UCBrowser hinterläßt Souren - System läßt sich nicht ganz säubern

emus77 · 18.01.2017, 08:03

Hab mir was eingefangen: UCBrowser!
Habe manuell schon Einiges gemacht und auch Tools benutzt: ADWCleaner, Malwarebytes Anti-Malware und Spybot Search and Destroy.
Dennoch bleiben Reste, die ich nicht wegbekomme - auch habe ich den Eindruck, dass da immer noch was im Hintergrund in meinem System vor sich geht...
Wie auch immer - hier meine ersten Logfiles:
FRST

Code:

ATTFilter

Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 15-01-2017
durchgeführt von Klaus (Administrator) auf KLAUS-PC (18-01-2017 07:08:18)
Gestartet von C:\Users\Klaus\Downloads
Geladene Profile: Klaus (Verfügbare Profile: Klaus & DefaultAppPool)
Platform: Windows 10 Pro Version 1607 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: Chrome)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Alcohol Soft Development Team) C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAHCIServiceEx.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S60RPB.EXE
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(StarWind Software) C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(VIA Technologies, Inc.) C:\Program Files\VIA XHCI UASP Utility\usb3Monitor.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Ultra\DTAgent.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Ultra\DiscSoftBusService.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Telegram Messenger LLP) C:\Users\Klaus\AppData\Roaming\Telegram Desktop\Telegram.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(AppWork GmbH) C:\Users\Klaus\AppData\Local\JDownloader v2.0\JDownloader2.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [VIAxHCUtl] => C:\Program Files\VIA XHCI UASP Utility\usb3Monitor
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-09-23] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2016-11-01] (Apple Inc.)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [384064 2014-03-19] (Acronis)
HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [650496 2016-01-19] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [863488 2016-01-19] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1087184 2016-01-20] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [115048 2011-09-16] (Renesas Electronics Corporation)
HKLM\...\Policies\Explorer: [TaskbarNoNotification] 0
HKLM\...\Policies\Explorer: [HideSCAHealth] 0
HKLM\...\Policies\Explorer: [DisableThumbsDBOnNetworkFolders] 1
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-21-3767151760-3652987525-2816545776-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-3767151760-3652987525-2816545776-1001\...\Run: [AlcoholAutomount] => C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [39376 2015-03-12] (Alcohol Soft Development Team)
HKU\S-1-5-21-3767151760-3652987525-2816545776-1001\...\Run: [DAEMON Tools Ultra Agent] => C:\Program Files\DAEMON Tools Ultra\DTAgent.exe [4526424 2015-08-06] (Disc Soft Ltd)
HKU\S-1-5-21-3767151760-3652987525-2816545776-1001\...\Run: [WAZPWNA0WB] => "C:\Program Files\JVQNZCTGG9\JVQNZCTGG.exe"
HKU\S-1-5-21-3767151760-3652987525-2816545776-1001\...\Run: [E21ZCY697U] => "C:\Program Files\Z2VMR9RVMX\Z2VMR9RVM.exe"
HKU\S-1-5-21-3767151760-3652987525-2816545776-1001\...\Policies\Explorer: [NoThumbnailCache] 1
HKU\S-1-5-21-3767151760-3652987525-2816545776-1001\...\MountPoints2: {4d4af7b6-d30d-11e6-9acd-002522d4b04c} - "G:\setup.exe" /autorun
HKU\S-1-5-21-3767151760-3652987525-2816545776-1001\...\MountPoints2: {fbd5b57f-5a35-11e6-99d3-002522d4b04c} - "F:\setup.exe" 
HKU\S-1-5-18\...\Run: [] => 0
ShellIconOverlayIdentifiers: [KzShlobj] -> {AAA0C5B8-933F-4200-93AD-B143D7FFF9F2} =>  -> Keine Datei
Startup: C:\Users\Klaus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Telegram.lnk [2016-10-03]
ShortcutTarget: Telegram.lnk -> C:\Users\Klaus\AppData\Roaming\Telegram Desktop\Telegram.exe (Telegram Messenger LLP)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 192.168.0.2
Tcpip\Parameters: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{5ecc38dd-75fd-462e-a8e4-3278545d01d7}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{5ecc38dd-75fd-462e-a8e4-3278545d01d7}: [DhcpNameServer] 8.8.8.8
Tcpip\..\Interfaces\{aa7eb822-2bd5-4f14-b88e-d82ac5d3879e}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{cb5b2749-4c70-4856-bbb0-f845a0b654d6}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{cb5b2749-4c70-4856-bbb0-f845a0b654d6}: [DhcpNameServer] 192.168.0.1 192.168.0.2
Tcpip\..\Interfaces\{f2d32520-817d-11e6-9f04-806e6f6e6963}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{f51c0850-4337-4774-8242-936afa8a7d12}: [NameServer] 8.8.8.8
ManualProxies: 

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\S-1-5-21-3767151760-3652987525-2816545776-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKU\S-1-5-21-3767151760-3652987525-2816545776-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> Keine Datei
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_112\bin\jp2ssv.dll [2016-11-20] (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11] (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> Keine Datei
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_112\bin\jp2ssv.dll [2016-11-20] (Oracle Corporation)
Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} -  Keine Datei
Handler: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2016-04-12] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2016-04-12] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2016-04-12] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2016-04-12] (Microsoft Corporation)

Edge: 
======
Edge HomeButtonPage: HKU\S-1-5-21-3767151760-3652987525-2816545776-1001 -> hxxp://go.gmx.net/tb/ie_startpage

FireFox:
========
FF DefaultProfile: 9mp86hi8.default
FF ProfilePath: C:\Users\Klaus\AppData\Roaming\Mozilla\Firefox\Profiles\9mp86hi8.default [2017-01-17]
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\9mp86hi8.default -> trotux
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\9mp86hi8.default -> trotux
FF Homepage: Mozilla\Firefox\Profiles\9mp86hi8.default -> hxxps://www.malwarebytes.org/restorebrowser/
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_24_0_0_186.dll [2016-12-25] ()
FF Plugin: @java.com/DTPlugin,version=11.112.2 -> C:\Program Files\Java\jre1.8.0_112\bin\dtplugin\npDeployJava1.dll [2016-11-20] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.112.2 -> C:\Program Files\Java\jre1.8.0_112\bin\plugin2\npjp2.dll [2016-11-20] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [Keine Datei]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_24_0_0_186.dll [2016-12-25] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll [2015-12-21] (Adobe Systems, Inc.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.112.2 -> C:\Program Files (x86)\Java\jre1.8.0_112\bin\dtplugin\npDeployJava1.dll [2016-11-20] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.112.2 -> C:\Program Files (x86)\Java\jre1.8.0_112\bin\plugin2\npjp2.dll [2016-11-20] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)

Chrome: 
=======
CHR DefaultProfile: Profile 1
CHR StartupUrls: Profile 1 -> "hxxp://google.de/"
CHR Profile: C:\Users\Klaus\AppData\Local\Google\Chrome\User Data\ChromeDefaultData [2017-01-17] <==== ACHTUNG
CHR Profile: C:\Users\Klaus\AppData\Local\Google\Chrome\User Data\Profile 1 [2017-01-18]
CHR Extension: (Google Präsentationen) - C:\Users\Klaus\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-01-16]
CHR Extension: (Google Docs) - C:\Users\Klaus\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2017-01-16]
CHR Extension: (Google Drive) - C:\Users\Klaus\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-01-16]
CHR Extension: (YouTube) - C:\Users\Klaus\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-01-16]
CHR Extension: (Google Tabellen) - C:\Users\Klaus\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-01-16]
CHR Extension: (Google Docs Offline) - C:\Users\Klaus\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-01-17]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Klaus\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-16]
CHR Extension: (Google Mail) - C:\Users\Klaus\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-01-16]
CHR Extension: (Chrome Media Router) - C:\Users\Klaus\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-01-16]

==================== Dienste (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S4 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [365568 2011-04-19] (Advanced Micro Devices, Inc.) [Datei ist nicht signiert]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
S2 AxAutoMntSrv; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [39376 2015-03-12] (Alcohol Soft Development Team)
R2 AxVirtualAHCISrv; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAHCIServiceEx.exe [99712 2015-12-04] (Alcohol Soft Development Team)
S4 BcmBtRSupport; C:\WINDOWS\system32\BtwRSupportService.exe [2305816 2016-04-13] (Broadcom Corporation.)
S4 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.) [Datei ist nicht signiert]
S4 DigitalWave.Update.Service; C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe [388968 2016-03-28] (Digital Wave Ltd.)
R3 Disc Soft Ultra Bus Service; C:\Program Files\DAEMON Tools Ultra\DiscSoftBusService.exe [1345880 2015-08-06] (Disc Soft Ltd)
R2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc64.exe [144560 2012-05-16] (Seiko Epson Corporation)
R2 EPSON_PM_RPCV4_06; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S60RPB.EXE [152640 2013-04-15] (SEIKO EPSON CORPORATION)
S4 IObitUnSvr; C:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe [359200 2016-09-28] (IObit)
S4 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
S4 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2016-02-19] ()
S4 ProtexisLicensing; C:\WINDOWS\SysWOW64\PSIService.exe [177704 2007-06-05] ()
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-09-15] (Microsoft Corporation)
R2 StarWindServiceAE; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [370688 2009-12-23] (StarWind Software) [Datei ist nicht signiert]
S4 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7500048 2016-09-20] (TeamViewer GmbH)
S4 VIAKaraokeService; C:\WINDOWS\system32\viakaraokesrv.exe [41952 2016-12-11] (VIA Technologies, Inc.)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)

===================== Treiber (Nicht auf der Ausnahmeliste) ======================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S3 bcbtums; C:\WINDOWS\system32\drivers\bcbtums.sys [227144 2016-04-13] (Broadcom Corporation.)
S3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2016-08-02] (Disc Soft Ltd)
S3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [47672 2016-08-02] (Disc Soft Ltd)
R3 dtultrascsibus; C:\WINDOWS\System32\drivers\dtultrascsibus.sys [30264 2016-02-01] (Disc Soft Ltd)
R3 dtultrausbbus; C:\WINDOWS\System32\drivers\dtultrausbbus.sys [47160 2016-02-01] (Disc Soft Ltd)
S3 epmntdrv; C:\WINDOWS\system32\epmntdrv.sys [17480 2013-03-07] () [Datei ist nicht signiert]
S3 epmntdrv; C:\WINDOWS\SysWOW64\epmntdrv.sys [14920 2013-03-07] () [Datei ist nicht signiert]
S3 EuGdiDrv; C:\WINDOWS\system32\EuGdiDrv.sys [9800 2013-03-07] () [Datei ist nicht signiert]
S3 EuGdiDrv; C:\WINDOWS\SysWOW64\EuGdiDrv.sys [9160 2013-03-07] () [Datei ist nicht signiert]
R1 HWiNFO32; C:\WINDOWS\SysWOW64\drivers\HWiNFO64A.SYS [27552 2016-06-30] (REALiX(tm))
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
S4 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_3f929cc119e3b994\nvlddmkm.sys [14200880 2016-12-25] (NVIDIA Corporation)
R0 PxHlpa64; C:\WINDOWS\System32\drivers\PxHlpa64.sys [56336 2013-09-03] (Corel Corporation)
S3 RimUsb; C:\WINDOWS\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
S3 RimVSerPort; C:\WINDOWS\System32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)
R3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [418784 2016-10-30] (Realsil Semiconductor Corporation)
S3 Secdrv; C:\WINDOWS\SysWOW64\drivers\SECDRV.SYS [11616 2001-08-16] () [Datei ist nicht signiert]
S3 smhwser; C:\WINDOWS\system32\DRIVERS\smhwser.sys [122624 2010-02-04] (QUALCOMM Incorporated)
R0 sptd2; C:\WINDOWS\System32\Drivers\sptd2.sys [196152 2016-12-15] (Duplex Secure Ltd)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [28272 2016-10-03] ()
R1 ucdrv; C:\Program Files (x86)\UCBrowser\Security:ucdrv-x64.sys [23652 ] (UC Web Inc.) <==== ACHTUNG
S3 VUSB3HUB; C:\WINDOWS\System32\drivers\ViaHub3.sys [227840 2013-12-11] (VIA Technologies, Inc.) [Datei ist nicht signiert]
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
S3 xhcdrv; C:\WINDOWS\System32\drivers\xhcdrv.sys [297984 2013-12-11] (VIA Technologies, Inc.) [Datei ist nicht signiert]
U3 idsvc; kein ImagePath
S3 vmci; \SystemRoot\System32\drivers\vmci.sys [X]
S3 VMnetAdapter; \SystemRoot\system32\DRIVERS\vmnetadapter.sys [X]

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2017-01-18 07:08 - 2017-01-18 07:08 - 00020068 _____ C:\Users\Klaus\Downloads\FRST.txt
2017-01-17 13:04 - 2017-01-17 23:54 - 00000000 ____D C:\Users\Klaus\AppData\Roaming\Bioshock
2017-01-17 13:04 - 2017-01-17 13:12 - 00000000 ____D C:\Users\Klaus\Documents\Bioshock
2017-01-17 12:55 - 2017-01-17 12:55 - 00001451 _____ C:\Users\Public\Desktop\BioShock.lnk
2017-01-17 12:55 - 2017-01-17 12:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BioShock
2017-01-17 12:49 - 2017-01-17 12:55 - 00000000 ____D C:\Program Files (x86)\BioShock
2017-01-17 12:43 - 2017-01-17 12:43 - 00000028 _____ C:\WINDOWS\OutLog.txt
2017-01-17 12:43 - 2017-01-17 12:43 - 00000000 _____ C:\WINDOWS\BcdLog.txt
2017-01-17 12:39 - 2017-01-17 12:39 - 00000161 _____ C:\WINDOWS\system32\autopart.opt
2017-01-17 12:39 - 2017-01-17 12:39 - 00000000 ____D C:\WINDOWS\Acronis
2017-01-17 12:39 - 2014-03-19 22:40 - 15031616 _____ (Acronis) C:\WINDOWS\system32\autopart.exe
2017-01-17 08:52 - 2017-01-17 08:52 - 00000000 ____D C:\Program Files (x86)\ESET
2017-01-17 08:51 - 2017-01-17 08:51 - 02870984 _____ (ESET) C:\Users\Klaus\Downloads\esetsmartinstaller_deu.exe
2017-01-17 08:46 - 2017-01-17 08:48 - 00082514 _____ C:\TDSSKiller.3.1.0.12_17.01.2017_08.46.48_log.txt
2017-01-17 08:45 - 2017-01-17 12:10 - 00000000 ____D C:\TDSSKiller_Quarantine
2017-01-17 08:45 - 2017-01-17 08:45 - 00084538 _____ C:\TDSSKiller.3.1.0.12_17.01.2017_08.45.05_log.txt
2017-01-17 08:44 - 2017-01-17 08:45 - 04747704 _____ (AO Kaspersky Lab) C:\Users\Klaus\Downloads\tdsskiller.exe
2017-01-17 08:34 - 2017-01-17 08:34 - 00590056 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-01-17 07:40 - 2017-01-18 07:08 - 00000000 ____D C:\FRST
2017-01-17 07:40 - 2017-01-17 07:40 - 02419200 _____ (Farbar) C:\Users\Klaus\Downloads\FRST64.exe
2017-01-17 07:36 - 2017-01-17 07:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2017-01-17 07:36 - 2017-01-17 07:36 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2017-01-17 07:36 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2017-01-17 07:36 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2017-01-17 07:36 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-01-17 07:35 - 2017-01-17 07:35 - 00000008 __RSH C:\Users\Klaus\ntuser.pol
2017-01-17 06:26 - 2017-01-17 06:26 - 22851472 _____ (Malwarebytes ) C:\Users\Klaus\Downloads\mbam-setup-2.2.1.1043.exe
2017-01-17 00:05 - 2017-01-17 12:41 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-01-17 00:05 - 2017-01-17 00:05 - 03988944 _____ C:\Users\Klaus\Downloads\adwcleaner_6.042.exe
2017-01-17 00:04 - 2017-01-17 00:04 - 00000000 ____D C:\Program Files\Malwarebytes
2017-01-16 23:44 - 2017-01-16 23:44 - 00000000 ____D C:\Users\Klaus\Downloads\Windows-Defender-Aktivieren-in-Windows-10.reg_
2017-01-16 23:36 - 2017-01-16 23:36 - 00000000 ____D C:\ProgramData\USOShared
2017-01-16 23:36 - 2017-01-16 23:36 - 00000000 ____D C:\ProgramData\USOPrivate
2017-01-16 23:34 - 2017-01-16 23:42 - 00000000 ____D C:\ProgramData\ProductData
2017-01-16 23:06 - 2017-01-16 23:06 - 00003272 _____ C:\WINDOWS\System32\Tasks\{E1F06918-E97A-4DB0-A704-7E6795236240}
2017-01-16 23:04 - 2017-01-16 23:04 - 00000000 ____D C:\Users\Klaus\AppData\Local\AdvinstAnalytics
2017-01-16 22:56 - 2017-01-16 23:39 - 00000474 _____ C:\WINDOWS\Tasks\UCBrowserUpdater.job
2017-01-16 22:56 - 2017-01-16 22:56 - 00003492 _____ C:\WINDOWS\System32\Tasks\UCBrowserUpdater
2017-01-16 22:56 - 2017-01-16 22:56 - 00003476 _____ C:\WINDOWS\System32\Tasks\UCBrowserSecureUpdater
2017-01-16 22:56 - 2017-01-16 22:56 - 00000000 ____D C:\Users\Klaus\AppData\Local\UCBrowser
2017-01-16 22:55 - 2017-01-17 00:12 - 00000000 ____D C:\Program Files (x86)\Phikaty Nodifier
2017-01-16 22:55 - 2017-01-16 23:28 - 00000000 ____D C:\Program Files\xxx
2017-01-16 22:55 - 2017-01-16 23:17 - 00000000 ____D C:\Program Files (x86)\UCBrowser
2017-01-16 22:55 - 2017-01-16 23:05 - 00000000 ____D C:\WINDOWS\system32\SSL
2017-01-16 22:55 - 2017-01-16 22:55 - 00000000 ____D C:\ProgramData\Avira
2017-01-16 22:55 - 2017-01-16 22:55 - 00000000 ____D C:\ProgramData\Avg
2017-01-16 22:55 - 2017-01-16 22:55 - 00000000 ____D C:\ProgramData\AVAST Software
2017-01-16 22:54 - 2017-01-17 08:46 - 00000000 ____D C:\Program Files\JVQNZCTGG9
2017-01-16 22:54 - 2017-01-17 00:12 - 00000000 ____D C:\Users\Klaus\AppData\Roaming\Clorertyckidering
2017-01-16 22:54 - 2017-01-16 22:55 - 00000000 ____D C:\Users\Klaus\AppData\Local\Reitssetsh
2017-01-16 22:54 - 2017-01-16 22:54 - 00000000 ____D C:\WINDOWS\system32\sstmp
2017-01-16 22:53 - 2017-01-16 22:53 - 00000000 ____D C:\Users\Default\AppData\Local\AdvinstAnalytics
2017-01-16 22:53 - 2017-01-16 22:53 - 00000000 ____D C:\Users\Default User\AppData\Local\AdvinstAnalytics
2017-01-16 14:55 - 2017-01-16 14:55 - 00000000 ____D C:\Users\Klaus\Documents\BioshockHD
2017-01-16 14:55 - 2017-01-16 14:55 - 00000000 ____D C:\Users\Klaus\AppData\Roaming\BioshockHD
2017-01-14 18:25 - 2017-01-14 18:25 - 00000000 ____D C:\ProgramData\Acronis
2017-01-14 18:24 - 2017-01-14 18:24 - 00276256 _____ (Acronis International GmbH) C:\WINDOWS\system32\Drivers\snapman.sys
2017-01-14 18:24 - 2017-01-14 18:24 - 00118560 _____ (Acronis International GmbH) C:\WINDOWS\system32\Drivers\fltsrv.sys
2017-01-14 18:24 - 2017-01-14 18:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acronis
2017-01-14 18:24 - 2017-01-14 18:24 - 00000000 ____D C:\Program Files (x86)\Acronis
2017-01-14 18:14 - 2017-01-14 18:14 - 03901144 _____ (AVM GmbH) C:\Users\Klaus\Downloads\avm_fritz!wlan_usb_stick_x64_build_100906.exe
2017-01-14 12:54 - 2017-01-14 12:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EaseUS Partition Master 10.0
2017-01-14 12:54 - 2014-04-04 00:42 - 03382440 _____ C:\WINDOWS\system32\BootMan.exe
2017-01-14 12:54 - 2014-04-04 00:25 - 02499752 _____ C:\WINDOWS\SysWOW64\BootMan.exe
2017-01-14 12:54 - 2013-03-07 09:49 - 00100936 _____ C:\WINDOWS\system32\setupempdrvx64.exe
2017-01-14 12:54 - 2013-03-07 09:49 - 00087112 _____ C:\WINDOWS\SysWOW64\setupempdrv03.exe
2017-01-14 12:54 - 2013-03-07 09:49 - 00019840 _____ C:\WINDOWS\SysWOW64\EuEpmGdi.dll
2017-01-14 12:54 - 2013-03-07 09:49 - 00017480 _____ C:\WINDOWS\system32\epmntdrv.sys
2017-01-14 12:54 - 2013-03-07 09:49 - 00016256 _____ C:\WINDOWS\system32\EuEpmGdi.dll
2017-01-14 12:54 - 2013-03-07 09:49 - 00014920 _____ C:\WINDOWS\SysWOW64\epmntdrv.sys
2017-01-14 12:54 - 2013-03-07 09:49 - 00009800 _____ C:\WINDOWS\system32\EuGdiDrv.sys
2017-01-14 12:54 - 2013-03-07 09:49 - 00009160 _____ C:\WINDOWS\SysWOW64\EuGdiDrv.sys
2017-01-12 19:28 - 2017-01-12 19:28 - 02834619 _____ C:\WINDOWS\32e353b0a289955e4d2d0dbcc5632256.exe
2017-01-11 21:44 - 2017-01-11 21:45 - 00001996 _____ C:\Users\Klaus\Desktop\Neues Textdokument.txt
2017-01-11 21:40 - 2017-01-11 21:40 - 00000020 ___SH C:\Users\DefaultAppPool\ntuser.ini
2017-01-11 17:29 - 2017-01-16 22:54 - 02317824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-01-11 17:29 - 2016-12-21 09:08 - 00245600 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinesam.dll
2017-01-11 17:29 - 2016-12-21 09:08 - 00136032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ImplatSetup.dll
2017-01-11 17:29 - 2016-12-21 08:46 - 00624048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2017-01-11 17:29 - 2016-12-21 08:43 - 04130440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2017-01-11 17:29 - 2016-12-21 08:43 - 01454504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
2017-01-11 17:29 - 2016-12-21 08:43 - 01071736 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2017-01-11 17:29 - 2016-12-21 08:42 - 22224480 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-01-11 17:29 - 2016-12-21 08:42 - 01988560 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2017-01-11 17:29 - 2016-12-21 08:42 - 01702392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2017-01-11 17:29 - 2016-12-21 08:42 - 01300600 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2017-01-11 17:29 - 2016-12-21 08:41 - 01600632 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2017-01-11 17:29 - 2016-12-21 08:08 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpencom.dll
2017-01-11 17:29 - 2016-12-21 08:06 - 06285312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2017-01-11 17:29 - 2016-12-21 08:05 - 00261632 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll
2017-01-11 17:29 - 2016-12-21 07:59 - 01908224 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-01-11 17:29 - 2016-12-21 07:59 - 00883712 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2017-01-11 17:29 - 2016-12-21 07:56 - 00936960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll
2017-01-11 17:29 - 2016-12-21 07:55 - 08129536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-01-11 17:29 - 2016-12-21 07:55 - 04749312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-01-11 17:29 - 2016-12-21 07:53 - 06664192 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe
2017-01-11 17:29 - 2016-12-21 07:53 - 04474368 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-01-11 17:29 - 2016-12-21 07:51 - 08075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2017-01-11 17:29 - 2016-12-21 07:51 - 05611008 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2017-01-11 17:29 - 2016-12-21 07:50 - 01490432 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-01-11 17:29 - 2016-12-21 06:59 - 00218976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinesam.dll
2017-01-11 17:29 - 2016-12-21 06:09 - 00263472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll
2017-01-11 17:29 - 2016-12-21 06:01 - 20969928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-01-11 17:29 - 2016-12-21 05:43 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BlockedShutdown.dll
2017-01-11 17:29 - 2016-12-21 05:41 - 00253952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BioFeedback.dll
2017-01-11 17:29 - 2016-12-21 05:40 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2017-01-11 17:29 - 2016-12-21 05:40 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2017-01-11 17:29 - 2016-12-21 05:39 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2017-01-11 17:29 - 2016-12-21 05:38 - 00866816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Cred.dll
2017-01-11 17:29 - 2016-12-21 05:35 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\indexeddbserver.dll
2017-01-11 17:29 - 2016-12-21 05:34 - 07626752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-01-11 17:29 - 2016-12-21 05:33 - 19413504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-01-11 17:29 - 2016-12-21 05:32 - 19417600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-01-11 17:29 - 2016-12-21 05:30 - 05398016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aclui.dll
2017-01-11 17:29 - 2016-12-21 05:30 - 01255936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-01-11 17:29 - 2016-12-21 05:26 - 01155072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVP9DEC.dll
2017-01-11 17:29 - 2016-12-21 05:25 - 06474752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspaint.exe
2017-01-11 17:29 - 2016-12-21 05:24 - 06044160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-01-11 17:29 - 2016-12-21 05:22 - 01883648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2017-01-11 17:29 - 2016-12-14 06:41 - 01235296 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2017-01-11 17:29 - 2016-12-14 06:34 - 02482280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2017-01-11 17:29 - 2016-12-14 06:23 - 00404832 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2017-01-11 17:29 - 2016-12-14 06:21 - 02206496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2017-01-11 17:29 - 2016-12-14 06:17 - 00319288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2017-01-11 17:29 - 2016-12-14 06:01 - 01557808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2017-01-11 17:29 - 2016-12-14 06:01 - 00382784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2017-01-11 17:29 - 2016-12-14 05:48 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-01-11 17:29 - 2016-12-14 05:46 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2017-01-11 17:29 - 2016-12-14 05:43 - 00201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ScDeviceEnum.dll
2017-01-11 17:29 - 2016-12-14 05:42 - 00236544 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSCard.dll
2017-01-11 17:29 - 2016-12-14 05:42 - 00167424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinSCard.dll
2017-01-11 17:29 - 2016-12-14 05:40 - 00193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\certprop.dll
2017-01-11 17:29 - 2016-12-14 05:38 - 17188864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-01-11 17:29 - 2016-12-14 05:38 - 13869056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-01-11 17:29 - 2016-12-14 05:38 - 00213504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.CredDialogController.dll
2017-01-11 17:29 - 2016-12-14 05:37 - 00090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2017-01-11 17:29 - 2016-12-14 05:36 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2017-01-11 17:29 - 2016-12-14 05:35 - 00755712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2017-01-11 17:29 - 2016-12-14 05:35 - 00600576 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptui.dll
2017-01-11 17:29 - 2016-12-14 05:35 - 00553984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptui.dll
2017-01-11 17:29 - 2016-12-14 05:26 - 00932864 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2017-01-11 17:29 - 2016-12-14 05:26 - 00869888 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-01-11 17:29 - 2016-12-14 05:24 - 01005568 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3D12.dll
2017-01-11 17:29 - 2016-12-14 05:24 - 00673792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2017-01-11 17:29 - 2016-12-14 05:23 - 03134976 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll
2017-01-11 17:29 - 2016-12-14 05:22 - 01513472 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-01-11 17:29 - 2016-12-14 05:22 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-01-11 17:29 - 2016-11-02 13:01 - 00484584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2017-01-11 17:29 - 2016-11-02 11:28 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2017-01-11 17:29 - 2016-08-02 05:30 - 00822784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2017-01-11 17:28 - 2016-12-21 09:04 - 07816032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-01-11 17:28 - 2016-12-21 08:49 - 00328008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2017-01-11 17:28 - 2016-12-21 08:45 - 00153952 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqcmiplugin.dll
2017-01-11 17:28 - 2016-12-21 08:43 - 00092512 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2017-01-11 17:28 - 2016-12-21 08:42 - 00241504 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2017-01-11 17:28 - 2016-12-21 08:37 - 00455520 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2017-01-11 17:28 - 2016-12-21 08:15 - 22563840 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-01-11 17:28 - 2016-12-21 08:14 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2017-01-11 17:28 - 2016-12-21 08:13 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCsp.dll
2017-01-11 17:28 - 2016-12-21 08:12 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvPluginEng.dll
2017-01-11 17:28 - 2016-12-21 08:10 - 00234496 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCore.dll
2017-01-11 17:28 - 2016-12-21 08:09 - 00368640 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneBackupHandler.dll
2017-01-11 17:28 - 2016-12-21 08:09 - 00363520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BioFeedback.dll
2017-01-11 17:28 - 2016-12-21 08:08 - 01292288 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2017-01-11 17:28 - 2016-12-21 08:08 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BlockedShutdown.dll
2017-01-11 17:28 - 2016-12-21 08:08 - 00349184 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2017-01-11 17:28 - 2016-12-21 08:08 - 00289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeveloperOptionsSettingsHandlers.dll
2017-01-11 17:28 - 2016-12-21 08:08 - 00211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2017-01-11 17:28 - 2016-12-21 08:07 - 00748544 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2017-01-11 17:28 - 2016-12-21 08:06 - 00310784 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncSettings.dll
2017-01-11 17:28 - 2016-12-21 08:06 - 00260608 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2017-01-11 17:28 - 2016-12-21 08:06 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-01-11 17:28 - 2016-12-21 08:05 - 00425984 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-01-11 17:28 - 2016-12-21 08:05 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2017-01-11 17:28 - 2016-12-21 08:01 - 09131008 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-01-11 17:28 - 2016-12-21 08:00 - 00440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhcfg.dll
2017-01-11 17:28 - 2016-12-21 07:58 - 23678464 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-01-11 17:28 - 2016-12-21 07:57 - 00462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhsettingsprovider.dll
2017-01-11 17:28 - 2016-12-21 07:56 - 00947712 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVP9DEC.dll
2017-01-11 17:28 - 2016-12-21 07:54 - 05511680 _____ (Microsoft Corporation) C:\WINDOWS\system32\aclui.dll
2017-01-11 17:28 - 2016-12-21 07:53 - 01692672 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-01-11 17:28 - 2016-12-21 07:51 - 02275840 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-01-11 17:28 - 2016-12-21 07:49 - 04149248 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2017-01-11 17:28 - 2016-12-21 07:49 - 02691072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2017-01-11 17:28 - 2016-12-21 07:49 - 01062912 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2017-01-11 17:28 - 2016-12-21 07:47 - 01121280 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-01-11 17:28 - 2016-12-21 06:03 - 00136544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqmigplugin.dll
2017-01-11 17:28 - 2016-12-21 06:02 - 03892864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2017-01-11 17:28 - 2016-12-21 06:02 - 01852720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2017-01-11 17:28 - 2016-12-21 06:02 - 01360464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2017-01-11 17:28 - 2016-12-21 06:02 - 01277344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2017-01-11 17:28 - 2016-12-21 06:02 - 01201872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2017-01-11 17:28 - 2016-12-21 06:02 - 00980832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
2017-01-11 17:28 - 2016-12-21 05:46 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
2017-01-11 17:28 - 2016-12-21 05:41 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2017-01-11 17:28 - 2016-12-21 05:40 - 00318976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpencom.dll
2017-01-11 17:28 - 2016-12-21 05:40 - 00237056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncSettings.dll
2017-01-11 17:28 - 2016-12-21 05:39 - 01300480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2017-01-11 17:28 - 2016-12-21 05:35 - 04612608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2017-01-11 17:28 - 2016-12-21 05:27 - 00640000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MCRecvSrc.dll
2017-01-11 17:28 - 2016-12-21 05:25 - 07469056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2017-01-11 17:28 - 2016-12-21 05:24 - 05061120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-01-11 17:28 - 2016-12-21 05:24 - 03733504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-01-11 17:28 - 2016-12-21 05:24 - 00886272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-01-11 17:28 - 2016-12-21 05:22 - 00860672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2017-01-11 17:28 - 2016-12-14 06:41 - 00590960 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2017-01-11 17:28 - 2016-12-14 06:33 - 02169184 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystems64.dll
2017-01-11 17:28 - 2016-12-14 06:33 - 01669984 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVIntegration.dll
2017-01-11 17:28 - 2016-12-14 06:33 - 01400160 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystemController.dll
2017-01-11 17:28 - 2016-12-14 06:33 - 01356864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe
2017-01-11 17:28 - 2016-12-14 06:33 - 01054048 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPolicy.dll
2017-01-11 17:28 - 2016-12-14 06:33 - 00992096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVManifest.dll
2017-01-11 17:28 - 2016-12-14 06:33 - 00822624 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVClient.exe
2017-01-11 17:28 - 2016-12-14 06:33 - 00813408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntStreamingManager.dll
2017-01-11 17:28 - 2016-12-14 06:33 - 00779616 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVReporting.dll
2017-01-11 17:28 - 2016-12-14 06:33 - 00752992 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVOrchestration.dll
2017-01-11 17:28 - 2016-12-14 06:33 - 00704352 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntVirtualization.dll
2017-01-11 17:28 - 2016-12-14 06:33 - 00696160 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPublishing.dll
2017-01-11 17:28 - 2016-12-14 06:33 - 00571744 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVCatalog.dll
2017-01-11 17:28 - 2016-12-14 06:33 - 00513376 _____ (Microsoft Corporation) C:\WINDOWS\system32\TransportDSA.dll
2017-01-11 17:28 - 2016-12-14 06:33 - 00406368 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVScripting.dll
2017-01-11 17:28 - 2016-12-14 06:33 - 00241504 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVShNotify.exe
2017-01-11 17:28 - 2016-12-14 06:33 - 00190816 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVDllSurrogate.exe
2017-01-11 17:28 - 2016-12-14 06:26 - 01469792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppVEntSubsystems32.dll
2017-01-11 17:28 - 2016-12-14 06:19 - 00584544 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2017-01-11 17:28 - 2016-12-14 06:18 - 00715104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2017-01-11 17:28 - 2016-12-14 06:18 - 00335712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2017-01-11 17:28 - 2016-12-14 06:14 - 01694712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2017-01-11 17:28 - 2016-12-14 06:14 - 00418952 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2017-01-11 17:28 - 2016-12-14 06:14 - 00089416 _____ (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll
2017-01-11 17:28 - 2016-12-14 06:08 - 00341344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2017-01-11 17:28 - 2016-12-14 06:06 - 00509792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2017-01-11 17:28 - 2016-12-14 06:01 - 00076984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\remoteaudioendpoint.dll
2017-01-11 17:28 - 2016-12-14 05:46 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2017-01-11 17:28 - 2016-12-14 05:45 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2017-01-11 17:28 - 2016-12-14 05:42 - 00352768 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2017-01-11 17:28 - 2016-12-14 05:42 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.UI.Logon.ProxyStub.dll
2017-01-11 17:28 - 2016-12-14 05:41 - 00223744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-01-11 17:28 - 2016-12-14 05:40 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2017-01-11 17:28 - 2016-12-14 05:40 - 00266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConsoleLogon.dll
2017-01-11 17:28 - 2016-12-14 05:40 - 00231424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudBackupSettings.dll
2017-01-11 17:28 - 2016-12-14 05:40 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.UI.Logon.ProxyStub.dll
2017-01-11 17:28 - 2016-12-14 05:39 - 00837632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2017-01-11 17:28 - 2016-12-14 05:39 - 00290816 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2017-01-11 17:28 - 2016-12-14 05:39 - 00257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.CredDialogController.dll
2017-01-11 17:28 - 2016-12-14 05:38 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudBackupSettings.dll
2017-01-11 17:28 - 2016-12-14 05:36 - 01002496 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2017-01-11 17:28 - 2016-12-14 05:36 - 00539648 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-01-11 17:28 - 2016-12-14 05:35 - 00712192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-01-11 17:28 - 2016-12-14 05:32 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3D12.dll
2017-01-11 17:28 - 2016-12-14 05:32 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2017-01-11 17:28 - 2016-12-14 05:25 - 02009600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2017-01-11 17:28 - 2016-12-14 05:23 - 01231872 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2017-01-11 17:28 - 2016-12-14 05:22 - 02998272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-01-11 17:28 - 2016-12-14 05:22 - 02748416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll
2017-01-11 17:28 - 2016-12-14 05:22 - 00707584 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2017-01-11 17:28 - 2016-12-14 05:21 - 03616768 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-01-11 17:28 - 2016-11-02 12:00 - 00534096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2017-01-11 17:28 - 2016-11-02 11:22 - 00337920 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2017-01-11 17:28 - 2016-11-02 11:21 - 00942080 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2017-01-09 22:15 - 2017-01-09 22:15 - 00000000 ____D C:\Users\Klaus\AppData\Local\Ndemic Creations
2017-01-09 22:04 - 2017-01-09 22:14 - 00000000 ____D C:\Program Files (x86)\Plague Inc Evolved
2017-01-09 22:04 - 2017-01-09 22:04 - 00001230 _____ C:\Users\Public\Desktop\Plague Inc Evolved.lnk
2017-01-09 22:04 - 2017-01-09 22:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Plague Inc Evolved
2017-01-08 16:46 - 2017-01-08 16:46 - 00000000 ____D C:\Users\Klaus\Documents\CPY_SAVES
2017-01-07 00:09 - 2017-01-07 00:09 - 01065376 _____ (Google Inc.) C:\Users\Klaus\Downloads\ChromeSetup.exe
2017-01-06 04:49 - 2017-01-06 04:49 - 00000000 ____D C:\Users\Klaus\AppData\Roaming\SmartSteamEmu
2017-01-05 22:29 - 2017-01-05 22:29 - 00000000 ____D C:\Users\Klaus\AppData\Roaming\Microsoft Games
2017-01-05 22:16 - 2017-01-05 22:22 - 00000000 ____D C:\Users\Klaus\AppData\Roaming\DAEMON Tools Ultra
2017-01-05 22:16 - 2017-01-05 22:18 - 00000000 ____D C:\Program Files\DAEMON Tools Ultra
2017-01-05 22:16 - 2017-01-05 22:16 - 00001863 _____ C:\Users\Public\Desktop\DAEMON Tools Ultra.lnk
2017-01-05 22:16 - 2017-01-05 22:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Ultra
2017-01-05 22:15 - 2017-01-05 22:15 - 00000000 ____D C:\ProgramData\DAEMON Tools Ultra
2017-01-04 14:10 - 2003-04-19 00:29 - 00044544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml4a.dll
2017-01-04 14:09 - 2017-01-04 19:34 - 00000604 _____ C:\WINDOWS\Edofma.INI
2017-01-03 18:16 - 2017-01-03 18:16 - 53933348 _____ C:\Users\Klaus\Downloads\hv335t_flash_v2.3.zip
2017-01-03 17:52 - 2017-01-15 20:16 - 00000000 ____D C:\Users\Klaus\AppData\Roaming\vlc
2017-01-03 17:49 - 2017-01-03 17:50 - 30533688 _____ C:\Users\Klaus\Downloads\vlc-2.2.4-win32.exe
2017-01-02 18:49 - 2017-01-02 18:49 - 00196497 _____ C:\Users\Klaus\Downloads\DHL_label_2017-1-2_18-49-7.pdf
2017-01-02 15:29 - 2017-01-02 15:29 - 00061314 _____ C:\Users\Klaus\Downloads\2530333_2016_Nr.012_Kontoauszug_vom_31.12.2016_20170102032955.pdf
2017-01-02 15:29 - 2017-01-02 15:29 - 00049871 _____ C:\Users\Klaus\Downloads\302530333_2016_Nr.012_Kontoauszug_vom_31.12.2016_20170102032951.pdf
2017-01-02 15:29 - 2017-01-02 15:29 - 00049643 _____ C:\Users\Klaus\Downloads\402530333_2016_Nr.004_Kontoauszug_vom_31.12.2016_20170102032942.pdf
2017-01-02 15:29 - 2017-01-02 15:29 - 00049388 _____ C:\Users\Klaus\Downloads\102530333_2016_Nr.010_Kontoauszug_vom_31.12.2016_20170102032946.pdf
2017-01-02 15:29 - 2017-01-02 15:29 - 00046885 _____ C:\Users\Klaus\Downloads\302530333_2016_Mitteilung_vom_31.10.2016_20170102032948.pdf
2016-12-31 11:10 - 2016-12-31 11:10 - 00196914 _____ C:\Users\Klaus\Downloads\DHL_label_2016-12-31_11-10-49.pdf
2016-12-25 06:39 - 2016-12-25 06:39 - 40125496 _____ C:\WINDOWS\system32\nvcompiler.dll
2016-12-25 06:39 - 2016-12-25 06:39 - 35222976 _____ C:\WINDOWS\SysWOW64\nvcompiler.dll
2016-12-25 06:39 - 2016-12-25 06:39 - 34710584 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2016-12-25 06:39 - 2016-12-25 06:39 - 28201408 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2016-12-25 06:39 - 2016-12-25 06:39 - 10912744 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvptxJitCompiler.dll
2016-12-25 06:39 - 2016-12-25 06:39 - 10803880 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2016-12-25 06:39 - 2016-12-25 06:39 - 10353960 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2016-12-25 06:39 - 2016-12-25 06:39 - 09158616 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2016-12-25 06:39 - 2016-12-25 06:39 - 08913328 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll
2016-12-25 06:39 - 2016-12-25 06:39 - 08761560 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2016-12-25 06:39 - 2016-12-25 06:39 - 03934504 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2016-12-25 06:39 - 2016-12-25 06:39 - 03474392 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2016-12-25 06:39 - 2016-12-25 06:39 - 02950200 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2016-12-25 06:39 - 2016-12-25 06:39 - 02587704 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2016-12-25 06:39 - 2016-12-25 06:39 - 01953336 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6437633.dll
2016-12-25 06:39 - 2016-12-25 06:39 - 01586744 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6437633.dll
2016-12-25 06:39 - 2016-12-25 06:39 - 01038392 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2016-12-25 06:39 - 2016-12-25 06:39 - 00974784 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2016-12-25 06:39 - 2016-12-25 06:39 - 00942528 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2016-12-25 06:39 - 2016-12-25 06:39 - 00894400 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2016-12-25 06:39 - 2016-12-25 06:39 - 00683640 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvfatbinaryLoader.dll
2016-12-25 06:39 - 2016-12-25 06:39 - 00572888 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2017-01-18 07:05 - 2016-10-03 11:37 - 00000000 ____D C:\AdwCleaner
2017-01-18 06:51 - 2016-09-23 11:08 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-01-18 06:51 - 2016-05-03 11:08 - 00000000 ____D C:\Users\Klaus\AppData\Local\CrashDumps
2017-01-18 06:47 - 2015-10-24 17:52 - 00000000 ____D C:\Users\Klaus\AppData\Local\JDownloader v2.0
2017-01-18 06:05 - 2016-09-23 11:10 - 11742102 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-01-18 06:05 - 2016-07-16 23:51 - 05975044 _____ C:\WINDOWS\system32\perfh007.dat
2017-01-18 06:05 - 2016-07-16 23:51 - 01676696 _____ C:\WINDOWS\system32\perfc007.dat
2017-01-18 06:01 - 2016-09-23 11:24 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-01-18 06:01 - 2015-10-21 15:43 - 00000000 ____D C:\Users\Klaus\AppData\Roaming\Telegram Desktop
2017-01-18 00:03 - 2016-07-16 07:04 - 00262144 _____ C:\WINDOWS\system32\config\BBI
2017-01-18 00:01 - 2016-09-23 11:11 - 00000000 ____D C:\Users\Klaus
2017-01-17 23:58 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-01-17 19:51 - 2016-10-12 14:48 - 00000000 ____D C:\Users\Klaus\Downloads\Telegram Desktop
2017-01-17 15:33 - 2015-10-18 16:26 - 00000000 ____D C:\Users\Klaus\Desktop\ABLAGE
2017-01-17 08:32 - 2016-07-16 12:45 - 00000000 ____D C:\WINDOWS\INF
2017-01-17 08:32 - 2015-11-01 16:35 - 00000000 ____D C:\Users\Klaus\AppData\Roaming\Wise Disk Cleaner
2017-01-17 07:34 - 2016-10-03 11:38 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-01-17 07:27 - 2016-10-03 19:22 - 00000085 _____ C:\WINDOWS\wininit.ini
2017-01-17 00:12 - 2016-09-23 18:06 - 00000000 ____D C:\ProgramData\Ashampoo
2017-01-17 00:12 - 2015-10-24 16:06 - 00002382 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-01-16 23:12 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\Help
2017-01-16 23:12 - 2016-07-09 06:00 - 00000000 ____D C:\Users\Klaus\AppData\Roaming\Wise Euask
2017-01-16 23:11 - 2016-02-19 13:22 - 00000000 ____D C:\Users\Klaus\AppData\Roaming\Anvsoft
2017-01-16 23:11 - 2015-11-26 23:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAZ 3D
2017-01-16 22:55 - 2016-11-04 19:03 - 00000000 ____D C:\Program Files (x86)\Call of Duty
2017-01-16 22:55 - 2016-09-09 11:48 - 00000000 ____D C:\Program Files (x86)\Digiarty
2017-01-16 22:55 - 2016-03-21 17:13 - 00000000 ____D C:\Program Files (x86)\MSECache
2017-01-14 12:54 - 2016-06-01 21:17 - 00000000 ____D C:\Program Files (x86)\EaseUS
2017-01-14 11:37 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\rescache
2017-01-13 07:16 - 2016-01-23 17:17 - 00000000 ____D C:\Users\Klaus\Documents\UseNeXT
2017-01-13 07:16 - 2015-10-24 17:48 - 00000000 ____D C:\Users\Klaus\AppData\Roaming\UseNeXT
2017-01-12 22:21 - 2015-11-26 23:25 - 00000000 ____D C:\Program Files (x86)\DAZ 3D
2017-01-12 22:17 - 2016-01-16 00:34 - 00000000 ____D C:\Users\Klaus\Documents\My Games
2017-01-11 21:40 - 2016-09-23 11:11 - 00000000 ____D C:\Users\DefaultAppPool
2017-01-11 21:18 - 2015-11-11 07:12 - 00000000 ____D C:\Users\Klaus\AppData\Roaming\dvdcss
2017-01-11 21:06 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-01-11 21:06 - 2016-02-13 18:32 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-01-11 21:04 - 2016-07-16 12:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-01-11 21:04 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2017-01-11 21:04 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\oobe
2017-01-11 21:04 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\ShellExperiences
2017-01-11 21:04 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\Provisioning
2017-01-11 21:04 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2017-01-11 19:28 - 2016-07-16 12:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-01-11 19:22 - 2015-10-19 10:00 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-01-11 19:20 - 2015-10-19 10:00 - 135657872 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-01-07 08:47 - 2015-12-01 21:54 - 00000946 _____ C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job
2017-01-07 08:47 - 2015-10-24 13:53 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2017-01-07 00:20 - 2016-09-23 11:24 - 00004074 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2017-01-07 00:20 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-01-07 00:20 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-01-07 00:20 - 2015-10-24 10:11 - 00000000 ____D C:\Users\Klaus\AppData\Local\Adobe
2017-01-06 05:36 - 2015-10-24 09:52 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-01-06 05:34 - 2016-12-16 13:02 - 00000000 ____D C:\Program Files (x86)\Microsoft Games
2017-01-05 11:59 - 2016-03-07 23:45 - 00000000 ____D C:\Users\Klaus\AppData\Local\ElevatedDiagnostics
2017-01-04 07:30 - 2016-04-23 23:34 - 00000000 ____D C:\Program Files (x86)\posterXXL Designer
2017-01-03 17:51 - 2015-10-24 19:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2016-12-29 18:07 - 2016-12-13 15:18 - 00000000 ____D C:\WINDOWS\Minidump
2016-12-25 06:39 - 2016-08-02 22:52 - 00042286 _____ C:\WINDOWS\system32\nvinfo.pb
2016-12-24 14:56 - 2015-10-24 09:43 - 00000000 ____D C:\Users\Klaus\AppData\Local\VirtualStore
2016-12-23 00:13 - 2016-10-13 17:53 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-12-23 00:13 - 2016-10-13 17:53 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-12-21 12:14 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\SysWOW64\drivers
2016-12-21 12:12 - 2016-07-16 12:47 - 00000000 __RSD C:\WINDOWS\Fonts
2016-12-21 10:54 - 2015-10-24 18:36 - 00389396 __RSH C:\bootmgr

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2016-09-01 06:23 - 2016-09-01 06:28 - 0020520 _____ () C:\Program Files (x86)\init.dat
2016-09-23 18:08 - 2016-09-23 19:35 - 0003584 _____ () C:\Users\Klaus\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-01-15 21:10 - 2016-09-10 17:47 - 0007627 _____ () C:\Users\Klaus\AppData\Local\resmon.resmoncfg

Einige Dateien in TEMP:
====================
C:\Users\Klaus\AppData\Local\Temp\proxy_vole3376839825597473793.dll
C:\Users\Klaus\AppData\Local\Temp\proxy_vole7267681989729089600.dll


==================== Bamital & volsnap ======================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert

LastRegBack: 2017-01-09 17:46

==================== Ende von FRST.txt ============================

Addition:

Code:

ATTFilter

ZusÃ¤tzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 15-01-2017
durchgefÃ¼hrt von Klaus (18-01-2017 07:09:13)
Gestartet von C:\Users\Klaus\Downloads
Windows 10 Pro Version 1607 (X64) (2016-09-23 10:25:15)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-3767151760-3652987525-2816545776-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3767151760-3652987525-2816545776-503 - Limited - Disabled)
Gast (S-1-5-21-3767151760-3652987525-2816545776-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-3767151760-3652987525-2816545776-1009 - Limited - Enabled)
Klaus (S-1-5-21-3767151760-3652987525-2816545776-1001 - Administrator - Enabled) => C:\Users\Klaus

