376DDED0C7E7B6DA58DD95B12E4E5C8D852ED8 ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
16:07:41.0946 0x1b54  Beep - ok
16:07:42.0024 0x1b54  [ 37F5E2385CB4D10AB42186974B9C241A, D38FA2B8CE19AC32056060F04B04D031F1621C07528DEDCCD5A8C01AB0A35995 ] BFE             C:\WINDOWS\System32\bfe.dll
16:07:42.0087 0x1b54  BFE - ok
16:07:42.0165 0x1b54  [ 64582C924C48175D52AED0D0E64AB413, 75DC6BC01D26A4BABEDB8013F0C106780F0991CA63075798C7C24B66022F58E3 ] BITS            C:\WINDOWS\System32\qmgr.dll
16:07:42.0290 0x1b54  BITS - ok
16:07:42.0352 0x1b54  [ B5C2F92EE1106DFE7BB1CCE4D35B6037, E399C390687589194D8AAD385055F0CFA7D52AD9E837D8FF95008B8EB2B34E50 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
16:07:42.0384 0x1b54  Bonjour Service - ok
16:07:42.0415 0x1b54  [ DA2C6F7ACE392193C424FEA975C5BFFB, 668F91F3E5F8EA170C10823D6959E0EDB32434C51FAA68BEA782EDDF5618690E ] bowser          C:\WINDOWS\system32\DRIVERS\bowser.sys
16:07:42.0493 0x1b54  bowser - ok
16:07:42.0556 0x1b54  [ 492FB85E61768950CDD27C87AED6E8FA, 1BFF11D899581E406D1AB5F2C66C9D816161ECF4B81AAACCCA3663875E86C0A5 ] BrokerInfrastructure C:\WINDOWS\System32\bisrv.dll
16:07:42.0681 0x1b54  BrokerInfrastructure - ok
16:07:42.0743 0x1b54  [ A617BE5E429A035A1CA8217C1B16F0BB, 197EE6C6EB22FF8A626540886F5A2163CC4CB177504C5423856F54BF01EB0FF1 ] Browser         C:\WINDOWS\System32\browser.dll
16:07:42.0806 0x1b54  Browser - ok
16:07:42.0853 0x1b54  [ C6978F7EBA6F37D626482AC6B9390630, B4BF939AB9962A61DE9518604C20347DC2A6FCDCEB3D8AEF295AF12E6F2CDCF3 ] BTATH_BUS       C:\WINDOWS\System32\drivers\btath_bus.sys
16:07:42.0885 0x1b54  BTATH_BUS - ok
16:07:42.0978 0x1b54  [ 239A81CC18170F3369D389DA65E74342, 5E26976176A6651B149784B1ED86ECCA133B7755EBB8B04361A8DDB705767AA3 ] BtFilter        C:\WINDOWS\system32\DRIVERS\btfilter.sys
16:07:43.0056 0x1b54  BtFilter - ok
16:07:43.0088 0x1b54  [ CAEC7BC11AF69A181AF7932E636E09E4, 503C69045F1E025CBEE2405043BB71CC58478985ECAF6587F73FCB57860F5709 ] BthAvrcpTg      C:\WINDOWS\System32\drivers\BthAvrcpTg.sys
16:07:43.0119 0x1b54  BthAvrcpTg - ok
16:07:43.0135 0x1b54  [ 5F2B4B32E986C058525D3BA2A475A16C, CEC5BB0B025DD9525CFBBEDF6EB6F63336534798495A4F95763CE112DF915088 ] BthHFEnum       C:\WINDOWS\System32\drivers\bthhfenum.sys
16:07:43.0181 0x1b54  BthHFEnum - ok
16:07:43.0197 0x1b54  [ 5406289E8AE2CB52FC408154E0A64BA7, 0A3795F2E6E2B51198452CF69A99159D8E11650E95F41DF0B575CB72F9C6C6B5 ] bthhfhid        C:\WINDOWS\System32\drivers\BthHFHid.sys
16:07:43.0244 0x1b54  bthhfhid - ok
16:07:43.0322 0x1b54  [ BAB101E7826BE287F79C4BA721621989, E6DD25C89267FE87253B8226292F2894F5E702075D3B23B09339D3B28744C060 ] BthHFSrv        C:\WINDOWS\System32\BthHFSrv.dll
16:07:43.0384 0x1b54  BthHFSrv - ok
16:07:43.0416 0x1b54  [ A76F20CCCA31895A1DA78A875E50F946, ECD4B3670DA5984AA24F4354457B4E45983938A89FF6DB03B556A633B4B37E3C ] BTHMODEM        C:\WINDOWS\System32\drivers\bthmodem.sys
16:07:43.0463 0x1b54  BTHMODEM - ok
16:07:43.0525 0x1b54  [ A289FE26F5D8B5121D84DDEE6241CC26, 76549DBC55ACDB53FDA8A4F87EC8A52408ADDED469D2F3DAAE54C0218B8A872E ] BTHPORT         C:\WINDOWS\System32\drivers\BTHport.sys
16:07:43.0619 0x1b54  BTHPORT - ok
16:07:43.0666 0x1b54  [ 7A177E18AA6A6A6365E6351C2BF8EDAE, A35224A20014B1215A6824AE5E17B8869A775EA272EF7F25EAFFA18733F8D09D ] bthserv         C:\WINDOWS\system32\bthserv.dll
16:07:43.0728 0x1b54  bthserv - ok
16:07:43.0760 0x1b54  [ 281439D412441B2A39B63D20EE3E5D88, CAE6312F622427309C07017508291EF02C7DE2EA3B1929745C1D9B4A069AE726 ] BTHUSB          C:\WINDOWS\System32\drivers\BTHUSB.sys
16:07:43.0791 0x1b54  BTHUSB - ok
16:07:43.0838 0x1b54  [ BF89BDBA5D3A0B4256D3F6FC8D31880D, 940F3BF55B88261C9E9A951A092331559FC5B24FE3BA0F1E1AB3450D2CA364C1 ] buttonconverter C:\WINDOWS\System32\drivers\buttonconverter.sys
16:07:43.0900 0x1b54  buttonconverter - ok
16:07:43.0963 0x1b54  [ C24C27FDF93B85A4EFCF25F830253AA2, 35C87518BB59663B57C2361A13AD4E57E37392598F1EB9F07F86CA5A6321AF5A ] CapImg          C:\WINDOWS\System32\drivers\capimg.sys
16:07:44.0025 0x1b54  CapImg - ok
16:07:44.0228 0x1b54  [ D2B943C3B41A96A4E093DAB46E69E69F, 799BFAE6D8B600F6CD47D81E8C2F5995DA71914E6B5193F5E97E1CCB6997EBC4 ] CCDMonitorService C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe
16:07:44.0353 0x1b54  CCDMonitorService - ok
16:07:44.0369 0x1b54  [ 7F9C7226D743B232907ED2537B8A574F, 2211AFC30E8F8FA03020DB48EE14914CD31E50BB6A63FF20AC7C6FA481E72C18 ] cdfs            C:\WINDOWS\system32\DRIVERS\cdfs.sys
16:07:44.0416 0x1b54  cdfs - ok
16:07:44.0463 0x1b54  [ 0A92DC116CFC7F6BE8167DD25CB925CC, 50CAC7BE14FF69B10C029E049F7C441A5572540F027F95F940B185C76C689409 ] CDPSvc          C:\WINDOWS\System32\CDPSvc.dll
16:07:44.0510 0x1b54  CDPSvc - ok
16:07:44.0541 0x1b54  [ 82D97776BF982AA143BDC7DFB5054EA8, 954F56728371E6B3514586DCEAF15C4727BAED6CAFBF788654C4E03BD702942C ] cdrom           C:\WINDOWS\System32\drivers\cdrom.sys
16:07:44.0588 0x1b54  cdrom - ok
16:07:44.0619 0x1b54  [ 4E9158CECF77A029AB98E8FBB43FCED5, AFF8BDB8F8F8DDF4FC0D65712E031DC360856CD3CE5C8A4C8FF960388F37462F ] CertPropSvc     C:\WINDOWS\System32\certprop.dll
16:07:44.0681 0x1b54  CertPropSvc - ok
16:07:44.0713 0x1b54  [ 0505C1D991D0F9D47F3353BB98597C7E, 3B801CCF4980256327A4A9FBD98007DA1E3ACE9C94E5A4C23AB21303B46E8B5A ] circlass        C:\WINDOWS\System32\drivers\circlass.sys
16:07:44.0744 0x1b54  circlass - ok
16:07:44.0791 0x1b54  [ 8B4B39C507ABA09AAFE8E3932D1B392C, 734700155A658BC08FC96E8F99A01DE7F7251D7DDEFA79D258B2EEB370BA7AA8 ] CLFS            C:\WINDOWS\system32\drivers\CLFS.sys
16:07:44.0838 0x1b54  CLFS - ok
16:07:44.0901 0x1b54  [ F7526C133AC265F283012E9CD751F873, 6AABDD92FD880F49F63C1CC478C3D8291AF670802CEC58B32730E7675D858D88 ] ClipSVC         C:\WINDOWS\System32\ClipSVC.dll
16:07:44.0963 0x1b54  ClipSVC - ok
16:07:44.0994 0x1b54  [ 95832B049E2833B9F5189823CDF946C7, 72773A42A89220B4A6AC72D1633B16F11191A44D876A44FAB5CEFB717CE3223D ] CmBatt          C:\WINDOWS\System32\drivers\CmBatt.sys
16:07:45.0026 0x1b54  CmBatt - ok
16:07:45.0057 0x1b54  [ 3B866F8CB10719A5AF9E410B1B149714, B0A32B526290ED8E1DD93C70AB49DD417B82CA23D6B815163131247091D61DBA ] CNG             C:\WINDOWS\system32\Drivers\cng.sys
16:07:45.0119 0x1b54  CNG - ok
16:07:45.0135 0x1b54  [ 58D640BC2294C71BDE0953F12D4B432F, 0B3B7659FCB97791A2A1F895C8E6F9078F855C94C13EB47464492588C4B02B85 ] cnghwassist     C:\WINDOWS\system32\DRIVERS\cnghwassist.sys
16:07:45.0182 0x1b54  cnghwassist - ok
16:07:45.0229 0x1b54  [ 14F9883588398A1BDE49C75098C75DE6, D9D82DE89FAFE60BC902683BC44C7555533A030150FD5E5A35A24542FACC5CAD ] CompositeBus    C:\WINDOWS\System32\DriverStore\FileRepository\compositebus.inf_amd64_912dfdedc3d2f520\CompositeBus.sys
16:07:45.0244 0x1b54  CompositeBus - ok
16:07:45.0260 0x1b54  COMSysApp - ok
16:07:45.0291 0x1b54  [ 02B8E49148DE5E0A2F6FDF28CE94A6AC, EEA405823F441CA604BEAA44EB71A1D20BC80E124FF7B27380D0201AAF2E0849 ] condrv          C:\WINDOWS\system32\drivers\condrv.sys
16:07:45.0322 0x1b54  condrv - ok
16:07:45.0385 0x1b54  [ 86BE19C6A177AEB93302EA5C4FBE2D11, 5404AB84D270549B1A46574EBDC857525F71B117BE3BA0098FA0A696E56D5C39 ] CoreMessagingRegistrar C:\WINDOWS\system32\coremessaging.dll
16:07:45.0447 0x1b54  CoreMessagingRegistrar - ok
16:07:45.0541 0x1b54  [ 700A193A1555B083E3A08F5D3A844925, 974F7F0C78289EFE821407E418EB65A022D6445DED8EA112B9866784AF0221EE ] cphs            C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
16:07:45.0604 0x1b54  cphs - ok
16:07:45.0635 0x1b54  [ 2CE0D74AED86A372997E9D77AE10B9F5, 1AFAA22C68FD0B81F73CE0EB763AD77AB97E78916752843A5056E1352F0FEA82 ] CryptSvc        C:\WINDOWS\system32\cryptsvc.dll
16:07:45.0666 0x1b54  CryptSvc - ok
16:07:45.0697 0x1b54  [ 2619DC483579DB9FE804044C1ADFFD1A, 23A5420288735A980917091532BE7BB36EB51660AA4555C615AF736357EB02EC ] dam             C:\WINDOWS\system32\drivers\dam.sys
16:07:45.0744 0x1b54  dam - ok
16:07:45.0791 0x1b54  [ B339861C6A2A86FBCA67C2006B461473, 228ADC8A8603C0A4342C6CBC6F2CC919271D42391365061AF660E0D7151C66A4 ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
16:07:45.0885 0x1b54  DcomLaunch - ok
16:07:45.0916 0x1b54  [ 620921E77351FB651632322AD2C195C4, 5A98971995D7A2B5AE6BEA69344FCC6687B582FEF74BDA206D32FB2E6CEB0478 ] DcpSvc          C:\WINDOWS\system32\dcpsvc.dll
16:07:45.0979 0x1b54  DcpSvc - ok
16:07:46.0026 0x1b54  [ 6129EA4294C5C69E4665801E95B16AB2, CE419186CF0F57434426FF925A09F13BE87639679CBB5F2074B0E1A243349D27 ] defragsvc       C:\WINDOWS\System32\defragsvc.dll
16:07:46.0088 0x1b54  defragsvc - ok
16:07:46.0135 0x1b54  [ D12B9B6A6C4885824876422AACC89954, 5853ED5CAF84B7AAFF3EDC5C71FE23EB121DB681D81267D77118424BA9AB6F88 ] DeviceAssociationService C:\WINDOWS\system32\das.dll
16:07:46.0182 0x1b54  DeviceAssociationService - ok
16:07:46.0229 0x1b54  [ 15BA68662CED4B0618010A54478E18E5, 1B913BFA7AA11F3A82D80E95FC4857B810D341F9E68545710F90EBE44DAC1DF8 ] DeviceInstall   C:\WINDOWS\system32\umpnpmgr.dll
16:07:46.0276 0x1b54  DeviceInstall - ok
16:07:46.0322 0x1b54  [ 5BF8BD9B19D665452494C8D56DF4B28D, E5FC649207EF42C04B6737D442FECD3383E82F8998B140319FF400773F1D0978 ] DevQueryBroker  C:\WINDOWS\system32\DevQueryBroker.dll
16:07:46.0369 0x1b54  DevQueryBroker - ok
16:07:46.0401 0x1b54  [ 935823F79CBEDB91637B63D37E3A5A36, BE9A46F1CA631B9252C71758901D55456DC3C143053003D9FA7D67811A1E5026 ] Dfsc            C:\WINDOWS\system32\Drivers\dfsc.sys
16:07:46.0447 0x1b54  Dfsc - ok
16:07:46.0479 0x1b54  [ 5841A361D28069DFC82E1E98040FDC3F, 3A48DB7ADE90654242CB54DAD07F5FF0CD5CABF372C50D5B2C4D7AED068986E1 ] Dhcp            C:\WINDOWS\system32\dhcpcore.dll
16:07:46.0541 0x1b54  Dhcp - ok
16:07:46.0604 0x1b54  [ 9F5AC03F5A0000DD96FA29CD68A6605B, 6964E077635E65DA902CA6C69E704A9DCD5856D22BA75E1CF823E63E62266AF7 ] diagnosticshub.standardcollector.service C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
16:07:46.0635 0x1b54  diagnosticshub.standardcollector.service - ok
16:07:46.0744 0x1b54  [ 15D174719872A30F2FDD6B5B1B8BA5D9, B0E6FF6FC47B731C204F110D4B768231906B144B31F602ECE8EAC24D70BA880D ] DiagTrack       C:\WINDOWS\system32\diagtrack.dll
16:07:46.0838 0x1b54  DiagTrack - ok
16:07:46.0963 0x1b54  [ 6B589D7870F836BEFC183897CCAB2856, 2D00DD081DDC3AC1A936AB7E58A0CB3DDB3F02F609B308F464C2719581848262 ] DigitalWave.Update.Service C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe
16:07:47.0026 0x1b54  DigitalWave.Update.Service - ok
16:07:47.0073 0x1b54  [ 4904B152E4942BF700F2D73228B4D477, 0E5646DCA05A24C71F057C9F9F64AE992D338DA72DF3126175C2FA178854C30F ] disk            C:\WINDOWS\system32\drivers\disk.sys
16:07:47.0104 0x1b54  disk - ok
16:07:47.0135 0x1b54  [ 49F069E2D22F33955A69D44DFD1B5179, 739C52C7B961BA683E8C7CCDB0E95423C17561B2F1F506BAE923DC53DB96B067 ] DmEnrollmentSvc C:\WINDOWS\system32\Windows.Internal.Management.dll
16:07:47.0198 0x1b54  DmEnrollmentSvc - ok
16:07:47.0229 0x1b54  [ 0197AE4B9790A4E73751CACFAA480126, 86BBB398F1A93754B2C329271F13A88FD2F285F30225C38F068F565CCA14EB9F ] dmvsc           C:\WINDOWS\System32\drivers\dmvsc.sys
16:07:47.0276 0x1b54  dmvsc - ok
16:07:47.0307 0x1b54  [ 5EF8EC71A7A91F3DF7798BEFE6786B0E, A3A56B43C72926881C66B7A17C9EAA35C2D9603C8D3849438838536BCD3F4633 ] dmwappushservice C:\WINDOWS\system32\dmwappushsvc.dll
16:07:47.0369 0x1b54  dmwappushservice - ok
16:07:47.0401 0x1b54  [ 5839A317C25F70979433E0905DFABB1B, 7F1CD50C77A33A10259D8A208A355BE7ECAFEA69F810AD908EF8878A792741AF ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
16:07:47.0463 0x1b54  Dnscache - ok
16:07:47.0510 0x1b54  [ 1B15297A3A2CAB6BD586676154F389D8, 623D5F5FC8622B7D9AEEEB1787E6846C1570F0EEF94341239440B616D09D672A ] dot3svc         C:\WINDOWS\System32\dot3svc.dll
16:07:47.0557 0x1b54  dot3svc - ok
16:07:47.0588 0x1b54  [ 316C2D8B8E3C0727969F1C3790EF7193, 631F8578FDB26578C8436E4B9C4DF21E1F58FCFE6DA66E5769AAC3739005D465 ] DPS             C:\WINDOWS\system32\dps.dll
16:07:47.0635 0x1b54  DPS - ok
16:07:47.0666 0x1b54  [ 25FA06D3B49D6ADF8E874FFCDCD76B50, 9AF09B96ED79D94EA36581ABE6CC73313A72891779774B15860D018BEA2BBA0F ] drmkaud         C:\WINDOWS\System32\drivers\drmkaud.sys
16:07:47.0698 0x1b54  drmkaud - ok
16:07:47.0744 0x1b54  [ 16EE6701115BECF8C657D9D6E123F6A1, 16E115B5245C3C988F8B58B90D30F183021C7C7792D3D1C74BEC606E49672B2A ] DsmSvc          C:\WINDOWS\System32\DeviceSetupManager.dll
16:07:47.0807 0x1b54  DsmSvc - ok
16:07:47.0854 0x1b54  [ FBC8C56814642A7CA88ACBCA8DD1121F, 108690704A359991C3D6577477E232F5F2F46B36DF6B4B0738A893EF05D7D4EB ] DsSvc           C:\WINDOWS\System32\DsSvc.dll
16:07:47.0901 0x1b54  DsSvc - ok
16:07:48.0010 0x1b54  [ 48D8729FACC784900B831212AE56F824, 6AAE1E78B84D0C12B99BE050B787AA167E6BA0B5AA621BEE0DB5312A4771DA63 ] DXGKrnl         C:\WINDOWS\System32\drivers\dxgkrnl.sys
16:07:48.0119 0x1b54  DXGKrnl - ok
16:07:48.0151 0x1b54  [ 0CDF6B61D7F7FFCD195AF0113B9B2C16, 828D3FA31742B54075EAED2E67BBB5166D2EF4F84B791077E96DC0BD5557F11E ] Eaphost         C:\WINDOWS\System32\eapsvc.dll
16:07:48.0198 0x1b54  Eaphost - ok
16:07:48.0463 0x1b54  [ 491275B864B704B54EC08168344E0F38, B4849400C3F819CF7809A2001EA2ECB527022483F7DFE31C3930F951EAFE50CE ] ebdrv           C:\WINDOWS\system32\drivers\evbda.sys
16:07:48.0619 0x1b54  ebdrv - ok
16:07:48.0666 0x1b54  [ 889459F1FDDC5EC58B437AA6C436F33F, 8ACC32C88D81943A8A90FDAF4772C3EDE06CAB5F489F59525BEA7AAB99DAAE73 ] EFS             C:\WINDOWS\System32\lsass.exe
16:07:48.0698 0x1b54  EFS - ok
16:07:48.0729 0x1b54  [ CEF108FCE06892CFA5F1B49527D4BF49, FA337584024B6E6EE4AF519F57FFA4C0FCA19EDC148FF309336C4CCA8F9C9CE8 ] EhStorClass     C:\WINDOWS\system32\drivers\EhStorClass.sys
16:07:48.0760 0x1b54  EhStorClass - ok
16:07:48.0783 0x1b54  [ 5B1EAAE3001A7A320C106FC3859F4111, 700BA2C7D4DFAFFEB78D3804B310A4EE5B4295C84600442665693FF661673951 ] EhStorTcgDrv    C:\WINDOWS\system32\drivers\EhStorTcgDrv.sys
16:07:48.0846 0x1b54  EhStorTcgDrv - ok
16:07:48.0877 0x1b54  [ E34DEFC09F2843C2C24C2248F1ABE6D8, 1FD67EB5820A1D2F4402DE9D95DE288DB69D421A8473074FF23491D7CA8B5ACE ] embeddedmode    C:\WINDOWS\System32\embeddedmodesvc.dll
16:07:48.0940 0x1b54  embeddedmode - ok
16:07:48.0986 0x1b54  [ 062152DD5B225518A991DFCD8536770C, 5C8EF4E0C7DE3B24387FF239A8D0CDA39C2376826F16EAFF09739A6C7EDA01E0 ] EntAppSvc       C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll
16:07:49.0049 0x1b54  EntAppSvc - ok
16:07:49.0189 0x1b54  [ 616E1B9130314EB0E331197940AA625B, A4736A31EFF6D35A27B0EC14A7C855B7577301500E20CE936B0F1C0013F0FDF0 ] ePowerSvc       C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
16:07:49.0236 0x1b54  ePowerSvc - ok
16:07:49.0268 0x1b54  [ 7A2705148A4BB3CA255F81624338B461, 68AC8F8D2DD8AA4E8F2224A0054DE2AF67EA199217E87CD3C7299B021048F14F ] ErrDev          C:\WINDOWS\System32\drivers\errdev.sys
16:07:49.0283 0x1b54  ErrDev - ok
16:07:49.0361 0x1b54  [ 17BE4A35829B37C742084DC02D48E5F0, 7FDA62B56DF585C3F2C6FFB10AC7C0D8F70FA921C4DEA47B2789745CFE2618CE ] EventSystem     C:\WINDOWS\system32\es.dll
16:07:49.0455 0x1b54  EventSystem - ok
16:07:49.0486 0x1b54  [ DFE8A33FBCF6F38182631A4D6097B92D, F9D06780830E74FD5309E6DC5C3EEDB9334A8AE284F381FA91EF2729297F8632 ] exfat           C:\WINDOWS\system32\drivers\exfat.sys
16:07:49.0533 0x1b54  exfat - ok
16:07:49.0565 0x1b54  [ C330883C06E2D4CE4F6982F048265D37, 26044DE176056B7F5BF2A50A659243CFD7F25CFEE035B3A3C3165B3699872926 ] fastfat         C:\WINDOWS\system32\drivers\fastfat.sys
16:07:49.0611 0x1b54  fastfat - ok
16:07:49.0658 0x1b54  [ 952F10D2116B91BA433842D07879AE7A, 9E1EC0C719877EF198AA4DDBE896E9DDEAD360AAC1FC6DF305E7C5C73C7A761D ] Fax             C:\WINDOWS\system32\fxssvc.exe
16:07:49.0736 0x1b54  Fax - ok
16:07:49.0752 0x1b54  [ 9D299AE86D671488926126A84DF77BFD, C076EEDD0524B7D88BC56C97089E0A836CC1AD725E1A544CC4F8DDBB6670C366 ] fdc             C:\WINDOWS\System32\drivers\fdc.sys
16:07:49.0799 0x1b54  fdc - ok
16:07:49.0815 0x1b54  [ 47D09B8C312658ACE433E46DDF51C3A5, E76948DA0F51C7DC6D69B7E36D63CE6E98FDE619FA30E91637F75B5084107D22 ] fdPHost         C:\WINDOWS\system32\fdPHost.dll
16:07:49.0861 0x1b54  fdPHost - ok
16:07:49.0893 0x1b54  [ 177AC945B20C81400A1525ED7B49A425, FD215A2E718EA38A95D985F53AB3DD44B50C2549AA67F44BA98C4709E492051F ] FDResPub        C:\WINDOWS\system32\fdrespub.dll
16:07:49.0924 0x1b54  FDResPub - ok
16:07:49.0940 0x1b54  [ 3E78BEC276DA5A062E4D55F3291B3463, 62983457F506C70D1F89F527AB61C1C0F4D1B002631256A2708F9AF092A8C95E ] fhsvc           C:\WINDOWS\system32\fhsvc.dll
16:07:49.0986 0x1b54  fhsvc - ok
16:07:50.0002 0x1b54  [ 8F2523C9D8F1448FF2156452AF60FA00, 1D39CA54F5F1E62385D9EC041F9445BDDCB63740859B9418AE904FDF3D8388ED ] FileCrypt       C:\WINDOWS\system32\drivers\filecrypt.sys
16:07:50.0033 0x1b54  FileCrypt - ok
16:07:50.0049 0x1b54  [ 92ECCFA58C8195B8EA33ED942469D4E6, 8DB12E8CF80ECA22182F9A1F4CA922336A430297F1F596F204ECF4D9D19F30D9 ] FileInfo        C:\WINDOWS\system32\drivers\fileinfo.sys
16:07:50.0065 0x1b54  FileInfo - ok
16:07:50.0127 0x1b54  [ 33AD2746CEC4BE95029E482B1A12BDB6, 826EB3CC5718C72BE3215B8AC6925D36E7D1921A32CA2A16B1C30C58D0153A3C ] FileOpenManager C:\Program Files\FileOpen\Services\FileOpenManager64.exe
16:07:50.0158 0x1b54  FileOpenManager - ok
16:07:50.0174 0x1b54  [ 87C51FDD50C17882BA93E28BBABB9847, 8987D80FB77D1D3F9E89B491B1287B027DA26FFC4E4BA7B01E07D4D4FC69E236 ] Filetrace       C:\WINDOWS\system32\drivers\filetrace.sys
16:07:50.0205 0x1b54  Filetrace - ok
16:07:50.0221 0x1b54  [ E99261DD76D1C9E05AF575939CAE5AC5, A789724FD2E22AFB2F921836F5C19A21D17F4BBD604771E2908C2651BD31989C ] flpydisk        C:\WINDOWS\System32\drivers\flpydisk.sys
16:07:50.0268 0x1b54  flpydisk - ok
16:07:50.0283 0x1b54  [ 25D7A58625E1453E40D36825DE74E4F1, 74119803D35E3C3CC349B44C6CD9EDF6B797F88584B847F0BF9EED542719B86B ] FltMgr          C:\WINDOWS\system32\drivers\fltmgr.sys
16:07:50.0330 0x1b54  FltMgr - ok
16:07:50.0440 0x1b54  [ 4387DE200BF8DD0E2EE828E655434B9A, 9148D65E54663EEC139E754091F47ABF439A637BEA83F600D30736522DAA845D ] FontCache       C:\WINDOWS\system32\FntCache.dll
16:07:50.0580 0x1b54  FontCache - ok
16:07:50.0705 0x1b54  [ E79DAC43A5E191FC4DDB04197A704BFA, 2FA6C8B5B2DFE66C05828E3F55DFD6268A8210E9BD083F2D09367AD59AF1C6C1 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
16:07:50.0752 0x1b54  FontCache3.0.0.0 - ok
16:07:50.0768 0x1b54  [ B4175E8BE60B099686FF55CA7D692316, 3158FC5B4D1A2F1FC1346754392AE24AE58999B9061B1CE78A65E785BFFADD52 ] FsDepends       C:\WINDOWS\system32\drivers\FsDepends.sys
16:07:50.0815 0x1b54  FsDepends - ok
16:07:50.0830 0x1b54  [ CC71372CEB811A72F1DC99089C5CBF53, BB9DDE74D60E534A6F8A51B63DDBB441245F06A00A0AFD37DBBE86255690946D ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
16:07:50.0861 0x1b54  Fs_Rec - ok
16:07:50.0924 0x1b54  [ 50DFE05C698E9B0A63D95E3D669A105C, 3A7D5AE4A01B90C2ECF22AD2783A84C2329EAB9BACFA5237A7DCC3DC5995A864 ] fvevol          C:\WINDOWS\system32\DRIVERS\fvevol.sys
16:07:51.0002 0x1b54  fvevol - ok
16:07:51.0018 0x1b54  [ B9981A4CB9F728B3312A3885BFAA7204, 12FB2EB2E5D2A912769823DD9C1B33DB358CD0B7FBFC788529EF83DD584334F8 ] gagp30kx        C:\WINDOWS\system32\drivers\gagp30kx.sys
16:07:51.0065 0x1b54  gagp30kx - ok
16:07:51.0111 0x1b54  [ 8E98D21EE06192492A5671A6144D092F, B8F656B34D361EA5AFB47F3A67AB2221580DADA59C8CD0CB83181E4AD8B562B4 ] GEARAspiWDM     C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
16:07:51.0143 0x1b54  GEARAspiWDM - ok
16:07:51.0174 0x1b54  [ 77555B11B264991DDC26872FFCF1AB97, D5F230EEF74EB869F771F8A4AB19C1E6C845BB0EF4A1234882EBDA4FDC431E44 ] gencounter      C:\WINDOWS\System32\drivers\vmgencounter.sys
16:07:51.0221 0x1b54  gencounter - ok
16:07:51.0237 0x1b54  [ F3AC9652D88BF87BA6596CBEA28CE10F, 115F3C0A5B9903B17ADEA80E1825FE927B7361F5BDDF80CE3685EF2D327EDF4F ] genericusbfn    C:\WINDOWS\System32\drivers\genericusbfn.sys
16:07:51.0268 0x1b54  genericusbfn - ok
16:07:51.0299 0x1b54  [ F802FBABF0C4DF1BAA733187B2E476F5, E2533284CEBBB872196B013DD1FBBCA794DB1CAAA37D64849BD9264ECDD2CEE6 ] GPIOClx0101     C:\WINDOWS\system32\Drivers\msgpioclx.sys
16:07:51.0346 0x1b54  GPIOClx0101 - ok
16:07:51.0440 0x1b54  [ B55458A83395A2CFD4E745E9EC4AB5F2, EAB06B089D8A7DBC9AE2A1C919B489911690D341013A5F8F906819C68431CA85 ] gpsvc           C:\WINDOWS\System32\gpsvc.dll
16:07:51.0549 0x1b54  gpsvc - ok
16:07:51.0580 0x1b54  [ D011B0ADB15F4815310CE1BF4780B33E, 3860630917F83A89FE7A6407CC544505FA4BD754619CF273DD630ABFBAAE42EE ] GpuEnergyDrv    C:\WINDOWS\system32\drivers\gpuenergydrv.sys
16:07:51.0643 0x1b54  GpuEnergyDrv - ok
16:07:51.0690 0x1b54  [ E4B7F2553A127E86E11343ED15320A99, A4EA52DF5D24EF8210192669934D3D0DD1A0E4CCAAD014D52F58D58A9D3C886A ] gzflt           C:\WINDOWS\system32\DRIVERS\gzflt.sys
16:07:51.0737 0x1b54  gzflt - ok
16:07:51.0768 0x1b54  [ 84BC034B6BB763733C1949B7B9BAF976, 18C2C0F15BAFA46197F0BB629C4F585D893C2A78324CA198F88A04527D524F23 ] HDAudBus        C:\WINDOWS\System32\drivers\HDAudBus.sys
16:07:51.0815 0x1b54  HDAudBus - ok
16:07:51.0846 0x1b54  [ 6B8CB114B8E64C0636EB49F7B914D1FC, 1AD7A43CC5CD99DCEF60C61242B6843D4AD925CE93BA5D75CD8395C7125EF5A7 ] HidBatt         C:\WINDOWS\System32\drivers\HidBatt.sys
16:07:51.0893 0x1b54  HidBatt - ok
16:07:51.0909 0x1b54  [ D1AD197CCDAAC0CB4819DA1D6EB17BAE, C370F974D0A1F7B60F47EAFF57B6CCABE82913187F8BFEE169B8237AE91247B1 ] HidBth          C:\WINDOWS\System32\drivers\hidbth.sys
16:07:51.0955 0x1b54  HidBth - ok
16:07:51.0971 0x1b54  [ 64909DECCFCC6FB5D9A5BAFDCCB31FEE, E19C91FD8D5102A8C4F6C6FF70CA058BB272FEC1B6E9CBA3A473C49948E6AC7E ] hidi2c          C:\WINDOWS\System32\drivers\hidi2c.sys
16:07:52.0018 0x1b54  hidi2c - ok
16:07:52.0034 0x1b54  [ F510F7B7BF61DEAAC04E65C3B65E8D59, 11566086B06FB08B6A179E3068E022DA381C762DC8962D1E1D63DC646DD4D301 ] hidinterrupt    C:\WINDOWS\System32\drivers\hidinterrupt.sys
16:07:52.0065 0x1b54  hidinterrupt - ok
16:07:52.0096 0x1b54  [ 90F3ED42D423C942BA5EA54E2FFE7AC7, BF7DE0C8141CD20A6235657BA897A019ABEFF6A01AA3FB202C73C33433CDEAF8 ] HidIr           C:\WINDOWS\System32\drivers\hidir.sys
16:07:52.0127 0x1b54  HidIr - ok
16:07:52.0159 0x1b54  [ 46DE2EF6382DD9613CB506760648F262, 419555220794380134A64E1956B83B2FD1D1B6E403C5FC729A9107E14A12E968 ] hidserv         C:\WINDOWS\system32\hidserv.dll
16:07:52.0190 0x1b54  hidserv - ok
16:07:52.0221 0x1b54  [ 128DEDDD61915DBA4D451D91D21F0513, 961A0DDA02B0879989300C15E4FF9022882A4CD895D65335C263AC0DD1918314 ] HidUsb          C:\WINDOWS\System32\drivers\hidusb.sys
16:07:52.0252 0x1b54  HidUsb - ok
16:07:52.0299 0x1b54  [ 7FD586369B597798535C098E63818AAC, A87D20E169629C827D19D44DE9F057E608FD1B2615F8613C56CD4234826BC9CF ] hitmanpro37     C:\WINDOWS\system32\drivers\hitmanpro37.sys
16:07:52.0331 0x1b54  hitmanpro37 - ok
16:07:52.0377 0x1b54  [ 7CEC266216126BC9A0E1072E1A7E5702, 6B2C0768C8F2590E65B9520D266C07D1A9D89B9E185CC359B0453F399836759F ] HomeGroupListener C:\WINDOWS\system32\ListSvc.dll
16:07:52.0471 0x1b54  HomeGroupListener - ok
16:07:52.0534 0x1b54  [ E2145534FB853921788F52701BED0CAB, DF71F842772FAC21DD8994C97F578A78AC43D06C5F26F752FB69B47DFE3BB112 ] HomeGroupProvider C:\WINDOWS\system32\provsvc.dll
16:07:52.0596 0x1b54  HomeGroupProvider - ok
16:07:52.0690 0x1b54  [ 0D0213498683414DDE29B1686A4C08D5, E9B64406C04B6E55CBD17E7C47B023CEA11FEE07B791154129D6F4F29D15AB7F ] hpqcxs08        C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
16:07:52.0752 0x1b54  hpqcxs08 - ok
16:07:52.0799 0x1b54  [ EE281DD6843F3F697C1AD7933EEB1E9B, 1ECE31C2150B92DDC1DCBBCECFE3E979F2C60B3F106280E3167BEC0269BF7A41 ] hpqddsvc        C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
16:07:52.0846 0x1b54  hpqddsvc - ok
16:07:52.0877 0x1b54  [ FF442DCDCE1F6E9FAA9C8AD0CD1D199B, A239414E97B310C9545995B0E723B5E792B08D71F651450EB006AD4D1765E4F7 ] HpSAMD          C:\WINDOWS\system32\drivers\HpSAMD.sys
16:07:52.0924 0x1b54  HpSAMD - ok
16:07:53.0018 0x1b54  [ 63C3F74DC398A1C1A77E39DFB9C312CA, 283A13899838B4313BFBC406E832042696C549640A1AB11E23C0B9E499289836 ] HTTP            C:\WINDOWS\system32\drivers\HTTP.sys
16:07:53.0096 0x1b54  HTTP - ok
16:07:53.0127 0x1b54  [ CBA5E88A0F0475B7F49653BB72150BEF, 0F03560D9C30E069D117A555AEE729C81E6BCAE443FA25172D0E9E6903695C67 ] hwpolicy        C:\WINDOWS\system32\drivers\hwpolicy.sys
16:07:53.0174 0x1b54  hwpolicy - ok
16:07:53.0190 0x1b54  [ D668FAB4B0397B426EE3D41683B9A1C0, 66F3E3B2ABC3C9B25A0DADBF09818547ED301230374AC5302B4794629A95DDF8 ] hyperkbd        C:\WINDOWS\System32\drivers\hyperkbd.sys
16:07:53.0205 0x1b54  hyperkbd - ok
16:07:53.0252 0x1b54  [ 53FDD9E69189E546DE4740F8C4D8AB2F, 45ED5B229ED5FD0CEE8BF52EFF88FD8B1889BF348ED7187926F290B3AD48A76D ] i8042prt        C:\WINDOWS\System32\drivers\i8042prt.sys
16:07:53.0268 0x1b54  i8042prt - ok
16:07:53.0284 0x1b54  [ 9A2A2F3C69B9A30B6E78536F6D258BAD, 5E28E132A7300E6F5E0C6439D6BA00F1AEF66D729FF671FDA91274A25A921463 ] iai2c           C:\WINDOWS\System32\drivers\iai2c.sys
16:07:53.0315 0x1b54  iai2c - ok
16:07:53.0330 0x1b54  [ 59A20F5AD9F4AE54098154359519408E, E27B7389C9D123CDDA4EC9CBDB06C4AA5000012391F940EE1492419B593608FE ] iaLPSS2i_I2C    C:\WINDOWS\System32\drivers\iaLPSS2i_I2C.sys
16:07:53.0377 0x1b54  iaLPSS2i_I2C - ok
16:07:53.0409 0x1b54  [ 16A10CCEDCF5AC4CAAE43DC9FC40392F, F77696AE55B992154A3B35F7660BD73E0AB35A6ECEEC1931C0D35748CFA605C0 ] iaLPSSi_GPIO    C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys
16:07:53.0424 0x1b54  iaLPSSi_GPIO - ok
16:07:53.0440 0x1b54  [ EB82A11613326691508D9ED9A4FE29E7, 8445E41BAB21964C7F014742795E462BDDC6C37A261990B3D6BF4E637A719547 ] iaLPSSi_I2C     C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys
16:07:53.0471 0x1b54  iaLPSSi_I2C - ok
16:07:53.0534 0x1b54  [ B9E489CC1EA3284FEED33799DC70612D, 0DD714A3A37C391B38F4EEEB3F85C3C3C056F4AAB4A5EFA63835AD967BC25B51 ] iaStorA         C:\WINDOWS\system32\drivers\iaStorA.sys
16:07:53.0580 0x1b54  iaStorA - ok
16:07:53.0627 0x1b54  [ 6B0029A0253098CCE28EACCFDB9E7208, E33AD69644E1683A971DA1169B704FBCFD9F715E9550816058E420BB5DE4D946 ] iaStorAV        C:\WINDOWS\system32\drivers\iaStorAV.sys
16:07:53.0690 0x1b54  iaStorAV - ok
16:07:53.0721 0x1b54  [ 9652E1E35A92D8C75710C17A63B15796, 72F8C4A49B874226DEE9B7C9704F0E0A98DAA2DF4EAE2F2258E8324ACBD242E4 ] iaStorV         C:\WINDOWS\system32\drivers\iaStorV.sys
16:07:53.0768 0x1b54  iaStorV - ok
16:07:53.0815 0x1b54  [ FFADF691F7BF727AF5C863454A372723, FCF5A5595E8C9C937BE9F1C3AB5D9BD0EFE82DE1298D12085E0CCD84A186D2F2 ] ibbus           C:\WINDOWS\System32\drivers\ibbus.sys
16:07:53.0878 0x1b54  ibbus - ok
16:07:53.0909 0x1b54  [ 80BF2990E01E774D64F6E13F30661942, ADFEA2280D29F2C7B0A556C61709301D6327C288064FF5A4D29358403DF41DCE ] icssvc          C:\WINDOWS\System32\tetheringservice.dll
16:07:53.0987 0x1b54  icssvc - ok
16:07:53.0987 0x1b54  IEEtwCollectorService - ok
16:07:54.0284 0x1b54  [ 548712979B0BA12ECE2D8549797593D4, 6809412A76DE30C914A65BB8546E436AD540E00610D5D13FDE486C4446E95C24 ] igfx            C:\WINDOWS\system32\DRIVERS\igdkmd64.sys
16:07:54.0550 0x1b54  igfx - ok
16:07:54.0612 0x1b54  [ BA1BA1C9E40BCEB88678747C1E7C256F, C85CC690D353FCEBFD243304C25EEAA2BC13DB1E2A4C8C65371F455511540959 ] igfxCUIService2.0.0.0 C:\WINDOWS\system32\igfxCUIService.exe
16:07:54.0659 0x1b54  igfxCUIService2.0.0.0 - ok
16:07:54.0706 0x1b54  [ 357FCAD00EF02194519D54270849B032, ED2ACF63DD8A1F5C4B846C6F51336CA3B2170BA15A4E95739CCEFD8D6FEA3522 ] ignis           C:\WINDOWS\system32\DRIVERS\ignis.sys
16:07:54.0737 0x1b54  ignis - ok
16:07:54.0784 0x1b54  [ 95A03F67830FDCB950E70261128D540D, D052CB703500E2871CF51E015E444F2A99FA9A7579AC422104F0E411F6107BD0 ] IKEEXT          C:\WINDOWS\System32\ikeext.dll
16:07:54.0878 0x1b54  IKEEXT - ok
16:07:54.0909 0x1b54  [ FC7C456AF9B9811499EDBD10616832EE, CA2D8B0E672D3AE449C2FF0B9E142D74E8C72FD877D11162A9F7CC51AF58220F ] intaud_WaveExtensible C:\WINDOWS\system32\drivers\intelaud.sys
16:07:54.0925 0x1b54  intaud_WaveExtensible - ok
16:07:55.0081 0x1b54  [ 443E340366681EFCAA7B95512EA18733, EA17A9B3B954182C99D6C1A1CD9217AC03A9718BD784FA1B5E91DF26C4ED7183 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RTKVHD64.sys
16:07:55.0221 0x1b54  IntcAzAudAddService - ok
16:07:55.0268 0x1b54  [ 0E0B99617ED3FDB6C5F0E2D62709B5DF, A656CA3A60E62BE16A015150B23136CE150F9876B4035E9E8D8E73D1707B37A4 ] IntcDAud        C:\WINDOWS\system32\DRIVERS\IntcDAud.sys
16:07:55.0331 0x1b54  IntcDAud - ok
16:07:55.0440 0x1b54  [ DDA8E5AD97231AB50B81FED04C28F64C, 5C9E8F7CC45A9AE7FF12A02641562E271D84894DFA7C50218AC2AAA298251B60 ] Intel(R) Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe
16:07:55.0503 0x1b54  Intel(R) Capability Licensing Service Interface - detected UnsignedFile.Multi.Generic ( 1 )
16:07:57.0863 0x1b54  Detect skipped due to KSN trusted
16:07:57.0863 0x1b54  Intel(R) Capability Licensing Service Interface - ok
16:07:57.0941 0x1b54  [ 86FE509640D77FB0998FC8B1FF5523C6, 13E895DEB9B84379251699D7E52C5E3FD888994425DE01B6C4634F9E959D5584 ] Intel(R) Capability Licensing Service TCP IP Interface C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
16:07:58.0003 0x1b54  Intel(R) Capability Licensing Service TCP IP Interface - ok
16:07:58.0081 0x1b54  [ 726BFAF3DC2071218F0AE53C919A4D3B, 7934BB42C16F1DAA80AB92FA4AF4BFDD2B8AF73EF55D95950E4A77DBB3DCBF4A ] Intel(R) ME Service C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
16:07:58.0128 0x1b54  Intel(R) ME Service - ok
16:07:58.0144 0x1b54  [ ECDB27420D3A98424666904525A8562A, BDA98C3C95F2AD79945EF8213D5C65064052C09C82DD36F0D6724E1D21DCC30A ] intelide        C:\WINDOWS\system32\drivers\intelide.sys
16:07:58.0159 0x1b54  intelide - ok
16:07:58.0175 0x1b54  [ 8FF1978643EFD219C5BA49690191D701, 6FD78A8490107C80090D7125644B8C910855374BE1373D1D6B199307C79680BA ] intelpep        C:\WINDOWS\system32\drivers\intelpep.sys
16:07:58.0206 0x1b54  intelpep - ok
16:07:58.0238 0x1b54  [ B61B60F36E1C8022FA8166ABF0F66B07, 23161F1DA51D44D936329E62DF4C2DAEE3DDD4B3D62CC501A888C0E149788968 ] intelppm        C:\WINDOWS\System32\drivers\intelppm.sys
16:07:58.0269 0x1b54  intelppm - ok
16:07:58.0300 0x1b54  [ CA0D42029AFFC4514D295E1EF823D02D, F2A05CB2B2E8C843FD02DC37E86F23CF928A4B2F9044424A60DE4E82B87DF5C3 ] IoQos           C:\WINDOWS\system32\drivers\ioqos.sys
16:07:58.0347 0x1b54  IoQos - ok
16:07:58.0394 0x1b54  [ 6E3F9D95235DFC9417384080A216F310, 6F13D72661038A91CFABB360621F4B169D78955C3EAD64956A7C825ABAEC5121 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
16:07:58.0441 0x1b54  IpFilterDriver - ok
16:07:58.0534 0x1b54  [ 6E75B731A8A7EFED0821327B08DAB46D, A77B746447824BD3C68B82D7329B82D62098B2409F8AEE4738FA23CB1561E629 ] iphlpsvc        C:\WINDOWS\System32\iphlpsvc.dll
