Diese Website ist nicht erreichbar

derya84 · 05.07.2017, 15:55

Diese Website ist nicht erreichbar

Die Antwort von www.trojaner-board.de hat zu lange gedauert.
Versuchen Sie Folgendes:
Verbindung prüfen
Proxy und Firewall prüfen
Windows-Netzwerkdiagnose ausführen
ERR_CONNECTION_TIMED_OUT

Ich schildere mal das Problem:
Wenn ich eine Website eingebe, wird mir in letzter Zeit öfters die oben zitierte Nachricht angezeigt, dass diese Webseite ist nicht verfügbar ist. Wenn ich den Button Neu laden klicke, ist die Seite manchmal sofort da. Öfters muss ich aber ein zweites,drittes mal oder mehr neu laden, bis die Seite komplett erscheint. Könnte mir vielleicht jemand helfen? Was fehlt hier? Ich benutze Chrome und Mozilla. Bei beiden ist jeweils das gleiche Problem.
Vielen Dank im Voraus.

M-K-D-B · 05.07.2017, 20:09

Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen.

Um die Bereinigung möchlichst effektiv und schnell gestalten zu können, bitte ich um Beachtung der folgenden Hinweise:

Falls wir Hinweise auf illegal erworbene Software finden, werden wir den Support unterbrechen bis jegliche Art von illegaler Software vom Rechner entfernt wurde.
Lies dir meine Anleitungen immer sorgfältig durch, arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab und poste immer alle Logdateien (auch wenn nichts gefunden wurde). Solltest du Probleme haben, stoppe mit deiner Bearbeitung und beschreibe mir dein Problem so gut es geht.
Solltest du mir nicht innerhalb von 3 Tagen antworten, gehe ich davon aus, dass du keine Hilfe mehr benötigst. Dann lösche ich dein Thema aus meinem Abo. Solltest du einmal länger abwesend sein, so gib mir bitte Bescheid!
Während der Bereinigung bitte nichts installieren oder deinstallieren, außer ich bitte dich darum!
Außerdem bitte ich dich, nicht eigenmächtig irgendwelche Sicherheitsprogramme auszuführen und damit deinen Rechner zu überprüfen/bereinigen, da ich so leicht den Überblick verlieren kann.
Außerdem hättest du dir das Eröffnen eines Themas in diesem Fall auch gleich sparen können, wenn du dann doch wieder alleine rumhantierst.
Bitte beachten: Download bei filepony.de: So ladet Ihr unsere Tools richtig!
Alle zu verwendenen Programme sind auf dem Desktop ( C:\users\dein Benutzername\Desktop\ ) abzuspeichern und von dort als Administrator zu starten!
Einige Programme, die wir hier verwenden, können unter Umständen von deinem Antiviren- oder Anti-Malwareprogramm fälschlicherweise als Bedrohung eingestuft werden. Die Sicherheitsprogramme können aufgrund eines bestimmten Programmverhaltens nicht zwischen "gut" oder "böse" unterscheiden und schlagen Alarm. Dabei handelt es sich um Fehlalarme, welche du getrost ignorieren kannst. Gegebenenfalls musst du deine Sicherheitssoftware vor der Ausführung eines Programms deaktivieren, damit unsere Bereinigungsvorgänge nicht beeinträchtigt werden.
Sollten die Logdateien einmal die zulässige Länge (~ 120.000 Zeichen) überschreiten, so teile die Logdateien auf mehrere Posts auf.
Zur Not kannst du die Logdateien dann auch zippen (in ein .zip Archiv packen) und als Anhang hochladen.
Bitte arbeite so lange mit mir zusammen, bis ich dir sage, dass wir fertig sind und dein Rechner "sauber" ist. Das vorzeitige Verschwinden von Symptomen heißt nicht automatisch, dass dein Rechner bereits vollständig sauber ist.
In der Regel antworte ich dir innerhalb von 24 Stunden, oft sogar wesentlich schneller.
Jedoch habe auch ich einen normalen Beruf und Familie. Ich bin daher nicht jeden Tag stundenlag hier im Forum unterwegs. Es kann unter Umständen bis zu 2 Tage dauern, bis du eine Antwort von mir erhältst. Sollte diese Zeit überschritten sein, so kannst du mir gerne eine PM als Erinnerung schicken.

Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab und poste alle Logdateien in CODE-Tags:

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert deinem Helfer massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke aauf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

Danke für deine Mitarbeit!