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" kÃ¶nnen in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
ACDSee (HKLM-x32\...\ACDSee) (Version:  - )
Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
Acrobat.com (x32 Version: 0.0.0 - Adobe Systems Incorporated) Hidden
AcronisÂ*DiskÂ*DirectorÂ*12 (HKLM-x32\...\{AE372858-B1BD-49EF-8308-648322846008}) (Version: 12.0.3219 - Acronis)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 24.0.0.180 - Adobe Systems Incorporated)
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.186 - Adobe Systems Incorporated)
Adobe Flash Player 24 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 24.0.0.186 - Adobe Systems Incorporated)
Adobe Reader 9 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A90000000001}) (Version: 9.0.0 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM-x32\...\{5ECE64C9-F5B3-4914-B1F2-23D46548B7E3}) (Version: 12.2.3.183 - Adobe Systems, Inc)
Amazon Drive (HKU\S-1-5-21-3767151760-3652987525-2816545776-1001\...\Amazon Drive) (Version: 3.6.4.65 - Amazon.com, Inc.)
Any Video Converter 5.9.1 (HKLM-x32\...\Any Video Converter_is1) (Version:  - Any-Video-Converter.com)
Apple Application Support (32-Bit) (HKLM-x32\...\{F2871C89-C8A5-42EE-8D45-0F02506385A6}) (Version: 5.1 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{9BC93467-75D1-4AA4-BD58-D9C51D88DFAB}) (Version: 5.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}) (Version: 10.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Ashampoo WinOptimizer 2015 (HKLM-x32\...\{4209F371-3276-A8F7-B851-845A83732AB4}_is1) (Version: 11.00.60 - Ashampoo GmbH & Co. KG)
Asmedia ASM106x SATA Host Controller Driver (HKLM-x32\...\{DF6C3726-7E53-4772-9763-E9F147769F51}) (Version: 3.1.9.0000 - Asmedia Technology)
ASRock App Charger v1.0.4 (HKLM\...\ASRock App Charger_is1) (Version:  - ASRock Inc.)
ATI Catalyst Install Manager (HKLM\...\{4044201A-8576-2999-1166-96C5593F3CFF}) (Version: 3.0.825.0 - ATI Technologies, Inc.)
BioShock Version 1.1 (HKLM-x32\...\{4AA8D978-38C1-475B-936C-C79143624B61}_is1) (Version: 1.1 - 2K Games)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Call of Duty (HKLM-x32\...\Call of Duty) (Version:  - )
Call of Juarez - Bound in Blood (x32 Version: 1.01.0000 - Ubisoft) Hidden
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.7.6282 - CDBurnerXP)
CorelDRAW 10 (x32 Version: 10 - Corel) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Ultra (HKLM\...\DAEMON Tools Ultra) (Version: 4.0.0.0423 - Disc Soft Ltd)
Driver Booster 3.1 (HKLM-x32\...\Driver Booster_is1) (Version: 3.1 - IObit)
EaseUS Partition Master 10.0 Trial Edition (HKLM-x32\...\EaseUS Partition Master Trial Edition_is1) (Version:  - EaseUS)
ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 17.3.19290 - Landesfinanzdirektion ThÃ¼ringen)
Epson Easy Photo Print 2 (HKLM-x32\...\{07AA1C7F-E8CA-4FDC-B975-BC9EBC22B6DE}) (Version: 2.7.0.0 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM-x32\...\{9F205E94-9E42-4486-A92A-DF3F6CB85444}) (Version: 3.10.0061 - Seiko Epson Corporation)
Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.63.00 - SEIKO EPSON CORPORATION)
Epson PC-FAX Driver (HKLM-x32\...\EPSON PC-FAX Driver 2) (Version:  - )
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON Scan OCR Component (HKLM-x32\...\{563B99D8-8895-4E3E-AE8D-15BE8C05F1C1}) (Version: 2.20.0000 - SEIKO EPSON Corp.)
EPSON Scan PDF Extensions (HKLM-x32\...\{F9956472-6E16-4F83-BF9A-F887EF4A45B7}) (Version: 1.03.0001 - SEIKO EPSON Corp.)
Epson Software Updater (HKLM-x32\...\{6DBD132B-7F42-4594-BBE7-0BB677EB2926}) (Version: 4.4.2 - SEIKO EPSON CORPORATION)
EPSON WF-2650 Series Printer Uninstall (HKLM\...\EPSON WF-2650 Series) (Version:  - SEIKO EPSON Corporation)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Fotogalerie (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Free Audio Converter (HKLM-x32\...\Free Audio Converter_is1) (Version: 5.0.78.328 - DVDVideoSoft Ltd.)
Free M4a to MP3 Converter 8.4 (HKLM-x32\...\Free M4a to MP3 Converter_is1) (Version:  - ManiacTools.com)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 55.0.2883.87 - Google Inc.)
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 6.0.3.16 - IObit)
iTunes (HKLM\...\{554C62C7-E6BB-40F1-892B-F0AE02D3C135}) (Version: 12.5.3.17 - Apple Inc.)
Java 8 Update 102 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180102F0}) (Version: 8.0.1020.14 - Oracle Corporation)
Java 8 Update 102 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180102F0}) (Version: 8.0.1020.14 - Oracle Corporation)
Java 8 Update 112 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180112F0}) (Version: 8.0.1120.15 - Oracle Corporation)
Java 8 Update 112 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180112F0}) (Version: 8.0.1120.15 - Oracle Corporation)
Java 8 Update 74 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418074F0}) (Version: 8.0.740.2 - Oracle Corporation)
Java 8 Update 74 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218074F0}) (Version: 8.0.740.2 - Oracle Corporation)
Java 8 Update 77 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418077F0}) (Version: 8.0.770.3 - Oracle Corporation)
Java 8 Update 77 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218077F0}) (Version: 8.0.770.3 - Oracle Corporation)
Java 8 Update 92 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418092F0}) (Version: 8.0.920.14 - Oracle Corporation)
Java 8 Update 92 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218092F0}) (Version: 8.0.920.14 - Oracle Corporation)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
K-Lite Codec Pack 7.0.0 (Standard) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 7.0.0 - )
MAGIX Speed burnR (MSI) (HKLM-x32\...\MX.{328343FF-0466-4E8D-88EB-53CE3150AE11}) (Version: 7.0.2.6 - MAGIX Software GmbH)
MAGIX Speed burnR (MSI) (Version: 7.0.2.6 - MAGIX Software GmbH) Hidden
MAGIX Video deluxe 2015 Premium (Designelemente) (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden
MAGIX Video deluxe 2015 Premium (Filmvorlagen 2) (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden
MAGIX Video deluxe 2015 Premium (Filmvorlagen 3) (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden
MAGIX Video deluxe 2015 Premium (Filmvorlagen 4) (Version: 1.0.1.0 - MAGIX Software GmbH) Hidden
MAGIX Video deluxe 2015 Premium (Filmvorlagen 5) (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden
MAGIX Video deluxe 2015 Premium (Filmvorlagen 6) (Version: 1.0.1.0 - MAGIX Software GmbH) Hidden
MAGIX Video deluxe 2015 Premium (Filmvorlagen) (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden
MAGIX Video deluxe 2015 Premium (Individuelle MenÃ¼vorlagen) (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden
MAGIX Video deluxe 2015 Premium (MenÃ¼vorlagen 1) (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden
MAGIX Video deluxe 2015 Premium (MenÃ¼vorlagen 2) (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden
MAGIX Video deluxe 2015 Premium (Red Giant Chromatic Glow) (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden
MAGIX Video deluxe 2015 Premium (Red Giant Knoll Light Factory) (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden
MAGIX Video deluxe 2015 Premium (Red Giant Retrograde) (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden
MAGIX Video deluxe 2015 Premium (Titeleffekte) (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden
MAGIX Video deluxe 2015 Premium (Version: 14.0.0.159 - MAGIX Software GmbH) Hidden
MAGIX Video deluxe 2016 Premium (Designelemente) (HKLM\...\MX.{67025742-42D8-4E8D-92BF-3C001AA7C645}) (Version: 1.0.0.0 - MAGIX Software GmbH)
MAGIX Video deluxe 2016 Premium (Designelemente) (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden
MAGIX Video deluxe 2016 Premium (HKLM\...\MX.{B9D9D873-ADDA-4D0C-B691-0F323C6DD62A}) (Version: 15.0.0.62 - MAGIX Software GmbH)
MAGIX Video deluxe 2016 Premium (Individuelle MenÃ¼vorlagen) (HKLM\...\MX.{33AFBCF9-0338-494D-BAFD-1367B5BD5A30}) (Version: 1.0.0.0 - MAGIX Software GmbH)
MAGIX Video deluxe 2016 Premium (Individuelle MenÃ¼vorlagen) (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden
MAGIX Video deluxe 2016 Premium (MenÃ¼vorlagen 1) (HKLM\...\MX.{8BCE1A1B-3EB0-4DCB-8C9F-6D235CA493FC}) (Version: 1.0.0.0 - MAGIX Software GmbH)
MAGIX Video deluxe 2016 Premium (MenÃ¼vorlagen 1) (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden
MAGIX Video deluxe 2016 Premium (MenÃ¼vorlagen 2) (HKLM\...\MX.{7D42CCF5-305C-49E7-9828-D89C05AEA82D}) (Version: 1.0.0.0 - MAGIX Software GmbH)
MAGIX Video deluxe 2016 Premium (MenÃ¼vorlagen 2) (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden
MAGIX Video deluxe 2016 Premium (Titeleffekte) (HKLM\...\MX.{28FE7891-77C0-45E1-9CA4-35E9250F91DA}) (Version: 1.0.0.0 - MAGIX Software GmbH)
MAGIX Video deluxe 2016 Premium (Titeleffekte) (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden
MAGIX Video deluxe 2016 Premium (Ãœberblendeffekte) (HKLM\...\MX.{585234EA-CDB3-48A7-B6C4-0EFF9A86D244}) (Version: 1.0.0.0 - MAGIX Software GmbH)
MAGIX Video deluxe 2016 Premium (Ãœberblendeffekte) (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden
MAGIX Video deluxe 2016 Premium (Version: 15.0.0.62 - MAGIX Software GmbH) Hidden
MAGIX Video deluxe 2016 Premium Update (Version: 15.0.0.102 - MAGIX Software GmbH) Hidden
Malwarebytes Anti-Malware Version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Medal of Honor Allied Assault (HKLM-x32\...\{0DEA94ED-915A-4834-A87E-388D012C8E02}) (Version:  - )
Microsoft .NET Framework 4.6.1 Hotfix Rollup (KB3120241) (HKLM\...\{46556DC7-EFC0-361E-832E-E0A9B0D2EFAB}) (Version: 4.6.01067 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Camera Codec Pack (HKLM\...\{F7930EE9-0929-439D-A57B-D40C2C69C890}) (Version: 6.3.9723.0 - Microsoft Corporation)
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) (HKLM-x32\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.30730.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2016 (HKLM\...\Office16.PROPLUS) (Version: 16.0.4266.1001 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61187 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61186 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{2DFD8316-9EF1-3210-908C-4CB61961C1AC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{D285FC5F-3021-32E9-9C59-24CA325BDC5C}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.7523 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.7523 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{527BBE2F-1FED-3D8B-91CB-4DB0F838E69E}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.7523 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.7523 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{b341426f-8543-4e0d-96c3-e976f8ec5ab6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{4fd02573-5f12-4ae4-8027-c63f8e1115af}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24210 (HKLM-x32\...\{f144e08f-9cbe-4f09-9a8c-f2b858b7ee7f}) (Version: 14.0.24210.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24210 (HKLM-x32\...\{23658c02-145e-483d-ba6b-1eb82c580529}) (Version: 14.0.24210.0 - Microsoft Corporation)
Microsoft Visual J# 2.0 Redistributable Package - SE (x64) (HKLM\...\Microsoft Visual J# 2.0 Redistributable Package - SE (x64)) (Version:  - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mp3tag v2.79 (HKLM-x32\...\Mp3tag) (Version: v2.79 - Florian Heidenreich)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML4 Parser (HKLM-x32\...\{01501EBA-EC35-4F9F-8889-3BE346E5DA13}) (Version: 1.0.0 - Microsoft Game Studios)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.3 - )
NVIDIA PhysX (HKLM-x32\...\{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}) (Version: 9.10.0513 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Outils de vÃ©rification linguistique 2016 de Microsoft OfficeÂ*- FranÃ§ais (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
PixelNet - Meine Bilderwelt (HKLM-x32\...\PixelNet - Meine Bilderwelt) (Version: 5.1.1. - ORWO Net)
Plague Inc Evolved MULTi14 - ElAmigos Version 1.13.0 (HKLM-x32\...\{BDF7DD42-37BE-43A2-8F9C-44EE65466076}_is1) (Version: 1.13.0 - Ndemic Creations)
Platform (x32 Version: 1.34 - VIA Technologies, Inc.) Hidden
posterXXL Designer 5.3 (HKLM-x32\...\posterXXL Designer_is1) (Version:  - )
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.14393.31228 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.1.28.1 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.1.28.1 - Renesas Electronics Corporation) Hidden
Strumenti di correzione di Microsoft Office 2016 - Italiano (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.66695 - TeamViewer)
Telegram Desktop version 1.0 (HKU\S-1-5-21-3767151760-3652987525-2816545776-1001\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 1.0 - Telegram Messenger LLP)
TeraCopy 2.3 (HKLM\...\TeraCopy_is1) (Version:  - Code Sector)
UseNeXT by Tangysoft (HKLM-x32\...\UseNeXT by Tangysoft_is1) (Version:  - Tangysoft Ltd.)
VIA Plattform-GerÃ¤te-Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.34 - VIA Technologies, Inc.)
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: 5.4.7.0 - Elaborate Bytes)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
WinX DVD Author 6.3.7 (HKLM-x32\...\WinX DVD Author_is1) (Version:  - DigiartySoft, Inc.)
Wise Disk Cleaner 9.33 (HKLM-x32\...\Wise Disk Cleaner_is1) (Version: 9.33 - WiseCleaner.com, Inc.)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {03C207F9-0233-4110-BA44-AEFF503E8BE4} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation)
Task: {0968ECFD-0C3D-4AB4-AF1E-D7A5FF3574AA} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2011-02-28] ()
Task: {0CB631FF-F9FB-4806-913B-FE54BD7E5EA1} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {138FAEB9-0784-41CE-9A7B-878E7CA373C8} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation)
Task: {1DA697D9-89AD-440E-A3F6-FD7C86DDC35F} - System32\Tasks\Driver Booster Scheduler => C:\Program Files (x86)\IObit\Driver Booster\Scheduler.exe [2015-11-30] (IObit)
Task: {35AC1427-5FD0-485B-9625-9CB83B3359C1} - System32\Tasks\{7AEF934D-1A17-4F57-9438-37B70C108C66} => pcalua.exe -a C:\Users\Klaus\Downloads\SAMSUNG_USB_Driver_for_Mobile_Phones\SAMSUNG_USB_Driver_for_Mobile_Phones.exe -d C:\Users\Klaus\Downloads\SAMSUNG_USB_Driver_for_Mobile_Phones
Task: {35FC097A-789D-4CE9-8D09-82C25A48E151} - System32\Tasks\Uninstaller_SkipUac_Klaus => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2016-10-10] (IObit)
Task: {37DC5A61-C110-4E74-B4B0-D263F3684162} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Keine Datei <==== ACHTUNG
Task: {3B2ADB35-FB27-4BAE-86E4-BC21E4145521} - System32\Tasks\{E1F06918-E97A-4DB0-A704-7E6795236240} => pcalua.exe -a "C:\Program Files\Common Files\Noobzo\GNUpdate\smUninstall.exe"
Task: {447BF8BB-4F3C-4067-8F63-C3A6E29D4AAB} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Keine Datei <==== ACHTUNG
Task: {4AEB58E8-9CB5-4BD6-81E2-113BD4331F65} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> Keine Datei <==== ACHTUNG
Task: {57187ACC-7BB3-4107-83E1-7FDF5368CDDB} - System32\Tasks\Driver Booster SkipUAC (Klaus) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe [2015-12-22] (IObit)
Task: {58F35C51-A384-4FC8-9CC6-1CF4C78FB5D8} - System32\Tasks\EPSON WF-2650 Series Update {FABA556B-21FB-403E-BD42-FC2114FBE22C} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSMBE.EXE [2013-11-22] (SEIKO EPSON CORPORATION)
Task: {6BDCDC22-8C69-47C1-87C7-6E860FA22301} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Keine Datei <==== ACHTUNG
Task: {76F28C59-93B6-4B5C-ADB1-3C3B2F5D2859} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-01-07] (Adobe Systems Incorporated)
Task: {7F8FEB6C-B918-4F6B-9F00-8C36B1212D96} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [2015-07-31] (Microsoft Corporation)
Task: {81A36ACB-9807-4079-A598-809FD76EAE45} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Keine Datei <==== ACHTUNG
Task: {82E95715-2A71-468E-9B9A-EA9C77B6F9EE} - System32\Tasks\EPSON WF-2650 Series Update {C0112A23-007B-432D-8F6F-FA9503CCCA9F} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSMBE.EXE [2013-11-22] (SEIKO EPSON CORPORATION)
Task: {8A4766DC-4F02-4991-A7B8-94EE466D391E} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> Keine Datei <==== ACHTUNG
Task: {8DF83C56-B2B3-4E6C-9984-AEED37A506E2} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation)
Task: {8FF7DD45-60E6-4C0F-B94E-24A8B06A93CC} - System32\Tasks\EPSON WF-2650 Series Update {AC41C320-182E-4D3E-911E-AAF704407DDD} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSMBE.EXE [2013-11-22] (SEIKO EPSON CORPORATION)
Task: {920CE08C-A63E-494B-961E-24BBFBB0BC02} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation)
Task: {96A99528-20FD-40E9-9C9A-08096A741B8C} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> Keine Datei <==== ACHTUNG
Task: {A80FE49A-8B8E-43EC-AB39-5E7C56B67631} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Keine Datei <==== ACHTUNG
Task: {ABAE8372-07A9-4063-8CFD-17C97D045E80} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Keine Datei <==== ACHTUNG
Task: {B7BD77F3-25B3-431E-BD0F-185BCAAD1947} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWoW64\Macromed\Flash\FlashUtil32_24_0_0_186_pepper.exe [2017-01-07] (Adobe Systems Incorporated)
Task: {BEC69237-488D-43A6-884F-AB10CA1CAAE8} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [2015-07-31] (Microsoft Corporation)
Task: {C27FEDD3-26A3-49CB-9EAC-07164D89F29E} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2015-07-31] (Microsoft Corporation)
Task: {C35785DD-0B93-442F-82DD-9CBB21661F3D} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Keine Datei <==== ACHTUNG
Task: {C7878158-87A8-4A5A-8F53-341276F6F97F} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Keine Datei <==== ACHTUNG
Task: {E1CD8A5F-15A3-42F0-A4BD-E88E43DC4D02} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Keine Datei <==== ACHTUNG
Task: {E40EA82D-9B0E-47B8-BAF5-F6B3B410419E} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Keine Datei <==== ACHTUNG
Task: {FBE53766-6AA7-4260-8317-0D5BE43C1DC0} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> Keine Datei <==== ACHTUNG

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\WINDOWS\SysWoW64\Macromed\Flash\FlashUtil32_24_0_0_186_pepper.exe
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\EPSON WF-2650 Series Update {AC41C320-182E-4D3E-911E-AAF704407DDD}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSMBE.EXE :/EXE:{AC41C320-182E-4D3E-911E-AAF704407DDD} /F:Update  WORKGROUP\KLAUS-PC$ ÄŠSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
Task: C:\WINDOWS\Tasks\EPSON WF-2650 Series Update {C0112A23-007B-432D-8F6F-FA9503CCCA9F}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSMBE.EXE :/EXE:{C0112A23-007B-432D-8F6F-FA9503CCCA9F} /F:Update  WORKGROUP\KLAUS-PC$ ÄŠSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
Task: C:\WINDOWS\Tasks\EPSON WF-2650 Series Update {FABA556B-21FB-403E-BD42-FC2114FBE22C}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSMBE.EXE :/EXE:{FABA556B-21FB-403E-BD42-FC2114FBE22C} /F:Update  WORKGROUP\KLAUS-PC$ ÄŠSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
Task: C:\WINDOWS\Tasks\UCBrowserUpdater.job => C:\Program Files (x86)\UCBrowser\Application\update_task.exe <==== ACHTUNG
Task: C:\WINDOWS\Tasks\Uninstaller_SkipUac_Klaus.job => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe

==================== VerknÃ¼pfungen =============================

(Die EintrÃ¤ge kÃ¶nnen gelistet werden, um sie zurÃ¼ckzusetzen oder zu entfernen.)

ShortcutWithArgument: C:\Users\Klaus\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 1"

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2016-07-16 12:42 - 2016-07-16 12:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-12-15 04:56 - 2016-12-09 11:29 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-09-01 17:12 - 2016-09-01 17:12 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-10-05 18:17 - 2016-10-05 18:17 - 01353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-12-15 04:56 - 2016-12-09 11:29 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-09-23 11:27 - 2016-09-23 11:27 - 00959168 _____ () C:\Users\Klaus\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\ClientTelemetry.dll
2016-09-23 12:03 - 2016-09-23 12:03 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-01-11 17:28 - 2016-12-21 08:09 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-01-11 17:28 - 2016-12-21 07:54 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-01-11 17:28 - 2016-12-21 07:48 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-01-11 17:28 - 2016-12-21 07:48 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-01-11 17:28 - 2016-12-21 07:48 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-01-11 17:28 - 2016-12-21 07:53 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2017-01-18 06:07 - 2017-01-18 06:07 - 00566439 _____ () C:\Users\Klaus\AppData\Local\JDownloader v2.0\tmp\7zip\SevenZipJBinding-FKPz9\libgcc_s_sjlj-1.dll
2017-01-18 06:07 - 2017-01-18 06:07 - 04078962 _____ () C:\Users\Klaus\AppData\Local\JDownloader v2.0\tmp\7zip\SevenZipJBinding-FKPz9\lib7-Zip-JBinding.dll
2017-01-07 00:09 - 2016-12-08 09:03 - 02412888 _____ () C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\libglesv2.dll
2017-01-07 00:09 - 2016-12-08 09:03 - 00099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\libegl.dll
2015-10-24 10:01 - 2009-02-27 15:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)

AlternateDataStreams: C:\WINDOWS\system32\drivers:ucdrv-x64.sys [23652]
AlternateDataStreams: C:\WINDOWS\system32\drivers:x64 [1479458]
AlternateDataStreams: C:\WINDOWS\system32\drivers:x86 [1205026]

==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\98752971.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WSService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\98752971.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SamSs => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv2 => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srvnet => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WSService => ""="Service"

==================== VerknÃ¼pfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurÃ¼ckgesetzt oder entfernt.)

HKU\S-1-5-21-3767151760-3652987525-2816545776-1001\Software\Classes\.exe:  =>  <===== ACHTUNG

==================== Internet Explorer VertrauenswÃ¼rdig/EingeschrÃ¤nkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)


==================== Hosts Inhalt: ===============================

(Wenn benÃ¶tigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurÃ¼ckzusetzen.)

2016-05-20 08:20 - 2017-01-16 23:01 - 00003733 ____A C:\WINDOWS\system32\Drivers\etc\hosts


==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix fÃ¼r diesen Bereich.)

HKU\S-1-5-21-3767151760-3652987525-2816545776-1001\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 8.8.8.8
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte EintrÃ¤ge ==

MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: AMD FUEL Service => 2
MSCONFIG\Services: BcmBtRSupport => 2
MSCONFIG\Services: Blackberry Device Manager => 3
MSCONFIG\Services: BrYNSvc => 3
MSCONFIG\Services: DigitalWave.Update.Service => 2
MSCONFIG\Services: GfExperienceService => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: IObitUnSvr => 2
MSCONFIG\Services: LiveUpdateSvc => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: NvNetworkService => 2
MSCONFIG\Services: NvStreamNetworkSvc => 3
MSCONFIG\Services: NvStreamSvc => 2
MSCONFIG\Services: nvsvc => 2
MSCONFIG\Services: nvUpdatusService => 2
MSCONFIG\Services: ProtexisLicensing => 2
MSCONFIG\Services: Stereo Service => 2
MSCONFIG\Services: TeamViewer => 2
MSCONFIG\Services: VIAKaraokeService => 2
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: Corel Reminder => "C:\Program Files (x86)\Corel\Graphics10\Register\NAVBrowser.exe" /r /i "C:\Program Files (x86)\Corel\Graphics10\Register\NavLoad.ini"
MSCONFIG\startupreg: HDAudDeck => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
MSCONFIG\startupreg: NvBackend => "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
MSCONFIG\startupreg: RIMBBLaunchAgent.exe => C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
MSCONFIG\startupreg: ShadowPlay => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: Windows Mobile Device Center => %windir%\WindowsMobile\wmdc.exe
HKLM\...\StartupApproved\Run: => "NvBackend"
HKLM\...\StartupApproved\Run: => "ShadowPlay"
HKLM\...\StartupApproved\Run: => "Windows Mobile-based device management"
HKLM\...\StartupApproved\Run: => "Acronis Scheduler2 Service"
HKLM\...\StartupApproved\Run32: => "BrStsMon00"
HKLM\...\StartupApproved\Run32: => "ControlCenter3"
HKLM\...\StartupApproved\Run32: => "VirtualCloneDrive"
HKLM\...\StartupApproved\Run32: => "XFastUsb"
HKLM\...\StartupApproved\Run32: => "CloneCDTray"
HKLM\...\StartupApproved\Run32: => "FUFAXSTM"
HKLM\...\StartupApproved\Run32: => "FUFAXRCV"
HKLM\...\StartupApproved\Run32: => "KiesTrayAgent"
HKU\S-1-5-21-3767151760-3652987525-2816545776-1001\...\StartupApproved\StartupFolder: => "svchost.com.url"
HKU\S-1-5-21-3767151760-3652987525-2816545776-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-3767151760-3652987525-2816545776-1001\...\StartupApproved\Run: => "Amazon Cloud Drive"
HKU\S-1-5-21-3767151760-3652987525-2816545776-1001\...\StartupApproved\Run: => "SpybotPostWindows10UpgradeReInstall"
HKU\S-1-5-21-3767151760-3652987525-2816545776-1001\...\StartupApproved\Run: => "K6340MJR5Y"
HKU\S-1-5-21-3767151760-3652987525-2816545776-1001\...\StartupApproved\Run: => "NBBI93937N"
HKU\S-1-5-21-3767151760-3652987525-2816545776-1001\...\StartupApproved\Run: => "E21ZCY697U"
HKU\S-1-5-21-3767151760-3652987525-2816545776-1001\...\StartupApproved\Run: => "WAZPWNA0WB"
HKU\S-1-5-21-3767151760-3652987525-2816545776-1001\...\StartupApproved\Run: => "AlcoholAutomount"

==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => LPort=808
FirewallRules: [MSMQ-Out-UDP] => %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-TCP] => %systemroot%\system32\mqsvc.exe
FirewallRules: [TCP Query User{7117C2F5-28E3-4682-8869-55FBDACB7FEC}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{977C23AA-7AB0-4B04-A70B-8C9C5B1997E5}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [TCP Query User{25CE0E4C-24C7-4446-B66A-FAC5E1A2E201}C:\program files (x86)\google\chrome\application\chrome.exe] => C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{43DFFE8B-4625-4704-A885-66A878F4E936}C:\program files (x86)\google\chrome\application\chrome.exe] => C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [TCP Query User{517C9FA1-579D-42B6-A784-15003BB15AAA}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{9789DE8E-68C2-476F-8D8C-92F231816F01}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [TCP Query User{F661733F-5924-473D-9EA5-1B8E6626EA1B}C:\program files (x86)\google\chrome\application\chrome.exe] => C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{E4893C5B-B7B9-4173-A2A5-7A4871E17F05}C:\program files (x86)\google\chrome\application\chrome.exe] => C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [TCP Query User{ACF42FD7-B18D-4269-8E85-CF80BBC9DDCC}C:\program files\itunes\itunes.exe] => C:\program files\itunes\itunes.exe
FirewallRules: [{D987DCBD-D3A9-4954-A87F-1BDAD283D061}] => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
FirewallRules: [{586AF745-F22D-4FA0-BB0C-439D09EBAF34}] => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
FirewallRules: [{0F2563AF-3CE2-451B-A314-15725F423CBF}] => C:\Program Files (x86)\IObit\Driver Booster\DBDownloader.exe
FirewallRules: [{ED9F1030-E647-4688-9022-A940F34436AA}] => C:\Program Files (x86)\IObit\Driver Booster\DBDownloader.exe
FirewallRules: [{C7BB1319-7011-48C7-9231-B4F22656608D}] => C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe
FirewallRules: [{F4670494-2AF9-48B8-97F3-6938B9FD5502}] => C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe
FirewallRules: [TCP Query User{9F924D5E-211D-4038-ABBE-5A2EB3C047F9}C:\program files (x86)\ea games\mohaa\mohaa.exe] => C:\program files (x86)\ea games\mohaa\mohaa.exe
FirewallRules: [UDP Query User{D0BF1CF8-FCF8-456A-B7EF-923913909B03}C:\program files (x86)\ea games\mohaa\mohaa.exe] => C:\program files (x86)\ea games\mohaa\mohaa.exe
FirewallRules: [{F0EE6EC3-D1F0-4354-83A0-0AB1C63F9D4E}] => C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{514E4506-B6ED-40B4-B6AE-E8672CA018B4}] => C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{9594B8A3-E77B-4CB9-BB4A-B3CB11DC1342}] => C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{D2C02EC3-2F03-46A9-8B12-7EAA064BCB11}] => C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{8333ED40-B6D1-4B31-8610-ACD78A878248}] => C:\Windows\SysWOW64\dplaysvr.exe
FirewallRules: [{2AEC24B7-FCCB-4EAA-83A2-6A2F3DFF9F7A}] => C:\Windows\SysWOW64\dplaysvr.exe
FirewallRules: [{F6A1296C-63A2-4700-9137-A66A8E2AED6D}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Wiederherstellungspunkte =========================

13-01-2017 13:24:56 Geplanter PrÃ¼fpunkt
14-01-2017 18:24:21 AcronisÂ*DiskÂ*DirectorÂ*12 wird installiert
16-01-2017 14:20:42 DirectX wurde installiert
16-01-2017 23:04:08 Removed Online.io Application
16-01-2017 23:07:42 Removed Online.io Application
16-01-2017 23:08:36 Removed Online.io Application

==================== Fehlerhafte GerÃ¤te im GerÃ¤temanager =============


==================== FehlereintrÃ¤ge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (01/18/2017 06:39:52 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 11.0.14393.0, Zeitstempel: 0x57899082
Name des fehlerhaften Moduls: nvwgf2um.dll, Version: 21.21.13.7633, Zeitstempel: 0x584d974c
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0016e1a1
ID des fehlerhaften Prozesses: 0xfb8
Startzeit der fehlerhaften Anwendung: 0x01d27148be6f14ed
Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
Pfad des fehlerhaften Moduls: C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_3f929cc119e3b994\nvwgf2um.dll
Berichtskennung: 164240be-d0b2-42d8-8fe7-c5f636b289e7
VollstÃ¤ndiger Name des fehlerhaften Pakets: 
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (01/18/2017 06:04:19 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0

Error: (01/18/2017 06:01:39 AM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: TWN BrtTWN: [2017/01/18 06:01:39.164]: [00007100]: Initialize TwdsMain Class failed!

Error: (01/18/2017 06:01:39 AM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: TWN BrtTWN: [2017/01/18 06:01:39.163]: [00007100]: ##### Fatal ERROR!! Create STI-device failed! #####

Error: (01/18/2017 06:01:39 AM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: TWN BrtTWN: [2017/01/18 06:01:39.163]: [00007100]: GetDeviceList Failed! pStiInfo = 0x0..

Error: (01/18/2017 12:03:05 AM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: TWN BrtTWN: [2017/01/18 00:03:05.463]: [00007080]: Initialize TwdsMain Class failed!

Error: (01/18/2017 12:03:05 AM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: TWN BrtTWN: [2017/01/18 00:03:05.463]: [00007080]: ##### Fatal ERROR!! Create STI-device failed! #####

Error: (01/18/2017 12:03:05 AM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: TWN BrtTWN: [2017/01/18 00:03:05.462]: [00007080]: GetDeviceList Failed! pStiInfo = 0x0..

Error: (01/17/2017 11:54:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Bioshock.exe, Version: 1.0.0.0, Zeitstempel: 0x49baa642
Name des fehlerhaften Moduls: Bioshock.exe, Version: 1.0.0.0, Zeitstempel: 0x49baa642
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0055f825
ID des fehlerhaften Prozesses: 0x294
Startzeit der fehlerhaften Anwendung: 0x01d2710abbc3156d
Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\BioShock\Builds\Release\Bioshock.exe
Pfad des fehlerhaften Moduls: C:\Program Files (x86)\BioShock\Builds\Release\Bioshock.exe
Berichtskennung: 735e23c5-160d-47ab-9d28-b0162d646e0e
VollstÃ¤ndiger Name des fehlerhaften Pakets: 
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (01/17/2017 07:49:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Bioshock.exe, Version: 1.0.0.0, Zeitstempel: 0x49baa642
Name des fehlerhaften Moduls: Bioshock.exe, Version: 1.0.0.0, Zeitstempel: 0x49baa642
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0055f825
ID des fehlerhaften Prozesses: 0xc34
Startzeit der fehlerhaften Anwendung: 0x01d270da47d96af0
Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\BioShock\Builds\Release\Bioshock.exe
Pfad des fehlerhaften Moduls: C:\Program Files (x86)\BioShock\Builds\Release\Bioshock.exe
Berichtskennung: 47bc2fcf-2990-4b77-9cc6-f2cc37b599b3
VollstÃ¤ndiger Name des fehlerhaften Pakets: 
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:


Systemfehler:
=============
Error: (01/18/2017 06:01:22 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÃ„T)
Description: Durch die Berechtigungseinstellungen fÃ¼r "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÃ„T\SYSTEM" (SID: S-1-5-18) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" fÃ¼r die COM-Serveranwendung mit der CLSID 
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 und der APPID 
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 im Anwendungscontainer "Nicht verfÃ¼gbar" (SID: Nicht verfÃ¼gbar) gewÃ¤hrt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool fÃ¼r Komponentendienste geÃ¤ndert werden.

Error: (01/18/2017 06:01:09 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "NetTcpActivator" ist vom Dienst "NetTcpPortSharing" abhÃ¤ngig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten GerÃ¤ten verbunden.

Error: (01/18/2017 12:02:35 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "NetTcpActivator" ist vom Dienst "NetTcpPortSharing" abhÃ¤ngig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten GerÃ¤ten verbunden.

Error: (01/18/2017 12:01:42 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende KorrekturmaÃŸnahmen werden in 30000 Millisekunden durchgefÃ¼hrt: Neustart des Diensts.

Error: (01/18/2017 12:01:42 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "iPod-Dienst" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (01/18/2017 12:01:42 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Disc Soft Ultra Bus Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (01/18/2017 12:01:42 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende KorrekturmaÃŸnahmen werden in 30000 Millisekunden durchgefÃ¼hrt: Neustart des Diensts.

Error: (01/18/2017 12:01:42 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "StarWind AE Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (01/18/2017 12:01:42 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Message Queuing" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende KorrekturmaÃŸnahmen werden in 120000 Millisekunden durchgefÃ¼hrt: Neustart des Diensts.

Error: (01/18/2017 12:01:42 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "EPSON V3 Service4(06)" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.


CodeIntegrity:
===================================
  Date: 2017-01-18 06:04:18.842
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\winhttp.dll because the set of per-page image hashes could not be found on the system.

  Date: 2017-01-18 06:04:18.816
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\winhttp.dll because the set of per-page image hashes could not be found on the system.

  Date: 2017-01-17 19:57:17.925
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-01-17 08:57:29.597
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-01-17 08:57:29.592
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-01-17 08:57:29.554
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-01-17 08:57:29.548
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-01-17 08:57:29.536
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-01-17 08:57:29.531
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-01-17 08:57:25.788
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Speicherinformationen =========================== 

Prozessor: AMD Phenom(tm) II X4 840 Processor
Prozentuale Nutzung des RAM: 26%
Installierter physikalischer RAM: 8191.3 MB
Verfügbarer physikalischer RAM: 6018.98 MB
Summe virtueller Speicher: 24191.3 MB
Verfügbarer virtueller Speicher: 21286.04 MB

==================== Laufwerke ================================

Drive c: (SYSTEM) (Fixed) (Total:111.35 GB) (Free:42.41 GB) NTFS ==>[Laufwerk mit Startkomponenten (eingeholt von BCD)]
Drive e: (PRIVAT) (Fixed) (Total:931.51 GB) (Free:336.62 GB) NTFS

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 6A6D4800)
Partition 1: (Active) - (Size=111.4 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 1E364A96)
Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== Ende von Addition.txt ============================

ADWCleaner 1:

Code:

ATTFilter

# AdwCleaner v6.042 - Bericht erstellt am 18/01/2017 um 07:11:05
# Aktualisiert am 06/01/2017 von Malwarebytes
# Datenbank : 2017-01-17.2 [Lokal]
# Betriebssystem : Windows 10 Pro  (X64)
# Benutzername : Klaus - KLAUS-PC
# Gestartet von : C:\Users\Klaus\Downloads\adwcleaner_6.042.exe
# Modus: Suchlauf
# Unterstützung : https://www.malwarebytes.com/support



***** [ Dienste ] *****

Dienst Gefunden: ucdrv


***** [ Ordner ] *****

Keine schädlichen Ordner gefunden.


***** [ Dateien ] *****

Keine schädlichen Dateien gefunden.


***** [ DLL ] *****

Keine infizierten DLLs gefunden.


***** [ WMI ] *****

Keine schädlichen Schlüssel gefunden.


***** [ Verknüpfungen ] *****

Keine infizierten Verknüpfungen gefunden.


***** [ Aufgabenplanung ] *****

Keine schädlichen Aufgaben gefunden.


***** [ Registrierungsdatenbank ] *****

Schlüssel Gefunden: HKU\S-1-5-21-3767151760-3652987525-2816545776-1001\Software\UCBrowser
Schlüssel Gefunden: HKCU\Software\UCBrowser
Schlüssel Gefunden: [x64] HKCU\Software\UCBrowser


***** [ Internetbrowser ] *****

Keine schädlichen Elemente in Firefox basierten Browsern gefunden.
Keine schädlichen Elemente in Chrome basierten Browsern gefunden.

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [7684 Bytes] - [03/10/2016 11:39:28]
C:\AdwCleaner\AdwCleaner[C2].txt - [37105 Bytes] - [17/01/2017 00:16:01]
C:\AdwCleaner\AdwCleaner[C3].txt - [2509 Bytes] - [17/01/2017 07:02:40]
C:\AdwCleaner\AdwCleaner[C4].txt - [1928 Bytes] - [17/01/2017 07:35:44]
C:\AdwCleaner\AdwCleaner[C5].txt - [2045 Bytes] - [17/01/2017 08:09:40]
C:\AdwCleaner\AdwCleaner[C6].txt - [1989 Bytes] - [17/01/2017 08:14:26]
C:\AdwCleaner\AdwCleaner[C7].txt - [2656 Bytes] - [17/01/2017 12:38:22]
C:\AdwCleaner\AdwCleaner[C8].txt - [2775 Bytes] - [18/01/2017 00:01:54]
C:\AdwCleaner\AdwCleaner[S0].txt - [7114 Bytes] - [03/10/2016 11:38:44]
C:\AdwCleaner\AdwCleaner[S10].txt - [2618 Bytes] - [17/01/2017 12:15:29]
C:\AdwCleaner\AdwCleaner[S11].txt - [2691 Bytes] - [17/01/2017 12:37:47]
C:\AdwCleaner\AdwCleaner[S12].txt - [2853 Bytes] - [18/01/2017 00:01:38]
C:\AdwCleaner\AdwCleaner[S13].txt - [2985 Bytes] - [18/01/2017 07:05:09]
C:\AdwCleaner\AdwCleaner[S14].txt - [2243 Bytes] - [18/01/2017 07:11:05]
C:\AdwCleaner\AdwCleaner[S1].txt - [30181 Bytes] - [17/01/2017 00:13:01]
C:\AdwCleaner\AdwCleaner[S2].txt - [2438 Bytes] - [17/01/2017 07:02:24]
C:\AdwCleaner\AdwCleaner[S3].txt - [1783 Bytes] - [17/01/2017 07:20:38]
C:\AdwCleaner\AdwCleaner[S4].txt - [1962 Bytes] - [17/01/2017 07:34:13]
C:\AdwCleaner\AdwCleaner[S5].txt - [2122 Bytes] - [17/01/2017 08:08:51]
C:\AdwCleaner\AdwCleaner[S6].txt - [2134 Bytes] - [17/01/2017 08:12:22]
C:\AdwCleaner\AdwCleaner[S7].txt - [2414 Bytes] - [17/01/2017 08:16:50]
C:\AdwCleaner\AdwCleaner[S8].txt - [2367 Bytes] - [17/01/2017 08:31:44]
C:\AdwCleaner\AdwCleaner[S9].txt - [2546 Bytes] - [17/01/2017 08:36:29]

########## EOF - C:\AdwCleaner\AdwCleaner[S14].txt - [2975 Bytes] ##########

emus77 · 18.01.2017, 08:04

ADWCleaner 2:

Code:

ATTFilter

# AdwCleaner v6.042 - Bericht erstellt am 18/01/2017 um 07:11:46
# Aktualisiert am 06/01/2017 von Malwarebytes
# Datenbank : 2017-01-17.2 [Lokal]
# Betriebssystem : Windows 10 Pro  (X64)
# Benutzername : Klaus - KLAUS-PC
# Gestartet von : C:\Users\Klaus\Downloads\adwcleaner_6.042.exe
# Modus: Löschen
# Unterstützung : https://www.malwarebytes.com/support



***** [ Dienste ] *****

[-] Dienst gelöscht: ucdrv


***** [ Ordner ] *****



***** [ Dateien ] *****



***** [ DLL ] *****



***** [ WMI ] *****



***** [ Verknüpfungen ] *****



***** [ Aufgabenplanung ] *****



***** [ Registrierungsdatenbank ] *****

[-] Schlüssel gelöscht: HKU\S-1-5-21-3767151760-3652987525-2816545776-1001\Software\UCBrowser
[#] Schlüssel mit Neustart gelöscht: HKCU\Software\UCBrowser
[#] Schlüssel mit Neustart gelöscht: [x64] HKCU\Software\UCBrowser


***** [ Browser ] *****



*************************

:: "Tracing" Schlüssel gelöscht
:: Winsock Einstellungen zurückgesetzt
:: Proxy Einstellungen zurückgesetzt
:: Internet Explorer Richtlinien gelöscht
:: Chrome Richtlinien gelöscht

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [7684 Bytes] - [03/10/2016 11:39:28]
C:\AdwCleaner\AdwCleaner[C2].txt - [37105 Bytes] - [17/01/2017 00:16:01]
C:\AdwCleaner\AdwCleaner[C3].txt - [2509 Bytes] - [17/01/2017 07:02:40]
C:\AdwCleaner\AdwCleaner[C4].txt - [1928 Bytes] - [17/01/2017 07:35:44]
C:\AdwCleaner\AdwCleaner[C5].txt - [2045 Bytes] - [17/01/2017 08:09:40]
C:\AdwCleaner\AdwCleaner[C6].txt - [1989 Bytes] - [17/01/2017 08:14:26]
C:\AdwCleaner\AdwCleaner[C7].txt - [2656 Bytes] - [17/01/2017 12:38:22]
C:\AdwCleaner\AdwCleaner[C8].txt - [2775 Bytes] - [18/01/2017 00:01:54]
C:\AdwCleaner\AdwCleaner[C9].txt - [1767 Bytes] - [18/01/2017 07:11:46]
C:\AdwCleaner\AdwCleaner[S0].txt - [7114 Bytes] - [03/10/2016 11:38:44]
C:\AdwCleaner\AdwCleaner[S10].txt - [2618 Bytes] - [17/01/2017 12:15:29]
C:\AdwCleaner\AdwCleaner[S11].txt - [2691 Bytes] - [17/01/2017 12:37:47]
C:\AdwCleaner\AdwCleaner[S12].txt - [2853 Bytes] - [18/01/2017 00:01:38]
C:\AdwCleaner\AdwCleaner[S13].txt - [2985 Bytes] - [18/01/2017 07:05:09]
C:\AdwCleaner\AdwCleaner[S14].txt - [3059 Bytes] - [18/01/2017 07:11:05]
C:\AdwCleaner\AdwCleaner[S1].txt - [30181 Bytes] - [17/01/2017 00:13:01]
C:\AdwCleaner\AdwCleaner[S2].txt - [2438 Bytes] - [17/01/2017 07:02:24]
C:\AdwCleaner\AdwCleaner[S3].txt - [1783 Bytes] - [17/01/2017 07:20:38]
C:\AdwCleaner\AdwCleaner[S4].txt - [1962 Bytes] - [17/01/2017 07:34:13]
C:\AdwCleaner\AdwCleaner[S5].txt - [2122 Bytes] - [17/01/2017 08:08:51]
C:\AdwCleaner\AdwCleaner[S6].txt - [2134 Bytes] - [17/01/2017 08:12:22]
C:\AdwCleaner\AdwCleaner[S7].txt - [2414 Bytes] - [17/01/2017 08:16:50]
C:\AdwCleaner\AdwCleaner[S8].txt - [2367 Bytes] - [17/01/2017 08:31:44]
C:\AdwCleaner\AdwCleaner[S9].txt - [2546 Bytes] - [17/01/2017 08:36:29]

########## EOF - C:\AdwCleaner\AdwCleaner[C9].txt - [2941 Bytes] ##########

Ich hoffe wieder auf eure Hilfe

burningice · 18.01.2017, 17:49

Mein Name ist Rafael und ich werde dir bei der Bereinigung helfen.

Damit ich dir optimal helfen kann, halte dich bitte an folgende Regeln:

Bitte lies meine Posts komplett durch bevor du sie abarbeitest
Wenn ein Problem auftauchen sollte oder dir etwas unklar ist, unterbreche deine Arbeit und beschreibe es so genau wie möglich.
Bitte kein Crossposting
Installiere oder Deinstalliere keine Software ohne Aufforderung
Bitte verwende nur die Tools, welche hier im Thread erwähnt werden und führe sie nur gemäß Anweisung aus
Bitte antworte innerhalb von 24h um eine sinnvolle Bereinigung zu ermöglichen
Poste die Logs immer in CODE-Tags (#-Button), zur Not die Logs einfach aufteilen
Wichtig: Nur weil dein Problem mit einem Schritt plötzlich behoben ist, bedeutet das nicht, dass dein PC auch sauber ist. Mache solange weiter, bis ich dir sage, dass dein PC "clean" ist
Wir machen unsere Arbeit freiwillig und ehrenamtlich neben unserer normalen Beschäftigung im Leben. Dennoch, wenn ich dir nicht binnen 36h antworte, sende mir bitte eine persönliche Nachricht!

Los geht's

Downloade dir bitte

TDSSKiller.exe und speichere diese Datei auf dem Desktop

Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
Drücke Start Scan
Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt

Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

emus77 · 18.01.2017, 19:46

Hallo Rafael,
und danke für deine Hilfe.