16:07:58.0659 0x1b54  iphlpsvc - ok
16:07:58.0675 0x1b54  [ 4F527ECB5EAB47D8EAF34A469666C469, 8FFBEEF42515B6A7758BE579ED69E3911856CBF7710D9785011332C5E3DFE495 ] IPMIDRV         C:\WINDOWS\System32\drivers\IPMIDrv.sys
16:07:58.0706 0x1b54  IPMIDRV - ok
16:07:58.0738 0x1b54  [ 9E5E8F2A1996F23B7E9687846AA81B01, 29E59384A4F92B3B4F2974942C91A12380113C13D3800900B5F44E2355D05455 ] IPNAT           C:\WINDOWS\system32\drivers\ipnat.sys
16:07:58.0785 0x1b54  IPNAT - ok
16:07:58.0847 0x1b54  [ 2BFF13AC46A5850161317D0F924B5B42, B8A09F66435EC6582F8772515988503CC13DC200A370EBB8C3FE661F2EA688DA ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
16:07:58.0925 0x1b54  iPod Service - ok
16:07:58.0941 0x1b54  [ C317EB660138BC9CBFE37CCDE56351AE, F3AF6C573419D7F65C96A4841D4F056CA281CD5AFACDC7A5F586A390DC6E615B ] IRENUM          C:\WINDOWS\system32\drivers\irenum.sys
16:07:58.0988 0x1b54  IRENUM - ok
16:07:59.0003 0x1b54  [ 531994A6D9399D9B74BE12B5BB58A81E, 6D5CF540C777F4828E1D4C5FE58EE41E6C2F5F399C554DC85F19D1E52229B094 ] isapnp          C:\WINDOWS\system32\drivers\isapnp.sys
16:07:59.0035 0x1b54  isapnp - ok
16:07:59.0066 0x1b54  [ 68D5354A4A9692EEC24664C60F47D4A2, 92124E98B6E286B6127DC6D0BFACC9C6D293D58EAE2B47B45532714CE6A6D0CD ] iScsiPrt        C:\WINDOWS\System32\drivers\msiscsi.sys
16:07:59.0113 0x1b54  iScsiPrt - ok
16:07:59.0144 0x1b54  [ A90C843F4FDD7A07129BA73C6BE13976, A76DEA9F09E3B2F18D3B646A0DD39E2773EC62E2F3C55421BA61C12190D78C1C ] iwdbus          C:\WINDOWS\System32\drivers\iwdbus.sys
16:07:59.0160 0x1b54  iwdbus - ok
16:07:59.0207 0x1b54  [ 1128B38EEC9DAF1B36373B65E87C00A3, 071E9454B9B442C2C3272FBC1AE5E92911A23CDB99F1C718C34067A70B99F910 ] jhi_service     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
16:07:59.0238 0x1b54  jhi_service - ok
16:07:59.0269 0x1b54  [ 701D7DB13B0815E7076EF4CB4CE981F8, 02585661656C0069AC318B82DE83DAC660451A0B970FDBCA0F7A8B4CBF7D93A9 ] kbdclass        C:\WINDOWS\System32\drivers\kbdclass.sys
16:07:59.0300 0x1b54  kbdclass - ok
16:07:59.0316 0x1b54  [ 884EBBDDBF5968003B40185BD96FF0E6, E3934D0FF0BEDDF5526AF529F7D15BA8BE479383894975B1AF1A1818C394A6E3 ] kbdhid          C:\WINDOWS\System32\drivers\kbdhid.sys
16:07:59.0331 0x1b54  kbdhid - ok
16:07:59.0347 0x1b54  [ 6B3A0C7902811E6372643447E41F7048, 30667B56A306CFD5D15BC46F8E7D9E167612E71B6C8F554406E706A6330F5B94 ] kdnic           C:\WINDOWS\System32\drivers\kdnic.sys
16:07:59.0378 0x1b54  kdnic - ok
16:07:59.0410 0x1b54  [ 889459F1FDDC5EC58B437AA6C436F33F, 8ACC32C88D81943A8A90FDAF4772C3EDE06CAB5F489F59525BEA7AAB99DAAE73 ] KeyIso          C:\WINDOWS\system32\lsass.exe
16:07:59.0425 0x1b54  KeyIso - ok
16:07:59.0441 0x1b54  [ 982C795DE20CED7AEDD2E7899B5D9BC1, 9F4E7536DB253CD83AA2AB89E9F3311714CD70F13AFD16F9B4D4CD86A70FC164 ] KSecDD          C:\WINDOWS\system32\Drivers\ksecdd.sys
16:07:59.0472 0x1b54  KSecDD - ok
16:07:59.0519 0x1b54  [ 7D8B9214692C4D0F1646215D9984E19A, DC73503A8CA67F4E167DEA69AADDEA5F2D756E1C1F4FF42B6ECEA7E637BB80AB ] KSecPkg         C:\WINDOWS\system32\Drivers\ksecpkg.sys
16:07:59.0566 0x1b54  KSecPkg - ok
16:07:59.0597 0x1b54  [ E9BB0023D730701BB5D9839B44F5E6B5, 19D4BAC09424D331922472CFD2D0E32BEFA9188A6AF194C8D1F93FD77CE36691 ] ksthunk         C:\WINDOWS\system32\drivers\ksthunk.sys
16:07:59.0644 0x1b54  ksthunk - ok
16:07:59.0691 0x1b54  [ 71DE1AD9B23661EEC4F2A6EAA5A7D33D, 3219AEF3D6AE5933AE669FD2ED9ED95A8780612E39F31DB3DB9ED6B6244C5F7B ] KtmRm           C:\WINDOWS\system32\msdtckrm.dll
16:07:59.0738 0x1b54  KtmRm - ok
16:07:59.0818 0x1b54  [ 8BBB2B4429AF340481520C20C17FC5B6, 9E32815349195FC4B1BE213600FD407F2EAEEC8368289EB3E6B769125A739C08 ] LanmanServer    C:\WINDOWS\system32\srvsvc.dll
16:07:59.0880 0x1b54  LanmanServer - ok
16:07:59.0927 0x1b54  [ 1F5D48B1DA1B812BD2411CA44D75DD32, D1BDB8142CB13E8C6DD6F42E07C9D19BBBF6410D5122A04C01B34B95B442DD95 ] LanmanWorkstation C:\WINDOWS\System32\wkssvc.dll
16:07:59.0974 0x1b54  LanmanWorkstation - ok
16:07:59.0990 0x1b54  LavasoftTcpService - ok
16:08:00.0021 0x1b54  [ 02C54C5C7EBE371EC0C59795ED22213F, 712AFE0EDF40436124F3FD55ED9B5A3A33A8761A58F4D482BB65229741B1C270 ] lfsvc           C:\WINDOWS\System32\lfsvc.dll
16:08:00.0068 0x1b54  lfsvc - ok
16:08:00.0084 0x1b54  [ 01BF128CC327A2E53898F732AF52B3DB, D62ACDA69D9942F9CEF400874DBB6EAF9811D9657CBFEF89174F88D76BB8D8EA ] LicenseManager  C:\WINDOWS\system32\LicenseManagerSvc.dll
16:08:00.0131 0x1b54  LicenseManager - ok
16:08:00.0162 0x1b54  [ EC34EED89C34B27C292166B725AC7A7B, 58F1BA0CB7743314AC012A82F8CE4072CBDD05D9570C52BC18DC551882F5B1BA ] lltdio          C:\WINDOWS\system32\drivers\lltdio.sys
16:08:00.0240 0x1b54  lltdio - ok
16:08:00.0271 0x1b54  [ 2C23283A0815B048C06D8C0ED76AAD95, 4335546939C1A98CFE9A4403CC82D79CC713439E4DFD1F4760FDD867305151E0 ] lltdsvc         C:\WINDOWS\System32\lltdsvc.dll
16:08:00.0349 0x1b54  lltdsvc - ok
16:08:00.0381 0x1b54  [ 95DD1E89A772A383E0FDC677A2E2ED44, 94701ACC1F4D5422CB7084609BC25D34A05F68829DB5030AA6697BD7DBC3B0B2 ] LMDriver        C:\WINDOWS\System32\drivers\LMDriver.sys
16:08:00.0412 0x1b54  LMDriver - ok
16:08:00.0443 0x1b54  [ CB6365E995F4DB856866500EDD8F61C1, 717ED387F245CAC68217B0F393D7B8AB3805721AB2C4D2D43430FE6E740F0856 ] lmhosts         C:\WINDOWS\System32\lmhsvc.dll
16:08:00.0490 0x1b54  lmhosts - ok
16:08:00.0537 0x1b54  [ 60471C88EB4906DB0C2026B3290EE4B6, D51752E4149A5BA578BF9F8DA83443BFF0719BAA34D91BD938DAC831BC0BA6DC ] LMS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
16:08:00.0599 0x1b54  LMS - ok
16:08:00.0693 0x1b54  [ 287979F25EBBE306F1D972643D273905, 6C62706A8CF03017F3A0D55134D02111C3E1E765EE18AD2199852E00DB3987FC ] LMSvc           C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe
16:08:00.0740 0x1b54  LMSvc - ok
16:08:00.0771 0x1b54  [ 961F28D879D345BFA50AF51285C90F2E, F9931A436651F695B746BC0C07E833D9C9F64126746DF976E691E6CAE26DAC9B ] LSI_SAS         C:\WINDOWS\system32\drivers\lsi_sas.sys
16:08:00.0787 0x1b54  LSI_SAS - ok
16:08:00.0802 0x1b54  [ 6BFB8D1B3407518BE06B6F81F92FA0F5, DE0818DCC0D8D1D30A29AB167C65461A78100ABE2368637CEB9D0ED2B4E88D8E ] LSI_SAS2i       C:\WINDOWS\system32\drivers\lsi_sas2i.sys
16:08:00.0849 0x1b54  LSI_SAS2i - ok
16:08:00.0865 0x1b54  [ BE0E47988D78F731DEC2C0CB03E765CB, CA0015E87A3962611DBF714253FA618A6568346BAE640884432C1D44DE4C8684 ] LSI_SAS3i       C:\WINDOWS\system32\drivers\lsi_sas3i.sys
16:08:00.0881 0x1b54  LSI_SAS3i - ok
16:08:00.0896 0x1b54  [ F99BF02BE9219986817BF094981EEB18, 4303C772366065885C5D937B2E9AC0BF80C84BFB2737716055AD57BF6AADD673 ] LSI_SSS         C:\WINDOWS\system32\drivers\lsi_sss.sys
16:08:00.0927 0x1b54  LSI_SSS - ok
16:08:00.0990 0x1b54  [ FFAA37FBBDD161E8C200C83B40F7872E, 0637B3119FC220CB8E23EE6694A9F1F25CF8D61008B14F6E30FDC17DCF9E077E ] LSM             C:\WINDOWS\System32\lsm.dll
16:08:01.0052 0x1b54  LSM - ok
16:08:01.0084 0x1b54  [ 2FCF837196082864F66CFD9CAB256275, 8BE01C3BCBC1E6E5D1FD7F49E936482E61ACB805F397AB81B8D39C2F0F1083BD ] luafv           C:\WINDOWS\system32\drivers\luafv.sys
16:08:01.0131 0x1b54  luafv - ok
16:08:01.0162 0x1b54  [ 56B24B359838BE86B013C2CFD38BDFC4, 38EA2D320F0CD80E3654AA1A5CA1CCAB1CA5519A562EEE41DC2E5EDF47CEF3F4 ] MapsBroker      C:\WINDOWS\System32\moshost.dll
16:08:01.0193 0x1b54  MapsBroker - ok
16:08:01.0271 0x1b54  [ 78488AF2AB2111D67B3C4044707A519B, 7AA71B9C4C7949A1A21F60EF7CCEDE0079794990696B60557B5DC86F4D47223A ] MBAMSwissArmy   C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
16:08:01.0302 0x1b54  MBAMSwissArmy - ok
16:08:01.0334 0x1b54  [ 2ED29B635F35E31A1C0D3DDB7DD2AD03, F70CC20B98C2DBCD13B0D509D92B3BC3828D1B88F3ACD60C860E163064844181 ] megasas         C:\WINDOWS\system32\drivers\megasas.sys
16:08:01.0365 0x1b54  megasas - ok
16:08:01.0396 0x1b54  [ 22E3CB85870879CBAE13C5095A8B12E3, 5FA5A8EFBA117089CFDBE09743A16BC3A7CC2042C96ABA1F57901747493106BF ] megasr          C:\WINDOWS\system32\drivers\megasr.sys
16:08:01.0459 0x1b54  megasr - ok
16:08:01.0490 0x1b54  [ E0EF6C1399A9B1AAA0B28590411BED04, 10C193D1ED434A6DC2AD8C450012B9AF1C848A0A0B3B775F13495648FB77E009 ] MEIx64          C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys
16:08:01.0506 0x1b54  MEIx64 - ok
16:08:01.0552 0x1b54  [ F2C23E25636BCA3543E6AD7858E861B7, 0CAB0A037471B4858CE9477E49BF50A5E3E6685E05F8A4BD2D9238551D5073A6 ] MessagingService C:\WINDOWS\System32\MessagingService.dll
16:08:01.0599 0x1b54  MessagingService - ok
16:08:01.0662 0x1b54  [ D41920FBFFF2BBCBBC69A5B383AD022E, E66218A8303422EA10C19BA12343740B9A1A70B11B39E185E805B4F74CD2B75E ] mlx4_bus        C:\WINDOWS\System32\drivers\mlx4_bus.sys
16:08:01.0740 0x1b54  mlx4_bus - ok
16:08:01.0771 0x1b54  [ 64BD0C87064EA20C2D3DC4199F9C239C, ED69706277A58ED2C5F2B1B4E9A4A9C7C20173D46EB57FB31D8B63340BA23193 ] MMCSS           C:\WINDOWS\system32\drivers\mmcss.sys
16:08:01.0818 0x1b54  MMCSS - ok
16:08:01.0834 0x1b54  [ 8D4B46FA84A3A3702EDADD37FAC6EDBA, E3B9E12BD324FE637C365FDC5E490C41889047004D4FC8F7D78339484F2F717B ] Modem           C:\WINDOWS\system32\drivers\modem.sys
16:08:01.0881 0x1b54  Modem - ok
16:08:01.0896 0x1b54  [ 78FEC1BDB168370F131BFBFEA0A04E9D, E07B1BC429C2CFBD6162F89A6502C67A4BAD904ADC05D3505D87A0B2BCE1061B ] monitor         C:\WINDOWS\System32\drivers\monitor.sys
16:08:01.0943 0x1b54  monitor - ok
16:08:01.0974 0x1b54  [ D1CC0833CFBC4222A95CAA5D0C8C78FF, 54F04374C6D3EFF5C1B794C069870458F10757E5773AEE911957089EAF51EC8D ] mouclass        C:\WINDOWS\System32\drivers\mouclass.sys
16:08:01.0990 0x1b54  mouclass - ok
16:08:02.0006 0x1b54  [ C2E05EC6B80BCF5AE362DA873E1BCE64, 4ABE5CA2005A54E92259EDB52205A5C59BDB83026FC0CD7CBB1E3A003C2B535B ] mouhid          C:\WINDOWS\System32\drivers\mouhid.sys
16:08:02.0037 0x1b54  mouhid - ok
16:08:02.0052 0x1b54  [ D5B7668A8F6C67C51FA5C6C513396D6C, 35985AD89344A8464BD78B8DA6A772E4E60A2EB93072AC23673A86EFD0B2270A ] mountmgr        C:\WINDOWS\system32\drivers\mountmgr.sys
16:08:02.0084 0x1b54  mountmgr - ok
16:08:02.0146 0x1b54  [ D6F67A73E6557578B755F7B534E00F47, 769F3D6CB86B2DC4065BDE4CE39139879B7D96F455A3BE80C7ECEAD5494E8B79 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
16:08:02.0177 0x1b54  MozillaMaintenance - ok
16:08:02.0209 0x1b54  [ 5FBCB85D127BE21E3A9DAF11A13C00EA, D00AB99CC813E26B0BD2D39161D4138AB89A06B3E3A28712F2D5BCA60905BEC4 ] mpsdrv          C:\WINDOWS\system32\drivers\mpsdrv.sys
16:08:02.0240 0x1b54  mpsdrv - ok
16:08:02.0302 0x1b54  [ 0B28F2ACE5103586D322AD98FAA01309, CE3053DEB6E452C6DCDFD371CF113EB0D740DED6C1C537CB749D1BE5E97FAB09 ] MpsSvc          C:\WINDOWS\system32\mpssvc.dll
16:08:02.0412 0x1b54  MpsSvc - ok
16:08:02.0474 0x1b54  [ BF6CA7EA5ECD6CF72D3D76652A9B8280, 8EC031D0D8E75CB583B129CBA518701097697498621307108388FA05FBF604BB ] MRxDAV          C:\WINDOWS\system32\drivers\mrxdav.sys
16:08:02.0521 0x1b54  MRxDAV - ok
16:08:02.0552 0x1b54  [ 0B3B0C1D86050355676640488FA897D3, DBED9D6F7AAFB11F4C00C1F69DB7A887A3058E5FA66615A1640242439822B60C ] mrxsmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
16:08:02.0599 0x1b54  mrxsmb - ok
16:08:02.0646 0x1b54  [ 1A490555FD330CA2764D89191177C867, 1004AE2F80BEA9A6DBA3E6B5D2DDFA44FBA253F7137D60B000B094699DE1CB12 ] mrxsmb10        C:\WINDOWS\system32\DRIVERS\mrxsmb10.sys
16:08:02.0693 0x1b54  mrxsmb10 - ok
16:08:02.0740 0x1b54  [ 0F47A6C09F0A7FB5513D322A2B9BE4EC, 00A17CB55D232E11F3D24D0B43FE4FA9E55F7EF5E5607B26ED84C13108AAC4FA ] mrxsmb20        C:\WINDOWS\system32\DRIVERS\mrxsmb20.sys
16:08:02.0795 0x1b54  mrxsmb20 - ok
16:08:02.0832 0x1b54  [ A4411C522D41707D5BCA817A5BB9E30B, EF7505BE475ECAB2B5E66A7419EDAF42A7E7A65BAD3BBE346A8CEE5DD69782CC ] MsBridge        C:\WINDOWS\system32\drivers\bridge.sys
16:08:02.0895 0x1b54  MsBridge - ok
16:08:02.0942 0x1b54  [ 807A6636828E5F43C10A01474B8907EE, F275645F4F0D0A796C33C03EA7FA563A0B890AB3A93E5F99C5EA166F91D249B1 ] MSDTC           C:\WINDOWS\System32\msdtc.exe
16:08:03.0004 0x1b54  MSDTC - ok
16:08:03.0036 0x1b54  [ D123343DDB02E372B02BF2C4293F835F, 8E02D9F7E5DA717B64538444B3FE1C55AA4B0F26F51DA20947E971D27EA09D12 ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
16:08:03.0098 0x1b54  Msfs - ok
16:08:03.0114 0x1b54  [ B3358F380BA3F29F56BE0F7734C24D5F, 229D9E72C429AC51BF6E7C8306218620CB1AA50FE39BA6C11ED0F643E7AF90E5 ] msgpiowin32     C:\WINDOWS\System32\drivers\msgpiowin32.sys
16:08:03.0161 0x1b54  msgpiowin32 - ok
16:08:03.0192 0x1b54  [ B2044D5D125F249680508EC0B2AAEFAC, 9631FF42DA5A7CEE1F2607AA8972EF0A67616F0EEEBC95F97B1C8F5A577ED5C4 ] mshidkmdf       C:\WINDOWS\System32\drivers\mshidkmdf.sys
16:08:03.0223 0x1b54  mshidkmdf - ok
16:08:03.0239 0x1b54  [ 36ABE7FC80BED4FE44754AE5CFB51432, FB89DF3A50C52B69D4E831A370157D1901810093A0D7D7120A120FC5C6E14BF5 ] mshidumdf       C:\WINDOWS\System32\drivers\mshidumdf.sys
16:08:03.0301 0x1b54  mshidumdf - ok
16:08:03.0317 0x1b54  [ 59307FEAFC9E72EEEC56B7FD7D294F4C, 56576635870FC68980977FFA0E7F8E8D69A7981DECF5B52D0B2A82E3BA6685EA ] msisadrv        C:\WINDOWS\system32\drivers\msisadrv.sys
16:08:03.0348 0x1b54  msisadrv - ok
16:08:03.0395 0x1b54  [ 236A38F5CB0A23BF0ACCD70ED0BD7F70, 8106B528458E6C8E4437D9064D58F10FF195E67CD308AEBBD5F860AD2D59DCC4 ] MSiSCSI         C:\WINDOWS\system32\iscsiexe.dll
16:08:03.0457 0x1b54  MSiSCSI - ok
16:08:03.0457 0x1b54  msiserver - ok
16:08:03.0504 0x1b54  [ E9457EDFEBC774199F907395C6D09CA2, C3655CE83F4AD1258382722E9A99C33FDD3AA40B62CFEB8DFDD141E254E6DCE2 ] MSKSSRV         C:\WINDOWS\system32\DRIVERS\MSKSSRV.sys
16:08:03.0551 0x1b54  MSKSSRV - ok
16:08:03.0567 0x1b54  [ C85D79735641D27C5821C35ECDDC2334, C1BAFD98122B04665870171C143EC119181351D10777A83680A63BF305703FF3 ] MsLldp          C:\WINDOWS\system32\drivers\mslldp.sys
16:08:03.0614 0x1b54  MsLldp - ok
16:08:03.0645 0x1b54  [ EF75184B64356850D0F04D049C253526, 325476F53372BD70201347F044C8EFEC0DB939E1926454B6DCC0CF7864969650 ] MSPCLOCK        C:\WINDOWS\system32\DRIVERS\MSPCLOCK.sys
16:08:03.0661 0x1b54  MSPCLOCK - ok
16:08:03.0676 0x1b54  [ 543933D166C618E7588EA77707EC1683, 84A65D277E28FDD7CE2345188891093AC88B577E4C528AD39AB629E341199688 ] MSPQM           C:\WINDOWS\system32\DRIVERS\MSPQM.sys
16:08:03.0723 0x1b54  MSPQM - ok
16:08:03.0739 0x1b54  [ 182711E9DDF70121A20EBB61B2DFB9E8, 70606503F6280EA3175B9AEC8370A8F461575755DA86EF6E9C9D04EAD61481FA ] MsRPC           C:\WINDOWS\system32\drivers\MsRPC.sys
16:08:03.0786 0x1b54  MsRPC - ok
16:08:03.0821 0x1b54  [ E887FFDD6734C496407E9219225CB6FF, 0EC9A79224BCE5D0A782E62CC38E3494E8FB65DFC07C66D25C5A1A351121C27D ] mssmbios        C:\WINDOWS\System32\drivers\mssmbios.sys
16:08:03.0867 0x1b54  mssmbios - ok
16:08:03.0883 0x1b54  [ 83A2AB75951000D681FABDB80C07AEFC, 3B2F582F097E3F934C4587B27CB05525350F36924B74CA6BCD364878FA8EC273 ] MSTEE           C:\WINDOWS\system32\DRIVERS\MSTEE.sys
16:08:03.0914 0x1b54  MSTEE - ok
16:08:03.0930 0x1b54  [ 4FA0483896FC16583851EFB733FCB083, BB59243ABE32FBE92EC1B04D24239BE2DF7C2354A407C2EFF97623F07DCBDA35 ] MTConfig        C:\WINDOWS\System32\drivers\MTConfig.sys
16:08:03.0977 0x1b54  MTConfig - ok
16:08:04.0008 0x1b54  [ 60F88248608315E13391C2F1C3B4473F, 99E8B74118A01FC281A1C6B323EFD1A8EA1997B81A013442205066F55327D555 ] Mup             C:\WINDOWS\system32\Drivers\mup.sys
16:08:04.0039 0x1b54  Mup - ok
16:08:04.0055 0x1b54  [ 218705233D02776AE4D19CC37D985C1B, 3D92925867B6B8FFAF78E4080139DCB3D45E1E6E1D0AFB6A4FE248B002BD8471 ] mvumis          C:\WINDOWS\system32\drivers\mvumis.sys
16:08:04.0102 0x1b54  mvumis - ok
16:08:04.0164 0x1b54  [ AA4CD20708B7E0412A5316D7E2875103, 4E60A0865B7656735F3AB34AF5FE48304138F47DE961D4D16661617D711DEBC0 ] NativeWifiP     C:\WINDOWS\system32\DRIVERS\nwifi.sys
16:08:04.0227 0x1b54  NativeWifiP - ok
16:08:04.0258 0x1b54  [ A340A4B27CC7DEDDF953B7E2C9699747, 4C5AB23BD0C69B17E9BD29CAFEDC100A6EFC78BAB645B007FCAE4318C459D345 ] NcaSvc          C:\WINDOWS\System32\ncasvc.dll
16:08:04.0321 0x1b54  NcaSvc - ok
16:08:04.0367 0x1b54  [ 24146738C422814EEB2A98FF1FC5C6E1, 3C70C6768681CE63DED339822EFB36194037B987D92456B9E955061A3A3C63BC ] NcbService      C:\WINDOWS\System32\ncbservice.dll
16:08:04.0414 0x1b54  NcbService - ok
16:08:04.0446 0x1b54  [ 476466DC3AB2327E2DBFAEC11798E2EE, 9ACD74720664CF3F239601DF0BE80AC443AF0FBF666CBB8509169364FB22B95D ] NcdAutoSetup    C:\WINDOWS\System32\NcdAutoSetup.dll
16:08:04.0508 0x1b54  NcdAutoSetup - ok
16:08:04.0539 0x1b54  [ B57CE307DA101C739885B7CC0678077F, F7F45DB6D306060F0FE0E59F39C3B95F6A9B6173930F22C5C41B2003895D6642 ] ndfltr          C:\WINDOWS\System32\drivers\ndfltr.sys
16:08:04.0586 0x1b54  ndfltr - ok
16:08:04.0664 0x1b54  [ E582DA849A58524E645545FB68B6625D, B74E2CF078F6C575EFC4A2E4293D03FE6BA933307D656E0E57FFA17EF324948D ] NDIS            C:\WINDOWS\system32\drivers\ndis.sys
16:08:04.0742 0x1b54  NDIS - ok
16:08:04.0789 0x1b54  [ 202260E7CDD731A32AF62ABD1ABEE008, 0E019FAE09B2659CC3267756DB962CCD69172BA67E3288B491F7B455287A5392 ] NdisCap         C:\WINDOWS\system32\drivers\ndiscap.sys
16:08:04.0821 0x1b54  NdisCap - ok
16:08:04.0852 0x1b54  [ A1D473D0CF10561F29B58EA7C5412A92, 3DBFC1D769E03E30C87FF4F30A9B523A69A7E0CD4EB87F8A9ECE190FEB84C569 ] NdisImPlatform  C:\WINDOWS\system32\drivers\NdisImPlatform.sys
16:08:04.0914 0x1b54  NdisImPlatform - ok
16:08:04.0946 0x1b54  [ 1A0AE283B8DE6BB76412A0F8213D45AC, 91AFFDC7A9277EB59CD54021049BEA715078F90470B8A12F3E9F1386DF068D2D ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
16:08:04.0993 0x1b54  NdisTapi - ok
16:08:05.0024 0x1b54  [ A74EE2D2C0BFF5EC3A6185791868C4CA, A346320DEBEAE890575B4C6594FB3A3A9890A0E86881ADD8376E442282C88D38 ] Ndisuio         C:\WINDOWS\system32\drivers\ndisuio.sys
16:08:05.0071 0x1b54  Ndisuio - ok
16:08:05.0086 0x1b54  [ 32A9BD1342640D48AD85C8B3E812B984, B702B05A0180472139B35B105DD3B6B6F75AEDC9DD1EE342FB576259076455AE ] NdisVirtualBus  C:\WINDOWS\System32\drivers\NdisVirtualBus.sys
16:08:05.0118 0x1b54  NdisVirtualBus - ok
16:08:05.0149 0x1b54  [ 6A6A8CF5EE61801375A38EBB871D4057, AE8EFF18D82BBE83101B380189A6889822891A993EB865E2E81C1D2F60B77C4C ] NdisWan         C:\WINDOWS\System32\drivers\ndiswan.sys
16:08:05.0196 0x1b54  NdisWan - ok
16:08:05.0196 0x1b54  [ 6A6A8CF5EE61801375A38EBB871D4057, AE8EFF18D82BBE83101B380189A6889822891A993EB865E2E81C1D2F60B77C4C ] ndiswanlegacy   C:\WINDOWS\system32\DRIVERS\ndiswan.sys
16:08:05.0243 0x1b54  ndiswanlegacy - ok
16:08:05.0258 0x1b54  [ 50AEF8EF0064A91ABB08D858D039C9DE, 16F1CBE1EC3778D157CC054261068C8D7F8A72D85853CB70178F8DF81D238C8F ] ndproxy         C:\WINDOWS\system32\DRIVERS\NDProxy.sys
16:08:05.0305 0x1b54  ndproxy - ok
16:08:05.0321 0x1b54  [ D358DF634F52247CB43F0781218F4D6E, D375E9E681551467FC5F7AB2AC053C9F22AAC541C0BCBA57090211F45009342C ] Ndu             C:\WINDOWS\system32\drivers\Ndu.sys
16:08:05.0368 0x1b54  Ndu - ok
16:08:05.0399 0x1b54  [ 2334DC48997BA203B794DF3EE70521DB, 832F4EC1586C9669F2D54AB3B212943E43B87A33B24DCC8CDAD6A0264291EE2F ] Net Driver HPZ12 C:\Windows\System32\HPZinw12.dll
16:08:05.0414 0x1b54  Net Driver HPZ12 - detected UnsignedFile.Multi.Generic ( 1 )
16:08:07.0790 0x1b54  Detect skipped due to KSN trusted
16:08:07.0790 0x1b54  Net Driver HPZ12 - ok
16:08:07.0805 0x1b54  [ 026618ECF6C4BEBDCB7885D42EC0DBE4, 8E7E13361DCF8748FA3AD518B3DE0A3DCE932316EE32E5529E75785BC5395AD1 ] NetBIOS         C:\WINDOWS\system32\drivers\netbios.sys
16:08:07.0868 0x1b54  NetBIOS - ok
16:08:07.0899 0x1b54  [ F51C02D992A8D6BC5EC4D990F227D4C7, DBBDA422BFA82219403689637BE8D6B0D0A893895143E807FA5A007C166454CB ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
16:08:07.0977 0x1b54  NetBT - ok
16:08:07.0993 0x1b54  [ 889459F1FDDC5EC58B437AA6C436F33F, 8ACC32C88D81943A8A90FDAF4772C3EDE06CAB5F489F59525BEA7AAB99DAAE73 ] Netlogon        C:\WINDOWS\system32\lsass.exe
16:08:08.0024 0x1b54  Netlogon - ok
16:08:08.0071 0x1b54  [ 7FD4C3D32DAE890608F44074A3437CD8, 5B7D9E9AEE26896B818F3C5DBE4C96A33D43CE2CF7716B95AAB7203611C03BFE ] Netman          C:\WINDOWS\System32\netman.dll
16:08:08.0149 0x1b54  Netman - ok
16:08:08.0196 0x1b54  [ A059F75402710535A90A8D043674A514, E98536DF74A2B75FDBA6B866DC1909544292DFE5E14F984941470FBA6E8D810C ] netprofm        C:\WINDOWS\System32\netprofmsvc.dll
16:08:08.0274 0x1b54  netprofm - ok
16:08:08.0305 0x1b54  [ 9C6EE1DE9CF7B77FF550A737816EB6DB, 586D561E1A318778668D148B8367D1F7452E770D1743ED5F8EE6EAB03DB31916 ] NetSetupSvc     C:\WINDOWS\System32\NetSetupSvc.dll
16:08:08.0352 0x1b54  NetSetupSvc - ok
16:08:08.0415 0x1b54  [ 9E9BEB22644CE1DA521A1D7821BF891F, 5480D52AE1942205B513F916DBCBF5B5F2FFF92D927F4E598FBA618E75BBC2E9 ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:08:08.0462 0x1b54  NetTcpPortSharing - ok
16:08:08.0508 0x1b54  [ 0FB83658FBB2C5A18AB98C5C94DB9FAF, 2D15A49F47D8185D7914D26916D1237FCBE2F8351A64877CDDDDE26E766C3D2F ] NgcCtnrSvc      C:\WINDOWS\System32\NgcCtnrSvc.dll
16:08:08.0555 0x1b54  NgcCtnrSvc - ok
16:08:08.0602 0x1b54  [ 7AAA9916AA10F4B0E9743798A5BA6549, 2E38EEF3F487A7DD0B719A048FFA0EB36B2487A1068BB322553E9DD2FCE46711 ] NgcSvc          C:\WINDOWS\system32\ngcsvc.dll
16:08:08.0665 0x1b54  NgcSvc - ok
16:08:08.0712 0x1b54  [ 1B8F07B59F7DAE02264FB8A16088C467, 1795DA9F72C34A9F47D9AAF5E95D40C3296948EB89D9600679AB4660671A5C65 ] NlaSvc          C:\WINDOWS\System32\nlasvc.dll
16:08:08.0774 0x1b54  NlaSvc - ok
16:08:08.0806 0x1b54  [ 465DC580170CD844206D7E3EF1DBF2A1, 5A14001029BE154C708CCA34449B280905DB79978FC7F0BE0CF20B20E47752CF ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
16:08:08.0853 0x1b54  Npfs - ok
16:08:08.0884 0x1b54  [ 29395C214D2CD4C81F73166AB988A797, 3631EB2EA17E455ECD151C0BC9A3DF6EC87C75B15DC9B607CFB68D7C463E04B7 ] npsvctrig       C:\WINDOWS\System32\drivers\npsvctrig.sys
16:08:08.0915 0x1b54  npsvctrig - ok
16:08:08.0947 0x1b54  [ AF8B7848E102A83AAECCD24B181CEBE5, B2AAE3567EE3A7975CDFCB3FE41D33C74D4486BFF35FF56E0516A01C744BA52B ] nsi             C:\WINDOWS\system32\nsisvc.dll
16:08:08.0978 0x1b54  nsi - ok
16:08:09.0009 0x1b54  [ 2871225495F832A8C8A7DD1A17EDB3DC, 2F6664C7F5FB2341B2AAF3C5A258FA0D7AEEE447562D7F39FD5A4EE905C18C6D ] nsiproxy        C:\WINDOWS\system32\drivers\nsiproxy.sys
16:08:09.0040 0x1b54  nsiproxy - ok
16:08:09.0150 0x1b54  [ 19BD8A88AAC580592668B070AC0727D9, 60DB84895C40E6412BEB2D0E4D7F05891446B9DE992D70579CC90BA3FB27FC01 ] NTFS            C:\WINDOWS\system32\drivers\NTFS.sys
16:08:09.0259 0x1b54  NTFS - ok
16:08:09.0306 0x1b54  [ 6DBD703320484C37CEA9E4E2D266A8CE, 85D6F73C0E3FDE16829C9BC0D13DD89E64183EAE02F84607F6B8440CB7F366E6 ] Null            C:\WINDOWS\system32\drivers\Null.sys
16:08:09.0337 0x1b54  Null - ok
16:08:09.0384 0x1b54  [ 604D27CC38CC23493F218D0BB834B3FF, EF5E5759CCF16DD97271C82DAF47FB2086EBCA5DE7D05177B70CA1197B95F41E ] nvraid          C:\WINDOWS\system32\drivers\nvraid.sys
16:08:09.0415 0x1b54  nvraid - ok
16:08:09.0446 0x1b54  [ 8B50D897657AB4A15FD9E251BBF7D107, 36036130DD46D9BF105AC7176E219F3BE7D1168A660A0F8DFF76F61FBFA4B417 ] nvstor          C:\WINDOWS\system32\drivers\nvstor.sys
16:08:09.0478 0x1b54  nvstor - ok
16:08:09.0493 0x1b54  [ 31F990B2B6B91E9D7A667405CE12FCB1, 907E095D1E83CDAFF34BE789FC41CDD7BB4DEE23261E1D03C1CF0D4D030534AC ] nv_agp          C:\WINDOWS\system32\drivers\nv_agp.sys
16:08:09.0571 0x1b54  nv_agp - ok
16:08:09.0603 0x1b54  [ 7F3A0D052B8E00E730316210B1DD092F, 14BD026EA759F6C81ED6B4DBB04E0584B7F6456725503FC73CD4347B7743005F ] OneSyncSvc      C:\WINDOWS\System32\APHostService.dll
16:08:09.0696 0x1b54  OneSyncSvc - ok
16:08:09.0775 0x1b54  [ 11E0B35479C895888BA3D7F619DCFFF3, 6ED82C19898101EC00BD64A9F90595C3D20AD2D2902AA8765B740FB3B9312DDF ] ose64           C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:08:09.0821 0x1b54  ose64 - ok
16:08:09.0884 0x1b54  [ 334131C162B118EF49930D41B0E17825, 10EF08870B6E118AED2E0E3F45E06BA8A485439823BE98F44E34E7D2B65AA2EF ] p2pimsvc        C:\WINDOWS\system32\pnrpsvc.dll
16:08:09.0962 0x1b54  p2pimsvc - ok
16:08:09.0993 0x1b54  [ 4A5634915AF62C983E08425905D0C04C, 09BC3F7AD9F79C5FF59520933D06FE155AC21CD0ABAFE66B81C9F87D83A2339F ] p2psvc          C:\WINDOWS\system32\p2psvc.dll
16:08:10.0087 0x1b54  p2psvc - ok
16:08:10.0118 0x1b54  [ 7D0FC96264C0F8F2C1321E33E8EB646C, 82A06437B9B096BCCF5CE31BDF3539696E2E41DFA9870C358566EEE2F7D3B447 ] Parport         C:\WINDOWS\System32\drivers\parport.sys
16:08:10.0165 0x1b54  Parport - ok
16:08:10.0228 0x1b54  [ 24AC0FD10325FBC2303B29A5F237AEB0, D94B26A36EBE4EFE8EA270FA6600811206830480BE953809F74FAB80628DF879 ] partmgr         C:\WINDOWS\system32\drivers\partmgr.sys
16:08:10.0243 0x1b54  partmgr - ok
16:08:10.0306 0x1b54  [ 0ECA2ADD5FBCE73183A68935C71B40B7, 08CC5F2F10D1DD1A1396CC29196314003491D3AF3DE59CADB281F252577F1860 ] PcaSvc          C:\WINDOWS\System32\pcasvc.dll
16:08:10.0384 0x1b54  PcaSvc - ok
16:08:10.0415 0x1b54  [ CFFE69B6C276A3418687109EA8AC9E7D, A516B2F4BFB0CD8B38219E3BF783C0BD99CD9EA1BACBE2284987F6DC0976BD36 ] pci             C:\WINDOWS\system32\drivers\pci.sys
16:08:10.0478 0x1b54  pci - ok
16:08:10.0493 0x1b54  [ 2B4D98DF0CA57FB9536DBC80D2449D1F, AB34FA8585A20854369C0FAEB18BF5C7734D7E3C791F644B0576E40D609FCD09 ] pciide          C:\WINDOWS\system32\drivers\pciide.sys
16:08:10.0525 0x1b54  pciide - ok
16:08:10.0556 0x1b54  [ F4D5793BF2E58AF15C6CF2FEEF9E73EB, 9B5A40AF8838063F8F0A2B1480B39A2711AAE78BD972CDA60CCA0EB2BA211A87 ] pcmcia          C:\WINDOWS\system32\drivers\pcmcia.sys
16:08:10.0587 0x1b54  pcmcia - ok
16:08:10.0603 0x1b54  [ 22A53744CEEADFFFD33BA010FAD95229, 30B775EC9795105B8BF785BD63115C160955E7EFF74B995D3EC288138D1825A3 ] pcw             C:\WINDOWS\system32\drivers\pcw.sys
16:08:10.0634 0x1b54  pcw - ok
16:08:10.0650 0x1b54  [ 67B9684B8272D5EBD1CCBB1DBD425EC8, 09BE2A2EB3A71E594D08B8D817820965DEEAD283029EBB0B74CCC658A2706233 ] pdc             C:\WINDOWS\system32\drivers\pdc.sys
16:08:10.0696 0x1b54  pdc - ok
16:08:10.0759 0x1b54  [ E2F8376F9731D12A009C522036C6073A, 5B8B68D3C013AAA8ED368C97042984C35E8D023542DBA404E7A03E89F2357E66 ] PEAUTH          C:\WINDOWS\system32\drivers\peauth.sys
16:08:10.0853 0x1b54  PEAUTH - ok
16:08:10.0869 0x1b54  [ 1398A85E59698067CBBE1D66A9C13ADF, E3609F183068BFAED756B2F9237181D60A6F6D78691248B8BF5B0AEB6A367E3D ] percsas2i       C:\WINDOWS\system32\drivers\percsas2i.sys
16:08:10.0900 0x1b54  percsas2i - ok
16:08:10.0915 0x1b54  [ 35F7C7AD709D909D618D9EDF987FC3ED, EE713E33688E74C5A2546CC58EBD8EA8F8116F25E42DCF8DA21DCBC7C7590E0E ] percsas3i       C:\WINDOWS\system32\drivers\percsas3i.sys
16:08:10.0947 0x1b54  percsas3i - ok
16:08:11.0056 0x1b54  [ 0DAF7B7D85F7AF38E29161460899C63F, F2609F2BD02C714857F5D5E6EF580643429C54E175AA72D38467F8F3A4E7F59F ] PerfHost        C:\WINDOWS\SysWow64\perfhost.exe
16:08:11.0103 0x1b54  PerfHost - ok
16:08:11.0165 0x1b54  [ 57606281E23B0F53347527691E947B2B, 7030182E706CEBE6BD52BDC71CA8F2230AD445AE6554188E76F09A5E2612BD2E ] PhoneSvc        C:\WINDOWS\System32\PhoneService.dll
16:08:11.0228 0x1b54  PhoneSvc - ok
16:08:11.0290 0x1b54  [ 04F7878E7017105AB782353231561749, FB2811D98216720D4FDF0AC0EDF16C6CD33D7224B4CAFA752B4D2A839E6DD88A ] PimIndexMaintenanceSvc C:\WINDOWS\System32\PimIndexMaintenance.dll
16:08:11.0337 0x1b54  PimIndexMaintenanceSvc - ok
16:08:11.0462 0x1b54  [ A546F72EFFE5CBBC98003A0CA19DA0F8, 89AE396676A37D851F46427E421E8E8ED5B4BADC33023F1E215CC352A4110F44 ] pla             C:\WINDOWS\system32\pla.dll
16:08:11.0572 0x1b54  pla - ok
16:08:11.0619 0x1b54  [ 15BA68662CED4B0618010A54478E18E5, 1B913BFA7AA11F3A82D80E95FC4857B810D341F9E68545710F90EBE44DAC1DF8 ] PlugPlay        C:\WINDOWS\system32\umpnpmgr.dll
16:08:11.0665 0x1b54  PlugPlay - ok
16:08:11.0681 0x1b54  [ AC78DF349F0E4CFB8B667C0CFFF83CCE, 7E635AA2E7350FCA0C954E697F1480A6204920AEFBCF06B90FFA02398DA82822 ] Pml Driver HPZ12 C:\Windows\System32\HPZipm12.dll
16:08:11.0697 0x1b54  Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic ( 1 )
16:08:14.0044 0x1b54  Detect skipped due to KSN trusted
16:08:14.0044 0x1b54  Pml Driver HPZ12 - ok
16:08:14.0123 0x1b54  [ 6BF7093B27EA90FD9222845D19C1BE5F, CF8A6764BB6B369258F21FD303E4CAE08632195620A0BD66B62F62F5D7B762B8 ] PNRPAutoReg     C:\WINDOWS\system32\pnrpauto.dll
16:08:14.0169 0x1b54  PNRPAutoReg - ok
16:08:14.0201 0x1b54  [ 334131C162B118EF49930D41B0E17825, 10EF08870B6E118AED2E0E3F45E06BA8A485439823BE98F44E34E7D2B65AA2EF ] PNRPsvc         C:\WINDOWS\system32\pnrpsvc.dll
16:08:14.0263 0x1b54  PNRPsvc - ok
16:08:14.0294 0x1b54  [ 4F0878FD62D5F7444C5F1C4C66D9D293, B381217D6202C06EE992EBDE061FA20376FF71F698022D0A80168CCD1059453C ] Point64         C:\WINDOWS\System32\drivers\point64.sys
16:08:14.0326 0x1b54  Point64 - ok
16:08:14.0373 0x1b54  [ 5A91C28F99043215121499257468C4BD, 816D2AEBA29B8A050747E01CE11EB12A05C1CDDF91835C44BBB6A7B9D348B15A ] PolicyAgent     C:\WINDOWS\System32\ipsecsvc.dll
16:08:14.0435 0x1b54  PolicyAgent - ok
16:08:14.0451 0x1b54  [ AE3B1056FC1795F18D990C4908A6ECBF, 1C41F7714EBF54DF358D9B19D6AFE7281D3EABE20038B568A12031B76E1D50D9 ] Power           C:\WINDOWS\system32\umpo.dll
16:08:14.0498 0x1b54  Power - ok
16:08:14.0529 0x1b54  [ 5BA6B9AD03B81546BA64E488C4EF9D17, C43442577685FA1A7C32094B2F14FC92BA6B511FD9FDBA6FD82473A1B165FC61 ] PptpMiniport    C:\WINDOWS\System32\drivers\raspptp.sys
16:08:14.0576 0x1b54  PptpMiniport - ok
16:08:14.0794 0x1b54  [ 959F94AD1255BC749884EDDD14EC29C4, 2CD6DA9778EA36FA0B4080F6DB1C634712238E014E47546403CD3CDB35A1DCA8 ] PrintNotify     C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll
16:08:15.0044 0x1b54  PrintNotify - ok
16:08:15.0076 0x1b54  [ 21AECFF3EB5748CBE12538A2500EFDE5, A1679F21363E99E3698B9C6F7E7E3BB2877D47089BC381AF0C51B1DD8B24325B ] Processor       C:\WINDOWS\System32\drivers\processr.sys
16:08:15.0138 0x1b54  Processor - ok
16:08:15.0216 0x1b54  [ 2DC4BE7BA723BC70D22597A3CF061125, 31013F2F51E1FD1B66403EF1BED6FC2E6722C3737F274E88A4660CF35A40192D ] ProductAgentService C:\Program Files\Bitdefender Agent\ProductAgentService.exe
16:08:15.0279 0x1b54  ProductAgentService - ok
16:08:15.0326 0x1b54  [ 7E0078F1EFEB6F8F47CF85C1D73C7EBC, 831BC3CE72F29AD259DEE7121D6F785CE0A8462CFB69DD7FB1F3BDAF16CDBF3E ] ProfSvc         C:\WINDOWS\system32\profsvc.dll
16:08:15.0419 0x1b54  ProfSvc - ok
16:08:15.0451 0x1b54  [ 596FB6C5A72F34B7566930985E543806, 870B43783DB4CF845FA72BC5E40CE76BE6DFC66FE9E9B4B0A52D6B7FE7EA65FC ] Psched          C:\WINDOWS\system32\drivers\pacer.sys
16:08:15.0466 0x1b54  Psched - ok
16:08:15.0498 0x1b54  [ A5B22EACF1DA28E19CC9F80D37978657, 9543615574D540AC825DBE8D1581DFC8CC0B7A1113420903F6747E3789EEACDA ] QRDCIO          C:\WINDOWS\System32\drivers\QRDCIO.sys
16:08:15.0544 0x1b54  QRDCIO - ok