Schritt 1
Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

Schritt 2
Downloade dir bitte

TDSSKiller.exe und speichere diese Datei auf dem Desktop

Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
Drücke Start Scan
Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt

Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

Bitte poste mit deiner nächsten Antwort

die Logdatei von TDSS-Killer,
die beiden neuen Logdateien von FRST.

derya84 · 06.07.2017, 00:33

Code:

ATTFilter

Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 05-07-2017
durchgefÃ¼hrt von Derya (Administrator) auf DERYA (05-07-2017 23:52:51)
Gestartet von C:\Users\Derya\Desktop
Geladene Profile: Derya (VerfÃ¼gbare Profile: Derya)
Platform: Windows 10 Home Version 1703 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: Chrome)
Start-Modus: Normal
Anleitung fÃ¼r Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Emsisoft Ltd) C:\Program Files\Emsisoft Internet Security\a2service.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(ASUS) C:\Program Files\ASUS\P4G\InsOnSrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files\ASUS\P4G\InsOnWMI.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Amazon Services LLC) C:\Users\Derya\AppData\Local\Amazon Music\Amazon Music Helper.exe
(Spotify Ltd) C:\Users\Derya\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Dropbox, Inc.) C:\Users\Derya\AppData\Local\Dropbox\Update\DropboxUpdate.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11705.1001.21.0_x64__8wekyb3d8bbwe\WinStore.App.exe
() C:\Program Files\WindowsApps\Microsoft.BingWeather_4.20.1102.0_x64__8wekyb3d8bbwe\Microsoft.Msn.Weather.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.8241.41125.0_x64__8wekyb3d8bbwe\HxOutlook.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.8241.41125.0_x64__8wekyb3d8bbwe\HxTsr.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.18062.12990.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurÃ¼ckgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3350760 2015-07-14] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13885696 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1402624 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2776528 2016-12-14] (Malwarebytes)
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3187360 2013-04-26] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSPanel.exe [3576784 2012-12-19] (ASUS Cloud Corporation)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [95192 2013-03-08] (CyberLink Corp.)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [97512 2017-06-08] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [918008 2017-06-14] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-03-15] (Oracle Corporation)
HKU\S-1-5-21-2045481624-1955495486-2742246077-1001\...\Run: [Amazon Music] => C:\Users\Derya\AppData\Local\Amazon Music\Amazon Music Helper.exe [3694056 2017-04-18] (Amazon Services LLC)
HKU\S-1-5-21-2045481624-1955495486-2742246077-1001\...\Run: [Spotify Web Helper] => C:\Users\Derya\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1562224 2017-06-22] (Spotify Ltd)
HKU\S-1-5-21-2045481624-1955495486-2742246077-1001\...\Run: [Dropbox Update] => C:\Users\Derya\AppData\Local\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-05] (Dropbox, Inc.)
HKU\S-1-5-21-2045481624-1955495486-2742246077-1001\...\Run: [Spotify] => C:\Users\Derya\AppData\Roaming\Spotify\Spotify.exe [7047792 2017-06-22] (Spotify Ltd)
Startup: C:\Users\Derya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2016-06-03]
ShortcutTarget: Dropbox.lnk -> C:\Users\Derya\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurÃ¼ckgesetzt, wenn es sich um einen Registryeintrag handelt.)

Tcpip\Parameters: [DhcpNameServer] 10.173.68.21 10.173.68.20
Tcpip\..\Interfaces\{0abe793a-7510-44e9-9f47-33868b7518ab}: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{3212af34-2967-4860-8e30-371a4082a040}: [DhcpNameServer] 10.173.68.21 10.173.68.20

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\S-1-5-21-2045481624-1955495486-2742246077-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
HKU\S-1-5-21-2045481624-1955495486-2742246077-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://de.yahoo.com/?fr=yset_ie_syc_oracle&type=orcl_hpset
SearchScopes: HKLM-x32 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2045481624-1955495486-2742246077-1001 -> {CA4998A0-6168-4151-B867-E3DBABBABAF3} URL = hxxps://de.search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
BHO: Citavi Picker -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> C:\WINDOWS\system32\mscoree.dll [2017-03-18] (Microsoft Corporation)
BHO-x32: Citavi Picker -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> C:\WINDOWS\system32\mscoree.dll [2017-03-18] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\ssv.dll [2017-04-21] (Oracle Corporation)
BHO-x32: QUICKfind BHO Object -> {C08DF07A-3E49-4E25-9AB0-D3882835F153} -> C:\Program Files (x86)\IDM\QUICKfind\PlugIns\IEHelp.dll [2007-02-16] (IDM)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-04-21] (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2017-01-02] (Skype Technologies)