Hier der erste Log:

Code:

ATTFilter

19:43:40.0924 0x0e48  TDSS rootkit removing tool 3.1.0.12 Nov  7 2016 07:10:01
19:43:45.0749 0x0e48  ============================================================
19:43:45.0749 0x0e48  Current date / time: 2017/01/18 19:43:45.0749
19:43:45.0749 0x0e48  SystemInfo:
19:43:45.0764 0x0e48  
19:43:45.0764 0x0e48  OS Version: 10.0.14393 ServicePack: 0.0
19:43:45.0764 0x0e48  Product type: Workstation
19:43:45.0764 0x0e48  ComputerName: KLAUS-PC
19:43:45.0764 0x0e48  UserName: Klaus
19:43:45.0764 0x0e48  Windows directory: C:\WINDOWS
19:43:45.0764 0x0e48  System windows directory: C:\WINDOWS
19:43:45.0764 0x0e48  Running under WOW64
19:43:45.0764 0x0e48  Processor architecture: Intel x64
19:43:45.0764 0x0e48  Number of processors: 4
19:43:45.0764 0x0e48  Page size: 0x1000
19:43:45.0764 0x0e48  Boot type: Normal boot
19:43:45.0764 0x0e48  CodeIntegrityOptions = 0x00000001
19:43:45.0764 0x0e48  ============================================================
19:43:45.0840 0x0e48  KLMD registered as C:\WINDOWS\system32\drivers\31926613.sys
19:43:45.0840 0x0e48  KLMD ARK init status: drvProperties = 0xFFF00, osBuild = 14393.693, osProperties = 0x19
19:43:46.0685 0x0e48  System UUID: {E8DA0A40-9C94-0136-20FE-CA33098CB3B5}
19:43:47.0468 0x0e48  Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 ( 111.79 Gb ), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:43:47.0503 0x0e48  Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:43:48.0209 0x0e48  ============================================================
19:43:48.0209 0x0e48  \Device\Harddisk0\DR0:
19:43:48.0210 0x0e48  MBR partitions:
19:43:48.0210 0x0e48  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xDEB33B0
19:43:48.0210 0x0e48  \Device\Harddisk1\DR1:
19:43:48.0210 0x0e48  MBR partitions:
19:43:48.0210 0x0e48  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x747051C1
19:43:48.0211 0x0e48  ============================================================
19:43:48.0212 0x0e48  C: <-> \Device\Harddisk0\DR0\Partition1
19:43:48.0238 0x0e48  E: <-> \Device\Harddisk1\DR1\Partition1
19:43:48.0238 0x0e48  ============================================================
19:43:48.0238 0x0e48  Initialize success
19:43:48.0238 0x0e48  ============================================================
19:44:27.0398 0x1ebc  ============================================================
19:44:27.0398 0x1ebc  Scan started
19:44:27.0398 0x1ebc  Mode: Manual; SigCheck; TDLFS; 
19:44:27.0398 0x1ebc  ============================================================
19:44:27.0398 0x1ebc  KSN ping started
19:44:27.0494 0x1ebc  KSN ping finished: true
19:44:28.0347 0x1ebc  ================ Scan system memory ========================
19:44:28.0347 0x1ebc  System memory - ok
19:44:28.0348 0x1ebc  ================ Scan services =============================
19:44:28.0438 0x1ebc  1394ohci - ok
19:44:28.0444 0x1ebc  3ware - ok
19:44:28.0451 0x1ebc  ACPI - ok
19:44:28.0457 0x1ebc  AcpiDev - ok
19:44:28.0464 0x1ebc  acpiex - ok
19:44:28.0471 0x1ebc  acpipagr - ok
19:44:28.0479 0x1ebc  AcpiPmi - ok
19:44:28.0487 0x1ebc  acpitime - ok
19:44:28.0517 0x1ebc  [ 3F358E95AEB33CBD16E6006A70CC629B, CB6816CBD377582D74CFD078FC520B6F2069669D908F642E862476674AB937C4 ] AcrSch2Svc      C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
19:44:28.0589 0x1ebc  AcrSch2Svc - ok
19:44:28.0644 0x1ebc  [ 6F3C49799F770075E339E92B9B14AF21, 96295CA42275D7C22FEDC9567E8CCA4AB6584B7D38B4D1D62CCF197CA539C8A3 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
19:44:28.0661 0x1ebc  AdobeFlashPlayerUpdateSvc - ok
19:44:28.0672 0x1ebc  ADP80XX - ok
19:44:28.0682 0x1ebc  AFD - ok
19:44:28.0692 0x1ebc  ahcache - ok
19:44:28.0699 0x1ebc  AJRouter - ok
19:44:28.0705 0x1ebc  ALG - ok
19:44:28.0713 0x1ebc  AMD FUEL Service - ok
19:44:28.0720 0x1ebc  AmdK8 - ok
19:44:28.0727 0x1ebc  AmdPPM - ok
19:44:28.0734 0x1ebc  amdsata - ok
19:44:28.0740 0x1ebc  amdsbs - ok
19:44:28.0747 0x1ebc  amdxata - ok
19:44:28.0756 0x1ebc  AppHostSvc - ok
19:44:28.0761 0x1ebc  AppID - ok
19:44:28.0768 0x1ebc  AppIDSvc - ok
19:44:28.0775 0x1ebc  Appinfo - ok
19:44:28.0787 0x1ebc  [ 7D811EA7A2AAA49B0446D42CBC1CD338, AFECE5E44E48F756C7EB81D95C9237552AF8A9C02CBE756E0F3D3C6524DE49AD ] Apple Mobile Device Service C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
19:44:28.0797 0x1ebc  Apple Mobile Device Service - ok
19:44:28.0803 0x1ebc  applockerfltr - ok
19:44:28.0810 0x1ebc  AppMgmt - ok
19:44:28.0818 0x1ebc  AppReadiness - ok
19:44:28.0825 0x1ebc  AppVClient - ok
19:44:28.0831 0x1ebc  AppvStrm - ok
19:44:28.0839 0x1ebc  AppvVemgr - ok
19:44:28.0846 0x1ebc  AppvVfs - ok
19:44:28.0853 0x1ebc  AppXSvc - ok
19:44:28.0859 0x1ebc  arcsas - ok
19:44:28.0882 0x1ebc  aspnet_state - ok
19:44:28.0889 0x1ebc  [ 912A215CE180A6E7C923C662D7EC777D, 2828D6403F693B1CF4AD4F47A4C096E6B31E680665F5BBCCAA69416FFA7FF2E0 ] AsrAppCharger   C:\WINDOWS\system32\DRIVERS\AsrAppCharger.sys
19:44:28.0907 0x1ebc  AsrAppCharger - ok
19:44:28.0913 0x1ebc  AsyncMac - ok
19:44:28.0922 0x1ebc  atapi - ok
19:44:28.0928 0x1ebc  AudioEndpointBuilder - ok
19:44:28.0935 0x1ebc  Audiosrv - ok
19:44:28.0946 0x1ebc  [ 8562C35489C8D687E47DB87885E3BEF6, C01700A08ABFCD4FC4ECBCE621DE6C2DB5BF48810A6B5D54A15873CBFD587397 ] AxAutoMntSrv    C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe
19:44:28.0955 0x1ebc  AxAutoMntSrv - ok
19:44:28.0961 0x1ebc  AxInstSV - ok
19:44:28.0969 0x1ebc  [ 95831B8024A85AD7815026475DB969E5, 70539360CF526C0E5F960BAFE64D8BAB973E9E5C0E868726DB3B33B2AC33A164 ] AxVirtualAHCISrv C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAHCIServiceEx.exe
19:44:28.0980 0x1ebc  AxVirtualAHCISrv - ok
19:44:28.0987 0x1ebc  b06bdrv - ok
19:44:28.0994 0x1ebc  BasicDisplay - ok
19:44:29.0001 0x1ebc  BasicRender - ok
19:44:29.0015 0x1ebc  [ 9F1E203815CA45FBA1D51BC200D05665, 4951112B4ECF8D2C44391D572AEF53BF542C13BE7E64CCABD352A2DC663A1B63 ] bcbtums         C:\WINDOWS\system32\drivers\bcbtums.sys
19:44:29.0033 0x1ebc  bcbtums - ok
19:44:29.0093 0x1ebc  [ 27137628E8932E9B071BEA5EC82BDC4F, 21DC93C61D53FC31694E3D4E847F61E3EFE6FEA3B7CA2F3E0C4C0640F2B43F38 ] BcmBtRSupport   C:\WINDOWS\system32\BtwRSupportService.exe
19:44:29.0165 0x1ebc  BcmBtRSupport - ok
19:44:29.0178 0x1ebc  bcmfn - ok
19:44:29.0184 0x1ebc  bcmfn2 - ok
19:44:29.0191 0x1ebc  BDESVC - ok
19:44:29.0198 0x1ebc  Beep - ok
19:44:29.0205 0x1ebc  BFE - ok
19:44:29.0212 0x1ebc  BITS - ok
19:44:29.0228 0x1ebc  [ B5C2F92EE1106DFE7BB1CCE4D35B6037, E399C390687589194D8AAD385055F0CFA7D52AD9E837D8FF95008B8EB2B34E50 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
19:44:29.0246 0x1ebc  Bonjour Service - ok
19:44:29.0255 0x1ebc  bowser - ok
19:44:29.0261 0x1ebc  BrokerInfrastructure - ok
19:44:29.0268 0x1ebc  Browser - ok
19:44:29.0280 0x1ebc  [ EA7E57F87D6FEE5FD6C5F813C04E8CD2, 1EB84F4DEE3034FAFBEA2A3F84EECE036E803872DA94D54E958E9F2F09519E88 ] BrYNSvc         C:\Program Files (x86)\Browny02\BrYNSvc.exe
19:44:29.0299 0x1ebc  BrYNSvc - detected UnsignedFile.Multi.Generic ( 1 )
19:44:29.0393 0x1ebc  Detect skipped due to KSN trusted
19:44:29.0394 0x1ebc  BrYNSvc - ok
19:44:29.0402 0x1ebc  BthAvrcpTg - ok
19:44:29.0409 0x1ebc  BthHFEnum - ok
19:44:29.0416 0x1ebc  bthhfhid - ok
19:44:29.0423 0x1ebc  BthHFSrv - ok
19:44:29.0430 0x1ebc  BTHMODEM - ok
19:44:29.0440 0x1ebc  bthserv - ok
19:44:29.0451 0x1ebc  [ F3640757594567438C1A5CA0DDAAB21A, BFE7C58C0370FBB088036B0356C9C30F22ADB79F3821D938A64DA450294B0386 ] btwampfl        C:\WINDOWS\system32\DRIVERS\btwampfl.sys
19:44:29.0469 0x1ebc  btwampfl - ok
19:44:29.0476 0x1ebc  buttonconverter - ok
19:44:29.0483 0x1ebc  CapImg - ok
19:44:29.0489 0x1ebc  cdfs - ok
19:44:29.0496 0x1ebc  CDPSvc - ok
19:44:29.0505 0x1ebc  CDPUserSvc - ok
19:44:29.0518 0x1ebc  cdrom - ok
19:44:29.0525 0x1ebc  CertPropSvc - ok
19:44:29.0532 0x1ebc  cht4iscsi - ok
19:44:29.0538 0x1ebc  cht4vbd - ok
19:44:29.0545 0x1ebc  circlass - ok
19:44:29.0551 0x1ebc  CLFS - ok
19:44:29.0557 0x1ebc  ClipSVC - ok
19:44:29.0565 0x1ebc  clreg - ok
19:44:29.0584 0x1ebc  CmBatt - ok
19:44:29.0591 0x1ebc  CNG - ok
19:44:29.0597 0x1ebc  cnghwassist - ok
19:44:29.0631 0x1ebc  CompositeBus - ok
19:44:29.0638 0x1ebc  COMSysApp - ok
19:44:29.0644 0x1ebc  condrv - ok
19:44:29.0652 0x1ebc  CoreMessagingRegistrar - ok
19:44:29.0665 0x1ebc  CryptSvc - ok
19:44:29.0671 0x1ebc  CSC - ok
19:44:29.0678 0x1ebc  CscService - ok
19:44:29.0685 0x1ebc  dam - ok
19:44:29.0696 0x1ebc  DcomLaunch - ok
19:44:29.0702 0x1ebc  DcpSvc - ok
19:44:29.0709 0x1ebc  defragsvc - ok
19:44:29.0716 0x1ebc  DeviceAssociationService - ok
19:44:29.0723 0x1ebc  DeviceInstall - ok
19:44:29.0730 0x1ebc  DevQueryBroker - ok
19:44:29.0737 0x1ebc  Dfsc - ok
19:44:29.0744 0x1ebc  Dhcp - ok
19:44:29.0753 0x1ebc  diagnosticshub.standardcollector.service - ok
19:44:29.0759 0x1ebc  DiagTrack - ok
19:44:29.0776 0x1ebc  [ BB5C615C2F0D6F392B3C93B988969E02, 13F30E2BEE863823FB85A57C407060B2677D1EF95908D49D97FD0551D29E1969 ] DigitalWave.Update.Service C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe
19:44:29.0791 0x1ebc  DigitalWave.Update.Service - ok
19:44:29.0830 0x1ebc  [ AE2E89756784A47A3AFC769F02CAED97, CEBF27B90B87E0E6030109568B6023C9CCADFC88E4B936036C7DC907CB2FE264 ] Disc Soft Ultra Bus Service C:\Program Files\DAEMON Tools Ultra\DiscSoftBusService.exe
19:44:29.0871 0x1ebc  Disc Soft Ultra Bus Service - ok
19:44:29.0882 0x1ebc  disk - ok
19:44:29.0889 0x1ebc  DmEnrollmentSvc - ok
19:44:29.0896 0x1ebc  dmvsc - ok
19:44:29.0903 0x1ebc  dmwappushservice - ok
19:44:29.0909 0x1ebc  Dnscache - ok
19:44:29.0919 0x1ebc  dot3svc - ok
19:44:29.0926 0x1ebc  DPS - ok
19:44:29.0933 0x1ebc  drmkaud - ok
19:44:29.0940 0x1ebc  DsmSvc - ok
19:44:29.0946 0x1ebc  DsSvc - ok
19:44:29.0954 0x1ebc  [ 679FF716052109392D870F6A6C4A3535, BEF1784448CCA4AF1D67ED68BD0C7CFE01A7719E98CACF92C2DCBFAA916DC57E ] dtlitescsibus   C:\WINDOWS\System32\drivers\dtlitescsibus.sys
19:44:29.0964 0x1ebc  dtlitescsibus - ok
19:44:29.0971 0x1ebc  [ E23FDD696839A4790682CA66C48D3F2F, F5F0721BDA751968224E52E75D0C309A3E084C430CD98E85A55AF622D16B9A44 ] dtliteusbbus    C:\WINDOWS\System32\drivers\dtliteusbbus.sys
19:44:29.0981 0x1ebc  dtliteusbbus - ok
19:44:29.0989 0x1ebc  [ FDE25F2E15D963BB4FB7EE0806A1AC1E, 6255313203F8E15B2E57792E98C0DCDF3F74C64B792BB71F06E1F2CA54904241 ] dtultrascsibus  C:\WINDOWS\System32\drivers\dtultrascsibus.sys
19:44:29.0998 0x1ebc  dtultrascsibus - ok
19:44:30.0006 0x1ebc  [ 47938D95DC48FF45B0E22C4462DAC9D2, 638BC54C77F18718642DEABFCAE984BBF7017991F2A11D12CD5BFF5E158283BD ] dtultrausbbus   C:\WINDOWS\System32\drivers\dtultrausbbus.sys
19:44:30.0015 0x1ebc  dtultrausbbus - ok
19:44:30.0023 0x1ebc  DXGKrnl - ok
19:44:30.0030 0x1ebc  EapHost - ok
19:44:30.0036 0x1ebc  ebdrv - ok
19:44:30.0044 0x1ebc  EFS - ok
19:44:30.0050 0x1ebc  EhStorClass - ok
19:44:30.0057 0x1ebc  EhStorTcgDrv - ok
19:44:30.0065 0x1ebc  [ BE2902E13CA69383F449B6BF927844FB, F092785E305D8E1FE795AF98A7A7B7B4548A0D6687060568C9E078FFA8D65C1C ] ElbyCDIO        C:\WINDOWS\system32\Drivers\ElbyCDIO.sys
19:44:30.0074 0x1ebc  ElbyCDIO - ok
19:44:30.0081 0x1ebc  embeddedmode - ok
19:44:30.0088 0x1ebc  EntAppSvc - ok
19:44:30.0094 0x1ebc  [ 6106653B08F4F72EEAA7F099E7C408A4, 96B77284744F8761C4F2558388E0AEE2140618B484FF53FA8B222B340D2A9C84 ] epmntdrv        C:\WINDOWS\system32\epmntdrv.sys
19:44:30.0112 0x1ebc  epmntdrv - detected UnsignedFile.Multi.Generic ( 1 )
19:44:30.0451 0x1ebc  Detect skipped due to KSN trusted
19:44:30.0451 0x1ebc  epmntdrv - ok
19:44:30.0461 0x1ebc  [ D315FF43E23DF424ECEC2F6C930203E4, 68940EDA34DC4945CDD0D8018D96A0DA8F99F16A930946D14E4FECEE033FCB80 ] EpsonScanSvc    C:\WINDOWS\system32\EscSvc64.exe
19:44:30.0477 0x1ebc  EpsonScanSvc - ok
19:44:30.0486 0x1ebc  [ 86032A47AD0105130FE7808C903E2086, ACCCA35483B7E8F9FC72A65031E024C469DF94FCCF2C5CC37C9B3BED4F1C676E ] EPSON_PM_RPCV4_06 C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S60RPB.EXE
19:44:30.0497 0x1ebc  EPSON_PM_RPCV4_06 - ok
19:44:30.0504 0x1ebc  ErrDev - ok
19:44:30.0514 0x1ebc  [ 991C04A31777ED77CB92A4F96F14C2E2, 6CC2A311D8E67032D0847D70B20DCA87B52B2B7FB3C380B3A5AB6C233E955DD2 ] EuGdiDrv        C:\WINDOWS\system32\EuGdiDrv.sys
19:44:30.0530 0x1ebc  EuGdiDrv - detected UnsignedFile.Multi.Generic ( 1 )
19:44:30.0800 0x1ebc  Detect skipped due to KSN trusted
19:44:30.0800 0x1ebc  EuGdiDrv - ok
19:44:30.0809 0x1ebc  EventSystem - ok
19:44:30.0817 0x1ebc  exfat - ok
19:44:30.0824 0x1ebc  fastfat - ok
19:44:30.0830 0x1ebc  Fax - ok
19:44:30.0837 0x1ebc  fdc - ok
19:44:30.0843 0x1ebc  fdPHost - ok
19:44:30.0851 0x1ebc  FDResPub - ok
19:44:30.0858 0x1ebc  fhsvc - ok
19:44:30.0864 0x1ebc  FileCrypt - ok
19:44:30.0870 0x1ebc  FileInfo - ok
19:44:30.0877 0x1ebc  Filetrace - ok
19:44:30.0884 0x1ebc  flpydisk - ok
19:44:30.0890 0x1ebc  FltMgr - ok
19:44:30.0900 0x1ebc  [ 88F5A4E744B72385B9A61659879FCC67, 4AB96D5659AA4AF9F925F2FA0EF3FE48F39F3B29577CDBE41DBF721D34920342 ] fltsrv          C:\WINDOWS\system32\DRIVERS\fltsrv.sys
19:44:30.0910 0x1ebc  fltsrv - ok
19:44:30.0917 0x1ebc  FontCache - ok
19:44:30.0925 0x1ebc  FontCache3.0.0.0 - ok
19:44:30.0933 0x1ebc  FrameServer - ok
19:44:30.0939 0x1ebc  FsDepends - ok
19:44:30.0946 0x1ebc  Fs_Rec - ok
19:44:30.0953 0x1ebc  fvevol - ok
19:44:30.0961 0x1ebc  gencounter - ok
19:44:30.0966 0x1ebc  genericusbfn - ok
19:44:30.0973 0x1ebc  GPIOClx0101 - ok
19:44:30.0980 0x1ebc  gpsvc - ok
19:44:30.0986 0x1ebc  GpuEnergyDrv - ok
19:44:30.0996 0x1ebc  [ 053EEEE1ABAE53F044F1E386E22AE525, 195C8B78C0CF68F3DC1C08E58CE2A7146764F9273C39EF369194A366FA8EE1AD ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:44:31.0007 0x1ebc  gupdate - ok
19:44:31.0015 0x1ebc  [ 053EEEE1ABAE53F044F1E386E22AE525, 195C8B78C0CF68F3DC1C08E58CE2A7146764F9273C39EF369194A366FA8EE1AD ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:44:31.0025 0x1ebc  gupdatem - ok
19:44:31.0032 0x1ebc  HDAudBus - ok
19:44:31.0038 0x1ebc  HidBatt - ok
19:44:31.0045 0x1ebc  HidBth - ok
19:44:31.0052 0x1ebc  hidi2c - ok
19:44:31.0059 0x1ebc  hidinterrupt - ok
19:44:31.0066 0x1ebc  HidIr - ok
19:44:31.0072 0x1ebc  hidserv - ok
19:44:31.0080 0x1ebc  HidUsb - ok
19:44:31.0087 0x1ebc  HomeGroupListener - ok
19:44:31.0094 0x1ebc  HomeGroupProvider - ok
19:44:31.0101 0x1ebc  HpSAMD - ok
19:44:31.0108 0x1ebc  HTTP - ok
19:44:31.0114 0x1ebc  HvHost - ok
19:44:31.0122 0x1ebc  hvservice - ok
19:44:31.0166 0x1ebc  [ EF558A02D734A1403583E95CCEEC2487, F0D052DAF48A62E4A90D067BFCB5EE9563804DE68D0EA82E0E11C8D16AD19D29 ] HWiNFO32        C:\WINDOWS\SysWOW64\drivers\HWiNFO64A.SYS
19:44:31.0174 0x1ebc  HWiNFO32 - ok
19:44:31.0180 0x1ebc  hwpolicy - ok
19:44:31.0187 0x1ebc  hyperkbd - ok
19:44:31.0195 0x1ebc  i8042prt - ok
19:44:31.0202 0x1ebc  iagpio - ok
19:44:31.0208 0x1ebc  iai2c - ok
19:44:31.0215 0x1ebc  iaLPSS2i_GPIO2 - ok
19:44:31.0222 0x1ebc  iaLPSS2i_I2C - ok
19:44:31.0229 0x1ebc  iaLPSSi_GPIO - ok
19:44:31.0236 0x1ebc  iaLPSSi_I2C - ok
19:44:31.0242 0x1ebc  iaStorAV - ok
19:44:31.0249 0x1ebc  iaStorV - ok
19:44:31.0256 0x1ebc  ibbus - ok
19:44:31.0263 0x1ebc  icssvc - ok
19:44:31.0273 0x1ebc  IKEEXT - ok
19:44:31.0278 0x1ebc  IndirectKmd - ok
19:44:31.0292 0x1ebc  intelide - ok
19:44:31.0299 0x1ebc  intelpep - ok
19:44:31.0306 0x1ebc  intelppm - ok
19:44:31.0320 0x1ebc  [ 8273733637D6C05CC34C53FFA0DDF8BD, 2EB0BA1C23BE0E03D90C92A54C588E09C0738FF8E1C9464A13522760FA19ADDB ] IObitUnSvr      C:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe
19:44:31.0337 0x1ebc  IObitUnSvr - ok
19:44:31.0343 0x1ebc  iorate - ok
19:44:31.0351 0x1ebc  IpFilterDriver - ok
19:44:31.0358 0x1ebc  iphlpsvc - ok
19:44:31.0364 0x1ebc  IPMIDRV - ok
19:44:31.0371 0x1ebc  IPNAT - ok
19:44:31.0393 0x1ebc  [ C37FAF1F0CE458D124A326FC8A7FF08D, 0147897CDF6DC2AB7113672D2B62CB258303FB0482B084C23C2E7EFCDE0065B4 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
19:44:31.0418 0x1ebc  iPod Service - ok
19:44:31.0427 0x1ebc  irda - ok
19:44:31.0435 0x1ebc  IRENUM - ok
19:44:31.0442 0x1ebc  irmon - ok
19:44:31.0448 0x1ebc  isapnp - ok
19:44:31.0455 0x1ebc  iScsiPrt - ok
19:44:31.0462 0x1ebc  kbdclass - ok
19:44:31.0468 0x1ebc  kbdhid - ok
19:44:31.0476 0x1ebc  kdnic - ok
19:44:31.0483 0x1ebc  KeyIso - ok
19:44:31.0488 0x1ebc  KSecDD - ok
19:44:31.0495 0x1ebc  KSecPkg - ok
19:44:31.0502 0x1ebc  ksthunk - ok
19:44:31.0509 0x1ebc  KtmRm - ok
19:44:31.0516 0x1ebc  LanmanServer - ok
19:44:31.0522 0x1ebc  LanmanWorkstation - ok
19:44:31.0533 0x1ebc  lfsvc - ok
19:44:31.0539 0x1ebc  LicenseManager - ok
19:44:31.0546 0x1ebc  lltdio - ok
19:44:31.0552 0x1ebc  lltdsvc - ok
19:44:31.0559 0x1ebc  lmhosts - ok
19:44:31.0569 0x1ebc  LSI_SAS - ok
19:44:31.0576 0x1ebc  LSI_SAS2i - ok
19:44:31.0583 0x1ebc  LSI_SAS3i - ok
19:44:31.0589 0x1ebc  LSI_SSS - ok
19:44:31.0597 0x1ebc  LSM - ok
19:44:31.0603 0x1ebc  luafv - ok
19:44:31.0610 0x1ebc  MapsBroker - ok
19:44:31.0618 0x1ebc  [ 78BFF5425E044086E74E78650A359FBB, 294738C10F3ED933D4EC40EA0659372FCF19A3C6D45D356917438CA495F2CB45 ] MBAMProtector   C:\WINDOWS\system32\drivers\mbam.sys
19:44:31.0629 0x1ebc  MBAMProtector - ok
19:44:31.0669 0x1ebc  [ 9611577752E293259C7DCE19E9026362, 8CB5DFD63FA15603BB6FA6B501E09ED7F4DE0E8F68CB28B78CECAC3711BEFD24 ] MBAMScheduler   C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
19:44:31.0716 0x1ebc  MBAMScheduler - ok
19:44:31.0751 0x1ebc  [ F1A89A34388B5626F1548D393B23ECB1, EA00AC76C4C8C9340753B58A3313C9177A9B98F9F1BDE08F184CD0F53D0C186F ] MBAMService     C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
19:44:31.0783 0x1ebc  MBAMService - ok
19:44:31.0796 0x1ebc  [ 78488AF2AB2111D67B3C4044707A519B, 7AA71B9C4C7949A1A21F60EF7CCEDE0079794990696B60557B5DC86F4D47223A ] MBAMSwissArmy   C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
19:44:31.0808 0x1ebc  MBAMSwissArmy - ok
19:44:31.0816 0x1ebc  [ 898415AC0B5F1D2A9A48ABCB68A6DC4B, E1FD9AE5E22E3E5A18288E66A6184E92A4B63A1274DCE147A7728BB09C6A225E ] MBAMWebAccessControl C:\WINDOWS\system32\drivers\mwac.sys
19:44:31.0827 0x1ebc  MBAMWebAccessControl - ok
19:44:31.0834 0x1ebc  megasas - ok
19:44:31.0841 0x1ebc  megasas2i - ok
19:44:31.0848 0x1ebc  megasr - ok
19:44:31.0855 0x1ebc  MessagingService - ok
19:44:31.0863 0x1ebc  mlx4_bus - ok
19:44:31.0871 0x1ebc  MMCSS - ok
19:44:31.0878 0x1ebc  Modem - ok
19:44:31.0885 0x1ebc  monitor - ok
19:44:31.0892 0x1ebc  mouclass - ok
19:44:31.0899 0x1ebc  mouhid - ok
19:44:31.0905 0x1ebc  mountmgr - ok
19:44:31.0911 0x1ebc  mpsdrv - ok
19:44:31.0919 0x1ebc  MpsSvc - ok
19:44:31.0926 0x1ebc  MQAC - ok
19:44:31.0933 0x1ebc  MRxDAV - ok
19:44:31.0940 0x1ebc  mrxsmb - ok
19:44:31.0946 0x1ebc  mrxsmb10 - ok
19:44:31.0954 0x1ebc  mrxsmb20 - ok
19:44:32.0004 0x1ebc  MsBridge - ok
19:44:32.0011 0x1ebc  MSDTC - ok
19:44:32.0024 0x1ebc  Msfs - ok
19:44:32.0031 0x1ebc  msgpiowin32 - ok
19:44:32.0038 0x1ebc  mshidkmdf - ok
19:44:32.0044 0x1ebc  mshidumdf - ok
19:44:32.0051 0x1ebc  msisadrv - ok
19:44:32.0059 0x1ebc  MSiSCSI - ok
19:44:32.0065 0x1ebc  msiserver - ok
19:44:32.0071 0x1ebc  MSKSSRV - ok
19:44:32.0077 0x1ebc  MsLldp - ok
19:44:32.0085 0x1ebc  MSMQ - ok
19:44:32.0091 0x1ebc  MSPCLOCK - ok
19:44:32.0098 0x1ebc  MSPQM - ok
19:44:32.0105 0x1ebc  MsRPC - ok
19:44:32.0113 0x1ebc  MsSecFlt - ok
19:44:32.0120 0x1ebc  mssmbios - ok
19:44:32.0128 0x1ebc  MSTEE - ok
19:44:32.0135 0x1ebc  MTConfig - ok
19:44:32.0141 0x1ebc  Mup - ok
19:44:32.0149 0x1ebc  mvumis - ok
19:44:32.0158 0x1ebc  NativeWifiP - ok
19:44:32.0166 0x1ebc  NcaSvc - ok
19:44:32.0171 0x1ebc  NcbService - ok
19:44:32.0178 0x1ebc  NcdAutoSetup - ok
19:44:32.0185 0x1ebc  ndfltr - ok
19:44:32.0192 0x1ebc  NDIS - ok
19:44:32.0199 0x1ebc  NdisCap - ok
19:44:32.0206 0x1ebc  NdisImPlatform - ok
19:44:32.0212 0x1ebc  NdisTapi - ok
19:44:32.0218 0x1ebc  Ndisuio - ok
19:44:32.0225 0x1ebc  NdisVirtualBus - ok
19:44:32.0232 0x1ebc  NdisWan - ok
19:44:32.0238 0x1ebc  ndiswanlegacy - ok
19:44:32.0244 0x1ebc  ndproxy - ok
19:44:32.0253 0x1ebc  Ndu - ok
19:44:32.0260 0x1ebc  NetAdapterCx - ok
19:44:32.0266 0x1ebc  NetBIOS - ok
19:44:32.0275 0x1ebc  NetBT - ok
19:44:32.0281 0x1ebc  Netlogon - ok
19:44:32.0288 0x1ebc  Netman - ok
19:44:32.0301 0x1ebc  NetMsmqActivator - ok
19:44:32.0305 0x1ebc  NetPipeActivator - ok
19:44:32.0313 0x1ebc  netprofm - ok
19:44:32.0319 0x1ebc  NetSetupSvc - ok
19:44:32.0324 0x1ebc  NetTcpActivator - ok
19:44:32.0331 0x1ebc  NetTcpPortSharing - ok
19:44:32.0342 0x1ebc  NgcCtnrSvc - ok
19:44:32.0349 0x1ebc  NgcSvc - ok
19:44:32.0355 0x1ebc  NlaSvc - ok
19:44:32.0361 0x1ebc  Npfs - ok
19:44:32.0369 0x1ebc  npsvctrig - ok
19:44:32.0375 0x1ebc  nsi - ok
19:44:32.0381 0x1ebc  nsiproxy - ok
19:44:32.0391 0x1ebc  NTFS - ok
19:44:32.0398 0x1ebc  Null - ok
19:44:32.0414 0x1ebc  [ 64DA1993B1973F049C1347DA1B05185E, 2A04E263DB13751D033E2F9B9518820CF4942EEAFA5A32488570EEB699EE2A96 ] NVHDA           C:\WINDOWS\system32\drivers\nvhda64v.sys
19:44:32.0429 0x1ebc  NVHDA - ok
19:44:32.0794 0x1ebc  [ 557A0393BDFED327968A9E695FB4CEBA, 76D39F74439205B5B614B0D99E9E10629738E00250A5E7FFEE50815F69EE70D0 ] nvlddmkm        C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_3f929cc119e3b994\nvlddmkm.sys
19:44:33.0104 0x1ebc  nvlddmkm - ok
19:44:33.0142 0x1ebc  NVNET - ok
19:44:33.0148 0x1ebc  nvraid - ok
19:44:33.0154 0x1ebc  nvstor - ok
19:44:33.0167 0x1ebc  [ 71B6ECD3C56FBF12FB1968DA3953B703, 47E39FBC336C9BFC159AA0FF9D8DEE950724ABB782102858E397A7EF87112584 ] nvstor64        C:\WINDOWS\System32\drivers\nvstor64.sys
19:44:33.0181 0x1ebc  nvstor64 - ok
19:44:33.0188 0x1ebc  OneSyncSvc - ok
19:44:33.0203 0x1ebc  [ 58327B7E7C4E325C66B7C4A5220CE5F4, FF66411B23A195CA3C64F5409F2E2C6F88CB01034A4C9DDCA565DE0E144ABC13 ] ose64           C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:44:33.0221 0x1ebc  ose64 - ok
19:44:33.0230 0x1ebc  p2pimsvc - ok
19:44:33.0237 0x1ebc  p2psvc - ok
19:44:33.0244 0x1ebc  Parport - ok
19:44:33.0250 0x1ebc  partmgr - ok
19:44:33.0257 0x1ebc  PcaSvc - ok
19:44:33.0264 0x1ebc  pci - ok
19:44:33.0272 0x1ebc  pciide - ok
19:44:33.0278 0x1ebc  pcmcia - ok
19:44:33.0285 0x1ebc  pcw - ok
19:44:33.0291 0x1ebc  pdc - ok
19:44:33.0297 0x1ebc  PEAUTH - ok
19:44:33.0304 0x1ebc  PeerDistSvc - ok
19:44:33.0311 0x1ebc  percsas2i - ok
19:44:33.0317 0x1ebc  percsas3i - ok
19:44:33.0362 0x1ebc  PerfHost - ok
19:44:33.0377 0x1ebc  PhoneSvc - ok
19:44:33.0386 0x1ebc  PimIndexMaintenanceSvc - ok
19:44:33.0395 0x1ebc  pla - ok
19:44:33.0401 0x1ebc  PlugPlay - ok
19:44:33.0408 0x1ebc  PnkBstrA - ok
19:44:33.0415 0x1ebc  PNRPAutoReg - ok
19:44:33.0422 0x1ebc  PNRPsvc - ok
19:44:33.0429 0x1ebc  PolicyAgent - ok
19:44:33.0439 0x1ebc  Power - ok
19:44:33.0445 0x1ebc  PptpMiniport - ok
19:44:33.0531 0x1ebc  [ 7196D3C2E2E3129814C8DAB91F9A7D1E, 6763E4BF8E846B597E78778E520F5BADC95608BAA4EA0AC84971384B5D976DD7 ] PrintNotify     C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll
19:44:33.0662 0x1ebc  PrintNotify - ok
19:44:33.0676 0x1ebc  Processor - ok
19:44:33.0683 0x1ebc  ProfSvc - ok
19:44:33.0694 0x1ebc  [ F115AF58ABE5605D7D709CBFBD83F418, 4855FCD6E455D6E374CE92E5B37D61E7E6D8A861BA76521E7CC2542621853471 ] ProtexisLicensing C:\WINDOWS\SysWOW64\PSIService.exe
19:44:33.0715 0x1ebc  ProtexisLicensing - ok
19:44:33.0722 0x1ebc  Psched - ok
19:44:33.0730 0x1ebc  [ 07D57B890DD5693A6AB660CBAE8F91B4, 934895A41C116056E22FE3298418332A9F4280F96E96EEE06C977A4925395674 ] PxHlpa64        C:\WINDOWS\system32\drivers\PxHlpa64.sys
19:44:33.0740 0x1ebc  PxHlpa64 - ok
19:44:33.0746 0x1ebc  QWAVE - ok
19:44:33.0753 0x1ebc  QWAVEdrv - ok
19:44:33.0759 0x1ebc  RasAcd - ok
19:44:33.0767 0x1ebc  RasAgileVpn - ok
19:44:33.0773 0x1ebc  RasAuto - ok
19:44:33.0779 0x1ebc  Rasl2tp - ok
19:44:33.0787 0x1ebc  RasMan - ok
19:44:33.0793 0x1ebc  RasPppoe - ok
19:44:33.0801 0x1ebc  RasSstp - ok
19:44:33.0807 0x1ebc  rdbss - ok
19:44:33.0817 0x1ebc  rdpbus - ok
19:44:33.0824 0x1ebc  RDPDR - ok
19:44:33.0839 0x1ebc  RdpVideoMiniport - ok
19:44:33.0845 0x1ebc  rdyboost - ok
19:44:33.0851 0x1ebc  ReFSv1 - ok
19:44:33.0861 0x1ebc  RemoteAccess - ok
19:44:33.0868 0x1ebc  RemoteRegistry - ok
19:44:33.0875 0x1ebc  RetailDemo - ok
19:44:33.0881 0x1ebc  [ 7B04C9843921AB1F695FB395422C5360, C9B02BE0384357FD242613C2A12029B45322AF9A795CD69F33500CA7530899A7 ] RimUsb          C:\WINDOWS\System32\Drivers\RimUsb_AMD64.sys
19:44:33.0906 0x1ebc  RimUsb - ok
19:44:33.0913 0x1ebc  [ 344604E6913BD6E4EAEC34AF2E0943D7, 4ADFE13AFECD0F263A27F647FC6BA1AB47B2A28F9D70FCAC90F23D0A2FB8C493 ] RimVSerPort     C:\WINDOWS\system32\DRIVERS\RimSerial_AMD64.sys
19:44:33.0937 0x1ebc  RimVSerPort - ok
19:44:33.0944 0x1ebc  RmSvc - ok
19:44:33.0950 0x1ebc  RpcEptMapper - ok
19:44:33.0956 0x1ebc  RpcLocator - ok
19:44:33.0965 0x1ebc  RpcSs - ok
19:44:33.0972 0x1ebc  rspndr - ok
19:44:33.0988 0x1ebc  [ 15F7B5181274ED437DFDEF21B44679A4, EEBB62A98B4C296618F0B8A38AD1F3DF79197539DBFD16853FAF3ADB1CDED630 ] RTSUER          C:\WINDOWS\system32\Drivers\RtsUer.sys
19:44:34.0007 0x1ebc  RTSUER - ok
19:44:34.0015 0x1ebc  s3cap - ok
19:44:34.0021 0x1ebc  SamSs - ok
19:44:34.0027 0x1ebc  sbp2port - ok
19:44:34.0036 0x1ebc  SCardSvr - ok
19:44:34.0041 0x1ebc  ScDeviceEnum - ok
19:44:34.0048 0x1ebc  scfilter - ok
19:44:34.0054 0x1ebc  Schedule - ok
19:44:34.0061 0x1ebc  scmbus - ok
19:44:34.0068 0x1ebc  scmdisk0101 - ok
19:44:34.0075 0x1ebc  SCPolicySvc - ok
19:44:34.0082 0x1ebc  sdbus - ok
19:44:34.0087 0x1ebc  SDRSVC - ok
19:44:34.0094 0x1ebc  sdstor - ok
19:44:34.0101 0x1ebc  Secdrv - ok
19:44:34.0108 0x1ebc  seclogon - ok
19:44:34.0115 0x1ebc  SENS - ok
19:44:34.0122 0x1ebc  Sense - ok
19:44:34.0127 0x1ebc  SensorDataService - ok
19:44:34.0135 0x1ebc  SensorService - ok
19:44:34.0141 0x1ebc  SensrSvc - ok
19:44:34.0149 0x1ebc  SerCx - ok
19:44:34.0155 0x1ebc  SerCx2 - ok
19:44:34.0162 0x1ebc  Serenum - ok
19:44:34.0169 0x1ebc  Serial - ok
19:44:34.0176 0x1ebc  sermouse - ok
19:44:34.0191 0x1ebc  SessionEnv - ok
19:44:34.0204 0x1ebc  sfloppy - ok
19:44:34.0211 0x1ebc  SharedAccess - ok
19:44:34.0219 0x1ebc  ShellHWDetection - ok
19:44:34.0225 0x1ebc  shpamsvc - ok
19:44:34.0232 0x1ebc  SiSRaid2 - ok
19:44:34.0239 0x1ebc  SiSRaid4 - ok
19:44:34.0248 0x1ebc  [ 9122A68375D990280644DF33973B506A, 4514FCF8070B341F110E1E23774B9DE29046D2B28A530850018FE818D549FAD3 ] smhwser         C:\WINDOWS\system32\DRIVERS\smhwser.sys
19:44:34.0275 0x1ebc  smhwser - ok
19:44:34.0281 0x1ebc  smphost - ok
19:44:34.0289 0x1ebc  SmsRouter - ok
19:44:34.0308 0x1ebc  [ 348F3039E192A84FADE1E2C6C4257500, FFC915C604D14F566ACEFB85741F5F871814031AEFF2CF0A52071A551076325C ] snapman         C:\WINDOWS\system32\DRIVERS\snapman.sys
19:44:34.0323 0x1ebc  snapman - ok
19:44:34.0333 0x1ebc  SNMPTRAP - ok
19:44:34.0339 0x1ebc  spaceport - ok
19:44:34.0346 0x1ebc  SpbCx - ok
19:44:34.0353 0x1ebc  Spooler - ok
19:44:34.0359 0x1ebc  sppsvc - ok
19:44:34.0370 0x1ebc  [ 7E4C426CB645AD4EF6BE22C82E47D6F1, 3B010DF91D9E1FBDBED4181BB7C04F5ACAAEAF890CA8D6C3E369D28CFAA09C4A ] sptd2           C:\WINDOWS\system32\Drivers\sptd2.sys
19:44:34.0384 0x1ebc  sptd2 - ok
19:44:34.0391 0x1ebc  srv - ok
19:44:34.0397 0x1ebc  srv2 - ok
19:44:34.0403 0x1ebc  srvnet - ok
19:44:34.0410 0x1ebc  SSDPSRV - ok
19:44:34.0417 0x1ebc  SstpSvc - ok
19:44:34.0432 0x1ebc  [ E5C796B621F6FBA8616511063D7F0FFE, 447FA64F552D4B04AD029E01485B4438A70D9B9B98EB49A883D5B17ED4C1D52F ] StarWindServiceAE C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
19:44:34.0453 0x1ebc  StarWindServiceAE - detected UnsignedFile.Multi.Generic ( 1 )
19:44:34.0537 0x1ebc  Detect skipped due to KSN trusted
19:44:34.0537 0x1ebc  StarWindServiceAE - ok
19:44:34.0545 0x1ebc  StateRepository - ok
19:44:34.0552 0x1ebc  stexstor - ok
19:44:34.0558 0x1ebc  stisvc - ok
19:44:34.0564 0x1ebc  storahci - ok
19:44:34.0571 0x1ebc  storflt - ok
19:44:34.0577 0x1ebc  stornvme - ok
19:44:34.0585 0x1ebc  storqosflt - ok
19:44:34.0592 0x1ebc  StorSvc - ok
19:44:34.0599 0x1ebc  storufs - ok
19:44:34.0604 0x1ebc  storvsc - ok
19:44:34.0611 0x1ebc  svsvc - ok
19:44:34.0618 0x1ebc  swenum - ok
19:44:34.0624 0x1ebc  swprv - ok
19:44:34.0631 0x1ebc  Synth3dVsc - ok
19:44:34.0638 0x1ebc  SysMain - ok
19:44:34.0645 0x1ebc  SystemEventsBroker - ok
19:44:34.0652 0x1ebc  TabletInputService - ok
19:44:34.0658 0x1ebc  TapiSrv - ok
19:44:34.0665 0x1ebc  Tcpip - ok
19:44:34.0672 0x1ebc  Tcpip6 - ok
19:44:34.0682 0x1ebc  tcpipreg - ok
19:44:34.0692 0x1ebc  tdx - ok
19:44:34.0868 0x1ebc  [ F2F02E436BA56A96A06E4427C5787B6E, 1562FF264011A15AC69808CB74F387917C4E8ED3B91546B12933BE10B6E20B3A ] TeamViewer      C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
19:44:35.0037 0x1ebc  TeamViewer - ok
19:44:35.0062 0x1ebc  terminpt - ok
19:44:35.0068 0x1ebc  TermService - ok
19:44:35.0075 0x1ebc  Themes - ok
19:44:35.0082 0x1ebc  TieringEngineService - ok
19:44:35.0088 0x1ebc  tiledatamodelsvc - ok
19:44:35.0095 0x1ebc  TimeBrokerSvc - ok
19:44:35.0103 0x1ebc  TPM - ok
19:44:35.0110 0x1ebc  TrkWks - ok
19:44:35.0117 0x1ebc  [ 0D5A09B08568760AE85A801FCBC0F83D, 347ACBA74FDCBEAC671521739F8A34EC0E378CAF716C31F55616F9F843E4D0D3 ] TrueSight       C:\Windows\System32\drivers\TrueSight.sys
19:44:35.0127 0x1ebc  TrueSight - ok
19:44:35.0133 0x1ebc  TrustedInstaller - ok
19:44:35.0143 0x1ebc  tsusbflt - ok
19:44:35.0152 0x1ebc  TsUsbGD - ok
19:44:35.0159 0x1ebc  tsusbhub - ok
19:44:35.0167 0x1ebc  tunnel - ok
19:44:35.0174 0x1ebc  tzautoupdate - ok
19:44:35.0181 0x1ebc  UASPStor - ok
19:44:35.0190 0x1ebc  UcmCx0101 - ok
19:44:35.0198 0x1ebc  UcmTcpciCx0101 - ok
19:44:35.0206 0x1ebc  UcmUcsi - ok
19:44:35.0214 0x1ebc  Ucx01000 - ok
19:44:35.0222 0x1ebc  UdeCx - ok
19:44:35.0228 0x1ebc  udfs - ok
19:44:35.0235 0x1ebc  UEFI - ok
19:44:35.0242 0x1ebc  UevAgentDriver - ok
19:44:35.0250 0x1ebc  UevAgentService - ok
19:44:35.0257 0x1ebc  Ufx01000 - ok
19:44:35.0263 0x1ebc  UfxChipidea - ok
19:44:35.0271 0x1ebc  ufxsynopsys - ok
19:44:35.0285 0x1ebc  UI0Detect - ok
19:44:35.0290 0x1ebc  umbus - ok
19:44:35.0297 0x1ebc  UmPass - ok
19:44:35.0305 0x1ebc  UmRdpService - ok
19:44:35.0311 0x1ebc  UnistoreSvc - ok
19:44:35.0322 0x1ebc  upnphost - ok
19:44:35.0328 0x1ebc  UrsChipidea - ok
19:44:35.0334 0x1ebc  UrsCx01000 - ok
19:44:35.0341 0x1ebc  UrsSynopsys - ok
19:44:35.0349 0x1ebc  [ F957092C63CD71D85903CA0D8370F473, 4DEC2FC20329F248135DA24CB6694FD972DCCE8B1BBEA8D872FDE41939E96AAF ] USBAAPL64       C:\WINDOWS\System32\Drivers\usbaapl64.sys
19:44:35.0376 0x1ebc  USBAAPL64 - ok
19:44:35.0382 0x1ebc  usbccgp - ok
19:44:35.0390 0x1ebc  usbcir - ok
19:44:35.0395 0x1ebc  usbehci - ok
19:44:35.0402 0x1ebc  usbhub - ok
19:44:35.0408 0x1ebc  USBHUB3 - ok
19:44:35.0415 0x1ebc  usbohci - ok
19:44:35.0422 0x1ebc  usbprint - ok
19:44:35.0430 0x1ebc  [ 2EC7B2C8123236B1233A77281D378DF7, D97DB59C9CAE2B8B33C707E8CEA7A65BF88712842CC715D270F7432A99D21BB6 ] usbscan         C:\WINDOWS\system32\DRIVERS\usbscan.sys
19:44:35.0448 0x1ebc  usbscan - ok
19:44:35.0458 0x1ebc  USBSTOR - ok
19:44:35.0470 0x1ebc  usbuhci - ok
19:44:35.0477 0x1ebc  USBXHCI - ok
19:44:35.0485 0x1ebc  UserDataSvc - ok
19:44:35.0495 0x1ebc  UserManager - ok
19:44:35.0502 0x1ebc  UsoSvc - ok
19:44:35.0508 0x1ebc  VaultSvc - ok
19:44:35.0518 0x1ebc  [ 3C8E2C591345F38149C69FE8E5DF8C90, 9F4BB9BDA09CB2E99A6A888B288F322AE5C460B5D124CD714C6F00FF5029144B ] VClone          C:\WINDOWS\System32\drivers\VClone.sys
19:44:35.0540 0x1ebc  VClone - ok
19:44:35.0546 0x1ebc  vdrvroot - ok
19:44:35.0554 0x1ebc  vds - ok
19:44:35.0561 0x1ebc  VerifierExt - ok
19:44:35.0570 0x1ebc  vhdmp - ok
19:44:35.0576 0x1ebc  vhf - ok
19:44:35.0601 0x1ebc  [ 1916D8565B95F93D696067C01280937E, 0DA15AE1729F2D0F37A00751871F68F07724B14B07AC3257B2636C7F171FF660 ] VIAHdAudAddService C:\WINDOWS\system32\drivers\viahduaa.sys
19:44:35.0627 0x1ebc  VIAHdAudAddService - ok
19:44:35.0637 0x1ebc  [ 26F9E6EC387A35B9C0543F10A0E8E798, 7A324A635C8B94D2463E140EF8FD4ECFB3ACAAC7EC5D1C9FCC49BB63F2F56ABD ] VIAKaraokeService C:\WINDOWS\system32\viakaraokesrv.exe
19:44:35.0664 0x1ebc  VIAKaraokeService - ok
19:44:35.0670 0x1ebc  vmbus - ok
19:44:35.0676 0x1ebc  VMBusHID - ok
19:44:35.0683 0x1ebc  vmci - ok
19:44:35.0691 0x1ebc  vmgid - ok
19:44:35.0697 0x1ebc  vmicguestinterface - ok
19:44:35.0704 0x1ebc  vmicheartbeat - ok
19:44:35.0709 0x1ebc  vmickvpexchange - ok
19:44:35.0717 0x1ebc  vmicrdv - ok
19:44:35.0722 0x1ebc  vmicshutdown - ok
19:44:35.0729 0x1ebc  vmictimesync - ok
19:44:35.0735 0x1ebc  vmicvmsession - ok
19:44:35.0742 0x1ebc  vmicvss - ok
19:44:35.0748 0x1ebc  VMnetAdapter - ok
19:44:35.0756 0x1ebc  volmgr - ok
19:44:35.0762 0x1ebc  volmgrx - ok
19:44:35.0769 0x1ebc  volsnap - ok
19:44:35.0775 0x1ebc  volume - ok
19:44:35.0782 0x1ebc  vpci - ok
19:44:35.0790 0x1ebc  vsmraid - ok
19:44:35.0797 0x1ebc  VSS - ok
19:44:35.0804 0x1ebc  VSTXRAID - ok
19:44:35.0815 0x1ebc  [ 26BF9586A9F4CF7630F75D8514797103, 4E0EF6D085B5948FFB59210723C05A2FB926FCC0A1EE0D5A129FAD754131486B ] VUSB3HUB        C:\WINDOWS\System32\drivers\ViaHub3.sys
19:44:35.0833 0x1ebc  VUSB3HUB - detected UnsignedFile.Multi.Generic ( 1 )
19:44:35.0898 0x1ebc  Detect skipped due to KSN trusted
19:44:35.0898 0x1ebc  VUSB3HUB - ok
19:44:35.0906 0x1ebc  vwifibus - ok
19:44:35.0912 0x1ebc  vwififlt - ok
19:44:35.0918 0x1ebc  W32Time - ok
19:44:35.0926 0x1ebc  w3logsvc - ok
19:44:35.0932 0x1ebc  W3SVC - ok
19:44:35.0939 0x1ebc  WacomPen - ok
19:44:35.0946 0x1ebc  WalletService - ok
19:44:35.0953 0x1ebc  wanarp - ok
19:44:35.0959 0x1ebc  wanarpv6 - ok
19:44:35.0966 0x1ebc  WAS - ok
19:44:35.0973 0x1ebc  wbengine - ok
19:44:35.0979 0x1ebc  WbioSrvc - ok
19:44:35.0985 0x1ebc  wcifs - ok
19:44:35.0992 0x1ebc  Wcmsvc - ok
19:44:35.0999 0x1ebc  wcncsvc - ok
19:44:36.0006 0x1ebc  wcnfs - ok
19:44:36.0012 0x1ebc  WdBoot - ok
19:44:36.0019 0x1ebc  Wdf01000 - ok
19:44:36.0026 0x1ebc  WdFilter - ok
19:44:36.0033 0x1ebc  WdiServiceHost - ok
19:44:36.0039 0x1ebc  WdiSystemHost - ok
19:44:36.0047 0x1ebc  wdiwifi - ok
19:44:36.0054 0x1ebc  WdNisDrv - ok
19:44:36.0059 0x1ebc  WdNisSvc - ok
19:44:36.0068 0x1ebc  WebClient - ok
19:44:36.0075 0x1ebc  Wecsvc - ok
19:44:36.0081 0x1ebc  WEPHOSTSVC - ok
19:44:36.0089 0x1ebc  wercplsupport - ok
19:44:36.0095 0x1ebc  WerSvc - ok
19:44:36.0103 0x1ebc  WFPLWFS - ok
19:44:36.0110 0x1ebc  WiaRpc - ok
19:44:36.0116 0x1ebc  WIMMount - ok
19:44:36.0121 0x1ebc  WinDefend - ok
19:44:36.0136 0x1ebc  WindowsTrustedRT - ok
19:44:36.0142 0x1ebc  WindowsTrustedRTProxy - ok
19:44:36.0150 0x1ebc  WinHttpAutoProxySvc - ok
19:44:36.0157 0x1ebc  WinMad - ok
19:44:36.0171 0x1ebc  Winmgmt - ok
19:44:36.0178 0x1ebc  WinRM - ok
19:44:36.0192 0x1ebc  WINUSB - ok
19:44:36.0199 0x1ebc  WinVerbs - ok
19:44:36.0207 0x1ebc  wisvc - ok
19:44:36.0214 0x1ebc  WlanSvc - ok
19:44:36.0221 0x1ebc  wlidsvc - ok
19:44:36.0226 0x1ebc  WmiAcpi - ok
19:44:36.0238 0x1ebc  wmiApSrv - ok
19:44:36.0243 0x1ebc  WMPNetworkSvc - ok
19:44:36.0251 0x1ebc  Wof - ok
19:44:36.0262 0x1ebc  workfolderssvc - ok
19:44:36.0269 0x1ebc  WPDBusEnum - ok
19:44:36.0275 0x1ebc  WpdUpFltr - ok
19:44:36.0283 0x1ebc  WpnService - ok
19:44:36.0288 0x1ebc  WpnUserService - ok
19:44:36.0298 0x1ebc  ws2ifsl - ok
19:44:36.0306 0x1ebc  wscsvc - ok
19:44:36.0313 0x1ebc  WSDPrintDevice - ok
19:44:36.0320 0x1ebc  WSDScan - ok
19:44:36.0326 0x1ebc  WSearch - ok
19:44:36.0393 0x1ebc  [ DDB7E452A99E0E5244105C6D2CF4BC9E, 1364B03AFFD20D339A2EBA303575BCCBC2D122D89810B1E3593CC55F93F9B79A ] wuauserv        C:\WINDOWS\system32\wuaueng.dll
19:44:36.0521 0x1ebc  wuauserv - ok
19:44:36.0532 0x1ebc  WudfPf - ok
19:44:36.0537 0x1ebc  WUDFRd - ok
19:44:36.0544 0x1ebc  wudfsvc - ok
19:44:36.0550 0x1ebc  WUDFWpdFs - ok
19:44:36.0557 0x1ebc  WUDFWpdMtp - ok
19:44:36.0565 0x1ebc  WwanSvc - ok
19:44:36.0572 0x1ebc  XblAuthManager - ok
19:44:36.0578 0x1ebc  XblGameSave - ok
19:44:36.0585 0x1ebc  xboxgip - ok
19:44:36.0592 0x1ebc  XboxNetApiSvc - ok
19:44:36.0605 0x1ebc  [ 6A6EDC5E20DB7B1363F5A0B1A1EB59C4, B8826B8A742115D8D42EF9D5759A9A000278C1F01A85E8ED216BC21AE451B612 ] xhcdrv          C:\WINDOWS\System32\drivers\xhcdrv.sys
19:44:36.0625 0x1ebc  xhcdrv - detected UnsignedFile.Multi.Generic ( 1 )
19:44:36.0812 0x1ebc  Detect skipped due to KSN trusted
19:44:36.0812 0x1ebc  xhcdrv - ok
19:44:36.0821 0x1ebc  xinputhid - ok
19:44:36.0824 0x1ebc  ================ Scan global ===============================
19:44:36.0849 0x1ebc  [ Global ] - ok
19:44:36.0850 0x1ebc  ================ Scan MBR ==================================
19:44:36.0854 0x1ebc  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
19:44:37.0053 0x1ebc  \Device\Harddisk0\DR0 - ok
19:44:37.0057 0x1ebc  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
19:44:37.0171 0x1ebc  \Device\Harddisk1\DR1 - ok
19:44:37.0172 0x1ebc  ================ Scan VBR ==================================
19:44:37.0177 0x1ebc  [ FAD12003EEE51C6359F883C87E7536AD ] \Device\Harddisk0\DR0\Partition1
19:44:37.0179 0x1ebc  \Device\Harddisk0\DR0\Partition1 - ok
19:44:37.0182 0x1ebc  [ 48562245CDFFFA2697B3BC26FFBC8D1D ] \Device\Harddisk1\DR1\Partition1
19:44:37.0185 0x1ebc  \Device\Harddisk1\DR1\Partition1 - ok
19:44:37.0185 0x1ebc  ================ Scan generic autorun ======================
19:44:37.0188 0x1ebc  VIAxHCUtl - ok
19:44:37.0189 0x1ebc  WindowsDefender - ok
19:44:37.0199 0x1ebc  [ D91AB5CCE502F95726AC1E035C867BC6, A27B2AAB26C844454A0CEA97F861623C518A837B9DF41778AC7F4E9184E6BC8C ] C:\Program Files\iTunes\iTunesHelper.exe
19:44:37.0210 0x1ebc  iTunesHelper - ok
19:44:37.0223 0x1ebc  [ B75072C688F3707E5A8FC4E76236A811, 16E69F72D75D5722ACED4AF3BD6142FC2F2534324AE73D29829E797BF3297C43 ] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
19:44:37.0240 0x1ebc  Acronis Scheduler2 Service - ok
19:44:37.0260 0x1ebc  [ D3B3E999961870108AB068C46DA6356B, B9BB0DB720DD7AFE52796AB848441B54116BEE0517115D9A352B1A6D242FA542 ] C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe
19:44:37.0285 0x1ebc  FUFAXRCV - ok
19:44:37.0311 0x1ebc  [ 67E88143D9FF46D479C1DC890FD51E6E, 67948D043459B619B7A289E686845A147AF8463C8F73FBB12127F012A0C85B24 ] C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe
19:44:37.0339 0x1ebc  FUFAXSTM - ok
19:44:37.0372 0x1ebc  [ F17FFAF69E1AF3D0A010FD4749148981, 7486A1EFE378BFCEE30D169BD0189CABD6935EBEE556BF0328330B120975EA03 ] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
19:44:37.0401 0x1ebc  EEventManager - ok
19:44:37.0410 0x1ebc  [ 3BD79A1F6D2EA0FDDEA3F8914B2A6A0C, 332E6806EFF846A2E6D0DC04A70D3503855DABFA83E6EC27F37E2D9103E80E51 ] C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
19:44:37.0420 0x1ebc  VirtualCloneDrive - ok
19:44:37.0421 0x1ebc  KiesTrayAgent - ok
19:44:37.0431 0x1ebc  [ 8943465BEFA91044227D42E84ECB8280, 76D19CE3EB7E6C6573F250543CDC10B3601604535BFB756805AE246FA55AC265 ] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
19:44:37.0440 0x1ebc  NUSB3MON - ok
19:44:37.0449 0x1ebc  [ 587F4E7E41B0A690B05C707F8E524686, 02398E72688C04EE2270E1BEC5310B05B0FE51909609778CEA62FAB1376329EE ] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
19:44:37.0460 0x1ebc  amd_dc_opt - detected UnsignedFile.Multi.Generic ( 1 )
19:44:37.0563 0x1ebc  Detect skipped due to KSN trusted
19:44:37.0563 0x1ebc  amd_dc_opt - ok
19:44:37.0602 0x1ebc  OneDriveSetup - ok
19:44:37.0605 0x1ebc  OneDriveSetup - ok
19:44:37.0635 0x1ebc  [ F51BB12D8977D26C1A4CDA348770D9F1, DDA35CD8F8A6591B83821B5180D457740E0B820CCE000BC7FB1B78FB4AEAD3BA ] C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe
19:44:37.0676 0x1ebc  SpybotPostWindows10UpgradeReInstall - detected UnsignedFile.Multi.Generic ( 1 )
19:44:37.0748 0x1ebc  Detect skipped due to KSN trusted
19:44:37.0748 0x1ebc  SpybotPostWindows10UpgradeReInstall - ok
19:44:37.0754 0x1ebc  [ 8562C35489C8D687E47DB87885E3BEF6, C01700A08ABFCD4FC4ECBCE621DE6C2DB5BF48810A6B5D54A15873CBFD587397 ] C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe
19:44:37.0762 0x1ebc  AlcoholAutomount - ok
19:44:37.0877 0x1ebc  [ 397125F8AADEA1035B472018515FB35E, 713AC72EF4E25D15D6F08713C4AD4F85BF4679EE8B725D1028964EA37341311E ] C:\Program Files\DAEMON Tools Ultra\DTAgent.exe
19:44:37.0981 0x1ebc  DAEMON Tools Ultra Agent - ok
19:44:37.0991 0x1ebc  WAZPWNA0WB - ok
19:44:37.0993 0x1ebc  E21ZCY697U - ok
19:44:38.0000 0x1ebc  OneDriveSetup - ok
19:44:38.0003 0x1ebc  WAB Migrate - ok
19:44:38.0005 0x1ebc  Waiting for KSN requests completion. In queue: 60
19:44:39.0075 0x1ebc  AV detected via SS2: Windows Defender, C:\Program Files\Windows Defender\MSASCui.exe ( 4.10.14393.187 ), 0x61100 ( enabled : updated )
19:44:39.0086 0x1ebc  Win FW state via NFP2: enabled ( trusted )
19:44:39.0240 0x1ebc  ============================================================
19:44:39.0240 0x1ebc  Scan finished
19:44:39.0240 0x1ebc  ============================================================
19:44:39.0257 0x0bd8  Detected object count: 0
19:44:39.0257 0x0bd8  Actual detected object count: 0
19:45:42.0829 0x0ef8  Deinitialize success

burningice · 19.01.2017, 19:59

Schritt 1
Lade dir folgendes Programm herunter und installiere es:

Malwarebytes Anti-Malware

Starte Malwarebytes' Anti-Malware (MBAM).
Klicke links auf Einstellungen und wechsle zum Tab Schutz.
Unter Scan-Optionen aktiviere die Option Nach Rootkits suchen
Klicke im Anschluss auf Scan, wähle den Bedrohungs-Scan aus und klicke auf Scan starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Ausgewählte Elemente in die Quarantäne verschieben.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM nach dem Neustart, klicke auf Berichte.
Wähle den neuesten Scan-Bericht aus, klicke auf Bericht anzeigen und dann auf Export.
Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Schritt 2
Downloade Dir bitte AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser.
Starte die adwcleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Werkzeuge > Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel
- "Prefetch" Dateien
- Proxy
- Winsock
- Internet Explorer Richtlinien
- Chrome Richtlinien
Bestätige die Auswahl mit Ok.
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen (auch dann wenn AdwCleaner sagt, dass nichts gefunden wurde) und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Schritt 3
Bitte starte wieder FRST, setze den Haken bei Addition und drücke auf Untersuchen. Poste bitte wieder die beiden Textdateien, die so entstehen.