16:08:15.0576 0x1b54  [ E84F66BA185934C166F8DF0FA8F88455, 2E0380E98DA29B3F43FB3FE0E1ECA52B3C9AEF54CE982D5514F70FAE81758449 ] QWAVE           C:\WINDOWS\system32\qwave.dll
16:08:15.0623 0x1b54  QWAVE - ok
16:08:15.0701 0x1b54  [ CFBA9C976CBF6796E5DC39EF59984021, A1C956AD828FC70ED92D702516E0F88A4BDAF8C93C571D7CA20F1695FD8E70C2 ] QWAVEdrv        C:\WINDOWS\system32\drivers\qwavedrv.sys
16:08:15.0732 0x1b54  QWAVEdrv - ok
16:08:15.0763 0x1b54  [ E94067155C8AA4EF134CB2528E0C9CD7, 6EEF603F64827AB138930DFE379BF8E48E64AE8AA5EE7B9E0CA369022BAAA2EA ] RadioShim       C:\WINDOWS\System32\drivers\RadioShim.sys
16:08:15.0779 0x1b54  RadioShim - ok
16:08:15.0811 0x1b54  [ 7B2AD8C55217B514C14281AB97B4E21D, A1E295897B864B9C0177FF1C502EB060084A1783C0E7E53636291F901C2E2AA8 ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
16:08:15.0842 0x1b54  RasAcd - ok
16:08:15.0873 0x1b54  [ E15A9CE1E2E7D1C8DF97A4FC1FFE6289, 44B53418D6BC51ACC567CF6917A0981889B44AE420489C9C03F5A30418B37267 ] RasAgileVpn     C:\WINDOWS\System32\drivers\AgileVpn.sys
16:08:15.0920 0x1b54  RasAgileVpn - ok
16:08:15.0936 0x1b54  [ D60BA4C76D194472D6602FF3D2D51ADE, 01272663897685C75FFBC3F1C0CFDB8D0E1A58182049E0B607D634536A8F6400 ] RasAuto         C:\WINDOWS\System32\rasauto.dll
16:08:15.0967 0x1b54  RasAuto - ok
16:08:16.0014 0x1b54  [ E3C82823B22463BC38AA4F8ADA852624, FF601B117F4003E2CC65B6143C2A270331EB257EE82B3BC020247D1AB1CD625F ] Rasl2tp         C:\WINDOWS\System32\drivers\rasl2tp.sys
16:08:16.0076 0x1b54  Rasl2tp - ok
16:08:16.0123 0x1b54  [ 3655D86C5E2982B131FC0935DE24F98F, 0386B31FECDDED77450609A807097B2307361CB59B236DEC41037BDC95897463 ] RasMan          C:\WINDOWS\System32\rasmans.dll
16:08:16.0217 0x1b54  RasMan - ok
16:08:16.0248 0x1b54  [ 3369023EB5790A75BA7DABA14B75D922, 36B63D5B74FDC932AAF1A876514024602D2F3EAF2CA33D1247CBA1E52FDB0418 ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
16:08:16.0295 0x1b54  RasPppoe - ok
16:08:16.0326 0x1b54  [ 1E32A8CD65C4AD0A827CFEB13034DA29, 5D9A92E13020D994CCD39F701BACAFE2177A40A9CC89649441B91E3F3DECD911 ] RasSstp         C:\WINDOWS\System32\drivers\rassstp.sys
16:08:16.0357 0x1b54  RasSstp - ok
16:08:16.0389 0x1b54  [ 2B648363E4C5E34B469C58596F377DD9, 30F82770468BBA562CEA0E9E39B24ACEFBE022343D0180C82E2ACE8957B73E44 ] rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
16:08:16.0436 0x1b54  rdbss - ok
16:08:16.0482 0x1b54  [ D0221C13960E274CC539D72D5A842ED0, A5A961506B9D7429D97D0635FD69E74736C0E8405487E1D22BB5CD978A60044C ] rdpbus          C:\WINDOWS\System32\drivers\rdpbus.sys
16:08:16.0514 0x1b54  rdpbus - ok
16:08:16.0545 0x1b54  [ 1DC2CC74B51E4DC4CD5A20C1021E4010, 46B7D17EE27439F2191504D1C6F6C70B2540BD4F2261DBB1F4BE783BEA99B04C ] RDPDR           C:\WINDOWS\system32\drivers\rdpdr.sys
16:08:16.0592 0x1b54  RDPDR - ok
16:08:16.0623 0x1b54  [ 177DF954D0DEC0465A380C75F6E7F65F, 6B30C78223029BD5DBA586BF961968F85762209BA55CD031460A215B20F93AB2 ] RdpVideoMiniport C:\WINDOWS\system32\drivers\rdpvideominiport.sys
16:08:16.0639 0x1b54  RdpVideoMiniport - ok
16:08:16.0670 0x1b54  [ 5D1680871054D2B0B8A971BC8AB3B837, 9CAB0B2E3857829D34A82A78B120D07E292D4D5060168D964295EB23339B7DE7 ] rdyboost        C:\WINDOWS\system32\drivers\rdyboost.sys
16:08:16.0701 0x1b54  rdyboost - ok
16:08:16.0764 0x1b54  [ 341E6830DA70F65730300DAB4CB0B490, 341EC8DB5E39963EF89E726F08730AFB2356C3BAD71CCE9EECCAB4D9B31C4863 ] ReFSv1          C:\WINDOWS\system32\drivers\ReFSv1.sys
16:08:16.0842 0x1b54  ReFSv1 - ok
16:08:16.0904 0x1b54  [ 8355BCA85B0928382DFCDD02FCD1681A, F306F038DA09C8D2095C311818E2F991B55BCD96B40B95D2A53A60EA6AC37014 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
16:08:16.0982 0x1b54  RemoteAccess - ok
16:08:17.0014 0x1b54  [ 2C82F4DCABAB389CEBB1C9E86C715C9C, 70354621D3D467616A419A818C54D2C89EA013C5050BA9944E3A7A4F25CAD6BA ] RemoteRegistry  C:\WINDOWS\system32\regsvc.dll
16:08:17.0107 0x1b54  RemoteRegistry - ok
16:08:17.0217 0x1b54  [ CFF943806EBAD5CFAC26FD3DF304E79F, 4992AFB7CE3E2117A11B97FD92ED2EC02183D461F89179B6EA42C8F5AC973374 ] RetailDemo      C:\WINDOWS\system32\RDXService.dll
16:08:17.0326 0x1b54  RetailDemo - ok
16:08:17.0357 0x1b54  [ 176D8470B15CD9080861594F9A33FA01, CFB66D7FEB9465985C2866D64EA03B7E7BE830DCF6C02B3FE2244D7F7E5343E2 ] RpcEptMapper    C:\WINDOWS\System32\RpcEpMap.dll
16:08:17.0389 0x1b54  RpcEptMapper - ok
16:08:17.0436 0x1b54  [ 1A563653DAEDFE4CA81936E0D2FD8B56, 308B0DFEBA63333D407093C449A08ABFECE118C9274100809356BDAF7FA32EB6 ] RpcLocator      C:\WINDOWS\system32\locator.exe
16:08:17.0451 0x1b54  RpcLocator - ok
16:08:17.0514 0x1b54  [ B339861C6A2A86FBCA67C2006B461473, 228ADC8A8603C0A4342C6CBC6F2CC919271D42391365061AF660E0D7151C66A4 ] RpcSs           C:\WINDOWS\system32\rpcss.dll
16:08:17.0592 0x1b54  RpcSs - ok
16:08:17.0639 0x1b54  [ 0AC5FCDC29ED97ECDEF1276425EE2059, 8A12D1732D4AA18A9ED8416F4D4A49B81CE7C4C86ABCEE8FF28A16EA61993CFE ] rspndr          C:\WINDOWS\system32\drivers\rspndr.sys
16:08:17.0670 0x1b54  rspndr - ok
16:08:17.0732 0x1b54  [ BC1FD4C82BF2922A8A6E8661DD1B8CE8, 254A790F0F10AD15C7C585D2918D4333C577EED848BA9FE4E2C4498E32494418 ] RTL8168         C:\WINDOWS\System32\drivers\Rt630x64.sys
16:08:17.0779 0x1b54  RTL8168 - ok
16:08:17.0842 0x1b54  [ 53FC65C60661B26BB8A47750306FEDF5, E376096556B29DB9726800DDFCDD6FFF281EFB94F4EE64F794ACC851AB3954B9 ] RTSPER          C:\WINDOWS\system32\DRIVERS\RtsPer.sys
16:08:17.0904 0x1b54  RTSPER - ok
16:08:17.0936 0x1b54  [ 044890BB0D6CF1E23C1087234D320509, FA6C79D24BE4ACCFAC617D2850B922BFAA7C2766AE625C725F3ACF43C934EFAF ] s3cap           C:\WINDOWS\System32\drivers\vms3cap.sys
16:08:17.0967 0x1b54  s3cap - ok
16:08:17.0998 0x1b54  [ 889459F1FDDC5EC58B437AA6C436F33F, 8ACC32C88D81943A8A90FDAF4772C3EDE06CAB5F489F59525BEA7AAB99DAAE73 ] SamSs           C:\WINDOWS\system32\lsass.exe
16:08:18.0014 0x1b54  SamSs - ok
16:08:18.0061 0x1b54  [ 530F797129776AA7E81994783A97E2AD, F131EF036702C6E741E5A6851AE07E81043CE8BAEED0768838C0F31CE14FEC1A ] sbp2port        C:\WINDOWS\system32\drivers\sbp2port.sys
16:08:18.0108 0x1b54  sbp2port - ok
16:08:18.0154 0x1b54  [ 0C12493B333B96797AFC5F3C7831C051, BEE786D7ED14221B1A9450060597393AC44116D776B913E045B5F6066D720F74 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.dll
16:08:18.0217 0x1b54  SCardSvr - ok
16:08:18.0248 0x1b54  [ 40110802D217FE1CB581D9A70B1FD16F, CCB920593CCC6663676039F3F731536DFEF535C3F715F6DB6F34D0D733BEF89B ] ScDeviceEnum    C:\WINDOWS\System32\ScDeviceEnum.dll
16:08:18.0311 0x1b54  ScDeviceEnum - ok
16:08:18.0342 0x1b54  [ 9B6B1D4DB35A3D9BEAF023BC95E1F49D, CA44124CA3E9958FB77A891CD234A993B63E8AC6632AE801CDEC6666267E7C7E ] scfilter        C:\WINDOWS\system32\DRIVERS\scfilter.sys
16:08:18.0373 0x1b54  scfilter - ok
16:08:18.0451 0x1b54  [ EA195B8BC11C1CDB313CFD456EFFA0E9, EEDF349C59ED0645B04040707906BB4496527243858C2A6BE46BE7029B4A7F37 ] Schedule        C:\WINDOWS\system32\schedsvc.dll
16:08:18.0529 0x1b54  Schedule - ok
16:08:18.0592 0x1b54  [ 4E9158CECF77A029AB98E8FBB43FCED5, AFF8BDB8F8F8DDF4FC0D65712E031DC360856CD3CE5C8A4C8FF960388F37462F ] SCPolicySvc     C:\WINDOWS\System32\certprop.dll
16:08:18.0639 0x1b54  SCPolicySvc - ok
16:08:18.0670 0x1b54  [ B24408471C1BCB17FC44F5B47EA8DEA3, 1CFE07C793F2A3D883E9071B8703C01A7619C8C0A02AAEBAA1130F36654AFD4F ] sdbus           C:\WINDOWS\System32\drivers\sdbus.sys
16:08:18.0701 0x1b54  sdbus - ok
16:08:18.0748 0x1b54  [ 811EC0B1221402FCED0BA37E112BF627, 366EB8AF04C603BED6CF53652CC937099B247D5DD8C58D699D0D8DA22F8FDD51 ] SDRSVC          C:\WINDOWS\System32\SDRSVC.dll
16:08:18.0795 0x1b54  SDRSVC - ok
16:08:18.0842 0x1b54  [ DE6D7DC78D956928F59F7415A0F41E13, C0F8EEED29BF63A0D8FB5A0286C1C768BFEF598EC52715D910B5BB1A76231805 ] sdstor          C:\WINDOWS\System32\drivers\sdstor.sys
16:08:18.0858 0x1b54  sdstor - ok
16:08:18.0904 0x1b54  [ EBD07BD20B5E0E92A398566EF8720F79, 8A88C861D4113B9938C32CBD28FD3D7F1C3133E700E23E17F5DFD7B26CCDA04A ] seclogon        C:\WINDOWS\system32\seclogon.dll
16:08:18.0936 0x1b54  seclogon - ok
16:08:18.0967 0x1b54  [ B7B9EEBCB7466338403A75D15AC120D7, B8F79DA71F8CD0F30983F7D92B625A431C212DD543DE2B3DC03EC5A68C41B00D ] SENS            C:\WINDOWS\System32\sens.dll
16:08:19.0014 0x1b54  SENS - ok
16:08:19.0154 0x1b54  [ D14DD7D766664F880FECF44CE6017966, ECF966E3ACF4EBD5A3259468A076619A539E35F1B97AB6A98FBD7882F1FBBBAB ] SensorDataService C:\WINDOWS\System32\SensorDataService.exe
16:08:19.0295 0x1b54  SensorDataService - ok
16:08:19.0326 0x1b54  [ 45D26646E3AD737E5DE3DB91CCCE7DBA, B05AB32700998C8347BC5797B18EB97F303FCB2302BED852348F2703DEDE72F9 ] SensorService   C:\WINDOWS\system32\SensorService.dll
16:08:19.0373 0x1b54  SensorService - ok
16:08:19.0420 0x1b54  [ 7363A65C738F5A5292D7BDBE55D8C3C2, C53C10A0AE58613DFCC91E62E004D9B188E4793C2A19B4BE871A705EEE77048E ] SensrSvc        C:\WINDOWS\system32\sensrsvc.dll
16:08:19.0498 0x1b54  SensrSvc - ok
16:08:19.0545 0x1b54  [ 67585C295FF2D221679E376B68893B35, 4B5E9A8DA8C6F7B1F7129F80A0603503D467E5650306FB4C309977D74037E46B ] SerCx           C:\WINDOWS\system32\drivers\SerCx.sys
16:08:19.0576 0x1b54  SerCx - ok
16:08:19.0608 0x1b54  [ B8C4852CBCAAC1374C08EC7445443824, DDE577A81B3E11B5B56096317BC47AA6E286573042407B96A9D29BE981F3FA4D ] SerCx2          C:\WINDOWS\system32\drivers\SerCx2.sys
16:08:19.0639 0x1b54  SerCx2 - ok
16:08:19.0670 0x1b54  [ D3A103944A8FCD78FD48B2B19092790C, 252DB8395DA8639E748658D3BE7863C1700E27AA5C41BB700CFCE193FE3F04E9 ] Serenum         C:\WINDOWS\System32\drivers\serenum.sys
16:08:19.0717 0x1b54  Serenum - ok
16:08:19.0748 0x1b54  [ 249A563C48DFD9E42A37587653E003BB, D022FAE2B7AC9D99B9F230A4DF0B045891588162587E1F468B5E05C8DA98AA9A ] Serial          C:\WINDOWS\System32\drivers\serial.sys
16:08:19.0779 0x1b54  Serial - ok
16:08:19.0795 0x1b54  [ 0F5B43074AE731D2C6F061241C9D84A6, 05CFEB30A4FC11441552D37687608C8C2FD6DC2F2266AE9D6526753E26283DE6 ] sermouse        C:\WINDOWS\System32\drivers\sermouse.sys
16:08:19.0843 0x1b54  sermouse - ok
16:08:19.0905 0x1b54  [ CD90E445F6458512A5BA884D561EFCF1, E792FAB8AFF4126C1977024060842D788A06475139782896AFD7B39C85FCDF3F ] SessionEnv      C:\WINDOWS\system32\sessenv.dll
16:08:19.0968 0x1b54  SessionEnv - ok
16:08:19.0983 0x1b54  [ D9FE59276BD56A9643C32D5FACE2F251, 591862D868A545F468496DE97DEE42C9DB3AFBFC0881CBA79EB6641A254AF033 ] sfloppy         C:\WINDOWS\System32\drivers\sfloppy.sys
16:08:20.0030 0x1b54  sfloppy - ok
16:08:20.0093 0x1b54  [ F8083C536BEDE61AFB4069D8A8C16DA7, 13AADAD7B5582911B8ABBE0CF7132CC517F7413A361CCF8ED502F803D061FFA3 ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
16:08:20.0187 0x1b54  SharedAccess - ok
16:08:20.0233 0x1b54  [ AE6E4D3172FBF45B944668CB3998B8A8, E7D7F98CB464C236A17069987F7B678D7688D9D577334151EF09DF5C6F22AFFC ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
16:08:20.0327 0x1b54  ShellHWDetection - ok
16:08:20.0343 0x1b54  [ ABBE803FE0BDAE0E5BE74DDEFBE62F23, 5009F489F7A6D66628C23A0FA3D7632399D0AD72BD11A1B70D7E768ED507377D ] SiSRaid2        C:\WINDOWS\system32\drivers\SiSRaid2.sys
16:08:20.0358 0x1b54  SiSRaid2 - ok
16:08:20.0405 0x1b54  [ 6043DF55CFE3C7ACF477645FA64DEA98, 0E18EF8EC589841BC319C17FBABA7383FD247C9441ABF64A0D830976F3E611AE ] SiSRaid4        C:\WINDOWS\system32\drivers\sisraid4.sys
16:08:20.0437 0x1b54  SiSRaid4 - ok
16:08:20.0530 0x1b54  [ 9A66A87BBC0EC4463042959B7C0D4AC1, 2E61DC50AD4A4D4782F3271BAD010137DA9A6AFC46C7568C709F68C7621DCD40 ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
16:08:20.0562 0x1b54  SkypeUpdate - ok
16:08:20.0593 0x1b54  [ 05FC8A3C59AA6F45E5C75D96CFC97F63, AA7F107D58B26E40A2D0D9D1A6985C95419E9F7D6A9AEF07F13F7566ADA90AB9 ] SmbDrvI         C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys
16:08:20.0624 0x1b54  SmbDrvI - ok
16:08:20.0655 0x1b54  [ B922D32039A3B5991E64429EC4EE52A9, 5EB7EB1F6D2C25F06044D8CA9F3BA0471FB40C8C96432BDC2C80CC36DC49BA0B ] smphost         C:\WINDOWS\System32\smphost.dll
16:08:20.0718 0x1b54  smphost - ok
16:08:20.0765 0x1b54  [ F07301C282AA222C33F8C28B4F545275, 2938943A3A62B33C8296DF3B57897D32293F5395A5E2A01C76B0160A98C12520 ] SmsRouter       C:\WINDOWS\system32\SmsRouterSvc.dll
16:08:20.0843 0x1b54  SmsRouter - ok
16:08:20.0874 0x1b54  [ 0B6BECB2651EF947249CDC3715E8B9CC, EB7281AF3529DE16FE8CD0C0C0C8877641865A5864D58628DBAB865B510B0D0B ] SNMPTRAP        C:\WINDOWS\System32\snmptrap.exe
16:08:20.0905 0x1b54  SNMPTRAP - ok
16:08:20.0952 0x1b54  [ 1A6CB30F0EFC1632E6F1B852CA892583, 0E6BDCEE837AEC3D02C437478143C75550C94A50E36895DDB095F54A2FA18E2A ] spaceport       C:\WINDOWS\system32\drivers\spaceport.sys
16:08:20.0999 0x1b54  spaceport - ok
16:08:21.0015 0x1b54  [ E1C158F6C00359278727A2CEE5D2ED71, 1591F942C6DD99D3BA7FD4D72D957864117B2263F205468A15F1D1417C6F799D ] SpbCx           C:\WINDOWS\system32\drivers\SpbCx.sys
16:08:21.0046 0x1b54  SpbCx - ok
16:08:21.0124 0x1b54  [ D1241DFC397FA8CCFB4BB4B63AAD31AC, F8C57C2F7CA8B6D8FEE1505A143A3FECF502C8DCFFC375F9C8848A87D9714C9E ] Spooler         C:\WINDOWS\System32\spoolsv.exe
16:08:21.0218 0x1b54  Spooler - ok
16:08:21.0546 0x1b54  [ 7C58AFEC26E9F7730A8AA7FD40225937, 546EAD8889F2A1BB6DCCB7781976B975F34DA1C9047F95FEAA52CF38EC60C6DD ] sppsvc          C:\WINDOWS\system32\sppsvc.exe
16:08:21.0890 0x1b54  sppsvc - ok
16:08:21.0937 0x1b54  [ ACC1709EC7FE6EB8999DBC91C50C2B34, 83ABF51751A264291C53A32B86239A607361E56CB045CD2CBE6E41DBB8A01F54 ] srv             C:\WINDOWS\system32\DRIVERS\srv.sys
16:08:21.0999 0x1b54  srv - ok
16:08:22.0046 0x1b54  [ AFBCFC946FAE7483E27BD316D03F94A5, CC9478EA717E85C38304957E923997821DFE2A995D7C8DF98C15267D952BEFBE ] srv2            C:\WINDOWS\system32\DRIVERS\srv2.sys
16:08:22.0109 0x1b54  srv2 - ok
16:08:22.0124 0x1b54  [ 107C1EBE79710E4A759449BD6604245A, 963D693F4E61EDC7B3AA9006CC274D56E577CE0035A61DDB2A6DE72116D5C52B ] srvnet          C:\WINDOWS\system32\DRIVERS\srvnet.sys
16:08:22.0156 0x1b54  srvnet - ok
16:08:22.0202 0x1b54  [ 8C1786C073A496B8C0C8A5450A4FFD5B, 13BF3B42A63CE6C461259D4CE767FB0DE1F10433512A11D2B2C033E36E652542 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
16:08:22.0234 0x1b54  SSDPSRV - ok
16:08:22.0281 0x1b54  [ 217A982201052EFC8C3C0C88D229791C, 11509E3446ED7B75C9A05CDC4A7AF18926CB463E0D98BAE1CD5DB43E88F94F90 ] SstpSvc         C:\WINDOWS\system32\sstpsvc.dll
16:08:22.0327 0x1b54  SstpSvc - ok
16:08:22.0452 0x1b54  [ 58863C57E4598C4F9DA967C5C36CFA5D, BB34FBC324E84E05128258CE3755241ECB63F7F2AE7F96716AC373931FAF92A8 ] StateRepository C:\WINDOWS\system32\windows.staterepository.dll
16:08:22.0656 0x1b54  StateRepository - ok
16:08:22.0687 0x1b54  [ CCDA497C880AD16D87EDFAEFCFB2EDF5, 622599AA35ACFF0375DA252210BE42E7E90F30EDFEFF2F62FDB14AE6E45B5F88 ] stexstor        C:\WINDOWS\system32\drivers\stexstor.sys
16:08:22.0718 0x1b54  stexstor - ok
16:08:22.0765 0x1b54  [ 2834415C4EDD6CE35CB3CFEC50E08469, 28426616C709457DF38B5E2B4B9666C1255B81D2097589A95AAABD1BFACD302A ] StillCam        C:\WINDOWS\system32\DRIVERS\serscan.sys
16:08:22.0796 0x1b54  StillCam - ok
16:08:22.0890 0x1b54  [ 75476CAA8FA0A4E573948CDE8C7F0304, 68C4405CACA77AEED71761875A9AF60BCFBDD39E356BEA1BA8226E099BAA5FA4 ] stisvc          C:\WINDOWS\System32\wiaservc.dll
16:08:22.0999 0x1b54  stisvc - ok
16:08:23.0031 0x1b54  [ BF8EA6FC3358C2F69678E3E94F764F84, D274DAD7B5756DD49CA44277C73497F1EC465C8E365CC730CD194932C3825920 ] storahci        C:\WINDOWS\system32\drivers\storahci.sys
16:08:23.0077 0x1b54  storahci - ok
16:08:23.0140 0x1b54  [ 32FF460DA8C1F370F5C08B7654899B73, 0C9D5D38D033109BA672ABAFEF0F0CD295E9FFA108ACFCA9044429D9B2CA9057 ] storflt         C:\WINDOWS\system32\drivers\vmstorfl.sys
16:08:23.0171 0x1b54  storflt - ok
16:08:23.0203 0x1b54  [ CC21DB3EF619B9480FE31A4EFE92CBEB, 256EFCA2F231F41D34250E1460BF88894D943EAE83A0B153FCADE700AB4DE11E ] stornvme        C:\WINDOWS\system32\drivers\stornvme.sys
16:08:23.0249 0x1b54  stornvme - ok
16:08:23.0281 0x1b54  [ 390B8A75768E2689586539C224520895, D72F52E6D7AC5DC318FF9C1DF1F4E8A435D65B6BB59D7F1642222EC026BC54DB ] storqosflt      C:\WINDOWS\system32\drivers\storqosflt.sys
16:08:23.0327 0x1b54  storqosflt - ok
16:08:23.0406 0x1b54  [ FE42F8A07885E518ED1E846C93E4B78C, 264B21A5E07654F159A3E324F3B38A8C11AF619F61B5779A46367DD99EBD00A6 ] StorSvc         C:\WINDOWS\system32\storsvc.dll
16:08:23.0531 0x1b54  StorSvc - ok
16:08:23.0562 0x1b54  [ 770A92D9D3A0BF61C97C3AFCB36847D9, 21A8CC3F8E63B971C4FF8DDED5C7032E093A7B0F16E2128A9BD2E890BA76A1D9 ] storufs         C:\WINDOWS\system32\drivers\storufs.sys
16:08:23.0593 0x1b54  storufs - ok
16:08:23.0671 0x1b54  [ 736A2418E3E7F3DB3CF6EB0A55D1D581, 2D3BBC4E0C7B51EDE7479A978E4BCD5F47A7257745179F01D2D9ECFD83CCCC82 ] storvsc         C:\WINDOWS\system32\drivers\storvsc.sys
16:08:23.0718 0x1b54  storvsc - ok
16:08:23.0765 0x1b54  [ FA8F6E3AD3F92B35D2673CC9FD20429C, 62F81CBACF7E16FEF9DE3BE95FA5C9BDB51BAE4667AE5AE71399864A390FF6D5 ] svsvc           C:\WINDOWS\system32\svsvc.dll
16:08:23.0828 0x1b54  svsvc - ok
16:08:23.0859 0x1b54  [ BD98B0225BCD49E8A62F4F8EE1D1F613, CDAD11969B2DA417079547724BECC3DB4FC4711B3C01590EB0D02774B69B6D90 ] swenum          C:\WINDOWS\System32\drivers\swenum.sys
16:08:23.0890 0x1b54  swenum - ok
16:08:23.0968 0x1b54  [ 22E539A9B96C66A713583EC017562616, 210DA61DFC7AA9AD23277D9CC0239B781F4EABD322D0803AEC9434D68B81FABD ] swprv           C:\WINDOWS\System32\swprv.dll
16:08:24.0093 0x1b54  swprv - ok
16:08:24.0140 0x1b54  [ CAE4B27B469C583131EA5AAE622F5D76, 3979006EB22489D1AAD2EC2E9F32C286EEDCDB83B37B97E58BA831263EC33B84 ] Synth3dVsc      C:\WINDOWS\System32\drivers\Synth3dVsc.sys
16:08:24.0187 0x1b54  Synth3dVsc - ok
16:08:24.0281 0x1b54  [ 99F744352A574F6C4830F9F042B128E9, F592C9DE87E0B6F51ADAA4E496B644AD62398D50D9491E1ED899C2E17930A545 ] SynTP           C:\WINDOWS\system32\DRIVERS\SynTP.sys
16:08:24.0312 0x1b54  SynTP - ok
16:08:24.0453 0x1b54  [ 34A3EB84B2A830E6F450B8F885AE4E6E, E61AC6D17B815CB71F26D71CA3CCAFD9E66A170E3ED2E64A4F20D097A0C683B5 ] SysMain         C:\WINDOWS\system32\sysmain.dll
16:08:24.0578 0x1b54  SysMain - ok
16:08:24.0625 0x1b54  [ AF2C8D7C1D4DCFD5C31501F009DF42B7, 3DDF9353F014EE99B031BBC969620CA07647FBB8D78EB4697C8D633021B46B11 ] SystemEventsBroker C:\WINDOWS\System32\SystemEventsBrokerServer.dll
16:08:24.0687 0x1b54  SystemEventsBroker - ok
16:08:24.0718 0x1b54  [ 6979A147C0D5C5CAB621ADC394D32B80, C30B8E3D271A1591D965559EA4A11A1BE63A34D832ED53B26CE91799C888DF77 ] TabletInputService C:\WINDOWS\System32\TabSvc.dll
16:08:24.0781 0x1b54  TabletInputService - ok
16:08:24.0812 0x1b54  [ 86B62FC8CB89946446F9B24FE49A66FD, 7B095310D1C78B82E5ACAC4713E101DD1323A3CF6FB39218C2E78ABE2B0385B5 ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
16:08:24.0875 0x1b54  TapiSrv - ok
16:08:25.0093 0x1b54  [ 083A727D784009F9CCFB120C7841B7AF, 14242ECC3EB17154AD856A2C5229324BA6914291F4E2CD93E6AE251A31130448 ] Tcpip           C:\WINDOWS\system32\drivers\tcpip.sys
16:08:25.0281 0x1b54  Tcpip - ok
16:08:25.0390 0x1b54  [ 083A727D784009F9CCFB120C7841B7AF, 14242ECC3EB17154AD856A2C5229324BA6914291F4E2CD93E6AE251A31130448 ] Tcpip6          C:\WINDOWS\system32\drivers\tcpip.sys
16:08:25.0562 0x1b54  Tcpip6 - ok
16:08:25.0593 0x1b54  [ 17F37EC9042D84561C550620643D9A85, B01620BA319A1383D403E6E50C7724879520F3267654556D975CAFFF91A82C78 ] tcpipreg        C:\WINDOWS\system32\drivers\tcpipreg.sys
16:08:25.0625 0x1b54  tcpipreg - ok
16:08:25.0687 0x1b54  [ 91D3F2A6253EF83EFBD7903028F58C4D, C15768CCCF734093B0F8A5E76882B35927B716E4F14D91ACEE897E1C078D43D1 ] tdx             C:\WINDOWS\system32\DRIVERS\tdx.sys
16:08:25.0718 0x1b54  tdx - ok
16:08:25.0765 0x1b54  [ E730D0EB1B84EBC98423FC8D285EDBC0, 442DD433F9D22304E64EC7ACFC4E04892D4D92D8AC545A3530FC932A2EEC4767 ] terminpt        C:\WINDOWS\System32\drivers\terminpt.sys
16:08:25.0812 0x1b54  terminpt - ok
16:08:25.0922 0x1b54  [ 14307D4801C8CEF0A615907C09E886B3, C7F34C294D70DE689F673E0B5E9253B27EFEBBE6FA38B68B3B0B0374A896407E ] TermService     C:\WINDOWS\System32\termsrv.dll
16:08:26.0031 0x1b54  TermService - ok
16:08:26.0062 0x1b54  [ D009D1BC14FD5F2AC93D1878735F6C39, D8BCE505B66E05BC00075E46B38359CA4D0FA484EB7981A74221885E8A1FFB87 ] Themes          C:\WINDOWS\system32\themeservice.dll
16:08:26.0140 0x1b54  Themes - ok
16:08:26.0187 0x1b54  [ 5F27DE2082E16D4C1D6C627C8ECBD341, 08DA3EB3EF2B2006B6F9F2C8C149DF55DE6738975D556206A814096CAB5C1411 ] TieringEngineService C:\WINDOWS\system32\TieringEngineService.exe
16:08:26.0250 0x1b54  TieringEngineService - ok
16:08:26.0312 0x1b54  [ 82BC3D304654F8EBEFABDDC2AD70AFE3, 466334A46F6579E7C3F619B15243B270AACE9D04FE06E5228B4759FD619BDDD9 ] tiledatamodelsvc C:\WINDOWS\system32\tileobjserver.dll
16:08:26.0406 0x1b54  tiledatamodelsvc - ok
16:08:26.0437 0x1b54  [ 7E81E3E0D7F83BFE3C3975020B6C7F12, 316F9415646CC7A4E9A5F1E07310D433457E623B3E589543E4A6C73C4F77712C ] TimeBroker      C:\WINDOWS\System32\TimeBrokerServer.dll
16:08:26.0500 0x1b54  TimeBroker - ok
16:08:26.0547 0x1b54  [ 169B0A246067457FEF8A18EED7EED9D5, BF5AC0CB29E1E456253B881CD0608B578D7343E9DFE1738A14598D1DFFE1AB66 ] TPM             C:\WINDOWS\System32\drivers\tpm.sys
16:08:26.0562 0x1b54  TPM - ok
16:08:26.0593 0x1b54  [ AA84AF93CE5AF1F05838B51D20295419, 85B3EE773C691EEDFA080CD9C59D31CB58A5BC577AEE91A929F5DFBE1368AB6D ] TrkWks          C:\WINDOWS\System32\trkwks.dll
16:08:26.0640 0x1b54  TrkWks - ok
16:08:26.0703 0x1b54  [ 879694CD080FAA9193C704DB42852A98, 272B087E8C4E9A106950801DE1EEED63C859EA66382A7F35790AEA6E595526B9 ] trufos          C:\WINDOWS\system32\DRIVERS\trufos.sys
16:08:26.0734 0x1b54  trufos - ok
16:08:26.0812 0x1b54  [ E50DD57F496CED8873FA3E7D38BCCD42, 36B95F6F2CF48078C6B19FB452C87BB07E95C8804A5C6B526D349AC6227CAB26 ] TrustedInstaller C:\WINDOWS\servicing\TrustedInstaller.exe
16:08:26.0837 0x1b54  TrustedInstaller - ok
16:08:26.0853 0x1b54  [ 48E828C66AB016E48F2CB4DD585315FD, 063809B610F6B177B65D62D12605FB94F108DB26A9FD3067E6D6C51F0D92E774 ] tsusbflt        C:\WINDOWS\system32\drivers\TsUsbFlt.sys
16:08:26.0900 0x1b54  tsusbflt - ok
16:08:26.0915 0x1b54  [ 267C76EE60736EA5A1811A53FA02AABE, 28D4C4CB972534204B8336D0403B70E4EFE4F8369ABDE7401FFCCF7D4E3EA165 ] TsUsbGD         C:\WINDOWS\System32\drivers\TsUsbGD.sys
16:08:26.0962 0x1b54  TsUsbGD - ok
16:08:27.0009 0x1b54  [ 8CE72F094B822AD5EE9C3A3AFC0C16B6, 827CCD849544E1DA364B03DBC82A848D2F93AD32BA14ED52709C609BC70CE5CA ] tunnel          C:\WINDOWS\System32\drivers\tunnel.sys
16:08:27.0056 0x1b54  tunnel - ok
16:08:27.0087 0x1b54  [ 56C238ACFE4CB020D3E38508249039EA, 172868080F07D98175229A02410FE751B5958ED5A3D567D4AE5736F4025DF432 ] tzautoupdate    C:\WINDOWS\system32\tzautoupdate.dll
16:08:27.0118 0x1b54  tzautoupdate - ok
16:08:27.0150 0x1b54  [ 42C546414F80BD6C0137FC3A106F8A69, 067FFCAF0059935851888BD984E848E4E1A6CC1941A8F4534067CCF0B2A3B2E6 ] uagp35          C:\WINDOWS\system32\drivers\uagp35.sys
16:08:27.0196 0x1b54  uagp35 - ok
16:08:27.0212 0x1b54  [ 1686DBC81748B096232B15F16C302985, 63D72D1838C42A95599AF3C0B19A069E310ADB091208011D7D6FBAC968D1A59A ] UASPStor        C:\WINDOWS\System32\drivers\uaspstor.sys
16:08:27.0259 0x1b54  UASPStor - ok
16:08:27.0306 0x1b54  [ 82D3B1F4D80057826AA649D78147DE36, 344A738F6866BFD3095BB802206DDB2F9E9AD89DC39CAA7DE96455F410683829 ] UcmCx0101       C:\WINDOWS\system32\Drivers\UcmCx.sys
16:08:27.0337 0x1b54  UcmCx0101 - ok
16:08:27.0353 0x1b54  [ 1C95F7CE37D9EFB90EBE987A9712356C, B9EE7743ADA50276F05D735C5C29E44039D630A7DC93766A0EAF400DA037E4AF ] UcmUcsi         C:\WINDOWS\System32\drivers\UcmUcsi.sys
16:08:27.0415 0x1b54  UcmUcsi - ok
16:08:27.0446 0x1b54  [ AED081772091C98173905E2DF28C223B, 08541CF3354EBB634BD590E0019128F70A6FCA9075B7E785A9E9BD82EC234DD3 ] Ucx01000        C:\WINDOWS\system32\drivers\ucx01000.sys
16:08:27.0478 0x1b54  Ucx01000 - ok
16:08:27.0525 0x1b54  [ DCA34A111C29E4578DF2B8CEA3C7CDBD, 86BCE4C8EC228724D5896067A85A4768B6069D10A482ECC51A8F828DBD3880C9 ] UdeCx           C:\WINDOWS\system32\drivers\udecx.sys
16:08:27.0571 0x1b54  UdeCx - ok
16:08:27.0618 0x1b54  [ 718A956AE00CE086F381044AB66CC29C, E4EED1600C72CECE1D4507827C329A93D356BBA027470FCF6C4B5C1651DED643 ] udfs            C:\WINDOWS\system32\DRIVERS\udfs.sys
16:08:27.0681 0x1b54  udfs - ok
16:08:27.0696 0x1b54  [ BA760F8E66428BA9FF1E8BFBC6248136, BE7DCBB293B12672CB3653E640C46F669BD738D320F34F4FA4A26F6B248561F0 ] UEFI            C:\WINDOWS\System32\drivers\UEFI.sys
16:08:27.0728 0x1b54  UEFI - ok
16:08:27.0775 0x1b54  [ 28B8E1C6CBCF9FFE2FABFF3160C26ADF, 1C90E6C4E17C9B5555151943970BB6CC196E7EFC6665D9B9DCBB1EC51C70C715 ] Ufx01000        C:\WINDOWS\system32\drivers\ufx01000.sys
16:08:27.0837 0x1b54  Ufx01000 - ok
16:08:27.0853 0x1b54  [ 2B1DABA97DDF5365FC66EE7DEDD86A13, 2FF3355862938B37EE63FCA149415CE5032BF54747B07517BB21460733B65AD8 ] UfxChipidea     C:\WINDOWS\System32\drivers\UfxChipidea.sys
16:08:27.0884 0x1b54  UfxChipidea - ok
16:08:27.0931 0x1b54  [ 2A87EA182EA333D79AA0B03833EA67F2, 227792A8B4E63CF60A3DEECF829448C8FD59A40DEF3F42414E432820F8D34F64 ] ufxsynopsys     C:\WINDOWS\System32\drivers\ufxsynopsys.sys
16:08:27.0978 0x1b54  ufxsynopsys - ok
16:08:28.0009 0x1b54  [ 63451BD694651307254B8DD37A3D79C7, C781E2D876AF42D5972CCDCF86B7A59F6AF8AF0C6350647F3FA1B209119B5EF9 ] UI0Detect       C:\WINDOWS\system32\UI0Detect.exe
16:08:28.0056 0x1b54  UI0Detect - ok
16:08:28.0087 0x1b54  [ 6DE78C04BF32ECA7AF3064F53687C9A5, 164D3BB24EBA3EAF613799928063FE75220A4E583D985F53A895017782C18600 ] uliagpkx        C:\WINDOWS\system32\drivers\uliagpkx.sys
16:08:28.0118 0x1b54  uliagpkx - ok
16:08:28.0150 0x1b54  [ 67D1E0E6E4D5D33AF0AEF0E33B4DA0F4, BA2E6F16B6B3B54C943F1E7B9F79A6D1332A7ED228D754CC5AE70E3CD78B1F37 ] umbus           C:\WINDOWS\System32\drivers\umbus.sys
16:08:28.0196 0x1b54  umbus - ok
16:08:28.0228 0x1b54  [ 11680607944A719EF20E0E740785712A, 1567C2B3AAD702DCC2DC9C6B7B92EE5B681C06701A39DAC3AA7E2BE9E1E04F47 ] UmPass          C:\WINDOWS\System32\drivers\umpass.sys
16:08:28.0243 0x1b54  UmPass - ok
16:08:28.0337 0x1b54  [ FD949725D9EB52C0B87435CDE1134668, 96E2B3D3379E9AE225E5A4C5251207F1E7DA573901F4F026758EDE9FAEF4F2C5 ] UmRdpService    C:\WINDOWS\System32\umrdp.dll
16:08:28.0400 0x1b54  UmRdpService - ok
16:08:28.0478 0x1b54  [ CB902A15DD21B363FECA5DCCF34F5C57, 6A0836A12A410EBD5C667982852B58CA9E9EDB11EA666C413CC0F811E01A549D ] UnistoreSvc     C:\WINDOWS\System32\unistore.dll
16:08:28.0587 0x1b54  UnistoreSvc - ok
16:08:28.0806 0x1b54  [ 019EA723AE8288231C602F41343735DC, F3A2FE6FAD9BF2FD5A683F08C71CB5993CE450AB7D3FB488F6DCED573E2C4373 ] UPDATESRV       C:\Program Files\Bitdefender\Bitdefender 2016\updatesrv.exe
16:08:28.0853 0x1b54  UPDATESRV - ok
16:08:28.0915 0x1b54  [ B85A8CF2BE74DFF1E80097AC94584112, B1DBACC33A4143FEE2CF54E567590A69580312AD7A053BCC85B487C4D451FBDA ] upnphost        C:\WINDOWS\System32\upnphost.dll
16:08:28.0978 0x1b54  upnphost - ok
16:08:29.0025 0x1b54  [ 2410A0C20D21A25E6C01979FA886BE90, DD3F92D8CF110D47B9E36BA0EB10EB34C0FDD28FE0D57E4B60F9326703388F75 ] UrsChipidea     C:\WINDOWS\System32\drivers\urschipidea.sys
16:08:29.0056 0x1b54  UrsChipidea - ok
16:08:29.0056 0x1b54  [ 6E59CE43B6BA5AA1ADCF36A4DBBB92BB, 647D66775A90F67D803043DE8C8AE8BC2F7A042A8DCF9C95BF5458C79609481B ] UrsCx01000      C:\WINDOWS\system32\drivers\urscx01000.sys
16:08:29.0087 0x1b54  UrsCx01000 - ok
16:08:29.0103 0x1b54  [ E8A59FA109A22FC07E44BDFCC9727DBD, 0DC5928C0FF7E5B38917660D6EFECCC22172DB0BB9B23216F33E750790529C16 ] UrsSynopsys     C:\WINDOWS\System32\drivers\urssynopsys.sys
16:08:29.0134 0x1b54  UrsSynopsys - ok
16:08:29.0165 0x1b54  [ F957092C63CD71D85903CA0D8370F473, 4DEC2FC20329F248135DA24CB6694FD972DCCE8B1BBEA8D872FDE41939E96AAF ] USBAAPL64       C:\WINDOWS\System32\Drivers\usbaapl64.sys
16:08:29.0196 0x1b54  USBAAPL64 - ok
16:08:29.0243 0x1b54  [ D8A44550ECE102B6443F5D54DCE7DAB3, 97F5AE7B17DAC4A4F3186C77116BC8E49874FB0018C99D8E2CDA29D89E8B0912 ] usbccgp         C:\WINDOWS\System32\drivers\usbccgp.sys
16:08:29.0259 0x1b54  usbccgp - ok
16:08:29.0306 0x1b54  [ 66B3D22DAB5312FF238ABF5C6D9F8FAB, 4A644AFC1C27D692D352BEB8801398A00EA5B4055476063AF905A0A46DDBF8BB ] usbcir          C:\WINDOWS\System32\drivers\usbcir.sys
16:08:29.0353 0x1b54  usbcir - ok
16:08:29.0384 0x1b54  [ 3E4F20DB902D2E2914F3FF3DB9772200, F3D32BE06A26164B5F6E8DB67160D1DBBDC6D14666EEF84EA43C78CB7706E31C ] usbehci         C:\WINDOWS\System32\drivers\usbehci.sys
16:08:29.0415 0x1b54  usbehci - ok
16:08:29.0462 0x1b54  [ 41F7F00D76904416EF1F9EFA1A4C37A2, 7A4250EB2E2E0037B3AE1480C13B229ECFF5C575E68E4F934EE011DB1833B46A ] usbhub          C:\WINDOWS\System32\drivers\usbhub.sys
16:08:29.0525 0x1b54  usbhub - ok
16:08:29.0587 0x1b54  [ E7463CE8579A0418A98BE9BE42C647D7, 923CD51C82FCF9DC4E9EEA99E53634EE07EBF62FB5DFC337F01309D7D5C7622C ] USBHUB3         C:\WINDOWS\System32\drivers\UsbHub3.sys
16:08:29.0634 0x1b54  USBHUB3 - ok
16:08:29.0681 0x1b54  [ DAB35CCA86F5FBE77D870A40089BC4A1, 4A47D59D882D0F2B93F2EE7F10995E7D68B58009434E2CBD04C659E0D1F059D8 ] usbohci         C:\WINDOWS\System32\drivers\usbohci.sys
16:08:29.0712 0x1b54  usbohci - ok
16:08:29.0743 0x1b54  [ 21162F65C7756AAECAEBED9E67D0A5FE, DE3B43964171DB5B0464DA5E7A674A5D200A8695E6EF1AE2030681066ABA2688 ] usbprint        C:\WINDOWS\System32\drivers\usbprint.sys
16:08:29.0759 0x1b54  usbprint - ok
16:08:29.0821 0x1b54  [ 4AAD6547953D373A1EB5B2DF583D868B, 4E3DCEC9644550996C314FCC39F885DDE4AA7AD821B8596D96C5BEA5D60795F7 ] usbser          C:\WINDOWS\System32\drivers\usbser.sys
16:08:29.0847 0x1b54  usbser - ok
16:08:29.0894 0x1b54  [ 8949F77132A4F8F3BA17C6727099F002, 86AD4A2263B34983335180FDAE775D1744E042D2A11300D27DF546F15F285A25 ] USBSTOR         C:\WINDOWS\System32\drivers\USBSTOR.SYS
16:08:29.0926 0x1b54  USBSTOR - ok
16:08:29.0972 0x1b54  [ 8B3E458A8851F9A3B2109B1680EE1159, 753AC8F82F65564F00EA2F60B43E4B815FEAABE0DA35B6356210A5F4B1CA3EFC ] usbuhci         C:\WINDOWS\System32\drivers\usbuhci.sys
16:08:29.0988 0x1b54  usbuhci - ok
16:08:30.0051 0x1b54  [ 4B13B61CBB9CC3CB373C60B930D648F5, C79D10A1BF2B6BF141DD37A90BCCA0E1F2AF31B5028BB21537A8EE6EED630F5B ] usbvideo        C:\WINDOWS\System32\Drivers\usbvideo.sys
16:08:30.0097 0x1b54  usbvideo - ok
16:08:30.0176 0x1b54  [ 9E9D58F5E1702955B2F4D62996F80E8E, 6C21C250B9D98346D0D5CB7D6C11AB120A1D195C28313BDB0CE532663F0114E2 ] USBXHCI         C:\WINDOWS\System32\drivers\USBXHCI.SYS
16:08:30.0238 0x1b54  USBXHCI - ok
16:08:30.0332 0x1b54  [ 2771EBB565F5C121E66060B173991D4D, 1EB34A6262A18E47ADCA392FDB2D58E8428A1CA43EB4196D76A897F74A03CA7F ] UserDataSvc     C:\WINDOWS\System32\userdataservice.dll
16:08:30.0457 0x1b54  UserDataSvc - ok
16:08:30.0551 0x1b54  [ 36EC82F0E399F36BD25F593D63DC144A,