FireFox:
========
FF DefaultProfile: oseq4a8i.default
FF ProfilePath: C:\Users\Derya\AppData\Roaming\Mozilla\Firefox\Profiles\oseq4a8i.default [2017-07-05]
FF NewTab: Mozilla\Firefox\Profiles\oseq4a8i.default -> about:newtab
FF DefaultSearchUrl: Mozilla\Firefox\Profiles\oseq4a8i.default -> hxxps://www.google.com/search/?trackid=sp-004752
FF SearchEngineOrder.1: Mozilla\Firefox\Profiles\oseq4a8i.default -> Google (avast)
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\oseq4a8i.default -> Google (avast)
FF Homepage: Mozilla\Firefox\Profiles\oseq4a8i.default -> hxxps://www.google.com
FF Keyword.URL: Mozilla\Firefox\Profiles\oseq4a8i.default -> hxxps://www.google.com/search/?trackid=sp-004752
FF NetworkProxy: Mozilla\Firefox\Profiles\oseq4a8i.default -> proxy_over_tls", false
FF NetworkProxy: Mozilla\Firefox\Profiles\oseq4a8i.default -> type", 0
FF Extension: (Hoxx VPN Proxy) - C:\Users\Derya\AppData\Roaming\Mozilla\Firefox\Profiles\oseq4a8i.default\Extensions\@hoxx-vpn.xpi [2017-06-07]
FF Extension: (Avira Browser Safety) - C:\Users\Derya\AppData\Roaming\Mozilla\Firefox\Profiles\oseq4a8i.default\Extensions\abs@avira.com.xpi [2017-06-07]
FF Extension: (Dictionary (EN/DE)) - C:\Users\Derya\AppData\Roaming\Mozilla\Firefox\Profiles\oseq4a8i.default\Extensions\dictlookup@arnhold.com.xpi [2016-05-13]
FF Extension: (ZenMate Security, Privacy & Unblock VPN) - C:\Users\Derya\AppData\Roaming\Mozilla\Firefox\Profiles\oseq4a8i.default\Extensions\firefox@zenmate.com.xpi [2017-06-01]
FF Extension: (Dictionary Extension) - C:\Users\Derya\AppData\Roaming\Mozilla\Firefox\Profiles\oseq4a8i.default\Extensions\jid0-raWjElI57dRa4jx9CCiYm5qZUQU@jetpack.xpi [2016-05-10]
FF Extension: (Search and New Tab by Yahoo) - C:\Users\Derya\AppData\Roaming\Mozilla\Firefox\Profiles\oseq4a8i.default\Extensions\jid1-16aeif9OQIRKxA@jetpack.xpi [2017-07-03]
FF Extension: (Avira SafeSearch Plus) - C:\Users\Derya\AppData\Roaming\Mozilla\Firefox\Profiles\oseq4a8i.default\Extensions\safesearchplus2@avira.com.xpi [2017-06-09]
FF Extension: (SearchExtensionLight) - C:\Users\Derya\AppData\Roaming\Mozilla\Firefox\Profiles\oseq4a8i.default\Extensions\{0ea582a1-4188-45af-938d-661cece01940}.xpi [2016-05-19] [ist nicht signiert]
FF Extension: (DivX Plugin Plus) - C:\Users\Derya\AppData\Roaming\Mozilla\Firefox\Profiles\oseq4a8i.default\Extensions\{24a3289f-c0e0-4937-a759-5d109127afc1}.xpi [2015-12-21] [ist nicht signiert]
FF Extension: (uBlock) - C:\Users\Derya\AppData\Roaming\Mozilla\Firefox\Profiles\oseq4a8i.default\Extensions\{2b10c1c8-a11f-4bad-fe9c-1c11e82cac42}.xpi [2015-12-18]
FF SearchPlugin: C:\Users\Derya\AppData\Roaming\Mozilla\Firefox\Profiles\oseq4a8i.default\searchplugins\google-avast.xml [2015-11-03]
FF SearchPlugin: C:\Users\Derya\AppData\Roaming\Mozilla\Firefox\Profiles\oseq4a8i.default\searchplugins\longman-english-dictionary.xml [2016-02-09]
FF HKLM-x32\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox
FF Extension: (Citavi Picker) - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2016-05-04]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_26_0_0_131.dll [2017-06-17] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_131.dll [2017-06-17] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-04-21] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-04-21] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2012-10-12] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-05] (Adobe Systems Inc.)