Bitte poste in deiner nächsten Antwort also:

Logfile von AdwCleaner
Logfile von Malwarebytes
Frst.txt
Addition.txt

emus77 · 19.01.2017, 20:24

Bin gerade dabei, deine Instruktionen auszuführen und werde sie umgehend posten.
Wie lange bist du heute abend online?

ist das normal, dass beim mbam-scan für ne millisekunde ein kleines cmd-fenster aufpoppt und wieder verschwindet...?

kann ich auch eine mbam.txt als zip hochladen?
ist über 320000 zeichen lang.....1700 Fehler bereinigt...

emus77 · 19.01.2017, 20:26

siehe Anhang

emus77 · 19.01.2017, 20:32

adwcleaner.txt:

Code:

ATTFilter

# AdwCleaner v6.042 - Bericht erstellt am 19/01/2017 um 20:27:44
# Aktualisiert am 06/01/2017 von Malwarebytes
# Datenbank : 2017-01-18.1 [Lokal]
# Betriebssystem : Windows 10 Pro  (X64)
# Benutzername : Klaus - KLAUS-PC
# Gestartet von : C:\Users\Klaus\Desktop\VIRUS\adwcleaner_6.042.exe
# Modus: Löschen
# Unterstützung : https://www.malwarebytes.com/support



***** [ Dienste ] *****

[-] Dienst gelöscht: ucdrv


***** [ Ordner ] *****



***** [ Dateien ] *****



***** [ DLL ] *****



***** [ WMI ] *****



***** [ Verknüpfungen ] *****



***** [ Aufgabenplanung ] *****



***** [ Registrierungsdatenbank ] *****

[-] Schlüssel gelöscht: HKU\S-1-5-21-3767151760-3652987525-2816545776-1001\Software\UCBrowser
[#] Schlüssel mit Neustart gelöscht: HKCU\Software\UCBrowser
[#] Schlüssel mit Neustart gelöscht: [x64] HKCU\Software\UCBrowser


***** [ Browser ] *****



*************************

:: "Tracing" Schlüssel gelöscht
:: Winsock Einstellungen zurückgesetzt
:: Proxy Einstellungen zurückgesetzt
:: Internet Explorer Richtlinien gelöscht
:: Chrome Richtlinien gelöscht

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [7684 Bytes] - [03/10/2016 11:39:28]
C:\AdwCleaner\AdwCleaner[C10].txt - [1259 Bytes] - [19/01/2017 20:27:44]
C:\AdwCleaner\AdwCleaner[C2].txt - [37105 Bytes] - [17/01/2017 00:16:01]
C:\AdwCleaner\AdwCleaner[C3].txt - [2509 Bytes] - [17/01/2017 07:02:40]
C:\AdwCleaner\AdwCleaner[C4].txt - [1928 Bytes] - [17/01/2017 07:35:44]
C:\AdwCleaner\AdwCleaner[C5].txt - [2045 Bytes] - [17/01/2017 08:09:40]
C:\AdwCleaner\AdwCleaner[C6].txt - [1989 Bytes] - [17/01/2017 08:14:26]
C:\AdwCleaner\AdwCleaner[C7].txt - [2656 Bytes] - [17/01/2017 12:38:22]
C:\AdwCleaner\AdwCleaner[C8].txt - [2775 Bytes] - [18/01/2017 00:01:54]
C:\AdwCleaner\AdwCleaner[C9].txt - [3024 Bytes] - [18/01/2017 07:11:46]
C:\AdwCleaner\AdwCleaner[S0].txt - [7114 Bytes] - [03/10/2016 11:38:44]
C:\AdwCleaner\AdwCleaner[S10].txt - [2618 Bytes] - [17/01/2017 12:15:29]
C:\AdwCleaner\AdwCleaner[S11].txt - [2691 Bytes] - [17/01/2017 12:37:47]
C:\AdwCleaner\AdwCleaner[S12].txt - [2853 Bytes] - [18/01/2017 00:01:38]
C:\AdwCleaner\AdwCleaner[S13].txt - [2985 Bytes] - [18/01/2017 07:05:09]
C:\AdwCleaner\AdwCleaner[S14].txt - [3059 Bytes] - [18/01/2017 07:11:05]
C:\AdwCleaner\AdwCleaner[S15].txt - [3211 Bytes] - [19/01/2017 20:01:03]
C:\AdwCleaner\AdwCleaner[S16].txt - [3284 Bytes] - [19/01/2017 20:23:32]
C:\AdwCleaner\AdwCleaner[S1].txt - [30181 Bytes] - [17/01/2017 00:13:01]
C:\AdwCleaner\AdwCleaner[S2].txt - [2438 Bytes] - [17/01/2017 07:02:24]
C:\AdwCleaner\AdwCleaner[S3].txt - [1783 Bytes] - [17/01/2017 07:20:38]
C:\AdwCleaner\AdwCleaner[S4].txt - [1962 Bytes] - [17/01/2017 07:34:13]
C:\AdwCleaner\AdwCleaner[S5].txt - [2122 Bytes] - [17/01/2017 08:08:51]
C:\AdwCleaner\AdwCleaner[S6].txt - [2134 Bytes] - [17/01/2017 08:12:22]
C:\AdwCleaner\AdwCleaner[S7].txt - [2414 Bytes] - [17/01/2017 08:16:50]
C:\AdwCleaner\AdwCleaner[S8].txt - [2367 Bytes] - [17/01/2017 08:31:44]
C:\AdwCleaner\AdwCleaner[S9].txt - [2546 Bytes] - [17/01/2017 08:36:29]

########## EOF - C:\AdwCleaner\AdwCleaner[C10].txt - [3167 Bytes] ##########

FRST.txt:

Code:

ATTFilter

Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 18-01-2017
durchgeführt von Klaus (Administrator) auf KLAUS-PC (19-01-2017 20:30:26)
Gestartet von C:\Users\Klaus\Desktop\VIRUS
Geladene Profile: Klaus (Verfügbare Profile: Klaus & DefaultAppPool)
Platform: Windows 10 Pro Version 1607 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: Chrome)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Alcohol Soft Development Team) C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAHCIServiceEx.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S60RPB.EXE
(Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(StarWind Software) C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(VIA Technologies, Inc.) C:\Program Files\VIA XHCI UASP Utility\usb3Monitor.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Ultra\DTAgent.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Ultra\DiscSoftBusService.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIMBE.EXE
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Telegram Messenger LLP) C:\Users\Klaus\AppData\Roaming\Telegram Desktop\Telegram.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(IObit) C:\Program Files (x86)\IObit\Driver Booster\Scheduler.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [VIAxHCUtl] => C:\Program Files\VIA XHCI UASP Utility\usb3Monitor
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-09-23] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2016-11-01] (Apple Inc.)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [384064 2014-03-19] (Acronis)
HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [650496 2016-01-19] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [863488 2016-01-19] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1087184 2016-01-20] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [115048 2011-09-16] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2006-11-17] (AMD)
HKLM\...\Policies\Explorer: [TaskbarNoNotification] 0
HKLM\...\Policies\Explorer: [HideSCAHealth] 0
HKLM\...\Policies\Explorer: [DisableThumbsDBOnNetworkFolders] 1
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-21-3767151760-3652987525-2816545776-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-3767151760-3652987525-2816545776-1001\...\Run: [AlcoholAutomount] => C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [39376 2015-03-12] (Alcohol Soft Development Team)
HKU\S-1-5-21-3767151760-3652987525-2816545776-1001\...\Run: [DAEMON Tools Ultra Agent] => C:\Program Files\DAEMON Tools Ultra\DTAgent.exe [4526424 2015-08-06] (Disc Soft Ltd)
HKU\S-1-5-21-3767151760-3652987525-2816545776-1001\...\Run: [WAZPWNA0WB] => "C:\Program Files\JVQNZCTGG9\JVQNZCTGG.exe"
HKU\S-1-5-21-3767151760-3652987525-2816545776-1001\...\Run: [E21ZCY697U] => "C:\Program Files\Z2VMR9RVMX\Z2VMR9RVM.exe"
HKU\S-1-5-21-3767151760-3652987525-2816545776-1001\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIMBE.EXE [298560 2013-12-16] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-3767151760-3652987525-2816545776-1001\...\Policies\Explorer: [NoThumbnailCache] 1
HKU\S-1-5-21-3767151760-3652987525-2816545776-1001\...\MountPoints2: {4d4af7b6-d30d-11e6-9acd-002522d4b04c} - "G:\setup.exe" /autorun
HKU\S-1-5-21-3767151760-3652987525-2816545776-1001\...\MountPoints2: {fbd5b57f-5a35-11e6-99d3-002522d4b04c} - "F:\setup.exe" 
HKU\S-1-5-18\...\Run: [] => 0
ShellIconOverlayIdentifiers: [KzShlobj] -> {AAA0C5B8-933F-4200-93AD-B143D7FFF9F2} =>  -> Keine Datei
Startup: C:\Users\Klaus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Telegram.lnk [2017-01-19]
ShortcutTarget: Telegram.lnk -> C:\Users\Klaus\AppData\Roaming\Telegram Desktop\Telegram.exe (Telegram Messenger LLP)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 192.168.0.2
Tcpip\Parameters: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{5ecc38dd-75fd-462e-a8e4-3278545d01d7}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{5ecc38dd-75fd-462e-a8e4-3278545d01d7}: [DhcpNameServer] 8.8.8.8
Tcpip\..\Interfaces\{aa7eb822-2bd5-4f14-b88e-d82ac5d3879e}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{cb5b2749-4c70-4856-bbb0-f845a0b654d6}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{cb5b2749-4c70-4856-bbb0-f845a0b654d6}: [DhcpNameServer] 192.168.0.1 192.168.0.2
Tcpip\..\Interfaces\{f2d32520-817d-11e6-9f04-806e6f6e6963}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{f51c0850-4337-4774-8242-936afa8a7d12}: [NameServer] 8.8.8.8
ManualProxies: 

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\S-1-5-21-3767151760-3652987525-2816545776-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKU\S-1-5-21-3767151760-3652987525-2816545776-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> Keine Datei
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_112\bin\jp2ssv.dll [2016-11-20] (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11] (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> Keine Datei
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_112\bin\jp2ssv.dll [2016-11-20] (Oracle Corporation)
Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} -  Keine Datei
Handler: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2016-04-12] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2016-04-12] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2016-04-12] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2016-04-12] (Microsoft Corporation)

Edge: 
======
Edge HomeButtonPage: HKU\S-1-5-21-3767151760-3652987525-2816545776-1001 -> hxxp://go.gmx.net/tb/ie_startpage

FireFox:
========
FF DefaultProfile: 9mp86hi8.default
FF ProfilePath: C:\Users\Klaus\AppData\Roaming\Mozilla\Firefox\Profiles\9mp86hi8.default [2017-01-17]
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\9mp86hi8.default -> trotux
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\9mp86hi8.default -> trotux
FF Homepage: Mozilla\Firefox\Profiles\9mp86hi8.default -> hxxps://www.malwarebytes.org/restorebrowser/
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_24_0_0_186.dll [2016-12-25] ()
FF Plugin: @java.com/DTPlugin,version=11.112.2 -> C:\Program Files\Java\jre1.8.0_112\bin\dtplugin\npDeployJava1.dll [2016-11-20] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.112.2 -> C:\Program Files\Java\jre1.8.0_112\bin\plugin2\npjp2.dll [2016-11-20] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [Keine Datei]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_24_0_0_186.dll [2016-12-25] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll [2015-12-21] (Adobe Systems, Inc.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.112.2 -> C:\Program Files (x86)\Java\jre1.8.0_112\bin\dtplugin\npDeployJava1.dll [2016-11-20] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.112.2 -> C:\Program Files (x86)\Java\jre1.8.0_112\bin\plugin2\npjp2.dll [2016-11-20] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)

Chrome: 
=======
CHR DefaultProfile: Profile 1
CHR StartupUrls: Profile 1 -> "hxxp://google.de/"
CHR Profile: C:\Users\Klaus\AppData\Local\Google\Chrome\User Data\ChromeDefaultData [2017-01-17] <==== ACHTUNG
CHR Profile: C:\Users\Klaus\AppData\Local\Google\Chrome\User Data\Profile 1 [2017-01-19]
CHR Extension: (Google Präsentationen) - C:\Users\Klaus\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-01-16]
CHR Extension: (Google Docs) - C:\Users\Klaus\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2017-01-16]
CHR Extension: (Google Drive) - C:\Users\Klaus\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-01-16]
CHR Extension: (YouTube) - C:\Users\Klaus\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-01-16]
CHR Extension: (Google Tabellen) - C:\Users\Klaus\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-01-16]
CHR Extension: (Google Docs Offline) - C:\Users\Klaus\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-01-17]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Klaus\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-18]
CHR Extension: (Google Mail) - C:\Users\Klaus\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-01-16]
CHR Extension: (Chrome Media Router) - C:\Users\Klaus\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-01-16]

==================== Dienste (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S4 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [365568 2011-04-19] (Advanced Micro Devices, Inc.) [Datei ist nicht signiert]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
S2 AxAutoMntSrv; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [39376 2015-03-12] (Alcohol Soft Development Team)
R2 AxVirtualAHCISrv; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAHCIServiceEx.exe [99712 2015-12-04] (Alcohol Soft Development Team)
S4 BcmBtRSupport; C:\WINDOWS\system32\BtwRSupportService.exe [2305816 2016-04-13] (Broadcom Corporation.)
S4 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.) [Datei ist nicht signiert]
S4 DigitalWave.Update.Service; C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe [388968 2016-03-28] (Digital Wave Ltd.)
R3 Disc Soft Ultra Bus Service; C:\Program Files\DAEMON Tools Ultra\DiscSoftBusService.exe [1345880 2015-08-06] (Disc Soft Ltd)
R2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc64.exe [144560 2012-05-16] (Seiko Epson Corporation)
R2 EPSON_PM_RPCV4_06; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S60RPB.EXE [152640 2013-04-15] (SEIKO EPSON CORPORATION)
S4 IObitUnSvr; C:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe [359200 2016-09-28] (IObit)
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
S4 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2016-02-19] ()
S4 ProtexisLicensing; C:\WINDOWS\SysWOW64\PSIService.exe [177704 2007-06-05] ()
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-09-15] (Microsoft Corporation)
R2 StarWindServiceAE; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [370688 2009-12-23] (StarWind Software) [Datei ist nicht signiert]
S4 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7500048 2016-09-20] (TeamViewer GmbH)
S4 VIAKaraokeService; C:\WINDOWS\system32\viakaraokesrv.exe [41952 2016-12-11] (VIA Technologies, Inc.)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)

===================== Treiber (Nicht auf der Ausnahmeliste) ======================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S3 bcbtums; C:\WINDOWS\system32\drivers\bcbtums.sys [227144 2016-04-13] (Broadcom Corporation.)
S3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2016-08-02] (Disc Soft Ltd)
S3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [47672 2016-08-02] (Disc Soft Ltd)
R3 dtultrascsibus; C:\WINDOWS\System32\drivers\dtultrascsibus.sys [30264 2016-02-01] (Disc Soft Ltd)
R3 dtultrausbbus; C:\WINDOWS\System32\drivers\dtultrausbbus.sys [47160 2016-02-01] (Disc Soft Ltd)
S3 epmntdrv; C:\WINDOWS\system32\epmntdrv.sys [17480 2013-03-07] () [Datei ist nicht signiert]
S3 epmntdrv; C:\WINDOWS\SysWOW64\epmntdrv.sys [14920 2013-03-07] () [Datei ist nicht signiert]
S3 EuGdiDrv; C:\WINDOWS\system32\EuGdiDrv.sys [9800 2013-03-07] () [Datei ist nicht signiert]
S3 EuGdiDrv; C:\WINDOWS\SysWOW64\EuGdiDrv.sys [9160 2013-03-07] () [Datei ist nicht signiert]
R1 HWiNFO32; C:\WINDOWS\SysWOW64\drivers\HWiNFO64A.SYS [27552 2016-06-30] (REALiX(tm))
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2017-01-19] (Malwarebytes)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
S4 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_3f929cc119e3b994\nvlddmkm.sys [14200880 2016-12-25] (NVIDIA Corporation)
R0 PxHlpa64; C:\WINDOWS\System32\drivers\PxHlpa64.sys [56336 2013-09-03] (Corel Corporation)
S3 RimUsb; C:\WINDOWS\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
S3 RimVSerPort; C:\WINDOWS\System32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)
R3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [418784 2016-10-30] (Realsil Semiconductor Corporation)
S3 Secdrv; C:\WINDOWS\SysWOW64\drivers\SECDRV.SYS [11616 2001-08-16] () [Datei ist nicht signiert]
S3 smhwser; C:\WINDOWS\system32\DRIVERS\smhwser.sys [122624 2010-02-04] (QUALCOMM Incorporated)
R0 sptd2; C:\WINDOWS\System32\Drivers\sptd2.sys [196152 2016-12-15] (Duplex Secure Ltd)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [28272 2016-10-03] ()
S3 VUSB3HUB; C:\WINDOWS\System32\drivers\ViaHub3.sys [227840 2013-12-11] (VIA Technologies, Inc.) [Datei ist nicht signiert]
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
S3 xhcdrv; C:\WINDOWS\System32\drivers\xhcdrv.sys [297984 2013-12-11] (VIA Technologies, Inc.) [Datei ist nicht signiert]
U3 idsvc; kein ImagePath
S3 vmci; \SystemRoot\System32\drivers\vmci.sys [X]
S3 VMnetAdapter; \SystemRoot\system32\DRIVERS\vmnetadapter.sys [X]

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2017-01-19 20:27 - 2017-01-19 20:29 - 00003254 _____ C:\Users\Klaus\Desktop\AdwCleaner.txt
2017-01-19 20:25 - 2017-01-19 20:25 - 00015118 _____ C:\Users\Klaus\Desktop\mbam.zip
2017-01-19 20:21 - 2017-01-19 20:21 - 00329745 _____ C:\Users\Klaus\Desktop\mbam.txt
2017-01-18 19:43 - 2017-01-18 19:45 - 00083916 _____ C:\TDSSKiller.3.1.0.12_18.01.2017_19.43.40_log.txt
2017-01-18 12:41 - 2017-01-18 12:41 - 00000000 ____D C:\WINDOWS\SysWOW64\directx
2017-01-18 12:40 - 2017-01-18 12:40 - 00000000 ____D C:\Program Files (x86)\AMD
2017-01-18 12:28 - 2017-01-18 12:28 - 00000000 ____D C:\Users\Klaus\Downloads\d2a536_4e9f3eff6f228
2017-01-18 12:27 - 2017-01-18 12:27 - 00143382 _____ C:\Users\Klaus\Downloads\d2a536_4e9f3eff6f228.zip
2017-01-18 08:05 - 2017-01-19 20:30 - 00000000 ____D C:\Users\Klaus\Desktop\VIRUS
2017-01-17 13:04 - 2017-01-19 19:20 - 00000000 ____D C:\Users\Klaus\AppData\Roaming\Bioshock
2017-01-17 13:04 - 2017-01-17 13:12 - 00000000 ____D C:\Users\Klaus\Documents\Bioshock
2017-01-17 12:55 - 2017-01-19 20:21 - 00001445 _____ C:\Users\Public\Desktop\BioShock.lnk
2017-01-17 12:55 - 2017-01-17 12:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BioShock
2017-01-17 12:49 - 2017-01-18 12:41 - 00000000 ____D C:\Program Files (x86)\BioShock
2017-01-17 12:43 - 2017-01-17 12:43 - 00000028 _____ C:\WINDOWS\OutLog.txt
2017-01-17 12:43 - 2017-01-17 12:43 - 00000000 _____ C:\WINDOWS\BcdLog.txt
2017-01-17 12:39 - 2017-01-17 12:39 - 00000161 _____ C:\WINDOWS\system32\autopart.opt
2017-01-17 12:39 - 2017-01-17 12:39 - 00000000 ____D C:\WINDOWS\Acronis
2017-01-17 12:39 - 2014-03-19 22:40 - 15031616 _____ (Acronis) C:\WINDOWS\system32\autopart.exe
2017-01-17 08:52 - 2017-01-17 08:52 - 00000000 ____D C:\Program Files (x86)\ESET
2017-01-17 08:46 - 2017-01-17 08:48 - 00082514 _____ C:\TDSSKiller.3.1.0.12_17.01.2017_08.46.48_log.txt
2017-01-17 08:45 - 2017-01-17 12:10 - 00000000 ____D C:\TDSSKiller_Quarantine
2017-01-17 08:45 - 2017-01-17 08:45 - 00084538 _____ C:\TDSSKiller.3.1.0.12_17.01.2017_08.45.05_log.txt
2017-01-17 08:34 - 2017-01-17 08:34 - 00590056 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-01-17 07:40 - 2017-01-19 20:30 - 00000000 ____D C:\FRST
2017-01-17 07:36 - 2017-01-19 20:19 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2017-01-17 07:36 - 2017-01-19 20:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2017-01-17 07:36 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2017-01-17 07:36 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2017-01-17 07:36 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-01-17 07:35 - 2017-01-17 07:35 - 00000008 __RSH C:\Users\Klaus\ntuser.pol
2017-01-17 00:05 - 2017-01-19 20:20 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-01-17 00:04 - 2017-01-17 00:04 - 00000000 ____D C:\Program Files\Malwarebytes
2017-01-16 23:36 - 2017-01-16 23:36 - 00000000 ____D C:\ProgramData\USOShared
2017-01-16 23:36 - 2017-01-16 23:36 - 00000000 ____D C:\ProgramData\USOPrivate
2017-01-16 23:34 - 2017-01-16 23:42 - 00000000 ____D C:\ProgramData\ProductData
2017-01-16 23:06 - 2017-01-16 23:06 - 00003272 _____ C:\WINDOWS\System32\Tasks\{E1F06918-E97A-4DB0-A704-7E6795236240}
2017-01-16 23:04 - 2017-01-16 23:04 - 00000000 ____D C:\Users\Klaus\AppData\Local\AdvinstAnalytics
2017-01-16 22:56 - 2017-01-16 23:39 - 00000474 _____ C:\WINDOWS\Tasks\UCBrowserUpdater.job
2017-01-16 22:56 - 2017-01-16 22:56 - 00003492 _____ C:\WINDOWS\System32\Tasks\UCBrowserUpdater
2017-01-16 22:56 - 2017-01-16 22:56 - 00003476 _____ C:\WINDOWS\System32\Tasks\UCBrowserSecureUpdater
2017-01-16 22:55 - 2017-01-17 00:12 - 00000000 ____D C:\Program Files (x86)\Phikaty Nodifier
2017-01-16 22:55 - 2017-01-16 23:28 - 00000000 ____D C:\Program Files\xxx
2017-01-16 22:55 - 2017-01-16 23:17 - 00000000 ____D C:\Program Files (x86)\UCBrowser
2017-01-16 22:55 - 2017-01-16 23:05 - 00000000 ____D C:\WINDOWS\system32\SSL
2017-01-16 22:55 - 2017-01-16 22:55 - 00000000 ____D C:\ProgramData\Avira
2017-01-16 22:55 - 2017-01-16 22:55 - 00000000 ____D C:\ProgramData\Avg
2017-01-16 22:55 - 2017-01-16 22:55 - 00000000 ____D C:\ProgramData\AVAST Software
2017-01-16 22:54 - 2017-01-17 08:46 - 00000000 ____D C:\Program Files\JVQNZCTGG9
2017-01-16 22:54 - 2017-01-16 22:54 - 00000000 ____D C:\WINDOWS\system32\sstmp
2017-01-16 22:53 - 2017-01-16 22:53 - 00000000 ____D C:\Users\Default\AppData\Local\AdvinstAnalytics
2017-01-16 22:53 - 2017-01-16 22:53 - 00000000 ____D C:\Users\Default User\AppData\Local\AdvinstAnalytics
2017-01-16 14:55 - 2017-01-16 14:55 - 00000000 ____D C:\Users\Klaus\Documents\BioshockHD
2017-01-16 14:55 - 2017-01-16 14:55 - 00000000 ____D C:\Users\Klaus\AppData\Roaming\BioshockHD
2017-01-14 18:25 - 2017-01-14 18:25 - 00000000 ____D C:\ProgramData\Acronis
2017-01-14 18:24 - 2017-01-14 18:24 - 00276256 _____ (Acronis International GmbH) C:\WINDOWS\system32\Drivers\snapman.sys
2017-01-14 18:24 - 2017-01-14 18:24 - 00118560 _____ (Acronis International GmbH) C:\WINDOWS\system32\Drivers\fltsrv.sys
2017-01-14 18:24 - 2017-01-14 18:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acronis
2017-01-14 18:24 - 2017-01-14 18:24 - 00000000 ____D C:\Program Files (x86)\Acronis
2017-01-14 18:14 - 2017-01-14 18:14 - 03901144 _____ (AVM GmbH) C:\Users\Klaus\Downloads\avm_fritz!wlan_usb_stick_x64_build_100906.exe
2017-01-14 12:54 - 2017-01-14 12:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EaseUS Partition Master 10.0
2017-01-14 12:54 - 2014-04-04 00:42 - 03382440 _____ C:\WINDOWS\system32\BootMan.exe
2017-01-14 12:54 - 2014-04-04 00:25 - 02499752 _____ C:\WINDOWS\SysWOW64\BootMan.exe
2017-01-14 12:54 - 2013-03-07 09:49 - 00100936 _____ C:\WINDOWS\system32\setupempdrvx64.exe
2017-01-14 12:54 - 2013-03-07 09:49 - 00087112 _____ C:\WINDOWS\SysWOW64\setupempdrv03.exe
2017-01-14 12:54 - 2013-03-07 09:49 - 00019840 _____ C:\WINDOWS\SysWOW64\EuEpmGdi.dll
2017-01-14 12:54 - 2013-03-07 09:49 - 00017480 _____ C:\WINDOWS\system32\epmntdrv.sys
2017-01-14 12:54 - 2013-03-07 09:49 - 00016256 _____ C:\WINDOWS\system32\EuEpmGdi.dll
2017-01-14 12:54 - 2013-03-07 09:49 - 00014920 _____ C:\WINDOWS\SysWOW64\epmntdrv.sys
2017-01-14 12:54 - 2013-03-07 09:49 - 00009800 _____ C:\WINDOWS\system32\EuGdiDrv.sys
2017-01-14 12:54 - 2013-03-07 09:49 - 00009160 _____ C:\WINDOWS\SysWOW64\EuGdiDrv.sys
2017-01-12 19:28 - 2017-01-12 19:28 - 02834619 _____ C:\WINDOWS\32e353b0a289955e4d2d0dbcc5632256.exe
2017-01-11 21:44 - 2017-01-11 21:45 - 00001996 _____ C:\Users\Klaus\Desktop\Neues Textdokument.txt
2017-01-11 21:40 - 2017-01-11 21:40 - 00000020 ___SH C:\Users\DefaultAppPool\ntuser.ini
2017-01-11 17:29 - 2017-01-16 22:54 - 02317824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-01-11 17:29 - 2016-12-21 09:08 - 00245600 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinesam.dll
2017-01-11 17:29 - 2016-12-21 09:08 - 00136032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ImplatSetup.dll
2017-01-11 17:29 - 2016-12-21 08:46 - 00624048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2017-01-11 17:29 - 2016-12-21 08:43 - 04130440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2017-01-11 17:29 - 2016-12-21 08:43 - 01454504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
2017-01-11 17:29 - 2016-12-21 08:43 - 01071736 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2017-01-11 17:29 - 2016-12-21 08:42 - 22224480 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-01-11 17:29 - 2016-12-21 08:42 - 01988560 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2017-01-11 17:29 - 2016-12-21 08:42 - 01702392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2017-01-11 17:29 - 2016-12-21 08:42 - 01300600 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2017-01-11 17:29 - 2016-12-21 08:41 - 01600632 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2017-01-11 17:29 - 2016-12-21 08:08 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpencom.dll
2017-01-11 17:29 - 2016-12-21 08:06 - 06285312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2017-01-11 17:29 - 2016-12-21 08:05 - 00261632 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll
2017-01-11 17:29 - 2016-12-21 07:59 - 01908224 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-01-11 17:29 - 2016-12-21 07:59 - 00883712 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2017-01-11 17:29 - 2016-12-21 07:56 - 00936960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll
2017-01-11 17:29 - 2016-12-21 07:55 - 08129536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-01-11 17:29 - 2016-12-21 07:55 - 04749312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-01-11 17:29 - 2016-12-21 07:53 - 06664192 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe
2017-01-11 17:29 - 2016-12-21 07:53 - 04474368 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-01-11 17:29 - 2016-12-21 07:51 - 08075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2017-01-11 17:29 - 2016-12-21 07:51 - 05611008 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2017-01-11 17:29 - 2016-12-21 07:50 - 01490432 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-01-11 17:29 - 2016-12-21 06:59 - 00218976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinesam.dll
2017-01-11 17:29 - 2016-12-21 06:09 - 00263472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll
2017-01-11 17:29 - 2016-12-21 06:01 - 20969928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-01-11 17:29 - 2016-12-21 05:43 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BlockedShutdown.dll
2017-01-11 17:29 - 2016-12-21 05:41 - 00253952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BioFeedback.dll
2017-01-11 17:29 - 2016-12-21 05:40 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2017-01-11 17:29 - 2016-12-21 05:40 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2017-01-11 17:29 - 2016-12-21 05:39 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2017-01-11 17:29 - 2016-12-21 05:38 - 00866816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Cred.dll
2017-01-11 17:29 - 2016-12-21 05:35 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\indexeddbserver.dll
2017-01-11 17:29 - 2016-12-21 05:34 - 07626752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-01-11 17:29 - 2016-12-21 05:33 - 19413504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-01-11 17:29 - 2016-12-21 05:32 - 19417600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-01-11 17:29 - 2016-12-21 05:30 - 05398016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aclui.dll
2017-01-11 17:29 - 2016-12-21 05:30 - 01255936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-01-11 17:29 - 2016-12-21 05:26 - 01155072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVP9DEC.dll
2017-01-11 17:29 - 2016-12-21 05:25 - 06474752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspaint.exe
2017-01-11 17:29 - 2016-12-21 05:24 - 06044160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-01-11 17:29 - 2016-12-21 05:22 - 01883648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2017-01-11 17:29 - 2016-12-14 06:41 - 01235296 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2017-01-11 17:29 - 2016-12-14 06:34 - 02482280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2017-01-11 17:29 - 2016-12-14 06:23 - 00404832 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2017-01-11 17:29 - 2016-12-14 06:21 - 02206496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2017-01-11 17:29 - 2016-12-14 06:17 - 00319288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2017-01-11 17:29 - 2016-12-14 06:01 - 01557808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2017-01-11 17:29 - 2016-12-14 06:01 - 00382784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2017-01-11 17:29 - 2016-12-14 05:48 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-01-11 17:29 - 2016-12-14 05:46 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2017-01-11 17:29 - 2016-12-14 05:43 - 00201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ScDeviceEnum.dll
2017-01-11 17:29 - 2016-12-14 05:42 - 00236544 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSCard.dll
2017-01-11 17:29 - 2016-12-14 05:42 - 00167424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinSCard.dll
2017-01-11 17:29 - 2016-12-14 05:40 - 00193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\certprop.dll
2017-01-11 17:29 - 2016-12-14 05:38 - 17188864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-01-11 17:29 - 2016-12-14 05:38 - 13869056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-01-11 17:29 - 2016-12-14 05:38 - 00213504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.CredDialogController.dll
2017-01-11 17:29 - 2016-12-14 05:37 - 00090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2017-01-11 17:29 - 2016-12-14 05:36 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2017-01-11 17:29 - 2016-12-14 05:35 - 00755712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2017-01-11 17:29 - 2016-12-14 05:35 - 00600576 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptui.dll
2017-01-11 17:29 - 2016-12-14 05:35 - 00553984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptui.dll
2017-01-11 17:29 - 2016-12-14 05:26 - 00932864 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2017-01-11 17:29 - 2016-12-14 05:26 - 00869888 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-01-11 17:29 - 2016-12-14 05:24 - 01005568 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3D12.dll
2017-01-11 17:29 - 2016-12-14 05:24 - 00673792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2017-01-11 17:29 - 2016-12-14 05:23 - 03134976 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll
2017-01-11 17:29 - 2016-12-14 05:22 - 01513472 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-01-11 17:29 - 2016-12-14 05:22 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-01-11 17:29 - 2016-11-02 13:01 - 00484584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2017-01-11 17:29 - 2016-11-02 11:28 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2017-01-11 17:29 - 2016-08-02 05:30 - 00822784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2017-01-11 17:28 - 2016-12-21 09:04 - 07816032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-01-11 17:28 - 2016-12-21 08:49 - 00328008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2017-01-11 17:28 - 2016-12-21 08:45 - 00153952 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqcmiplugin.dll
2017-01-11 17:28 - 2016-12-21 08:43 - 00092512 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2017-01-11 17:28 - 2016-12-21 08:42 - 00241504 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2017-01-11 17:28 - 2016-12-21 08:37 - 00455520 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2017-01-11 17:28 - 2016-12-21 08:15 - 22563840 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-01-11 17:28 - 2016-12-21 08:14 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2017-01-11 17:28 - 2016-12-21 08:13 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCsp.dll
2017-01-11 17:28 - 2016-12-21 08:12 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvPluginEng.dll
2017-01-11 17:28 - 2016-12-21 08:10 - 00234496 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCore.dll
2017-01-11 17:28 - 2016-12-21 08:09 - 00368640 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneBackupHandler.dll
2017-01-11 17:28 - 2016-12-21 08:09 - 00363520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BioFeedback.dll
2017-01-11 17:28 - 2016-12-21 08:08 - 01292288 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2017-01-11 17:28 - 2016-12-21 08:08 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BlockedShutdown.dll
2017-01-11 17:28 - 2016-12-21 08:08 - 00349184 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2017-01-11 17:28 - 2016-12-21 08:08 - 00289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeveloperOptionsSettingsHandlers.dll
2017-01-11 17:28 - 2016-12-21 08:08 - 00211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2017-01-11 17:28 - 2016-12-21 08:07 - 00748544 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2017-01-11 17:28 - 2016-12-21 08:06 - 00310784 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncSettings.dll
2017-01-11 17:28 - 2016-12-21 08:06 - 00260608 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2017-01-11 17:28 - 2016-12-21 08:06 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-01-11 17:28 - 2016-12-21 08:05 - 00425984 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-01-11 17:28 - 2016-12-21 08:05 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2017-01-11 17:28 - 2016-12-21 08:01 - 09131008 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-01-11 17:28 - 2016-12-21 08:00 - 00440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhcfg.dll
2017-01-11 17:28 - 2016-12-21 07:58 - 23678464 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-01-11 17:28 - 2016-12-21 07:57 - 00462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhsettingsprovider.dll
2017-01-11 17:28 - 2016-12-21 07:56 - 00947712 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVP9DEC.dll
2017-01-11 17:28 - 2016-12-21 07:54 - 05511680 _____ (Microsoft Corporation) C:\WINDOWS\system32\aclui.dll
2017-01-11 17:28 - 2016-12-21 07:53 - 01692672 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-01-11 17:28 - 2016-12-21 07:51 - 02275840 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-01-11 17:28 - 2016-12-21 07:49 - 04149248 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2017-01-11 17:28 - 2016-12-21 07:49 - 02691072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2017-01-11 17:28 - 2016-12-21 07:49 - 01062912 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2017-01-11 17:28 - 2016-12-21 07:47 - 01121280 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-01-11 17:28 - 2016-12-21 06:03 - 00136544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqmigplugin.dll
2017-01-11 17:28 - 2016-12-21 06:02 - 03892864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2017-01-11 17:28 - 2016-12-21 06:02 - 01852720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2017-01-11 17:28 - 2016-12-21 06:02 - 01360464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2017-01-11 17:28 - 2016-12-21 06:02 - 01277344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2017-01-11 17:28 - 2016-12-21 06:02 - 01201872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2017-01-11 17:28 - 2016-12-21 06:02 - 00980832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
2017-01-11 17:28 - 2016-12-21 05:46 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
2017-01-11 17:28 - 2016-12-21 05:41 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2017-01-11 17:28 - 2016-12-21 05:40 - 00318976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpencom.dll
2017-01-11 17:28 - 2016-12-21 05:40 - 00237056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncSettings.dll
2017-01-11 17:28 - 2016-12-21 05:39 - 01300480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2017-01-11 17:28 - 2016-12-21 05:35 - 04612608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2017-01-11 17:28 - 2016-12-21 05:27 - 00640000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MCRecvSrc.dll
2017-01-11 17:28 - 2016-12-21 05:25 - 07469056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2017-01-11 17:28 - 2016-12-21 05:24 - 05061120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-01-11 17:28 - 2016-12-21 05:24 - 03733504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-01-11 17:28 - 2016-12-21 05:24 - 00886272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-01-11 17:28 - 2016-12-21 05:22 - 00860672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2017-01-11 17:28 - 2016-12-14 06:41 - 00590960 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2017-01-11 17:28 - 2016-12-14 06:33 - 02169184 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystems64.dll
2017-01-11 17:28 - 2016-12-14 06:33 - 01669984 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVIntegration.dll
2017-01-11 17:28 - 2016-12-14 06:33 - 01400160 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystemController.dll
2017-01-11 17:28 - 2016-12-14 06:33 - 01356864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe
2017-01-11 17:28 - 2016-12-14 06:33 - 01054048 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPolicy.dll
2017-01-11 17:28 - 2016-12-14 06:33 - 00992096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVManifest.dll
2017-01-11 17:28 - 2016-12-14 06:33 - 00822624 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVClient.exe
2017-01-11 17:28 - 2016-12-14 06:33 - 00813408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntStreamingManager.dll
2017-01-11 17:28 - 2016-12-14 06:33 - 00779616 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVReporting.dll
2017-01-11 17:28 - 2016-12-14 06:33 - 00752992 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVOrchestration.dll
2017-01-11 17:28 - 2016-12-14 06:33 - 00704352 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntVirtualization.dll
2017-01-11 17:28 - 2016-12-14 06:33 - 00696160 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPublishing.dll
2017-01-11 17:28 - 2016-12-14 06:33 - 00571744 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVCatalog.dll
2017-01-11 17:28 - 2016-12-14 06:33 - 00513376 _____ (Microsoft Corporation) C:\WINDOWS\system32\TransportDSA.dll
2017-01-11 17:28 - 2016-12-14 06:33 - 00406368 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVScripting.dll
2017-01-11 17:28 - 2016-12-14 06:33 - 00241504 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVShNotify.exe
2017-01-11 17:28 - 2016-12-14 06:33 - 00190816 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVDllSurrogate.exe
2017-01-11 17:28 - 2016-12-14 06:26 - 01469792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppVEntSubsystems32.dll
2017-01-11 17:28 - 2016-12-14 06:19 - 00584544 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2017-01-11 17:28 - 2016-12-14 06:18 - 00715104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2017-01-11 17:28 - 2016-12-14 06:18 - 00335712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2017-01-11 17:28 - 2016-12-14 06:14 - 01694712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2017-01-11 17:28 - 2016-12-14 06:14 - 00418952 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2017-01-11 17:28 - 2016-12-14 06:14 - 00089416 _____ (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll
2017-01-11 17:28 - 2016-12-14 06:08 - 00341344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2017-01-11 17:28 - 2016-12-14 06:06 - 00509792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2017-01-11 17:28 - 2016-12-14 06:01 - 00076984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\remoteaudioendpoint.dll
2017-01-11 17:28 - 2016-12-14 05:46 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2017-01-11 17:28 - 2016-12-14 05:45 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2017-01-11 17:28 - 2016-12-14 05:42 - 00352768 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2017-01-11 17:28 - 2016-12-14 05:42 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.UI.Logon.ProxyStub.dll
2017-01-11 17:28 - 2016-12-14 05:41 - 00223744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-01-11 17:28 - 2016-12-14 05:40 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2017-01-11 17:28 - 2016-12-14 05:40 - 00266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConsoleLogon.dll
2017-01-11 17:28 - 2016-12-14 05:40 - 00231424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudBackupSettings.dll
2017-01-11 17:28 - 2016-12-14 05:40 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.UI.Logon.ProxyStub.dll
2017-01-11 17:28 - 2016-12-14 05:39 - 00837632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2017-01-11 17:28 - 2016-12-14 05:39 - 00290816 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2017-01-11 17:28 - 2016-12-14 05:39 - 00257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.CredDialogController.dll
2017-01-11 17:28 - 2016-12-14 05:38 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudBackupSettings.dll
2017-01-11 17:28 - 2016-12-14 05:36 - 01002496 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2017-01-11 17:28 - 2016-12-14 05:36 - 00539648 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-01-11 17:28 - 2016-12-14 05:35 - 00712192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-01-11 17:28 - 2016-12-14 05:32 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3D12.dll
2017-01-11 17:28 - 2016-12-14 05:32 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2017-01-11 17:28 - 2016-12-14 05:25 - 02009600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2017-01-11 17:28 - 2016-12-14 05:23 - 01231872 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2017-01-11 17:28 - 2016-12-14 05:22 - 02998272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-01-11 17:28 - 2016-12-14 05:22 - 02748416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll
2017-01-11 17:28 - 2016-12-14 05:22 - 00707584 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2017-01-11 17:28 - 2016-12-14 05:21 - 03616768 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-01-11 17:28 - 2016-11-02 12:00 - 00534096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2017-01-11 17:28 - 2016-11-02 11:22 - 00337920 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2017-01-11 17:28 - 2016-11-02 11:21 - 00942080 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2017-01-09 22:15 - 2017-01-09 22:15 - 00000000 ____D C:\Users\Klaus\AppData\Local\Ndemic Creations
2017-01-09 22:04 - 2017-01-19 20:21 - 00001224 _____ C:\Users\Public\Desktop\Plague Inc Evolved.lnk
2017-01-09 22:04 - 2017-01-09 22:14 - 00000000 ____D C:\Program Files (x86)\Plague Inc Evolved
2017-01-09 22:04 - 2017-01-09 22:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Plague Inc Evolved
2017-01-08 16:46 - 2017-01-08 16:46 - 00000000 ____D C:\Users\Klaus\Documents\CPY_SAVES
2017-01-07 00:09 - 2017-01-07 00:09 - 01065376 _____ (Google Inc.) C:\Users\Klaus\Downloads\ChromeSetup.exe
2017-01-06 04:49 - 2017-01-06 04:49 - 00000000 ____D C:\Users\Klaus\AppData\Roaming\SmartSteamEmu
2017-01-05 22:29 - 2017-01-05 22:29 - 00000000 ____D C:\Users\Klaus\AppData\Roaming\Microsoft Games
2017-01-05 22:16 - 2017-01-05 22:22 - 00000000 ____D C:\Users\Klaus\AppData\Roaming\DAEMON Tools Ultra
2017-01-05 22:16 - 2017-01-05 22:18 - 00000000 ____D C:\Program Files\DAEMON Tools Ultra
2017-01-05 22:16 - 2017-01-05 22:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Ultra
2017-01-05 22:15 - 2017-01-05 22:15 - 00000000 ____D C:\ProgramData\DAEMON Tools Ultra
2017-01-04 14:10 - 2003-04-19 00:29 - 00044544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml4a.dll
2017-01-04 14:09 - 2017-01-04 19:34 - 00000604 _____ C:\WINDOWS\Edofma.INI
2017-01-03 18:16 - 2017-01-03 18:16 - 53933348 _____ C:\Users\Klaus\Downloads\hv335t_flash_v2.3.zip
2017-01-03 17:52 - 2017-01-19 11:03 - 00000000 ____D C:\Users\Klaus\AppData\Roaming\vlc
2017-01-03 17:49 - 2017-01-03 17:50 - 30533688 _____ C:\Users\Klaus\Downloads\vlc-2.2.4-win32.exe
2017-01-02 18:49 - 2017-01-02 18:49 - 00196497 _____ C:\Users\Klaus\Downloads\DHL_label_2017-1-2_18-49-7.pdf
2017-01-02 15:29 - 2017-01-02 15:29 - 00061314 _____ C:\Users\Klaus\Downloads\2530333_2016_Nr.012_Kontoauszug_vom_31.12.2016_20170102032955.pdf
2017-01-02 15:29 - 2017-01-02 15:29 - 00049871 _____ C:\Users\Klaus\Downloads\302530333_2016_Nr.012_Kontoauszug_vom_31.12.2016_20170102032951.pdf
2017-01-02 15:29 - 2017-01-02 15:29 - 00049643 _____ C:\Users\Klaus\Downloads\402530333_2016_Nr.004_Kontoauszug_vom_31.12.2016_20170102032942.pdf
2017-01-02 15:29 - 2017-01-02 15:29 - 00049388 _____ C:\Users\Klaus\Downloads\102530333_2016_Nr.010_Kontoauszug_vom_31.12.2016_20170102032946.pdf
2017-01-02 15:29 - 2017-01-02 15:29 - 00046885 _____ C:\Users\Klaus\Downloads\302530333_2016_Mitteilung_vom_31.10.2016_20170102032948.pdf
2016-12-31 11:10 - 2016-12-31 11:10 - 00196914 _____ C:\Users\Klaus\Downloads\DHL_label_2016-12-31_11-10-49.pdf
2016-12-25 06:39 - 2016-12-25 06:39 - 40125496 _____ C:\WINDOWS\system32\nvcompiler.dll
2016-12-25 06:39 - 2016-12-25 06:39 - 35222976 _____ C:\WINDOWS\SysWOW64\nvcompiler.dll
2016-12-25 06:39 - 2016-12-25 06:39 - 34710584 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2016-12-25 06:39 - 2016-12-25 06:39 - 28201408 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2016-12-25 06:39 - 2016-12-25 06:39 - 10912744 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvptxJitCompiler.dll
2016-12-25 06:39 - 2016-12-25 06:39 - 10803880 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2016-12-25 06:39 - 2016-12-25 06:39 - 10353960 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2016-12-25 06:39 - 2016-12-25 06:39 - 09158616 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2016-12-25 06:39 - 2016-12-25 06:39 - 08913328 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll
2016-12-25 06:39 - 2016-12-25 06:39 - 08761560 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2016-12-25 06:39 - 2016-12-25 06:39 - 03934504 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2016-12-25 06:39 - 2016-12-25 06:39 - 03474392 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2016-12-25 06:39 - 2016-12-25 06:39 - 02950200 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2016-12-25 06:39 - 2016-12-25 06:39 - 02587704 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2016-12-25 06:39 - 2016-12-25 06:39 - 01953336 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6437633.dll
2016-12-25 06:39 - 2016-12-25 06:39 - 01586744 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6437633.dll
2016-12-25 06:39 - 2016-12-25 06:39 - 01038392 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2016-12-25 06:39 - 2016-12-25 06:39 - 00974784 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2016-12-25 06:39 - 2016-12-25 06:39 - 00942528 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2016-12-25 06:39 - 2016-12-25 06:39 - 00894400 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2016-12-25 06:39 - 2016-12-25 06:39 - 00683640 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvfatbinaryLoader.dll
2016-12-25 06:39 - 2016-12-25 06:39 - 00572888 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2017-01-19 20:28 - 2016-09-23 11:24 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-01-19 20:28 - 2015-10-21 15:43 - 00000000 ____D C:\Users\Klaus\AppData\Roaming\Telegram Desktop
2017-01-19 20:27 - 2016-10-03 11:37 - 00000000 ____D C:\AdwCleaner
2017-01-19 20:27 - 2016-07-16 07:04 - 00262144 _____ C:\WINDOWS\system32\config\BBI
2017-01-19 20:24 - 2016-09-23 11:10 - 11829672 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-01-19 20:24 - 2016-07-16 23:51 - 06022108 _____ C:\WINDOWS\system32\perfh007.dat
2017-01-19 20:24 - 2016-07-16 23:51 - 01690250 _____ C:\WINDOWS\system32\perfc007.dat
2017-01-19 20:21 - 2016-11-17 21:28 - 00001156 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 11.lnk
2017-01-19 20:21 - 2016-11-12 23:43 - 00001856 _____ C:\Users\Public\Desktop\iTunes.lnk
2017-01-19 20:21 - 2016-11-04 19:23 - 00002045 _____ C:\Users\Public\Desktop\Medal of Honor.lnk
2017-01-19 20:21 - 2016-09-23 11:19 - 00001519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2017-01-19 20:21 - 2016-08-04 20:03 - 00001817 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk
2017-01-19 20:21 - 2016-06-22 16:30 - 00002729 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook 2016.lnk
2017-01-19 20:21 - 2016-06-22 16:30 - 00002656 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word 2016.lnk
2017-01-19 20:21 - 2016-06-22 16:30 - 00002648 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel 2016.lnk
2017-01-19 20:21 - 2016-06-22 16:30 - 00002642 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint 2016.lnk
2017-01-19 20:21 - 2015-11-21 12:51 - 00002212 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth.lnk
2017-01-19 20:21 - 2015-11-01 16:35 - 00001266 _____ C:\Users\Public\Desktop\Wise Disk Cleaner.lnk
2017-01-19 20:21 - 2015-10-24 16:06 - 00002382 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-01-19 20:21 - 2015-10-24 13:59 - 00001402 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
2017-01-19 20:21 - 2015-10-24 13:59 - 00001329 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
2017-01-19 20:21 - 2015-10-24 13:58 - 00001544 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
2017-01-19 20:21 - 2015-10-24 13:56 - 00001282 _____ C:\Users\Public\Desktop\WinOptimizer.lnk
2017-01-19 20:21 - 2015-10-24 09:54 - 00001025 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat.com.lnk
2017-01-19 20:21 - 2015-10-24 09:53 - 00002471 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
2017-01-19 20:21 - 2015-10-24 09:51 - 00001232 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HD VDeck.lnk
2017-01-19 20:21 - 2015-10-19 14:56 - 00002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2017-01-19 20:20 - 2016-11-04 19:04 - 00001099 _____ C:\Users\Klaus\Desktop\Call of Duty.lnk
2017-01-19 20:20 - 2016-07-29 21:03 - 00001264 _____ C:\Users\Klaus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon Drive.lnk
2017-01-19 20:20 - 2016-07-24 22:48 - 00001970 _____ C:\Users\Klaus\Desktop\UseNeXT.lnk
2017-01-19 20:20 - 2016-03-19 17:43 - 00002433 _____ C:\Users\Klaus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-01-19 20:20 - 2016-03-19 17:42 - 00001091 _____ C:\Users\Klaus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Optionale Features.lnk
2017-01-19 20:18 - 2016-09-23 11:11 - 00000000 ____D C:\Users\Klaus
2017-01-19 20:18 - 2015-10-24 17:52 - 00000000 ____D C:\Users\Klaus\AppData\Local\JDownloader v2.0
2017-01-19 19:33 - 2016-09-23 11:08 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-01-19 19:20 - 2016-05-03 11:08 - 00000000 ____D C:\Users\Klaus\AppData\Local\CrashDumps
2017-01-19 18:46 - 2016-10-12 14:48 - 00000000 ____D C:\Users\Klaus\Downloads\Telegram Desktop
2017-01-18 23:10 - 2015-10-18 16:26 - 00000000 ____D C:\Users\Klaus\Desktop\ABLAGE
2017-01-18 12:40 - 2015-11-30 22:54 - 00000000 ____D C:\WINDOWS\Downloaded Installations
2017-01-17 23:58 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-01-17 08:32 - 2016-07-16 12:45 - 00000000 ____D C:\WINDOWS\INF
2017-01-17 08:32 - 2015-11-01 16:35 - 00000000 ____D C:\Users\Klaus\AppData\Roaming\Wise Disk Cleaner
2017-01-17 07:34 - 2016-10-03 11:38 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-01-17 07:27 - 2016-10-03 19:22 - 00000085 _____ C:\WINDOWS\wininit.ini
2017-01-17 00:12 - 2016-09-23 18:06 - 00000000 ____D C:\ProgramData\Ashampoo
2017-01-16 23:12 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\Help
2017-01-16 23:12 - 2016-07-09 06:00 - 00000000 ____D C:\Users\Klaus\AppData\Roaming\Wise Euask
2017-01-16 23:11 - 2016-02-19 13:22 - 00000000 ____D C:\Users\Klaus\AppData\Roaming\Anvsoft
2017-01-16 23:11 - 2015-11-26 23:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAZ 3D
2017-01-16 22:55 - 2016-11-04 19:03 - 00000000 ____D C:\Program Files (x86)\Call of Duty
2017-01-16 22:55 - 2016-09-09 11:48 - 00000000 ____D C:\Program Files (x86)\Digiarty
2017-01-16 22:55 - 2016-03-21 17:13 - 00000000 ____D C:\Program Files (x86)\MSECache
2017-01-14 12:54 - 2016-06-01 21:17 - 00000000 ____D C:\Program Files (x86)\EaseUS
2017-01-14 11:37 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\rescache
2017-01-13 07:16 - 2016-01-23 17:17 - 00000000 ____D C:\Users\Klaus\Documents\UseNeXT
2017-01-13 07:16 - 2015-10-24 17:48 - 00000000 ____D C:\Users\Klaus\AppData\Roaming\UseNeXT
2017-01-12 22:21 - 2015-11-26 23:25 - 00000000 ____D C:\Program Files (x86)\DAZ 3D
2017-01-12 22:17 - 2016-01-16 00:34 - 00000000 ____D C:\Users\Klaus\Documents\My Games
2017-01-11 21:40 - 2016-09-23 11:11 - 00000000 ____D C:\Users\DefaultAppPool
2017-01-11 21:18 - 2015-11-11 07:12 - 00000000 ____D C:\Users\Klaus\AppData\Roaming\dvdcss
2017-01-11 21:06 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-01-11 21:06 - 2016-02-13 18:32 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-01-11 21:04 - 2016-07-16 12:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-01-11 21:04 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2017-01-11 21:04 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\oobe
2017-01-11 21:04 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\ShellExperiences
2017-01-11 21:04 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\Provisioning
2017-01-11 21:04 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2017-01-11 19:28 - 2016-07-16 12:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-01-11 19:22 - 2015-10-19 10:00 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-01-11 19:20 - 2015-10-19 10:00 - 135657872 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-01-07 08:47 - 2015-12-01 21:54 - 00000946 _____ C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job
2017-01-07 08:47 - 2015-10-24 13:53 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2017-01-07 00:20 - 2016-09-23 11:24 - 00004074 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2017-01-07 00:20 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-01-07 00:20 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-01-07 00:20 - 2015-10-24 10:11 - 00000000 ____D C:\Users\Klaus\AppData\Local\Adobe
2017-01-06 05:36 - 2015-10-24 09:52 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-01-06 05:34 - 2016-12-16 13:02 - 00000000 ____D C:\Program Files (x86)\Microsoft Games
2017-01-05 11:59 - 2016-03-07 23:45 - 00000000 ____D C:\Users\Klaus\AppData\Local\ElevatedDiagnostics
2017-01-04 07:30 - 2016-04-23 23:34 - 00000000 ____D C:\Program Files (x86)\posterXXL Designer
2017-01-03 17:51 - 2015-10-24 19:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2016-12-29 18:07 - 2016-12-13 15:18 - 00000000 ____D C:\WINDOWS\Minidump
2016-12-25 06:39 - 2016-08-02 22:52 - 00042286 _____ C:\WINDOWS\system32\nvinfo.pb
2016-12-24 14:56 - 2015-10-24 09:43 - 00000000 ____D C:\Users\Klaus\AppData\Local\VirtualStore
2016-12-23 00:13 - 2016-10-13 17:53 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-12-23 00:13 - 2016-10-13 17:53 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-12-21 12:14 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\SysWOW64\drivers
2016-12-21 12:12 - 2016-07-16 12:47 - 00000000 __RSD C:\WINDOWS\Fonts
2016-12-21 10:54 - 2015-10-24 18:36 - 00389396 __RSH C:\bootmgr