MauD85 · 11.06.2016, 15:17

Und hier der Rest vom TDSS-Logfile:

Code:

ATTFilter

2A9E916A098ACD5A5074A5FD053ECAB027A0932A348C728F20CD63EF16289533 ] UserManager     C:\WINDOWS\System32\usermgr.dll
16:08:30.0644 0x1b54  UserManager - ok
16:08:30.0722 0x1b54  [ 05F4CB5991D897E4253BF61FA5E828F8, 25B5B6751B4455491E9A050DF5C12F788B5677F70FB4844E0BF851090AC1F74C ] UsoSvc          C:\WINDOWS\system32\usocore.dll
16:08:30.0769 0x1b54  UsoSvc - ok
16:08:30.0801 0x1b54  [ 889459F1FDDC5EC58B437AA6C436F33F, 8ACC32C88D81943A8A90FDAF4772C3EDE06CAB5F489F59525BEA7AAB99DAAE73 ] VaultSvc        C:\WINDOWS\system32\lsass.exe
16:08:30.0816 0x1b54  VaultSvc - ok
16:08:30.0879 0x1b54  [ E1BE37312785A71862516F66B3FD24CE, D248C513DBEACB192653C6E46809209F341771B146544BBF43B86369280B4F8B ] vdrvroot        C:\WINDOWS\system32\drivers\vdrvroot.sys
16:08:30.0894 0x1b54  vdrvroot - ok
16:08:31.0035 0x1b54  [ 67A6E949395A09914AD8B38FE14B8D15, 593F2FAA880B2E0468F98BD58B5214A170E5890907B25294D7A47C66505A3D45 ] vds             C:\WINDOWS\System32\vds.exe
16:08:31.0129 0x1b54  vds - ok
16:08:31.0176 0x1b54  [ E42C0F2850735FF9D908B9DB581E6314, E2204A56BF37FC57CD2ED96E3F908882D72B4BFF1BFB97C5172C851F1E4F9650 ] VerifierExt     C:\WINDOWS\system32\drivers\VerifierExt.sys
16:08:31.0207 0x1b54  VerifierExt - ok
16:08:31.0332 0x1b54  [ EC15FD6A28757793E2DA394CD94ABD52, DC758BBEE9C6952D7B3F7171EF67B037B4068E88189A2C4A894122D1D1209468 ] vhdmp           C:\WINDOWS\System32\drivers\vhdmp.sys
16:08:31.0410 0x1b54  vhdmp - ok
16:08:31.0426 0x1b54  [ D0C9632C350F46786643A069251BC249, CF65BA0D3F3D2B821C10E2D4F53F5B6BF6236CA9767419392A561CFA79254C3B ] vhf             C:\WINDOWS\System32\drivers\vhf.sys
16:08:31.0472 0x1b54  vhf - ok
16:08:31.0488 0x1b54  [ E886CB75DA2B6EB35469EF10135624C7, 3AFC59A0709B984F517A918D5BBEBEB1C80001BEC87C133447DCEAEDE00E516D ] vmbus           C:\WINDOWS\system32\drivers\vmbus.sys
16:08:31.0535 0x1b54  vmbus - ok
16:08:31.0566 0x1b54  [ 46D2EC27820EC0F798F85821E53C2942, D298A7D6AC16F76A069F843C8DD323ECB340D361733CB9B076BCDE8FC5F1FEFC ] VMBusHID        C:\WINDOWS\System32\drivers\VMBusHID.sys
16:08:31.0582 0x1b54  VMBusHID - ok
16:08:31.0644 0x1b54  [ 9AFCCEBFC4D311B62EF0C5457FBB405C, 965736DD97D7BF23AA62D4DFB4563534B252E26C66A3FDD1461024FD2315C53A ] vmicguestinterface C:\WINDOWS\System32\ICSvc.dll
16:08:31.0707 0x1b54  vmicguestinterface - ok
16:08:31.0738 0x1b54  [ 9AFCCEBFC4D311B62EF0C5457FBB405C, 965736DD97D7BF23AA62D4DFB4563534B252E26C66A3FDD1461024FD2315C53A ] vmicheartbeat   C:\WINDOWS\System32\ICSvc.dll
16:08:31.0801 0x1b54  vmicheartbeat - ok
16:08:31.0863 0x1b54  [ 9AFCCEBFC4D311B62EF0C5457FBB405C, 965736DD97D7BF23AA62D4DFB4563534B252E26C66A3FDD1461024FD2315C53A ] vmickvpexchange C:\WINDOWS\System32\ICSvc.dll
16:08:31.0926 0x1b54  vmickvpexchange - ok
16:08:31.0988 0x1b54  [ 9AFCCEBFC4D311B62EF0C5457FBB405C, 965736DD97D7BF23AA62D4DFB4563534B252E26C66A3FDD1461024FD2315C53A ] vmicrdv         C:\WINDOWS\System32\ICSvc.dll
16:08:32.0051 0x1b54  vmicrdv - ok
16:08:32.0098 0x1b54  [ 9AFCCEBFC4D311B62EF0C5457FBB405C, 965736DD97D7BF23AA62D4DFB4563534B252E26C66A3FDD1461024FD2315C53A ] vmicshutdown    C:\WINDOWS\System32\ICSvc.dll
16:08:32.0160 0x1b54  vmicshutdown - ok
16:08:32.0238 0x1b54  [ 9AFCCEBFC4D311B62EF0C5457FBB405C, 965736DD97D7BF23AA62D4DFB4563534B252E26C66A3FDD1461024FD2315C53A ] vmictimesync    C:\WINDOWS\System32\ICSvc.dll
16:08:32.0301 0x1b54  vmictimesync - ok
16:08:32.0395 0x1b54  [ 9AFCCEBFC4D311B62EF0C5457FBB405C, 965736DD97D7BF23AA62D4DFB4563534B252E26C66A3FDD1461024FD2315C53A ] vmicvmsession   C:\WINDOWS\System32\ICSvc.dll
16:08:32.0473 0x1b54  vmicvmsession - ok
16:08:32.0535 0x1b54  [ 9AFCCEBFC4D311B62EF0C5457FBB405C, 965736DD97D7BF23AA62D4DFB4563534B252E26C66A3FDD1461024FD2315C53A ] vmicvss         C:\WINDOWS\System32\ICSvc.dll
16:08:32.0613 0x1b54  vmicvss - ok
16:08:32.0660 0x1b54  [ B9265F47E7A354BAAA0AF5CBA3F8F7CE, F836E7BEDC7CAB1C01225164D171A0210D8F909F52992E4C0BF3C92B365BCD52 ] volmgr          C:\WINDOWS\system32\drivers\volmgr.sys
16:08:32.0691 0x1b54  volmgr - ok
16:08:32.0738 0x1b54  [ BEE9C8B72AB752B794F69C2B9B3678AA, 49A5093C26F3CDCD60577F7F2D7F936C7B2BD010B27F2C49A7B6AA41E42DF98D ] volmgrx         C:\WINDOWS\system32\drivers\volmgrx.sys
16:08:32.0785 0x1b54  volmgrx - ok
16:08:32.0801 0x1b54  [ E1F91A727A04C9F8199D04FF3BBBF63C, 076CAEE621DBF7DE24ED92BA239C440879FDB674CF3213DF3E35AEC03D0D2031 ] volsnap         C:\WINDOWS\system32\drivers\volsnap.sys
16:08:32.0848 0x1b54  volsnap - ok
16:08:32.0879 0x1b54  [ F7B1B1101271E31F43CC76E890704F51, 2282D82B220C3D13FF980ED8E40443C83816D3DA9557EACEA137873F92BB9CF4 ] vpci            C:\WINDOWS\System32\drivers\vpci.sys
16:08:32.0895 0x1b54  vpci - ok
16:08:33.0020 0x1b54  [ B7B7ABA926F0FB35CFA28635856227FE, 75C8B8EC78CC5D90F5A48E8AB9FA9AB79D02B39109D980BCC728D8B06B7FD4E9 ] vpnagent        C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
16:08:33.0098 0x1b54  vpnagent - ok
16:08:33.0129 0x1b54  [ 0F42C39016F82F345C0F2DB2D5B90EB4, 2E957E72BB8D0293F61FA7385BA9400DF7759E1E3D35FE24F3877A6460988F4D ] vpnva           C:\WINDOWS\System32\drivers\vpnva64-6.sys
16:08:33.0160 0x1b54  vpnva - ok
16:08:33.0191 0x1b54  [ D48ED0A08BD2FD25A833E6AC99623091, 6CA7580878D3893E14B4938023A00CDFC9BE215A0CE4ED59A94F95DFD9FDF4D8 ] vsmraid         C:\WINDOWS\system32\drivers\vsmraid.sys
16:08:33.0223 0x1b54  vsmraid - ok
16:08:33.0316 0x1b54  [ 4CF5A1E0C4FCA956ACD6C654E2A8610E, 57F3C7200C25E8717AF92AF2ED7615C6605179D3514B432220FA6EA94CAB4F2E ] VSS             C:\WINDOWS\system32\vssvc.exe
16:08:33.0441 0x1b54  VSS - ok
16:08:33.0676 0x1b54  [ 242BEF3CDCB8A707676C06A83E2F8ABB, BCBA394FC5B67BFFB28A5DB67AB96EDCF2F40143A48574AFFB7C7AD0365B134B ] VSSERV          C:\Program Files\Bitdefender\Bitdefender 2016\vsserv.exe
16:08:33.0770 0x1b54  VSSERV - ok
16:08:33.0816 0x1b54  [ 6990D4AFDF545669D4E6C232F26DE1FB, 9B8F99A035188FD96BA79E935E8EF387BEA2223ECA0B74CF64AB993DABAA5722 ] VSTXRAID        C:\WINDOWS\system32\drivers\vstxraid.sys
16:08:33.0865 0x1b54  VSTXRAID - ok
16:08:33.0897 0x1b54  [ 1EE11F0508C58EF081F4176E66D6970B, 9069B3FC8850C7CF617909C6DBFC3753FEB59A9E708379CC57190F4097FB374E ] vwifibus        C:\WINDOWS\System32\drivers\vwifibus.sys
16:08:33.0912 0x1b54  vwifibus - ok
16:08:33.0943 0x1b54  [ 938E4EF58E42D252B742B0E243011B90, AC0C21FBAF15924CB271CA43ACB7A86287936C78B4852BCFC59EC7EC703E036C ] vwififlt        C:\WINDOWS\system32\drivers\vwififlt.sys
16:08:33.0959 0x1b54  vwififlt - ok
16:08:33.0990 0x1b54  [ 3BE5AAC930447FD18D4A8255A2FEC95C, A517357188FE4A5BD98A3CDB2165ACCE96CCE4BE2B90DDBEAF70B6DDF393F506 ] vwifimp         C:\WINDOWS\System32\drivers\vwifimp.sys
16:08:34.0022 0x1b54  vwifimp - ok
16:08:34.0084 0x1b54  [ 48C1A256591297C43ECFC4E30D144EAA, 8E66833ED2CEB6D7E499EB2E4282B4F9DFA28B6D21757BB88EC52FD069D7FACE ] W32Time         C:\WINDOWS\system32\w32time.dll
16:08:34.0178 0x1b54  W32Time - ok
16:08:34.0193 0x1b54  [ 00C27B64C758C111E5D78A70DE6CA2B6, C99761B9B671B3A1FF1C52796CCA3F4F825BF50D9657D13B551E849CDD82055D ] WacomPen        C:\WINDOWS\System32\drivers\wacompen.sys
16:08:34.0240 0x1b54  WacomPen - ok
16:08:34.0287 0x1b54  [ D76D1AC4F2C642D09A68227D129A4726, D14D6C4D94E9660848C74B220359683D91A4A3D70750E781A20B6D86D46794CE ] WalletService   C:\WINDOWS\system32\WalletService.dll
16:08:34.0350 0x1b54  WalletService - ok
16:08:34.0365 0x1b54  [ 8CB53620B2C2F0641DD7563EA0FDF491, D62FE75C908409A54949F0E3C39558DC7A8F11AF7496ED7B0872D80D08CB67A7 ] wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
16:08:34.0397 0x1b54  wanarp - ok
16:08:34.0397 0x1b54  [ 8CB53620B2C2F0641DD7563EA0FDF491, D62FE75C908409A54949F0E3C39558DC7A8F11AF7496ED7B0872D80D08CB67A7 ] wanarpv6        C:\WINDOWS\system32\DRIVERS\wanarp.sys
16:08:34.0428 0x1b54  wanarpv6 - ok
16:08:34.0537 0x1b54  [ 2598BBF11C9E7D0885DCA52E7FD5BCBD, 46B1FB080A2CD88C89A0EB8BA2594A1FA2C341ED77A6C6835CBFFE42907FAC55 ] wbengine        C:\WINDOWS\system32\wbengine.exe
16:08:34.0662 0x1b54  wbengine - ok
16:08:34.0709 0x1b54  [ 642EFABF900374FA85639D83B5533AFD, 292692D6AAC2A785D237ADFBC7CA3D379E8FC79FA366A8CE7D06F5CA5CE6866B ] WbioSrvc        C:\WINDOWS\System32\wbiosrvc.dll
16:08:34.0772 0x1b54  WbioSrvc - ok
16:08:34.0818 0x1b54  [ 0BF8D8C7EC9FB15D6480A12101E88B71, E7BC6A4E53D8C9D73BF83097DFE43ED8038B7BED0AE56E5AF7983F74562F15A3 ] Wcmsvc          C:\WINDOWS\System32\wcmsvc.dll
16:08:34.0881 0x1b54  Wcmsvc - ok
16:08:34.0928 0x1b54  [ 53A036CED1270F2459E708A05922FD49, 2F281A72E4B0408DE6C8153F5988C9AA38591FB1E72558767D389637D0666A85 ] wcncsvc         C:\WINDOWS\System32\wcncsvc.dll
16:08:34.0990 0x1b54  wcncsvc - ok
16:08:35.0006 0x1b54  [ 965B6197A659782B6A0F68411A180AAD, 5541AB78B71E4FA655BCBF2D80D574B2A3B4AA8871F65D26620BDE549FA5459A ] WcsPlugInService C:\WINDOWS\System32\WcsPlugInService.dll
16:08:35.0053 0x1b54  WcsPlugInService - ok
16:08:35.0068 0x1b54  [ 069D3D6E20AD753B34FCE856F0436869, CF8C12295DDAA56E7350019AADBA533D7857CFB3F20DEE14E557963645A9331B ] WdBoot          C:\WINDOWS\system32\drivers\WdBoot.sys
16:08:35.0100 0x1b54  WdBoot - ok
16:08:35.0131 0x1b54  [ A556768CC1FA4F36022BEE2F0EDE2566, 3A4BC9DE614F43CD94FA354A565C66B2E1E36C0608D84C6288010B97B9D811AA ] WDC_SAM         C:\WINDOWS\System32\drivers\wdcsam64.sys
16:08:35.0162 0x1b54  WDC_SAM - ok
16:08:35.0240 0x1b54  [ 6CC727E94CD84E9720FDCDA8089CABCC, BCF66056B06DED6BC2D329E910FCD3E685D627BAD3B5D7F4B0E970B45CD9CEF4 ] Wdf01000        C:\WINDOWS\system32\drivers\Wdf01000.sys
16:08:35.0303 0x1b54  Wdf01000 - ok
16:08:35.0334 0x1b54  [ E3E97151A1D1E87BB2D5371F66C5F169, 0ED0B9852FE0533816F5EE2F06045B3964A00FD749A7011DB3C663AB6FA369E2 ] WdFilter        C:\WINDOWS\system32\drivers\WdFilter.sys
16:08:35.0365 0x1b54  WdFilter - ok
16:08:35.0412 0x1b54  [ 75DC67553051103547B693898CB32D08, 4FCF2C3DBBE85461364B1F3A3F3629B52C8664487D30142D15937A4C96EF6A8F ] WdiServiceHost  C:\WINDOWS\system32\wdi.dll
16:08:35.0459 0x1b54  WdiServiceHost - ok
16:08:35.0459 0x1b54  [ 75DC67553051103547B693898CB32D08, 4FCF2C3DBBE85461364B1F3A3F3629B52C8664487D30142D15937A4C96EF6A8F ] WdiSystemHost   C:\WINDOWS\system32\wdi.dll
16:08:35.0537 0x1b54  WdiSystemHost - ok
16:08:35.0600 0x1b54  [ 2BC2E99623119521EEF7910A11D0FDE0, 3F3E48A79534F0F65F961D9B170D534562E04901B630127B16DF02E6D42F2BBF ] wdiwifi         C:\WINDOWS\system32\DRIVERS\wdiwifi.sys
16:08:35.0662 0x1b54  wdiwifi - ok
16:08:35.0709 0x1b54  [ 07B043160399AF4009054E2EA3464BF4, 8D652D7CD75F8FB2B5414155355F0C970015914E1AC6522DBB8387BB8662F542 ] WdNisDrv        C:\WINDOWS\system32\Drivers\WdNisDrv.sys
16:08:35.0756 0x1b54  WdNisDrv - ok
16:08:35.0772 0x1b54  WdNisSvc - ok
16:08:35.0803 0x1b54  [ 9972D395DBD05D91DA5EDADEB9325680, 9382D846793F285721A1A0FED42F914035A53D856B902FADB0B7144C471BDA91 ] WebClient       C:\WINDOWS\System32\webclnt.dll
16:08:35.0856 0x1b54  WebClient - ok
16:08:35.0871 0x1b54  [ B6BF579761489720BCE787F723F596E5, 879B17F6A4F23F5E85A09126B7B407955DDCEB1BA4A8FFC0A418B7F47311C056 ] Wecsvc          C:\WINDOWS\system32\wecsvc.dll
16:08:35.0918 0x1b54  Wecsvc - ok
16:08:35.0934 0x1b54  [ 10C9CF8771A2A87F575F9FB56821474E, 15E3DFFE9CF6777F67E426ECF797D2DF743EA152DEE336DCC9C2F92A0E6EB9A3 ] WEPHOSTSVC      C:\WINDOWS\system32\wephostsvc.dll
16:08:35.0981 0x1b54  WEPHOSTSVC - ok
16:08:36.0012 0x1b54  [ 357C083FE35D030D991D163AAF622A06, F301852D49DBDEF0D28F56CD74CBDC71CA003EBD07D3F46EA5C870DC1BD07896 ] wercplsupport   C:\WINDOWS\System32\wercplsupport.dll
16:08:36.0043 0x1b54  wercplsupport - ok
16:08:36.0075 0x1b54  [ 2235AF716D15D9DFE4C59DC2AC0C440C, 2DCFCEBEA77E7E40CEF9A785BE1A794B390B36E40FBCF49B494F9CEA3F6A28C4 ] WerSvc          C:\WINDOWS\System32\WerSvc.dll
16:08:36.0121 0x1b54  WerSvc - ok
16:08:36.0137 0x1b54  [ C11272713719922DE5711094333BD166, 61D4F07E02AECF04964FF51EEA31069A2B0EAA549AD2B29B5FD3E1E6BB543593 ] WFPLWFS         C:\WINDOWS\system32\drivers\wfplwfs.sys
16:08:36.0168 0x1b54  WFPLWFS - ok
16:08:36.0184 0x1b54  [ 205A1FAE910F5C493D236245850BB62A, DBA4D1D734BAA3CDEB8A7F9C81A8DAA88CEA55AF5C4C5908E76FB8E522C5EC8A ] WiaRpc          C:\WINDOWS\System32\wiarpc.dll
16:08:36.0215 0x1b54  WiaRpc - ok
16:08:36.0231 0x1b54  [ EF536C54AB9281FDC4E83B07279FCFC4, 22E4F133170682EE14413CA8FDC2DBE73AB31960D6ACB728A6B398229FDDFD3B ] WIMMount        C:\WINDOWS\system32\drivers\wimmount.sys
16:08:36.0246 0x1b54  WIMMount - ok
16:08:36.0246 0x1b54  WinDefend - ok
16:08:36.0278 0x1b54  [ D8966A76408107224C6013993135DD78, 6159F69BC26FF817078E68C70E6DFC9075FEBF9EF9F4F046C7A65BC377544AE6 ] WindowsTrustedRT C:\WINDOWS\system32\drivers\WindowsTrustedRT.sys
16:08:36.0325 0x1b54  WindowsTrustedRT - ok
16:08:36.0340 0x1b54  [ 8B102A7B6CE326FD4208CC7C2D183343, E47C1D76CBFD2A382C3A7BB048D752FB6DD4616FADDEB1C3ADD5DDAE149742AF ] WindowsTrustedRTProxy C:\WINDOWS\system32\drivers\WindowsTrustedRTProxy.sys
16:08:36.0356 0x1b54  WindowsTrustedRTProxy - ok
16:08:36.0434 0x1b54  [ FFD04E8263FC9CDB89BAD8C27C337223, 7021161D354F1536DA261D001524B92301466631DCFA161A7C6355AAC86BBE40 ] WinHttpAutoProxySvc C:\WINDOWS\system32\winhttp.dll
16:08:36.0512 0x1b54  WinHttpAutoProxySvc - ok
16:08:36.0528 0x1b54  [ 4A53441C1C4D2878BEF27E381138BB2D, C221E74491E6FD2AF472B53876B46788D5CF62F4E645457F3B3816FD0ED2BAA1 ] WinMad          C:\WINDOWS\System32\drivers\winmad.sys
16:08:36.0559 0x1b54  WinMad - ok
16:08:36.0637 0x1b54  [ 1033C37122C7404C3B926ADF84874832, 163B3A7112F13AE7BB2655A28C6B19AF9B263F2AD2FF1B75314BE3E2B9118903 ] Winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
16:08:36.0700 0x1b54  Winmgmt - ok
16:08:36.0871 0x1b54  [ 703D0F62C5AA4D08EE8756516C0D125D, 02015A5E62490C11EC968160C528C2AFD1D7194AACA27F407B06EB462657511F ] WinRM           C:\WINDOWS\system32\WsmSvc.dll
16:08:37.0043 0x1b54  WinRM - ok
16:08:37.0075 0x1b54  [ 260907CE034FE327AC99BDA4153AB22F, B96501F43248713C2E153B9D22B78D51412A3C6989A2FB5F53A406C6CDC98D30 ] WINUSB          C:\WINDOWS\System32\drivers\WinUSB.SYS
16:08:37.0122 0x1b54  WINUSB - ok
16:08:37.0153 0x1b54  [ 40A3E8D729F458B2C9A8BD9380FF83D5, CD42FFC138969EF8C9588FD113F0B9A98FBA282D46A5B6BCFA765F55ED6E97A1 ] WinVerbs        C:\WINDOWS\System32\drivers\winverbs.sys
16:08:37.0168 0x1b54  WinVerbs - ok
16:08:37.0309 0x1b54  [ 453740989239803FE363FF8B40EA2E08, 25499705627C38D3431B3C336E0CF3BF55ABB0C461B88DA6D3767CAAE1E2B893 ] WlanSvc         C:\WINDOWS\System32\wlansvc.dll
16:08:37.0497 0x1b54  WlanSvc - ok
16:08:37.0606 0x1b54  [ E48BBF1363F843E030757EC190DD33E6, B37199495115ED423BA99B7317377CE865BB482D4E847861E871480AC49D4A84 ] wlidsvc         C:\WINDOWS\system32\wlidsvc.dll
16:08:37.0747 0x1b54  wlidsvc - ok
16:08:37.0762 0x1b54  [ 8F010BF65238F3F822D22BA12831796E, 2CA830F259B742D2F5CDD0437960BF512D40FB4A4C2342E3BABB38D468F79694 ] WmiAcpi         C:\WINDOWS\System32\drivers\wmiacpi.sys
16:08:37.0809 0x1b54  WmiAcpi - ok
16:08:37.0856 0x1b54  [ 74ACA5A7880C1F0BB9D60E32E1705A70, A89817BCCBFF94D7394614DA81D1C6C4F53AF47A539E674EEF6DC3FC496BF702 ] wmiApSrv        C:\WINDOWS\system32\wbem\WmiApSrv.exe
16:08:37.0903 0x1b54  wmiApSrv - ok
16:08:37.0950 0x1b54  WMPNetworkSvc - ok
16:08:37.0981 0x1b54  [ 2A9650FCC696DB28E45EA8B33B99B8E6, FBEBC6C05D50F578C6EEE0A7285EBE1DEADB08DD21FA3232630FD8D5A68FC3FB ] Wof             C:\WINDOWS\system32\drivers\Wof.sys
16:08:38.0028 0x1b54  Wof - ok
16:08:38.0184 0x1b54  [ 4090C6738AA92B428220857B4D44F638, 4A3EE47494051E5BA8393F2AC8226EF434DA3AA1895CF4BADC9BC1BC378647C6 ] workfolderssvc  C:\WINDOWS\system32\workfolderssvc.dll
16:08:38.0325 0x1b54  workfolderssvc - ok
16:08:38.0356 0x1b54  [ 22C52D7EE7C7D0E02C8EFD8CAE8E3A71, 126605A12CEC9CC07DE3050F12E43CECABEAF0D00DF12300AF70F34700F7FE8E ] wpcfltr         C:\WINDOWS\system32\DRIVERS\wpcfltr.sys
16:08:38.0387 0x1b54  wpcfltr - ok
16:08:38.0419 0x1b54  [ 45FA01F8B7971ACB65202038E34D04A3, 9B2C2ABC7DB716295B0BD0AF04DA08E6B4200D7CF1C7DB59DD8FD8FEBD56D94C ] WPDBusEnum      C:\WINDOWS\system32\wpdbusenum.dll
16:08:38.0465 0x1b54  WPDBusEnum - ok
16:08:38.0481 0x1b54  [ 1C08E424CBDD5065BB7266F8C048C1B1, 0452C85EDA6CBAB75C2617886C5D8117ED25D91F1BE0F8377B08D55B6629B028 ] WpdUpFltr       C:\WINDOWS\system32\drivers\WpdUpFltr.sys
16:08:38.0512 0x1b54  WpdUpFltr - ok
16:08:38.0544 0x1b54  [ 2C6EEFFBB7FB1C51CCD3737C77AB9109, 8C2ED309FAF4312512E7BCCBBC51B1353603A3499077A1DE21991F0692AF1620 ] WpnService      C:\WINDOWS\system32\WpnService.dll
16:08:38.0606 0x1b54  WpnService - ok
16:08:38.0637 0x1b54  [ 638B43D39A3D0B47024555CF1095E6F1, C7EA0A6ED227A5256EB02CA76FEC538DF196B8DC38DA2A567757D2B221C9473E ] ws2ifsl         C:\WINDOWS\system32\drivers\ws2ifsl.sys
16:08:38.0669 0x1b54  ws2ifsl - ok
16:08:38.0747 0x1b54  [ 9C17CF2D05F8DA5AC66880B6BEE64E7D, 8930079A1AFA97657BE567038EE57C988D3DE9A6C24EA46160E2974837082535 ] wscsvc          C:\WINDOWS\System32\wscsvc.dll
16:08:38.0809 0x1b54  wscsvc - ok
16:08:38.0840 0x1b54  [ F517CB0182B1DA5C0E0FC6B548FF60CC, F09CA4172D611487F157973C808627F04B0CF0A71CE19D49280BFBEA4AE6027B ] WSDPrintDevice  C:\WINDOWS\System32\drivers\WSDPrint.sys
16:08:38.0856 0x1b54  WSDPrintDevice - ok
16:08:38.0903 0x1b54  [ 3A3294E2E5CBFC51999180C06051DDE9, 2EEE0A5BEBB366E4C12245E8175685CF2173E260B482A8EEB7F8255BA43C6CE3 ] WSDScan         C:\WINDOWS\system32\DRIVERS\WSDScan.sys
16:08:38.0950 0x1b54  WSDScan - ok
16:08:38.0965 0x1b54  WSearch - ok
16:08:39.0137 0x1b54  [ 6E04BBE242E2889B37300C4DF5CE1126, FBDAEAC62C48A4FC5EF412AE47FF10590AE83E8871412F76F6F9BAE910542DFA ] WSService       C:\WINDOWS\System32\WSService.dll
16:08:39.0325 0x1b54  WSService - ok
16:08:39.0450 0x1b54  [ 8A88DBA247BFF23BD284C2189F41FDA5, 86A617CB7C7473306DA2889AA30B488ABB9B824F7DCA31AA675DA6EB3974887C ] wuauserv        C:\WINDOWS\system32\wuaueng.dll
16:08:39.0622 0x1b54  wuauserv - ok
16:08:39.0637 0x1b54  [ A928F25CB62232F413EE655352856E10, 1D2B278A24DDDE8792ADE7649FF90A98E186B79F13AA296C30E4180293BE906A ] WudfPf          C:\WINDOWS\system32\drivers\WudfPf.sys
16:08:39.0684 0x1b54  WudfPf - ok
16:08:39.0715 0x1b54  [ A932391623D5CEC4EF4A2A17D3CEBFCD, 54AA17F385347DED262BDA84F2D99106DC5D9BF8765D647BD76265356193BDFA ] WUDFRd          C:\WINDOWS\system32\drivers\WudfRd.sys
16:08:39.0747 0x1b54  WUDFRd - ok
16:08:39.0794 0x1b54  [ 1336DA39FE006EAB2733CA4DE5B3560C, F0D6C71ADCB66D4D14EC6D09FD43F5521A3A8CA53F248DFD01696FB4F033BE77 ] wudfsvc         C:\WINDOWS\System32\WUDFSvc.dll
16:08:39.0840 0x1b54  wudfsvc - ok
16:08:39.0856 0x1b54  [ A932391623D5CEC4EF4A2A17D3CEBFCD, 54AA17F385347DED262BDA84F2D99106DC5D9BF8765D647BD76265356193BDFA ] WUDFWpdFs       C:\WINDOWS\system32\DRIVERS\WUDFRd.sys
16:08:39.0903 0x1b54  WUDFWpdFs - ok
16:08:39.0903 0x1b54  [ A932391623D5CEC4EF4A2A17D3CEBFCD, 54AA17F385347DED262BDA84F2D99106DC5D9BF8765D647BD76265356193BDFA ] WUDFWpdMtp      C:\WINDOWS\system32\DRIVERS\WUDFRd.sys
16:08:39.0950 0x1b54  WUDFWpdMtp - ok
16:08:40.0028 0x1b54  [ 5DA95027DF2317174E8C39B4A8D1FCD8, 99B356411CB08B8BCCF2348DBF1FD5D4F417EA509D9C7CE23E5877C333F4D304 ] WwanSvc         C:\WINDOWS\System32\wwansvc.dll
16:08:40.0137 0x1b54  WwanSvc - ok
16:08:40.0200 0x1b54  [ 5DFAF8BE5A3CABAABF6795BC09EB7876, 1AFD0BC50EA5C2CCB2874E97FE5205175C80849BD6C9BDAF9FBC49174D478997 ] XblAuthManager  C:\WINDOWS\System32\XblAuthManager.dll
16:08:40.0278 0x1b54  XblAuthManager - ok
16:08:40.0356 0x1b54  [ 7118498F6E48758A2EF5A7D1982E2B62, 1FF75AE64CB6DB263E8B35515E092B325AA71A6B2210F8F2B0AD087B3BA33345 ] XblGameSave     C:\WINDOWS\System32\XblGameSave.dll
16:08:40.0465 0x1b54  XblGameSave - ok
16:08:40.0512 0x1b54  [ F279536122B83FD0D8E158AA753E1B7C, 6A542F28E24B30DBDC2EEE24DA33C2F4ADB3596AEDDD71DC1495DD40577CE4BB ] xboxgip         C:\WINDOWS\System32\drivers\xboxgip.sys
16:08:40.0544 0x1b54  xboxgip - ok
16:08:40.0622 0x1b54  [ 69E727F94BEA64E66C284F3C482F33E6, B3E0F287E7A251E0FC17C41089C45737027E54F0213BDE847356AC882B4D3700 ] XboxNetApiSvc   C:\WINDOWS\system32\XboxNetApiSvc.dll
16:08:40.0700 0x1b54  XboxNetApiSvc - ok
16:08:40.0731 0x1b54  [ DA0807D87A62D076C29C4E30F1E84F46, CA3079350038091AEE04D4DA7C06865E9DB3095120AE61AAB575AA77E86A6223 ] xinputhid       C:\WINDOWS\System32\drivers\xinputhid.sys
16:08:40.0762 0x1b54  xinputhid - ok
16:08:40.0762 0x1b54  ================ Scan global ===============================
16:08:40.0809 0x1b54  [ 82E25186617BA6C15010F0D47C705705, 5BF9E38918E6EAE86448137E2D120B80318AA1143CDDF539A2BFBEE227646816 ] C:\WINDOWS\system32\basesrv.dll
16:08:40.0873 0x1b54  [ E2899695BD30B5F93EC626EBBEF2CB69, B190D2903A109D2C146D881F90769060A0E971942F4AA61AEAD81861032D89C3 ] C:\WINDOWS\system32\winsrv.dll
16:08:40.0920 0x1b54  [ 09E92888FFF86F3334E59778724DCA6F, 2344763B52395EF565A9DE5F55BEDCA026AD2E8072FFD06F826BF366B3BA2AB4 ] C:\WINDOWS\system32\sxssrv.dll
16:08:40.0998 0x1b54  [ 6FF8248F3A9D69A095C7F3F42BC29CB2, 9077B1AA0AFB8DB329FDED0E51085DE1C51B22A986162F29037FCA404A80D512 ] C:\WINDOWS\system32\services.exe
16:08:41.0029 0x1b54  [ Global ] - ok
16:08:41.0029 0x1b54  ================ Scan MBR ==================================
16:08:41.0045 0x1b54  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk0\DR0
16:08:41.0123 0x1b54  \Device\Harddisk0\DR0 - ok
16:08:41.0123 0x1b54  ================ Scan VBR ==================================
16:08:41.0123 0x1b54  [ E8F1EE55855DB7854058BF75EC01E812 ] \Device\Harddisk0\DR0\Partition1
16:08:41.0154 0x1b54  \Device\Harddisk0\DR0\Partition1 - ok
16:08:41.0170 0x1b54  [ 659E08EFFB2947B899BEB7EEFE2BF82F ] \Device\Harddisk0\DR0\Partition2
16:08:41.0185 0x1b54  \Device\Harddisk0\DR0\Partition2 - ok
16:08:41.0201 0x1b54  [ B1E27AA018409DE6BFD73F8AFB883A65 ] \Device\Harddisk0\DR0\Partition3
16:08:41.0201 0x1b54  \Device\Harddisk0\DR0\Partition3 - ok
16:08:41.0201 0x1b54  [ 7379A4AE5E6282992AC93CEE07F0F6EE ] \Device\Harddisk0\DR0\Partition4
16:08:41.0217 0x1b54  \Device\Harddisk0\DR0\Partition4 - ok
16:08:41.0263 0x1b54  [ F8964212A0B86A0D54E231AD15288003 ] \Device\Harddisk0\DR0\Partition5
16:08:41.0279 0x1b54  \Device\Harddisk0\DR0\Partition5 - ok
16:08:41.0295 0x1b54  [ 08BAA489297976C8E4139F6DED6D0F9A ] \Device\Harddisk0\DR0\Partition6
16:08:41.0310 0x1b54  \Device\Harddisk0\DR0\Partition6 - ok
16:08:41.0326 0x1b54  ================ Scan generic autorun ======================
16:08:41.0920 0x1b54  [ 6121FAB614C910769E7DF2A3F4DE15E1, 41A895A03D98C15B56A3B9B3F7BADB54CBDA517108C22941CE375C98F039E79D ] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
16:08:42.0435 0x1b54  RtHDVCpl - ok
16:08:42.0560 0x1b54  [ 1061A6E95A99375F1322A8874EC9BE91, 112F4B523A89D173A0A21C22F29D8D1223EC17077282C2ECD380E8A9F4046456 ] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
16:08:42.0623 0x1b54  RtHDVBg_Dolby - ok
16:08:42.0779 0x1b54  [ 5B72629C8144D1A96490D4C090D28DA1, 114891B9E7E05D2B86C8E3CD7B4096088491E338C3B1902F9352D40B47DD418C ] c:\Program Files\Microsoft IntelliPoint\ipoint.exe
16:08:42.0905 0x1b54  IntelliPoint - ok
16:08:43.0015 0x1b54  [ 655338505A9CE661A9C3E3F00E69C9B5, F9D29E0977F63A51137DF087F5105E8257CBD5EB608A0534166D3E6DCF8B6729 ] C:\Program Files\FileOpen\Services\FileOpenBroker64.exe
16:08:43.0093 0x1b54  FileOpenBroker - ok
16:08:43.0093 0x1b54  SynTPEnh - ok
16:08:43.0140 0x1b54  [ 747CEF68DA0B3BABD64B74C0E06C050E, C640AF94F66025E8B9937A37A361547580DB3F0B5F62F21E8B30A087BE018015 ] C:\Program Files\iTunes\iTunesHelper.exe
16:08:43.0171 0x1b54  iTunesHelper - ok
16:08:43.0233 0x1b54  [ 1606A7B4DA56B3BA369FC612F45A3362, A50B1FADEA3DB60E8D5F18390FD34D8F95D3F0C2C4F78F3791177FCD9CFB21F0 ] C:\Program Files (x86)\FreePDF_XP\fpassist.exe
16:08:43.0952 0x1b54  FreePDF Assistant - detected UnsignedFile.Multi.Generic ( 1 )
16:08:46.0282 0x1b54  Detect skipped due to KSN trusted
16:08:46.0282 0x1b54  FreePDF Assistant - ok
16:08:46.0376 0x1b54  [ D658AB1B55127D18DCFBCAC8CAAEA522, 9FB818F3899542CB7F1B979644423A66842D98D1762B1C38AE04AEE23320DA8E ] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
16:08:46.0454 0x1b54  HP Software Update - ok
16:08:46.0860 0x1b54  [ 88F8A731DEA7F49D92F84A0A77C5CC67, 030458922DA43AAF6C95EC430860A73032616851E03E58170F71E918720717CB ] C:\Windows\SysWOW64\OneDriveSetup.exe
16:08:47.0298 0x1b54  OneDriveSetup - ok
16:08:47.0673 0x1b54  [ 88F8A731DEA7F49D92F84A0A77C5CC67, 030458922DA43AAF6C95EC430860A73032616851E03E58170F71E918720717CB ] C:\Windows\SysWOW64\OneDriveSetup.exe
16:08:47.0970 0x1b54  OneDriveSetup - ok
16:08:48.0173 0x1b54  [ 338EA8481D3494E2E1DD7EA1731A0ECD, BD97433E03CABD4F498817A7374E12E3DF74509DF2F00974B30FD728736ABAFD ] C:\Program Files\HP\HP ENVY 4500 series\Bin\ScanToPCActivationApp.exe
16:08:48.0329 0x1b54  HP ENVY 4500 series (NET) - ok
16:08:48.0470 0x1b54  [ 8F2EA5EE0695CCE2285D92C44108375C, 2C96A8E7E41E87C27B6A3325526F99A03333357EF2682C17A4892BE4A58D157E ] C:\Users\Mandy85\AppData\Local\Microsoft\OneDrive\OneDrive.exe
16:08:48.0532 0x1b54  OneDrive - ok
16:08:48.0595 0x1b54  [ A1F58FFF448E4099297D6EE0641D4D0E, 47839789332AAF8861F7731BF2D3FBB5E0991EA0D0B457BB4C8C1784F76C73DC ] C:\Users\Mandy85\AppData\Local\Dropbox\Update\DropboxUpdate.exe
16:08:48.0626 0x1b54  Dropbox Update - ok
16:08:48.0626 0x1b54  Waiting for KSN requests completion. In queue: 6
16:08:49.0642 0x1b54  Waiting for KSN requests completion. In queue: 6
16:08:50.0658 0x1b54  Waiting for KSN requests completion. In queue: 6
16:08:51.0673 0x1b54  Waiting for KSN requests completion. In queue: 6
16:08:52.0705 0x1b54  AV detected via SS2: Windows Defender, C:\Program Files\Windows Defender\MSASCui.exe ( 4.9.10586.0 ), 0x60100 ( disabled : updated )
16:08:52.0705 0x1b54  AV detected via SS2: Bitdefender Antivirus, C:\Program Files\Bitdefender\Bitdefender 2016\wscfix.exe ( 20.0.26.1443 ), 0x41000 ( enabled : updated )
16:08:52.0721 0x1b54  FW detected via SS2: Bitdefender Firewall, C:\Program Files\Bitdefender\Bitdefender 2016\wscfix.exe ( 20.0.26.1443 ), 0x41010 ( enabled )
16:08:55.0143 0x1b54  ============================================================
16:08:55.0143 0x1b54  Scan finished
16:08:55.0143 0x1b54  ============================================================
16:08:55.0159 0x0878  Detected object count: 0
16:08:55.0159 0x0878  Actual detected object count: 0
16:11:07.0684 0x1ee4  Deinitialize success

Kaum hatte ich es geschrieben, wurde ich doch wieder bei einem Klick auf einen normalen Link auf eine andere Seite weitergeleitet....damn it!