Chrome: 
=======
CHR Profile: C:\Users\Derya\AppData\Local\Google\Chrome\User Data\Default [2017-07-05]
CHR Extension: (Google PrÃ¤sentationen) - C:\Users\Derya\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-11-07]
CHR Extension: (Google Docs) - C:\Users\Derya\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-11-07]
CHR Extension: (Google Drive) - C:\Users\Derya\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-07]
CHR Extension: (YouTube) - C:\Users\Derya\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-07]
CHR Extension: (uBlock Origin) - C:\Users\Derya\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2017-06-22]
CHR Extension: (Google-Suche) - C:\Users\Derya\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-07]
CHR Extension: (Adobe Acrobat) - C:\Users\Derya\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-05]
CHR Extension: (Productivity Owl) - C:\Users\Derya\AppData\Local\Google\Chrome\User Data\Default\Extensions\eoagmdboiealblmpaahjlhajggndaahi [2016-07-05]
CHR Extension: (Google Tabellen) - C:\Users\Derya\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-11-07]
CHR Extension: (Avira Browserschutz) - C:\Users\Derya\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2017-06-08]
CHR Extension: (Google Docs Offline) - C:\Users\Derya\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-17]
CHR Extension: (Instant Translate: universeller Ãœbersetzer) - C:\Users\Derya\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihmgiclibbndffejedjimfjmfoabpcke [2017-07-05]
CHR Extension: (Cambridge Dictionaries Online) - C:\Users\Derya\AppData\Local\Google\Chrome\User Data\Default\Extensions\jheadbpkjimjomnnfpeokkffdfjocekd [2016-02-14]
CHR Extension: (Google Scholar-SchaltflÃ¤che) - C:\Users\Derya\AppData\Local\Google\Chrome\User Data\Default\Extensions\ldipcbpaocekfooobnbcddclnhejkcpn [2016-05-05]
CHR Extension: (Google Dictionary (by Google)) - C:\Users\Derya\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja [2016-04-20]
CHR Extension: (Self Control) - C:\Users\Derya\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncaaipdfhdijmfdfmeoagmogddhkfdec [2017-05-16]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Derya\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-11]
CHR Extension: (Cambridge Dictionaries Online) - C:\Users\Derya\AppData\Local\Google\Chrome\User Data\Default\Extensions\oaioomolanclklopkbfkhbmjeddbgdbj [2016-02-14]
CHR Extension: (PDF Viewer) - C:\Users\Derya\AppData\Local\Google\Chrome\User Data\Default\Extensions\oemmndcbldboiebfnladdacbdfmadadm [2016-11-02]
CHR Extension: (Citavi Picker) - C:\Users\Derya\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohgndokldibnndfnjnagojmheejlengn [2017-03-05]
CHR Extension: (Google Mail) - C:\Users\Derya\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-11-07]
CHR Extension: (Chrome Media Router) - C:\Users\Derya\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-06-27]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [ipmkfpcnmccejididiaagpgchgjfajgp] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fabhkdeopjkcpkmofliimbjckmocfiom] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ipmkfpcnmccejididiaagpgchgjfajgp] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [kpdmjodecdegfglgaapafjleomjjlpnh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ohgndokldibnndfnjnagojmheejlengn] - hxxps://clients2.google.com/service/update2/crx

==================== Dienste (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 a2AntiMalware; C:\Program Files\Emsisoft Internet Security\a2service.exe [10768560 2015-11-23] (Emsisoft Ltd)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [1128432 2017-06-14] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [490968 2017-06-14] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [490968 2017-06-14] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1524216 2017-06-14] (Avira Operations GmbH & Co. KG)
R2 ASUS InstantOn; C:\Program Files\ASUS\P4G\InsOnSrv.exe [277120 2013-08-29] (ASUS)
S2 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe [72192 2012-12-19] () [Datei ist nicht signiert]
S2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [356256 2017-06-08] (Avira Operations GmbH & Co. KG)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [147688 2015-07-14] (ELAN Microelectronics Corp.)
R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [337888 2016-05-03] (Intel Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4317648 2016-12-14] (Malwarebytes)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-03-18] (Microsoft Corporation)