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2016-09-01 06:23 - 2016-09-01 06:28 - 0020520 _____ () C:\Program Files (x86)\init.dat
2016-09-23 18:08 - 2016-09-23 19:35 - 0003584 _____ () C:\Users\Klaus\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-01-15 21:10 - 2016-09-10 17:47 - 0007627 _____ () C:\Users\Klaus\AppData\Local\resmon.resmoncfg

==================== Bamital & volsnap ======================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert

LastRegBack: 2017-01-19 13:04

==================== Ende von FRST.txt ============================

emus77 · 19.01.2017, 20:34

Addition.txt:

Code:

ATTFilter

ZusÃ¤tzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 18-01-2017
durchgefÃ¼hrt von Klaus (19-01-2017 20:31:30)
Gestartet von C:\Users\Klaus\Desktop\VIRUS
Windows 10 Pro Version 1607 (X64) (2016-09-23 10:25:15)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-3767151760-3652987525-2816545776-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3767151760-3652987525-2816545776-503 - Limited - Disabled)
Gast (S-1-5-21-3767151760-3652987525-2816545776-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-3767151760-3652987525-2816545776-1009 - Limited - Enabled)
Klaus (S-1-5-21-3767151760-3652987525-2816545776-1001 - Administrator - Enabled) => C:\Users\Klaus

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" kÃ¶nnen in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
ACDSee (HKLM-x32\...\ACDSee) (Version:  - )
Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
Acrobat.com (x32 Version: 0.0.0 - Adobe Systems Incorporated) Hidden
AcronisÂ*DiskÂ*DirectorÂ*12 (HKLM-x32\...\{AE372858-B1BD-49EF-8308-648322846008}) (Version: 12.0.3219 - Acronis)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 24.0.0.180 - Adobe Systems Incorporated)
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.186 - Adobe Systems Incorporated)
Adobe Flash Player 24 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 24.0.0.186 - Adobe Systems Incorporated)
Adobe Reader 9 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A90000000001}) (Version: 9.0.0 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM-x32\...\{5ECE64C9-F5B3-4914-B1F2-23D46548B7E3}) (Version: 12.2.3.183 - Adobe Systems, Inc)
Amazon Drive (HKU\S-1-5-21-3767151760-3652987525-2816545776-1001\...\Amazon Drive) (Version: 3.6.4.65 - Amazon.com, Inc.)
Any Video Converter 5.9.1 (HKLM-x32\...\Any Video Converter_is1) (Version:  - Any-Video-Converter.com)
Apple Application Support (32-Bit) (HKLM-x32\...\{F2871C89-C8A5-42EE-8D45-0F02506385A6}) (Version: 5.1 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{9BC93467-75D1-4AA4-BD58-D9C51D88DFAB}) (Version: 5.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}) (Version: 10.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Ashampoo WinOptimizer 2015 (HKLM-x32\...\{4209F371-3276-A8F7-B851-845A83732AB4}_is1) (Version: 11.00.60 - Ashampoo GmbH & Co. KG)
Asmedia ASM106x SATA Host Controller Driver (HKLM-x32\...\{DF6C3726-7E53-4772-9763-E9F147769F51}) (Version: 3.1.9.0000 - Asmedia Technology)
ASRock App Charger v1.0.4 (HKLM\...\ASRock App Charger_is1) (Version:  - ASRock Inc.)
ATI Catalyst Install Manager (HKLM\...\{4044201A-8576-2999-1166-96C5593F3CFF}) (Version: 3.0.825.0 - ATI Technologies, Inc.)
BioShock Version 1.1 (HKLM-x32\...\{4AA8D978-38C1-475B-936C-C79143624B61}_is1) (Version: 1.1 - 2K Games)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Call of Duty (HKLM-x32\...\Call of Duty) (Version:  - )
Call of Juarez - Bound in Blood (x32 Version: 1.01.0000 - Ubisoft) Hidden
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.7.6282 - CDBurnerXP)
CorelDRAW 10 (x32 Version: 10 - Corel) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Ultra (HKLM\...\DAEMON Tools Ultra) (Version: 4.0.0.0423 - Disc Soft Ltd)
Driver Booster 3.1 (HKLM-x32\...\Driver Booster_is1) (Version: 3.1 - IObit)
Dual-Core Optimizer (HKLM-x32\...\{BCA02FAD-2C86-4C8C-A815-51C09F4E51FF}) (Version: 1.1.1.0135 - AMD)
EaseUS Partition Master 10.0 Trial Edition (HKLM-x32\...\EaseUS Partition Master Trial Edition_is1) (Version:  - EaseUS)
ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 17.3.19290 - Landesfinanzdirektion ThÃ¼ringen)
Epson Easy Photo Print 2 (HKLM-x32\...\{07AA1C7F-E8CA-4FDC-B975-BC9EBC22B6DE}) (Version: 2.7.0.0 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM-x32\...\{9F205E94-9E42-4486-A92A-DF3F6CB85444}) (Version: 3.10.0061 - Seiko Epson Corporation)
Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.63.00 - SEIKO EPSON CORPORATION)
Epson PC-FAX Driver (HKLM-x32\...\EPSON PC-FAX Driver 2) (Version:  - )
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON Scan OCR Component (HKLM-x32\...\{563B99D8-8895-4E3E-AE8D-15BE8C05F1C1}) (Version: 2.20.0000 - SEIKO EPSON Corp.)
EPSON Scan PDF Extensions (HKLM-x32\...\{F9956472-6E16-4F83-BF9A-F887EF4A45B7}) (Version: 1.03.0001 - SEIKO EPSON Corp.)
Epson Software Updater (HKLM-x32\...\{6DBD132B-7F42-4594-BBE7-0BB677EB2926}) (Version: 4.4.2 - SEIKO EPSON CORPORATION)
EPSON WF-2650 Series Printer Uninstall (HKLM\...\EPSON WF-2650 Series) (Version:  - SEIKO EPSON Corporation)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Fotogalerie (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Free Audio Converter (HKLM-x32\...\Free Audio Converter_is1) (Version: 5.0.78.328 - DVDVideoSoft Ltd.)
Free M4a to MP3 Converter 8.4 (HKLM-x32\...\Free M4a to MP3 Converter_is1) (Version:  - ManiacTools.com)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 55.0.2883.87 - Google Inc.)
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 6.0.3.16 - IObit)
iTunes (HKLM\...\{554C62C7-E6BB-40F1-892B-F0AE02D3C135}) (Version: 12.5.3.17 - Apple Inc.)
Java 8 Update 102 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180102F0}) (Version: 8.0.1020.14 - Oracle Corporation)
Java 8 Update 102 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180102F0}) (Version: 8.0.1020.14 - Oracle Corporation)
Java 8 Update 112 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180112F0}) (Version: 8.0.1120.15 - Oracle Corporation)
Java 8 Update 112 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180112F0}) (Version: 8.0.1120.15 - Oracle Corporation)
Java 8 Update 74 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418074F0}) (Version: 8.0.740.2 - Oracle Corporation)
Java 8 Update 74 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218074F0}) (Version: 8.0.740.2 - Oracle Corporation)
Java 8 Update 77 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418077F0}) (Version: 8.0.770.3 - Oracle Corporation)
Java 8 Update 77 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218077F0}) (Version: 8.0.770.3 - Oracle Corporation)
Java 8 Update 92 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418092F0}) (Version: 8.0.920.14 - Oracle Corporation)
Java 8 Update 92 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218092F0}) (Version: 8.0.920.14 - Oracle Corporation)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
K-Lite Codec Pack 7.0.0 (Standard) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 7.0.0 - )
MAGIX Speed burnR (MSI) (HKLM-x32\...\MX.{328343FF-0466-4E8D-88EB-53CE3150AE11}) (Version: 7.0.2.6 - MAGIX Software GmbH)
MAGIX Speed burnR (MSI) (Version: 7.0.2.6 - MAGIX Software GmbH) Hidden
MAGIX Video deluxe 2015 Premium (Designelemente) (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden
MAGIX Video deluxe 2015 Premium (Filmvorlagen 2) (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden
MAGIX Video deluxe 2015 Premium (Filmvorlagen 3) (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden
MAGIX Video deluxe 2015 Premium (Filmvorlagen 4) (Version: 1.0.1.0 - MAGIX Software GmbH) Hidden
MAGIX Video deluxe 2015 Premium (Filmvorlagen 5) (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden
MAGIX Video deluxe 2015 Premium (Filmvorlagen 6) (Version: 1.0.1.0 - MAGIX Software GmbH) Hidden
MAGIX Video deluxe 2015 Premium (Filmvorlagen) (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden
MAGIX Video deluxe 2015 Premium (Individuelle MenÃ¼vorlagen) (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden
MAGIX Video deluxe 2015 Premium (MenÃ¼vorlagen 1) (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden
MAGIX Video deluxe 2015 Premium (MenÃ¼vorlagen 2) (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden
MAGIX Video deluxe 2015 Premium (Red Giant Chromatic Glow) (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden
MAGIX Video deluxe 2015 Premium (Red Giant Knoll Light Factory) (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden
MAGIX Video deluxe 2015 Premium (Red Giant Retrograde) (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden
MAGIX Video deluxe 2015 Premium (Titeleffekte) (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden
MAGIX Video deluxe 2015 Premium (Version: 14.0.0.159 - MAGIX Software GmbH) Hidden
MAGIX Video deluxe 2016 Premium (Designelemente) (HKLM\...\MX.{67025742-42D8-4E8D-92BF-3C001AA7C645}) (Version: 1.0.0.0 - MAGIX Software GmbH)
MAGIX Video deluxe 2016 Premium (Designelemente) (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden
MAGIX Video deluxe 2016 Premium (HKLM\...\MX.{B9D9D873-ADDA-4D0C-B691-0F323C6DD62A}) (Version: 15.0.0.62 - MAGIX Software GmbH)
MAGIX Video deluxe 2016 Premium (Individuelle MenÃ¼vorlagen) (HKLM\...\MX.{33AFBCF9-0338-494D-BAFD-1367B5BD5A30}) (Version: 1.0.0.0 - MAGIX Software GmbH)
MAGIX Video deluxe 2016 Premium (Individuelle MenÃ¼vorlagen) (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden
MAGIX Video deluxe 2016 Premium (MenÃ¼vorlagen 1) (HKLM\...\MX.{8BCE1A1B-3EB0-4DCB-8C9F-6D235CA493FC}) (Version: 1.0.0.0 - MAGIX Software GmbH)
MAGIX Video deluxe 2016 Premium (MenÃ¼vorlagen 1) (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden
MAGIX Video deluxe 2016 Premium (MenÃ¼vorlagen 2) (HKLM\...\MX.{7D42CCF5-305C-49E7-9828-D89C05AEA82D}) (Version: 1.0.0.0 - MAGIX Software GmbH)
MAGIX Video deluxe 2016 Premium (MenÃ¼vorlagen 2) (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden
MAGIX Video deluxe 2016 Premium (Titeleffekte) (HKLM\...\MX.{28FE7891-77C0-45E1-9CA4-35E9250F91DA}) (Version: 1.0.0.0 - MAGIX Software GmbH)
MAGIX Video deluxe 2016 Premium (Titeleffekte) (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden
MAGIX Video deluxe 2016 Premium (Ãœberblendeffekte) (HKLM\...\MX.{585234EA-CDB3-48A7-B6C4-0EFF9A86D244}) (Version: 1.0.0.0 - MAGIX Software GmbH)
MAGIX Video deluxe 2016 Premium (Ãœberblendeffekte) (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden
MAGIX Video deluxe 2016 Premium (Version: 15.0.0.62 - MAGIX Software GmbH) Hidden
MAGIX Video deluxe 2016 Premium Update (Version: 15.0.0.102 - MAGIX Software GmbH) Hidden
Malwarebytes Anti-Malware Version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Medal of Honor Allied Assault (HKLM-x32\...\{0DEA94ED-915A-4834-A87E-388D012C8E02}) (Version:  - )
Microsoft .NET Framework 4.6.1 Hotfix Rollup (KB3120241) (HKLM\...\{46556DC7-EFC0-361E-832E-E0A9B0D2EFAB}) (Version: 4.6.01067 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Camera Codec Pack (HKLM\...\{F7930EE9-0929-439D-A57B-D40C2C69C890}) (Version: 6.3.9723.0 - Microsoft Corporation)
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) (HKLM-x32\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.30730.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2016 (HKLM\...\Office16.PROPLUS) (Version: 16.0.4266.1001 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61187 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61186 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{2DFD8316-9EF1-3210-908C-4CB61961C1AC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{D285FC5F-3021-32E9-9C59-24CA325BDC5C}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.7523 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.7523 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{527BBE2F-1FED-3D8B-91CB-4DB0F838E69E}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.7523 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.7523 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{b341426f-8543-4e0d-96c3-e976f8ec5ab6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{4fd02573-5f12-4ae4-8027-c63f8e1115af}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24210 (HKLM-x32\...\{f144e08f-9cbe-4f09-9a8c-f2b858b7ee7f}) (Version: 14.0.24210.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24210 (HKLM-x32\...\{23658c02-145e-483d-ba6b-1eb82c580529}) (Version: 14.0.24210.0 - Microsoft Corporation)
Microsoft Visual J# 2.0 Redistributable Package - SE (x64) (HKLM\...\Microsoft Visual J# 2.0 Redistributable Package - SE (x64)) (Version:  - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mp3tag v2.79 (HKLM-x32\...\Mp3tag) (Version: v2.79 - Florian Heidenreich)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML4 Parser (HKLM-x32\...\{01501EBA-EC35-4F9F-8889-3BE346E5DA13}) (Version: 1.0.0 - Microsoft Game Studios)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.3 - )
NVIDIA PhysX (HKLM-x32\...\{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}) (Version: 9.10.0513 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Outils de vÃ©rification linguistique 2016 de Microsoft OfficeÂ*- FranÃ§ais (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
PixelNet - Meine Bilderwelt (HKLM-x32\...\PixelNet - Meine Bilderwelt) (Version: 5.1.1. - ORWO Net)
Plague Inc Evolved MULTi14 - ElAmigos Version 1.13.0 (HKLM-x32\...\{BDF7DD42-37BE-43A2-8F9C-44EE65466076}_is1) (Version: 1.13.0 - Ndemic Creations)
Platform (x32 Version: 1.34 - VIA Technologies, Inc.) Hidden
posterXXL Designer 5.3 (HKLM-x32\...\posterXXL Designer_is1) (Version:  - )
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.14393.31228 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.1.28.1 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.1.28.1 - Renesas Electronics Corporation) Hidden
Strumenti di correzione di Microsoft Office 2016 - Italiano (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.66695 - TeamViewer)
Telegram Desktop version 1.0.2 (HKU\S-1-5-21-3767151760-3652987525-2816545776-1001\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 1.0.2 - Telegram Messenger LLP)
TeraCopy 2.3 (HKLM\...\TeraCopy_is1) (Version:  - Code Sector)
UseNeXT by Tangysoft (HKLM-x32\...\UseNeXT by Tangysoft_is1) (Version:  - Tangysoft Ltd.)
VIA Plattform-GerÃ¤te-Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.34 - VIA Technologies, Inc.)
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: 5.4.7.0 - Elaborate Bytes)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
WinX DVD Author 6.3.7 (HKLM-x32\...\WinX DVD Author_is1) (Version:  - DigiartySoft, Inc.)
Wise Disk Cleaner 9.33 (HKLM-x32\...\Wise Disk Cleaner_is1) (Version: 9.33 - WiseCleaner.com, Inc.)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {03C207F9-0233-4110-BA44-AEFF503E8BE4} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation)
Task: {0968ECFD-0C3D-4AB4-AF1E-D7A5FF3574AA} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2011-02-28] ()
Task: {0CB631FF-F9FB-4806-913B-FE54BD7E5EA1} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {138FAEB9-0784-41CE-9A7B-878E7CA373C8} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation)
Task: {1DA697D9-89AD-440E-A3F6-FD7C86DDC35F} - System32\Tasks\Driver Booster Scheduler => C:\Program Files (x86)\IObit\Driver Booster\Scheduler.exe [2015-11-30] (IObit)
Task: {35AC1427-5FD0-485B-9625-9CB83B3359C1} - System32\Tasks\{7AEF934D-1A17-4F57-9438-37B70C108C66} => pcalua.exe -a C:\Users\Klaus\Downloads\SAMSUNG_USB_Driver_for_Mobile_Phones\SAMSUNG_USB_Driver_for_Mobile_Phones.exe -d C:\Users\Klaus\Downloads\SAMSUNG_USB_Driver_for_Mobile_Phones
Task: {35FC097A-789D-4CE9-8D09-82C25A48E151} - System32\Tasks\Uninstaller_SkipUac_Klaus => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2016-10-10] (IObit)
Task: {37DC5A61-C110-4E74-B4B0-D263F3684162} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Keine Datei <==== ACHTUNG
Task: {3B2ADB35-FB27-4BAE-86E4-BC21E4145521} - System32\Tasks\{E1F06918-E97A-4DB0-A704-7E6795236240} => pcalua.exe -a "C:\Program Files\Common Files\Noobzo\GNUpdate\smUninstall.exe"
Task: {447BF8BB-4F3C-4067-8F63-C3A6E29D4AAB} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Keine Datei <==== ACHTUNG
Task: {4AEB58E8-9CB5-4BD6-81E2-113BD4331F65} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> Keine Datei <==== ACHTUNG
Task: {57187ACC-7BB3-4107-83E1-7FDF5368CDDB} - System32\Tasks\Driver Booster SkipUAC (Klaus) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe [2015-12-22] (IObit)
Task: {58F35C51-A384-4FC8-9CC6-1CF4C78FB5D8} - System32\Tasks\EPSON WF-2650 Series Update {FABA556B-21FB-403E-BD42-FC2114FBE22C} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSMBE.EXE [2013-11-22] (SEIKO EPSON CORPORATION)
Task: {6BDCDC22-8C69-47C1-87C7-6E860FA22301} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Keine Datei <==== ACHTUNG
Task: {76F28C59-93B6-4B5C-ADB1-3C3B2F5D2859} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-01-07] (Adobe Systems Incorporated)
Task: {7F8FEB6C-B918-4F6B-9F00-8C36B1212D96} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [2015-07-31] (Microsoft Corporation)
Task: {81A36ACB-9807-4079-A598-809FD76EAE45} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Keine Datei <==== ACHTUNG
Task: {82E95715-2A71-468E-9B9A-EA9C77B6F9EE} - System32\Tasks\EPSON WF-2650 Series Update {C0112A23-007B-432D-8F6F-FA9503CCCA9F} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSMBE.EXE [2013-11-22] (SEIKO EPSON CORPORATION)
Task: {8A4766DC-4F02-4991-A7B8-94EE466D391E} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> Keine Datei <==== ACHTUNG
Task: {8DF83C56-B2B3-4E6C-9984-AEED37A506E2} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation)
Task: {8FF7DD45-60E6-4C0F-B94E-24A8B06A93CC} - System32\Tasks\EPSON WF-2650 Series Update {AC41C320-182E-4D3E-911E-AAF704407DDD} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSMBE.EXE [2013-11-22] (SEIKO EPSON CORPORATION)
Task: {920CE08C-A63E-494B-961E-24BBFBB0BC02} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation)
Task: {96A99528-20FD-40E9-9C9A-08096A741B8C} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> Keine Datei <==== ACHTUNG
Task: {A80FE49A-8B8E-43EC-AB39-5E7C56B67631} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Keine Datei <==== ACHTUNG
Task: {ABAE8372-07A9-4063-8CFD-17C97D045E80} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Keine Datei <==== ACHTUNG
Task: {B7BD77F3-25B3-431E-BD0F-185BCAAD1947} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWoW64\Macromed\Flash\FlashUtil32_24_0_0_186_pepper.exe [2017-01-07] (Adobe Systems Incorporated)
Task: {BEC69237-488D-43A6-884F-AB10CA1CAAE8} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [2015-07-31] (Microsoft Corporation)
Task: {C27FEDD3-26A3-49CB-9EAC-07164D89F29E} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2015-07-31] (Microsoft Corporation)
Task: {C35785DD-0B93-442F-82DD-9CBB21661F3D} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Keine Datei <==== ACHTUNG
Task: {C7878158-87A8-4A5A-8F53-341276F6F97F} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Keine Datei <==== ACHTUNG
Task: {E1CD8A5F-15A3-42F0-A4BD-E88E43DC4D02} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Keine Datei <==== ACHTUNG
Task: {E40EA82D-9B0E-47B8-BAF5-F6B3B410419E} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Keine Datei <==== ACHTUNG
Task: {FBE53766-6AA7-4260-8317-0D5BE43C1DC0} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> Keine Datei <==== ACHTUNG

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\WINDOWS\SysWoW64\Macromed\Flash\FlashUtil32_24_0_0_186_pepper.exe
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\EPSON WF-2650 Series Update {AC41C320-182E-4D3E-911E-AAF704407DDD}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSMBE.EXE :/EXE:{AC41C320-182E-4D3E-911E-AAF704407DDD} /F:Update  WORKGROUP\KLAUS-PC$ ÄŠSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
Task: C:\WINDOWS\Tasks\EPSON WF-2650 Series Update {C0112A23-007B-432D-8F6F-FA9503CCCA9F}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSMBE.EXE :/EXE:{C0112A23-007B-432D-8F6F-FA9503CCCA9F} /F:Update  WORKGROUP\KLAUS-PC$ ÄŠSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
Task: C:\WINDOWS\Tasks\EPSON WF-2650 Series Update {FABA556B-21FB-403E-BD42-FC2114FBE22C}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSMBE.EXE :/EXE:{FABA556B-21FB-403E-BD42-FC2114FBE22C} /F:Update  WORKGROUP\KLAUS-PC$ ÄŠSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
Task: C:\WINDOWS\Tasks\UCBrowserUpdater.job => C:\Program Files (x86)\UCBrowser\Application\update_task.exe <==== ACHTUNG
Task: C:\WINDOWS\Tasks\Uninstaller_SkipUac_Klaus.job => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe

==================== VerknÃ¼pfungen =============================

(Die EintrÃ¤ge kÃ¶nnen gelistet werden, um sie zurÃ¼ckzusetzen oder zu entfernen.)

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2016-07-16 12:42 - 2016-07-16 12:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-12-15 04:56 - 2016-12-09 11:29 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-09-01 17:12 - 2016-09-01 17:12 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-10-05 18:17 - 2016-10-05 18:17 - 01353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-12-15 04:56 - 2016-12-09 11:29 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-09-23 11:27 - 2016-09-23 11:27 - 00959168 _____ () C:\Users\Klaus\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\ClientTelemetry.dll
2016-09-23 12:03 - 2016-09-23 12:03 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-01-11 17:28 - 2016-12-21 08:09 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-01-11 17:28 - 2016-12-21 07:54 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-01-11 17:28 - 2016-12-21 07:48 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-01-11 17:28 - 2016-12-21 07:48 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-01-11 17:28 - 2016-12-21 07:48 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-01-11 17:28 - 2016-12-21 07:53 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2017-01-07 00:09 - 2016-12-08 09:03 - 02412888 _____ () C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\libglesv2.dll
2017-01-07 00:09 - 2016-12-08 09:03 - 00099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\libegl.dll
2016-09-30 05:29 - 2016-09-15 18:29 - 03388256 _____ () C:\Windows\SystemApps\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\ContentDeliveryManager.Background.dll
2016-09-23 12:03 - 2016-09-23 12:03 - 02263904 _____ () C:\Windows\SystemApps\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\ContentManagementSDK.dll
2016-12-08 06:05 - 2016-12-08 06:05 - 02561536 _____ () C:\Program Files\WindowsApps\Microsoft.People_10.1.3160.0_x64__8wekyb3d8bbwe\People.BackgroundTasks.dll
2016-12-08 06:05 - 2016-12-08 06:05 - 00139264 _____ () C:\Program Files\WindowsApps\Microsoft.People_10.1.3160.0_x64__8wekyb3d8bbwe\PeopleUtilRT.Windows.dll
2015-10-24 10:01 - 2009-02-27 15:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)

AlternateDataStreams: C:\WINDOWS\system32\drivers:ucdrv-x64.sys [23652]
AlternateDataStreams: C:\WINDOWS\system32\drivers:x64 [1479458]
AlternateDataStreams: C:\WINDOWS\system32\drivers:x86 [1205026]

==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\98752971.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WSService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\98752971.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SamSs => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv2 => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srvnet => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WSService => ""="Service"

==================== VerknÃ¼pfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurÃ¼ckgesetzt oder entfernt.)

HKU\S-1-5-21-3767151760-3652987525-2816545776-1001\Software\Classes\.exe:  =>  <===== ACHTUNG

==================== Internet Explorer VertrauenswÃ¼rdig/EingeschrÃ¤nkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)


==================== Hosts Inhalt: ===============================

(Wenn benÃ¶tigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurÃ¼ckzusetzen.)

2016-05-20 08:20 - 2017-01-16 23:01 - 00003733 ____A C:\WINDOWS\system32\Drivers\etc\hosts


==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix fÃ¼r diesen Bereich.)

HKU\S-1-5-21-3767151760-3652987525-2816545776-1001\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 8.8.8.8
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte EintrÃ¤ge ==

MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: AMD FUEL Service => 2
MSCONFIG\Services: BcmBtRSupport => 2
MSCONFIG\Services: Blackberry Device Manager => 3
MSCONFIG\Services: BrYNSvc => 3
MSCONFIG\Services: DigitalWave.Update.Service => 2
MSCONFIG\Services: GfExperienceService => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: IObitUnSvr => 2
MSCONFIG\Services: LiveUpdateSvc => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: NvNetworkService => 2
MSCONFIG\Services: NvStreamNetworkSvc => 3
MSCONFIG\Services: NvStreamSvc => 2
MSCONFIG\Services: nvsvc => 2
MSCONFIG\Services: nvUpdatusService => 2
MSCONFIG\Services: ProtexisLicensing => 2
MSCONFIG\Services: Stereo Service => 2
MSCONFIG\Services: TeamViewer => 2
MSCONFIG\Services: VIAKaraokeService => 2
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: Corel Reminder => "C:\Program Files (x86)\Corel\Graphics10\Register\NAVBrowser.exe" /r /i "C:\Program Files (x86)\Corel\Graphics10\Register\NavLoad.ini"
MSCONFIG\startupreg: HDAudDeck => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
MSCONFIG\startupreg: NvBackend => "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
MSCONFIG\startupreg: RIMBBLaunchAgent.exe => C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
MSCONFIG\startupreg: ShadowPlay => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: Windows Mobile Device Center => %windir%\WindowsMobile\wmdc.exe
HKLM\...\StartupApproved\Run: => "NvBackend"
HKLM\...\StartupApproved\Run: => "ShadowPlay"
HKLM\...\StartupApproved\Run: => "Windows Mobile-based device management"
HKLM\...\StartupApproved\Run: => "Acronis Scheduler2 Service"
HKLM\...\StartupApproved\Run32: => "BrStsMon00"
HKLM\...\StartupApproved\Run32: => "ControlCenter3"
HKLM\...\StartupApproved\Run32: => "VirtualCloneDrive"
HKLM\...\StartupApproved\Run32: => "XFastUsb"
HKLM\...\StartupApproved\Run32: => "CloneCDTray"
HKLM\...\StartupApproved\Run32: => "FUFAXSTM"
HKLM\...\StartupApproved\Run32: => "FUFAXRCV"
HKLM\...\StartupApproved\Run32: => "KiesTrayAgent"
HKU\S-1-5-21-3767151760-3652987525-2816545776-1001\...\StartupApproved\StartupFolder: => "svchost.com.url"
HKU\S-1-5-21-3767151760-3652987525-2816545776-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-3767151760-3652987525-2816545776-1001\...\StartupApproved\Run: => "Amazon Cloud Drive"
HKU\S-1-5-21-3767151760-3652987525-2816545776-1001\...\StartupApproved\Run: => "SpybotPostWindows10UpgradeReInstall"
HKU\S-1-5-21-3767151760-3652987525-2816545776-1001\...\StartupApproved\Run: => "K6340MJR5Y"
HKU\S-1-5-21-3767151760-3652987525-2816545776-1001\...\StartupApproved\Run: => "NBBI93937N"
HKU\S-1-5-21-3767151760-3652987525-2816545776-1001\...\StartupApproved\Run: => "E21ZCY697U"
HKU\S-1-5-21-3767151760-3652987525-2816545776-1001\...\StartupApproved\Run: => "WAZPWNA0WB"
HKU\S-1-5-21-3767151760-3652987525-2816545776-1001\...\StartupApproved\Run: => "AlcoholAutomount"

==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => LPort=808
FirewallRules: [MSMQ-Out-UDP] => %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-TCP] => %systemroot%\system32\mqsvc.exe
FirewallRules: [TCP Query User{7117C2F5-28E3-4682-8869-55FBDACB7FEC}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{977C23AA-7AB0-4B04-A70B-8C9C5B1997E5}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [TCP Query User{25CE0E4C-24C7-4446-B66A-FAC5E1A2E201}C:\program files (x86)\google\chrome\application\chrome.exe] => C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{43DFFE8B-4625-4704-A885-66A878F4E936}C:\program files (x86)\google\chrome\application\chrome.exe] => C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [TCP Query User{517C9FA1-579D-42B6-A784-15003BB15AAA}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{9789DE8E-68C2-476F-8D8C-92F231816F01}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [TCP Query User{F661733F-5924-473D-9EA5-1B8E6626EA1B}C:\program files (x86)\google\chrome\application\chrome.exe] => C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{E4893C5B-B7B9-4173-A2A5-7A4871E17F05}C:\program files (x86)\google\chrome\application\chrome.exe] => C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [TCP Query User{ACF42FD7-B18D-4269-8E85-CF80BBC9DDCC}C:\program files\itunes\itunes.exe] => C:\program files\itunes\itunes.exe
FirewallRules: [{D987DCBD-D3A9-4954-A87F-1BDAD283D061}] => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
FirewallRules: [{586AF745-F22D-4FA0-BB0C-439D09EBAF34}] => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
FirewallRules: [{0F2563AF-3CE2-451B-A314-15725F423CBF}] => C:\Program Files (x86)\IObit\Driver Booster\DBDownloader.exe
FirewallRules: [{ED9F1030-E647-4688-9022-A940F34436AA}] => C:\Program Files (x86)\IObit\Driver Booster\DBDownloader.exe
FirewallRules: [{C7BB1319-7011-48C7-9231-B4F22656608D}] => C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe
FirewallRules: [{F4670494-2AF9-48B8-97F3-6938B9FD5502}] => C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe
FirewallRules: [TCP Query User{9F924D5E-211D-4038-ABBE-5A2EB3C047F9}C:\program files (x86)\ea games\mohaa\mohaa.exe] => C:\program files (x86)\ea games\mohaa\mohaa.exe
FirewallRules: [UDP Query User{D0BF1CF8-FCF8-456A-B7EF-923913909B03}C:\program files (x86)\ea games\mohaa\mohaa.exe] => C:\program files (x86)\ea games\mohaa\mohaa.exe
FirewallRules: [{F0EE6EC3-D1F0-4354-83A0-0AB1C63F9D4E}] => C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{514E4506-B6ED-40B4-B6AE-E8672CA018B4}] => C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{9594B8A3-E77B-4CB9-BB4A-B3CB11DC1342}] => C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{D2C02EC3-2F03-46A9-8B12-7EAA064BCB11}] => C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{8333ED40-B6D1-4B31-8610-ACD78A878248}] => C:\Windows\SysWOW64\dplaysvr.exe
FirewallRules: [{2AEC24B7-FCCB-4EAA-83A2-6A2F3DFF9F7A}] => C:\Windows\SysWOW64\dplaysvr.exe
FirewallRules: [{F6A1296C-63A2-4700-9137-A66A8E2AED6D}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Wiederherstellungspunkte =========================

16-01-2017 14:20:42 DirectX wurde installiert
16-01-2017 23:04:08 Removed Online.io Application
16-01-2017 23:07:42 Removed Online.io Application
16-01-2017 23:08:36 Removed Online.io Application
18-01-2017 12:40:43 Installed Dual-Core Optimizer

==================== Fehlerhafte GerÃ¤te im GerÃ¤temanager =============


==================== FehlereintrÃ¤ge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (01/19/2017 08:28:51 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: TWN BrtTWN: [2017/01/19 20:28:51.376]: [00001804]: Initialize TwdsMain Class failed!

Error: (01/19/2017 08:28:51 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: TWN BrtTWN: [2017/01/19 20:28:51.376]: [00001804]: ##### Fatal ERROR!! Create STI-device failed! #####

Error: (01/19/2017 08:20:23 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: TWN BrtTWN: [2017/01/19 20:20:23.488]: [00001528]: Initialize TwdsMain Class failed!

Error: (01/19/2017 08:20:23 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: TWN BrtTWN: [2017/01/19 20:20:23.488]: [00001528]: ##### Fatal ERROR!! Create STI-device failed! #####

Error: (01/19/2017 08:02:50 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts fÃ¼r "C:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile .
Eine fÃ¼r die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_42191651c6827bb3.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_89c64d28dafea4b9.manifest.

Error: (01/19/2017 07:59:36 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts fÃ¼r "C:\Users\Klaus\Desktop\VIRUS\esetsmartinstaller_deu.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile .
Eine fÃ¼r die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_42191651c6827bb3.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_89c64d28dafea4b9.manifest.

Error: (01/19/2017 07:20:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Bioshock.exe, Version: 1.0.0.0, Zeitstempel: 0x49baa642
Name des fehlerhaften Moduls: Bioshock.exe, Version: 1.0.0.0, Zeitstempel: 0x49baa642
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0055f825
ID des fehlerhaften Prozesses: 0x1200
Startzeit der fehlerhaften Anwendung: 0x01d2727c6495b555
Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\BioShock\Builds\Release\Bioshock.exe
Pfad des fehlerhaften Moduls: C:\Program Files (x86)\BioShock\Builds\Release\Bioshock.exe
Berichtskennung: aa691369-1b29-417c-a145-d2cf3287d946
VollstÃ¤ndiger Name des fehlerhaften Pakets: 
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (01/19/2017 10:14:20 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Bioshock.exe, Version: 1.0.0.0, Zeitstempel: 0x49baa642
Name des fehlerhaften Moduls: Bioshock.exe, Version: 1.0.0.0, Zeitstempel: 0x49baa642
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0055f825
ID des fehlerhaften Prozesses: 0x15e0
Startzeit der fehlerhaften Anwendung: 0x01d27229627411f6
Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\BioShock\Builds\Release\Bioshock.exe
Pfad des fehlerhaften Moduls: C:\Program Files (x86)\BioShock\Builds\Release\Bioshock.exe
Berichtskennung: f7e02c7a-77a6-4990-93f3-d6c36188f67d
VollstÃ¤ndiger Name des fehlerhaften Pakets: 
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (01/19/2017 07:37:31 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Bioshock.exe, Version: 1.0.0.0, Zeitstempel: 0x49baa642
Name des fehlerhaften Moduls: Bioshock.exe, Version: 1.0.0.0, Zeitstempel: 0x49baa642
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0055f825
ID des fehlerhaften Prozesses: 0x19f0
Startzeit der fehlerhaften Anwendung: 0x01d272191c9bafa7
Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\BioShock\Builds\Release\Bioshock.exe
Pfad des fehlerhaften Moduls: C:\Program Files (x86)\BioShock\Builds\Release\Bioshock.exe
Berichtskennung: 23bc8b5f-2d3d-4b7f-a735-5d053e44bbfc
VollstÃ¤ndiger Name des fehlerhaften Pakets: 
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (01/19/2017 05:14:46 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0


Systemfehler:
=============
Error: (01/19/2017 08:28:19 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "NetTcpActivator" ist vom Dienst "NetTcpPortSharing" abhÃ¤ngig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten GerÃ¤ten verbunden.

Error: (01/19/2017 08:27:32 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende KorrekturmaÃŸnahmen werden in 30000 Millisekunden durchgefÃ¼hrt: Neustart des Diensts.

Error: (01/19/2017 08:27:32 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "MBAMScheduler" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (01/19/2017 08:27:32 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "MBAMService" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (01/19/2017 08:27:32 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "iPod-Dienst" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (01/19/2017 08:27:32 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Disc Soft Ultra Bus Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (01/19/2017 08:27:31 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende KorrekturmaÃŸnahmen werden in 30000 Millisekunden durchgefÃ¼hrt: Neustart des Diensts.

Error: (01/19/2017 08:27:31 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "StarWind AE Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (01/19/2017 08:27:31 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Message Queuing" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende KorrekturmaÃŸnahmen werden in 120000 Millisekunden durchgefÃ¼hrt: Neustart des Diensts.

Error: (01/19/2017 08:27:31 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "EPSON V3 Service4(06)" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.


CodeIntegrity:
===================================
  Date: 2017-01-18 20:06:22.265
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-01-18 06:04:18.842
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\winhttp.dll because the set of per-page image hashes could not be found on the system.

  Date: 2017-01-18 06:04:18.816
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\winhttp.dll because the set of per-page image hashes could not be found on the system.

  Date: 2017-01-17 19:57:17.925
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-01-17 08:57:29.597
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-01-17 08:57:29.592
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-01-17 08:57:29.554
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-01-17 08:57:29.548
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-01-17 08:57:29.536
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-01-17 08:57:29.531
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Speicherinformationen =========================== 

Prozessor: AMD Phenom(tm) II X4 840 Processor
Prozentuale Nutzung des RAM: 22%
Installierter physikalischer RAM: 8191.3 MB
Verfügbarer physikalischer RAM: 6359.13 MB
Summe virtueller Speicher: 24191.3 MB
Verfügbarer virtueller Speicher: 22301.7 MB

==================== Laufwerke ================================

Drive c: (SYSTEM) (Fixed) (Total:111.35 GB) (Free:42.91 GB) NTFS ==>[Laufwerk mit Startkomponenten (eingeholt von BCD)]
Drive e: (PRIVAT) (Fixed) (Total:931.51 GB) (Free:337.51 GB) NTFS

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 6A6D4800)
Partition 1: (Active) - (Size=111.4 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 1E364A96)
Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== Ende von Addition.txt ============================

so, alles da

burningice · 21.01.2017, 13:54

Schritt 1
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

closeprocesses:
HKLM\...\Policies\Explorer: [TaskbarNoNotification] 0
HKLM\...\Policies\Explorer: [HideSCAHealth] 0
HKLM\...\Policies\Explorer: [DisableThumbsDBOnNetworkFolders] 1
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-21-3767151760-3652987525-2816545776-1001\...\Run: [WAZPWNA0WB] => "C:\Program Files\JVQNZCTGG9\JVQNZCTGG.exe"
HKU\S-1-5-21-3767151760-3652987525-2816545776-1001\...\Run: [E21ZCY697U] => "C:\Program Files\Z2VMR9RVMX\Z2VMR9RVM.exe"
HKU\S-1-5-21-3767151760-3652987525-2816545776-1001\...\MountPoints2: {4d4af7b6-d30d-11e6-9acd-002522d4b04c} - "G:\setup.exe" /autorun
HKU\S-1-5-21-3767151760-3652987525-2816545776-1001\...\MountPoints2: {fbd5b57f-5a35-11e6-99d3-002522d4b04c} - "F:\setup.exe" 
HKU\S-1-5-18\...\Run: [] => 0
ShellIconOverlayIdentifiers: [KzShlobj] -> {AAA0C5B8-933F-4200-93AD-B143D7FFF9F2} => -> Keine Datei
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\9mp86hi8.default -> trotux
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\9mp86hi8.default -> trotux
FF Homepage: Mozilla\Firefox\Profiles\9mp86hi8.default -> hxxps://www.malwarebytes.org/restorebrowser/
CHR Profile: C:\Users\Klaus\AppData\Local\Google\Chrome\User Data\ChromeDefaultData [2017-01-17] <==== ACHTUNG
2017-01-16 23:06 - 2017-01-16 23:06 - 00003272 _____ C:\WINDOWS\System32\Tasks\{E1F06918-E97A-4DB0-A704-7E6795236240}
2017-01-16 23:04 - 2017-01-16 23:04 - 00000000 ____D C:\Users\Klaus\AppData\Local\AdvinstAnalytics
2017-01-16 22:56 - 2017-01-16 23:39 - 00000474 _____ C:\WINDOWS\Tasks\UCBrowserUpdater.job
2017-01-16 22:56 - 2017-01-16 22:56 - 00003492 _____ C:\WINDOWS\System32\Tasks\UCBrowserUpdater
2017-01-16 22:56 - 2017-01-16 22:56 - 00003476 _____ C:\WINDOWS\System32\Tasks\UCBrowserSecureUpdater
2017-01-16 22:55 - 2017-01-17 00:12 - 00000000 ____D C:\Program Files (x86)\Phikaty Nodifier
2017-01-16 22:55 - 2017-01-16 23:28 - 00000000 ____D C:\Program Files\xxx
2017-01-16 22:55 - 2017-01-16 23:17 - 00000000 ____D C:\Program Files (x86)\UCBrowser
cmd: dir C:\WINDOWS\system32\SSL
2017-01-16 22:55 - 2017-01-16 22:55 - 00000000 ____D C:\ProgramData\Avira
2017-01-16 22:55 - 2017-01-16 22:55 - 00000000 ____D C:\ProgramData\Avg
2017-01-16 22:55 - 2017-01-16 22:55 - 00000000 ____D C:\ProgramData\AVAST Software
2017-01-16 22:54 - 2017-01-17 08:46 - 00000000 ____D C:\Program Files\JVQNZCTGG9
cmd: dir C:\WINDOWS\system32\sstmp
2017-01-16 22:53 - 2017-01-16 22:53 - 00000000 ____D C:\Users\Default\AppData\Local\AdvinstAnalytics
2017-01-16 22:53 - 2017-01-16 22:53 - 00000000 ____D C:\Users\Default User\AppData\Local\AdvinstAnalytics
file: C:\WINDOWS\32e353b0a289955e4d2d0dbcc5632256.exe
Task: {35AC1427-5FD0-485B-9625-9CB83B3359C1} - System32\Tasks\{7AEF934D-1A17-4F57-9438-37B70C108C66} => pcalua.exe -a C:\Users\Klaus\Downloads\SAMSUNG_USB_Driver_for_Mobile_Phones\SAMSUNG_USB_Driver_for_Mobile_Phones.exe -d C:\Users\Klaus\Downloads\SAMSUNG_USB_Driver_for_Mobile_Phones
Task: {3B2ADB35-FB27-4BAE-86E4-BC21E4145521} - System32\Tasks\{E1F06918-E97A-4DB0-A704-7E6795236240} => pcalua.exe -a "C:\Program Files\Common Files\Noobzo\GNUpdate\smUninstall.exe"
Task: {447BF8BB-4F3C-4067-8F63-C3A6E29D4AAB} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Keine Datei <==== ACHTUNG
Task: {4AEB58E8-9CB5-4BD6-81E2-113BD4331F65} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> Keine Datei <==== ACHTUNG
Task: {6BDCDC22-8C69-47C1-87C7-6E860FA22301} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Keine Datei <==== ACHTUNG
Task: {96A99528-20FD-40E9-9C9A-08096A741B8C} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> Keine Datei <==== ACHTUNG
Task: {A80FE49A-8B8E-43EC-AB39-5E7C56B67631} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Keine Datei <==== ACHTUNG
Task: {ABAE8372-07A9-4063-8CFD-17C97D045E80} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Keine Datei <==== ACHTUNG
Task: {C35785DD-0B93-442F-82DD-9CBB21661F3D} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Keine Datei <==== ACHTUNG
Task: {C7878158-87A8-4A5A-8F53-341276F6F97F} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Keine Datei <==== ACHTUNG
Task: {E1CD8A5F-15A3-42F0-A4BD-E88E43DC4D02} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Keine Datei <==== ACHTUNG
Task: {E40EA82D-9B0E-47B8-BAF5-F6B3B410419E} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Keine Datei <==== ACHTUNG
Task: {FBE53766-6AA7-4260-8317-0D5BE43C1DC0} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> Keine Datei <==== ACHTUNG
Task: C:\WINDOWS\Tasks\UCBrowserUpdater.job => C:\Program Files (x86)\UCBrowser\Application\update_task.exe <==== ACHTUNG
AlternateDataStreams: C:\WINDOWS\system32\drivers:ucdrv-x64.sys [23652]
AlternateDataStreams: C:\WINDOWS\system32\drivers:x64 [1479458]
AlternateDataStreams: C:\WINDOWS\system32\drivers:x86 [1205026]
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\98752971.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\98752971.sys => ""="Driver"
HKU\S-1-5-21-3767151760-3652987525-2816545776-1001\Software\Classes\.exe:  =>  <===== ACHTUNG
HKLM\...\StartupApproved\Run32: => "BrStsMon00"
HKLM\...\StartupApproved\Run32: => "FUFAXSTM"
HKLM\...\StartupApproved\Run32: => "FUFAXRCV"
HKU\S-1-5-21-3767151760-3652987525-2816545776-1001\...\StartupApproved\StartupFolder: => "svchost.com.url"
HKU\S-1-5-21-3767151760-3652987525-2816545776-1001\...\StartupApproved\Run: => "K6340MJR5Y"
HKU\S-1-5-21-3767151760-3652987525-2816545776-1001\...\StartupApproved\Run: => "NBBI93937N"
HKU\S-1-5-21-3767151760-3652987525-2816545776-1001\...\StartupApproved\Run: => "E21ZCY697U"
HKU\S-1-5-21-3767151760-3652987525-2816545776-1001\...\StartupApproved\Run: => "WAZPWNA0WB"

emptytemp:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Schritt:2
Bitte starte wieder FRST, setze den Haken bei Addition und drücke auf Untersuchen. Poste bitte wieder die beiden Textdateien, die so entstehen.