M-K-D-B · 12.06.2016, 13:03

Servus,

Schritt 1
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

start
CloseProcesses:
HKLM-x32\...\Run: [] => [X]
Hosts: 127.0.0.1 clients2.google.com 
S2 AdBlockerService; "C:\Program Files (x86)\AdBlocker\Service.WinServiceHost.exe" [X]
U2 LavasoftTcpService; C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe [X]
Task: {0DF17164-6E75-4C74-86AB-5EA7988A1FAA} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Keine Datei <==== ACHTUNG
Task: {219292A0-E379-4E1E-8BE8-55DC79AEAD1D} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Keine Datei <==== ACHTUNG
Task: {23969FDE-1588-404A-AE41-51F3760E9905} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Keine Datei <==== ACHTUNG
Task: {31988C96-2A9C-4316-95FB-4484ED042B0A} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Keine Datei <==== ACHTUNG
Task: {552ED0A1-D4A0-49D7-A22D-6392EF807322} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Keine Datei <==== ACHTUNG
Task: {84843A29-6A20-4951-921F-85A1AD08A7B6} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> Keine Datei <==== ACHTUNG
Task: {A615A25C-5CCE-46F5-A76F-7CE29AD6DB80} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Keine Datei <==== ACHTUNG
Task: {CA7D06D2-26FD-4CB1-A507-907D493876B0} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Keine Datei <==== ACHTUNG
Task: {CE810D14-84E3-4AF4-8AF9-B97792B13978} - System32\Tasks\Microsoft\Windows\Media Center\VideoFetcher => C:\ProgramData\VideoFetcher\VideoFetcher.exe [2016-05-25] () <==== ACHTUNG
C:\ProgramData\VideoFetcher
Task: {CF83D749-069F-4351-A617-3A2796FD7C71} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Keine Datei <==== ACHTUNG
Task: {D8AE62FC-6424-44AF-B768-0A1CB9F27F6D} - System32\Tasks\bfb7fa6bca096f3265eaf861e87a9130 => powershell.exe -NoProfile -NoLogo -NonInteractive -ExecutionPolicy Bypass -File C:\WINDOWS\bfb7fa6bca096f3265eaf861e87a9130.ps1
C:\WINDOWS\bfb7fa6bca096f3265eaf861e87a9130.ps1
Task: {E3201634-DB57-4D3E-A28B-A501CC9C0168} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Keine Datei <==== ACHTUNG
Task: {FB5DD166-45D2-4E6D-B259-56E52A17C6CA} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Keine Datei <==== ACHTUNG
IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com
C:\WINDOWS\system32\Drivers\etc\hosts
Hosts: 
RemoveProxy:
CMD: ipconfig /flushdns
CMD: netsh winsock reset
Unlock: C:\FRST
EmptyTemp:
end

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Schritt 2
Lade dir die passende Version von SystemLook vom folgenden Spiegel herunter und speichere das Tool auf dem Desktop:
SystemLook (32 bit) | SystemLook (64 bit)

Doppelklicke auf die SystemLook.exe, um das Tool zu starten.
Kopiere den Inhalt der folgenden Codebox in das Textfeld des Tools:
Code:
ATTFilter
```
:regfind
VideoFetcher
Web Companion
webcompanion
StarkIndustry
         
```
Klicke nun auf den Button Look, um den Scan zu starten.
Der Suchlauf kann einige Zeit dauern.
Wenn der Suchlauf beendet ist, wird sich dein Editor mit den Ergebnissen öffnen, poste diese in deinen Thread.
Die Ergebnisse werden auch auf dem Desktop als SystemLook.txt gespeichert.

Schritt 3

Starte die FRST.exe erneut. Setze einen Haken vor Addition.txt und drücke auf Scan.
FRST erstellt wieder zwei Logdateien (FRST.txt und Addition.txt).
Poste mir beide Logdateien mit deiner nächsten Antwort.

Schritt 4

Deaktiviere dein Anti-Viren-Programm.
Gehe zum Ordner C:\FRST\Quarantine.
Rechtsklicke auf den Ordner Quarantine und wähle > Senden an > Zip-komprimierter Ordner.
Es wird eine zip-Datei mit dem Namen Quarantine.zip im Ordner FRST erstellt.
Lade die Quarantine.zip im Upload-Channel hoch.
Klicke dazu auf Durchsuchen, navigiere zu der zip-Datei ( C:\FRST\Quarantine.zip ) und klicke auf Öffnen.
Klicke abschließend auf Hochladen.
Vielen Dank für deine Hilfe.
Aktiviere dein Anti-Viren-Programm wieder.

Bitte poste mit deiner nächsten Antwort

die Logdatei des FRST-Fix,
die Logdatei von SystemLook,
die beiden neuen Logdateien von FRST,
eine Rückmeldung bezüglich des Uploads.

MauD85 · 13.06.2016, 12:06

Servus, und los geht es:

Fixlog.txt:

Code:

ATTFilter

Entferungsergebnis von Farbar Recovery Scan Tool (x64) Version:12-06-2016 01
durchgeführt von Mandy85 (2016-06-13 12:47:38) Run:1
Gestartet von C:\Users\Mandy85\Desktop
Geladene Profile: Mandy85 (Verfügbare Profile: Mandy85)
Start-Modus: Normal
==============================================

fixlist Inhalt:
*****************
start
CloseProcesses:
HKLM-x32\...\Run: [] => [X]
Hosts: 127.0.0.1 clients2.google.com 
S2 AdBlockerService; "C:\Program Files (x86)\AdBlocker\Service.WinServiceHost.exe" [X]
U2 LavasoftTcpService; C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe [X]
Task: {0DF17164-6E75-4C74-86AB-5EA7988A1FAA} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Keine Datei <==== ACHTUNG
Task: {219292A0-E379-4E1E-8BE8-55DC79AEAD1D} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Keine Datei <==== ACHTUNG
Task: {23969FDE-1588-404A-AE41-51F3760E9905} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Keine Datei <==== ACHTUNG
Task: {31988C96-2A9C-4316-95FB-4484ED042B0A} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Keine Datei <==== ACHTUNG
Task: {552ED0A1-D4A0-49D7-A22D-6392EF807322} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Keine Datei <==== ACHTUNG
Task: {84843A29-6A20-4951-921F-85A1AD08A7B6} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> Keine Datei <==== ACHTUNG
Task: {A615A25C-5CCE-46F5-A76F-7CE29AD6DB80} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Keine Datei <==== ACHTUNG
Task: {CA7D06D2-26FD-4CB1-A507-907D493876B0} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Keine Datei <==== ACHTUNG
Task: {CE810D14-84E3-4AF4-8AF9-B97792B13978} - System32\Tasks\Microsoft\Windows\Media Center\VideoFetcher => C:\ProgramData\VideoFetcher\VideoFetcher.exe [2016-05-25] () <==== ACHTUNG
C:\ProgramData\VideoFetcher
Task: {CF83D749-069F-4351-A617-3A2796FD7C71} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Keine Datei <==== ACHTUNG
Task: {D8AE62FC-6424-44AF-B768-0A1CB9F27F6D} - System32\Tasks\bfb7fa6bca096f3265eaf861e87a9130 => powershell.exe -NoProfile -NoLogo -NonInteractive -ExecutionPolicy Bypass -File C:\WINDOWS\bfb7fa6bca096f3265eaf861e87a9130.ps1
C:\WINDOWS\bfb7fa6bca096f3265eaf861e87a9130.ps1
Task: {E3201634-DB57-4D3E-A28B-A501CC9C0168} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Keine Datei <==== ACHTUNG
Task: {FB5DD166-45D2-4E6D-B259-56E52A17C6CA} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Keine Datei <==== ACHTUNG
IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com
C:\WINDOWS\system32\Drivers\etc\hosts
Hosts: 
RemoveProxy:
CMD: ipconfig /flushdns
CMD: netsh winsock reset
Unlock: C:\FRST
EmptyTemp:
end
         
*****************

Prozess erfolgreich geschlossen.

Und Systemlook.txt:

Code:

ATTFilter

SystemLook 30.07.11 by jpshortstuff
Log created at 12:48 on 13/06/2016 by Mandy85
Administrator - Elevation successful

========== regfind ==========

Searching for "VideoFetcher"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CE810D14-84E3-4AF4-8AF9-B97792B13978}]
"Path"="\Microsoft\Windows\Media Center\VideoFetcher"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CE810D14-84E3-4AF4-8AF9-B97792B13978}]
"URI"="\Microsoft\Windows\Media Center\VideoFetcher"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\VideoFetcher]
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\VideoFetcher_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\VideoFetcher_RASMANCS]

Searching for "Web Companion"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{aff566ab-c960-452f-9b59-77f0981ce4d7}]
"DisplayName"="Web Companion"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{aff566ab-c960-452f-9b59-77f0981ce4d7}]
"DisplayIcon"="C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanionIcon.ico"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{aff566ab-c960-452f-9b59-77f0981ce4d7}]
"UninstallString"="C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanionInstaller.exe --uninstall"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\LavasoftTcpService]
"Description"="Lavasoft service for supporting the Web Companion family of applications"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\LavasoftTcpService]
"ImagePath"="C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LavasoftTcpService]
"Description"="Lavasoft service for supporting the Web Companion family of applications"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LavasoftTcpService]
"ImagePath"="C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe"

Searching for "webcompanion"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications\WebCompanion.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{aff566ab-c960-452f-9b59-77f0981ce4d7}]
"DisplayIcon"="C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanionIcon.ico"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{aff566ab-c960-452f-9b59-77f0981ce4d7}]
"UninstallString"="C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanionInstaller.exe --uninstall"
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com]

Searching for "StarkIndustry"
[HKEY_CURRENT_USER\SOFTWARE\StarkIndustry]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\650F32AB9A493B5498422EF35D41C854]
"0964FD3B82A837141BDCE75F4F3CB069"="01:\Software\StarkIndustry\AdBlocker\installed"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F75D64D236F9DE44C8D0A96B055AD732]
"0964FD3B82A837141BDCE75F4F3CB069"="02:\Software\StarkIndustry\AdBlocker\Active"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\0964FD3B82A837141BDCE75F4F3CB069\InstallProperties]
"Publisher"="StarkIndustry"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{3ad3263c-cc1b-432e-bf08-9059586c7d7a}]
"Publisher"="StarkIndustry"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B3DF4690-8A28-4173-B1CD-7EF5F4C30B96}]
"Publisher"="StarkIndustry"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\StarkIndustry]
[HKEY_USERS\S-1-5-21-2819549147-2898331595-3477625086-1001\SOFTWARE\StarkIndustry]

Searching for "         "
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Plugin\Microsoft.PowerShell]
"ConfigXML"="             <PlugInConfiguration xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Name="microsoft.powershell" Filename="%windir%\system32\pwrshplugin.dll" SDKVersion="2" XmlRenderingType="text" Enabled="true" >                 <InitializationParameters>                     <Param Name="PSVersion" Value="5.0"/>                 </InitializationParameters>                 <Resources>                     <Resource ResourceUri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell" SupportsOptions="true" ExactMatch="true">                         <Security xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Uri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell" ExactMatch="true" Sddl="O:NSG:BAD:P(A;;GA;;;BA)(A;;GA;;;IU)(A;;GA;;;RM)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;;;WD)"/>                         <Capability Type="Shell"/>               
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Plugin\Microsoft.PowerShell.Workflow]
"ConfigXML"="             <PlugInConfiguration xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Name="microsoft.powershell.workflow" Filename="%windir%\system32\pwrshplugin.dll" SDKVersion="2" XmlRenderingType="text" UseSharedProcess="true" ProcessIdleTimeoutSec="1209600" RunAsUser="" RunAsPassword="" AutoRestart="false"     Enabled="true" >                 <InitializationParameters>                     <Param Name="PSVersion" Value="5.0"/>                     <Param Name="AssemblyName" Value="Microsoft.PowerShell.Workflow.ServiceCore, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL"/>                     <Param Name="PSSessionConfigurationTypeName" Value="Microsoft.PowerShell.Workflow.PSWorkflowSessionConfiguration"/>                     <Param Name="SessionConfigurationData"                          Value="                       
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Plugin\Microsoft.PowerShell32]
"ConfigXML"="<PlugInConfiguration xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Name="microsoft.powershell32" Filename="%windir%\system32\pwrshplugin.dll" SDKVersion="2" XmlRenderingType="text" Architecture="32" Enabled="true" >                         <InitializationParameters>                             <Param Name="PSVersion" Value="5.0"/>                         </InitializationParameters>                         <Resources>                             <Resource ResourceUri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell32" SupportsOptions="true" ExactMatch="true">                                 <Security xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Uri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell32" ExactMatch="true" Sddl="O:NSG:BAD:P(A;;GA;;;BA)(A;;GA;;;IU)(A;;GA;;;RM)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;;;WD)"/>     

-= EOF =-

Hier FRST.txt:

Code:

ATTFilter

Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:12-06-2016 01
durchgeführt von Mandy85 (Administrator) auf MANDY (13-06-2016 12:52:26)
Gestartet von C:\Users\Mandy85\Desktop
Geladene Profile: Mandy85 (Verfügbare Profile: Mandy85)
Platform: Windows 10 Home Version 1511 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2016\vsserv.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2016\updatesrv.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2016\bdagent.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe


==================== Registry (Nicht auf der Ausnahmeliste) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13538376 2013-05-13] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1307720 2013-04-24] (Realtek Semiconductor)
HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation)
HKLM\...\Run: [FileOpenBroker] => C:\Program Files\FileOpen\Services\FileOpenBroker64.exe [1589104 2013-03-26] (FileOpen Systems Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3016944 2013-04-11] (Synaptics Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176952 2016-06-01] (Apple Inc.)
HKLM-x32\...\Run: [FreePDF Assistant] => C:\Program Files (x86)\FreePDF_XP\fpassist.exe [374784 2014-01-09] (shbox.de)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [217632 2015-07-13] (Geek Software GmbH)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [759696 2015-12-23] (Cisco Systems, Inc.)
HKU\S-1-5-21-2819549147-2898331595-3477625086-1001\...\Run: [HP ENVY 4500 series (NET)] => C:\Program Files\HP\HP ENVY 4500 series\Bin\ScanToPCActivationApp.exe [3487240 2014-03-06] (Hewlett-Packard Co.)
HKU\S-1-5-21-2819549147-2898331595-3477625086-1001\...\Run: [Dropbox Update] => C:\Users\Mandy85\AppData\Local\Dropbox\Update\DropboxUpdate.exe [143144 2016-05-07] (Dropbox, Inc.)
HKU\S-1-5-21-2819549147-2898331595-3477625086-1001\...\MountPoints2: {7dbe2de1-c2f3-11e3-be7c-089e01e6ef9a} - "D:\WD SmartWare.exe" autoplay=true
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mandy85\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mandy85\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mandy85\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mandy85\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mandy85\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mandy85\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mandy85\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2014-05-21]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Hosts: 127.0.0.1 clients2.google.com 
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{cd1ff5b1-c692-4e4d-aee3-93493828d56c}: [DhcpNameServer] 192.168.178.1
ManualProxies: 

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-2819549147-2898331595-3477625086-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2016-05-27] (Microsoft Corporation)
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\IEPlugIn.dll [2013-02-28] (Qualcomm Atheros Commnucations)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2016-05-17] (Microsoft Corporation)
BHO: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll [2014-11-20] (DVDVideoSoft Ltd.)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2016-05-27] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2016-05-17] (Microsoft Corporation)
DPF: HKLM-x32 {538793D5-659C-4639-A56C-A179AD87ED44} hxxps://vpn.gwdg.de/CACHE/stc/6/binaries/vpnweb.cab
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2016-05-17] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2016-02-01] (Skype Technologies)

FireFox:
========
FF ProfilePath: C:\Users\Mandy85\AppData\Roaming\Mozilla\Firefox\Profiles\4rjilx6g.default-1465565963730
FF Homepage: hxxp://www.google.de/
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_21_0_0_242.dll [2016-05-14] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_242.dll [2016-05-14] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-12-18] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.20 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-03-20] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-03-20] (Intel Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-11-18] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-05-27] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-11-18] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2016-05-27] (Adobe Systems Inc.)
FF Extension: Ad-Aware Ad Block - C:\Users\Mandy85\AppData\Roaming\Mozilla\Firefox\Profiles\4rjilx6g.default-1465565963730\Extensions\AdBlockerLavaSoftFF@lavasoft.com.xpi [2016-06-10]
FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2016\bdtbext
FF Extension: Bitdefender Antispam Toolbar - C:\Program Files\Bitdefender\Bitdefender 2016\bdtbext [2016-05-12] [ist nicht signiert]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => nicht gefunden
FF HKLM-x32\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2016\bdtbext

Chrome: 
=======
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx

==================== Dienste (Nicht auf der Ausnahmeliste) ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
S2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [2615368 2013-02-27] (Acer Incorporated)
S2 DigitalWave.Update.Service; C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe [388968 2016-03-23] (Digital Wave Ltd.)
S3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [662088 2013-03-15] (Acer Incorporated)
S2 FileOpenManager; C:\Program Files\FileOpen\Services\FileOpenManager64.exe [337264 2013-03-19] (FileOpen Systems Inc.)
S2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [370064 2015-09-30] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel(R) Corporation) [Datei ist nicht signiert]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel(R) Corporation)
S2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-03-20] (Intel Corporation)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-03-20] (Intel Corporation)
S2 LMSvc; C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe [431656 2013-04-26] (Acer Incorporate)
S2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [Datei ist nicht signiert]
S2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [Datei ist nicht signiert]
S2 ProductAgentService; C:\Program Files\Bitdefender Agent\ProductAgentService.exe [947640 2016-03-30] (Bitdefender)
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender 2016\updatesrv.exe [156016 2016-04-25] (Bitdefender)
R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender 2016\vsserv.exe [1693104 2016-05-11] (Bitdefender)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
S2 AdBlockerService; "C:\Program Files (x86)\AdBlocker\Service.WinServiceHost.exe" [X]
U2 LavasoftTcpService; C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe [X]

===================== Treiber (Nicht auf der Ausnahmeliste) ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [1623536 2016-03-18] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [842152 2016-03-18] (BitDefender)
S0 bdelam; C:\Windows\System32\drivers\bdelam.sys [23568 2013-09-08] (Bitdefender)
R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [127312 2016-02-22] (BitDefender LLC)
R1 BDVEDISK; C:\Windows\system32\DRIVERS\bdvedisk.sys [87912 2015-12-04] (BitDefender)
R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [182936 2015-12-16] (BitDefender LLC)
S3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [46960 2016-06-10] ()
R0 ignis; C:\Windows\system32\DRIVERS\ignis.sys [298736 2016-03-03] (Bitdefender)
R3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21360 2013-01-10] (Acer Incorporated)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-06-10] (Malwarebytes)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-12-19] (Intel Corporation)
S3 QRDCIO; C:\Windows\System32\drivers\QRDCIO.sys [9728 2009-10-20] (QUANTA)
R3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [15704 2013-01-10] (Acer Incorporated)
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [751632 2015-05-14] (Realsil Semiconductor Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [31984 2013-04-11] (Synaptics Incorporated)
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [511320 2016-02-22] (BitDefender S.R.L.)
S3 vpnva; C:\Windows\System32\drivers\vpnva64-6.sys [52592 2014-07-21] (Cisco Systems, Inc.)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-06-13 12:52 - 2016-06-13 12:53 - 00015724 _____ C:\Users\Mandy85\Desktop\FRST.txt
2016-06-13 12:48 - 2016-06-13 12:51 - 00014568 _____ C:\Users\Mandy85\Desktop\SystemLook.txt
2016-06-13 12:48 - 2016-06-13 12:48 - 00165376 _____ C:\Users\Mandy85\Desktop\SystemLook_x64.exe
2016-06-13 12:47 - 2016-06-13 12:47 - 00002910 _____ C:\Users\Mandy85\Desktop\Fixlog.txt
2016-06-13 12:47 - 2016-06-13 12:47 - 00002417 _____ C:\Users\Mandy85\Desktop\Fixlist.txt
2016-06-13 12:47 - 2016-06-13 12:47 - 00000000 ____D C:\Users\Mandy85\Desktop\FRST-OlderVersion
2016-06-11 16:06 - 2016-06-11 16:11 - 00263128 _____ C:\TDSSKiller.3.1.0.9_11.06.2016_16.06.45_log.txt
2016-06-11 16:05 - 2016-06-11 16:06 - 04727984 _____ (Kaspersky Lab ZAO) C:\Users\Mandy85\Desktop\tdsskiller.exe
2016-06-11 15:59 - 2016-06-13 12:47 - 02385408 _____ (Farbar) C:\Users\Mandy85\Desktop\FRST64.exe
2016-06-11 15:59 - 2016-06-13 12:47 - 00000000 ____D C:\FRST
2016-06-10 20:26 - 2016-06-10 20:26 - 00046960 _____ C:\WINDOWS\system32\Drivers\hitmanpro37.sys
2016-06-10 17:09 - 2016-06-10 19:07 - 00000000 ____D C:\Program Files\Reason
2016-06-10 15:28 - 2016-06-10 15:28 - 00000578 _____ C:\WINDOWS\system32\.crusader
2016-06-10 15:22 - 2016-06-10 15:22 - 00000385 _____ C:\Users\Mandy85\AppData\Roaminguser_gensett.xml
2016-06-10 15:17 - 2016-06-11 11:01 - 00004718 _____ C:\bdlog.txt
2016-06-10 15:16 - 2016-06-10 15:16 - 00000000 ____D C:\Users\Mandy85\AppData\Temp
2016-06-10 15:06 - 2016-06-10 15:06 - 00000385 _____ C:\WINDOWS\system32\user_gensett.xml
2016-06-10 15:04 - 2016-06-10 15:04 - 00002278 _____ C:\Users\Public\Desktop\Bitdefender 2016.lnk
2016-06-10 15:04 - 2016-06-10 15:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitdefender 2016
2016-06-10 15:03 - 2016-06-10 15:03 - 00000000 ____D C:\ProgramData\BDLogging
2016-06-10 15:03 - 2013-09-08 20:04 - 00023568 _____ (Bitdefender) C:\WINDOWS\system32\Drivers\bdelam.sys
2016-06-10 15:03 - 2007-04-11 11:11 - 00511328 _____ (Microsoft Corporation) C:\WINDOWS\capicom.dll
2016-06-10 15:02 - 2016-06-10 15:11 - 00000000 ____D C:\Users\Mandy85\AppData\Roaming\Bitdefender
2016-06-10 15:02 - 2016-03-18 06:58 - 00842152 _____ (BitDefender) C:\WINDOWS\system32\Drivers\avckf.sys
2016-06-10 15:02 - 2016-03-18 06:56 - 01623536 _____ (BitDefender) C:\WINDOWS\system32\Drivers\avc3.sys
2016-06-10 15:02 - 2016-03-03 01:36 - 00298736 _____ (Bitdefender) C:\WINDOWS\system32\Drivers\ignis.sys
2016-06-10 15:02 - 2015-12-04 19:27 - 00087912 _____ (BitDefender) C:\WINDOWS\system32\Drivers\bdvedisk.sys
2016-06-10 14:57 - 2016-06-10 15:12 - 00000000 ____D C:\ProgramData\Bitdefender
2016-06-10 14:57 - 2016-06-10 14:57 - 00000000 ____D C:\Users\Mandy85\AppData\Roaming\QuickScan
2016-06-10 14:57 - 2016-06-10 14:57 - 00000000 ____D C:\Program Files\Common Files\Bitdefender
2016-06-10 14:57 - 2016-06-10 14:57 - 00000000 ____D C:\Program Files\Bitdefender
2016-06-10 14:57 - 2016-02-22 15:13 - 00511320 _____ (BitDefender S.R.L.) C:\WINDOWS\system32\Drivers\trufos.sys
2016-06-10 14:57 - 2015-12-16 05:53 - 00182936 _____ (BitDefender LLC) C:\WINDOWS\system32\Drivers\gzflt.sys
2016-06-10 14:49 - 2016-06-10 14:49 - 00019992 _____ C:\Users\Mandy85\Desktop\bookmarks-2016-06-10.json
2016-06-10 14:26 - 2016-06-10 20:27 - 00000000 ____D C:\Program Files\HitmanPro
2016-06-10 14:25 - 2016-06-10 15:28 - 00000000 ____D C:\ProgramData\HitmanPro
2016-06-10 13:06 - 2016-06-10 20:25 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-06-10 13:05 - 2016-06-10 13:05 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-06-10 12:48 - 2016-06-10 12:57 - 00000000 ____D C:\AdwCleaner
2016-06-10 12:43 - 2016-06-10 12:43 - 00000000 ____D C:\ProgramData\Simply Super Software
2016-06-10 12:36 - 2016-06-10 12:36 - 00003794 _____ C:\WINDOWS\System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864
2016-06-10 12:34 - 2016-06-13 12:45 - 00000000 ____D C:\Program Files\Bitdefender Agent
2016-06-10 12:34 - 2016-06-10 12:34 - 00000000 ____D C:\ProgramData\Bitdefender Agent
2016-06-10 12:13 - 2016-04-22 09:57 - 00453288 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2016-06-10 12:05 - 2016-06-10 12:05 - 00000000 ____D C:\OETemp
2016-06-10 12:03 - 2016-06-10 12:21 - 00000000 ____D C:\WINDOWS\system32\SSL
2016-06-10 12:03 - 2016-06-10 12:09 - 00031443 _____ C:\WINDOWS\bfb7fa6bca096f3265eaf861e87a9130.ps1
2016-06-10 12:03 - 2016-06-10 12:09 - 00003718 _____ C:\WINDOWS\System32\Tasks\bfb7fa6bca096f3265eaf861e87a9130
2016-06-10 12:02 - 2016-06-10 12:02 - 00001542 ____S C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Моzilla Firefoх.lnk
2016-06-10 12:02 - 2016-06-10 12:02 - 00000000 ____D C:\ProgramData\VideoFetcher
2016-06-10 10:47 - 2016-06-10 11:52 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-06-07 15:34 - 2016-06-07 15:34 - 00000000 ____D C:\Users\Mandy85\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-06-06 13:52 - 2016-06-06 13:52 - 01661549 _____ C:\Users\Mandy85\Desktop\BKK Bonusprogramm Hrube.pdf
2016-06-06 11:00 - 2016-06-06 11:00 - 00001826 _____ C:\Users\Public\Desktop\iTunes.lnk
2016-06-06 11:00 - 2016-06-06 11:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2016-06-06 10:59 - 2016-06-06 11:00 - 00000000 ____D C:\Program Files\iTunes
2016-06-06 10:59 - 2016-06-06 10:59 - 00000000 ____D C:\Program Files\iPod
2016-06-06 10:59 - 2016-06-06 10:59 - 00000000 ____D C:\Program Files (x86)\iTunes
2016-05-29 10:49 - 2016-05-29 11:03 - 00000000 ____D C:\Users\Mandy85\Desktop\Bewerbung
2016-05-28 15:32 - 2016-05-28 15:32 - 00000000 ____D C:\$SysReset
2016-05-17 10:33 - 2016-05-17 10:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-06-13 12:47 - 2014-04-13 00:05 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-06-13 12:31 - 2016-05-07 11:26 - 00001244 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-2819549147-2898331595-3477625086-1001UA.job
2016-06-13 11:31 - 2016-05-07 11:26 - 00001192 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-2819549147-2898331595-3477625086-1001Core.job
2016-06-13 10:48 - 2014-08-31 14:59 - 00004156 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{E328451F-3FA5-4D5A-A3C6-266B1F172D19}
2016-06-13 10:46 - 2016-03-13 11:48 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2016-06-13 10:46 - 2014-08-29 13:23 - 00000000 __SHD C:\Users\Mandy85\IntelGraphicsProfiles
2016-06-12 20:59 - 2016-03-13 12:40 - 00000000 ____D C:\Users\Mandy85\AppData\Local\Deployment
2016-06-12 20:58 - 2014-04-08 18:50 - 00000000 ____D C:\Users\Mandy85\AppData\Local\Packages
2016-06-12 12:06 - 2015-09-12 09:15 - 00000098 _____ C:\Users\Mandy85\Desktop\to do.txt
2016-06-12 11:48 - 2016-05-07 17:48 - 00000000 ____D C:\Users\Mandy85\Desktop\Schuldrecht
2016-06-11 15:55 - 2015-10-30 09:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-06-11 15:55 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-06-11 11:01 - 2016-03-13 12:18 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-06-11 11:01 - 2015-10-30 08:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2016-06-11 10:57 - 2015-10-30 09:21 - 00000000 ____D C:\WINDOWS\INF
2016-06-10 20:17 - 2014-04-10 17:03 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2016-06-10 20:13 - 2012-07-26 07:26 - 00000234 _____ C:\WINDOWS\win.ini
2016-06-10 19:27 - 2015-08-30 11:39 - 00000000 ____D C:\ProgramData\PDF Architect 3
2016-06-10 19:26 - 2015-12-27 13:40 - 00000000 ____D C:\ProgramData\PDF Architect 4
2016-06-10 18:15 - 2015-10-30 08:28 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2016-06-10 18:10 - 2014-04-08 19:15 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-06-10 16:47 - 2014-04-08 18:50 - 00000000 ____D C:\Users\Mandy85\AppData\Local\VirtualStore
2016-06-10 16:19 - 2014-08-08 10:13 - 00000000 ____D C:\ProgramData\Package Cache
2016-06-10 15:56 - 2014-05-21 10:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2016-06-10 15:56 - 2014-05-21 10:58 - 00000000 ____D C:\Program Files (x86)\HP
2016-06-10 13:47 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\Provisioning
2016-06-10 12:58 - 2015-08-30 11:37 - 00000000 ____D C:\Users\Mandy85\AppData\Roaming\Lavasoft
2016-06-10 12:58 - 2015-08-30 11:37 - 00000000 ____D C:\Program Files (x86)\Lavasoft
2016-06-10 12:57 - 2015-08-30 11:36 - 00000000 ____D C:\ProgramData\Lavasoft
2016-06-10 12:23 - 2014-04-08 19:16 - 00000000 ____D C:\ProgramData\Avira
2016-06-10 12:08 - 2014-04-08 19:16 - 00000000 ____D C:\Program Files (x86)\Avira
2016-06-10 12:07 - 2014-04-08 19:20 - 00000000 ____D C:\Users\Mandy85\AppData\Roaming\Avira
2016-06-10 11:53 - 2012-03-11 20:27 - 00000000 ___RD C:\Users\Mandy85\Desktop\Diverses
2016-06-10 11:52 - 2014-04-10 14:29 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-06-09 17:35 - 2016-05-02 10:07 - 00000783 _____ C:\Users\Mandy85\Desktop\to do allgemein.txt
2016-06-09 17:04 - 2015-10-30 20:35 - 00776766 _____ C:\WINDOWS\system32\perfh007.dat
2016-06-09 17:04 - 2015-10-30 20:35 - 00155544 _____ C:\WINDOWS\system32\perfc007.dat
2016-06-09 17:04 - 2015-10-20 22:15 - 01799166 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-06-07 15:34 - 2014-04-13 17:27 - 00000000 ____D C:\Users\Mandy85\AppData\Roaming\Dropbox
2016-06-06 10:59 - 2014-04-13 17:20 - 00000000 ____D C:\Program Files\Common Files\Apple
2016-06-05 17:54 - 2014-06-29 16:40 - 00000000 ____D C:\Users\Mandy85\Desktop\Musik
2016-06-05 10:10 - 2016-03-28 10:29 - 00000000 ____D C:\Users\Mandy85\AppData\Roaming\DVDVideoSoft
2016-06-03 15:41 - 2014-04-08 19:16 - 00000000 ____D C:\Users\Mandy85\AppData\Roaming\Skype
2016-06-03 15:37 - 2014-04-08 19:15 - 00000000 ____D C:\ProgramData\Skype
2016-06-02 17:41 - 2014-08-31 18:12 - 00000000 ____D C:\Users\Mandy85\AppData\Local\PokerStars.EU
2016-06-02 17:41 - 2014-08-31 18:12 - 00000000 ____D C:\Program Files (x86)\PokerStars.EU
2016-06-02 13:44 - 2015-11-22 15:32 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-05-28 15:18 - 2016-02-01 12:46 - 00000000 ____D C:\Users\Mandy85\AppData\Local\MicrosoftEdge
2016-05-19 11:56 - 2015-10-20 22:34 - 00002432 _____ C:\Users\Mandy85\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-05-19 11:56 - 2015-10-20 22:34 - 00000000 ___RD C:\Users\Mandy85\OneDrive
2016-05-17 18:57 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\rescache
2016-05-17 10:33 - 2014-04-10 14:09 - 00000000 ____D C:\ProgramData\Cisco
2016-05-17 10:33 - 2014-04-10 14:09 - 00000000 ____D C:\Program Files (x86)\Cisco
2016-05-14 16:53 - 2016-03-13 11:53 - 00000000 ____D C:\Users\Mandy85
2016-05-14 13:51 - 2015-10-30 09:11 - 00000000 ____D C:\WINDOWS\CbsTemp

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2014-07-10 11:52 - 2014-07-10 11:52 - 0000057 _____ () C:\ProgramData\Ament.ini
2013-10-05 17:45 - 2013-10-05 17:45 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2014-05-21 10:57 - 2016-06-10 18:13 - 0002894 _____ () C:\ProgramData\hpzinstall.log
2015-08-15 11:51 - 2015-08-25 21:00 - 0000528 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.64.bc

Einige Dateien in TEMP:
====================
C:\Users\Mandy85\AppData\Local\Temp\adblocker4.exe
C:\Users\Mandy85\AppData\Local\Temp\avgnt.exe
C:\Users\Mandy85\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpz7p5tx.dll
C:\Users\Mandy85\AppData\Local\Temp\HitmanPro.exe
C:\Users\Mandy85\AppData\Local\Temp\libeay32.dll
C:\Users\Mandy85\AppData\Local\Temp\msvcr120.dll
C:\Users\Mandy85\AppData\Local\Temp\sparpilot_installmonster.exe
C:\Users\Mandy85\AppData\Local\Temp\sqlite3.dll
C:\Users\Mandy85\AppData\Local\Temp\startipm.bat.exe
C:\Users\Mandy85\AppData\Local\Temp\VideoBox.exe


==================== Bamital & volsnap =================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert


LastRegBack: 2016-06-06 10:49

==================== Ende von FRST.txt ============================

Und Addition.txt:

Code:

ATTFilter

Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:12-06-2016 01
durchgeführt von Mandy85 (2016-06-13 12:53:54)
Gestartet von C:\Users\Mandy85\Desktop
Windows 10 Home Version 1511 (X64) (2016-03-13 10:24:46)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-2819549147-2898331595-3477625086-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2819549147-2898331595-3477625086-503 - Limited - Disabled)
Gast (S-1-5-21-2819549147-2898331595-3477625086-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2819549147-2898331595-3477625086-1005 - Limited - Enabled)
Mandy85 (S-1-5-21-2819549147-2898331595-3477625086-1001 - Administrator - Enabled) => C:\Users\Mandy85

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Bitdefender Antivirus (Enabled - Up to date) {3FB17364-4FCC-0FA7-6BBF-973897395371}
AS: Bitdefender Spyware-Schutz (Enabled - Up to date) {84D09280-69F6-0029-510F-AC4AECBE19CC}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Bitdefender Firewall (Enabled) {078AF241-05A3-0EFF-40E0-3E0D69EA140A}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

4500_Help (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Acer Launch Manager (HKLM\...\{C18D55BD-1EC6-466D-B763-8EEDDDA9100E}) (Version: 8.00.3004 - Acer Incorporated)
Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.3013 - Acer Incorporated)
Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.3016 - Acer Incorporated)
Acer USB Charge Manager (HKLM\...\{07E867C5-0C48-40FF-A013-DDAF4565AD47}) (Version: 2.00.3004 - Acer Incorporated)
AcerCloud Docs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.01.2008 - Acer Incorporated)
AcerCloud Portal (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 2.02.2022 - Acer Incorporated)
AdBlocker (HKLM-x32\...\{3ad3263c-cc1b-432e-bf08-9059586c7d7a}) (Version: 4.1.1.0 - StarkIndustry) <==== ACHTUNG
AdBlocker (x32 Version: 4.1.1.0 - StarkIndustry) Hidden <==== ACHTUNG
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.016.20045 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.242 - Adobe Systems Incorporated)
AFPL Ghostscript 8.54 (HKLM-x32\...\AFPL Ghostscript 8.54) (Version:  - )
AFPL Ghostscript Fonts (HKLM-x32\...\AFPL Ghostscript Fonts) (Version:  - )
Apple Application Support (32-Bit) (HKLM-x32\...\{26356515-5821-40FA-9C3D-9785052A1062}) (Version: 4.3.1 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{C2651553-6CA3-4822-B2E6-BC4ACA6E0EA2}) (Version: 4.3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Bitdefender Agent (HKLM\...\Bitdefender Agent) (Version: 20.0.26.1436 - Bitdefender)
Bitdefender Total Security 2016 (HKLM\...\Bitdefender) (Version: 20.0.28.1478 - Bitdefender)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
bpd_scan (x32 Version: 3.00.0000 - Hewlett-Packard) Hidden
BPDSoftware (x32 Version: 140.0.001.000 - Hewlett-Packard) Hidden
BPDSoftware_Ini (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
BufferChm (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
Cisco AnyConnect Secure Mobility Client  (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.13015 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.13015 - Cisco Systems, Inc.) Hidden
clear.fi Media (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.02.2012 - Acer Incorporated)
clear.fi Photo (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 2.02.2016 - Acer Incorporated)
clear.fi SDK - Video 2 (x32 Version: 2.1.2606 - CyberLink Corp.) Hidden
clear.fi SDK- Movie 2 (x32 Version: 2.1.2606 - CyberLink Corp.) Hidden
Destinations (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
DocProc (x32 Version: 140.0.185.000 - Hewlett-Packard) Hidden
Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.8000.17 - Dolby Laboratories Inc)
Dropbox (HKU\S-1-5-21-2819549147-2898331595-3477625086-1001\...\Dropbox) (Version: 4.4.29 - Dropbox, Inc.)
ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 17.3.19290 - Landesfinanzdirektion Thüringen)
Fax (x32 Version: 140.0.307.000 - Hewlett-Packard) Hidden
FileOpen Client (x64) B928 (HKLM\...\{3ED9A79B-1419-4C5F-BA88-EFD6F180EBE5}) (Version: 3.0.95.928 - FileOpen Systems, Inc.)
FreePDF (Remove only) (HKLM-x32\...\FreePDF_XP) (Version:  - )
GPBaseService2 (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
HP ENVY 4500 series - Grundlegende Software für das Gerät (HKLM\...\{7A564D11-817E-48B1-9830-91420BF6E339}) (Version: 32.2.188.47710 - Hewlett-Packard Co.)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Officejet J4500 Series 14.0 Rel. 6 (HKLM\...\{EACF146B-01D2-4185-B773-9604A0E5902A}) (Version: 14.0 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Update (HKLM-x32\...\{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}) (Version: 5.002.006.003 - Hewlett-Packard)
HPDiagnosticCoreDll (HKLM-x32\...\{9262B08F-E183-4FED-A2BD-23FF1A84EB79}) (Version: 1.0.15.0 - Hewlett Packard)
HPProductAssistant (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.3006 - Acer Incorporated)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.0.1428 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3621 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.5.0.1066 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.63463 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.40 - Irfan Skiljan)
iTunes (HKLM\...\{9F4BF859-C3A4-4AB6-BDD1-9C5D58188598}) (Version: 12.4.1.6 - Apple Inc.)
J4500 (x32 Version: 140.0.001.000 - Hewlett-Packard) Hidden
Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.3010 - Acer Incorporated)
Microsoft IntelliPoint 8.2 (HKLM\...\Microsoft IntelliPoint 8.2) (Version: 8.20.468.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 DEU (HKLM-x32\...\{0125D081-30D0-4A97-82A8-C28D444B6256}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 DEU (HKLM\...\{C3EAE456-7E7A-451F-80EF-F34C7A13C558}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 47.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 47.0 (x86 de)) (Version: 47.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 47.0.0.5999 - Mozilla)
OCR Software by I.R.I.S. 14.0 (HKLM\...\HPOCR) (Version: 14.0 - HP)
Office Addin (HKLM-x32\...\{6D2BBE1D-E600-4695-BA37-0B0E605542CC}) (Version: 2.02.2008 - Acer)
Outils de vérification linguistique 2013 de Microsoft Office*- Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 2.2.2 - pdfforge)
PokerStars.eu (HKLM-x32\...\PokerStars.eu) (Version:  - PokerStars.eu)
ProductContext (x32 Version: 140.0.001.000 - Hewlett-Packard) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.222 - Qualcomm Atheros Communications)
Qualcomm Atheros WLAN and Bluetooth Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 11.43 - Qualcomm Atheros)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.14.327.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6909 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C9661090-C134-46E8-90B2-76D72355C2A6}) (Version: 6.2.9200.21222 - Realtek Semiconductor Corp.)
RedMon - Redirection Port Monitor (HKLM\...\Redirection Port Monitor) (Version: 1.90 - Ghostgum Software Pty Ltd)
Scan (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version:  - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version:  - Microsoft) Hidden
Skype™ 7.24 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.24.104 - Skype Technologies S.A.)
SolutionCenter (x32 Version: 140.0.299.000 - Hewlett-Packard) Hidden
Status (x32 Version: 140.0.342.000 - Hewlett-Packard) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.3.12.34 - Synaptics Incorporated)
Toolbox (x32 Version: 140.0.596.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
Update for Skype for Business 2015 (KB3039776) 64-Bit Edition (HKLM\...\{90150000-012B-0407-1000-0000000FF1CE}_Office15.PROPLUS_{5D2260D6-DB16-41DC-915B-A39BF4F66362}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB3115033) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{F258B6E3-BF41-4FEE-BE45-D7518C3B7FC1}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB3115033) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{F258B6E3-BF41-4FEE-BE45-D7518C3B7FC1}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB3115033) 64-Bit Edition (HKLM\...\{90150000-012B-0407-1000-0000000FF1CE}_Office15.PROPLUS_{F258B6E3-BF41-4FEE-BE45-D7518C3B7FC1}) (Version:  - Microsoft)
Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
Web Companion (HKLM-x32\...\{aff566ab-c960-452f-9b59-77f0981ce4d7}) (Version: 2.3.1384.2669 - Lavasoft)
WebReg (x32 Version: 140.0.297.017 - Hewlett-Packard) Hidden
Winamp (HKLM-x32\...\Winamp) (Version: 5.666  - Nullsoft, Inc)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

CustomCLSID: HKU\S-1-5-21-2819549147-2898331595-3477625086-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Mandy85\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2819549147-2898331595-3477625086-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Mandy85\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2819549147-2898331595-3477625086-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Mandy85\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2819549147-2898331595-3477625086-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mandy85\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2819549147-2898331595-3477625086-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mandy85\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2819549147-2898331595-3477625086-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mandy85\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2819549147-2898331595-3477625086-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mandy85\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2819549147-2898331595-3477625086-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mandy85\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2819549147-2898331595-3477625086-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mandy85\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2819549147-2898331595-3477625086-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mandy85\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2819549147-2898331595-3477625086-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mandy85\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2819549147-2898331595-3477625086-1001_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Mandy85\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {009C2EAD-BCCE-428B-8764-FA0FE89C67DA} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2819549147-2898331595-3477625086-1001UA => C:\Users\Mandy85\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-05-07] (Dropbox, Inc.)
Task: {0DF17164-6E75-4C74-86AB-5EA7988A1FAA} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Keine Datei <==== ACHTUNG
Task: {219292A0-E379-4E1E-8BE8-55DC79AEAD1D} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Keine Datei <==== ACHTUNG
Task: {23969FDE-1588-404A-AE41-51F3760E9905} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Keine Datei <==== ACHTUNG
Task: {28E478A1-BD8B-420D-B002-87FE4B04C11A} - System32\Tasks\Launch Manager => C:\Program Files\Acer\Acer Launch Manager\LMLauncher.exe [2013-04-26] (Acer Incorporate)
Task: {31988C96-2A9C-4316-95FB-4484ED042B0A} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Keine Datei <==== ACHTUNG
Task: {330A7D6E-B7AC-4A57-93E6-709BF7402126} - System32\Tasks\ALU => C:\Program Files (x86)\Acer\Live Updater\updater.exe [2013-03-13] ()
Task: {39F28A47-0D3E-4C86-90FD-D0EF768E8179} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {3AF54698-227D-4EE5-8D87-91D9FD5C04C3} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2819549147-2898331595-3477625086-1001Core => C:\Users\Mandy85\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-05-07] (Dropbox, Inc.)
Task: {552ED0A1-D4A0-49D7-A22D-6392EF807322} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Keine Datei <==== ACHTUNG
Task: {575145B1-F06C-44FF-9BAC-9C782313EEC1} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-05-11] (Microsoft Corporation)
Task: {6FF28BBC-80F5-420B-A3C0-B55A144BF03C} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {7738D642-2C81-4F34-9527-53B972F0554F} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-04-22] (Adobe Systems Incorporated)
Task: {84843A29-6A20-4951-921F-85A1AD08A7B6} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> Keine Datei <==== ACHTUNG
Task: {931A48DE-860F-4B3E-8BB6-97F75A48AED3} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {974AE9E6-D2CA-4431-9F86-B33D1A78F0CE} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe [2013-01-22] ()
Task: {A615A25C-5CCE-46F5-A76F-7CE29AD6DB80} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Keine Datei <==== ACHTUNG
Task: {B0C4191A-59B4-447B-8F04-69017BA89B2F} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-08-01] (Microsoft Corporation)
Task: {C00BE087-1242-4F15-9BCD-2FE67A927D22} - System32\Tasks\Dolby Selector => C:\Dolby PCEE4\pcee4.exe [2012-08-31] (Dolby Laboratories Inc.)
Task: {C4B6A259-F0AC-4A76-80FC-9278A25D8B3B} - System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 => C:\Program Files\Bitdefender Agent\WatchDog.exe [2016-03-30] (Bitdefender)
Task: {CA7D06D2-26FD-4CB1-A507-907D493876B0} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Keine Datei <==== ACHTUNG
Task: {CE810D14-84E3-4AF4-8AF9-B97792B13978} - System32\Tasks\Microsoft\Windows\Media Center\VideoFetcher => C:\ProgramData\VideoFetcher\VideoFetcher.exe [2016-05-25] () <==== ACHTUNG
Task: {CF83D749-069F-4351-A617-3A2796FD7C71} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Keine Datei <==== ACHTUNG
Task: {D8AE62FC-6424-44AF-B768-0A1CB9F27F6D} - System32\Tasks\bfb7fa6bca096f3265eaf861e87a9130 => powershell.exe -NoProfile -NoLogo -NonInteractive -ExecutionPolicy Bypass -File C:\WINDOWS\bfb7fa6bca096f3265eaf861e87a9130.ps1
Task: {DDA4AC88-DA03-44A2-9EB5-19F4B8253AEC} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\BrowserChoice\browserchoice.exe
Task: {E3201634-DB57-4D3E-A28B-A501CC9C0168} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Keine Datei <==== ACHTUNG
Task: {E7BE02EC-B677-4A4D-BBCD-6FF28000BBF1} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTray.exe [2013-03-15] (Acer Incorporated)
Task: {E7C36DA6-BA32-4825-8E33-6127E1DF742D} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {F74F3580-506E-4AD3-A7D8-6389C27C5122} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-05-14] (Adobe Systems Incorporated)
Task: {FB5DD166-45D2-4E6D-B259-56E52A17C6CA} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Keine Datei <==== ACHTUNG