emus77 · 21.01.2017, 14:04

Fixlog.txt:

Code:

ATTFilter

Entferungsergebnis von Farbar Recovery Scan Tool (x64) Version: 18-01-2017
durchgeführt von Klaus (21-01-2017 13:59:23) Run:1
Gestartet von C:\Users\Klaus\Desktop\VIRUS
Geladene Profile: Klaus (Verfügbare Profile: Klaus & DefaultAppPool)
Start-Modus: Normal
==============================================

fixlist Inhalt:
*****************
closeprocesses:
HKLM\...\Policies\Explorer: [TaskbarNoNotification] 0
HKLM\...\Policies\Explorer: [HideSCAHealth] 0
HKLM\...\Policies\Explorer: [DisableThumbsDBOnNetworkFolders] 1
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-21-3767151760-3652987525-2816545776-1001\...\Run: [WAZPWNA0WB] => "C:\Program Files\JVQNZCTGG9\JVQNZCTGG.exe"
HKU\S-1-5-21-3767151760-3652987525-2816545776-1001\...\Run: [E21ZCY697U] => "C:\Program Files\Z2VMR9RVMX\Z2VMR9RVM.exe"
HKU\S-1-5-21-3767151760-3652987525-2816545776-1001\...\MountPoints2: {4d4af7b6-d30d-11e6-9acd-002522d4b04c} - "G:\setup.exe" /autorun
HKU\S-1-5-21-3767151760-3652987525-2816545776-1001\...\MountPoints2: {fbd5b57f-5a35-11e6-99d3-002522d4b04c} - "F:\setup.exe" 
HKU\S-1-5-18\...\Run: [] => 0
ShellIconOverlayIdentifiers: [KzShlobj] -> {AAA0C5B8-933F-4200-93AD-B143D7FFF9F2} => -> Keine Datei
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\9mp86hi8.default -> trotux
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\9mp86hi8.default -> trotux
FF Homepage: Mozilla\Firefox\Profiles\9mp86hi8.default -> hxxps://www.malwarebytes.org/restorebrowser/
CHR Profile: C:\Users\Klaus\AppData\Local\Google\Chrome\User Data\ChromeDefaultData [2017-01-17] <==== ACHTUNG
2017-01-16 23:06 - 2017-01-16 23:06 - 00003272 _____ C:\WINDOWS\System32\Tasks\{E1F06918-E97A-4DB0-A704-7E6795236240}
2017-01-16 23:04 - 2017-01-16 23:04 - 00000000 ____D C:\Users\Klaus\AppData\Local\AdvinstAnalytics
2017-01-16 22:56 - 2017-01-16 23:39 - 00000474 _____ C:\WINDOWS\Tasks\UCBrowserUpdater.job
2017-01-16 22:56 - 2017-01-16 22:56 - 00003492 _____ C:\WINDOWS\System32\Tasks\UCBrowserUpdater
2017-01-16 22:56 - 2017-01-16 22:56 - 00003476 _____ C:\WINDOWS\System32\Tasks\UCBrowserSecureUpdater
2017-01-16 22:55 - 2017-01-17 00:12 - 00000000 ____D C:\Program Files (x86)\Phikaty Nodifier
2017-01-16 22:55 - 2017-01-16 23:28 - 00000000 ____D C:\Program Files\xxx
2017-01-16 22:55 - 2017-01-16 23:17 - 00000000 ____D C:\Program Files (x86)\UCBrowser
cmd: dir C:\WINDOWS\system32\SSL
2017-01-16 22:55 - 2017-01-16 22:55 - 00000000 ____D C:\ProgramData\Avira
2017-01-16 22:55 - 2017-01-16 22:55 - 00000000 ____D C:\ProgramData\Avg
2017-01-16 22:55 - 2017-01-16 22:55 - 00000000 ____D C:\ProgramData\AVAST Software
2017-01-16 22:54 - 2017-01-17 08:46 - 00000000 ____D C:\Program Files\JVQNZCTGG9
cmd: dir C:\WINDOWS\system32\sstmp
2017-01-16 22:53 - 2017-01-16 22:53 - 00000000 ____D C:\Users\Default\AppData\Local\AdvinstAnalytics
2017-01-16 22:53 - 2017-01-16 22:53 - 00000000 ____D C:\Users\Default User\AppData\Local\AdvinstAnalytics
file: C:\WINDOWS\32e353b0a289955e4d2d0dbcc5632256.exe
Task: {35AC1427-5FD0-485B-9625-9CB83B3359C1} - System32\Tasks\{7AEF934D-1A17-4F57-9438-37B70C108C66} => pcalua.exe -a C:\Users\Klaus\Downloads\SAMSUNG_USB_Driver_for_Mobile_Phones\SAMSUNG_USB_Driver_for_Mobile_Phones.exe -d C:\Users\Klaus\Downloads\SAMSUNG_USB_Driver_for_Mobile_Phones
Task: {3B2ADB35-FB27-4BAE-86E4-BC21E4145521} - System32\Tasks\{E1F06918-E97A-4DB0-A704-7E6795236240} => pcalua.exe -a "C:\Program Files\Common Files\Noobzo\GNUpdate\smUninstall.exe"
Task: {447BF8BB-4F3C-4067-8F63-C3A6E29D4AAB} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Keine Datei <==== ACHTUNG
Task: {4AEB58E8-9CB5-4BD6-81E2-113BD4331F65} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> Keine Datei <==== ACHTUNG
Task: {6BDCDC22-8C69-47C1-87C7-6E860FA22301} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Keine Datei <==== ACHTUNG
Task: {96A99528-20FD-40E9-9C9A-08096A741B8C} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> Keine Datei <==== ACHTUNG
Task: {A80FE49A-8B8E-43EC-AB39-5E7C56B67631} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Keine Datei <==== ACHTUNG
Task: {ABAE8372-07A9-4063-8CFD-17C97D045E80} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Keine Datei <==== ACHTUNG
Task: {C35785DD-0B93-442F-82DD-9CBB21661F3D} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Keine Datei <==== ACHTUNG
Task: {C7878158-87A8-4A5A-8F53-341276F6F97F} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Keine Datei <==== ACHTUNG
Task: {E1CD8A5F-15A3-42F0-A4BD-E88E43DC4D02} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Keine Datei <==== ACHTUNG
Task: {E40EA82D-9B0E-47B8-BAF5-F6B3B410419E} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Keine Datei <==== ACHTUNG
Task: {FBE53766-6AA7-4260-8317-0D5BE43C1DC0} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> Keine Datei <==== ACHTUNG
Task: C:\WINDOWS\Tasks\UCBrowserUpdater.job => C:\Program Files (x86)\UCBrowser\Application\update_task.exe <==== ACHTUNG
AlternateDataStreams: C:\WINDOWS\system32\drivers:ucdrv-x64.sys [23652]
AlternateDataStreams: C:\WINDOWS\system32\drivers:x64 [1479458]
AlternateDataStreams: C:\WINDOWS\system32\drivers:x86 [1205026]
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\98752971.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\98752971.sys => ""="Driver"
HKU\S-1-5-21-3767151760-3652987525-2816545776-1001\Software\Classes\.exe:  =>  <===== ACHTUNG
HKLM\...\StartupApproved\Run32: => "BrStsMon00"
HKLM\...\StartupApproved\Run32: => "FUFAXSTM"
HKLM\...\StartupApproved\Run32: => "FUFAXRCV"
HKU\S-1-5-21-3767151760-3652987525-2816545776-1001\...\StartupApproved\StartupFolder: => "svchost.com.url"
HKU\S-1-5-21-3767151760-3652987525-2816545776-1001\...\StartupApproved\Run: => "K6340MJR5Y"
HKU\S-1-5-21-3767151760-3652987525-2816545776-1001\...\StartupApproved\Run: => "NBBI93937N"
HKU\S-1-5-21-3767151760-3652987525-2816545776-1001\...\StartupApproved\Run: => "E21ZCY697U"
HKU\S-1-5-21-3767151760-3652987525-2816545776-1001\...\StartupApproved\Run: => "WAZPWNA0WB"

emptytemp:
         
*****************

Prozesse erfolgreich geschlossen.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\TaskbarNoNotification => Wert erfolgreich entfernt
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\HideSCAHealth => Wert erfolgreich entfernt
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableThumbsDBOnNetworkFolders => Wert erfolgreich entfernt
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\EnableShellExecuteHooks => Wert erfolgreich entfernt
HKU\S-1-5-21-3767151760-3652987525-2816545776-1001\Software\Microsoft\Windows\CurrentVersion\Run\\WAZPWNA0WB => Wert erfolgreich entfernt
HKU\S-1-5-21-3767151760-3652987525-2816545776-1001\Software\Microsoft\Windows\CurrentVersion\Run\\E21ZCY697U => Wert erfolgreich entfernt
HKU\S-1-5-21-3767151760-3652987525-2816545776-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4d4af7b6-d30d-11e6-9acd-002522d4b04c} => Schlüssel erfolgreich entfernt
HKCR\CLSID\{4d4af7b6-d30d-11e6-9acd-002522d4b04c} => Schlüssel nicht gefunden. 
HKU\S-1-5-21-3767151760-3652987525-2816545776-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fbd5b57f-5a35-11e6-99d3-002522d4b04c} => Schlüssel erfolgreich entfernt
HKCR\CLSID\{fbd5b57f-5a35-11e6-99d3-002522d4b04c} => Schlüssel nicht gefunden. 
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\ => Wert erfolgreich entfernt
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\KzShlobj => Schlüssel erfolgreich entfernt
HKCR\CLSID\{AAA0C5B8-933F-4200-93AD-B143D7FFF9F2} => Schlüssel nicht gefunden. 
Firefox DefaultSearchEngine erfolgreich entfernt
Firefox SelectedSearchEngine erfolgreich entfernt
Firefox "homepage" erfolgreich entfernt
C:\Users\Klaus\AppData\Local\Google\Chrome\User Data\ChromeDefaultData => erfolgreich verschoben
C:\WINDOWS\System32\Tasks\{E1F06918-E97A-4DB0-A704-7E6795236240} => erfolgreich verschoben
C:\Users\Klaus\AppData\Local\AdvinstAnalytics => erfolgreich verschoben
C:\WINDOWS\Tasks\UCBrowserUpdater.job => erfolgreich verschoben
C:\WINDOWS\System32\Tasks\UCBrowserUpdater => erfolgreich verschoben
C:\WINDOWS\System32\Tasks\UCBrowserSecureUpdater => erfolgreich verschoben
C:\Program Files (x86)\Phikaty Nodifier => erfolgreich verschoben
C:\Program Files\xxx => erfolgreich verschoben

"C:\Program Files (x86)\UCBrowser" Ordner verschieben:

Konnte nicht verschoben werden "C:\Program Files (x86)\UCBrowser" => ist geplant bei Neustart verschoben zu werden.


========= dir C:\WINDOWS\system32\SSL =========

 Datentr„ger in Laufwerk C: ist SYSTEM
 Volumeseriennummer: B952-FAA5

 Verzeichnis von C:\WINDOWS\system32\SSL

16.01.2017  23:05    <DIR>          .
16.01.2017  23:05    <DIR>          ..
               0 Datei(en),              0 Bytes
               2 Verzeichnis(se), 44.624.814.080 Bytes frei

========= Ende von CMD: =========

C:\ProgramData\Avira => erfolgreich verschoben
C:\ProgramData\Avg => erfolgreich verschoben
C:\ProgramData\AVAST Software => erfolgreich verschoben
C:\Program Files\JVQNZCTGG9 => erfolgreich verschoben

========= dir C:\WINDOWS\system32\sstmp =========

 Datentr„ger in Laufwerk C: ist SYSTEM
 Volumeseriennummer: B952-FAA5

 Verzeichnis von C:\WINDOWS\system32\sstmp

16.01.2017  22:54    <DIR>          .
16.01.2017  22:54    <DIR>          ..
               0 Datei(en),              0 Bytes
               2 Verzeichnis(se), 44.624.809.984 Bytes frei

========= Ende von CMD: =========

C:\Users\Default\AppData\Local\AdvinstAnalytics => erfolgreich verschoben
"C:\Users\Default User\AppData\Local\AdvinstAnalytics" => nicht gefunden.

========================= file: C:\WINDOWS\32e353b0a289955e4d2d0dbcc5632256.exe ========================

Datei ist nicht signiert
MD5: 20A63D40CC00892670B193D4CFCDD07E
Erstellungs- und Änderungsdatum: 2017-01-12 19:28 - 2017-01-12 19:28
Größe: 2834619
Attribute: ----A
Firmenname: 
Interne Name: 
Original Name: 
Produkt: 
Beschreibung: 
Datei Version: 
Produkt Version: 
Urheberrecht: 

====== Ende von File: ======

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{35AC1427-5FD0-485B-9625-9CB83B3359C1} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{35AC1427-5FD0-485B-9625-9CB83B3359C1} => Schlüssel erfolgreich entfernt
C:\WINDOWS\System32\Tasks\{7AEF934D-1A17-4F57-9438-37B70C108C66} => erfolgreich verschoben
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{7AEF934D-1A17-4F57-9438-37B70C108C66} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3B2ADB35-FB27-4BAE-86E4-BC21E4145521} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3B2ADB35-FB27-4BAE-86E4-BC21E4145521} => Schlüssel erfolgreich entfernt
C:\WINDOWS\System32\Tasks\{E1F06918-E97A-4DB0-A704-7E6795236240} => nicht gefunden.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{E1F06918-E97A-4DB0-A704-7E6795236240} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{447BF8BB-4F3C-4067-8F63-C3A6E29D4AAB} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{447BF8BB-4F3C-4067-8F63-C3A6E29D4AAB} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4AEB58E8-9CB5-4BD6-81E2-113BD4331F65} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4AEB58E8-9CB5-4BD6-81E2-113BD4331F65} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OfficeSoftwareProtectionPlatform\SvcRestartTask => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6BDCDC22-8C69-47C1-87C7-6E860FA22301} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6BDCDC22-8C69-47C1-87C7-6E860FA22301} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{96A99528-20FD-40E9-9C9A-08096A741B8C} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{96A99528-20FD-40E9-9C9A-08096A741B8C} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A80FE49A-8B8E-43EC-AB39-5E7C56B67631} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A80FE49A-8B8E-43EC-AB39-5E7C56B67631} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{ABAE8372-07A9-4063-8CFD-17C97D045E80} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{ABAE8372-07A9-4063-8CFD-17C97D045E80} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C35785DD-0B93-442F-82DD-9CBB21661F3D} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C35785DD-0B93-442F-82DD-9CBB21661F3D} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C7878158-87A8-4A5A-8F53-341276F6F97F} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C7878158-87A8-4A5A-8F53-341276F6F97F} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E1CD8A5F-15A3-42F0-A4BD-E88E43DC4D02} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E1CD8A5F-15A3-42F0-A4BD-E88E43DC4D02} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E40EA82D-9B0E-47B8-BAF5-F6B3B410419E} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E40EA82D-9B0E-47B8-BAF5-F6B3B410419E} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FBE53766-6AA7-4260-8317-0D5BE43C1DC0} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FBE53766-6AA7-4260-8317-0D5BE43C1DC0} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d => Schlüssel erfolgreich entfernt
C:\WINDOWS\Tasks\UCBrowserUpdater.job => nicht gefunden.
C:\WINDOWS\system32\drivers => ":ucdrv-x64.sys" ADS erfolgreich entfernt.
C:\WINDOWS\system32\drivers => ":x64" ADS erfolgreich entfernt.
C:\WINDOWS\system32\drivers => ":x86" ADS erfolgreich entfernt.
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\98752971.sys => Schlüssel erfolgreich entfernt
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\98752971.sys => Schlüssel erfolgreich entfernt
HKU\S-1-5-21-3767151760-3652987525-2816545776-1001\Software\Classes\.exe => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32\\BrStsMon00 => Wert erfolgreich entfernt
HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\BrStsMon00 => Wert nicht gefunden.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32\\FUFAXSTM => Wert erfolgreich entfernt
HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\FUFAXSTM => Wert erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32\\FUFAXRCV => Wert erfolgreich entfernt
HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\FUFAXRCV => Wert erfolgreich entfernt
C:\Users\Klaus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.com.url => nicht gefunden.
HKU\S-1-5-21-3767151760-3652987525-2816545776-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartupFolder\\svchost.com.url => Wert erfolgreich entfernt
HKU\S-1-5-21-3767151760-3652987525-2816545776-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\K6340MJR5Y => Wert erfolgreich entfernt
HKU\S-1-5-21-3767151760-3652987525-2816545776-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\K6340MJR5Y => Wert nicht gefunden.
HKU\S-1-5-21-3767151760-3652987525-2816545776-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\NBBI93937N => Wert erfolgreich entfernt
HKU\S-1-5-21-3767151760-3652987525-2816545776-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\NBBI93937N => Wert nicht gefunden.
HKU\S-1-5-21-3767151760-3652987525-2816545776-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\E21ZCY697U => Wert erfolgreich entfernt
HKU\S-1-5-21-3767151760-3652987525-2816545776-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\E21ZCY697U => Wert nicht gefunden.
HKU\S-1-5-21-3767151760-3652987525-2816545776-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\WAZPWNA0WB => Wert erfolgreich entfernt
HKU\S-1-5-21-3767151760-3652987525-2816545776-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\WAZPWNA0WB => Wert nicht gefunden.

=========== EmptyTemp: ==========

BITS transfer queue => 32768 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 9712408 B
Java, Flash, Steam htmlcache => 815 B
Windows/system/drivers => 36712 B
Edge => 41846 B
Chrome => 755011189 B
Firefox => 6793769 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 4166498 B
Klaus => 29373461 B
DefaultAppPool => 0 B

RecycleBin => 452753 B
EmptyTemp: => 768.3 MB temporäre Dateien entfernt.

================================

Ergebnis der geplanten Datei-Verschiebungen (Start-Modus: Normal) (Datum&Uhrzeit: 21-01-2017 14:00:58)

"C:\Program Files (x86)\UCBrowser" => Konnte nicht verschoben werden

==== Ende vom Fixlog 14:01:01 ====

FRST.txt:

Code:

ATTFilter

Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 18-01-2017
durchgeführt von Klaus (Administrator) auf KLAUS-PC (21-01-2017 14:02:27)
Gestartet von C:\Users\Klaus\Desktop\VIRUS
Geladene Profile: Klaus (Verfügbare Profile: Klaus & DefaultAppPool)
Platform: Windows 10 Pro Version 1607 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: Chrome)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Alcohol Soft Development Team) C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAHCIServiceEx.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S60RPB.EXE
(Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(StarWind Software) C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.350_none_43278ee965418581\TiWorker.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(VIA Technologies, Inc.) C:\Program Files\VIA XHCI UASP Utility\usb3Monitor.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Ultra\DTAgent.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Ultra\DiscSoftBusService.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIMBE.EXE
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Telegram Messenger LLP) C:\Users\Klaus\AppData\Roaming\Telegram Desktop\Telegram.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(IObit) C:\Program Files (x86)\IObit\Driver Booster\Scheduler.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [VIAxHCUtl] => C:\Program Files\VIA XHCI UASP Utility\usb3Monitor
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-09-23] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2016-11-01] (Apple Inc.)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [384064 2014-03-19] (Acronis)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1087184 2016-01-20] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [115048 2011-09-16] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2006-11-17] (AMD)
HKU\S-1-5-21-3767151760-3652987525-2816545776-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-3767151760-3652987525-2816545776-1001\...\Run: [AlcoholAutomount] => C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [39376 2015-03-12] (Alcohol Soft Development Team)
HKU\S-1-5-21-3767151760-3652987525-2816545776-1001\...\Run: [DAEMON Tools Ultra Agent] => C:\Program Files\DAEMON Tools Ultra\DTAgent.exe [4526424 2015-08-06] (Disc Soft Ltd)
HKU\S-1-5-21-3767151760-3652987525-2816545776-1001\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIMBE.EXE [298560 2013-12-16] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-3767151760-3652987525-2816545776-1001\...\Policies\Explorer: [NoThumbnailCache] 1
Startup: C:\Users\Klaus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Telegram.lnk [2017-01-19]
ShortcutTarget: Telegram.lnk -> C:\Users\Klaus\AppData\Roaming\Telegram Desktop\Telegram.exe (Telegram Messenger LLP)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 192.168.0.2
Tcpip\Parameters: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{5ecc38dd-75fd-462e-a8e4-3278545d01d7}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{5ecc38dd-75fd-462e-a8e4-3278545d01d7}: [DhcpNameServer] 8.8.8.8
Tcpip\..\Interfaces\{aa7eb822-2bd5-4f14-b88e-d82ac5d3879e}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{cb5b2749-4c70-4856-bbb0-f845a0b654d6}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{cb5b2749-4c70-4856-bbb0-f845a0b654d6}: [DhcpNameServer] 192.168.0.1 192.168.0.2
Tcpip\..\Interfaces\{f2d32520-817d-11e6-9f04-806e6f6e6963}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{f51c0850-4337-4774-8242-936afa8a7d12}: [NameServer] 8.8.8.8
ManualProxies: 

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\S-1-5-21-3767151760-3652987525-2816545776-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKU\S-1-5-21-3767151760-3652987525-2816545776-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> Keine Datei
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_112\bin\jp2ssv.dll [2016-11-20] (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11] (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> Keine Datei
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_112\bin\jp2ssv.dll [2016-11-20] (Oracle Corporation)
Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} -  Keine Datei
Handler: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2016-04-12] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2016-04-12] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2016-04-12] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2016-04-12] (Microsoft Corporation)

Edge: 
======
Edge HomeButtonPage: HKU\S-1-5-21-3767151760-3652987525-2816545776-1001 -> hxxp://go.gmx.net/tb/ie_startpage

FireFox:
========
FF DefaultProfile: 9mp86hi8.default
FF ProfilePath: C:\Users\Klaus\AppData\Roaming\Mozilla\Firefox\Profiles\9mp86hi8.default [2017-01-21]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_24_0_0_186.dll [2016-12-25] ()
FF Plugin: @java.com/DTPlugin,version=11.112.2 -> C:\Program Files\Java\jre1.8.0_112\bin\dtplugin\npDeployJava1.dll [2016-11-20] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.112.2 -> C:\Program Files\Java\jre1.8.0_112\bin\plugin2\npjp2.dll [2016-11-20] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [Keine Datei]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_24_0_0_186.dll [2016-12-25] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll [2015-12-21] (Adobe Systems, Inc.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.112.2 -> C:\Program Files (x86)\Java\jre1.8.0_112\bin\dtplugin\npDeployJava1.dll [2016-11-20] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.112.2 -> C:\Program Files (x86)\Java\jre1.8.0_112\bin\plugin2\npjp2.dll [2016-11-20] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)

Chrome: 
=======
CHR DefaultProfile: Profile 1
CHR StartupUrls: Profile 1 -> "hxxp://google.de/"
CHR Profile: C:\Users\Klaus\AppData\Local\Google\Chrome\User Data\Profile 1 [2017-01-21]
CHR Extension: (Google Präsentationen) - C:\Users\Klaus\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-01-16]
CHR Extension: (Google Docs) - C:\Users\Klaus\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2017-01-16]
CHR Extension: (Google Drive) - C:\Users\Klaus\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-01-16]
CHR Extension: (YouTube) - C:\Users\Klaus\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-01-16]
CHR Extension: (Google Tabellen) - C:\Users\Klaus\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-01-16]
CHR Extension: (Google Docs Offline) - C:\Users\Klaus\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-01-17]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Klaus\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-18]
CHR Extension: (Google Mail) - C:\Users\Klaus\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-01-16]
CHR Extension: (Chrome Media Router) - C:\Users\Klaus\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-01-16]

==================== Dienste (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S4 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [365568 2011-04-19] (Advanced Micro Devices, Inc.) [Datei ist nicht signiert]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
S2 AxAutoMntSrv; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [39376 2015-03-12] (Alcohol Soft Development Team)
R2 AxVirtualAHCISrv; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAHCIServiceEx.exe [99712 2015-12-04] (Alcohol Soft Development Team)
S4 BcmBtRSupport; C:\WINDOWS\system32\BtwRSupportService.exe [2305816 2016-04-13] (Broadcom Corporation.)
S4 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.) [Datei ist nicht signiert]
S4 DigitalWave.Update.Service; C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe [388968 2016-03-28] (Digital Wave Ltd.)
R3 Disc Soft Ultra Bus Service; C:\Program Files\DAEMON Tools Ultra\DiscSoftBusService.exe [1345880 2015-08-06] (Disc Soft Ltd)
R2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc64.exe [144560 2012-05-16] (Seiko Epson Corporation)
R2 EPSON_PM_RPCV4_06; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S60RPB.EXE [152640 2013-04-15] (SEIKO EPSON CORPORATION)
S4 IObitUnSvr; C:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe [359200 2016-09-28] (IObit)
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
S4 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2016-02-19] ()
S4 ProtexisLicensing; C:\WINDOWS\SysWOW64\PSIService.exe [177704 2007-06-05] ()
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-09-15] (Microsoft Corporation)
R2 StarWindServiceAE; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [370688 2009-12-23] (StarWind Software) [Datei ist nicht signiert]
S4 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7500048 2016-09-20] (TeamViewer GmbH)
S4 VIAKaraokeService; C:\WINDOWS\system32\viakaraokesrv.exe [41952 2016-12-11] (VIA Technologies, Inc.)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)

===================== Treiber (Nicht auf der Ausnahmeliste) ======================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S3 bcbtums; C:\WINDOWS\system32\drivers\bcbtums.sys [227144 2016-04-13] (Broadcom Corporation.)
S3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2016-08-02] (Disc Soft Ltd)
S3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [47672 2016-08-02] (Disc Soft Ltd)
R3 dtultrascsibus; C:\WINDOWS\System32\drivers\dtultrascsibus.sys [30264 2016-02-01] (Disc Soft Ltd)
R3 dtultrausbbus; C:\WINDOWS\System32\drivers\dtultrausbbus.sys [47160 2016-02-01] (Disc Soft Ltd)
S3 epmntdrv; C:\WINDOWS\system32\epmntdrv.sys [17480 2013-03-07] () [Datei ist nicht signiert]
S3 epmntdrv; C:\WINDOWS\SysWOW64\epmntdrv.sys [14920 2013-03-07] () [Datei ist nicht signiert]
S3 EuGdiDrv; C:\WINDOWS\system32\EuGdiDrv.sys [9800 2013-03-07] () [Datei ist nicht signiert]
S3 EuGdiDrv; C:\WINDOWS\SysWOW64\EuGdiDrv.sys [9160 2013-03-07] () [Datei ist nicht signiert]
R1 HWiNFO32; C:\WINDOWS\SysWOW64\drivers\HWiNFO64A.SYS [27552 2016-06-30] (REALiX(tm))
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2017-01-19] (Malwarebytes)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
S4 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_3f929cc119e3b994\nvlddmkm.sys [14200880 2016-12-25] (NVIDIA Corporation)
R0 PxHlpa64; C:\WINDOWS\System32\drivers\PxHlpa64.sys [56336 2013-09-03] (Corel Corporation)
S3 RimUsb; C:\WINDOWS\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
S3 RimVSerPort; C:\WINDOWS\System32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)
R3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [418784 2016-10-30] (Realsil Semiconductor Corporation)
S3 Secdrv; C:\WINDOWS\SysWOW64\drivers\SECDRV.SYS [11616 2001-08-16] () [Datei ist nicht signiert]
S3 smhwser; C:\WINDOWS\system32\DRIVERS\smhwser.sys [122624 2010-02-04] (QUALCOMM Incorporated)
R0 sptd2; C:\WINDOWS\System32\Drivers\sptd2.sys [196152 2016-12-15] (Duplex Secure Ltd)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [28272 2016-10-03] ()
R1 ucdrv; C:\Program Files (x86)\UCBrowser\Security:ucdrv-x64.sys [23652 ] (UC Web Inc.) <==== ACHTUNG
S3 VUSB3HUB; C:\WINDOWS\System32\drivers\ViaHub3.sys [227840 2013-12-11] (VIA Technologies, Inc.) [Datei ist nicht signiert]
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
S3 xhcdrv; C:\WINDOWS\System32\drivers\xhcdrv.sys [297984 2013-12-11] (VIA Technologies, Inc.) [Datei ist nicht signiert]
U3 idsvc; kein ImagePath
S3 vmci; \SystemRoot\System32\drivers\vmci.sys [X]
S3 VMnetAdapter; \SystemRoot\system32\DRIVERS\vmnetadapter.sys [X]

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2017-01-20 17:53 - 2017-01-20 17:53 - 00000000 ____D C:\Users\Klaus\Documents\Fax
2017-01-20 16:14 - 2017-01-20 16:14 - 01496584 _____ C:\Users\Klaus\Downloads\DirectX - CHIP-Installer.exe
2017-01-19 23:49 - 2017-01-19 23:50 - 00082156 _____ C:\TDSSKiller.3.1.0.12_19.01.2017_23.49.42_log.txt
2017-01-19 23:18 - 2017-01-20 23:42 - 00000000 ____D C:\Users\Klaus\AppData\Roaming\Bioshock2Steam
2017-01-19 23:18 - 2017-01-19 23:18 - 00000000 ____D C:\Users\Klaus\Documents\Bioshock2
2017-01-19 23:08 - 2017-01-19 23:08 - 00001763 _____ C:\Users\Public\Desktop\BioShock 2.lnk
2017-01-19 23:08 - 2017-01-19 23:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BioShock 2 Complete Edition
2017-01-19 23:04 - 2017-01-19 23:08 - 00000000 ____D C:\Program Files (x86)\BioShock 2 Complete Edition
2017-01-18 19:43 - 2017-01-18 19:45 - 00083916 _____ C:\TDSSKiller.3.1.0.12_18.01.2017_19.43.40_log.txt
2017-01-18 12:41 - 2017-01-19 23:13 - 00000000 ____D C:\WINDOWS\SysWOW64\directx
2017-01-18 12:40 - 2017-01-18 12:40 - 00000000 ____D C:\Program Files (x86)\AMD
2017-01-18 12:28 - 2017-01-18 12:28 - 00000000 ____D C:\Users\Klaus\Downloads\d2a536_4e9f3eff6f228
2017-01-18 12:27 - 2017-01-18 12:27 - 00143382 _____ C:\Users\Klaus\Downloads\d2a536_4e9f3eff6f228.zip
2017-01-18 08:05 - 2017-01-21 14:02 - 00000000 ____D C:\Users\Klaus\Desktop\VIRUS
2017-01-17 12:43 - 2017-01-17 12:43 - 00000028 _____ C:\WINDOWS\OutLog.txt
2017-01-17 12:43 - 2017-01-17 12:43 - 00000000 _____ C:\WINDOWS\BcdLog.txt
2017-01-17 12:39 - 2017-01-17 12:39 - 00000161 _____ C:\WINDOWS\system32\autopart.opt
2017-01-17 12:39 - 2017-01-17 12:39 - 00000000 ____D C:\WINDOWS\Acronis
2017-01-17 12:39 - 2014-03-19 22:40 - 15031616 _____ (Acronis) C:\WINDOWS\system32\autopart.exe
2017-01-17 08:52 - 2017-01-17 08:52 - 00000000 ____D C:\Program Files (x86)\ESET
2017-01-17 08:46 - 2017-01-17 08:48 - 00082514 _____ C:\TDSSKiller.3.1.0.12_17.01.2017_08.46.48_log.txt
2017-01-17 08:45 - 2017-01-17 12:10 - 00000000 ____D C:\TDSSKiller_Quarantine
2017-01-17 08:45 - 2017-01-17 08:45 - 00084538 _____ C:\TDSSKiller.3.1.0.12_17.01.2017_08.45.05_log.txt
2017-01-17 08:34 - 2017-01-17 08:34 - 00590056 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-01-17 07:40 - 2017-01-21 14:02 - 00000000 ____D C:\FRST
2017-01-17 07:36 - 2017-01-19 20:19 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2017-01-17 07:36 - 2017-01-19 20:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2017-01-17 07:36 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2017-01-17 07:36 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2017-01-17 07:36 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-01-17 07:35 - 2017-01-17 07:35 - 00000008 __RSH C:\Users\Klaus\ntuser.pol
2017-01-17 00:05 - 2017-01-19 20:20 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-01-17 00:04 - 2017-01-17 00:04 - 00000000 ____D C:\Program Files\Malwarebytes
2017-01-16 23:36 - 2017-01-16 23:36 - 00000000 ____D C:\ProgramData\USOShared
2017-01-16 23:36 - 2017-01-16 23:36 - 00000000 ____D C:\ProgramData\USOPrivate
2017-01-16 23:34 - 2017-01-16 23:42 - 00000000 ____D C:\ProgramData\ProductData
2017-01-16 22:55 - 2017-01-16 23:17 - 00000000 ____D C:\Program Files (x86)\UCBrowser
2017-01-16 22:55 - 2017-01-16 23:05 - 00000000 ____D C:\WINDOWS\system32\SSL
2017-01-16 22:54 - 2017-01-16 22:54 - 00000000 ____D C:\WINDOWS\system32\sstmp
2017-01-16 14:55 - 2017-01-16 14:55 - 00000000 ____D C:\Users\Klaus\Documents\BioshockHD
2017-01-16 14:55 - 2017-01-16 14:55 - 00000000 ____D C:\Users\Klaus\AppData\Roaming\BioshockHD
2017-01-14 18:25 - 2017-01-14 18:25 - 00000000 ____D C:\ProgramData\Acronis
2017-01-14 18:24 - 2017-01-14 18:24 - 00276256 _____ (Acronis International GmbH) C:\WINDOWS\system32\Drivers\snapman.sys
2017-01-14 18:24 - 2017-01-14 18:24 - 00118560 _____ (Acronis International GmbH) C:\WINDOWS\system32\Drivers\fltsrv.sys
2017-01-14 18:24 - 2017-01-14 18:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acronis
2017-01-14 18:24 - 2017-01-14 18:24 - 00000000 ____D C:\Program Files (x86)\Acronis
2017-01-14 18:14 - 2017-01-14 18:14 - 03901144 _____ (AVM GmbH) C:\Users\Klaus\Downloads\avm_fritz!wlan_usb_stick_x64_build_100906.exe
2017-01-14 12:54 - 2017-01-14 12:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EaseUS Partition Master 10.0
2017-01-14 12:54 - 2014-04-04 00:42 - 03382440 _____ C:\WINDOWS\system32\BootMan.exe
2017-01-14 12:54 - 2014-04-04 00:25 - 02499752 _____ C:\WINDOWS\SysWOW64\BootMan.exe
2017-01-14 12:54 - 2013-03-07 09:49 - 00100936 _____ C:\WINDOWS\system32\setupempdrvx64.exe
2017-01-14 12:54 - 2013-03-07 09:49 - 00087112 _____ C:\WINDOWS\SysWOW64\setupempdrv03.exe
2017-01-14 12:54 - 2013-03-07 09:49 - 00019840 _____ C:\WINDOWS\SysWOW64\EuEpmGdi.dll
2017-01-14 12:54 - 2013-03-07 09:49 - 00017480 _____ C:\WINDOWS\system32\epmntdrv.sys
2017-01-14 12:54 - 2013-03-07 09:49 - 00016256 _____ C:\WINDOWS\system32\EuEpmGdi.dll
2017-01-14 12:54 - 2013-03-07 09:49 - 00014920 _____ C:\WINDOWS\SysWOW64\epmntdrv.sys
2017-01-14 12:54 - 2013-03-07 09:49 - 00009800 _____ C:\WINDOWS\system32\EuGdiDrv.sys
2017-01-14 12:54 - 2013-03-07 09:49 - 00009160 _____ C:\WINDOWS\SysWOW64\EuGdiDrv.sys
2017-01-12 19:28 - 2017-01-12 19:28 - 02834619 _____ C:\WINDOWS\32e353b0a289955e4d2d0dbcc5632256.exe
2017-01-11 21:44 - 2017-01-11 21:45 - 00001996 _____ C:\Users\Klaus\Desktop\Neues Textdokument.txt
2017-01-11 21:40 - 2017-01-11 21:40 - 00000020 ___SH C:\Users\DefaultAppPool\ntuser.ini
2017-01-11 17:29 - 2017-01-16 22:54 - 02317824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-01-11 17:29 - 2016-12-21 09:08 - 00245600 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinesam.dll
2017-01-11 17:29 - 2016-12-21 09:08 - 00136032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ImplatSetup.dll
2017-01-11 17:29 - 2016-12-21 08:46 - 00624048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2017-01-11 17:29 - 2016-12-21 08:43 - 04130440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2017-01-11 17:29 - 2016-12-21 08:43 - 01454504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
2017-01-11 17:29 - 2016-12-21 08:43 - 01071736 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2017-01-11 17:29 - 2016-12-21 08:42 - 22224480 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-01-11 17:29 - 2016-12-21 08:42 - 01988560 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2017-01-11 17:29 - 2016-12-21 08:42 - 01702392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2017-01-11 17:29 - 2016-12-21 08:42 - 01300600 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2017-01-11 17:29 - 2016-12-21 08:41 - 01600632 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2017-01-11 17:29 - 2016-12-21 08:08 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpencom.dll
2017-01-11 17:29 - 2016-12-21 08:06 - 06285312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2017-01-11 17:29 - 2016-12-21 08:05 - 00261632 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll
2017-01-11 17:29 - 2016-12-21 07:59 - 01908224 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-01-11 17:29 - 2016-12-21 07:59 - 00883712 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2017-01-11 17:29 - 2016-12-21 07:56 - 00936960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll
2017-01-11 17:29 - 2016-12-21 07:55 - 08129536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-01-11 17:29 - 2016-12-21 07:55 - 04749312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-01-11 17:29 - 2016-12-21 07:53 - 06664192 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe
2017-01-11 17:29 - 2016-12-21 07:53 - 04474368 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-01-11 17:29 - 2016-12-21 07:51 - 08075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2017-01-11 17:29 - 2016-12-21 07:51 - 05611008 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2017-01-11 17:29 - 2016-12-21 07:50 - 01490432 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-01-11 17:29 - 2016-12-21 06:59 - 00218976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinesam.dll
2017-01-11 17:29 - 2016-12-21 06:09 - 00263472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll
2017-01-11 17:29 - 2016-12-21 06:01 - 20969928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-01-11 17:29 - 2016-12-21 05:43 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BlockedShutdown.dll
2017-01-11 17:29 - 2016-12-21 05:41 - 00253952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BioFeedback.dll
2017-01-11 17:29 - 2016-12-21 05:40 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2017-01-11 17:29 - 2016-12-21 05:40 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2017-01-11 17:29 - 2016-12-21 05:39 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2017-01-11 17:29 - 2016-12-21 05:38 - 00866816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Cred.dll
2017-01-11 17:29 - 2016-12-21 05:35 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\indexeddbserver.dll
2017-01-11 17:29 - 2016-12-21 05:34 - 07626752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-01-11 17:29 - 2016-12-21 05:33 - 19413504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-01-11 17:29 - 2016-12-21 05:32 - 19417600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-01-11 17:29 - 2016-12-21 05:30 - 05398016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aclui.dll
2017-01-11 17:29 - 2016-12-21 05:30 - 01255936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-01-11 17:29 - 2016-12-21 05:26 - 01155072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVP9DEC.dll
2017-01-11 17:29 - 2016-12-21 05:25 - 06474752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspaint.exe
2017-01-11 17:29 - 2016-12-21 05:24 - 06044160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-01-11 17:29 - 2016-12-21 05:22 - 01883648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2017-01-11 17:29 - 2016-12-14 06:41 - 01235296 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2017-01-11 17:29 - 2016-12-14 06:34 - 02482280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2017-01-11 17:29 - 2016-12-14 06:23 - 00404832 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2017-01-11 17:29 - 2016-12-14 06:21 - 02206496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2017-01-11 17:29 - 2016-12-14 06:17 - 00319288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2017-01-11 17:29 - 2016-12-14 06:01 - 01557808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2017-01-11 17:29 - 2016-12-14 06:01 - 00382784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2017-01-11 17:29 - 2016-12-14 05:48 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-01-11 17:29 - 2016-12-14 05:46 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2017-01-11 17:29 - 2016-12-14 05:43 - 00201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ScDeviceEnum.dll
2017-01-11 17:29 - 2016-12-14 05:42 - 00236544 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSCard.dll
2017-01-11 17:29 - 2016-12-14 05:42 - 00167424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinSCard.dll
2017-01-11 17:29 - 2016-12-14 05:40 - 00193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\certprop.dll
2017-01-11 17:29 - 2016-12-14 05:38 - 17188864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-01-11 17:29 - 2016-12-14 05:38 - 13869056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-01-11 17:29 - 2016-12-14 05:38 - 00213504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.CredDialogController.dll
2017-01-11 17:29 - 2016-12-14 05:37 - 00090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2017-01-11 17:29 - 2016-12-14 05:36 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2017-01-11 17:29 - 2016-12-14 05:35 - 00755712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2017-01-11 17:29 - 2016-12-14 05:35 - 00600576 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptui.dll
2017-01-11 17:29 - 2016-12-14 05:35 - 00553984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptui.dll
2017-01-11 17:29 - 2016-12-14 05:26 - 00932864 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2017-01-11 17:29 - 2016-12-14 05:26 - 00869888 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-01-11 17:29 - 2016-12-14 05:24 - 01005568 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3D12.dll
2017-01-11 17:29 - 2016-12-14 05:24 - 00673792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2017-01-11 17:29 - 2016-12-14 05:23 - 03134976 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll
2017-01-11 17:29 - 2016-12-14 05:22 - 01513472 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-01-11 17:29 - 2016-12-14 05:22 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-01-11 17:29 - 2016-11-02 13:01 - 00484584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2017-01-11 17:29 - 2016-11-02 11:28 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2017-01-11 17:29 - 2016-08-02 05:30 - 00822784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2017-01-11 17:28 - 2016-12-21 09:04 - 07816032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-01-11 17:28 - 2016-12-21 08:49 - 00328008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2017-01-11 17:28 - 2016-12-21 08:45 - 00153952 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqcmiplugin.dll
2017-01-11 17:28 - 2016-12-21 08:43 - 00092512 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2017-01-11 17:28 - 2016-12-21 08:42 - 00241504 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2017-01-11 17:28 - 2016-12-21 08:37 - 00455520 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2017-01-11 17:28 - 2016-12-21 08:15 - 22563840 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-01-11 17:28 - 2016-12-21 08:14 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2017-01-11 17:28 - 2016-12-21 08:13 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCsp.dll
2017-01-11 17:28 - 2016-12-21 08:12 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvPluginEng.dll
2017-01-11 17:28 - 2016-12-21 08:10 - 00234496 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCore.dll
2017-01-11 17:28 - 2016-12-21 08:09 - 00368640 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneBackupHandler.dll
2017-01-11 17:28 - 2016-12-21 08:09 - 00363520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BioFeedback.dll
2017-01-11 17:28 - 2016-12-21 08:08 - 01292288 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2017-01-11 17:28 - 2016-12-21 08:08 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BlockedShutdown.dll
2017-01-11 17:28 - 2016-12-21 08:08 - 00349184 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2017-01-11 17:28 - 2016-12-21 08:08 - 00289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeveloperOptionsSettingsHandlers.dll
2017-01-11 17:28 - 2016-12-21 08:08 - 00211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2017-01-11 17:28 - 2016-12-21 08:07 - 00748544 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2017-01-11 17:28 - 2016-12-21 08:06 - 00310784 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncSettings.dll
2017-01-11 17:28 - 2016-12-21 08:06 - 00260608 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2017-01-11 17:28 - 2016-12-21 08:06 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-01-11 17:28 - 2016-12-21 08:05 - 00425984 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-01-11 17:28 - 2016-12-21 08:05 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2017-01-11 17:28 - 2016-12-21 08:01 - 09131008 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-01-11 17:28 - 2016-12-21 08:00 - 00440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhcfg.dll
2017-01-11 17:28 - 2016-12-21 07:58 - 23678464 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-01-11 17:28 - 2016-12-21 07:57 - 00462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhsettingsprovider.dll
2017-01-11 17:28 - 2016-12-21 07:56 - 00947712 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVP9DEC.dll
2017-01-11 17:28 - 2016-12-21 07:54 - 05511680 _____ (Microsoft Corporation) C:\WINDOWS\system32\aclui.dll
2017-01-11 17:28 - 2016-12-21 07:53 - 01692672 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-01-11 17:28 - 2016-12-21 07:51 - 02275840 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-01-11 17:28 - 2016-12-21 07:49 - 04149248 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2017-01-11 17:28 - 2016-12-21 07:49 - 02691072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2017-01-11 17:28 - 2016-12-21 07:49 - 01062912 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2017-01-11 17:28 - 2016-12-21 07:47 - 01121280 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-01-11 17:28 - 2016-12-21 06:03 - 00136544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqmigplugin.dll
2017-01-11 17:28 - 2016-12-21 06:02 - 03892864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2017-01-11 17:28 - 2016-12-21 06:02 - 01852720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2017-01-11 17:28 - 2016-12-21 06:02 - 01360464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2017-01-11 17:28 - 2016-12-21 06:02 - 01277344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2017-01-11 17:28 - 2016-12-21 06:02 - 01201872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2017-01-11 17:28 - 2016-12-21 06:02 - 00980832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
2017-01-11 17:28 - 2016-12-21 05:46 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
2017-01-11 17:28 - 2016-12-21 05:41 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2017-01-11 17:28 - 2016-12-21 05:40 - 00318976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpencom.dll
2017-01-11 17:28 - 2016-12-21 05:40 - 00237056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncSettings.dll
2017-01-11 17:28 - 2016-12-21 05:39 - 01300480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2017-01-11 17:28 - 2016-12-21 05:35 - 04612608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2017-01-11 17:28 - 2016-12-21 05:27 - 00640000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MCRecvSrc.dll
2017-01-11 17:28 - 2016-12-21 05:25 - 07469056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2017-01-11 17:28 - 2016-12-21 05:24 - 05061120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-01-11 17:28 - 2016-12-21 05:24 - 03733504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-01-11 17:28 - 2016-12-21 05:24 - 00886272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-01-11 17:28 - 2016-12-21 05:22 - 00860672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2017-01-11 17:28 - 2016-12-14 06:41 - 00590960 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2017-01-11 17:28 - 2016-12-14 06:33 - 02169184 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystems64.dll
2017-01-11 17:28 - 2016-12-14 06:33 - 01669984 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVIntegration.dll
2017-01-11 17:28 - 2016-12-14 06:33 - 01400160 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystemController.dll
2017-01-11 17:28 - 2016-12-14 06:33 - 01356864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe
2017-01-11 17:28 - 2016-12-14 06:33 - 01054048 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPolicy.dll
2017-01-11 17:28 - 2016-12-14 06:33 - 00992096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVManifest.dll
2017-01-11 17:28 - 2016-12-14 06:33 - 00822624 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVClient.exe
2017-01-11 17:28 - 2016-12-14 06:33 - 00813408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntStreamingManager.dll
2017-01-11 17:28 - 2016-12-14 06:33 - 00779616 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVReporting.dll
2017-01-11 17:28 - 2016-12-14 06:33 - 00752992 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVOrchestration.dll
2017-01-11 17:28 - 2016-12-14 06:33 - 00704352 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntVirtualization.dll
2017-01-11 17:28 - 2016-12-14 06:33 - 00696160 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPublishing.dll
2017-01-11 17:28 - 2016-12-14 06:33 - 00571744 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVCatalog.dll
2017-01-11 17:28 - 2016-12-14 06:33 - 00513376 _____ (Microsoft Corporation) C:\WINDOWS\system32\TransportDSA.dll
2017-01-11 17:28 - 2016-12-14 06:33 - 00406368 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVScripting.dll
2017-01-11 17:28 - 2016-12-14 06:33 - 00241504 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVShNotify.exe
2017-01-11 17:28 - 2016-12-14 06:33 - 00190816 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVDllSurrogate.exe
2017-01-11 17:28 - 2016-12-14 06:26 - 01469792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppVEntSubsystems32.dll
2017-01-11 17:28 - 2016-12-14 06:19 - 00584544 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2017-01-11 17:28 - 2016-12-14 06:18 - 00715104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2017-01-11 17:28 - 2016-12-14 06:18 - 00335712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2017-01-11 17:28 - 2016-12-14 06:14 - 01694712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2017-01-11 17:28 - 2016-12-14 06:14 - 00418952 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2017-01-11 17:28 - 2016-12-14 06:14 - 00089416 _____ (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll
2017-01-11 17:28 - 2016-12-14 06:08 - 00341344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2017-01-11 17:28 - 2016-12-14 06:06 - 00509792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2017-01-11 17:28 - 2016-12-14 06:01 - 00076984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\remoteaudioendpoint.dll
2017-01-11 17:28 - 2016-12-14 05:46 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2017-01-11 17:28 - 2016-12-14 05:45 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2017-01-11 17:28 - 2016-12-14 05:42 - 00352768 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2017-01-11 17:28 - 2016-12-14 05:42 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.UI.Logon.ProxyStub.dll
2017-01-11 17:28 - 2016-12-14 05:41 - 00223744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-01-11 17:28 - 2016-12-14 05:40 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2017-01-11 17:28 - 2016-12-14 05:40 - 00266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConsoleLogon.dll
2017-01-11 17:28 - 2016-12-14 05:40 - 00231424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudBackupSettings.dll
2017-01-11 17:28 - 2016-12-14 05:40 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.UI.Logon.ProxyStub.dll
2017-01-11 17:28 - 2016-12-14 05:39 - 00837632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2017-01-11 17:28 - 2016-12-14 05:39 - 00290816 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2017-01-11 17:28 - 2016-12-14 05:39 - 00257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.CredDialogController.dll
2017-01-11 17:28 - 2016-12-14 05:38 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudBackupSettings.dll
2017-01-11 17:28 - 2016-12-14 05:36 - 01002496 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2017-01-11 17:28 - 2016-12-14 05:36 - 00539648 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-01-11 17:28 - 2016-12-14 05:35 - 00712192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-01-11 17:28 - 2016-12-14 05:32 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3D12.dll
2017-01-11 17:28 - 2016-12-14 05:32 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2017-01-11 17:28 - 2016-12-14 05:25 - 02009600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2017-01-11 17:28 - 2016-12-14 05:23 - 01231872 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2017-01-11 17:28 - 2016-12-14 05:22 - 02998272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-01-11 17:28 - 2016-12-14 05:22 - 02748416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll
2017-01-11 17:28 - 2016-12-14 05:22 - 00707584 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2017-01-11 17:28 - 2016-12-14 05:21 - 03616768 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-01-11 17:28 - 2016-11-02 12:00 - 00534096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2017-01-11 17:28 - 2016-11-02 11:22 - 00337920 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2017-01-11 17:28 - 2016-11-02 11:21 - 00942080 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2017-01-09 22:15 - 2017-01-09 22:15 - 00000000 ____D C:\Users\Klaus\AppData\Local\Ndemic Creations
2017-01-09 22:04 - 2017-01-19 20:21 - 00001224 _____ C:\Users\Public\Desktop\Plague Inc Evolved.lnk
2017-01-09 22:04 - 2017-01-09 22:14 - 00000000 ____D C:\Program Files (x86)\Plague Inc Evolved
2017-01-09 22:04 - 2017-01-09 22:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Plague Inc Evolved
2017-01-08 16:46 - 2017-01-08 16:46 - 00000000 ____D C:\Users\Klaus\Documents\CPY_SAVES
2017-01-07 00:09 - 2017-01-07 00:09 - 01065376 _____ (Google Inc.) C:\Users\Klaus\Downloads\ChromeSetup.exe
2017-01-06 04:49 - 2017-01-06 04:49 - 00000000 ____D C:\Users\Klaus\AppData\Roaming\SmartSteamEmu
2017-01-05 22:29 - 2017-01-05 22:29 - 00000000 ____D C:\Users\Klaus\AppData\Roaming\Microsoft Games
2017-01-05 22:16 - 2017-01-05 22:22 - 00000000 ____D C:\Users\Klaus\AppData\Roaming\DAEMON Tools Ultra
2017-01-05 22:16 - 2017-01-05 22:18 - 00000000 ____D C:\Program Files\DAEMON Tools Ultra
2017-01-05 22:16 - 2017-01-05 22:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Ultra
2017-01-05 22:15 - 2017-01-05 22:15 - 00000000 ____D C:\ProgramData\DAEMON Tools Ultra
2017-01-04 14:10 - 2003-04-19 00:29 - 00044544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml4a.dll
2017-01-04 14:09 - 2017-01-04 19:34 - 00000604 _____ C:\WINDOWS\Edofma.INI
2017-01-03 18:16 - 2017-01-03 18:16 - 53933348 _____ C:\Users\Klaus\Downloads\hv335t_flash_v2.3.zip
2017-01-03 17:52 - 2017-01-19 11:03 - 00000000 ____D C:\Users\Klaus\AppData\Roaming\vlc
2017-01-03 17:49 - 2017-01-03 17:50 - 30533688 _____ C:\Users\Klaus\Downloads\vlc-2.2.4-win32.exe
2017-01-02 18:49 - 2017-01-02 18:49 - 00196497 _____ C:\Users\Klaus\Downloads\DHL_label_2017-1-2_18-49-7.pdf
2017-01-02 15:29 - 2017-01-02 15:29 - 00061314 _____ C:\Users\Klaus\Downloads\2530333_2016_Nr.012_Kontoauszug_vom_31.12.2016_20170102032955.pdf
2017-01-02 15:29 - 2017-01-02 15:29 - 00049871 _____ C:\Users\Klaus\Downloads\302530333_2016_Nr.012_Kontoauszug_vom_31.12.2016_20170102032951.pdf
2017-01-02 15:29 - 2017-01-02 15:29 - 00049643 _____ C:\Users\Klaus\Downloads\402530333_2016_Nr.004_Kontoauszug_vom_31.12.2016_20170102032942.pdf
2017-01-02 15:29 - 2017-01-02 15:29 - 00049388 _____ C:\Users\Klaus\Downloads\102530333_2016_Nr.010_Kontoauszug_vom_31.12.2016_20170102032946.pdf
2017-01-02 15:29 - 2017-01-02 15:29 - 00046885 _____ C:\Users\Klaus\Downloads\302530333_2016_Mitteilung_vom_31.10.2016_20170102032948.pdf
2016-12-31 11:10 - 2016-12-31 11:10 - 00196914 _____ C:\Users\Klaus\Downloads\DHL_label_2016-12-31_11-10-49.pdf
2016-12-25 06:39 - 2016-12-25 06:39 - 40125496 _____ C:\WINDOWS\system32\nvcompiler.dll
2016-12-25 06:39 - 2016-12-25 06:39 - 35222976 _____ C:\WINDOWS\SysWOW64\nvcompiler.dll
2016-12-25 06:39 - 2016-12-25 06:39 - 34710584 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2016-12-25 06:39 - 2016-12-25 06:39 - 28201408 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2016-12-25 06:39 - 2016-12-25 06:39 - 10912744 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvptxJitCompiler.dll
2016-12-25 06:39 - 2016-12-25 06:39 - 10803880 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2016-12-25 06:39 - 2016-12-25 06:39 - 10353960 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2016-12-25 06:39 - 2016-12-25 06:39 - 09158616 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2016-12-25 06:39 - 2016-12-25 06:39 - 08913328 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll
2016-12-25 06:39 - 2016-12-25 06:39 - 08761560 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2016-12-25 06:39 - 2016-12-25 06:39 - 03934504 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2016-12-25 06:39 - 2016-12-25 06:39 - 03474392 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2016-12-25 06:39 - 2016-12-25 06:39 - 02950200 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2016-12-25 06:39 - 2016-12-25 06:39 - 02587704 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2016-12-25 06:39 - 2016-12-25 06:39 - 01953336 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6437633.dll
2016-12-25 06:39 - 2016-12-25 06:39 - 01586744 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6437633.dll
2016-12-25 06:39 - 2016-12-25 06:39 - 01038392 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2016-12-25 06:39 - 2016-12-25 06:39 - 00974784 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2016-12-25 06:39 - 2016-12-25 06:39 - 00942528 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2016-12-25 06:39 - 2016-12-25 06:39 - 00894400 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2016-12-25 06:39 - 2016-12-25 06:39 - 00683640 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvfatbinaryLoader.dll
2016-12-25 06:39 - 2016-12-25 06:39 - 00572888 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2017-01-21 14:01 - 2015-10-21 15:43 - 00000000 ____D C:\Users\Klaus\AppData\Roaming\Telegram Desktop
2017-01-21 14:00 - 2016-09-23 11:24 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-01-21 14:00 - 2016-07-16 07:04 - 00262144 _____ C:\WINDOWS\system32\config\BBI
2017-01-21 13:54 - 2015-10-24 17:52 - 00000000 ____D C:\Users\Klaus\AppData\Local\JDownloader v2.0
2017-01-21 13:46 - 2016-09-23 11:08 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-01-21 10:06 - 2016-10-12 14:48 - 00000000 ____D C:\Users\Klaus\Downloads\Telegram Desktop
2017-01-21 07:01 - 2016-09-23 11:10 - 11946432 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-01-21 07:01 - 2016-07-16 23:51 - 06084860 _____ C:\WINDOWS\system32\perfh007.dat
2017-01-21 07:01 - 2016-07-16 23:51 - 01708322 _____ C:\WINDOWS\system32\perfc007.dat
2017-01-21 00:36 - 2016-09-23 11:11 - 00000000 ____D C:\Users\Klaus
2017-01-20 17:55 - 2015-10-18 16:26 - 00000000 ____D C:\Users\Klaus\Desktop\ABLAGE
2017-01-20 17:53 - 2016-12-07 17:06 - 00000000 ___RD C:\Users\Klaus\Documents\Scanned Documents
2017-01-19 23:51 - 2016-10-03 11:37 - 00000000 ____D C:\AdwCleaner
2017-01-19 23:18 - 2016-12-05 07:10 - 00000000 ____D C:\ProgramData\Steam
2017-01-19 23:03 - 2016-05-03 11:08 - 00000000 ____D C:\Users\Klaus\AppData\Local\CrashDumps
2017-01-19 20:21 - 2016-11-17 21:28 - 00001156 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 11.lnk
2017-01-19 20:21 - 2016-11-12 23:43 - 00001856 _____ C:\Users\Public\Desktop\iTunes.lnk
2017-01-19 20:21 - 2016-11-04 19:23 - 00002045 _____ C:\Users\Public\Desktop\Medal of Honor.lnk
2017-01-19 20:21 - 2016-09-23 11:19 - 00001519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2017-01-19 20:21 - 2016-08-04 20:03 - 00001817 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk
2017-01-19 20:21 - 2016-06-22 16:30 - 00002729 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook 2016.lnk
2017-01-19 20:21 - 2016-06-22 16:30 - 00002656 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word 2016.lnk
2017-01-19 20:21 - 2016-06-22 16:30 - 00002648 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel 2016.lnk
2017-01-19 20:21 - 2016-06-22 16:30 - 00002642 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint 2016.lnk
2017-01-19 20:21 - 2015-11-21 12:51 - 00002212 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth.lnk
2017-01-19 20:21 - 2015-11-01 16:35 - 00001266 _____ C:\Users\Public\Desktop\Wise Disk Cleaner.lnk
2017-01-19 20:21 - 2015-10-24 16:06 - 00002382 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-01-19 20:21 - 2015-10-24 13:59 - 00001402 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
2017-01-19 20:21 - 2015-10-24 13:59 - 00001329 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
2017-01-19 20:21 - 2015-10-24 13:58 - 00001544 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
2017-01-19 20:21 - 2015-10-24 13:56 - 00001282 _____ C:\Users\Public\Desktop\WinOptimizer.lnk
2017-01-19 20:21 - 2015-10-24 09:54 - 00001025 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat.com.lnk
2017-01-19 20:21 - 2015-10-24 09:53 - 00002471 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
2017-01-19 20:21 - 2015-10-24 09:51 - 00001232 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HD VDeck.lnk
2017-01-19 20:21 - 2015-10-19 14:56 - 00002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2017-01-19 20:20 - 2016-11-04 19:04 - 00001099 _____ C:\Users\Klaus\Desktop\Call of Duty.lnk
2017-01-19 20:20 - 2016-07-29 21:03 - 00001264 _____ C:\Users\Klaus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon Drive.lnk
2017-01-19 20:20 - 2016-07-24 22:48 - 00001970 _____ C:\Users\Klaus\Desktop\UseNeXT.lnk
2017-01-19 20:20 - 2016-03-19 17:43 - 00002433 _____ C:\Users\Klaus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-01-19 20:20 - 2016-03-19 17:42 - 00001091 _____ C:\Users\Klaus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Optionale Features.lnk
2017-01-18 12:40 - 2015-11-30 22:54 - 00000000 ____D C:\WINDOWS\Downloaded Installations
2017-01-17 23:58 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-01-17 08:32 - 2016-07-16 12:45 - 00000000 ____D C:\WINDOWS\INF
2017-01-17 08:32 - 2015-11-01 16:35 - 00000000 ____D C:\Users\Klaus\AppData\Roaming\Wise Disk Cleaner
2017-01-17 07:34 - 2016-10-03 11:38 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-01-17 07:27 - 2016-10-03 19:22 - 00000085 _____ C:\WINDOWS\wininit.ini
2017-01-17 00:12 - 2016-09-23 18:06 - 00000000 ____D C:\ProgramData\Ashampoo
2017-01-16 23:12 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\Help
2017-01-16 23:12 - 2016-07-09 06:00 - 00000000 ____D C:\Users\Klaus\AppData\Roaming\Wise Euask
2017-01-16 23:11 - 2016-02-19 13:22 - 00000000 ____D C:\Users\Klaus\AppData\Roaming\Anvsoft
2017-01-16 23:11 - 2015-11-26 23:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAZ 3D
2017-01-16 22:55 - 2016-11-04 19:03 - 00000000 ____D C:\Program Files (x86)\Call of Duty
2017-01-16 22:55 - 2016-09-09 11:48 - 00000000 ____D C:\Program Files (x86)\Digiarty
2017-01-16 22:55 - 2016-03-21 17:13 - 00000000 ____D C:\Program Files (x86)\MSECache
2017-01-14 12:54 - 2016-06-01 21:17 - 00000000 ____D C:\Program Files (x86)\EaseUS
2017-01-14 11:37 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\rescache
2017-01-13 07:16 - 2016-01-23 17:17 - 00000000 ____D C:\Users\Klaus\Documents\UseNeXT
2017-01-13 07:16 - 2015-10-24 17:48 - 00000000 ____D C:\Users\Klaus\AppData\Roaming\UseNeXT
2017-01-12 22:21 - 2015-11-26 23:25 - 00000000 ____D C:\Program Files (x86)\DAZ 3D
2017-01-12 22:17 - 2016-01-16 00:34 - 00000000 ____D C:\Users\Klaus\Documents\My Games
2017-01-11 21:40 - 2016-09-23 11:11 - 00000000 ____D C:\Users\DefaultAppPool
2017-01-11 21:18 - 2015-11-11 07:12 - 00000000 ____D C:\Users\Klaus\AppData\Roaming\dvdcss
2017-01-11 21:06 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-01-11 21:06 - 2016-02-13 18:32 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-01-11 21:04 - 2016-07-16 12:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-01-11 21:04 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2017-01-11 21:04 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\oobe
2017-01-11 21:04 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\ShellExperiences
2017-01-11 21:04 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\Provisioning
2017-01-11 21:04 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2017-01-11 19:28 - 2016-07-16 12:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-01-11 19:22 - 2015-10-19 10:00 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-01-11 19:20 - 2015-10-19 10:00 - 135657872 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-01-07 08:47 - 2015-12-01 21:54 - 00000946 _____ C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job
2017-01-07 08:47 - 2015-10-24 13:53 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2017-01-07 00:20 - 2016-09-23 11:24 - 00004074 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2017-01-07 00:20 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-01-07 00:20 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-01-07 00:20 - 2015-10-24 10:11 - 00000000 ____D C:\Users\Klaus\AppData\Local\Adobe
2017-01-06 05:36 - 2015-10-24 09:52 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-01-06 05:34 - 2016-12-16 13:02 - 00000000 ____D C:\Program Files (x86)\Microsoft Games
2017-01-05 11:59 - 2016-03-07 23:45 - 00000000 ____D C:\Users\Klaus\AppData\Local\ElevatedDiagnostics
2017-01-04 07:30 - 2016-04-23 23:34 - 00000000 ____D C:\Program Files (x86)\posterXXL Designer
2017-01-03 17:51 - 2015-10-24 19:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2016-12-29 18:07 - 2016-12-13 15:18 - 00000000 ____D C:\WINDOWS\Minidump
2016-12-25 06:39 - 2016-08-02 22:52 - 00042286 _____ C:\WINDOWS\system32\nvinfo.pb
2016-12-24 14:56 - 2015-10-24 09:43 - 00000000 ____D C:\Users\Klaus\AppData\Local\VirtualStore
2016-12-23 00:13 - 2016-10-13 17:53 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-12-23 00:13 - 2016-10-13 17:53 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2016-09-01 06:23 - 2016-09-01 06:28 - 0020520 _____ () C:\Program Files (x86)\init.dat
2016-09-23 18:08 - 2016-09-23 19:35 - 0003584 _____ () C:\Users\Klaus\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-01-15 21:10 - 2016-09-10 17:47 - 0007627 _____ () C:\Users\Klaus\AppData\Local\resmon.resmoncfg