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-2819549147-2898331595-3477625086-1001Core.job => C:\Users\Mandy85\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-2819549147-2898331595-3477625086-1001UA.job => C:\Users\Mandy85\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

==================== Verknüpfungen =============================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2016-06-10 15:02 - 2013-09-03 14:29 - 00101328 _____ () C:\Program Files\Bitdefender\Bitdefender 2016\bdmetrics.dll
2016-06-10 15:02 - 2016-05-09 11:29 - 01006336 _____ () C:\Program Files\Bitdefender\Bitdefender 2016\otengines_001_001\ashttpbr.mdl
2016-06-10 15:02 - 2016-05-09 11:29 - 00541952 _____ () C:\Program Files\Bitdefender\Bitdefender 2016\otengines_001_001\ashttpdsp.mdl
2016-06-10 15:02 - 2016-05-09 11:29 - 03035488 _____ () C:\Program Files\Bitdefender\Bitdefender 2016\otengines_001_001\ashttpph.mdl
2016-06-10 15:02 - 2016-05-09 11:29 - 01541440 _____ () C:\Program Files\Bitdefender\Bitdefender 2016\otengines_001_001\ashttprbl.mdl
2015-10-30 09:18 - 2015-10-30 09:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-04-13 08:21 - 2016-03-29 12:20 - 02656952 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-04-13 08:21 - 2016-03-29 12:20 - 02656952 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-05-19 11:56 - 2016-05-19 11:56 - 00959168 _____ () C:\Users\Mandy85\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\ClientTelemetry.dll
2013-10-05 18:03 - 2013-02-20 22:58 - 00111176 _____ () C:\Program Files (x86)\Acer\clear.fi plug-in\Clearfishellext_x64.dll
2016-05-11 14:22 - 2016-04-23 06:02 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-05-11 14:22 - 2016-04-23 05:58 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-05-11 14:22 - 2016-04-23 05:58 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-05-11 14:22 - 2016-04-23 06:01 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-03-13 11:35 - 2016-03-13 11:35 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-05-11 14:21 - 2016-04-23 06:25 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-03-18 22:56 - 2016-03-18 22:56 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-04-22 01:07 - 2016-04-22 01:07 - 01337144 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-12-23 15:27 - 2015-12-23 15:27 - 00063376 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)

AlternateDataStreams: C:\Users\Mandy85\Desktop\SystemLook_x64.exe:BDU [0]
AlternateDataStreams: C:\Users\Mandy85\Desktop\tdsskiller.exe:BDU [0]

==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)


==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)

IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-2819549147-2898331595-3477625086-1001\...\localhost -> localhost

==================== Hosts Inhalt: ===============================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2013-08-22 15:25 - 2016-06-13 12:45 - 00000858 ____A C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 clients2.google.com 

==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-2819549147-2898331595-3477625086-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Mandy85\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKLM\...\StartupApproved\StartupFolder: => "HP Digital Imaging Monitor.lnk"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "PDFPrint"
HKU\S-1-5-21-2819549147-2898331595-3477625086-1001\...\StartupApproved\Run: => "BrowserChoice"

==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{FE16DB55-3448-41B4-AEBB-6B0D5139FDFF}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{A10B8F0E-BC5F-4BBD-9984-DACACF091B94}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{3C82A3AA-44CF-4DB2-A42B-2F1A17F7D0CB}] => (Allow) C:\Program Files\HP\HP ENVY 4500 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{726538A5-3BCE-41FB-8E5C-F068CCDDF1CB}] => (Allow) LPort=5357
FirewallRules: [{3731ECD6-96F2-4875-8A29-A93E0777BA3D}] => (Allow) C:\Program Files\HP\HP ENVY 4500 series\Bin\DeviceSetup.exe
FirewallRules: [{834FADE1-CBBE-4F12-ABD0-D24A4C978059}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [{D0627080-2107-42E9-9D6F-A55DA805090A}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [{E77F4DCB-DEED-480D-BC55-17A4A9589883}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{C2714E79-59AF-4429-9A06-E70D9E4CFA78}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{F735367C-889F-4A83-917C-5AB8BB9C08B0}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{80F933EF-B441-42A8-BED9-370EBF11F053}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqfxt08.exe
FirewallRules: [{FDEDE01A-0AD2-4F5E-8691-688D1D5F9774}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxs08.exe
FirewallRules: [{A9247B39-67D4-4687-AEAE-59A9CB7DB090}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{BF054137-D8BB-41B1-8131-892016F8311D}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{E38BB25F-F9E1-47CE-BA4E-0C5872373956}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpzwiz01.exe
FirewallRules: [{7EAB9F98-68F5-4147-AA22-5EE8EEE010AD}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{A6E78499-1F62-40A8-9692-59B9B1FE8832}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{CA47D9D6-D151-41FB-8530-87C18646810E}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{AC72F3E7-DD52-4C40-8911-D920DE52448D}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposfx08.exe
FirewallRules: [{D5F72E62-61BC-4A22-A352-35ECCDDF440D}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxm08.exe
FirewallRules: [{133DBA7E-71BF-4714-85D9-E76B17757309}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{FFC6105F-3FDB-4041-89EE-A5D399A1FAE6}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{78BDA0A5-8379-4E3F-9DD8-4BB20F3E950A}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{60ED60ED-A553-465F-907D-4BB761AE265C}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{FCBC375E-6537-428F-981A-E8EBF8D11242}] => (Allow) C:\Users\Mandy85\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{F684E320-6333-427A-A285-09D6FAB2D2C1}] => (Allow) C:\Users\Mandy85\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{F9C587CE-B4DD-45AA-9E15-36915C96F8D9}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{0CC6346B-C836-495B-B70D-C36652E0BF04}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{ACBB40FA-0747-4562-9562-4546B7BC58B0}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{E5933716-2F7C-4D8C-A736-1BB175A9A2C9}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{7C145D6A-789F-4542-896C-1AE84640A05B}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{5D7C4460-1404-4AA0-BAAD-FF2CACEA4F14}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{605BB654-018F-4AF8-BD35-9CCBA2184B75}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{29891796-F3C2-4651-9A1C-E5318EA7F5E7}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{560DD717-0809-4E71-881F-7973A916AD96}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{147DD520-8B5B-4E0F-8139-04F38517F780}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\virtualdrive.exe
FirewallRules: [{75833E1C-313A-4269-BF0E-F6C3A39EAEA2}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\virtualdrive.exe
FirewallRules: [{32E4CE4F-1B82-42FB-8C10-BB9D269DE2E7}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\Sdd.exe
FirewallRules: [{8CF1B0BD-91BA-458C-A66F-AFF7936A1236}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\Sdd.exe
FirewallRules: [{AF748F03-5979-4B89-B0F8-1ECF60ADBBD6}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\ccd.exe
FirewallRules: [{2AC2B658-5E33-457F-A20C-58FFF42F31AB}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\ccd.exe
FirewallRules: [{9793FCFC-1FC5-492C-973E-B2AA4086167F}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\WindowsUpnp.exe
FirewallRules: [{B3A0E4D6-44A0-4934-A22A-D42119335FC7}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\WindowsUpnp.exe
FirewallRules: [{A02F5DD8-503B-4E18-BEF8-AD7AAAE7C47D}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\DMCDaemon.exe
FirewallRules: [{B8FCC90B-5CAE-49F8-A5FE-354FD3481893}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\DMCDaemon.exe
FirewallRules: [{8A287AFF-AEAF-47FB-A2D2-8F2B56ECA7A8}] => (Allow) C:\Program Files (x86)\Acer\clear.fi SDK21\Movie\PlayMovie.exe
FirewallRules: [{AA24E7A9-7EDE-46A8-A815-FAEE7AFFF659}] => (Allow) C:\Program Files (x86)\Acer\clear.fi SDK21\Video\MusicPlayer.exe
FirewallRules: [{47453C64-ED6A-40F3-BD3C-48834B70203F}] => (Allow) C:\Program Files (x86)\Acer\clear.fi SDK21\Video\VideoPlayer.exe
FirewallRules: [{3B2FBB27-4092-4B9B-94E6-0B427F493B0E}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\WindowsUpnpMV.exe
FirewallRules: [{42FF2468-0E05-4A6C-9563-FAE7E6517E35}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\WindowsUpnpMV.exe
FirewallRules: [{BCCBFC24-F941-4A26-892A-1A0D9BB81465}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\DMCDaemon.exe
FirewallRules: [{814039D2-D9A5-46DD-AEC8-E28F63B94CD8}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\DMCDaemon.exe
FirewallRules: [{8E578593-A08D-4D6B-BB46-38C977439879}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{8AA7C6A4-925A-42D4-B203-5166ACF9BD63}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{AD9751DC-1387-4474-B15E-1B944D565CB5}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{50F41FC0-DD8A-45E6-9563-62F8E297C04B}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{64465223-B060-4B3A-A4CC-2DD80071E511}] => (Allow) C:\Program Files (x86)\Nero\Nero 12\Nero BackItUp\BackItUp.exe
FirewallRules: [{F2ECEB75-552B-42E5-8E41-1064C2DFC3CC}] => (Allow) C:\Program Files (x86)\Nero\Nero 12\Nero BackItUp\BackItUp.exe
FirewallRules: [{202F81ED-B0F5-4B69-83C0-14BD04CC68CE}] => (Allow) C:\Program Files\Common Files\mcafee\platform\mcsvchost\McSvHost.exe
FirewallRules: [{59D9E35E-3977-42AC-A56E-2D01D1B78C7F}] => (Allow) C:\Program Files\Common Files\mcafee\platform\mcsvchost\McSvHost.exe
FirewallRules: [{26273E9A-A545-4382-95D9-7D34CD5B8EB6}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{43155AB8-E284-43EA-83EE-5E461A5B576C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{1AA8DED2-5885-490A-A493-F8FD7A079865}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{785E8305-1D7A-4094-A42D-5FBFD0638181}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{A24D72F6-4ED7-4DA4-8973-1BC727B37D65}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{A9060493-1071-4DF4-A653-7CAE0A456711}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{E1D6B457-BA76-44C8-9FC5-29D80E624DF4}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{B0CCC29B-00F7-439F-8FBC-579D84143473}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{55F60B9F-33DC-4A9D-BF34-E561EAB9FC36}] => (Allow) C:\Program Files\iTunes\iTunes.exe

==================== Wiederherstellungspunkte =========================

26-05-2016 12:21:15 Geplanter Prüfpunkt
02-06-2016 16:37:00 Geplanter Prüfpunkt
10-06-2016 12:02:30 AdBlocker
10-06-2016 19:40:09 JRT Pre-Junkware Removal
10-06-2016 19:44:41 JRT Pre-Junkware Removal

==================== Fehlerhafte Geräte im Gerätemanager =============

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (06/11/2016 04:49:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: backgroundTaskHost.exe, Version: 10.0.10586.0, Zeitstempel: 0x5632d8f0
Name des fehlerhaften Moduls: ntdll.dll, Version: 10.0.10586.306, Zeitstempel: 0x571af2eb
Ausnahmecode: 0xc0000409
Fehleroffset: 0x00000000000a9ba0
ID des fehlerhaften Prozesses: 0x1d5c
Startzeit der fehlerhaften Anwendung: 0xbackgroundTaskHost.exe0
Pfad der fehlerhaften Anwendung: backgroundTaskHost.exe1
Pfad des fehlerhaften Moduls: backgroundTaskHost.exe2
Berichtskennung: backgroundTaskHost.exe3
Vollständiger Name des fehlerhaften Pakets: backgroundTaskHost.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: backgroundTaskHost.exe5

Error: (06/11/2016 04:08:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: taskhostw.exe, Version: 10.0.10586.0, Zeitstempel: 0x5632d756
Name des fehlerhaften Moduls: ntdll.dll, Version: 10.0.10586.306, Zeitstempel: 0x571af2eb
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000000231f7
ID des fehlerhaften Prozesses: 0x1d60
Startzeit der fehlerhaften Anwendung: 0xtaskhostw.exe0
Pfad der fehlerhaften Anwendung: taskhostw.exe1
Pfad des fehlerhaften Moduls: taskhostw.exe2
Berichtskennung: taskhostw.exe3
Vollständiger Name des fehlerhaften Pakets: taskhostw.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: taskhostw.exe5

Error: (06/11/2016 10:57:41 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm ApplicationFrameHost.exe, Version 10.0.10586.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Systemsteuerung "Sicherheit und Wartung", um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1620

Startzeit: 01d1c3bd8d6265dd

Beendigungszeit: 9

Anwendungspfad: C:\Windows\System32\ApplicationFrameHost.exe

Berichts-ID: 8931b023-2fb2-11e6-bed9-089e01e6ef9a

Vollständiger Name des fehlerhaften Pakets: 

Auf das fehlerhafte Paket bezogene Anwendungs-ID:

Error: (06/11/2016 10:57:39 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: Mandy)
Description: Das Paket „windows.immersivecontrolpanel_6.2.0.0_neutral_neutral_cw5n1h2txyewy+microsoft.windows.immersivecontrolpanel“ wurde beendet, da das Anhalten zu lange dauerte.

Error: (06/10/2016 08:30:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: svchost.exe, Version: 10.0.10586.0, Zeitstempel: 0x5632d7ba
Name des fehlerhaften Moduls: ESENT.dll, Version: 10.0.10586.212, Zeitstempel: 0x56fa1686
Ausnahmecode: 0xc0000602
Fehleroffset: 0x000000000022885f
ID des fehlerhaften Prozesses: 0xbc8
Startzeit der fehlerhaften Anwendung: 0xsvchost.exe0
Pfad der fehlerhaften Anwendung: svchost.exe1
Pfad des fehlerhaften Moduls: svchost.exe2
Berichtskennung: svchost.exe3
Vollständiger Name des fehlerhaften Pakets: svchost.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: svchost.exe5

Error: (06/10/2016 08:30:09 PM) (Source: ESENT) (EventID: 908) (User: )
Description: svchost (3016) Der Prozess wird aufgrund eines nicht behebbaren Fehlers beendet: PV: 10.0.10586.0 SV: 10.0.10586.0 GLE: 0 ERR: 206(bf.cxx:22073): dllentry.cxx(103) (ESENT[10.0.10586.0] RETAIL RTM MBCS)

Error: (06/10/2016 07:44:42 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.

System Error:
Zugriff verweigert
.

Error: (06/10/2016 07:40:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: SystemSettings.exe, Version: 10.0.10586.11, Zeitstempel: 0x56457cb1
Name des fehlerhaften Moduls: CoreUIComponents.dll, Version: 0.0.0.0, Zeitstempel: 0x56fa0e13
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000000782c7
ID des fehlerhaften Prozesses: 0x1118
Startzeit der fehlerhaften Anwendung: 0xSystemSettings.exe0
Pfad der fehlerhaften Anwendung: SystemSettings.exe1
Pfad des fehlerhaften Moduls: SystemSettings.exe2
Berichtskennung: SystemSettings.exe3
Vollständiger Name des fehlerhaften Pakets: SystemSettings.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: SystemSettings.exe5

Error: (06/10/2016 07:40:25 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.

System Error:
Zugriff verweigert
.

Error: (06/10/2016 07:27:45 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10007) (User: Mandy)
Description: Die Anwendung oder der Dienst "PDF Architect 3 Creator" konnte nicht neu gestartet werden.


Systemfehler:
=============
Error: (06/13/2016 12:47:40 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "ProductAgentService" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (06/13/2016 12:47:40 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "CCDMonitorService" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (06/13/2016 12:47:40 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Presentation Foundation-Schriftartcache 3.0.0.0" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts.

Error: (06/13/2016 12:47:40 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "ePower Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (06/13/2016 12:47:40 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (06/13/2016 12:47:40 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) Dynamic Application Loader Host Interface Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (06/13/2016 12:47:40 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) ME Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (06/13/2016 12:47:40 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) Management and Security Application Local Management Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (06/13/2016 12:47:40 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Digital Wave Update Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (06/13/2016 12:47:40 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Launch Manager Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.


CodeIntegrity:
===================================
  Date: 2016-05-15 11:30:38.864
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-05-14 16:41:39.064
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-05-13 11:20:32.043
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-05-12 09:25:28.217
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-04-15 07:04:59.768
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-04-13 16:59:15.963
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-04-13 08:39:15.948
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-03-23 19:12:40.829
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-03-20 13:22:42.631
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-03-18 13:12:07.490
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.


==================== Speicherinformationen =========================== 

Prozessor: Intel(R) Celeron(R) 2955U @ 1.40GHz
Prozentuale Nutzung des RAM: 42%
Installierter physikalischer RAM: 3976.27 MB
Verfügbarer physikalischer RAM: 2290.91 MB
Summe virtueller Speicher: 4680.27 MB
Verfügbarer virtueller Speicher: 2909.53 MB

==================== Laufwerke ================================

Drive c: (Acer) (Fixed) (Total:449.51 GB) (Free:375.36 GB) NTFS

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 9C6396F5)

Partition: GPT.

==================== Ende von Addition.txt ============================

Der 4. Schritt hat nicht funktioniert...wenn ich auf Senden an ZIP-komprimierten Ordner geklickt habe, erschien die Meldung, dass es nicht funktioniert, weil der Ordner leer ist und daher nicht archiviert werden kann.

M-K-D-B · 13.06.2016, 15:58

Zitat:

Zitat von MauD85

Der 4. Schritt hat nicht funktioniert...wenn ich auf Senden an ZIP-komprimierten Ordner geklickt habe, erschien die Meldung, dass es nicht funktioniert, weil der Ordner leer ist und daher nicht archiviert werden kann.

Ja weil Schritt 1 nicht geklappt hat. Bitdefender bitte vorher komplett deaktivieren, es stört nur bei der Bereinigung.

Daher bitte Schritt 1 wiederholen, dann nochmal Schritt 3 und Schritt 4.

MauD85 · 14.06.2016, 09:21

Fixlog:

Code:

ATTFilter

Entferungsergebnis von Farbar Recovery Scan Tool (x64) Version:13-06-2016
durchgeführt von Mandy85 (2016-06-14 10:09:28) Run:5
Gestartet von C:\Users\Mandy85\Desktop
Geladene Profile: Mandy85 (Verfügbare Profile: Mandy85)
Start-Modus: Normal
==============================================

fixlist Inhalt:
*****************
start
CloseProcesses:
HKLM-x32\...\Run: [] => [X]
Hosts: 127.0.0.1 clients2.google.com 
S2 AdBlockerService; "C:\Program Files (x86)\AdBlocker\Service.WinServiceHost.exe" [X]
U2 LavasoftTcpService; C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe [X]
Task: {0DF17164-6E75-4C74-86AB-5EA7988A1FAA} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Keine Datei <==== ACHTUNG
Task: {219292A0-E379-4E1E-8BE8-55DC79AEAD1D} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Keine Datei <==== ACHTUNG
Task: {23969FDE-1588-404A-AE41-51F3760E9905} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Keine Datei <==== ACHTUNG
Task: {31988C96-2A9C-4316-95FB-4484ED042B0A} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Keine Datei <==== ACHTUNG
Task: {552ED0A1-D4A0-49D7-A22D-6392EF807322} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Keine Datei <==== ACHTUNG
Task: {84843A29-6A20-4951-921F-85A1AD08A7B6} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> Keine Datei <==== ACHTUNG
Task: {A615A25C-5CCE-46F5-A76F-7CE29AD6DB80} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Keine Datei <==== ACHTUNG
Task: {CA7D06D2-26FD-4CB1-A507-907D493876B0} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Keine Datei <==== ACHTUNG
Task: {CE810D14-84E3-4AF4-8AF9-B97792B13978} - System32\Tasks\Microsoft\Windows\Media Center\VideoFetcher => C:\ProgramData\VideoFetcher\VideoFetcher.exe [2016-05-25] () <==== ACHTUNG
C:\ProgramData\VideoFetcher
Task: {CF83D749-069F-4351-A617-3A2796FD7C71} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Keine Datei <==== ACHTUNG
Task: {D8AE62FC-6424-44AF-B768-0A1CB9F27F6D} - System32\Tasks\bfb7fa6bca096f3265eaf861e87a9130 => powershell.exe -NoProfile -NoLogo -NonInteractive -ExecutionPolicy Bypass -File C:\WINDOWS\bfb7fa6bca096f3265eaf861e87a9130.ps1
C:\WINDOWS\bfb7fa6bca096f3265eaf861e87a9130.ps1
Task: {E3201634-DB57-4D3E-A28B-A501CC9C0168} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Keine Datei <==== ACHTUNG
Task: {FB5DD166-45D2-4E6D-B259-56E52A17C6CA} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Keine Datei <==== ACHTUNG
IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com
C:\WINDOWS\system32\Drivers\etc\hosts
Hosts: 
RemoveProxy:
CMD: ipconfig /flushdns
CMD: netsh winsock reset
Unlock: C:\FRST
EmptyTemp:
end
         
*****************

Prozess erfolgreich geschlossen.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => Wert nicht gefunden.
C:\Windows\System32\Drivers\etc\hosts => erfolgreich verschoben
Hosts erfolgreich wiederhergestellt.
AdBlockerService => Dienst nicht gefunden.
LavasoftTcpService => Dienst nicht gefunden.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0DF17164-6E75-4C74-86AB-5EA7988A1FAA} => Schlüssel nicht gefunden. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Schlüssel nicht gefunden. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{219292A0-E379-4E1E-8BE8-55DC79AEAD1D} => Schlüssel nicht gefunden. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig => Schlüssel nicht gefunden. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{23969FDE-1588-404A-AE41-51F3760E9905} => Schlüssel nicht gefunden. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d => Schlüssel nicht gefunden. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{31988C96-2A9C-4316-95FB-4484ED042B0A} => Schlüssel nicht gefunden. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d => Schlüssel nicht gefunden. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{552ED0A1-D4A0-49D7-A22D-6392EF807322} => Schlüssel nicht gefunden. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => Schlüssel nicht gefunden. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{84843A29-6A20-4951-921F-85A1AD08A7B6} => Schlüssel nicht gefunden. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd => Schlüssel nicht gefunden. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A615A25C-5CCE-46F5-A76F-7CE29AD6DB80} => Schlüssel nicht gefunden. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess => Schlüssel nicht gefunden. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CA7D06D2-26FD-4CB1-A507-907D493876B0} => Schlüssel nicht gefunden. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d => Schlüssel nicht gefunden. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CE810D14-84E3-4AF4-8AF9-B97792B13978} => Schlüssel nicht gefunden. 
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\VideoFetcher => nicht gefunden.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\VideoFetcher => Schlüssel nicht gefunden. 
"C:\ProgramData\VideoFetcher" => nicht gefunden.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CF83D749-069F-4351-A617-3A2796FD7C71} => Schlüssel nicht gefunden. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d => Schlüssel nicht gefunden. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D8AE62FC-6424-44AF-B768-0A1CB9F27F6D} => Schlüssel nicht gefunden. 
C:\WINDOWS\System32\Tasks\bfb7fa6bca096f3265eaf861e87a9130 => nicht gefunden.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\bfb7fa6bca096f3265eaf861e87a9130 => Schlüssel nicht gefunden. 
"C:\WINDOWS\bfb7fa6bca096f3265eaf861e87a9130.ps1" => nicht gefunden.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E3201634-DB57-4D3E-A28B-A501CC9C0168} => Schlüssel nicht gefunden. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent => Schlüssel nicht gefunden. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FB5DD166-45D2-4E6D-B259-56E52A17C6CA} => Schlüssel nicht gefunden. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d => Schlüssel nicht gefunden. 
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com => Schlüssel nicht gefunden. 
C:\WINDOWS\system32\Drivers\etc\hosts => erfolgreich verschoben
Hosts erfolgreich wiederhergestellt.

========= RemoveProxy: =========

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => Wert erfolgreich entfernt
HKU\S-1-5-21-2819549147-2898331595-3477625086-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => Wert erfolgreich entfernt
HKU\S-1-5-21-2819549147-2898331595-3477625086-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => Wert erfolgreich entfernt


========= Ende von RemoveProxy: =========


=========  ipconfig /flushdns =========


Windows-IP-Konfiguration

Der DNS-Aufl�sungscache wurde geleert.

========= Ende von CMD: =========


=========  netsh winsock reset =========


Der Winsock-Katalog wurde zur�ckgesetzt.
Sie m�ssen den Computer neu starten, um den Vorgang abzuschlie�en.


========= Ende von CMD: =========

"C:\FRST" => wurde entsperrt
EmptyTemp: => 7.1 MB temporäre Dateien entfernt.


Das System musste neu gestartet werden.

==== Ende von Fixlog 10:09:40 ====

FRST:

Code:

ATTFilter

Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:13-06-2016
durchgeführt von Mandy85 (Administrator) auf MANDY (14-06-2016 10:12:12)
Gestartet von C:\Users\Mandy85\Desktop
Geladene Profile: Mandy85 (Verfügbare Profile: Mandy85)
Platform: Windows 10 Home Version 1511 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2016\vsserv.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Digital Wave Ltd.) C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe
(FileOpen Systems Inc.) C:\Program Files\FileOpen\Services\FileOpenManager64.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe
(Bitdefender) C:\Program Files\Bitdefender Agent\ProductAgentService.exe
(Skype Technologies) C:\Program Files (x86)\Skype\Updater\Updater.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2016\updatesrv.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMTray.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Dolby Laboratories Inc.) C:\Dolby PCEE4\pcee4.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(FileOpen Systems Inc.) C:\Program Files\FileOpen\Services\FileOpenBroker64.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP ENVY 4500 series\Bin\ScanToPCActivationApp.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP ENVY 4500 series\Bin\HPNetworkCommunicatorCom.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
(shbox.de) C:\Program Files (x86)\FreePDF_XP\fpassist.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe


==================== Registry (Nicht auf der Ausnahmeliste) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13538376 2013-05-13] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1307720 2013-04-24] (Realtek Semiconductor)
HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation)
HKLM\...\Run: [FileOpenBroker] => C:\Program Files\FileOpen\Services\FileOpenBroker64.exe [1589104 2013-03-26] (FileOpen Systems Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3016944 2013-04-11] (Synaptics Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176952 2016-06-01] (Apple Inc.)
HKLM-x32\...\Run: [FreePDF Assistant] => C:\Program Files (x86)\FreePDF_XP\fpassist.exe [374784 2014-01-09] (shbox.de)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [217632 2015-07-13] (Geek Software GmbH)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [759696 2015-12-23] (Cisco Systems, Inc.)
HKU\S-1-5-21-2819549147-2898331595-3477625086-1001\...\Run: [HP ENVY 4500 series (NET)] => C:\Program Files\HP\HP ENVY 4500 series\Bin\ScanToPCActivationApp.exe [3487240 2014-03-06] (Hewlett-Packard Co.)
HKU\S-1-5-21-2819549147-2898331595-3477625086-1001\...\Run: [Dropbox Update] => C:\Users\Mandy85\AppData\Local\Dropbox\Update\DropboxUpdate.exe [143144 2016-05-07] (Dropbox, Inc.)
HKU\S-1-5-21-2819549147-2898331595-3477625086-1001\...\MountPoints2: {7dbe2de1-c2f3-11e3-be7c-089e01e6ef9a} - "D:\WD SmartWare.exe" autoplay=true
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mandy85\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mandy85\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mandy85\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mandy85\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mandy85\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mandy85\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mandy85\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2014-05-21]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{cd1ff5b1-c692-4e4d-aee3-93493828d56c}: [DhcpNameServer] 192.168.178.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-2819549147-2898331595-3477625086-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2016-05-27] (Microsoft Corporation)
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\IEPlugIn.dll [2013-02-28] (Qualcomm Atheros Commnucations)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2016-05-17] (Microsoft Corporation)
BHO: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll [2014-11-20] (DVDVideoSoft Ltd.)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2016-05-27] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2016-05-17] (Microsoft Corporation)
DPF: HKLM-x32 {538793D5-659C-4639-A56C-A179AD87ED44} hxxps://vpn.gwdg.de/CACHE/stc/6/binaries/vpnweb.cab
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2016-05-17] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2016-02-01] (Skype Technologies)

FireFox:
========
FF ProfilePath: C:\Users\Mandy85\AppData\Roaming\Mozilla\Firefox\Profiles\4rjilx6g.default-1465565963730
FF Homepage: hxxp://www.google.de/
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_21_0_0_242.dll [2016-05-14] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_242.dll [2016-05-14] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-12-18] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.20 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-03-20] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-03-20] (Intel Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-11-18] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-05-27] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-11-18] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2016-05-27] (Adobe Systems Inc.)
FF Extension: Ad-Aware Ad Block - C:\Users\Mandy85\AppData\Roaming\Mozilla\Firefox\Profiles\4rjilx6g.default-1465565963730\Extensions\AdBlockerLavaSoftFF@lavasoft.com.xpi [2016-06-14]
FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2016\bdtbext
FF Extension: Bitdefender Antispam Toolbar - C:\Program Files\Bitdefender\Bitdefender 2016\bdtbext [2016-05-12] [ist nicht signiert]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => nicht gefunden
FF HKLM-x32\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2016\bdtbext

Chrome: 
=======
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx

==================== Dienste (Nicht auf der Ausnahmeliste) ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
R2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [2615368 2013-02-27] (Acer Incorporated)
R2 DigitalWave.Update.Service; C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe [388968 2016-03-23] (Digital Wave Ltd.)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [662088 2013-03-15] (Acer Incorporated)
R2 FileOpenManager; C:\Program Files\FileOpen\Services\FileOpenManager64.exe [337264 2013-03-19] (FileOpen Systems Inc.)
R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [370064 2015-09-30] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel(R) Corporation) [Datei ist nicht signiert]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel(R) Corporation)
S2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-03-20] (Intel Corporation)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-03-20] (Intel Corporation)
R2 LMSvc; C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe [431656 2013-04-26] (Acer Incorporate)
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [Datei ist nicht signiert]
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [Datei ist nicht signiert]
R2 ProductAgentService; C:\Program Files\Bitdefender Agent\ProductAgentService.exe [947640 2016-03-30] (Bitdefender)
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender 2016\updatesrv.exe [156016 2016-04-25] (Bitdefender)
R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender 2016\vsserv.exe [1693104 2016-05-11] (Bitdefender)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)

===================== Treiber (Nicht auf der Ausnahmeliste) ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [1623536 2016-03-18] (BitDefender)
S3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [842152 2016-03-18] (BitDefender)
S0 bdelam; C:\Windows\System32\drivers\bdelam.sys [23568 2013-09-08] (Bitdefender)
R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [127312 2016-02-22] (BitDefender LLC)
R1 BDVEDISK; C:\Windows\system32\DRIVERS\bdvedisk.sys [87912 2015-12-04] (BitDefender)
R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [182936 2015-12-16] (BitDefender LLC)
S3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [46960 2016-06-10] ()
R0 ignis; C:\Windows\system32\DRIVERS\ignis.sys [298736 2016-03-03] (Bitdefender)
R3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21360 2013-01-10] (Acer Incorporated)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-06-10] (Malwarebytes)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-12-19] (Intel Corporation)
S3 QRDCIO; C:\Windows\System32\drivers\QRDCIO.sys [9728 2009-10-20] (QUANTA)
R3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [15704 2013-01-10] (Acer Incorporated)
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [751632 2015-05-14] (Realsil Semiconductor Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [31984 2013-04-11] (Synaptics Incorporated)
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [511320 2016-02-22] (BitDefender S.R.L.)
S3 vpnva; C:\Windows\System32\drivers\vpnva64-6.sys [52592 2014-07-21] (Cisco Systems, Inc.)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-06-14 10:12 - 2016-06-14 10:12 - 00017550 _____ C:\Users\Mandy85\Desktop\FRST.txt
2016-06-14 10:09 - 2016-06-14 10:09 - 00008614 _____ C:\Users\Mandy85\Desktop\Fixlog.txt
2016-06-14 09:57 - 2016-06-14 09:57 - 00025477 _____ C:\ProgramData\1465891031.bdinstall.bin
2016-06-13 13:02 - 2016-06-13 13:02 - 00025477 _____ C:\ProgramData\1465815739.bdinstall.bin
2016-06-13 12:48 - 2016-06-13 12:48 - 00165376 _____ C:\Users\Mandy85\Desktop\SystemLook_x64.exe
2016-06-13 12:47 - 2016-06-14 09:56 - 00000000 ____D C:\Users\Mandy85\Desktop\FRST-OlderVersion
2016-06-11 16:06 - 2016-06-11 16:11 - 00263128 _____ C:\TDSSKiller.3.1.0.9_11.06.2016_16.06.45_log.txt
2016-06-11 16:05 - 2016-06-11 16:06 - 04727984 _____ (Kaspersky Lab ZAO) C:\Users\Mandy85\Desktop\tdsskiller.exe
2016-06-11 15:59 - 2016-06-14 10:12 - 00000000 ____D C:\FRST
2016-06-11 15:59 - 2016-06-14 09:56 - 02385920 _____ (Farbar) C:\Users\Mandy85\Desktop\FRST64.exe
2016-06-10 20:26 - 2016-06-10 20:26 - 00046960 _____ C:\WINDOWS\system32\Drivers\hitmanpro37.sys
2016-06-10 17:09 - 2016-06-10 19:07 - 00000000 ____D C:\Program Files\Reason
2016-06-10 15:28 - 2016-06-10 15:28 - 00000578 _____ C:\WINDOWS\system32\.crusader
2016-06-10 15:22 - 2016-06-10 15:22 - 00000385 _____ C:\Users\Mandy85\AppData\Roaminguser_gensett.xml
2016-06-10 15:17 - 2016-06-14 10:09 - 00006288 _____ C:\bdlog.txt
2016-06-10 15:16 - 2016-06-10 15:16 - 00000000 ____D C:\Users\Mandy85\AppData\Temp
2016-06-10 15:06 - 2016-06-10 15:06 - 00000385 _____ C:\WINDOWS\system32\user_gensett.xml
2016-06-10 15:04 - 2016-06-10 15:04 - 00002278 _____ C:\Users\Public\Desktop\Bitdefender 2016.lnk
2016-06-10 15:04 - 2016-06-10 15:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitdefender 2016
2016-06-10 15:03 - 2016-06-13 13:02 - 00000000 ____D C:\ProgramData\BDLogging
2016-06-10 15:03 - 2013-09-08 20:04 - 00023568 _____ (Bitdefender) C:\WINDOWS\system32\Drivers\bdelam.sys
2016-06-10 15:03 - 2007-04-11 11:11 - 00511328 _____ (Microsoft Corporation) C:\WINDOWS\capicom.dll
2016-06-10 15:02 - 2016-06-10 15:11 - 00000000 ____D C:\Users\Mandy85\AppData\Roaming\Bitdefender
2016-06-10 15:02 - 2016-03-18 06:58 - 00842152 _____ (BitDefender) C:\WINDOWS\system32\Drivers\avckf.sys
2016-06-10 15:02 - 2016-03-18 06:56 - 01623536 _____ (BitDefender) C:\WINDOWS\system32\Drivers\avc3.sys
2016-06-10 15:02 - 2016-03-03 01:36 - 00298736 _____ (Bitdefender) C:\WINDOWS\system32\Drivers\ignis.sys
2016-06-10 15:02 - 2015-12-04 19:27 - 00087912 _____ (BitDefender) C:\WINDOWS\system32\Drivers\bdvedisk.sys
2016-06-10 14:57 - 2016-06-10 15:12 - 00000000 ____D C:\ProgramData\Bitdefender
2016-06-10 14:57 - 2016-06-10 14:57 - 00000000 ____D C:\Users\Mandy85\AppData\Roaming\QuickScan
2016-06-10 14:57 - 2016-06-10 14:57 - 00000000 ____D C:\Program Files\Common Files\Bitdefender
2016-06-10 14:57 - 2016-06-10 14:57 - 00000000 ____D C:\Program Files\Bitdefender
2016-06-10 14:57 - 2016-02-22 15:13 - 00511320 _____ (BitDefender S.R.L.) C:\WINDOWS\system32\Drivers\trufos.sys
2016-06-10 14:57 - 2015-12-16 05:53 - 00182936 _____ (BitDefender LLC) C:\WINDOWS\system32\Drivers\gzflt.sys
2016-06-10 14:26 - 2016-06-10 20:27 - 00000000 ____D C:\Program Files\HitmanPro
2016-06-10 14:25 - 2016-06-10 15:28 - 00000000 ____D C:\ProgramData\HitmanPro
2016-06-10 13:06 - 2016-06-10 20:25 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-06-10 13:05 - 2016-06-10 13:05 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-06-10 12:48 - 2016-06-10 12:57 - 00000000 ____D C:\AdwCleaner
2016-06-10 12:43 - 2016-06-10 12:43 - 00000000 ____D C:\ProgramData\Simply Super Software
2016-06-10 12:36 - 2016-06-10 12:36 - 00003794 _____ C:\WINDOWS\System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864
2016-06-10 12:34 - 2016-06-14 10:11 - 00000000 ____D C:\Program Files\Bitdefender Agent
2016-06-10 12:34 - 2016-06-10 12:34 - 00000000 ____D C:\ProgramData\Bitdefender Agent
2016-06-10 12:13 - 2016-04-22 09:57 - 00453288 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2016-06-10 12:05 - 2016-06-10 12:05 - 00000000 ____D C:\OETemp
2016-06-10 12:03 - 2016-06-10 12:21 - 00000000 ____D C:\WINDOWS\system32\SSL
2016-06-10 12:02 - 2016-06-10 12:02 - 00001542 ____S C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Моzilla Firefoх.lnk
2016-06-10 10:47 - 2016-06-10 11:52 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-06-07 15:34 - 2016-06-07 15:34 - 00000000 ____D C:\Users\Mandy85\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-06-06 13:52 - 2016-06-06 13:52 - 01661549 _____ C:\Users\Mandy85\Desktop\BKK Bonusprogramm Hrube.pdf
2016-06-06 11:00 - 2016-06-06 11:00 - 00001826 _____ C:\Users\Public\Desktop\iTunes.lnk
2016-06-06 11:00 - 2016-06-06 11:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2016-06-06 10:59 - 2016-06-06 11:00 - 00000000 ____D C:\Program Files\iTunes
2016-06-06 10:59 - 2016-06-06 10:59 - 00000000 ____D C:\Program Files\iPod
2016-06-06 10:59 - 2016-06-06 10:59 - 00000000 ____D C:\Program Files (x86)\iTunes
2016-05-29 10:49 - 2016-05-29 11:03 - 00000000 ____D C:\Users\Mandy85\Desktop\Bewerbung
2016-05-28 15:32 - 2016-05-28 15:32 - 00000000 ____D C:\$SysReset
2016-05-17 10:33 - 2016-05-17 10:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-06-14 10:11 - 2016-03-13 11:48 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2016-06-14 10:11 - 2014-08-29 13:23 - 00000000 __SHD C:\Users\Mandy85\IntelGraphicsProfiles
2016-06-14 10:10 - 2016-03-13 12:18 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-06-14 10:09 - 2015-10-30 08:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2016-06-14 10:04 - 2014-04-16 21:37 - 00000000 ____D C:\Users\Mandy85\AppData\LocalLow\Temp
2016-06-14 09:47 - 2014-04-13 00:05 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-06-14 09:44 - 2014-08-31 14:59 - 00004156 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{E328451F-3FA5-4D5A-A3C6-266B1F172D19}
2016-06-13 16:21 - 2012-03-11 20:27 - 00000000 ___RD C:\Users\Mandy85\Desktop\Diverses
2016-06-13 16:20 - 2016-03-13 12:40 - 00000000 ____D C:\Users\Mandy85\AppData\Local\Deployment
2016-06-13 16:19 - 2014-04-08 19:16 - 00000000 ____D C:\Users\Mandy85\AppData\Roaming\Skype
2016-06-13 15:56 - 2014-06-29 16:40 - 00000000 ____D C:\Users\Mandy85\Desktop\Musik
2016-06-13 15:52 - 2016-05-02 10:07 - 00000575 _____ C:\Users\Mandy85\Desktop\to do allgemein.txt
2016-06-13 15:44 - 2016-03-28 10:29 - 00000000 ____D C:\Users\Mandy85\AppData\Roaming\DVDVideoSoft
2016-06-13 15:31 - 2016-05-07 11:26 - 00001244 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-2819549147-2898331595-3477625086-1001UA.job
2016-06-13 11:31 - 2016-05-07 11:26 - 00001192 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-2819549147-2898331595-3477625086-1001Core.job
2016-06-12 20:58 - 2014-04-08 18:50 - 00000000 ____D C:\Users\Mandy85\AppData\Local\Packages
2016-06-11 15:55 - 2015-10-30 09:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-06-11 15:55 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-06-11 10:57 - 2015-10-30 09:21 - 00000000 ____D C:\WINDOWS\INF
2016-06-10 20:17 - 2014-04-10 17:03 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2016-06-10 20:13 - 2012-07-26 07:26 - 00000234 _____ C:\WINDOWS\win.ini
2016-06-10 19:27 - 2015-08-30 11:39 - 00000000 ____D C:\ProgramData\PDF Architect 3
2016-06-10 19:26 - 2015-12-27 13:40 - 00000000 ____D C:\ProgramData\PDF Architect 4
2016-06-10 18:15 - 2015-10-30 08:28 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2016-06-10 18:10 - 2014-04-08 19:15 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-06-10 16:47 - 2014-04-08 18:50 - 00000000 ____D C:\Users\Mandy85\AppData\Local\VirtualStore
2016-06-10 16:19 - 2014-08-08 10:13 - 00000000 ____D C:\ProgramData\Package Cache
2016-06-10 15:56 - 2014-05-21 10:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2016-06-10 15:56 - 2014-05-21 10:58 - 00000000 ____D C:\Program Files (x86)\HP
2016-06-10 13:47 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\Provisioning
2016-06-10 12:58 - 2015-08-30 11:37 - 00000000 ____D C:\Users\Mandy85\AppData\Roaming\Lavasoft
2016-06-10 12:58 - 2015-08-30 11:37 - 00000000 ____D C:\Program Files (x86)\Lavasoft
2016-06-10 12:57 - 2015-08-30 11:36 - 00000000 ____D C:\ProgramData\Lavasoft
2016-06-10 12:23 - 2014-04-08 19:16 - 00000000 ____D C:\ProgramData\Avira
2016-06-10 12:08 - 2014-04-08 19:16 - 00000000 ____D C:\Program Files (x86)\Avira
2016-06-10 12:07 - 2014-04-08 19:20 - 00000000 ____D C:\Users\Mandy85\AppData\Roaming\Avira
2016-06-10 11:52 - 2014-04-10 14:29 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-06-09 17:04 - 2015-10-30 20:35 - 00776766 _____ C:\WINDOWS\system32\perfh007.dat
2016-06-09 17:04 - 2015-10-30 20:35 - 00155544 _____ C:\WINDOWS\system32\perfc007.dat
2016-06-09 17:04 - 2015-10-20 22:15 - 01799166 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-06-07 15:34 - 2014-04-13 17:27 - 00000000 ____D C:\Users\Mandy85\AppData\Roaming\Dropbox
2016-06-06 10:59 - 2014-04-13 17:20 - 00000000 ____D C:\Program Files\Common Files\Apple
2016-06-03 15:37 - 2014-04-08 19:15 - 00000000 ____D C:\ProgramData\Skype
2016-06-02 17:41 - 2014-08-31 18:12 - 00000000 ____D C:\Users\Mandy85\AppData\Local\PokerStars.EU
2016-06-02 17:41 - 2014-08-31 18:12 - 00000000 ____D C:\Program Files (x86)\PokerStars.EU
2016-06-02 13:44 - 2015-11-22 15:32 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-05-28 15:18 - 2016-02-01 12:46 - 00000000 ____D C:\Users\Mandy85\AppData\Local\MicrosoftEdge
2016-05-19 11:56 - 2015-10-20 22:34 - 00002432 _____ C:\Users\Mandy85\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-05-19 11:56 - 2015-10-20 22:34 - 00000000 ___RD C:\Users\Mandy85\OneDrive
2016-05-17 18:57 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\rescache
2016-05-17 10:33 - 2014-04-10 14:09 - 00000000 ____D C:\ProgramData\Cisco
2016-05-17 10:33 - 2014-04-10 14:09 - 00000000 ____D C:\Program Files (x86)\Cisco

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2016-06-13 13:02 - 2016-06-13 13:02 - 0025477 _____ () C:\ProgramData\1465815739.bdinstall.bin
2016-06-14 09:57 - 2016-06-14 09:57 - 0025477 _____ () C:\ProgramData\1465891031.bdinstall.bin
2014-07-10 11:52 - 2014-07-10 11:52 - 0000057 _____ () C:\ProgramData\Ament.ini
2013-10-05 17:45 - 2013-10-05 17:45 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2014-05-21 10:57 - 2016-06-10 18:13 - 0002894 _____ () C:\ProgramData\hpzinstall.log
2015-08-15 11:51 - 2015-08-25 21:00 - 0000528 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.64.bc