==================== Bamital & volsnap ======================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert

LastRegBack: 2017-01-19 13:04

==================== Ende von FRST.txt ============================

emus77 · 21.01.2017, 14:05

Addition.txt:

Code:

ATTFilter

ZusÃ¤tzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 18-01-2017
durchgefÃ¼hrt von Klaus (21-01-2017 14:03:31)
Gestartet von C:\Users\Klaus\Desktop\VIRUS
Windows 10 Pro Version 1607 (X64) (2016-09-23 10:25:15)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-3767151760-3652987525-2816545776-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3767151760-3652987525-2816545776-503 - Limited - Disabled)
Gast (S-1-5-21-3767151760-3652987525-2816545776-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-3767151760-3652987525-2816545776-1009 - Limited - Enabled)
Klaus (S-1-5-21-3767151760-3652987525-2816545776-1001 - Administrator - Enabled) => C:\Users\Klaus

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" kÃ¶nnen in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
ACDSee (HKLM-x32\...\ACDSee) (Version:  - )
Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
Acrobat.com (x32 Version: 0.0.0 - Adobe Systems Incorporated) Hidden
AcronisÂ*DiskÂ*DirectorÂ*12 (HKLM-x32\...\{AE372858-B1BD-49EF-8308-648322846008}) (Version: 12.0.3219 - Acronis)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 24.0.0.180 - Adobe Systems Incorporated)
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.186 - Adobe Systems Incorporated)
Adobe Flash Player 24 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 24.0.0.186 - Adobe Systems Incorporated)
Adobe Reader 9 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A90000000001}) (Version: 9.0.0 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM-x32\...\{5ECE64C9-F5B3-4914-B1F2-23D46548B7E3}) (Version: 12.2.3.183 - Adobe Systems, Inc)
Amazon Drive (HKU\S-1-5-21-3767151760-3652987525-2816545776-1001\...\Amazon Drive) (Version: 3.6.4.65 - Amazon.com, Inc.)
Any Video Converter 5.9.1 (HKLM-x32\...\Any Video Converter_is1) (Version:  - Any-Video-Converter.com)
Apple Application Support (32-Bit) (HKLM-x32\...\{F2871C89-C8A5-42EE-8D45-0F02506385A6}) (Version: 5.1 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{9BC93467-75D1-4AA4-BD58-D9C51D88DFAB}) (Version: 5.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}) (Version: 10.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Ashampoo WinOptimizer 2015 (HKLM-x32\...\{4209F371-3276-A8F7-B851-845A83732AB4}_is1) (Version: 11.00.60 - Ashampoo GmbH & Co. KG)
Asmedia ASM106x SATA Host Controller Driver (HKLM-x32\...\{DF6C3726-7E53-4772-9763-E9F147769F51}) (Version: 3.1.9.0000 - Asmedia Technology)
ASRock App Charger v1.0.4 (HKLM\...\ASRock App Charger_is1) (Version:  - ASRock Inc.)
ATI Catalyst Install Manager (HKLM\...\{4044201A-8576-2999-1166-96C5593F3CFF}) (Version: 3.0.825.0 - ATI Technologies, Inc.)
BioShock 2 Complete Edition Version 1.5 (HKLM-x32\...\{DB591EE7-847F-4A99-BFE3-6C91BA0AB9E8}_is1) (Version: 1.5 - 2K Games)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Call of Duty (HKLM-x32\...\Call of Duty) (Version:  - )
Call of Juarez - Bound in Blood (x32 Version: 1.01.0000 - Ubisoft) Hidden
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.7.6282 - CDBurnerXP)
CorelDRAW 10 (x32 Version: 10 - Corel) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Ultra (HKLM\...\DAEMON Tools Ultra) (Version: 4.0.0.0423 - Disc Soft Ltd)
Driver Booster 3.1 (HKLM-x32\...\Driver Booster_is1) (Version: 3.1 - IObit)
Dual-Core Optimizer (HKLM-x32\...\{BCA02FAD-2C86-4C8C-A815-51C09F4E51FF}) (Version: 1.1.1.0135 - AMD)
EaseUS Partition Master 10.0 Trial Edition (HKLM-x32\...\EaseUS Partition Master Trial Edition_is1) (Version:  - EaseUS)
ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 17.3.19290 - Landesfinanzdirektion ThÃ¼ringen)
Epson Easy Photo Print 2 (HKLM-x32\...\{07AA1C7F-E8CA-4FDC-B975-BC9EBC22B6DE}) (Version: 2.7.0.0 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM-x32\...\{9F205E94-9E42-4486-A92A-DF3F6CB85444}) (Version: 3.10.0061 - Seiko Epson Corporation)
Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.63.00 - SEIKO EPSON CORPORATION)
Epson PC-FAX Driver (HKLM-x32\...\EPSON PC-FAX Driver 2) (Version:  - )
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON Scan OCR Component (HKLM-x32\...\{563B99D8-8895-4E3E-AE8D-15BE8C05F1C1}) (Version: 2.20.0000 - SEIKO EPSON Corp.)
EPSON Scan PDF Extensions (HKLM-x32\...\{F9956472-6E16-4F83-BF9A-F887EF4A45B7}) (Version: 1.03.0001 - SEIKO EPSON Corp.)
Epson Software Updater (HKLM-x32\...\{6DBD132B-7F42-4594-BBE7-0BB677EB2926}) (Version: 4.4.2 - SEIKO EPSON CORPORATION)
EPSON WF-2650 Series Printer Uninstall (HKLM\...\EPSON WF-2650 Series) (Version:  - SEIKO EPSON Corporation)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Fotogalerie (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Free Audio Converter (HKLM-x32\...\Free Audio Converter_is1) (Version: 5.0.78.328 - DVDVideoSoft Ltd.)
Free M4a to MP3 Converter 8.4 (HKLM-x32\...\Free M4a to MP3 Converter_is1) (Version:  - ManiacTools.com)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 55.0.2883.87 - Google Inc.)
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 6.0.3.16 - IObit)
iTunes (HKLM\...\{554C62C7-E6BB-40F1-892B-F0AE02D3C135}) (Version: 12.5.3.17 - Apple Inc.)
Java 8 Update 102 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180102F0}) (Version: 8.0.1020.14 - Oracle Corporation)
Java 8 Update 102 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180102F0}) (Version: 8.0.1020.14 - Oracle Corporation)
Java 8 Update 112 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180112F0}) (Version: 8.0.1120.15 - Oracle Corporation)
Java 8 Update 112 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180112F0}) (Version: 8.0.1120.15 - Oracle Corporation)
Java 8 Update 74 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418074F0}) (Version: 8.0.740.2 - Oracle Corporation)
Java 8 Update 74 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218074F0}) (Version: 8.0.740.2 - Oracle Corporation)
Java 8 Update 77 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418077F0}) (Version: 8.0.770.3 - Oracle Corporation)
Java 8 Update 77 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218077F0}) (Version: 8.0.770.3 - Oracle Corporation)
Java 8 Update 92 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418092F0}) (Version: 8.0.920.14 - Oracle Corporation)
Java 8 Update 92 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218092F0}) (Version: 8.0.920.14 - Oracle Corporation)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
K-Lite Codec Pack 7.0.0 (Standard) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 7.0.0 - )
MAGIX Speed burnR (MSI) (HKLM-x32\...\MX.{328343FF-0466-4E8D-88EB-53CE3150AE11}) (Version: 7.0.2.6 - MAGIX Software GmbH)
MAGIX Speed burnR (MSI) (Version: 7.0.2.6 - MAGIX Software GmbH) Hidden
MAGIX Video deluxe 2015 Premium (Designelemente) (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden
MAGIX Video deluxe 2015 Premium (Filmvorlagen 2) (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden
MAGIX Video deluxe 2015 Premium (Filmvorlagen 3) (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden
MAGIX Video deluxe 2015 Premium (Filmvorlagen 4) (Version: 1.0.1.0 - MAGIX Software GmbH) Hidden
MAGIX Video deluxe 2015 Premium (Filmvorlagen 5) (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden
MAGIX Video deluxe 2015 Premium (Filmvorlagen 6) (Version: 1.0.1.0 - MAGIX Software GmbH) Hidden
MAGIX Video deluxe 2015 Premium (Filmvorlagen) (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden
MAGIX Video deluxe 2015 Premium (Individuelle MenÃ¼vorlagen) (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden
MAGIX Video deluxe 2015 Premium (MenÃ¼vorlagen 1) (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden
MAGIX Video deluxe 2015 Premium (MenÃ¼vorlagen 2) (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden
MAGIX Video deluxe 2015 Premium (Red Giant Chromatic Glow) (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden
MAGIX Video deluxe 2015 Premium (Red Giant Knoll Light Factory) (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden
MAGIX Video deluxe 2015 Premium (Red Giant Retrograde) (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden
MAGIX Video deluxe 2015 Premium (Titeleffekte) (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden
MAGIX Video deluxe 2015 Premium (Version: 14.0.0.159 - MAGIX Software GmbH) Hidden
MAGIX Video deluxe 2016 Premium (Designelemente) (HKLM\...\MX.{67025742-42D8-4E8D-92BF-3C001AA7C645}) (Version: 1.0.0.0 - MAGIX Software GmbH)
MAGIX Video deluxe 2016 Premium (Designelemente) (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden
MAGIX Video deluxe 2016 Premium (HKLM\...\MX.{B9D9D873-ADDA-4D0C-B691-0F323C6DD62A}) (Version: 15.0.0.62 - MAGIX Software GmbH)
MAGIX Video deluxe 2016 Premium (Individuelle MenÃ¼vorlagen) (HKLM\...\MX.{33AFBCF9-0338-494D-BAFD-1367B5BD5A30}) (Version: 1.0.0.0 - MAGIX Software GmbH)
MAGIX Video deluxe 2016 Premium (Individuelle MenÃ¼vorlagen) (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden
MAGIX Video deluxe 2016 Premium (MenÃ¼vorlagen 1) (HKLM\...\MX.{8BCE1A1B-3EB0-4DCB-8C9F-6D235CA493FC}) (Version: 1.0.0.0 - MAGIX Software GmbH)
MAGIX Video deluxe 2016 Premium (MenÃ¼vorlagen 1) (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden
MAGIX Video deluxe 2016 Premium (MenÃ¼vorlagen 2) (HKLM\...\MX.{7D42CCF5-305C-49E7-9828-D89C05AEA82D}) (Version: 1.0.0.0 - MAGIX Software GmbH)
MAGIX Video deluxe 2016 Premium (MenÃ¼vorlagen 2) (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden
MAGIX Video deluxe 2016 Premium (Titeleffekte) (HKLM\...\MX.{28FE7891-77C0-45E1-9CA4-35E9250F91DA}) (Version: 1.0.0.0 - MAGIX Software GmbH)
MAGIX Video deluxe 2016 Premium (Titeleffekte) (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden
MAGIX Video deluxe 2016 Premium (Ãœberblendeffekte) (HKLM\...\MX.{585234EA-CDB3-48A7-B6C4-0EFF9A86D244}) (Version: 1.0.0.0 - MAGIX Software GmbH)
MAGIX Video deluxe 2016 Premium (Ãœberblendeffekte) (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden
MAGIX Video deluxe 2016 Premium (Version: 15.0.0.62 - MAGIX Software GmbH) Hidden
MAGIX Video deluxe 2016 Premium Update (Version: 15.0.0.102 - MAGIX Software GmbH) Hidden
Malwarebytes Anti-Malware Version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Medal of Honor Allied Assault (HKLM-x32\...\{0DEA94ED-915A-4834-A87E-388D012C8E02}) (Version:  - )
Microsoft .NET Framework 4.6.1 Hotfix Rollup (KB3120241) (HKLM\...\{46556DC7-EFC0-361E-832E-E0A9B0D2EFAB}) (Version: 4.6.01067 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Camera Codec Pack (HKLM\...\{F7930EE9-0929-439D-A57B-D40C2C69C890}) (Version: 6.3.9723.0 - Microsoft Corporation)
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) (HKLM-x32\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.30730.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2016 (HKLM\...\Office16.PROPLUS) (Version: 16.0.4266.1001 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61187 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61186 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{2DFD8316-9EF1-3210-908C-4CB61961C1AC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{D285FC5F-3021-32E9-9C59-24CA325BDC5C}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.7523 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.7523 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{527BBE2F-1FED-3D8B-91CB-4DB0F838E69E}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.7523 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.7523 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{b341426f-8543-4e0d-96c3-e976f8ec5ab6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{4fd02573-5f12-4ae4-8027-c63f8e1115af}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24210 (HKLM-x32\...\{f144e08f-9cbe-4f09-9a8c-f2b858b7ee7f}) (Version: 14.0.24210.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24210 (HKLM-x32\...\{23658c02-145e-483d-ba6b-1eb82c580529}) (Version: 14.0.24210.0 - Microsoft Corporation)
Microsoft Visual J# 2.0 Redistributable Package - SE (x64) (HKLM\...\Microsoft Visual J# 2.0 Redistributable Package - SE (x64)) (Version:  - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mp3tag v2.79 (HKLM-x32\...\Mp3tag) (Version: v2.79 - Florian Heidenreich)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML4 Parser (HKLM-x32\...\{01501EBA-EC35-4F9F-8889-3BE346E5DA13}) (Version: 1.0.0 - Microsoft Game Studios)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.3 - )
NVIDIA PhysX (HKLM-x32\...\{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}) (Version: 9.10.0513 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Outils de vÃ©rification linguistique 2016 de Microsoft OfficeÂ*- FranÃ§ais (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
PixelNet - Meine Bilderwelt (HKLM-x32\...\PixelNet - Meine Bilderwelt) (Version: 5.1.1. - ORWO Net)
Plague Inc Evolved MULTi14 - ElAmigos Version 1.13.0 (HKLM-x32\...\{BDF7DD42-37BE-43A2-8F9C-44EE65466076}_is1) (Version: 1.13.0 - Ndemic Creations)
Platform (x32 Version: 1.34 - VIA Technologies, Inc.) Hidden
posterXXL Designer 5.3 (HKLM-x32\...\posterXXL Designer_is1) (Version:  - )
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.14393.31228 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.1.28.1 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.1.28.1 - Renesas Electronics Corporation) Hidden
Strumenti di correzione di Microsoft Office 2016 - Italiano (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.66695 - TeamViewer)
Telegram Desktop version 1.0.2 (HKU\S-1-5-21-3767151760-3652987525-2816545776-1001\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 1.0.2 - Telegram Messenger LLP)
TeraCopy 2.3 (HKLM\...\TeraCopy_is1) (Version:  - Code Sector)
UseNeXT by Tangysoft (HKLM-x32\...\UseNeXT by Tangysoft_is1) (Version:  - Tangysoft Ltd.)
VIA Plattform-GerÃ¤te-Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.34 - VIA Technologies, Inc.)
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: 5.4.7.0 - Elaborate Bytes)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
WinX DVD Author 6.3.7 (HKLM-x32\...\WinX DVD Author_is1) (Version:  - DigiartySoft, Inc.)
Wise Disk Cleaner 9.33 (HKLM-x32\...\Wise Disk Cleaner_is1) (Version: 9.33 - WiseCleaner.com, Inc.)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {03C207F9-0233-4110-BA44-AEFF503E8BE4} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation)
Task: {0968ECFD-0C3D-4AB4-AF1E-D7A5FF3574AA} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2011-02-28] ()
Task: {0CB631FF-F9FB-4806-913B-FE54BD7E5EA1} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {138FAEB9-0784-41CE-9A7B-878E7CA373C8} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation)
Task: {1DA697D9-89AD-440E-A3F6-FD7C86DDC35F} - System32\Tasks\Driver Booster Scheduler => C:\Program Files (x86)\IObit\Driver Booster\Scheduler.exe [2015-11-30] (IObit)
Task: {35FC097A-789D-4CE9-8D09-82C25A48E151} - System32\Tasks\Uninstaller_SkipUac_Klaus => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2016-10-10] (IObit)
Task: {37DC5A61-C110-4E74-B4B0-D263F3684162} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Keine Datei <==== ACHTUNG
Task: {57187ACC-7BB3-4107-83E1-7FDF5368CDDB} - System32\Tasks\Driver Booster SkipUAC (Klaus) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe [2015-12-22] (IObit)
Task: {58F35C51-A384-4FC8-9CC6-1CF4C78FB5D8} - System32\Tasks\EPSON WF-2650 Series Update {FABA556B-21FB-403E-BD42-FC2114FBE22C} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSMBE.EXE [2013-11-22] (SEIKO EPSON CORPORATION)
Task: {76F28C59-93B6-4B5C-ADB1-3C3B2F5D2859} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-01-07] (Adobe Systems Incorporated)
Task: {7F8FEB6C-B918-4F6B-9F00-8C36B1212D96} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [2015-07-31] (Microsoft Corporation)
Task: {81A36ACB-9807-4079-A598-809FD76EAE45} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Keine Datei <==== ACHTUNG
Task: {82E95715-2A71-468E-9B9A-EA9C77B6F9EE} - System32\Tasks\EPSON WF-2650 Series Update {C0112A23-007B-432D-8F6F-FA9503CCCA9F} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSMBE.EXE [2013-11-22] (SEIKO EPSON CORPORATION)
Task: {8A4766DC-4F02-4991-A7B8-94EE466D391E} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> Keine Datei <==== ACHTUNG
Task: {8DF83C56-B2B3-4E6C-9984-AEED37A506E2} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation)
Task: {8FF7DD45-60E6-4C0F-B94E-24A8B06A93CC} - System32\Tasks\EPSON WF-2650 Series Update {AC41C320-182E-4D3E-911E-AAF704407DDD} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSMBE.EXE [2013-11-22] (SEIKO EPSON CORPORATION)
Task: {920CE08C-A63E-494B-961E-24BBFBB0BC02} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation)
Task: {B7BD77F3-25B3-431E-BD0F-185BCAAD1947} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWoW64\Macromed\Flash\FlashUtil32_24_0_0_186_pepper.exe [2017-01-07] (Adobe Systems Incorporated)
Task: {BEC69237-488D-43A6-884F-AB10CA1CAAE8} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [2015-07-31] (Microsoft Corporation)
Task: {C27FEDD3-26A3-49CB-9EAC-07164D89F29E} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2015-07-31] (Microsoft Corporation)

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\WINDOWS\SysWoW64\Macromed\Flash\FlashUtil32_24_0_0_186_pepper.exe
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\EPSON WF-2650 Series Update {AC41C320-182E-4D3E-911E-AAF704407DDD}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSMBE.EXE :/EXE:{AC41C320-182E-4D3E-911E-AAF704407DDD} /F:Update  WORKGROUP\KLAUS-PC$ ÄŠSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
Task: C:\WINDOWS\Tasks\EPSON WF-2650 Series Update {C0112A23-007B-432D-8F6F-FA9503CCCA9F}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSMBE.EXE :/EXE:{C0112A23-007B-432D-8F6F-FA9503CCCA9F} /F:Update  WORKGROUP\KLAUS-PC$ ÄŠSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
Task: C:\WINDOWS\Tasks\EPSON WF-2650 Series Update {FABA556B-21FB-403E-BD42-FC2114FBE22C}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSMBE.EXE :/EXE:{FABA556B-21FB-403E-BD42-FC2114FBE22C} /F:Update  WORKGROUP\KLAUS-PC$ ÄŠSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
Task: C:\WINDOWS\Tasks\Uninstaller_SkipUac_Klaus.job => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe

==================== VerknÃ¼pfungen =============================

(Die EintrÃ¤ge kÃ¶nnen gelistet werden, um sie zurÃ¼ckzusetzen oder zu entfernen.)

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2016-07-16 12:42 - 2016-07-16 12:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-12-15 04:56 - 2016-12-09 11:29 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-09-01 17:12 - 2016-09-01 17:12 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-10-05 18:17 - 2016-10-05 18:17 - 01353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-12-15 04:56 - 2016-12-09 11:29 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-09-23 11:27 - 2016-09-23 11:27 - 00959168 _____ () C:\Users\Klaus\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\ClientTelemetry.dll
2016-09-23 12:03 - 2016-09-23 12:03 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-01-11 17:28 - 2016-12-21 08:09 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-01-11 17:28 - 2016-12-21 07:54 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-01-11 17:28 - 2016-12-21 07:48 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-01-11 17:28 - 2016-12-21 07:48 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-01-11 17:28 - 2016-12-21 07:48 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-01-11 17:28 - 2016-12-21 07:53 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2017-01-07 00:09 - 2016-12-08 09:03 - 02412888 _____ () C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\libglesv2.dll
2017-01-07 00:09 - 2016-12-08 09:03 - 00099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\libegl.dll
2015-10-24 10:01 - 2009-02-27 15:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)


==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WSService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SamSs => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv2 => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srvnet => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WSService => ""="Service"

==================== VerknÃ¼pfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurÃ¼ckgesetzt oder entfernt.)


==================== Internet Explorer VertrauenswÃ¼rdig/EingeschrÃ¤nkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)


==================== Hosts Inhalt: ===============================

(Wenn benÃ¶tigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurÃ¼ckzusetzen.)

2016-05-20 08:20 - 2017-01-16 23:01 - 00003733 ____A C:\WINDOWS\system32\Drivers\etc\hosts


==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix fÃ¼r diesen Bereich.)

HKU\S-1-5-21-3767151760-3652987525-2816545776-1001\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 8.8.8.8
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte EintrÃ¤ge ==

MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: AMD FUEL Service => 2
MSCONFIG\Services: BcmBtRSupport => 2
MSCONFIG\Services: Blackberry Device Manager => 3
MSCONFIG\Services: BrYNSvc => 3
MSCONFIG\Services: DigitalWave.Update.Service => 2
MSCONFIG\Services: GfExperienceService => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: IObitUnSvr => 2
MSCONFIG\Services: LiveUpdateSvc => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: NvNetworkService => 2
MSCONFIG\Services: NvStreamNetworkSvc => 3
MSCONFIG\Services: NvStreamSvc => 2
MSCONFIG\Services: nvsvc => 2
MSCONFIG\Services: nvUpdatusService => 2
MSCONFIG\Services: ProtexisLicensing => 2
MSCONFIG\Services: Stereo Service => 2
MSCONFIG\Services: TeamViewer => 2
MSCONFIG\Services: VIAKaraokeService => 2
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: Corel Reminder => "C:\Program Files (x86)\Corel\Graphics10\Register\NAVBrowser.exe" /r /i "C:\Program Files (x86)\Corel\Graphics10\Register\NavLoad.ini"
MSCONFIG\startupreg: HDAudDeck => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
MSCONFIG\startupreg: NvBackend => "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
MSCONFIG\startupreg: RIMBBLaunchAgent.exe => C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
MSCONFIG\startupreg: ShadowPlay => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: Windows Mobile Device Center => %windir%\WindowsMobile\wmdc.exe
HKLM\...\StartupApproved\Run: => "NvBackend"
HKLM\...\StartupApproved\Run: => "ShadowPlay"
HKLM\...\StartupApproved\Run: => "Windows Mobile-based device management"
HKLM\...\StartupApproved\Run: => "Acronis Scheduler2 Service"
HKLM\...\StartupApproved\Run32: => "ControlCenter3"
HKLM\...\StartupApproved\Run32: => "VirtualCloneDrive"
HKLM\...\StartupApproved\Run32: => "XFastUsb"
HKLM\...\StartupApproved\Run32: => "CloneCDTray"
HKLM\...\StartupApproved\Run32: => "KiesTrayAgent"
HKU\S-1-5-21-3767151760-3652987525-2816545776-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-3767151760-3652987525-2816545776-1001\...\StartupApproved\Run: => "Amazon Cloud Drive"
HKU\S-1-5-21-3767151760-3652987525-2816545776-1001\...\StartupApproved\Run: => "SpybotPostWindows10UpgradeReInstall"
HKU\S-1-5-21-3767151760-3652987525-2816545776-1001\...\StartupApproved\Run: => "AlcoholAutomount"

==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => LPort=808
FirewallRules: [MSMQ-Out-UDP] => %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-TCP] => %systemroot%\system32\mqsvc.exe
FirewallRules: [TCP Query User{7117C2F5-28E3-4682-8869-55FBDACB7FEC}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{977C23AA-7AB0-4B04-A70B-8C9C5B1997E5}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [TCP Query User{25CE0E4C-24C7-4446-B66A-FAC5E1A2E201}C:\program files (x86)\google\chrome\application\chrome.exe] => C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{43DFFE8B-4625-4704-A885-66A878F4E936}C:\program files (x86)\google\chrome\application\chrome.exe] => C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [TCP Query User{517C9FA1-579D-42B6-A784-15003BB15AAA}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{9789DE8E-68C2-476F-8D8C-92F231816F01}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [TCP Query User{F661733F-5924-473D-9EA5-1B8E6626EA1B}C:\program files (x86)\google\chrome\application\chrome.exe] => C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{E4893C5B-B7B9-4173-A2A5-7A4871E17F05}C:\program files (x86)\google\chrome\application\chrome.exe] => C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [TCP Query User{ACF42FD7-B18D-4269-8E85-CF80BBC9DDCC}C:\program files\itunes\itunes.exe] => C:\program files\itunes\itunes.exe
FirewallRules: [{D987DCBD-D3A9-4954-A87F-1BDAD283D061}] => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
FirewallRules: [{586AF745-F22D-4FA0-BB0C-439D09EBAF34}] => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
FirewallRules: [{0F2563AF-3CE2-451B-A314-15725F423CBF}] => C:\Program Files (x86)\IObit\Driver Booster\DBDownloader.exe
FirewallRules: [{ED9F1030-E647-4688-9022-A940F34436AA}] => C:\Program Files (x86)\IObit\Driver Booster\DBDownloader.exe
FirewallRules: [{C7BB1319-7011-48C7-9231-B4F22656608D}] => C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe
FirewallRules: [{F4670494-2AF9-48B8-97F3-6938B9FD5502}] => C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe
FirewallRules: [TCP Query User{9F924D5E-211D-4038-ABBE-5A2EB3C047F9}C:\program files (x86)\ea games\mohaa\mohaa.exe] => C:\program files (x86)\ea games\mohaa\mohaa.exe
FirewallRules: [UDP Query User{D0BF1CF8-FCF8-456A-B7EF-923913909B03}C:\program files (x86)\ea games\mohaa\mohaa.exe] => C:\program files (x86)\ea games\mohaa\mohaa.exe
FirewallRules: [{F0EE6EC3-D1F0-4354-83A0-0AB1C63F9D4E}] => C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{514E4506-B6ED-40B4-B6AE-E8672CA018B4}] => C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{9594B8A3-E77B-4CB9-BB4A-B3CB11DC1342}] => C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{D2C02EC3-2F03-46A9-8B12-7EAA064BCB11}] => C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{8333ED40-B6D1-4B31-8610-ACD78A878248}] => C:\Windows\SysWOW64\dplaysvr.exe
FirewallRules: [{2AEC24B7-FCCB-4EAA-83A2-6A2F3DFF9F7A}] => C:\Windows\SysWOW64\dplaysvr.exe
FirewallRules: [{F6A1296C-63A2-4700-9137-A66A8E2AED6D}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Wiederherstellungspunkte =========================

18-01-2017 12:40:43 Installed Dual-Core Optimizer
20-01-2017 16:16:34 DirectX wurde installiert

==================== Fehlerhafte GerÃ¤te im GerÃ¤temanager =============


==================== FehlereintrÃ¤ge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (01/21/2017 02:01:14 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: TWN BrtTWN: [2017/01/21 14:01:14.505]: [00004176]: Initialize TwdsMain Class failed!

Error: (01/21/2017 02:01:14 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: TWN BrtTWN: [2017/01/21 14:01:14.504]: [00004176]: ##### Fatal ERROR!! Create STI-device failed! #####

Error: (01/21/2017 02:01:14 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: TWN BrtTWN: [2017/01/21 14:01:14.503]: [00004176]: GetDeviceList Failed! pStiInfo = 0x0..

Error: (01/21/2017 01:59:04 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts fÃ¼r "C:\Users\Klaus\Desktop\VIRUS\esetsmartinstaller_deu.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile .
Eine fÃ¼r die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_42191651c6827bb3.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_89c64d28dafea4b9.manifest.

Error: (01/21/2017 09:49:22 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm iexplore.exe, Version 11.0.14393.0 kann nicht mehr unter Windows ausgefÃ¼hrt werden und wurde beendet. ÃœberprÃ¼fen Sie den Problemverlauf in der Systemsteuerung "Sicherheit und Wartung", um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 2c4

Startzeit: 01d273ac2b388088

Beendigungszeit: 11

Anwendungspfad: C:\Program Files (x86)\Internet Explorer\iexplore.exe

Berichts-ID: 6c32aab2-dfb6-11e6-9af6-002522d4b04c

VollstÃ¤ndiger Name des fehlerhaften Pakets: 

Auf das fehlerhafte Paket bezogene Anwendungs-ID:

Error: (01/21/2017 07:00:06 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0

Error: (01/21/2017 06:57:36 AM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: TWN BrtTWN: [2017/01/21 06:57:36.928]: [00001896]: Initialize TwdsMain Class failed!

Error: (01/21/2017 06:57:36 AM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: TWN BrtTWN: [2017/01/21 06:57:36.928]: [00001896]: ##### Fatal ERROR!! Create STI-device failed! #####

Error: (01/21/2017 06:57:36 AM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: TWN BrtTWN: [2017/01/21 06:57:36.926]: [00001896]: GetDeviceList Failed! pStiInfo = 0x0..

Error: (01/20/2017 04:16:38 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst wÃ¤hrend der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.

System Error:
Zugriff verweigert
.


Systemfehler:
=============
Error: (01/21/2017 02:03:42 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÃ„T)
Description: Durch die Berechtigungseinstellungen fÃ¼r "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÃ„T\SYSTEM" (SID: S-1-5-18) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" fÃ¼r die COM-Serveranwendung mit der CLSID 
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 und der APPID 
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 im Anwendungscontainer "Nicht verfÃ¼gbar" (SID: Nicht verfÃ¼gbar) gewÃ¤hrt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool fÃ¼r Komponentendienste geÃ¤ndert werden.

Error: (01/21/2017 02:00:42 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "NetTcpActivator" ist vom Dienst "NetTcpPortSharing" abhÃ¤ngig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten GerÃ¤ten verbunden.

Error: (01/21/2017 01:59:53 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Windows Search" KorrekturmaÃŸnahmen (Neustart des Diensts) durchzufÃ¼hren, ist fehlgeschlagen. Fehler: 
Es wird bereits eine Instanz des Dienstes ausgefÃ¼hrt.

Error: (01/21/2017 01:59:24 PM) (Source: DCOM) (EventID: 10010) (User: KLAUS-PC)
Description: Der Server "{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (01/21/2017 01:59:23 PM) (Source: DCOM) (EventID: 10010) (User: KLAUS-PC)
Description: Der Server "{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (01/21/2017 01:59:23 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende KorrekturmaÃŸnahmen werden in 30000 Millisekunden durchgefÃ¼hrt: Neustart des Diensts.

Error: (01/21/2017 01:59:23 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "iPod-Dienst" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (01/21/2017 01:59:23 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Disc Soft Ultra Bus Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (01/21/2017 01:59:23 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende KorrekturmaÃŸnahmen werden in 30000 Millisekunden durchgefÃ¼hrt: Neustart des Diensts.

Error: (01/21/2017 01:59:23 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Net.Msmq-Listeneradapter" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende KorrekturmaÃŸnahmen werden in 120000 Millisekunden durchgefÃ¼hrt: Neustart des Diensts.


CodeIntegrity:
===================================
  Date: 2017-01-20 20:50:38.867
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-01-20 05:49:00.613
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\winhttp.dll because the set of per-page image hashes could not be found on the system.

  Date: 2017-01-20 05:49:00.589
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\winhttp.dll because the set of per-page image hashes could not be found on the system.

  Date: 2017-01-19 20:38:40.313
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-01-18 20:06:22.265
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-01-18 06:04:18.842
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\winhttp.dll because the set of per-page image hashes could not be found on the system.

  Date: 2017-01-18 06:04:18.816
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\winhttp.dll because the set of per-page image hashes could not be found on the system.

  Date: 2017-01-17 19:57:17.925
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-01-17 08:57:29.597
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-01-17 08:57:29.592
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Speicherinformationen =========================== 

Prozessor: AMD Phenom(tm) II X4 840 Processor
Prozentuale Nutzung des RAM: 21%
Installierter physikalischer RAM: 8191.3 MB
Verfügbarer physikalischer RAM: 6402.36 MB
Summe virtueller Speicher: 24191.3 MB
Verfügbarer virtueller Speicher: 22369.18 MB

==================== Laufwerke ================================

Drive c: (SYSTEM) (Fixed) (Total:111.35 GB) (Free:42.32 GB) NTFS ==>[Laufwerk mit Startkomponenten (eingeholt von BCD)]
Drive e: (PRIVAT) (Fixed) (Total:931.51 GB) (Free:262.9 GB) NTFS

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 6A6D4800)
Partition 1: (Active) - (Size=111.4 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 1E364A96)
Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== Ende von Addition.txt ============================

burningice · 21.01.2017, 14:13

nettes Kaliber hast dir da eingefangen.

Schritt 1
Scan mit Farbar's Recovery Scan Tool (Recovery Mode - Windows 8 und 10)

Downloade dir bitte die passende Version des Tools (im Zweifel beide) und speichere diese auf einen USB Stick: FRST 32-Bit | FRST 64-Bit
Schließe den USB Stick an das infizierte System an und boote das System in die System Reparatur Option.
Anleitung für Windows 10: Scan mit FRST im Recovery-Modus von Windows 10
Gib nun bitte notepad ein und drücke Enter.
Im öffnenden Textdokument: Datei > Speichern unter... und wähle Computer. Hier wird dir der Laufwerksbuchstabe deines USB Sticks angezeigt, merke ihn dir.
Schließe Notepad wieder
Gib nun bitte folgenden Befehl ein. e:\frst.exe bzw. e:\frst64.exe Hinweis: e steht für den Laufwerksbuchstaben deines USB Sticks, den du dir gemerkt hast. Gegebenfalls anpassen.
Akzeptiere den Disclaimer mit Yes

Das Tool erstellt eine FRST.txt auf deinem USB Stick. Poste den Inhalt bitte hier nach Möglichkeit in Code-Tags (Anleitung).

emus77 · 21.01.2017, 17:16

FRST.txt:

Code:

ATTFilter

Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 18-01-2017
durchgeführt von SYSTEM auf MININT-U8JIHKE (21-01-2017 17:11:10)
Gestartet von C:\Users\Klaus\Desktop\VIRUS
Platform: Windows 10 Pro Version 1607 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11
Start-Modus: Recovery
Standard: ControlSet001
ACHTUNG!:=====> Wenn das System startfähig ist sollte FRST im normalen oder abgesicherten Modus ausgeführt werden, um ein vollständiges Ergebnis zu erhalten.

Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Registry (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [VIAxHCUtl] => C:\Program Files\VIA XHCI UASP Utility\usb3Monitor
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-09-23] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2016-11-01] (Apple Inc.)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [384064 2014-03-19] (Acronis)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1087184 2016-01-20] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [115048 2011-09-16] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2006-11-17] (AMD)
HKLM\...\RunOnce: [ucdrv_repair] => "C:\Program Files (x86)\UCBrowser\Security\uclauncher.exe" --repair
Startup: C:\Users\Klaus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Telegram.lnk [2017-01-19]
ShortcutTarget: Telegram.lnk -> C:\windows\system32\config\systemprofile\AppData\Roaming\Telegram Desktop\Telegram.exe (Keine Datei)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Dienste (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [365568 2011-04-19] (Advanced Micro Devices, Inc.)
S2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
S2 AxAutoMntSrv; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [39376 2015-03-12] (Alcohol Soft Development Team)
S2 AxVirtualAHCISrv; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAHCIServiceEx.exe [99712 2015-12-04] (Alcohol Soft Development Team)
S2 BcmBtRSupport; C:\WINDOWS\system32\BtwRSupportService.exe [2305816 2016-04-13] (Broadcom Corporation.)
S2 DigitalWave.Update.Service; C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe [388968 2016-03-28] (Digital Wave Ltd.)
S3 Disc Soft Ultra Bus Service; C:\Program Files\DAEMON Tools Ultra\DiscSoftBusService.exe [1345880 2015-08-06] (Disc Soft Ltd)
S2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc64.exe [144560 2012-05-16] (Seiko Epson Corporation)
S2 EPSON_PM_RPCV4_06; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S60RPB.EXE [152640 2013-04-15] (SEIKO EPSON CORPORATION)
S2 IObitUnSvr; C:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe [359200 2016-09-28] (IObit)
S2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
S4 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2016-02-19] ()
S2 ProtexisLicensing; C:\WINDOWS\SysWOW64\PSIService.exe [177704 2007-06-05] ()
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-09-15] (Microsoft Corporation)
S2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7500048 2016-09-20] (TeamViewer GmbH)
S2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [41952 2016-12-11] (VIA Technologies, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)

===================== Treiber (Nicht auf der Ausnahmeliste) ======================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [227144 2016-04-13] (Broadcom Corporation.)
S3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30264 2016-08-02] (Disc Soft Ltd)
S3 dtliteusbbus; C:\Windows\System32\drivers\dtliteusbbus.sys [47672 2016-08-02] (Disc Soft Ltd)
S3 dtultrascsibus; C:\Windows\System32\drivers\dtultrascsibus.sys [30264 2016-02-01] (Disc Soft Ltd)
S3 dtultrausbbus; C:\Windows\System32\drivers\dtultrausbbus.sys [47160 2016-02-01] (Disc Soft Ltd)
S3 epmntdrv; C:\WINDOWS\system32\epmntdrv.sys [17480 2013-03-07] ()
S3 epmntdrv; C:\WINDOWS\SysWOW64\epmntdrv.sys [14920 2013-03-07] ()
S3 EuGdiDrv; C:\WINDOWS\system32\EuGdiDrv.sys [9800 2013-03-07] ()
S3 EuGdiDrv; C:\WINDOWS\SysWOW64\EuGdiDrv.sys [9160 2013-03-07] ()
S1 HWiNFO32; C:\WINDOWS\SysWOW64\drivers\HWiNFO64A.SYS [27552 2016-06-30] (REALiX(tm))
S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2017-01-19] (Malwarebytes)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
S4 NetAdapterCx; C:\Windows\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
S3 nvlddmkm; C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_3f929cc119e3b994\nvlddmkm.sys [14200880 2016-12-25] (NVIDIA Corporation)
S0 PxHlpa64; C:\Windows\System32\drivers\PxHlpa64.sys [56336 2013-09-03] (Corel Corporation)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
S3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)
S3 RTSUER; C:\Windows\system32\Drivers\RtsUer.sys [418784 2016-10-30] (Realsil Semiconductor Corporation)
S3 Secdrv; C:\WINDOWS\SysWOW64\drivers\SECDRV.SYS [11616 2001-08-16] ()
S3 smhwser; C:\Windows\system32\DRIVERS\smhwser.sys [122624 2010-02-04] (QUALCOMM Incorporated)
S0 sptd2; C:\Windows\System32\Drivers\sptd2.sys [196152 2016-12-15] (Duplex Secure Ltd)
S3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [28272 2016-10-03] ()
S1 ucdrv; C:\Program Files (x86)\UCBrowser\Security:ucdrv-x64.sys [23652 ] (UC Web Inc.) <==== ACHTUNG
S3 VUSB3HUB; C:\Windows\System32\drivers\ViaHub3.sys [227840 2013-12-11] (VIA Technologies, Inc.)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
S3 xhcdrv; C:\Windows\System32\drivers\xhcdrv.sys [297984 2013-12-11] (VIA Technologies, Inc.)
S3 idsvc; kein ImagePath
S3 vmci; \SystemRoot\System32\drivers\vmci.sys [X]
S3 VMnetAdapter; \SystemRoot\system32\DRIVERS\vmnetadapter.sys [X]

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2017-01-21 17:07 - 2017-01-21 17:07 - 00000000 _____ C:\Recovery.txt
2017-01-21 16:55 - 2017-01-21 16:55 - 07680000 _____ C:\Program Files (x86)\GUT556A.tmp
2017-01-21 16:55 - 2017-01-21 16:55 - 00000000 ____D C:\Program Files (x86)\GUM5569.tmp
2017-01-21 16:46 - 2017-01-21 16:51 - 00000000 ____D C:\Windows\pss
2017-01-20 17:53 - 2017-01-20 17:53 - 00000000 ____D C:\Users\Klaus\Documents\Fax
2017-01-20 16:14 - 2017-01-20 16:14 - 01496584 _____ C:\Users\Klaus\Downloads\DirectX - CHIP-Installer.exe
2017-01-19 23:49 - 2017-01-19 23:50 - 00082156 _____ C:\TDSSKiller.3.1.0.12_19.01.2017_23.49.42_log.txt
2017-01-19 23:18 - 2017-01-20 23:42 - 00000000 ____D C:\Users\Klaus\AppData\Roaming\Bioshock2Steam
2017-01-19 23:18 - 2017-01-19 23:18 - 00000000 ____D C:\Users\Klaus\Documents\Bioshock2
2017-01-19 23:08 - 2017-01-19 23:08 - 00001763 _____ C:\Users\Public\Desktop\BioShock 2.lnk
2017-01-19 23:04 - 2017-01-19 23:08 - 00000000 ____D C:\Program Files (x86)\BioShock 2 Complete Edition
2017-01-18 19:43 - 2017-01-18 19:45 - 00083916 _____ C:\TDSSKiller.3.1.0.12_18.01.2017_19.43.40_log.txt
2017-01-18 12:41 - 2017-01-19 23:13 - 00000000 ____D C:\Windows\SysWOW64\directx
2017-01-18 12:40 - 2017-01-18 12:40 - 00000000 ____D C:\Program Files (x86)\AMD
2017-01-18 12:28 - 2017-01-18 12:28 - 00000000 ____D C:\Users\Klaus\Downloads\d2a536_4e9f3eff6f228
2017-01-18 12:27 - 2017-01-18 12:27 - 00143382 _____ C:\Users\Klaus\Downloads\d2a536_4e9f3eff6f228.zip
2017-01-18 08:05 - 2017-01-21 14:03 - 00000000 ____D C:\Users\Klaus\Desktop\VIRUS
2017-01-17 12:43 - 2017-01-17 12:43 - 00000028 _____ C:\Windows\OutLog.txt
2017-01-17 12:43 - 2017-01-17 12:43 - 00000000 _____ C:\Windows\BcdLog.txt
2017-01-17 12:39 - 2017-01-17 12:39 - 00000161 _____ C:\Windows\System32\autopart.opt
2017-01-17 12:39 - 2017-01-17 12:39 - 00000000 ____D C:\Windows\Acronis
2017-01-17 12:39 - 2014-03-19 22:40 - 15031616 _____ (Acronis) C:\Windows\System32\autopart.exe
2017-01-17 08:52 - 2017-01-17 08:52 - 00000000 ____D C:\Program Files (x86)\ESET
2017-01-17 08:46 - 2017-01-17 08:48 - 00082514 _____ C:\TDSSKiller.3.1.0.12_17.01.2017_08.46.48_log.txt
2017-01-17 08:45 - 2017-01-17 12:10 - 00000000 ____D C:\TDSSKiller_Quarantine
2017-01-17 08:45 - 2017-01-17 08:45 - 00084538 _____ C:\TDSSKiller.3.1.0.12_17.01.2017_08.45.05_log.txt
2017-01-17 08:34 - 2017-01-17 08:34 - 00590056 _____ C:\Windows\System32\FNTCACHE.DAT
2017-01-17 07:40 - 2017-01-21 14:04 - 00000000 ____D C:\FRST
2017-01-17 07:36 - 2017-01-19 20:19 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2017-01-17 07:36 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mwac.sys
2017-01-17 07:36 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\System32\Drivers\mbamchameleon.sys
2017-01-17 07:36 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\System32\Drivers\mbam.sys
2017-01-17 07:35 - 2017-01-17 07:35 - 00000008 __RSH C:\Users\Klaus\ntuser.pol
2017-01-17 00:05 - 2017-01-19 20:20 - 00192216 _____ (Malwarebytes) C:\Windows\System32\Drivers\MBAMSwissArmy.sys
2017-01-17 00:04 - 2017-01-17 00:04 - 00000000 ____D C:\Program Files\Malwarebytes
2017-01-16 23:36 - 2017-01-16 23:36 - 00000000 ____D C:\ProgramData\USOShared
2017-01-16 23:36 - 2017-01-16 23:36 - 00000000 ____D C:\ProgramData\USOPrivate
2017-01-16 23:34 - 2017-01-16 23:42 - 00000000 ____D C:\ProgramData\ProductData
2017-01-16 22:55 - 2017-01-16 23:17 - 00000000 ____D C:\Program Files (x86)\UCBrowser
2017-01-16 22:55 - 2017-01-16 23:05 - 00000000 ____D C:\Windows\System32\SSL
2017-01-16 22:54 - 2017-01-16 22:54 - 00000000 ____D C:\Windows\System32\sstmp
2017-01-16 14:55 - 2017-01-16 14:55 - 00000000 ____D C:\Users\Klaus\Documents\BioshockHD
2017-01-16 14:55 - 2017-01-16 14:55 - 00000000 ____D C:\Users\Klaus\AppData\Roaming\BioshockHD
2017-01-14 18:25 - 2017-01-14 18:25 - 00000000 ____D C:\ProgramData\Acronis
2017-01-14 18:24 - 2017-01-14 18:24 - 00276256 _____ (Acronis International GmbH) C:\Windows\System32\Drivers\snapman.sys
2017-01-14 18:24 - 2017-01-14 18:24 - 00118560 _____ (Acronis International GmbH) C:\Windows\System32\Drivers\fltsrv.sys
2017-01-14 18:24 - 2017-01-14 18:24 - 00000000 ____D C:\Program Files (x86)\Acronis
2017-01-14 18:14 - 2017-01-14 18:14 - 03901144 _____ (AVM GmbH) C:\Users\Klaus\Downloads\avm_fritz!wlan_usb_stick_x64_build_100906.exe
2017-01-14 12:54 - 2014-04-04 00:42 - 03382440 _____ C:\Windows\System32\BootMan.exe
2017-01-14 12:54 - 2014-04-04 00:25 - 02499752 _____ C:\Windows\SysWOW64\BootMan.exe
2017-01-14 12:54 - 2013-03-07 09:49 - 00100936 _____ C:\Windows\System32\setupempdrvx64.exe
2017-01-14 12:54 - 2013-03-07 09:49 - 00087112 _____ C:\Windows\SysWOW64\setupempdrv03.exe
2017-01-14 12:54 - 2013-03-07 09:49 - 00019840 _____ C:\Windows\SysWOW64\EuEpmGdi.dll
2017-01-14 12:54 - 2013-03-07 09:49 - 00017480 _____ C:\Windows\System32\epmntdrv.sys
2017-01-14 12:54 - 2013-03-07 09:49 - 00016256 _____ C:\Windows\System32\EuEpmGdi.dll
2017-01-14 12:54 - 2013-03-07 09:49 - 00014920 _____ C:\Windows\SysWOW64\epmntdrv.sys
2017-01-14 12:54 - 2013-03-07 09:49 - 00009800 _____ C:\Windows\System32\EuGdiDrv.sys
2017-01-14 12:54 - 2013-03-07 09:49 - 00009160 _____ C:\Windows\SysWOW64\EuGdiDrv.sys
2017-01-12 19:28 - 2017-01-12 19:28 - 02834619 _____ C:\Windows\32e353b0a289955e4d2d0dbcc5632256.exe
2017-01-11 21:44 - 2017-01-11 21:45 - 00001996 _____ C:\Users\Klaus\Desktop\Neues Textdokument.txt
2017-01-11 21:40 - 2017-01-11 21:40 - 00000020 ___SH C:\Users\DefaultAppPool\ntuser.ini
2017-01-11 17:29 - 2017-01-16 22:54 - 02317824 _____ (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2017-01-11 17:29 - 2016-12-21 09:08 - 00245600 _____ (Microsoft Corporation) C:\Windows\System32\offlinesam.dll
2017-01-11 17:29 - 2016-12-21 09:08 - 00136032 _____ (Microsoft Corporation) C:\Windows\System32\ImplatSetup.dll
2017-01-11 17:29 - 2016-12-21 08:46 - 00624048 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2017-01-11 17:29 - 2016-12-21 08:43 - 04130440 _____ (Microsoft Corporation) C:\Windows\System32\mfcore.dll
2017-01-11 17:29 - 2016-12-21 08:43 - 01454504 _____ (Microsoft Corporation) C:\Windows\System32\mfnetsrc.dll
2017-01-11 17:29 - 2016-12-21 08:43 - 01071736 _____ (Microsoft Corporation) C:\Windows\System32\mfnetcore.dll
2017-01-11 17:29 - 2016-12-21 08:42 - 22224480 _____ (Microsoft Corporation) C:\Windows\System32\shell32.dll
2017-01-11 17:29 - 2016-12-21 08:42 - 01988560 _____ (Microsoft Corporation) C:\Windows\System32\mfmp4srcsnk.dll
2017-01-11 17:29 - 2016-12-21 08:42 - 01702392 _____ (Microsoft Corporation) C:\Windows\System32\mfasfsrcsnk.dll
2017-01-11 17:29 - 2016-12-21 08:42 - 01300600 _____ (Microsoft Corporation) C:\Windows\System32\mfmpeg2srcsnk.dll
2017-01-11 17:29 - 2016-12-21 08:41 - 01600632 _____ (Microsoft Corporation) C:\Windows\System32\sppobjs.dll
2017-01-11 17:29 - 2016-12-21 08:08 - 00360448 _____ (Microsoft Corporation) C:\Windows\System32\rdpencom.dll
2017-01-11 17:29 - 2016-12-21 08:06 - 06285312 _____ (Microsoft Corporation) C:\Windows\System32\Windows.Media.dll
2017-01-11 17:29 - 2016-12-21 08:05 - 00261632 _____ (Microsoft Corporation) C:\Windows\System32\indexeddbserver.dll
2017-01-11 17:29 - 2016-12-21 07:59 - 01908224 _____ (Microsoft Corporation) C:\Windows\System32\AzureSettingSyncProvider.dll
2017-01-11 17:29 - 2016-12-21 07:59 - 00883712 _____ (Microsoft Corporation) C:\Windows\System32\samsrv.dll
2017-01-11 17:29 - 2016-12-21 07:56 - 00936960 _____ (Microsoft Corporation) C:\Windows\System32\MCRecvSrc.dll
2017-01-11 17:29 - 2016-12-21 07:55 - 08129536 _____ (Microsoft Corporation) C:\Windows\System32\Chakra.dll
2017-01-11 17:29 - 2016-12-21 07:55 - 04749312 _____ (Microsoft Corporation) C:\Windows\System32\SettingsHandlers_nt.dll
2017-01-11 17:29 - 2016-12-21 07:53 - 06664192 _____ (Microsoft Corporation) C:\Windows\System32\mspaint.exe
2017-01-11 17:29 - 2016-12-21 07:53 - 04474368 _____ (Microsoft Corporation) C:\Windows\System32\D3DCompiler_47.dll
2017-01-11 17:29 - 2016-12-21 07:51 - 08075776 _____ (Microsoft Corporation) C:\Windows\System32\mstscax.dll
2017-01-11 17:29 - 2016-12-21 07:51 - 05611008 _____ (Microsoft Corporation) C:\Windows\System32\d2d1.dll
2017-01-11 17:29 - 2016-12-21 07:50 - 01490432 _____ (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
2017-01-11 17:29 - 2016-12-21 06:59 - 00218976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\offlinesam.dll
2017-01-11 17:29 - 2016-12-21 06:09 - 00263472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Storage.ApplicationData.dll
2017-01-11 17:29 - 2016-12-21 06:01 - 20969928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2017-01-11 17:29 - 2016-12-21 05:43 - 00285184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.BlockedShutdown.dll
2017-01-11 17:29 - 2016-12-21 05:41 - 00253952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.BioFeedback.dll
2017-01-11 17:29 - 2016-12-21 05:40 - 00557568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StoreAgent.dll
2017-01-11 17:29 - 2016-12-21 05:40 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InstallAgent.exe
2017-01-11 17:29 - 2016-12-21 05:39 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InstallAgentUserBroker.exe
2017-01-11 17:29 - 2016-12-21 05:38 - 00866816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Cred.dll
2017-01-11 17:29 - 2016-12-21 05:35 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\indexeddbserver.dll
2017-01-11 17:29 - 2016-12-21 05:34 - 07626752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2017-01-11 17:29 - 2016-12-21 05:33 - 19413504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgehtml.dll
2017-01-11 17:29 - 2016-12-21 05:32 - 19417600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-01-11 17:29 - 2016-12-21 05:30 - 05398016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aclui.dll
2017-01-11 17:29 - 2016-12-21 05:30 - 01255936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AzureSettingSyncProvider.dll
2017-01-11 17:29 - 2016-12-21 05:26 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVP9DEC.dll
2017-01-11 17:29 - 2016-12-21 05:25 - 06474752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mspaint.exe
2017-01-11 17:29 - 2016-12-21 05:24 - 06044160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakra.dll
2017-01-11 17:29 - 2016-12-21 05:22 - 01883648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Logon.dll
2017-01-11 17:29 - 2016-12-14 06:41 - 01235296 _____ (Microsoft Corporation) C:\Windows\System32\aeinv.dll
2017-01-11 17:29 - 2016-12-14 06:34 - 02482280 _____ (Microsoft Corporation) C:\Windows\System32\msmpeg2vdec.dll
2017-01-11 17:29 - 2016-12-14 06:23 - 00404832 _____ (Microsoft Corporation) C:\Windows\System32\msv1_0.dll
2017-01-11 17:29 - 2016-12-14 06:21 - 02206496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2017-01-11 17:29 - 2016-12-14 06:17 - 00319288 _____ (Microsoft Corporation) C:\Windows\System32\wow64.dll
2017-01-11 17:29 - 2016-12-14 06:01 - 01557808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winmde.dll
2017-01-11 17:29 - 2016-12-14 06:01 - 00382784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2017-01-11 17:29 - 2016-12-14 05:48 - 01631232 _____ (Microsoft Corporation) C:\Windows\System32\Windows.UI.Xaml.Resources.dll
2017-01-11 17:29 - 2016-12-14 05:46 - 01631232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.Resources.dll
2017-01-11 17:29 - 2016-12-14 05:43 - 00201728 _____ (Microsoft Corporation) C:\Windows\System32\ScDeviceEnum.dll
2017-01-11 17:29 - 2016-12-14 05:42 - 00236544 _____ (Microsoft Corporation) C:\Windows\System32\WinSCard.dll
2017-01-11 17:29 - 2016-12-14 05:42 - 00167424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WinSCard.dll
2017-01-11 17:29 - 2016-12-14 05:40 - 00193536 _____ (Microsoft Corporation) C:\Windows\System32\certprop.dll
2017-01-11 17:29 - 2016-12-14 05:38 - 17188864 _____ (Microsoft Corporation) C:\Windows\System32\Windows.UI.Xaml.dll
2017-01-11 17:29 - 2016-12-14 05:38 - 13869056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll
2017-01-11 17:29 - 2016-12-14 05:38 - 00213504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.CredDialogController.dll
2017-01-11 17:29 - 2016-12-14 05:37 - 00090112 _____ (Microsoft Corporation) C:\Windows\System32\updatepolicy.dll
2017-01-11 17:29 - 2016-12-14 05:36 - 00074752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\updatepolicy.dll
2017-01-11 17:29 - 2016-12-14 05:35 - 00755712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2017-01-11 17:29 - 2016-12-14 05:35 - 00600576 _____ (Microsoft Corporation) C:\Windows\System32\cryptui.dll
2017-01-11 17:29 - 2016-12-14 05:35 - 00553984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2017-01-11 17:29 - 2016-12-14 05:26 - 00932864 _____ (Microsoft Corporation) C:\Windows\System32\kerberos.dll
2017-01-11 17:29 - 2016-12-14 05:26 - 00869888 _____ (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2017-01-11 17:29 - 2016-12-14 05:24 - 01005568 _____ (Microsoft Corporation) C:\Windows\System32\D3D12.dll
2017-01-11 17:29 - 2016-12-14 05:24 - 00673792 _____ (Microsoft Corporation) C:\Windows\System32\winlogon.exe
2017-01-11 17:29 - 2016-12-14 05:23 - 03134976 _____ (Microsoft Corporation) C:\Windows\System32\rdpcore.dll
2017-01-11 17:29 - 2016-12-14 05:22 - 01513472 _____ (Microsoft Corporation) C:\Windows\System32\win32kbase.sys
2017-01-11 17:29 - 2016-12-14 05:22 - 00391168 _____ (Microsoft Corporation) C:\Windows\System32\wuuhext.dll
2017-01-11 17:29 - 2016-11-02 13:01 - 00484584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2017-01-11 17:29 - 2016-11-02 11:28 - 00324608 _____ (Microsoft Corporation) C:\Windows\System32\Windows.ApplicationModel.LockScreen.dll
2017-01-11 17:29 - 2016-08-02 05:30 - 00822784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakradiag.dll
2017-01-11 17:28 - 2016-12-21 09:04 - 07816032 _____ (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2017-01-11 17:28 - 2016-12-21 08:49 - 00328008 _____ (Microsoft Corporation) C:\Windows\System32\Windows.Storage.ApplicationData.dll
2017-01-11 17:28 - 2016-12-21 08:45 - 00153952 _____ (Microsoft Corporation) C:\Windows\System32\mqcmiplugin.dll
2017-01-11 17:28 - 2016-12-21 08:43 - 00092512 _____ (Microsoft Corporation) C:\Windows\System32\rdpudd.dll
2017-01-11 17:28 - 2016-12-21 08:42 - 00241504 _____ (Microsoft Corporation) C:\Windows\System32\CloudExperienceHost.dll
2017-01-11 17:28 - 2016-12-21 08:37 - 00455520 _____ (Microsoft Corporation) C:\Windows\System32\securekernel.exe
2017-01-11 17:28 - 2016-12-21 08:15 - 22563840 _____ (Microsoft Corporation) C:\Windows\System32\edgehtml.dll
2017-01-11 17:28 - 2016-12-21 08:14 - 00043008 _____ (Microsoft Corporation) C:\Windows\System32\LaunchWinApp.exe
2017-01-11 17:28 - 2016-12-21 08:13 - 00119808 _____ (Microsoft Corporation) C:\Windows\System32\KnobsCsp.dll
2017-01-11 17:28 - 2016-12-21 08:12 - 00083968 _____ (Microsoft Corporation) C:\Windows\System32\ProvPluginEng.dll
2017-01-11 17:28 - 2016-12-21 08:10 - 00234496 _____ (Microsoft Corporation) C:\Windows\System32\KnobsCore.dll
2017-01-11 17:28 - 2016-12-21 08:09 - 00368640 _____ (Microsoft Corporation) C:\Windows\System32\OneBackupHandler.dll
2017-01-11 17:28 - 2016-12-21 08:09 - 00363520 _____ (Microsoft Corporation) C:\Windows\System32\Windows.UI.BioFeedback.dll
2017-01-11 17:28 - 2016-12-21 08:08 - 01292288 _____ (Microsoft Corporation) C:\Windows\System32\MSVPXENC.dll
2017-01-11 17:28 - 2016-12-21 08:08 - 00418304 _____ (Microsoft Corporation) C:\Windows\System32\Windows.UI.BlockedShutdown.dll
2017-01-11 17:28 - 2016-12-21 08:08 - 00349184 _____ (Microsoft Corporation) C:\Windows\System32\provengine.dll
2017-01-11 17:28 - 2016-12-21 08:08 - 00289792 _____ (Microsoft Corporation) C:\Windows\System32\DeveloperOptionsSettingsHandlers.dll
2017-01-11 17:28 - 2016-12-21 08:08 - 00211968 _____ (Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
2017-01-11 17:28 - 2016-12-21 08:07 - 00748544 _____ (Microsoft Corporation) C:\Windows\System32\StoreAgent.dll
2017-01-11 17:28 - 2016-12-21 08:06 - 00310784 _____ (Microsoft Corporation) C:\Windows\System32\SyncSettings.dll
2017-01-11 17:28 - 2016-12-21 08:06 - 00260608 _____ (Microsoft Corporation) C:\Windows\System32\InstallAgentUserBroker.exe
2017-01-11 17:28 - 2016-12-21 08:06 - 00147456 _____ (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2017-01-11 17:28 - 2016-12-21 08:05 - 00425984 _____ (Microsoft Corporation) C:\Windows\System32\aadcloudap.dll
2017-01-11 17:28 - 2016-12-21 08:05 - 00049152 _____ (Microsoft Corporation) C:\Windows\System32\Windows.UI.Shell.dll
2017-01-11 17:28 - 2016-12-21 08:01 - 09131008 _____ (Microsoft Corporation) C:\Windows\System32\twinui.dll
2017-01-11 17:28 - 2016-12-21 08:00 - 00440320 _____ (Microsoft Corporation) C:\Windows\System32\fhcfg.dll
2017-01-11 17:28 - 2016-12-21 07:58 - 23678464 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2017-01-11 17:28 - 2016-12-21 07:57 - 00462336 _____ (Microsoft Corporation) C:\Windows\System32\fhsettingsprovider.dll
2017-01-11 17:28 - 2016-12-21 07:56 - 00947712 _____ (Microsoft Corporation) C:\Windows\System32\MSVP9DEC.dll
2017-01-11 17:28 - 2016-12-21 07:54 - 05511680 _____ (Microsoft Corporation) C:\Windows\System32\aclui.dll
2017-01-11 17:28 - 2016-12-21 07:53 - 01692672 _____ (Microsoft Corporation) C:\Windows\System32\AppXDeploymentExtensions.onecore.dll
2017-01-11 17:28 - 2016-12-21 07:51 - 02275840 _____ (Microsoft Corporation) C:\Windows\System32\AppXDeploymentServer.dll
2017-01-11 17:28 - 2016-12-21 07:49 - 04149248 _____ (Microsoft Corporation) C:\Windows\System32\rdpcorets.dll
2017-01-11 17:28 - 2016-12-21 07:49 - 02691072 _____ (Microsoft Corporation) C:\Windows\System32\Windows.UI.Logon.dll
2017-01-11 17:28 - 2016-12-21 07:49 - 01062912 _____ (Microsoft Corporation) C:\Windows\System32\SettingSyncCore.dll
2017-01-11 17:28 - 2016-12-21 07:47 - 01121280 _____ (Microsoft Corporation) C:\Windows\System32\aadtb.dll
2017-01-11 17:28 - 2016-12-21 06:03 - 00136544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mqmigplugin.dll
2017-01-11 17:28 - 2016-12-21 06:02 - 03892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfcore.dll
2017-01-11 17:28 - 2016-12-21 06:02 - 01852720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmp4srcsnk.dll
2017-01-11 17:28 - 2016-12-21 06:02 - 01360464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfnetsrc.dll
2017-01-11 17:28 - 2016-12-21 06:02 - 01277344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfasfsrcsnk.dll
2017-01-11 17:28 - 2016-12-21 06:02 - 01201872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmpeg2srcsnk.dll
2017-01-11 17:28 - 2016-12-21 06:02 - 00980832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfnetcore.dll
2017-01-11 17:28 - 2016-12-21 05:46 - 00034304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LaunchWinApp.exe
2017-01-11 17:28 - 2016-12-21 05:41 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2017-01-11 17:28 - 2016-12-21 05:40 - 00318976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpencom.dll
2017-01-11 17:28 - 2016-12-21 05:40 - 00237056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SyncSettings.dll
2017-01-11 17:28 - 2016-12-21 05:39 - 01300480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVPXENC.dll
2017-01-11 17:28 - 2016-12-21 05:35 - 04612608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.dll
2017-01-11 17:28 - 2016-12-21 05:27 - 00640000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MCRecvSrc.dll
2017-01-11 17:28 - 2016-12-21 05:25 - 07469056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2017-01-11 17:28 - 2016-12-21 05:24 - 05061120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2017-01-11 17:28 - 2016-12-21 05:24 - 03733504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_47.dll
2017-01-11 17:28 - 2016-12-21 05:24 - 00886272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aadtb.dll
2017-01-11 17:28 - 2016-12-21 05:22 - 00860672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSyncCore.dll
2017-01-11 17:28 - 2016-12-14 06:41 - 00590960 _____ (Microsoft Corporation) C:\Windows\System32\AudioSes.dll
2017-01-11 17:28 - 2016-12-14 06:33 - 02169184 _____ (Microsoft Corporation) C:\Windows\System32\AppVEntSubsystems64.dll
2017-01-11 17:28 - 2016-12-14 06:33 - 01669984 _____ (Microsoft Corporation) C:\Windows\System32\AppVIntegration.dll
2017-01-11 17:28 - 2016-12-14 06:33 - 01400160 _____ (Microsoft Corporation) C:\Windows\System32\AppVEntSubsystemController.dll
2017-01-11 17:28 - 2016-12-14 06:33 - 01356864 _____ (Microsoft Corporation) C:\Windows\System32\ClipUp.exe
2017-01-11 17:28 - 2016-12-14 06:33 - 01054048 _____ (Microsoft Corporation) C:\Windows\System32\AppVPolicy.dll
2017-01-11 17:28 - 2016-12-14 06:33 - 00992096 _____ (Microsoft Corporation) C:\Windows\System32\AppVManifest.dll
2017-01-11 17:28 - 2016-12-14 06:33 - 00822624 _____ (Microsoft Corporation) C:\Windows\System32\AppVClient.exe
2017-01-11 17:28 - 2016-12-14 06:33 - 00813408 _____ (Microsoft Corporation) C:\Windows\System32\AppVEntStreamingManager.dll
2017-01-11 17:28 - 2016-12-14 06:33 - 00779616 _____ (Microsoft Corporation) C:\Windows\System32\AppVReporting.dll
2017-01-11 17:28 - 2016-12-14 06:33 - 00752992 _____ (Microsoft Corporation) C:\Windows\System32\AppVOrchestration.dll
2017-01-11 17:28 - 2016-12-14 06:33 - 00704352 _____ (Microsoft Corporation) C:\Windows\System32\AppVEntVirtualization.dll
2017-01-11 17:28 - 2016-12-14 06:33 - 00696160 _____ (Microsoft Corporation) C:\Windows\System32\AppVPublishing.dll
2017-01-11 17:28 - 2016-12-14 06:33 - 00571744 _____ (Microsoft Corporation) C:\Windows\System32\AppVCatalog.dll
2017-01-11 17:28 - 2016-12-14 06:33 - 00513376 _____ (Microsoft Corporation) C:\Windows\System32\TransportDSA.dll
2017-01-11 17:28 - 2016-12-14 06:33 - 00406368 _____ (Microsoft Corporation) C:\Windows\System32\AppVScripting.dll
2017-01-11 17:28 - 2016-12-14 06:33 - 00241504 _____ (Microsoft Corporation) C:\Windows\System32\AppVShNotify.exe
2017-01-11 17:28 - 2016-12-14 06:33 - 00190816 _____ (Microsoft Corporation) C:\Windows\System32\AppVDllSurrogate.exe
2017-01-11 17:28 - 2016-12-14 06:26 - 01469792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppVEntSubsystems32.dll
2017-01-11 17:28 - 2016-12-14 06:19 - 00584544 _____ (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
2017-01-11 17:28 - 2016-12-14 06:18 - 00715104 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\vhdmp.sys
2017-01-11 17:28 - 2016-12-14 06:18 - 00335712 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\pci.sys
2017-01-11 17:28 - 2016-12-14 06:14 - 01694712 _____ (Microsoft Corporation) C:\Windows\System32\winmde.dll
2017-01-11 17:28 - 2016-12-14 06:14 - 00418952 _____ (Microsoft Corporation) C:\Windows\System32\AUDIOKSE.dll
2017-01-11 17:28 - 2016-12-14 06:14 - 00089416 _____ (Microsoft Corporation) C:\Windows\System32\remoteaudioendpoint.dll
2017-01-11 17:28 - 2016-12-14 06:08 - 00341344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2017-01-11 17:28 - 2016-12-14 06:06 - 00509792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSyncHost.exe
2017-01-11 17:28 - 2016-12-14 06:01 - 00076984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\remoteaudioendpoint.dll
2017-01-11 17:28 - 2016-12-14 05:46 - 00206848 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2017-01-11 17:28 - 2016-12-14 05:45 - 00147968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32k.sys
2017-01-11 17:28 - 2016-12-14 05:42 - 00352768 _____ (Microsoft Corporation) C:\Windows\System32\cloudAP.dll
2017-01-11 17:28 - 2016-12-14 05:42 - 00208896 _____ (Microsoft Corporation) C:\Windows\System32\Windows.Internal.UI.Logon.ProxyStub.dll
2017-01-11 17:28 - 2016-12-14 05:41 - 00223744 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2017-01-11 17:28 - 2016-12-14 05:40 - 00324096 _____ (Microsoft Corporation) C:\Windows\System32\domgmt.dll
2017-01-11 17:28 - 2016-12-14 05:40 - 00266752 _____ (Microsoft Corporation) C:\Windows\System32\ConsoleLogon.dll
2017-01-11 17:28 - 2016-12-14 05:40 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CloudBackupSettings.dll
2017-01-11 17:28 - 2016-12-14 05:40 - 00104448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Internal.UI.Logon.ProxyStub.dll
2017-01-11 17:28 - 2016-12-14 05:39 - 00837632 _____ (Microsoft Corporation) C:\Windows\System32\wbiosrvc.dll
2017-01-11 17:28 - 2016-12-14 05:39 - 00290816 _____ (Microsoft Corporation) C:\Windows\System32\updatehandlers.dll
2017-01-11 17:28 - 2016-12-14 05:39 - 00257024 _____ (Microsoft Corporation) C:\Windows\System32\Windows.UI.CredDialogController.dll
2017-01-11 17:28 - 2016-12-14 05:38 - 00295424 _____ (Microsoft Corporation) C:\Windows\System32\CloudBackupSettings.dll
2017-01-11 17:28 - 2016-12-14 05:36 - 01002496 _____ (Microsoft Corporation) C:\Windows\System32\SRH.dll
2017-01-11 17:28 - 2016-12-14 05:36 - 00539648 _____ (Microsoft Corporation) C:\Windows\System32\usocore.dll
2017-01-11 17:28 - 2016-12-14 05:35 - 00712192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2017-01-11 17:28 - 2016-12-14 05:32 - 00806400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3D12.dll
2017-01-11 17:28 - 2016-12-14 05:32 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LogonController.dll
2017-01-11 17:28 - 2016-12-14 05:25 - 02009600 _____ (Microsoft Corporation) C:\Windows\System32\SRHInproc.dll
2017-01-11 17:28 - 2016-12-14 05:23 - 01231872 _____ (Microsoft Corporation) C:\Windows\System32\dosvc.dll
2017-01-11 17:28 - 2016-12-14 05:22 - 02998272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32kfull.sys
2017-01-11 17:28 - 2016-12-14 05:22 - 02748416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2017-01-11 17:28 - 2016-12-14 05:22 - 00707584 _____ (Microsoft Corporation) C:\Windows\System32\LogonController.dll
2017-01-11 17:28 - 2016-12-14 05:21 - 03616768 _____ (Microsoft Corporation) C:\Windows\System32\win32kfull.sys
2017-01-11 17:28 - 2016-11-02 12:00 - 00534096 _____ (Microsoft Corporation) C:\Windows\System32\AudioEng.dll
2017-01-11 17:28 - 2016-11-02 11:22 - 00337920 _____ (Microsoft Corporation) C:\Windows\System32\AudioEndpointBuilder.dll
2017-01-11 17:28 - 2016-11-02 11:21 - 00942080 _____ (Microsoft Corporation) C:\Windows\System32\audiosrv.dll
2017-01-09 22:15 - 2017-01-09 22:15 - 00000000 ____D C:\Users\Klaus\AppData\Local\Ndemic Creations
2017-01-09 22:04 - 2017-01-19 20:21 - 00001224 _____ C:\Users\Public\Desktop\Plague Inc Evolved.lnk
2017-01-09 22:04 - 2017-01-09 22:14 - 00000000 ____D C:\Program Files (x86)\Plague Inc Evolved
2017-01-08 16:46 - 2017-01-08 16:46 - 00000000 ____D C:\Users\Klaus\Documents\CPY_SAVES
2017-01-07 00:09 - 2017-01-07 00:09 - 01065376 _____ (Google Inc.) C:\Users\Klaus\Downloads\ChromeSetup.exe
2017-01-06 04:49 - 2017-01-06 04:49 - 00000000 ____D C:\Users\Klaus\AppData\Roaming\SmartSteamEmu
2017-01-05 22:29 - 2017-01-05 22:29 - 00000000 ____D C:\Users\Klaus\AppData\Roaming\Microsoft Games
2017-01-05 22:16 - 2017-01-05 22:22 - 00000000 ____D C:\Users\Klaus\AppData\Roaming\DAEMON Tools Ultra
2017-01-05 22:16 - 2017-01-05 22:18 - 00000000 ____D C:\Program Files\DAEMON Tools Ultra
2017-01-05 22:15 - 2017-01-05 22:15 - 00000000 ____D C:\ProgramData\DAEMON Tools Ultra
2017-01-04 14:10 - 2003-04-19 00:29 - 00044544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml4a.dll
2017-01-04 14:09 - 2017-01-04 19:34 - 00000604 _____ C:\Windows\Edofma.INI
2017-01-03 18:16 - 2017-01-03 18:16 - 53933348 _____ C:\Users\Klaus\Downloads\hv335t_flash_v2.3.zip
2017-01-03 17:52 - 2017-01-19 11:03 - 00000000 ____D C:\Users\Klaus\AppData\Roaming\vlc
2017-01-03 17:49 - 2017-01-03 17:50 - 30533688 _____ C:\Users\Klaus\Downloads\vlc-2.2.4-win32.exe
2017-01-02 18:49 - 2017-01-02 18:49 - 00196497 _____ C:\Users\Klaus\Downloads\DHL_label_2017-1-2_18-49-7.pdf
2017-01-02 15:29 - 2017-01-02 15:29 - 00061314 _____ C:\Users\Klaus\Downloads\2530333_2016_Nr.012_Kontoauszug_vom_31.12.2016_20170102032955.pdf
2017-01-02 15:29 - 2017-01-02 15:29 - 00049871 _____ C:\Users\Klaus\Downloads\302530333_2016_Nr.012_Kontoauszug_vom_31.12.2016_20170102032951.pdf
2017-01-02 15:29 - 2017-01-02 15:29 - 00049643 _____ C:\Users\Klaus\Downloads\402530333_2016_Nr.004_Kontoauszug_vom_31.12.2016_20170102032942.pdf
2017-01-02 15:29 - 2017-01-02 15:29 - 00049388 _____ C:\Users\Klaus\Downloads\102530333_2016_Nr.010_Kontoauszug_vom_31.12.2016_20170102032946.pdf
2017-01-02 15:29 - 2017-01-02 15:29 - 00046885 _____ C:\Users\Klaus\Downloads\302530333_2016_Mitteilung_vom_31.10.2016_20170102032948.pdf
2016-12-31 11:10 - 2016-12-31 11:10 - 00196914 _____ C:\Users\Klaus\Downloads\DHL_label_2016-12-31_11-10-49.pdf
2016-12-25 06:39 - 2016-12-25 06:39 - 40125496 _____ C:\Windows\System32\nvcompiler.dll
2016-12-25 06:39 - 2016-12-25 06:39 - 35222976 _____ C:\Windows\SysWOW64\nvcompiler.dll
2016-12-25 06:39 - 2016-12-25 06:39 - 34710584 _____ (NVIDIA Corporation) C:\Windows\System32\nvoglv64.dll
2016-12-25 06:39 - 2016-12-25 06:39 - 28201408 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2016-12-25 06:39 - 2016-12-25 06:39 - 10912744 _____ (NVIDIA Corporation) C:\Windows\System32\nvptxJitCompiler.dll
2016-12-25 06:39 - 2016-12-25 06:39 - 10803880 _____ (NVIDIA Corporation) C:\Windows\System32\nvopencl.dll
2016-12-25 06:39 - 2016-12-25 06:39 - 10353960 _____ (NVIDIA Corporation) C:\Windows\System32\nvcuda.dll
2016-12-25 06:39 - 2016-12-25 06:39 - 09158616 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2016-12-25 06:39 - 2016-12-25 06:39 - 08913328 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvptxJitCompiler.dll
2016-12-25 06:39 - 2016-12-25 06:39 - 08761560 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2016-12-25 06:39 - 2016-12-25 06:39 - 03934504 _____ (NVIDIA Corporation) C:\Windows\System32\nvapi64.dll
2016-12-25 06:39 - 2016-12-25 06:39 - 03474392 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2016-12-25 06:39 - 2016-12-25 06:39 - 02950200 _____ (NVIDIA Corporation) C:\Windows\System32\nvcuvid.dll
2016-12-25 06:39 - 2016-12-25 06:39 - 02587704 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2016-12-25 06:39 - 2016-12-25 06:39 - 01953336 _____ (NVIDIA Corporation) C:\Windows\System32\nvdispco6437633.dll
2016-12-25 06:39 - 2016-12-25 06:39 - 01586744 _____ (NVIDIA Corporation) C:\Windows\System32\nvdispgenco6437633.dll
2016-12-25 06:39 - 2016-12-25 06:39 - 01038392 _____ (NVIDIA Corporation) C:\Windows\System32\NvFBC64.dll
2016-12-25 06:39 - 2016-12-25 06:39 - 00974784 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2016-12-25 06:39 - 2016-12-25 06:39 - 00942528 _____ (NVIDIA Corporation) C:\Windows\System32\NvIFR64.dll
2016-12-25 06:39 - 2016-12-25 06:39 - 00894400 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2016-12-25 06:39 - 2016-12-25 06:39 - 00683640 _____ (NVIDIA Corporation) C:\Windows\System32\nvfatbinaryLoader.dll
2016-12-25 06:39 - 2016-12-25 06:39 - 00572888 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvfatbinaryLoader.dll

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2017-01-21 17:04 - 2016-09-23 11:24 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-01-21 17:04 - 2016-07-16 07:04 - 00262144 _____ C:\Windows\System32\config\BBI
2017-01-21 17:02 - 2016-09-23 11:10 - 12092382 _____ C:\Windows\System32\PerfStringBackup.INI
2017-01-21 17:02 - 2016-07-16 23:51 - 06163300 _____ C:\Windows\System32\perfh007.dat
2017-01-21 17:02 - 2016-07-16 23:51 - 01730912 _____ C:\Windows\System32\perfc007.dat
2017-01-21 16:58 - 2015-10-21 15:43 - 00000000 ____D C:\Users\Klaus\AppData\Roaming\Telegram Desktop
2017-01-21 16:47 - 2016-10-03 15:36 - 00000214 _____ C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job
2017-01-21 16:28 - 2016-07-16 12:45 - 00000000 ____D C:\Windows\INF
2017-01-21 16:20 - 2016-09-23 11:08 - 00000000 ____D C:\Windows\System32\SleepStudy
2017-01-21 14:21 - 2015-10-24 17:52 - 00000000 ____D C:\Users\Klaus\AppData\Local\JDownloader v2.0
2017-01-21 10:06 - 2016-10-12 14:48 - 00000000 ____D C:\Users\Klaus\Downloads\Telegram Desktop
2017-01-21 00:36 - 2016-09-23 11:11 - 00000000 ____D C:\users\Klaus
2017-01-20 17:55 - 2015-10-18 16:26 - 00000000 ____D C:\Users\Klaus\Desktop\ABLAGE
2017-01-20 17:53 - 2016-12-07 17:06 - 00000000 ___RD C:\Users\Klaus\Documents\Scanned Documents
2017-01-19 23:51 - 2016-10-03 11:37 - 00000000 ____D C:\AdwCleaner
2017-01-19 23:18 - 2016-12-05 07:10 - 00000000 ____D C:\ProgramData\Steam
2017-01-19 23:03 - 2016-05-03 11:08 - 00000000 ____D C:\Users\Klaus\AppData\Local\CrashDumps
2017-01-19 20:21 - 2016-11-12 23:43 - 00001856 _____ C:\Users\Public\Desktop\iTunes.lnk
2017-01-19 20:21 - 2016-11-04 19:23 - 00002045 _____ C:\Users\Public\Desktop\Medal of Honor.lnk
2017-01-19 20:21 - 2015-11-01 16:35 - 00001266 _____ C:\Users\Public\Desktop\Wise Disk Cleaner.lnk
2017-01-19 20:21 - 2015-10-24 13:56 - 00001282 _____ C:\Users\Public\Desktop\WinOptimizer.lnk
2017-01-19 20:20 - 2016-11-04 19:04 - 00001099 _____ C:\Users\Klaus\Desktop\Call of Duty.lnk
2017-01-19 20:20 - 2016-07-24 22:48 - 00001970 _____ C:\Users\Klaus\Desktop\UseNeXT.lnk
2017-01-18 12:40 - 2015-11-30 22:54 - 00000000 ____D C:\Windows\Downloaded Installations
2017-01-17 23:58 - 2016-07-16 12:47 - 00000000 ____D C:\Windows\System32\NDF
2017-01-17 08:32 - 2015-11-01 16:35 - 00000000 ____D C:\Users\Klaus\AppData\Roaming\Wise Disk Cleaner
2017-01-17 07:34 - 2016-10-03 11:38 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-01-17 07:27 - 2016-10-03 19:22 - 00000085 _____ C:\Windows\wininit.ini
2017-01-17 00:12 - 2016-09-23 18:06 - 00000000 ____D C:\ProgramData\Ashampoo
2017-01-16 23:12 - 2016-07-16 12:47 - 00000000 ____D C:\Windows\Help
2017-01-16 23:12 - 2016-07-09 06:00 - 00000000 ____D C:\Users\Klaus\AppData\Roaming\Wise Euask
2017-01-16 23:11 - 2016-02-19 13:22 - 00000000 ____D C:\Users\Klaus\AppData\Roaming\Anvsoft
2017-01-16 22:55 - 2016-11-04 19:03 - 00000000 ____D C:\Program Files (x86)\Call of Duty
2017-01-16 22:55 - 2016-09-09 11:48 - 00000000 ____D C:\Program Files (x86)\Digiarty
2017-01-16 22:55 - 2016-03-21 17:13 - 00000000 ____D C:\Program Files (x86)\MSECache
2017-01-14 12:54 - 2016-06-01 21:17 - 00000000 ____D C:\Program Files (x86)\EaseUS
2017-01-14 11:37 - 2016-07-16 12:47 - 00000000 ____D C:\Windows\rescache
2017-01-13 07:16 - 2016-01-23 17:17 - 00000000 ____D C:\Users\Klaus\Documents\UseNeXT
2017-01-13 07:16 - 2015-10-24 17:48 - 00000000 ____D C:\Users\Klaus\AppData\Roaming\UseNeXT
2017-01-12 22:21 - 2015-11-26 23:25 - 00000000 ____D C:\Program Files (x86)\DAZ 3D
2017-01-12 22:17 - 2016-01-16 00:34 - 00000000 ____D C:\Users\Klaus\Documents\My Games
2017-01-11 21:40 - 2016-09-23 11:11 - 00000000 ____D C:\users\DefaultAppPool
2017-01-11 21:18 - 2015-11-11 07:12 - 00000000 ____D C:\Users\Klaus\AppData\Roaming\dvdcss
2017-01-11 21:06 - 2016-07-16 12:47 - 00000000 ____D C:\Windows\AppReadiness
2017-01-11 21:06 - 2016-02-13 18:32 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-01-11 21:04 - 2016-07-16 12:47 - 00000000 ___RD C:\Windows\ImmersiveControlPanel
2017-01-11 21:04 - 2016-07-16 12:47 - 00000000 ____D C:\Windows\System32\WinBioPlugIns
2017-01-11 21:04 - 2016-07-16 12:47 - 00000000 ____D C:\Windows\System32\oobe
2017-01-11 21:04 - 2016-07-16 12:47 - 00000000 ____D C:\Windows\ShellExperiences
2017-01-11 21:04 - 2016-07-16 12:47 - 00000000 ____D C:\Windows\Provisioning
2017-01-11 21:04 - 2016-07-16 12:47 - 00000000 ____D C:\Windows\PolicyDefinitions
2017-01-11 19:28 - 2016-07-16 12:36 - 00000000 ____D C:\Windows\CbsTemp
2017-01-11 19:22 - 2015-10-19 10:00 - 00000000 ____D C:\Windows\System32\MRT
2017-01-11 19:20 - 2015-10-19 10:00 - 135657872 ____C (Microsoft Corporation) C:\Windows\System32\MRT.exe
2017-01-07 08:47 - 2015-12-01 21:54 - 00000946 _____ C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job
2017-01-07 08:47 - 2015-10-24 13:53 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2017-01-07 00:20 - 2016-09-23 11:24 - 00004074 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2017-01-07 00:20 - 2016-07-16 12:47 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-01-07 00:20 - 2016-07-16 12:47 - 00000000 ____D C:\Windows\System32\Macromed
2017-01-07 00:20 - 2015-10-24 10:11 - 00000000 ____D C:\Users\Klaus\AppData\Local\Adobe
2017-01-06 05:36 - 2015-10-24 09:52 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-01-06 05:34 - 2016-12-16 13:02 - 00000000 ____D C:\Program Files (x86)\Microsoft Games
2017-01-05 11:59 - 2016-03-07 23:45 - 00000000 ____D C:\Users\Klaus\AppData\Local\ElevatedDiagnostics
2017-01-04 07:30 - 2016-04-23 23:34 - 00000000 ____D C:\Program Files (x86)\posterXXL Designer
2016-12-29 18:07 - 2016-12-13 15:18 - 00000000 ____D C:\Windows\Minidump
2016-12-25 06:39 - 2016-08-02 22:52 - 00042286 _____ C:\Windows\System32\nvinfo.pb
2016-12-24 14:56 - 2015-10-24 09:43 - 00000000 ____D C:\Users\Klaus\AppData\Local\VirtualStore
2016-12-23 00:13 - 2016-10-13 17:53 - 00835576 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-12-23 00:13 - 2016-10-13 17:53 - 00177656 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

==================== Known DLLs (Nicht auf der Ausnahmeliste) =========================


==================== Bamital & volsnap ======================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\Windows\System32\winlogon.exe
[2017-01-11 17:29] - [2016-12-14 05:24] - 0673792 ____A (Microsoft Corporation) 917F081E2AB667C44F7D96DE1D16DFAE

C:\Windows\System32\wininit.exe
[2016-07-16 12:42] - [2016-07-16 12:42] - 0304240 ____A (Microsoft Corporation) 99A19C9A74E2F9820E501DCE77F84F70

C:\Windows\explorer.exe
[2016-12-09 11:44] - [2016-11-11 10:56] - 4673304 ____A (Microsoft Corporation) 4E10FB1A015B49AC68F76C1A3F4D9C0F

C:\Windows\SysWOW64\explorer.exe
[2016-12-09 11:45] - [2016-11-11 08:41] - 4311736 ____A (Microsoft Corporation) AF46710DDB8B0E304AA4FD2B940CABD8

C:\Windows\System32\svchost.exe
[2016-07-16 12:42] - [2016-07-16 12:42] - 0044496 ____A (Microsoft Corporation) 36F670D89040709013F6A460176767EC

C:\Windows\SysWOW64\svchost.exe
[2016-07-16 12:42] - [2016-07-16 12:42] - 0038792 ____A (Microsoft Corporation) 1F8434DD4907C832E6E90D6298EAB85B

C:\Windows\System32\services.exe
[2016-12-09 11:45] - [2016-11-11 10:51] - 0454592 ____A (Microsoft Corporation) 3C69CC28665854F1AAB4B4005005FA31

C:\Windows\System32\User32.dll
[2016-12-15 04:57] - [2016-12-09 11:10] - 1461200 ____A (Microsoft Corporation) C46EA86BF0E7C96235E9064CBAD6ED26

C:\Windows\SysWOW64\User32.dll
[2016-12-15 05:02] - [2016-12-09 10:52] - 1435896 ____A (Microsoft Corporation) 4BEC594A3D4AEAFAC400D88F7E328C7B

C:\Windows\System32\userinit.exe
[2016-07-16 12:42] - [2016-07-16 12:42] - 0033280 ____A (Microsoft Corporation) C1B1FFC800BE2F31EB2CF8CB40629C69

C:\Windows\SysWOW64\userinit.exe
[2016-07-16 12:42] - [2016-07-16 12:42] - 0027648 ____A (Microsoft Corporation) FA900E6CCCF0A429D5B720C6F0E2274B

C:\Windows\System32\rpcss.dll
[2016-07-16 12:42] - [2016-07-16 12:42] - 0888320 ____A (Microsoft Corporation) 7BD259FC59CF9C2AE1B979564B374CC6

C:\Windows\System32\dnsapi.dll
[2016-09-30 05:28] - [2016-09-15 18:30] - 0646136 ____A (Microsoft Corporation) 96B8A433F6407DE34850927C96C6CE9B

C:\Windows\SysWOW64\dnsapi.dll
[2016-09-30 05:28] - [2016-09-15 18:37] - 0496872 ____A (Microsoft Corporation) 227CFE3EDA82029AAC1C088A16297CD7

C:\Windows\System32\Drivers\volsnap.sys
[2016-07-16 12:42] - [2016-07-16 12:42] - 0391520 ____A (Microsoft Corporation) BF2546583BB75F01DDA60A7921DFB230


==================== Verknüpfungen (Nicht auf der Ausnahmeliste) =============


==================== Wiederherstellungspunkte =========================

Wiederherstellungspunkt Datum: 2017-01-20 16:16
Wiederherstellungspunkt Datum: 2017-01-20 23:54

==================== Speicherinformationen =========================== 

Prozentuale Nutzung des RAM: 10%
Installierter physikalischer RAM: 8191.3 MB
Verfügbarer physikalischer RAM: 7328.65 MB
Summe virtueller Speicher: 8191.3 MB
Verfügbarer virtueller Speicher: 7378.47 MB

==================== Laufwerke ================================

Drive c: (SYSTEM) (Fixed) (Total:111.35 GB) (Free:42.24 GB) NTFS ==>[Laufwerk mit Startkomponenten (eingeholt von BCD)]
Drive d: (PRIVAT) (Fixed) (Total:931.51 GB) (Free:262.9 GB) NTFS
Drive x: (Boot) (Fixed) (Total:0.5 GB) (Free:0.5 GB) NTFS

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 6A6D4800)
Partition 1: (Active) - (Size=111.4 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 1E364A96)
Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)

LastRegBack: 2017-01-19 13:04

==================== Ende von FRST.txt ============================

burningice · 21.01.2017, 17:37

Schritt: 1
Drücke bitte die

+ R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

2017-01-16 22:55 - 2017-01-16 23:17 - 00000000 ____D C:\Program Files (x86)\UCBrowser
2017-01-12 19:28 - 2017-01-12 19:28 - 02834619 _____ C:\Windows\32e353b0a289955e4d2d0dbcc5632256.exe
S1 ucdrv; C:\Program Files (x86)\UCBrowser\Security:ucdrv-x64.sys [23652 ] (UC Web Inc.) <==== ACHTUNG
HKLM\...\RunOnce: [ucdrv_repair] => "C:\Program Files (x86)\UCBrowser\Security\uclauncher.exe" --repair

Speichere diese bitte als Fixlist.txt auf deinem USB Stick.

Starte deinen Rechner erneut in die Reparaturoptionen
Starte nun die FRST.exe erneut und klicke den Entfernen Button.

Das Tool erstellt eine Fixlog.txt auf deinem USB Stick. Poste den Inhalt bitte hier.

Da du dich scheinbar auskennst, die fixlist.txt einfach in den Ordner speichern, aus dem du FRST in der Widerherstellungsumgebung startest.

Schritt: 2
Starte Windows wieder normal.

Schritt: 3
Bitte starte wieder FRST, setze den Haken bei Addition und drücke auf Untersuchen. Poste bitte wieder die beiden Textdateien, die so entstehen.