==================== Bamital & volsnap =================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert


LastRegBack: 2016-06-06 10:49

==================== Ende von FRST.txt ============================

Addition:

Code:

ATTFilter

Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:13-06-2016
durchgeführt von Mandy85 (2016-06-14 10:14:02)
Gestartet von C:\Users\Mandy85\Desktop
Windows 10 Home Version 1511 (X64) (2016-03-13 10:24:46)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-2819549147-2898331595-3477625086-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2819549147-2898331595-3477625086-503 - Limited - Disabled)
Gast (S-1-5-21-2819549147-2898331595-3477625086-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2819549147-2898331595-3477625086-1005 - Limited - Enabled)
Mandy85 (S-1-5-21-2819549147-2898331595-3477625086-1001 - Administrator - Enabled) => C:\Users\Mandy85

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Bitdefender Antivirus (Disabled - Up to date) {3FB17364-4FCC-0FA7-6BBF-973897395371}
AS: Bitdefender Spyware-Schutz (Disabled - Up to date) {84D09280-69F6-0029-510F-AC4AECBE19CC}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Bitdefender Firewall (Disabled) {078AF241-05A3-0EFF-40E0-3E0D69EA140A}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

4500_Help (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Acer Launch Manager (HKLM\...\{C18D55BD-1EC6-466D-B763-8EEDDDA9100E}) (Version: 8.00.3004 - Acer Incorporated)
Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.3013 - Acer Incorporated)
Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.3016 - Acer Incorporated)
Acer USB Charge Manager (HKLM\...\{07E867C5-0C48-40FF-A013-DDAF4565AD47}) (Version: 2.00.3004 - Acer Incorporated)
AcerCloud Docs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.01.2008 - Acer Incorporated)
AcerCloud Portal (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 2.02.2022 - Acer Incorporated)
AdBlocker (HKLM-x32\...\{3ad3263c-cc1b-432e-bf08-9059586c7d7a}) (Version: 4.1.1.0 - StarkIndustry) <==== ACHTUNG
AdBlocker (x32 Version: 4.1.1.0 - StarkIndustry) Hidden <==== ACHTUNG
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.016.20045 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.242 - Adobe Systems Incorporated)
AFPL Ghostscript 8.54 (HKLM-x32\...\AFPL Ghostscript 8.54) (Version:  - )
AFPL Ghostscript Fonts (HKLM-x32\...\AFPL Ghostscript Fonts) (Version:  - )
Apple Application Support (32-Bit) (HKLM-x32\...\{26356515-5821-40FA-9C3D-9785052A1062}) (Version: 4.3.1 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{C2651553-6CA3-4822-B2E6-BC4ACA6E0EA2}) (Version: 4.3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Bitdefender Agent (HKLM\...\Bitdefender Agent) (Version: 20.0.26.1436 - Bitdefender)
Bitdefender Total Security 2016 (HKLM\...\Bitdefender) (Version: 20.0.28.1478 - Bitdefender)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
bpd_scan (x32 Version: 3.00.0000 - Hewlett-Packard) Hidden
BPDSoftware (x32 Version: 140.0.001.000 - Hewlett-Packard) Hidden
BPDSoftware_Ini (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
BufferChm (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
Cisco AnyConnect Secure Mobility Client  (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.13015 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.13015 - Cisco Systems, Inc.) Hidden
clear.fi Media (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.02.2012 - Acer Incorporated)
clear.fi Photo (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 2.02.2016 - Acer Incorporated)
clear.fi SDK - Video 2 (x32 Version: 2.1.2606 - CyberLink Corp.) Hidden
clear.fi SDK- Movie 2 (x32 Version: 2.1.2606 - CyberLink Corp.) Hidden
Destinations (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
DocProc (x32 Version: 140.0.185.000 - Hewlett-Packard) Hidden
Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.8000.17 - Dolby Laboratories Inc)
Dropbox (HKU\S-1-5-21-2819549147-2898331595-3477625086-1001\...\Dropbox) (Version: 4.4.29 - Dropbox, Inc.)
ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 17.3.19290 - Landesfinanzdirektion Thüringen)
Fax (x32 Version: 140.0.307.000 - Hewlett-Packard) Hidden
FileOpen Client (x64) B928 (HKLM\...\{3ED9A79B-1419-4C5F-BA88-EFD6F180EBE5}) (Version: 3.0.95.928 - FileOpen Systems, Inc.)
FreePDF (Remove only) (HKLM-x32\...\FreePDF_XP) (Version:  - )
GPBaseService2 (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
HP ENVY 4500 series - Grundlegende Software für das Gerät (HKLM\...\{7A564D11-817E-48B1-9830-91420BF6E339}) (Version: 32.2.188.47710 - Hewlett-Packard Co.)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Officejet J4500 Series 14.0 Rel. 6 (HKLM\...\{EACF146B-01D2-4185-B773-9604A0E5902A}) (Version: 14.0 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Update (HKLM-x32\...\{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}) (Version: 5.002.006.003 - Hewlett-Packard)
HPDiagnosticCoreDll (HKLM-x32\...\{9262B08F-E183-4FED-A2BD-23FF1A84EB79}) (Version: 1.0.15.0 - Hewlett Packard)
HPProductAssistant (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.3006 - Acer Incorporated)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.0.1428 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3621 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.5.0.1066 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.63463 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.40 - Irfan Skiljan)
iTunes (HKLM\...\{9F4BF859-C3A4-4AB6-BDD1-9C5D58188598}) (Version: 12.4.1.6 - Apple Inc.)
J4500 (x32 Version: 140.0.001.000 - Hewlett-Packard) Hidden
Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.3010 - Acer Incorporated)
Microsoft IntelliPoint 8.2 (HKLM\...\Microsoft IntelliPoint 8.2) (Version: 8.20.468.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 DEU (HKLM-x32\...\{0125D081-30D0-4A97-82A8-C28D444B6256}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 DEU (HKLM\...\{C3EAE456-7E7A-451F-80EF-F34C7A13C558}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 47.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 47.0 (x86 de)) (Version: 47.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 47.0.0.5999 - Mozilla)
OCR Software by I.R.I.S. 14.0 (HKLM\...\HPOCR) (Version: 14.0 - HP)
Office Addin (HKLM-x32\...\{6D2BBE1D-E600-4695-BA37-0B0E605542CC}) (Version: 2.02.2008 - Acer)
Outils de vérification linguistique 2013 de Microsoft Office*- Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 2.2.2 - pdfforge)
PokerStars.eu (HKLM-x32\...\PokerStars.eu) (Version:  - PokerStars.eu)
ProductContext (x32 Version: 140.0.001.000 - Hewlett-Packard) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.222 - Qualcomm Atheros Communications)
Qualcomm Atheros WLAN and Bluetooth Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 11.43 - Qualcomm Atheros)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.14.327.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6909 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C9661090-C134-46E8-90B2-76D72355C2A6}) (Version: 6.2.9200.21222 - Realtek Semiconductor Corp.)
RedMon - Redirection Port Monitor (HKLM\...\Redirection Port Monitor) (Version: 1.90 - Ghostgum Software Pty Ltd)
Scan (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version:  - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version:  - Microsoft) Hidden
Skype™ 7.24 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.24.104 - Skype Technologies S.A.)
SolutionCenter (x32 Version: 140.0.299.000 - Hewlett-Packard) Hidden
Status (x32 Version: 140.0.342.000 - Hewlett-Packard) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.3.12.34 - Synaptics Incorporated)
Toolbox (x32 Version: 140.0.596.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
Update for Skype for Business 2015 (KB3039776) 64-Bit Edition (HKLM\...\{90150000-012B-0407-1000-0000000FF1CE}_Office15.PROPLUS_{5D2260D6-DB16-41DC-915B-A39BF4F66362}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB3115033) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{F258B6E3-BF41-4FEE-BE45-D7518C3B7FC1}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB3115033) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{F258B6E3-BF41-4FEE-BE45-D7518C3B7FC1}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB3115033) 64-Bit Edition (HKLM\...\{90150000-012B-0407-1000-0000000FF1CE}_Office15.PROPLUS_{F258B6E3-BF41-4FEE-BE45-D7518C3B7FC1}) (Version:  - Microsoft)
Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
Web Companion (HKLM-x32\...\{aff566ab-c960-452f-9b59-77f0981ce4d7}) (Version: 2.3.1384.2669 - Lavasoft)
WebReg (x32 Version: 140.0.297.017 - Hewlett-Packard) Hidden
Winamp (HKLM-x32\...\Winamp) (Version: 5.666  - Nullsoft, Inc)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

CustomCLSID: HKU\S-1-5-21-2819549147-2898331595-3477625086-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Mandy85\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2819549147-2898331595-3477625086-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Mandy85\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2819549147-2898331595-3477625086-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Mandy85\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2819549147-2898331595-3477625086-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mandy85\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2819549147-2898331595-3477625086-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mandy85\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2819549147-2898331595-3477625086-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mandy85\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2819549147-2898331595-3477625086-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mandy85\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2819549147-2898331595-3477625086-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mandy85\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2819549147-2898331595-3477625086-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mandy85\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2819549147-2898331595-3477625086-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mandy85\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2819549147-2898331595-3477625086-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mandy85\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2819549147-2898331595-3477625086-1001_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Mandy85\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {009C2EAD-BCCE-428B-8764-FA0FE89C67DA} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2819549147-2898331595-3477625086-1001UA => C:\Users\Mandy85\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-05-07] (Dropbox, Inc.)
Task: {28E478A1-BD8B-420D-B002-87FE4B04C11A} - System32\Tasks\Launch Manager => C:\Program Files\Acer\Acer Launch Manager\LMLauncher.exe [2013-04-26] (Acer Incorporate)
Task: {330A7D6E-B7AC-4A57-93E6-709BF7402126} - System32\Tasks\ALU => C:\Program Files (x86)\Acer\Live Updater\updater.exe [2013-03-13] ()
Task: {39F28A47-0D3E-4C86-90FD-D0EF768E8179} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {3AF54698-227D-4EE5-8D87-91D9FD5C04C3} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2819549147-2898331595-3477625086-1001Core => C:\Users\Mandy85\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-05-07] (Dropbox, Inc.)
Task: {575145B1-F06C-44FF-9BAC-9C782313EEC1} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-05-11] (Microsoft Corporation)
Task: {6FF28BBC-80F5-420B-A3C0-B55A144BF03C} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {7738D642-2C81-4F34-9527-53B972F0554F} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-04-22] (Adobe Systems Incorporated)
Task: {931A48DE-860F-4B3E-8BB6-97F75A48AED3} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {974AE9E6-D2CA-4431-9F86-B33D1A78F0CE} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe [2013-01-22] ()
Task: {B0C4191A-59B4-447B-8F04-69017BA89B2F} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-08-01] (Microsoft Corporation)
Task: {C00BE087-1242-4F15-9BCD-2FE67A927D22} - System32\Tasks\Dolby Selector => C:\Dolby PCEE4\pcee4.exe [2012-08-31] (Dolby Laboratories Inc.)
Task: {C4B6A259-F0AC-4A76-80FC-9278A25D8B3B} - System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 => C:\Program Files\Bitdefender Agent\WatchDog.exe [2016-03-30] (Bitdefender)
Task: {DDA4AC88-DA03-44A2-9EB5-19F4B8253AEC} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\BrowserChoice\browserchoice.exe
Task: {E7BE02EC-B677-4A4D-BBCD-6FF28000BBF1} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTray.exe [2013-03-15] (Acer Incorporated)
Task: {E7C36DA6-BA32-4825-8E33-6127E1DF742D} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {F74F3580-506E-4AD3-A7D8-6389C27C5122} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-05-14] (Adobe Systems Incorporated)

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-2819549147-2898331595-3477625086-1001Core.job => C:\Users\Mandy85\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-2819549147-2898331595-3477625086-1001UA.job => C:\Users\Mandy85\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

==================== Verknüpfungen =============================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2015-10-30 09:18 - 2015-10-30 09:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-06-10 15:02 - 2013-09-03 14:29 - 00101328 _____ () C:\Program Files\Bitdefender\Bitdefender 2016\bdmetrics.dll
2016-03-18 22:56 - 2016-03-18 22:56 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-04-22 01:07 - 2016-04-22 01:07 - 01337144 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-04-13 08:21 - 2016-03-29 12:20 - 02656952 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-04-13 08:21 - 2016-03-29 12:20 - 02656952 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-05-19 11:56 - 2016-05-19 11:56 - 00959168 _____ () C:\Users\Mandy85\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\ClientTelemetry.dll
2016-03-13 11:35 - 2016-03-13 11:35 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-05-11 14:21 - 2016-04-23 06:25 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-09-30 20:39 - 2015-09-30 20:39 - 00415128 _____ () C:\WINDOWS\system32\igfxTray.exe
2016-05-11 14:22 - 2016-04-23 06:02 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-05-11 14:22 - 2016-04-23 05:58 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-05-11 14:22 - 2016-04-23 05:58 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-05-11 14:22 - 2016-04-23 06:01 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-12-23 15:27 - 2015-12-23 15:27 - 00063376 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
2014-10-25 13:23 - 2016-03-23 14:06 - 00253800 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\collector.dll
2014-10-25 13:23 - 2016-03-23 14:06 - 00110952 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\zlib1.dll
2014-10-25 13:23 - 2016-03-23 14:06 - 00295272 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\stat.dll
2014-10-25 13:23 - 2016-03-23 14:06 - 00104296 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\boost_filesystem-vc120-mt-1_56.dll
2014-10-25 13:23 - 2016-03-23 14:06 - 00020328 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\boost_system-vc120-mt-1_56.dll
2014-10-25 13:23 - 2016-03-23 14:06 - 00044392 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\boost_date_time-vc120-mt-1_56.dll
2016-05-19 11:56 - 2016-05-19 11:56 - 00679624 _____ () C:\Users\Mandy85\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\ClientTelemetry.dll
2013-10-05 17:21 - 2013-03-20 09:47 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)

AlternateDataStreams: C:\Users\Mandy85\Desktop\SystemLook_x64.exe:BDU [0]
AlternateDataStreams: C:\Users\Mandy85\Desktop\tdsskiller.exe:BDU [0]

==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)


==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)

IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-2819549147-2898331595-3477625086-1001\...\localhost -> localhost

==================== Hosts Inhalt: ===============================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2013-08-22 15:25 - 2016-06-14 10:11 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1       localhost

==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-2819549147-2898331595-3477625086-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Mandy85\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKLM\...\StartupApproved\StartupFolder: => "HP Digital Imaging Monitor.lnk"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "PDFPrint"
HKU\S-1-5-21-2819549147-2898331595-3477625086-1001\...\StartupApproved\Run: => "BrowserChoice"

==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{FE16DB55-3448-41B4-AEBB-6B0D5139FDFF}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{A10B8F0E-BC5F-4BBD-9984-DACACF091B94}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{3C82A3AA-44CF-4DB2-A42B-2F1A17F7D0CB}] => (Allow) C:\Program Files\HP\HP ENVY 4500 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{726538A5-3BCE-41FB-8E5C-F068CCDDF1CB}] => (Allow) LPort=5357
FirewallRules: [{3731ECD6-96F2-4875-8A29-A93E0777BA3D}] => (Allow) C:\Program Files\HP\HP ENVY 4500 series\Bin\DeviceSetup.exe
FirewallRules: [{834FADE1-CBBE-4F12-ABD0-D24A4C978059}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [{D0627080-2107-42E9-9D6F-A55DA805090A}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [{E77F4DCB-DEED-480D-BC55-17A4A9589883}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{C2714E79-59AF-4429-9A06-E70D9E4CFA78}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{F735367C-889F-4A83-917C-5AB8BB9C08B0}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{80F933EF-B441-42A8-BED9-370EBF11F053}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqfxt08.exe
FirewallRules: [{FDEDE01A-0AD2-4F5E-8691-688D1D5F9774}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxs08.exe
FirewallRules: [{A9247B39-67D4-4687-AEAE-59A9CB7DB090}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{BF054137-D8BB-41B1-8131-892016F8311D}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{E38BB25F-F9E1-47CE-BA4E-0C5872373956}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpzwiz01.exe
FirewallRules: [{7EAB9F98-68F5-4147-AA22-5EE8EEE010AD}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{A6E78499-1F62-40A8-9692-59B9B1FE8832}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{CA47D9D6-D151-41FB-8530-87C18646810E}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{AC72F3E7-DD52-4C40-8911-D920DE52448D}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposfx08.exe
FirewallRules: [{D5F72E62-61BC-4A22-A352-35ECCDDF440D}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxm08.exe
FirewallRules: [{133DBA7E-71BF-4714-85D9-E76B17757309}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{FFC6105F-3FDB-4041-89EE-A5D399A1FAE6}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{78BDA0A5-8379-4E3F-9DD8-4BB20F3E950A}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{60ED60ED-A553-465F-907D-4BB761AE265C}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{FCBC375E-6537-428F-981A-E8EBF8D11242}] => (Allow) C:\Users\Mandy85\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{F684E320-6333-427A-A285-09D6FAB2D2C1}] => (Allow) C:\Users\Mandy85\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{F9C587CE-B4DD-45AA-9E15-36915C96F8D9}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{0CC6346B-C836-495B-B70D-C36652E0BF04}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{ACBB40FA-0747-4562-9562-4546B7BC58B0}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{E5933716-2F7C-4D8C-A736-1BB175A9A2C9}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{7C145D6A-789F-4542-896C-1AE84640A05B}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{5D7C4460-1404-4AA0-BAAD-FF2CACEA4F14}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{605BB654-018F-4AF8-BD35-9CCBA2184B75}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{29891796-F3C2-4651-9A1C-E5318EA7F5E7}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{560DD717-0809-4E71-881F-7973A916AD96}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{147DD520-8B5B-4E0F-8139-04F38517F780}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\virtualdrive.exe
FirewallRules: [{75833E1C-313A-4269-BF0E-F6C3A39EAEA2}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\virtualdrive.exe
FirewallRules: [{32E4CE4F-1B82-42FB-8C10-BB9D269DE2E7}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\Sdd.exe
FirewallRules: [{8CF1B0BD-91BA-458C-A66F-AFF7936A1236}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\Sdd.exe
FirewallRules: [{AF748F03-5979-4B89-B0F8-1ECF60ADBBD6}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\ccd.exe
FirewallRules: [{2AC2B658-5E33-457F-A20C-58FFF42F31AB}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\ccd.exe
FirewallRules: [{9793FCFC-1FC5-492C-973E-B2AA4086167F}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\WindowsUpnp.exe
FirewallRules: [{B3A0E4D6-44A0-4934-A22A-D42119335FC7}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\WindowsUpnp.exe
FirewallRules: [{A02F5DD8-503B-4E18-BEF8-AD7AAAE7C47D}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\DMCDaemon.exe
FirewallRules: [{B8FCC90B-5CAE-49F8-A5FE-354FD3481893}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\DMCDaemon.exe
FirewallRules: [{8A287AFF-AEAF-47FB-A2D2-8F2B56ECA7A8}] => (Allow) C:\Program Files (x86)\Acer\clear.fi SDK21\Movie\PlayMovie.exe
FirewallRules: [{AA24E7A9-7EDE-46A8-A815-FAEE7AFFF659}] => (Allow) C:\Program Files (x86)\Acer\clear.fi SDK21\Video\MusicPlayer.exe
FirewallRules: [{47453C64-ED6A-40F3-BD3C-48834B70203F}] => (Allow) C:\Program Files (x86)\Acer\clear.fi SDK21\Video\VideoPlayer.exe
FirewallRules: [{3B2FBB27-4092-4B9B-94E6-0B427F493B0E}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\WindowsUpnpMV.exe
FirewallRules: [{42FF2468-0E05-4A6C-9563-FAE7E6517E35}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\WindowsUpnpMV.exe
FirewallRules: [{BCCBFC24-F941-4A26-892A-1A0D9BB81465}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\DMCDaemon.exe
FirewallRules: [{814039D2-D9A5-46DD-AEC8-E28F63B94CD8}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\DMCDaemon.exe
FirewallRules: [{8E578593-A08D-4D6B-BB46-38C977439879}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{8AA7C6A4-925A-42D4-B203-5166ACF9BD63}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{AD9751DC-1387-4474-B15E-1B944D565CB5}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{50F41FC0-DD8A-45E6-9563-62F8E297C04B}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{64465223-B060-4B3A-A4CC-2DD80071E511}] => (Allow) C:\Program Files (x86)\Nero\Nero 12\Nero BackItUp\BackItUp.exe
FirewallRules: [{F2ECEB75-552B-42E5-8E41-1064C2DFC3CC}] => (Allow) C:\Program Files (x86)\Nero\Nero 12\Nero BackItUp\BackItUp.exe
FirewallRules: [{202F81ED-B0F5-4B69-83C0-14BD04CC68CE}] => (Allow) C:\Program Files\Common Files\mcafee\platform\mcsvchost\McSvHost.exe
FirewallRules: [{59D9E35E-3977-42AC-A56E-2D01D1B78C7F}] => (Allow) C:\Program Files\Common Files\mcafee\platform\mcsvchost\McSvHost.exe
FirewallRules: [{26273E9A-A545-4382-95D9-7D34CD5B8EB6}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{43155AB8-E284-43EA-83EE-5E461A5B576C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{1AA8DED2-5885-490A-A493-F8FD7A079865}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{785E8305-1D7A-4094-A42D-5FBFD0638181}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{A24D72F6-4ED7-4DA4-8973-1BC727B37D65}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{A9060493-1071-4DF4-A653-7CAE0A456711}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{E1D6B457-BA76-44C8-9FC5-29D80E624DF4}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{B0CCC29B-00F7-439F-8FBC-579D84143473}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{55F60B9F-33DC-4A9D-BF34-E561EAB9FC36}] => (Allow) C:\Program Files\iTunes\iTunes.exe

==================== Wiederherstellungspunkte =========================

26-05-2016 12:21:15 Geplanter Prüfpunkt
02-06-2016 16:37:00 Geplanter Prüfpunkt
10-06-2016 12:02:30 AdBlocker
10-06-2016 19:40:09 JRT Pre-Junkware Removal
10-06-2016 19:44:41 JRT Pre-Junkware Removal

==================== Fehlerhafte Geräte im Gerätemanager =============

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (06/14/2016 10:03:58 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: FRST64.exe, Version: 13.6.2016.0, Zeitstempel: 0x575efceb
Name des fehlerhaften Moduls: FRST64.exe, Version: 13.6.2016.0, Zeitstempel: 0x575efceb
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000026519
ID des fehlerhaften Prozesses: 0x123c
Startzeit der fehlerhaften Anwendung: 0xFRST64.exe0
Pfad der fehlerhaften Anwendung: FRST64.exe1
Pfad des fehlerhaften Moduls: FRST64.exe2
Berichtskennung: FRST64.exe3
Vollständiger Name des fehlerhaften Pakets: FRST64.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: FRST64.exe5

Error: (06/11/2016 04:49:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: backgroundTaskHost.exe, Version: 10.0.10586.0, Zeitstempel: 0x5632d8f0
Name des fehlerhaften Moduls: ntdll.dll, Version: 10.0.10586.306, Zeitstempel: 0x571af2eb
Ausnahmecode: 0xc0000409
Fehleroffset: 0x00000000000a9ba0
ID des fehlerhaften Prozesses: 0x1d5c
Startzeit der fehlerhaften Anwendung: 0xbackgroundTaskHost.exe0
Pfad der fehlerhaften Anwendung: backgroundTaskHost.exe1
Pfad des fehlerhaften Moduls: backgroundTaskHost.exe2
Berichtskennung: backgroundTaskHost.exe3
Vollständiger Name des fehlerhaften Pakets: backgroundTaskHost.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: backgroundTaskHost.exe5

Error: (06/11/2016 04:08:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: taskhostw.exe, Version: 10.0.10586.0, Zeitstempel: 0x5632d756
Name des fehlerhaften Moduls: ntdll.dll, Version: 10.0.10586.306, Zeitstempel: 0x571af2eb
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000000231f7
ID des fehlerhaften Prozesses: 0x1d60
Startzeit der fehlerhaften Anwendung: 0xtaskhostw.exe0
Pfad der fehlerhaften Anwendung: taskhostw.exe1
Pfad des fehlerhaften Moduls: taskhostw.exe2
Berichtskennung: taskhostw.exe3
Vollständiger Name des fehlerhaften Pakets: taskhostw.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: taskhostw.exe5

Error: (06/11/2016 10:57:41 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm ApplicationFrameHost.exe, Version 10.0.10586.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Systemsteuerung "Sicherheit und Wartung", um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1620

Startzeit: 01d1c3bd8d6265dd

Beendigungszeit: 9

Anwendungspfad: C:\Windows\System32\ApplicationFrameHost.exe

Berichts-ID: 8931b023-2fb2-11e6-bed9-089e01e6ef9a

Vollständiger Name des fehlerhaften Pakets: 

Auf das fehlerhafte Paket bezogene Anwendungs-ID:

Error: (06/11/2016 10:57:39 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: Mandy)
Description: Das Paket „windows.immersivecontrolpanel_6.2.0.0_neutral_neutral_cw5n1h2txyewy+microsoft.windows.immersivecontrolpanel“ wurde beendet, da das Anhalten zu lange dauerte.

Error: (06/10/2016 08:30:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: svchost.exe, Version: 10.0.10586.0, Zeitstempel: 0x5632d7ba
Name des fehlerhaften Moduls: ESENT.dll, Version: 10.0.10586.212, Zeitstempel: 0x56fa1686
Ausnahmecode: 0xc0000602
Fehleroffset: 0x000000000022885f
ID des fehlerhaften Prozesses: 0xbc8
Startzeit der fehlerhaften Anwendung: 0xsvchost.exe0
Pfad der fehlerhaften Anwendung: svchost.exe1
Pfad des fehlerhaften Moduls: svchost.exe2
Berichtskennung: svchost.exe3
Vollständiger Name des fehlerhaften Pakets: svchost.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: svchost.exe5

Error: (06/10/2016 08:30:09 PM) (Source: ESENT) (EventID: 908) (User: )
Description: svchost (3016) Der Prozess wird aufgrund eines nicht behebbaren Fehlers beendet: PV: 10.0.10586.0 SV: 10.0.10586.0 GLE: 0 ERR: 206(bf.cxx:22073): dllentry.cxx(103) (ESENT[10.0.10586.0] RETAIL RTM MBCS)

Error: (06/10/2016 07:44:42 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.

System Error:
Zugriff verweigert
.

Error: (06/10/2016 07:40:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: SystemSettings.exe, Version: 10.0.10586.11, Zeitstempel: 0x56457cb1
Name des fehlerhaften Moduls: CoreUIComponents.dll, Version: 0.0.0.0, Zeitstempel: 0x56fa0e13
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000000782c7
ID des fehlerhaften Prozesses: 0x1118
Startzeit der fehlerhaften Anwendung: 0xSystemSettings.exe0
Pfad der fehlerhaften Anwendung: SystemSettings.exe1
Pfad des fehlerhaften Moduls: SystemSettings.exe2
Berichtskennung: SystemSettings.exe3
Vollständiger Name des fehlerhaften Pakets: SystemSettings.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: SystemSettings.exe5

Error: (06/10/2016 07:40:25 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.

System Error:
Zugriff verweigert
.


Systemfehler:
=============
Error: (06/14/2016 10:14:13 AM) (Source: DCOM) (EventID: 10010) (User: NT-AUTORITÄT)
Description: {784E29F4-5EBE-4279-9948-1E8FE941646D}

Error: (06/14/2016 10:09:52 AM) (Source: DCOM) (EventID: 10010) (User: NT-AUTORITÄT)
Description: {784E29F4-5EBE-4279-9948-1E8FE941646D}

Error: (06/14/2016 10:09:44 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Synchronisierungshost_31aa4" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (06/14/2016 10:09:44 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalAktivierung{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (06/14/2016 10:09:29 AM) (Source: DCOM) (EventID: 10000) (User: Mandy)
Description: C:\WINDOWS\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}5{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (06/14/2016 10:09:29 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) Management and Security Application Local Management Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (06/14/2016 10:09:29 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) Dynamic Application Loader Host Interface Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (06/14/2016 10:09:29 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) ME Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (06/14/2016 10:09:29 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "ePower Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (06/14/2016 10:09:29 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.


CodeIntegrity:
===================================
  Date: 2016-05-15 11:30:38.864
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-05-14 16:41:39.064
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-05-13 11:20:32.043
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-05-12 09:25:28.217
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-04-15 07:04:59.768
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-04-13 16:59:15.963
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-04-13 08:39:15.948
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-03-23 19:12:40.829
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-03-20 13:22:42.631
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-03-18 13:12:07.490
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.


==================== Speicherinformationen =========================== 

Prozessor: Intel(R) Celeron(R) 2955U @ 1.40GHz
Prozentuale Nutzung des RAM: 39%
Installierter physikalischer RAM: 3976.27 MB
Verfügbarer physikalischer RAM: 2403.71 MB
Summe virtueller Speicher: 4680.27 MB
Verfügbarer virtueller Speicher: 3182.82 MB

==================== Laufwerke ================================

Drive c: (Acer) (Fixed) (Total:449.51 GB) (Free:376.43 GB) NTFS

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 9C6396F5)

Partition: GPT.

==================== Ende von Addition.txt ============================

Die Zip-Datei habe ich soeben auch hochgeladen.

M-K-D-B · 14.06.2016, 16:44

Servus,

wir entfernen die letzten Reste und kontrollieren nochmal alles.

Hinweis: Der Suchlauf mit ESET kann länger dauern.

Schritt 1
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

start
CloseProcesses:
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\VideoFetcher
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{aff566ab-c960-452f-9b59-77f0981ce4d7}
DeleteKey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LavasoftTcpService
DeleteKey: KEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
DeleteKey: HKEY_CURRENT_USER\SOFTWARE\StarkIndustry
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\StarkIndustry
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\0964FD3B82A837141BDCE75F4F3CB069
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{3ad3263c-cc1b-432e-bf08-9059586c7d7a}
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B3DF4690-8A28-4173-B1CD-7EF5F4C30B96}
Reboot:
end

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Schritt 2

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Schritt 3
Downloade dir die passende Version von HitmanPro auf deinen Desktop: HitmanPro - 32 Bit | HitmanPro - 64 Bit.

Starte die HitmanPro.exe
Klicke auf
Entferne den Haken bei
Klicke auf
und
Akzeptiere die Lizenzbedingungen und klicke auf
Klicke auf

und auf
Wenn der Scan beendet wurde, nichts löschen lassen etc. sondern wähle unten links auf der Button-Leiste
und speichere die Logdatei auf Deinem Desktop.
Schließe HitmanPro und poste mir das Log.

Schritt 4

Starte die FRST.exe erneut. Setze einen Haken vor Addition.txt und drücke auf Untersuchen.
FRST erstellt wieder zwei Logdateien (FRST.txt und Addition.txt).
Poste mir beide Logdateien mit deiner nächsten Antwort.

Gibt es jetzt noch Probleme mit dem PC? Wenn ja, welche?

Bitte poste mit deiner nächsten Antwort

die Logdatei des FRST-Fix,
die Logdatei von ESET,
die Logdatei von HitmanPro,
die beiden neuen Logdateien von FRST,
die Beantwortung der gestellten Fragen.

MauD85 · 15.06.2016, 12:45

Fixlog:

Code:

ATTFilter

Entferungsergebnis von Farbar Recovery Scan Tool (x64) Version:13-06-2016
durchgeführt von Mandy85 (2016-06-15 11:17:01) Run:6
Gestartet von C:\Users\Mandy85\Desktop
Geladene Profile: Mandy85 (Verfügbare Profile: Mandy85)
Start-Modus: Normal
==============================================

fixlist Inhalt:
*****************
start
CloseProcesses:
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\VideoFetcher
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{aff566ab-c960-452f-9b59-77f0981ce4d7}
DeleteKey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LavasoftTcpService
DeleteKey: KEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
DeleteKey: HKEY_CURRENT_USER\SOFTWARE\StarkIndustry
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\StarkIndustry
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\0964FD3B82A837141BDCE75F4F3CB069
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{3ad3263c-cc1b-432e-bf08-9059586c7d7a}
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B3DF4690-8A28-4173-B1CD-7EF5F4C30B96}
Reboot:
end
*****************

Prozess erfolgreich geschlossen.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\VideoFetcher => Schlüssel nicht gefunden. 
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{aff566ab-c960-452f-9b59-77f0981ce4d7} => Schlüssel erfolgreich entfernt
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LavasoftTcpService => Schlüssel nicht gefunden. 
KEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com => konnte nicht entfernt werdenSchlüssel.: incorrect path. 
HKEY_CURRENT_USER\SOFTWARE\StarkIndustry => konnte nicht entfernt werden im ersten Versuch (ErrorCode: C0000121), siehe nächste Zeile.
HKEY_CURRENT_USER\SOFTWARE\StarkIndustry => Schlüssel erfolgreich entfernt
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\StarkIndustry => konnte nicht entfernt werden im ersten Versuch (ErrorCode: C0000121), siehe nächste Zeile.
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\StarkIndustry => Schlüssel erfolgreich entfernt
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\0964FD3B82A837141BDCE75F4F3CB069 => konnte nicht entfernt werden im ersten Versuch (ErrorCode: C0000121), siehe nächste Zeile.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\0964FD3B82A837141BDCE75F4F3CB069 => Schlüssel erfolgreich entfernt
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{3ad3263c-cc1b-432e-bf08-9059586c7d7a} => Schlüssel erfolgreich entfernt
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B3DF4690-8A28-4173-B1CD-7EF5F4C30B96} => Schlüssel erfolgreich entfernt


Das System musste neu gestartet werden.

==== Ende von Fixlog 11:17:04 ====

ESET:

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=0261e6fe09025f43b69860887d1ed446
# end=init
# utc_time=2016-06-15 09:21:46
# local_time=2016-06-15 11:21:46 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.2.9200 NT 
Update Init
Update Download
Update Finalize
Updated modules version: 29802
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=0261e6fe09025f43b69860887d1ed446
# end=updated
# utc_time=2016-06-15 09:26:17
# local_time=2016-06-15 11:26:17 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.2.9200 NT 
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=0261e6fe09025f43b69860887d1ed446
# engine=29802
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2016-06-15 11:16:03
# local_time=2016-06-15 01:16:03 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT 
# compatibility_mode_1='Bitdefender Antivirus'
# compatibility_mode=2071 16777213 100 99 7049 163302028 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 435767 19803506 0 0
# scanned=236631
# found=0
# cleaned=0
# scan_time=6586

HitmanPro:

Code:

ATTFilter

HitmanPro 3.7.14.265
www.hitmanpro.com

   Computer name . . . . : MANDY
   Windows . . . . . . . : 10.0.0.10586.X64/2
   User name . . . . . . : Mandy\Mandy85
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Trial (25 days left)

   Scan date . . . . . . : 2016-06-15 13:22:37
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 6m 41s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No

   Threats . . . . . . . : 0
   Traces  . . . . . . . : 4

   Objects scanned . . . : 1.826.664
   Files scanned . . . . : 48.170
   Remnants scanned  . . : 450.022 files / 1.328.472 keys

Suspicious files ____________________________________________________________

   C:\Users\Mandy85\AppData\Local\Microsoft\Windows\INetCache\IE\09RCJ62R\FRST64[2].exe
      Size . . . . . . . : 2.385.920 bytes
      Age  . . . . . . . : 1.1 days (2016-06-14 09:56:38)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 2C7000FE2E1515B814DD4F212102FA4F93529D770EE0BAF529B90EEF6D0E8C99
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
      Forensic Cluster
         -0.5s C:\Users\Mandy85\AppData\Local\Microsoft\Windows\INetCache\IE\SWETI8IP\82[1].htm
         -0.5s C:\Users\Mandy85\AppData\Local\Microsoft\Windows\INetCookies\H13MKUZ2.txt
         -0.2s C:\Users\Mandy85\AppData\Local\Microsoft\Windows\INetCache\IE\09RCJ62R\FRST64[1].exe
          0.0s C:\Users\Mandy85\AppData\Local\Microsoft\Windows\INetCache\IE\09RCJ62R\FRST64[2].exe
          0.0s C:\Users\Mandy85\Desktop\FRST64.exe
          5.0s C:\Users\Mandy85\AppData\Local\Microsoft\Windows\INetCache\IE\4BI1JRYH\up64[1]

   C:\Users\Mandy85\AppData\Local\Microsoft\Windows\INetCache\IE\HAZUR59B\FRST64[1].exe
      Size . . . . . . . : 2.385.408 bytes
      Age  . . . . . . . : 2.0 days (2016-06-13 12:47:26)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 8A9CEF7FD8019023414AB3462A909AAD1CDCD7CB038730D835910020732B004E
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
      Forensic Cluster
         -0.5s C:\Users\Mandy85\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\9EC3B71635F8BA3FC68DE181A104A0EF_F6C39EF89D8A3A72327D8412589658B2
         -0.5s C:\Users\Mandy85\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\9EC3B71635F8BA3FC68DE181A104A0EF_F6C39EF89D8A3A72327D8412589658B2
         -0.2s C:\Users\Mandy85\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\64DCC9872C5635B1B7891B30665E0558_5552C20A2631357820903FD38A8C0F9F
         -0.2s C:\Users\Mandy85\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\64DCC9872C5635B1B7891B30665E0558_5552C20A2631357820903FD38A8C0F9F
         -0.1s C:\Users\Mandy85\AppData\Local\Microsoft\Windows\INetCache\IE\4BI1JRYH\FRST64[1].exe
          0.0s C:\Users\Mandy85\AppData\Local\Microsoft\Windows\INetCache\IE\HAZUR59B\FRST64[1].exe
          1.8s C:\Users\Mandy85\Desktop\FRST-OlderVersion\

   C:\Users\Mandy85\Desktop\FRST-OlderVersion\FRST64.exe
      Size . . . . . . . : 2.385.408 bytes
      Age  . . . . . . . : 3.9 days (2016-06-11 15:59:27)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 8A9CEF7FD8019023414AB3462A909AAD1CDCD7CB038730D835910020732B004E
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.

   C:\Users\Mandy85\Desktop\FRST64.exe
      Size . . . . . . . : 2.385.920 bytes
      Age  . . . . . . . : 1.1 days (2016-06-14 09:56:38)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 2C7000FE2E1515B814DD4F212102FA4F93529D770EE0BAF529B90EEF6D0E8C99
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
      Forensic Cluster
         -0.5s C:\Users\Mandy85\AppData\Local\Microsoft\Windows\INetCache\IE\SWETI8IP\82[1].htm
         -0.5s C:\Users\Mandy85\AppData\Local\Microsoft\Windows\INetCookies\H13MKUZ2.txt
         -0.2s C:\Users\Mandy85\AppData\Local\Microsoft\Windows\INetCache\IE\09RCJ62R\FRST64[1].exe
          0.0s C:\Users\Mandy85\AppData\Local\Microsoft\Windows\INetCache\IE\09RCJ62R\FRST64[2].exe
          0.0s C:\Users\Mandy85\Desktop\FRST64.exe
          5.0s C:\Users\Mandy85\AppData\Local\Microsoft\Windows\INetCache\IE\4BI1JRYH\up64[1]

FRST:

Code:

ATTFilter

Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:13-06-2016
durchgeführt von Mandy85 (Administrator) auf MANDY (15-06-2016 13:35:27)
Gestartet von C:\Users\Mandy85\Desktop
Geladene Profile: Mandy85 (Verfügbare Profile: Mandy85)
Platform: Windows 10 Home Version 1511 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2016\vsserv.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Digital Wave Ltd.) C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(FileOpen Systems Inc.) C:\Program Files\FileOpen\Services\FileOpenManager64.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe
(Bitdefender) C:\Program Files\Bitdefender Agent\ProductAgentService.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2016\updatesrv.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMTray.exe
(Dolby Laboratories Inc.) C:\Dolby PCEE4\pcee4.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
(FileOpen Systems Inc.) C:\Program Files\FileOpen\Services\FileOpenBroker64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP ENVY 4500 series\Bin\ScanToPCActivationApp.exe
(shbox.de) C:\Program Files (x86)\FreePDF_XP\fpassist.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2016\bdagent.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2016\bdwtxag.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP ENVY 4500 series\Bin\HPNetworkCommunicatorCom.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\OUTLOOK.EXE


==================== Registry (Nicht auf der Ausnahmeliste) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13538376 2013-05-13] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1307720 2013-04-24] (Realtek Semiconductor)
HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation)
HKLM\...\Run: [FileOpenBroker] => C:\Program Files\FileOpen\Services\FileOpenBroker64.exe [1589104 2013-03-26] (FileOpen Systems Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3016944 2013-04-11] (Synaptics Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176952 2016-06-01] (Apple Inc.)
HKLM-x32\...\Run: [FreePDF Assistant] => C:\Program Files (x86)\FreePDF_XP\fpassist.exe [374784 2014-01-09] (shbox.de)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [217632 2015-07-13] (Geek Software GmbH)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [759696 2015-12-23] (Cisco Systems, Inc.)
HKU\S-1-5-21-2819549147-2898331595-3477625086-1001\...\Run: [HP ENVY 4500 series (NET)] => C:\Program Files\HP\HP ENVY 4500 series\Bin\ScanToPCActivationApp.exe [3487240 2014-03-06] (Hewlett-Packard Co.)
HKU\S-1-5-21-2819549147-2898331595-3477625086-1001\...\Run: [Dropbox Update] => C:\Users\Mandy85\AppData\Local\Dropbox\Update\DropboxUpdate.exe [143144 2016-05-07] (Dropbox, Inc.)
HKU\S-1-5-21-2819549147-2898331595-3477625086-1001\...\MountPoints2: {7dbe2de1-c2f3-11e3-be7c-089e01e6ef9a} - "D:\WD SmartWare.exe" autoplay=true
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mandy85\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mandy85\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mandy85\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mandy85\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mandy85\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mandy85\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mandy85\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2014-05-21]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{cd1ff5b1-c692-4e4d-aee3-93493828d56c}: [DhcpNameServer] 192.168.178.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-2819549147-2898331595-3477625086-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2016-05-27] (Microsoft Corporation)
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\IEPlugIn.dll [2013-02-28] (Qualcomm Atheros Commnucations)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2016-05-17] (Microsoft Corporation)
BHO: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll [2014-11-20] (DVDVideoSoft Ltd.)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2016-05-27] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2016-05-17] (Microsoft Corporation)
DPF: HKLM-x32 {538793D5-659C-4639-A56C-A179AD87ED44} hxxps://vpn.gwdg.de/CACHE/stc/6/binaries/vpnweb.cab
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2016-05-17] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2016-02-01] (Skype Technologies)

FireFox:
========
FF ProfilePath: C:\Users\Mandy85\AppData\Roaming\Mozilla\Firefox\Profiles\4rjilx6g.default-1465565963730
FF Homepage: hxxp://www.google.de/
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_21_0_0_242.dll [2016-05-14] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_242.dll [2016-05-14] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-12-18] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.20 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-03-20] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-03-20] (Intel Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-11-18] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-05-27] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-11-18] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2016-05-27] (Adobe Systems Inc.)
FF Extension: Ad-Aware Ad Block - C:\Users\Mandy85\AppData\Roaming\Mozilla\Firefox\Profiles\4rjilx6g.default-1465565963730\Extensions\AdBlockerLavaSoftFF@lavasoft.com.xpi [2016-06-14]
FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2016\bdtbext
FF Extension: Bitdefender Antispam Toolbar - C:\Program Files\Bitdefender\Bitdefender 2016\bdtbext [2016-05-12] [ist nicht signiert]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => nicht gefunden
FF HKLM-x32\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2016\bdtbext

Chrome: 
=======
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx

==================== Dienste (Nicht auf der Ausnahmeliste) ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
R2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [2615368 2013-02-27] (Acer Incorporated)
R2 DigitalWave.Update.Service; C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe [388968 2016-03-23] (Digital Wave Ltd.)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [662088 2013-03-15] (Acer Incorporated)
R2 FileOpenManager; C:\Program Files\FileOpen\Services\FileOpenManager64.exe [337264 2013-03-19] (FileOpen Systems Inc.)
R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [370064 2015-09-30] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel(R) Corporation) [Datei ist nicht signiert]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-03-20] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-03-20] (Intel Corporation)
R2 LMSvc; C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe [431656 2013-04-26] (Acer Incorporate)
S2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [Datei ist nicht signiert]
S2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [Datei ist nicht signiert]
R2 ProductAgentService; C:\Program Files\Bitdefender Agent\ProductAgentService.exe [950200 2016-05-24] (Bitdefender)
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender 2016\updatesrv.exe [156016 2016-04-25] (Bitdefender)
R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender 2016\vsserv.exe [1693104 2016-05-11] (Bitdefender)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)

===================== Treiber (Nicht auf der Ausnahmeliste) ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [1623536 2016-03-18] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [842152 2016-03-18] (BitDefender)
S0 bdelam; C:\Windows\System32\drivers\bdelam.sys [23568 2013-09-08] (Bitdefender)
R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [127312 2016-02-22] (BitDefender LLC)
R1 BDVEDISK; C:\Windows\system32\DRIVERS\bdvedisk.sys [87912 2015-12-04] (BitDefender)
R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [182936 2015-12-16] (BitDefender LLC)
R0 ignis; C:\Windows\system32\DRIVERS\ignis.sys [298736 2016-03-03] (Bitdefender)
R3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21360 2013-01-10] (Acer Incorporated)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-06-10] (Malwarebytes)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-12-19] (Intel Corporation)
S3 QRDCIO; C:\Windows\System32\drivers\QRDCIO.sys [9728 2009-10-20] (QUANTA)
R3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [15704 2013-01-10] (Acer Incorporated)
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [751632 2015-05-14] (Realsil Semiconductor Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [31984 2013-04-11] (Synaptics Incorporated)
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [511320 2016-02-22] (BitDefender S.R.L.)
S3 vpnva; C:\Windows\System32\drivers\vpnva64-6.sys [52592 2014-07-21] (Cisco Systems, Inc.)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-06-15 13:35 - 2016-06-15 13:36 - 00018023 _____ C:\Users\Mandy85\Desktop\FRST.txt
2016-06-15 13:21 - 2016-06-15 13:22 - 11438608 _____ (SurfRight B.V.) C:\Users\Mandy85\Desktop\HitmanPro_x64.exe
2016-06-15 11:20 - 2016-06-15 11:21 - 02870984 _____ (ESET) C:\Users\Mandy85\Desktop\esetsmartinstaller_deu.exe
2016-06-15 11:17 - 2016-06-15 11:17 - 00003292 _____ C:\Users\Mandy85\Desktop\Fixlog.txt
2016-06-15 11:13 - 2016-06-15 11:13 - 00026786 _____ C:\ProgramData\1465982021.bdinstall.bin
2016-06-14 16:12 - 2016-06-14 16:12 - 00025981 _____ C:\ProgramData\1465913518.bdinstall.bin
2016-06-14 16:11 - 2016-06-14 16:11 - 00025980 _____ C:\ProgramData\1465913495.bdinstall.bin
2016-06-14 09:57 - 2016-06-14 09:57 - 00025477 _____ C:\ProgramData\1465891031.bdinstall.bin
2016-06-13 13:02 - 2016-06-13 13:02 - 00025477 _____ C:\ProgramData\1465815739.bdinstall.bin
2016-06-13 12:48 - 2016-06-13 12:48 - 00165376 _____ C:\Users\Mandy85\Desktop\SystemLook_x64.exe
2016-06-13 12:47 - 2016-06-14 09:56 - 00000000 ____D C:\Users\Mandy85\Desktop\FRST-OlderVersion
2016-06-11 16:06 - 2016-06-11 16:11 - 00263128 _____ C:\TDSSKiller.3.1.0.9_11.06.2016_16.06.45_log.txt
2016-06-11 16:05 - 2016-06-11 16:06 - 04727984 _____ (Kaspersky Lab ZAO) C:\Users\Mandy85\Desktop\tdsskiller.exe
2016-06-11 15:59 - 2016-06-15 13:35 - 00000000 ____D C:\FRST
2016-06-11 15:59 - 2016-06-14 09:56 - 02385920 _____ (Farbar) C:\Users\Mandy85\Desktop\FRST64.exe
2016-06-10 17:09 - 2016-06-10 19:07 - 00000000 ____D C:\Program Files\Reason
2016-06-10 15:28 - 2016-06-10 15:28 - 00000578 _____ C:\WINDOWS\system32\.crusader
2016-06-10 15:22 - 2016-06-10 15:22 - 00000385 _____ C:\Users\Mandy85\AppData\Roaminguser_gensett.xml
2016-06-10 15:17 - 2016-06-15 11:17 - 00007071 _____ C:\bdlog.txt
2016-06-10 15:16 - 2016-06-10 15:16 - 00000000 ____D C:\Users\Mandy85\AppData\Temp
2016-06-10 15:06 - 2016-06-10 15:06 - 00000385 _____ C:\WINDOWS\system32\user_gensett.xml
2016-06-10 15:04 - 2016-06-10 15:04 - 00002278 _____ C:\Users\Public\Desktop\Bitdefender 2016.lnk
2016-06-10 15:04 - 2016-06-10 15:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitdefender 2016
2016-06-10 15:03 - 2016-06-13 13:02 - 00000000 ____D C:\ProgramData\BDLogging
2016-06-10 15:03 - 2013-09-08 20:04 - 00023568 _____ (Bitdefender) C:\WINDOWS\system32\Drivers\bdelam.sys
2016-06-10 15:03 - 2007-04-11 11:11 - 00511328 _____ (Microsoft Corporation) C:\WINDOWS\capicom.dll
2016-06-10 15:02 - 2016-06-10 15:11 - 00000000 ____D C:\Users\Mandy85\AppData\Roaming\Bitdefender
2016-06-10 15:02 - 2016-03-18 06:58 - 00842152 _____ (BitDefender) C:\WINDOWS\system32\Drivers\avckf.sys
2016-06-10 15:02 - 2016-03-18 06:56 - 01623536 _____ (BitDefender) C:\WINDOWS\system32\Drivers\avc3.sys
2016-06-10 15:02 - 2016-03-03 01:36 - 00298736 _____ (Bitdefender) C:\WINDOWS\system32\Drivers\ignis.sys
2016-06-10 15:02 - 2015-12-04 19:27 - 00087912 _____ (BitDefender) C:\WINDOWS\system32\Drivers\bdvedisk.sys
2016-06-10 14:57 - 2016-06-10 15:12 - 00000000 ____D C:\ProgramData\Bitdefender
2016-06-10 14:57 - 2016-06-10 14:57 - 00000000 ____D C:\Users\Mandy85\AppData\Roaming\QuickScan
2016-06-10 14:57 - 2016-06-10 14:57 - 00000000 ____D C:\Program Files\Common Files\Bitdefender
2016-06-10 14:57 - 2016-06-10 14:57 - 00000000 ____D C:\Program Files\Bitdefender
2016-06-10 14:57 - 2016-02-22 15:13 - 00511320 _____ (BitDefender S.R.L.) C:\WINDOWS\system32\Drivers\trufos.sys
2016-06-10 14:57 - 2015-12-16 05:53 - 00182936 _____ (BitDefender LLC) C:\WINDOWS\system32\Drivers\gzflt.sys
2016-06-10 14:26 - 2016-06-10 20:27 - 00000000 ____D C:\Program Files\HitmanPro
2016-06-10 14:25 - 2016-06-10 15:28 - 00000000 ____D C:\ProgramData\HitmanPro
2016-06-10 13:06 - 2016-06-10 20:25 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-06-10 13:05 - 2016-06-10 13:05 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-06-10 12:48 - 2016-06-10 12:57 - 00000000 ____D C:\AdwCleaner
2016-06-10 12:43 - 2016-06-10 12:43 - 00000000 ____D C:\ProgramData\Simply Super Software
2016-06-10 12:36 - 2016-06-10 12:36 - 00003794 _____ C:\WINDOWS\System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864
2016-06-10 12:34 - 2016-06-15 12:49 - 00000000 ____D C:\Program Files\Bitdefender Agent
2016-06-10 12:34 - 2016-06-10 12:34 - 00000000 ____D C:\ProgramData\Bitdefender Agent
2016-06-10 12:13 - 2016-04-22 09:57 - 00453288 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2016-06-10 12:05 - 2016-06-10 12:05 - 00000000 ____D C:\OETemp
2016-06-10 12:03 - 2016-06-10 12:21 - 00000000 ____D C:\WINDOWS\system32\SSL
2016-06-10 12:02 - 2016-06-10 12:02 - 00001542 ____S C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Моzilla Firefoх.lnk
2016-06-10 10:47 - 2016-06-10 11:52 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-06-07 15:34 - 2016-06-07 15:34 - 00000000 ____D C:\Users\Mandy85\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-06-06 13:52 - 2016-06-06 13:52 - 01661549 _____ C:\Users\Mandy85\Desktop\BKK Bonusprogramm Hrube.pdf
2016-06-06 11:00 - 2016-06-06 11:00 - 00001826 _____ C:\Users\Public\Desktop\iTunes.lnk
2016-06-06 11:00 - 2016-06-06 11:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2016-06-06 10:59 - 2016-06-06 11:00 - 00000000 ____D C:\Program Files\iTunes
2016-06-06 10:59 - 2016-06-06 10:59 - 00000000 ____D C:\Program Files\iPod
2016-06-06 10:59 - 2016-06-06 10:59 - 00000000 ____D C:\Program Files (x86)\iTunes
2016-05-29 10:49 - 2016-05-29 11:03 - 00000000 ____D C:\Users\Mandy85\Desktop\Bewerbung
2016-05-28 15:32 - 2016-05-28 15:32 - 00000000 ____D C:\$SysReset
2016-05-17 10:33 - 2016-05-17 10:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-06-15 13:36 - 2016-03-13 12:40 - 00000000 ____D C:\Users\Mandy85\AppData\Local\Deployment
2016-06-15 13:31 - 2016-05-07 11:26 - 00001244 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-2819549147-2898331595-3477625086-1001UA.job
2016-06-15 12:47 - 2014-04-13 00:05 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-06-15 11:57 - 2015-10-30 09:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-06-15 11:31 - 2016-05-07 11:26 - 00001192 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-2819549147-2898331595-3477625086-1001Core.job
2016-06-15 11:22 - 2015-10-30 09:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-06-15 11:22 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-06-15 11:21 - 2015-10-30 08:28 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2016-06-15 11:18 - 2016-03-13 11:48 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2016-06-15 11:18 - 2014-08-29 13:23 - 00000000 __SHD C:\Users\Mandy85\IntelGraphicsProfiles
2016-06-15 11:17 - 2016-03-13 12:18 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-06-15 11:17 - 2015-10-30 08:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2016-06-15 11:15 - 2014-08-31 14:59 - 00004156 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{E328451F-3FA5-4D5A-A3C6-266B1F172D19}
2016-06-14 11:06 - 2014-04-08 18:50 - 00000000 ____D C:\Users\Mandy85\AppData\Local\Packages
2016-06-14 10:04 - 2014-04-16 21:37 - 00000000 ____D C:\Users\Mandy85\AppData\LocalLow\Temp
2016-06-13 16:21 - 2012-03-11 20:27 - 00000000 ___RD C:\Users\Mandy85\Desktop\Diverses
2016-06-13 16:19 - 2014-04-08 19:16 - 00000000 ____D C:\Users\Mandy85\AppData\Roaming\Skype
2016-06-13 15:56 - 2014-06-29 16:40 - 00000000 ____D C:\Users\Mandy85\Desktop\Musik
2016-06-13 15:52 - 2016-05-02 10:07 - 00000575 _____ C:\Users\Mandy85\Desktop\to do allgemein.txt
2016-06-13 15:44 - 2016-03-28 10:29 - 00000000 ____D C:\Users\Mandy85\AppData\Roaming\DVDVideoSoft
2016-06-11 10:57 - 2015-10-30 09:21 - 00000000 ____D C:\WINDOWS\INF
2016-06-10 20:17 - 2014-04-10 17:03 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2016-06-10 20:13 - 2012-07-26 07:26 - 00000234 _____ C:\WINDOWS\win.ini
2016-06-10 19:27 - 2015-08-30 11:39 - 00000000 ____D C:\ProgramData\PDF Architect 3
2016-06-10 19:26 - 2015-12-27 13:40 - 00000000 ____D C:\ProgramData\PDF Architect 4
2016-06-10 18:10 - 2014-04-08 19:15 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-06-10 16:47 - 2014-04-08 18:50 - 00000000 ____D C:\Users\Mandy85\AppData\Local\VirtualStore
2016-06-10 16:19 - 2014-08-08 10:13 - 00000000 ____D C:\ProgramData\Package Cache
2016-06-10 15:56 - 2014-05-21 10:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2016-06-10 15:56 - 2014-05-21 10:58 - 00000000 ____D C:\Program Files (x86)\HP
2016-06-10 13:47 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\Provisioning
2016-06-10 12:58 - 2015-08-30 11:37 - 00000000 ____D C:\Users\Mandy85\AppData\Roaming\Lavasoft
2016-06-10 12:58 - 2015-08-30 11:37 - 00000000 ____D C:\Program Files (x86)\Lavasoft
2016-06-10 12:57 - 2015-08-30 11:36 - 00000000 ____D C:\ProgramData\Lavasoft
2016-06-10 12:23 - 2014-04-08 19:16 - 00000000 ____D C:\ProgramData\Avira
2016-06-10 12:08 - 2014-04-08 19:16 - 00000000 ____D C:\Program Files (x86)\Avira
2016-06-10 12:07 - 2014-04-08 19:20 - 00000000 ____D C:\Users\Mandy85\AppData\Roaming\Avira
2016-06-10 11:52 - 2014-04-10 14:29 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-06-09 17:04 - 2015-10-30 20:35 - 00776766 _____ C:\WINDOWS\system32\perfh007.dat
2016-06-09 17:04 - 2015-10-30 20:35 - 00155544 _____ C:\WINDOWS\system32\perfc007.dat
2016-06-09 17:04 - 2015-10-20 22:15 - 01799166 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-06-07 15:34 - 2014-04-13 17:27 - 00000000 ____D C:\Users\Mandy85\AppData\Roaming\Dropbox
2016-06-06 10:59 - 2014-04-13 17:20 - 00000000 ____D C:\Program Files\Common Files\Apple
2016-06-03 15:37 - 2014-04-08 19:15 - 00000000 ____D C:\ProgramData\Skype
2016-06-02 17:41 - 2014-08-31 18:12 - 00000000 ____D C:\Users\Mandy85\AppData\Local\PokerStars.EU
2016-06-02 17:41 - 2014-08-31 18:12 - 00000000 ____D C:\Program Files (x86)\PokerStars.EU
2016-06-02 13:44 - 2015-11-22 15:32 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-05-28 15:18 - 2016-02-01 12:46 - 00000000 ____D C:\Users\Mandy85\AppData\Local\MicrosoftEdge
2016-05-19 11:56 - 2015-10-20 22:34 - 00002432 _____ C:\Users\Mandy85\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-05-19 11:56 - 2015-10-20 22:34 - 00000000 ___RD C:\Users\Mandy85\OneDrive
2016-05-17 18:57 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\rescache
2016-05-17 10:33 - 2014-04-10 14:09 - 00000000 ____D C:\ProgramData\Cisco
2016-05-17 10:33 - 2014-04-10 14:09 - 00000000 ____D C:\Program Files (x86)\Cisco

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2016-06-13 13:02 - 2016-06-13 13:02 - 0025477 _____ () C:\ProgramData\1465815739.bdinstall.bin
2016-06-14 09:57 - 2016-06-14 09:57 - 0025477 _____ () C:\ProgramData\1465891031.bdinstall.bin
2016-06-14 16:11 - 2016-06-14 16:11 - 0025980 _____ () C:\ProgramData\1465913495.bdinstall.bin
2016-06-14 16:12 - 2016-06-14 16:12 - 0025981 _____ () C:\ProgramData\1465913518.bdinstall.bin
2016-06-15 11:13 - 2016-06-15 11:13 - 0026786 _____ () C:\ProgramData\1465982021.bdinstall.bin
2014-07-10 11:52 - 2014-07-10 11:52 - 0000057 _____ () C:\ProgramData\Ament.ini
2013-10-05 17:45 - 2013-10-05 17:45 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2014-05-21 10:57 - 2016-06-10 18:13 - 0002894 _____ () C:\ProgramData\hpzinstall.log
2015-08-15 11:51 - 2015-08-25 21:00 - 0000528 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.64.bc

==================== Bamital & volsnap =================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert


LastRegBack: 2016-06-06 10:49

==================== Ende von FRST.txt ============================

Addition:

Code:

ATTFilter

Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:13-06-2016
durchgeführt von Mandy85 (2016-06-15 13:37:04)
Gestartet von C:\Users\Mandy85\Desktop
Windows 10 Home Version 1511 (X64) (2016-03-13 10:24:46)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-2819549147-2898331595-3477625086-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2819549147-2898331595-3477625086-503 - Limited - Disabled)
Gast (S-1-5-21-2819549147-2898331595-3477625086-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2819549147-2898331595-3477625086-1005 - Limited - Enabled)
Mandy85 (S-1-5-21-2819549147-2898331595-3477625086-1001 - Administrator - Enabled) => C:\Users\Mandy85

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Bitdefender Antivirus (Disabled - Up to date) {3FB17364-4FCC-0FA7-6BBF-973897395371}
AS: Bitdefender Spyware-Schutz (Disabled - Up to date) {84D09280-69F6-0029-510F-AC4AECBE19CC}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Bitdefender Firewall (Enabled) {078AF241-05A3-0EFF-40E0-3E0D69EA140A}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

4500_Help (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Acer Launch Manager (HKLM\...\{C18D55BD-1EC6-466D-B763-8EEDDDA9100E}) (Version: 8.00.3004 - Acer Incorporated)
Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.3013 - Acer Incorporated)
Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.3016 - Acer Incorporated)
Acer USB Charge Manager (HKLM\...\{07E867C5-0C48-40FF-A013-DDAF4565AD47}) (Version: 2.00.3004 - Acer Incorporated)
AcerCloud Docs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.01.2008 - Acer Incorporated)
AcerCloud Portal (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 2.02.2022 - Acer Incorporated)
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.016.20045 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.242 - Adobe Systems Incorporated)
AFPL Ghostscript 8.54 (HKLM-x32\...\AFPL Ghostscript 8.54) (Version:  - )
AFPL Ghostscript Fonts (HKLM-x32\...\AFPL Ghostscript Fonts) (Version:  - )
Apple Application Support (32-Bit) (HKLM-x32\...\{26356515-5821-40FA-9C3D-9785052A1062}) (Version: 4.3.1 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{C2651553-6CA3-4822-B2E6-BC4ACA6E0EA2}) (Version: 4.3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Bitdefender Agent (HKLM\...\Bitdefender Agent) (Version: 20.0.26.1436 - Bitdefender)
Bitdefender Total Security 2016 (HKLM\...\Bitdefender) (Version: 20.0.28.1478 - Bitdefender)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
bpd_scan (x32 Version: 3.00.0000 - Hewlett-Packard) Hidden
BPDSoftware (x32 Version: 140.0.001.000 - Hewlett-Packard) Hidden
BPDSoftware_Ini (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
BufferChm (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
Cisco AnyConnect Secure Mobility Client  (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.13015 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.13015 - Cisco Systems, Inc.) Hidden
clear.fi Media (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.02.2012 - Acer Incorporated)
clear.fi Photo (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 2.02.2016 - Acer Incorporated)
clear.fi SDK - Video 2 (x32 Version: 2.1.2606 - CyberLink Corp.) Hidden
clear.fi SDK- Movie 2 (x32 Version: 2.1.2606 - CyberLink Corp.) Hidden
Destinations (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
DocProc (x32 Version: 140.0.185.000 - Hewlett-Packard) Hidden
Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.8000.17 - Dolby Laboratories Inc)
Dropbox (HKU\S-1-5-21-2819549147-2898331595-3477625086-1001\...\Dropbox) (Version: 4.4.29 - Dropbox, Inc.)
ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 17.3.19290 - Landesfinanzdirektion Thüringen)
Fax (x32 Version: 140.0.307.000 - Hewlett-Packard) Hidden
FileOpen Client (x64) B928 (HKLM\...\{3ED9A79B-1419-4C5F-BA88-EFD6F180EBE5}) (Version: 3.0.95.928 - FileOpen Systems, Inc.)
FreePDF (Remove only) (HKLM-x32\...\FreePDF_XP) (Version:  - )
GPBaseService2 (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
HP ENVY 4500 series - Grundlegende Software für das Gerät (HKLM\...\{7A564D11-817E-48B1-9830-91420BF6E339}) (Version: 32.2.188.47710 - Hewlett-Packard Co.)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Officejet J4500 Series 14.0 Rel. 6 (HKLM\...\{EACF146B-01D2-4185-B773-9604A0E5902A}) (Version: 14.0 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Update (HKLM-x32\...\{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}) (Version: 5.002.006.003 - Hewlett-Packard)
HPDiagnosticCoreDll (HKLM-x32\...\{9262B08F-E183-4FED-A2BD-23FF1A84EB79}) (Version: 1.0.15.0 - Hewlett Packard)
HPProductAssistant (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.3006 - Acer Incorporated)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.0.1428 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3621 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.5.0.1066 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.63463 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.40 - Irfan Skiljan)
iTunes (HKLM\...\{9F4BF859-C3A4-4AB6-BDD1-9C5D58188598}) (Version: 12.4.1.6 - Apple Inc.)
J4500 (x32 Version: 140.0.001.000 - Hewlett-Packard) Hidden
Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.3010 - Acer Incorporated)
Microsoft IntelliPoint 8.2 (HKLM\...\Microsoft IntelliPoint 8.2) (Version: 8.20.468.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 DEU (HKLM-x32\...\{0125D081-30D0-4A97-82A8-C28D444B6256}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 DEU (HKLM\...\{C3EAE456-7E7A-451F-80EF-F34C7A13C558}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 47.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 47.0 (x86 de)) (Version: 47.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 47.0.0.5999 - Mozilla)
OCR Software by I.R.I.S. 14.0 (HKLM\...\HPOCR) (Version: 14.0 - HP)
Office Addin (HKLM-x32\...\{6D2BBE1D-E600-4695-BA37-0B0E605542CC}) (Version: 2.02.2008 - Acer)
Outils de vérification linguistique 2013 de Microsoft Office*- Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 2.2.2 - pdfforge)
PokerStars.eu (HKLM-x32\...\PokerStars.eu) (Version:  - PokerStars.eu)
ProductContext (x32 Version: 140.0.001.000 - Hewlett-Packard) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.222 - Qualcomm Atheros Communications)
Qualcomm Atheros WLAN and Bluetooth Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 11.43 - Qualcomm Atheros)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.14.327.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6909 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C9661090-C134-46E8-90B2-76D72355C2A6}) (Version: 6.2.9200.21222 - Realtek Semiconductor Corp.)
RedMon - Redirection Port Monitor (HKLM\...\Redirection Port Monitor) (Version: 1.90 - Ghostgum Software Pty Ltd)
Scan (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version:  - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version:  - Microsoft) Hidden
Skype™ 7.24 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.24.104 - Skype Technologies S.A.)
SolutionCenter (x32 Version: 140.0.299.000 - Hewlett-Packard) Hidden
Status (x32 Version: 140.0.342.000 - Hewlett-Packard) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.3.12.34 - Synaptics Incorporated)
Toolbox (x32 Version: 140.0.596.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
Update for Skype for Business 2015 (KB3039776) 64-Bit Edition (HKLM\...\{90150000-012B-0407-1000-0000000FF1CE}_Office15.PROPLUS_{5D2260D6-DB16-41DC-915B-A39BF4F66362}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB3115033) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{F258B6E3-BF41-4FEE-BE45-D7518C3B7FC1}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB3115033) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{F258B6E3-BF41-4FEE-BE45-D7518C3B7FC1}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB3115033) 64-Bit Edition (HKLM\...\{90150000-012B-0407-1000-0000000FF1CE}_Office15.PROPLUS_{F258B6E3-BF41-4FEE-BE45-D7518C3B7FC1}) (Version:  - Microsoft)
Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
WebReg (x32 Version: 140.0.297.017 - Hewlett-Packard) Hidden
Winamp (HKLM-x32\...\Winamp) (Version: 5.666  - Nullsoft, Inc)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

CustomCLSID: HKU\S-1-5-21-2819549147-2898331595-3477625086-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Mandy85\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2819549147-2898331595-3477625086-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Mandy85\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2819549147-2898331595-3477625086-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Mandy85\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2819549147-2898331595-3477625086-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mandy85\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2819549147-2898331595-3477625086-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mandy85\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2819549147-2898331595-3477625086-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mandy85\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2819549147-2898331595-3477625086-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mandy85\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2819549147-2898331595-3477625086-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mandy85\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2819549147-2898331595-3477625086-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mandy85\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2819549147-2898331595-3477625086-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mandy85\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2819549147-2898331595-3477625086-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mandy85\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2819549147-2898331595-3477625086-1001_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Mandy85\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {009C2EAD-BCCE-428B-8764-FA0FE89C67DA} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2819549147-2898331595-3477625086-1001UA => C:\Users\Mandy85\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-05-07] (Dropbox, Inc.)
Task: {28E478A1-BD8B-420D-B002-87FE4B04C11A} - System32\Tasks\Launch Manager => C:\Program Files\Acer\Acer Launch Manager\LMLauncher.exe [2013-04-26] (Acer Incorporate)
Task: {330A7D6E-B7AC-4A57-93E6-709BF7402126} - System32\Tasks\ALU => C:\Program Files (x86)\Acer\Live Updater\updater.exe [2013-03-13] ()
Task: {39F28A47-0D3E-4C86-90FD-D0EF768E8179} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {3AF54698-227D-4EE5-8D87-91D9FD5C04C3} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2819549147-2898331595-3477625086-1001Core => C:\Users\Mandy85\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-05-07] (Dropbox, Inc.)
Task: {575145B1-F06C-44FF-9BAC-9C782313EEC1} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-05-11] (Microsoft Corporation)
Task: {6FF28BBC-80F5-420B-A3C0-B55A144BF03C} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {7738D642-2C81-4F34-9527-53B972F0554F} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-04-22] (Adobe Systems Incorporated)
Task: {931A48DE-860F-4B3E-8BB6-97F75A48AED3} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {974AE9E6-D2CA-4431-9F86-B33D1A78F0CE} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe [2013-01-22] ()
Task: {B0C4191A-59B4-447B-8F04-69017BA89B2F} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-08-01] (Microsoft Corporation)
Task: {C00BE087-1242-4F15-9BCD-2FE67A927D22} - System32\Tasks\Dolby Selector => C:\Dolby PCEE4\pcee4.exe [2012-08-31] (Dolby Laboratories Inc.)
Task: {C4B6A259-F0AC-4A76-80FC-9278A25D8B3B} - System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 => C:\Program Files\Bitdefender Agent\WatchDog.exe [2016-04-18] (Bitdefender)
Task: {DDA4AC88-DA03-44A2-9EB5-19F4B8253AEC} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\BrowserChoice\browserchoice.exe
Task: {E7BE02EC-B677-4A4D-BBCD-6FF28000BBF1} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTray.exe [2013-03-15] (Acer Incorporated)
Task: {E7C36DA6-BA32-4825-8E33-6127E1DF742D} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {F74F3580-506E-4AD3-A7D8-6389C27C5122} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-05-14] (Adobe Systems Incorporated)

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-2819549147-2898331595-3477625086-1001Core.job => C:\Users\Mandy85\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-2819549147-2898331595-3477625086-1001UA.job => C:\Users\Mandy85\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

==================== Verknüpfungen =============================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2015-10-30 09:18 - 2015-10-30 09:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-06-10 15:02 - 2013-09-03 14:29 - 00101328 _____ () C:\Program Files\Bitdefender\Bitdefender 2016\bdmetrics.dll
2016-06-10 15:02 - 2016-05-09 11:29 - 01006336 _____ () C:\Program Files\Bitdefender\Bitdefender 2016\otengines_001_001\ashttpbr.mdl
2016-06-10 15:02 - 2016-05-09 11:29 - 00541952 _____ () C:\Program Files\Bitdefender\Bitdefender 2016\otengines_001_001\ashttpdsp.mdl
2016-06-10 15:02 - 2016-05-09 11:29 - 03035488 _____ () C:\Program Files\Bitdefender\Bitdefender 2016\otengines_001_001\ashttpph.mdl
2016-06-10 15:02 - 2016-05-09 11:29 - 01541440 _____ () C:\Program Files\Bitdefender\Bitdefender 2016\otengines_001_001\ashttprbl.mdl
2016-03-18 22:56 - 2016-03-18 22:56 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-04-22 01:07 - 2016-04-22 01:07 - 01337144 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-04-13 08:21 - 2016-03-29 12:20 - 02656952 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-04-13 08:21 - 2016-03-29 12:20 - 02656952 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-05-19 11:56 - 2016-05-19 11:56 - 00959168 _____ () C:\Users\Mandy85\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\ClientTelemetry.dll
2013-10-05 18:03 - 2013-02-20 22:58 - 00111176 _____ () C:\Program Files (x86)\Acer\clear.fi plug-in\Clearfishellext_x64.dll
2016-03-13 11:35 - 2016-03-13 11:35 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-05-11 14:21 - 2016-04-23 06:25 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-09-30 20:39 - 2015-09-30 20:39 - 00415128 _____ () C:\WINDOWS\system32\igfxTray.exe
2016-05-11 14:22 - 2016-04-23 06:02 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-05-11 14:22 - 2016-04-23 05:58 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-05-11 14:22 - 2016-04-23 05:58 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-05-11 14:22 - 2016-04-23 06:01 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-10-13 16:10 - 2015-10-13 16:10 - 01428648 _____ () C:\Program Files\Microsoft Office\Office15\ADDINS\UmOutlookAddin.dll
2015-12-23 15:27 - 2015-12-23 15:27 - 00063376 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
2014-10-25 13:23 - 2016-03-23 14:06 - 00110952 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\zlib1.dll
2014-10-25 13:23 - 2016-03-23 14:06 - 00253800 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\collector.dll
2014-10-25 13:23 - 2016-03-23 14:06 - 00295272 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\stat.dll
2014-10-25 13:23 - 2016-03-23 14:06 - 00104296 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\boost_filesystem-vc120-mt-1_56.dll
2014-10-25 13:23 - 2016-03-23 14:06 - 00020328 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\boost_system-vc120-mt-1_56.dll
2014-10-25 13:23 - 2016-03-23 14:06 - 00044392 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\boost_date_time-vc120-mt-1_56.dll
2016-05-19 11:56 - 2016-05-19 11:56 - 00679624 _____ () C:\Users\Mandy85\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\ClientTelemetry.dll
2013-10-05 17:21 - 2013-03-20 09:47 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)

AlternateDataStreams: C:\Users\Mandy85\Desktop\esetsmartinstaller_deu.exe:BDU [0]
AlternateDataStreams: C:\Users\Mandy85\Desktop\HitmanPro_x64.exe:BDU [0]
AlternateDataStreams: C:\Users\Mandy85\Desktop\SystemLook_x64.exe:BDU [0]
AlternateDataStreams: C:\Users\Mandy85\Desktop\tdsskiller.exe:BDU [0]

==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)


==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)

IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-2819549147-2898331595-3477625086-1001\...\localhost -> localhost

==================== Hosts Inhalt: ===============================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2013-08-22 15:25 - 2016-06-15 13:18 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1       localhost

==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-2819549147-2898331595-3477625086-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Mandy85\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKLM\...\StartupApproved\StartupFolder: => "HP Digital Imaging Monitor.lnk"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "PDFPrint"
HKU\S-1-5-21-2819549147-2898331595-3477625086-1001\...\StartupApproved\Run: => "BrowserChoice"

==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{FE16DB55-3448-41B4-AEBB-6B0D5139FDFF}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{A10B8F0E-BC5F-4BBD-9984-DACACF091B94}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{3C82A3AA-44CF-4DB2-A42B-2F1A17F7D0CB}] => (Allow) C:\Program Files\HP\HP ENVY 4500 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{726538A5-3BCE-41FB-8E5C-F068CCDDF1CB}] => (Allow) LPort=5357
FirewallRules: [{3731ECD6-96F2-4875-8A29-A93E0777BA3D}] => (Allow) C:\Program Files\HP\HP ENVY 4500 series\Bin\DeviceSetup.exe
FirewallRules: [{834FADE1-CBBE-4F12-ABD0-D24A4C978059}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [{D0627080-2107-42E9-9D6F-A55DA805090A}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [{E77F4DCB-DEED-480D-BC55-17A4A9589883}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{C2714E79-59AF-4429-9A06-E70D9E4CFA78}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{F735367C-889F-4A83-917C-5AB8BB9C08B0}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{80F933EF-B441-42A8-BED9-370EBF11F053}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqfxt08.exe
FirewallRules: [{FDEDE01A-0AD2-4F5E-8691-688D1D5F9774}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxs08.exe
FirewallRules: [{A9247B39-67D4-4687-AEAE-59A9CB7DB090}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{BF054137-D8BB-41B1-8131-892016F8311D}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{E38BB25F-F9E1-47CE-BA4E-0C5872373956}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpzwiz01.exe
FirewallRules: [{7EAB9F98-68F5-4147-AA22-5EE8EEE010AD}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{A6E78499-1F62-40A8-9692-59B9B1FE8832}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{CA47D9D6-D151-41FB-8530-87C18646810E}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{AC72F3E7-DD52-4C40-8911-D920DE52448D}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposfx08.exe
FirewallRules: [{D5F72E62-61BC-4A22-A352-35ECCDDF440D}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxm08.exe
FirewallRules: [{133DBA7E-71BF-4714-85D9-E76B17757309}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{FFC6105F-3FDB-4041-89EE-A5D399A1FAE6}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{78BDA0A5-8379-4E3F-9DD8-4BB20F3E950A}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{60ED60ED-A553-465F-907D-4BB761AE265C}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{FCBC375E-6537-428F-981A-E8EBF8D11242}] => (Allow) C:\Users\Mandy85\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{F684E320-6333-427A-A285-09D6FAB2D2C1}] => (Allow) C:\Users\Mandy85\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{F9C587CE-B4DD-45AA-9E15-36915C96F8D9}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{0CC6346B-C836-495B-B70D-C36652E0BF04}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{ACBB40FA-0747-4562-9562-4546B7BC58B0}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{E5933716-2F7C-4D8C-A736-1BB175A9A2C9}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{7C145D6A-789F-4542-896C-1AE84640A05B}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{5D7C4460-1404-4AA0-BAAD-FF2CACEA4F14}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{605BB654-018F-4AF8-BD35-9CCBA2184B75}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{29891796-F3C2-4651-9A1C-E5318EA7F5E7}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{560DD717-0809-4E71-881F-7973A916AD96}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{147DD520-8B5B-4E0F-8139-04F38517F780}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\virtualdrive.exe
FirewallRules: [{75833E1C-313A-4269-BF0E-F6C3A39EAEA2}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\virtualdrive.exe
FirewallRules: [{32E4CE4F-1B82-42FB-8C10-BB9D269DE2E7}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\Sdd.exe
FirewallRules: [{8CF1B0BD-91BA-458C-A66F-AFF7936A1236}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\Sdd.exe
FirewallRules: [{AF748F03-5979-4B89-B0F8-1ECF60ADBBD6}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\ccd.exe
FirewallRules: [{2AC2B658-5E33-457F-A20C-58FFF42F31AB}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\ccd.exe
FirewallRules: [{9793FCFC-1FC5-492C-973E-B2AA4086167F}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\WindowsUpnp.exe
FirewallRules: [{B3A0E4D6-44A0-4934-A22A-D42119335FC7}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\WindowsUpnp.exe
FirewallRules: [{A02F5DD8-503B-4E18-BEF8-AD7AAAE7C47D}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\DMCDaemon.exe
FirewallRules: [{B8FCC90B-5CAE-49F8-A5FE-354FD3481893}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\DMCDaemon.exe
FirewallRules: [{8A287AFF-AEAF-47FB-A2D2-8F2B56ECA7A8}] => (Allow) C:\Program Files (x86)\Acer\clear.fi SDK21\Movie\PlayMovie.exe
FirewallRules: [{AA24E7A9-7EDE-46A8-A815-FAEE7AFFF659}] => (Allow) C:\Program Files (x86)\Acer\clear.fi SDK21\Video\MusicPlayer.exe
FirewallRules: [{47453C64-ED6A-40F3-BD3C-48834B70203F}] => (Allow) C:\Program Files (x86)\Acer\clear.fi SDK21\Video\VideoPlayer.exe
FirewallRules: [{3B2FBB27-4092-4B9B-94E6-0B427F493B0E}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\WindowsUpnpMV.exe
FirewallRules: [{42FF2468-0E05-4A6C-9563-FAE7E6517E35}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\WindowsUpnpMV.exe
FirewallRules: [{BCCBFC24-F941-4A26-892A-1A0D9BB81465}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\DMCDaemon.exe
FirewallRules: [{814039D2-D9A5-46DD-AEC8-E28F63B94CD8}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\DMCDaemon.exe
FirewallRules: [{8E578593-A08D-4D6B-BB46-38C977439879}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{8AA7C6A4-925A-42D4-B203-5166ACF9BD63}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{AD9751DC-1387-4474-B15E-1B944D565CB5}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{50F41FC0-DD8A-45E6-9563-62F8E297C04B}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{64465223-B060-4B3A-A4CC-2DD80071E511}] => (Allow) C:\Program Files (x86)\Nero\Nero 12\Nero BackItUp\BackItUp.exe
FirewallRules: [{F2ECEB75-552B-42E5-8E41-1064C2DFC3CC}] => (Allow) C:\Program Files (x86)\Nero\Nero 12\Nero BackItUp\BackItUp.exe
FirewallRules: [{202F81ED-B0F5-4B69-83C0-14BD04CC68CE}] => (Allow) C:\Program Files\Common Files\mcafee\platform\mcsvchost\McSvHost.exe
FirewallRules: [{59D9E35E-3977-42AC-A56E-2D01D1B78C7F}] => (Allow) C:\Program Files\Common Files\mcafee\platform\mcsvchost\McSvHost.exe
FirewallRules: [{26273E9A-A545-4382-95D9-7D34CD5B8EB6}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{43155AB8-E284-43EA-83EE-5E461A5B576C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{1AA8DED2-5885-490A-A493-F8FD7A079865}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{785E8305-1D7A-4094-A42D-5FBFD0638181}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{A24D72F6-4ED7-4DA4-8973-1BC727B37D65}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{A9060493-1071-4DF4-A653-7CAE0A456711}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{E1D6B457-BA76-44C8-9FC5-29D80E624DF4}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{B0CCC29B-00F7-439F-8FBC-579D84143473}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{55F60B9F-33DC-4A9D-BF34-E561EAB9FC36}] => (Allow) C:\Program Files\iTunes\iTunes.exe

==================== Wiederherstellungspunkte =========================

26-05-2016 12:21:15 Geplanter Prüfpunkt
02-06-2016 16:37:00 Geplanter Prüfpunkt
10-06-2016 12:02:30 AdBlocker
10-06-2016 19:40:09 JRT Pre-Junkware Removal
10-06-2016 19:44:41 JRT Pre-Junkware Removal

==================== Fehlerhafte Geräte im Gerätemanager =============

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (06/15/2016 01:32:42 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528.manifest.

Error: (06/15/2016 01:18:22 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528.manifest.

Error: (06/15/2016 01:17:54 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528.manifest.

Error: (06/15/2016 11:22:21 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528.manifest.

Error: (06/15/2016 11:21:24 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528.manifest.

Error: (06/15/2016 11:21:22 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528.manifest.

Error: (06/15/2016 11:21:16 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528.manifest.

Error: (06/15/2016 11:21:16 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528.manifest.

Error: (06/15/2016 11:21:08 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528.manifest.

Error: (06/15/2016 11:21:06 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528.manifest.


Systemfehler:
=============
Error: (06/15/2016 12:49:30 PM) (Source: BTHUSB) (EventID: 17) (User: )
Description: Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen und wird nicht verwendet. Der Treiber wurde entladen.

Error: (06/15/2016 12:47:30 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalAktivierung{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (06/15/2016 12:17:52 PM) (Source: BTHUSB) (EventID: 17) (User: )
Description: Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen und wird nicht verwendet. Der Treiber wurde entladen.

Error: (06/15/2016 12:16:48 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalAktivierung{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (06/15/2016 11:26:06 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet: 
Der Treiber konnte nicht geladen werden.


Error: (06/15/2016 11:26:06 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Mandy85\AppData\Local\Temp\ehdrv.sys

Error: (06/15/2016 11:26:05 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet: 
Der Treiber konnte nicht geladen werden.


Error: (06/15/2016 11:26:05 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Mandy85\AppData\Local\Temp\ehdrv.sys

Error: (06/15/2016 11:26:05 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet: 
Der Treiber konnte nicht geladen werden.


Error: (06/15/2016 11:26:05 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Mandy85\AppData\Local\Temp\ehdrv.sys


CodeIntegrity:
===================================
  Date: 2016-05-15 11:30:38.864
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-05-14 16:41:39.064
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-05-13 11:20:32.043
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-05-12 09:25:28.217
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-04-15 07:04:59.768
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-04-13 16:59:15.963
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-04-13 08:39:15.948
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-03-23 19:12:40.829
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-03-20 13:22:42.631
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-03-18 13:12:07.490
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.


==================== Speicherinformationen =========================== 

Prozessor: Intel(R) Celeron(R) 2955U @ 1.40GHz
Prozentuale Nutzung des RAM: 56%
Installierter physikalischer RAM: 3976.27 MB
Verfügbarer physikalischer RAM: 1721.89 MB
Summe virtueller Speicher: 4680.27 MB
Verfügbarer virtueller Speicher: 2279.68 MB

==================== Laufwerke ================================

Drive c: (Acer) (Fixed) (Total:449.51 GB) (Free:374.73 GB) NTFS

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 9C6396F5)

Partition: GPT.

==================== Ende von Addition.txt ============================

Zu deinen Fragen: außer, dass bei FRST die Meldung kam "failed to update" als ich es geöffnet habe, ist bisher nichts außergewöhnliches mehr am Laptop in den vergangenen 24 Std passiert. Weiterleitungen auf andere Seiten sind bisher auch nicht mehr erfolgt, ich saß allerdings in den letzten 24 Std auch kaum dran, weil ich erstmal das "Problem" gelöst haben wollte.

Kannst du mir vllt. sagen, woran es lag bzw was das nun in etwa war (etwas nerviges oder doch schon sehr schädliches)?!

Ferner: hast du eine Empfehlung für ein gutes Antiviren-Programm (meine Bitdefender-Test-Lizenz läuft bald ab: ggf. würde ich auch überlegen mir die Vollversion zu kaufen; es sei denn du hast vllt einen Rat was sonst (kostenfreies) ausreichend ist?).

M-K-D-B · 15.06.2016, 16:51

Servus,

auf deinem Rechner war nur etwas Adware, das haben wir entfernt.
Nichts gefährliches, nur lästig.

Empfehlen zu AV-Programmen gibts unten.

Entweder was Kostenloses (Windows Defender = Microsoft Security Essentials) ode was Kostenpfichtiges (ESET oder Emsisoft).

Wenn du keine Probleme mehr mit Malware hast, dann sind wir hier fertig. Deine Logdateien sind sauber.

Zum Schluss müssen wir noch ein paar abschließende Schritte unternehmen, um deinen Pc aufzuräumen und abzusichern.

Cleanup:
Alle Logs gepostet? Dann lade Dir bitte

DelFix herunter.

Schließe alle offenen Programme.
Starte die delfix.exe mit einem Doppelklick.
Setze vor jede Funktion ein Häkchen.
Klicke auf Start.

Hinweis:
DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
Starte Deinen Rechner anschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen.

Absicherung:
Beim Betriebsystem Windows die automatischen Updates aktivieren. Auch die sicherheitsrelevante Software sollte immer nur in der aktuellsten Version vorliegen:
Browser
Java
Flash-Player
PDF-Reader

Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren.
Ich empfehle z.B. die Verwendung von Mozilla Firefox statt des Internet Explorers. Zudem lassen sich mit dem Firefox auch PDF-Dokumente öffnen.

Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig.

Sofern du noch unentschieden bist, verwende ein einziges der folgenden Antivirusprogramme mit Echtzeitscanner und stets aktueller Signaturendatenbank:

	Emsisoft	Microsoft Security Essentials	ESET

Microsoft Security Essentials (MSE) ist ab Windows 8 fest eingebaut, wenn du also Windows 8, 8.1 oder 10 und dich für MSE entschieden hast, brauchst du nicht extra MSE zu installieren. Bei Windows 7 muss es aber manuell installiert oder über die Windows Updates als optionales Update bezogen werden. Selbstverständlich ist ein legales/aktiviertes Windows Voraussetzung dafür.

Zusätzlich kannst Du Deinen PC regelmäßig mit Malwarebytes Anti-Malware und ESET scannen.

Optional:

Adblock Plus Kann Banner, Pop-ups, Videowerbung, Tracking und Malware-Seiten blockieren.

NoScript Verhindert das Ausführen von aktiven Inhalten (Java, JavaScript, Flash,...) für sämtliche Websites. Man kann aber nach dem Prinzip einer Whitelist festlegen, auf welchen Seiten Scripts erlaubt werden sollen.

Malwarebytes Anti Exploit: Schützt die Anwendungen des Computers vor der Ausnutzung bekannter Schwachstellen.

Lade Software von einem sauberen Portal wie

.
Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen, fürs Programm, irrelevanten Ergänzungen.
Um Adware wieder los zu werden, empfiehlt sich zunächst die Deinstallation sowie die anschließende Resteentfernung mit Adwcleaner .

Abschließend noch ein paar grundsätzliche Bemerkungen:

Ändere regelmäßig Deine wichtigen Online-Passwörter und erstelle regelmäßig Backups Deiner wichtigen Dateien oder des Systems.
Lade keine Software von Chip, Softonic oder SourceForge. Die dort angebotene Software wird häufig mit einem sog. "Installer" verteilt, mit dem man sich nur unerwünschte Software oder Adware installiert.
Der Nutzen von Registry-Cleanern, Optimizern usw. zur Performancesteigerung ist umstritten. Selbst Microsoft unterstützt sog. Registry-Cleaner nicht. Ich empfehle deshalb, die Finger von der Registry zu lassen und lieber die windowseigene Datenträgerbereinigung zu verwenden.

Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...

und/oder das Forum mit einer kleinen Spende unterstützen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so dass ich dieses Thema aus meinen Abos löschen kann.

MauD85 · 16.06.2016, 18:16

Ich gucke mir deine letzte Nachricht am Montag in Ruhe an und gebe dir dann eine Rückmeldung. Bin leider bis Sonntagabend mit einem Umzug beschäftigt und schaffe es vorher nicht...wollte Dir nur kurz Bescheid geben. :-)

M-K-D-B · 17.06.2016, 16:40

Dann bis Montag.

MauD85 · 20.06.2016, 15:41

Hier die versprochene Rückmeldung: es ist alles erledigt, keine Fragen mehr vorhanden und Feedback habe ich soeben auch gepostet.

Tausend Dank!

17.06.2016, 16:40	#14
M-K-D-B /// TB-Ausbilder	Weiterleitung auf fremde Seite Dann bis Montag.

Weiterleitung auf fremde Seite

Log-Analyse und Auswertung: Weiterleitung auf fremde Seite