===================== Treiber (Nicht auf der Ausnahmeliste) ======================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R3 AsusTP; C:\WINDOWS\System32\drivers\AsusTP.sys [128024 2017-03-09] (ASUS Corporation)
R0 avdevprot; C:\WINDOWS\System32\DRIVERS\avdevprot.sys [60920 2017-06-14] (Avira Operations GmbH & Co. KG)
R2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [167504 2017-06-14] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [164824 2017-06-14] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\WINDOWS\system32\DRIVERS\avkmgr.sys [44488 2017-03-24] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\WINDOWS\system32\DRIVERS\avnetflt.sys [88488 2017-03-24] (Avira Operations GmbH & Co. KG)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
R1 epp; C:\PROGRAM FILES\EMSISOFT INTERNET SECURITY\epp.sys [123992 2015-10-23] (Emsisoft Ltd)
R3 ETDSMBus; C:\WINDOWS\System32\drivers\ETDSMBus.sys [31320 2015-07-14] (ELAN Microelectronic Corp.)
R1 FWNDIS_LWF; C:\WINDOWS\system32\DRIVERS\fwndislwf64.sys [312064 2015-11-11] ()
R1 fwwfp; C:\Program Files\Emsisoft Internet Security\fwwfp764.sys [564896 2015-12-08] ()
R3 kbfiltr; C:\WINDOWS\System32\drivers\kbfiltr.sys [14992 2012-08-02] ( )
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [251832 2017-07-03] (Malwarebytes)
R3 netr28x; C:\WINDOWS\System32\drivers\netr28x.sys [2537984 2017-03-18] (MediaTek Inc.)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [895256 2015-07-07] (Realtek                                            )
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2017-07-05 23:52 - 2017-07-05 23:54 - 00025831 _____ C:\Users\Derya\Desktop\FRST.txt
2017-07-05 23:52 - 2017-07-05 23:52 - 00000000 ____D C:\FRST
2017-07-05 23:47 - 2017-07-05 23:48 - 02436608 _____ (Farbar) C:\Users\Derya\Desktop\FRST64.exe
2017-06-27 22:34 - 2017-06-27 22:34 - 00000000 ____D C:\Users\Derya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-06-27 22:24 - 2017-06-27 22:24 - 00001211 _____ C:\Users\Public\Desktop\Avira Connect.lnk
2017-06-14 21:28 - 2017-06-14 21:26 - 00060920 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avdevprot.sys
2017-06-14 18:03 - 2017-06-03 12:15 - 00750560 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2017-06-14 18:03 - 2017-06-03 12:15 - 00382368 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2017-06-14 18:03 - 2017-06-03 12:09 - 08318880 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-06-14 18:03 - 2017-06-03 12:09 - 01003624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2017-06-14 18:03 - 2017-06-03 12:08 - 02969880 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2017-06-14 18:03 - 2017-06-03 12:07 - 00119712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2017-06-14 18:03 - 2017-06-03 12:00 - 00219040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
2017-06-14 18:03 - 2017-06-03 11:59 - 01409048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2017-06-14 18:03 - 2017-06-03 11:59 - 00626528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2017-06-14 18:03 - 2017-06-03 11:59 - 00311200 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2017-06-14 18:03 - 2017-06-03 11:59 - 00259400 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2017-06-14 18:03 - 2017-06-03 11:58 - 07904784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-06-14 18:03 - 2017-06-03 11:58 - 00254176 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2017-06-14 18:03 - 2017-06-03 11:55 - 02681760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2017-06-14 18:03 - 2017-06-03 11:36 - 01150784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2017-06-14 18:03 - 2017-06-03 11:35 - 02259768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-06-14 18:03 - 2017-06-03 11:28 - 23677440 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-06-14 18:03 - 2017-06-03 11:26 - 00266640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\capauthz.dll
2017-06-14 18:03 - 2017-06-03 11:23 - 20373920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-06-14 18:03 - 2017-06-03 11:23 - 06760024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-06-14 18:03 - 2017-06-03 11:23 - 00573856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comctl32.dll
2017-06-14 18:03 - 2017-06-03 11:20 - 00583160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-06-14 18:03 - 2017-06-03 11:14 - 03673088 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-06-14 18:03 - 2017-06-03 11:14 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\utcutil.dll
2017-06-14 18:03 - 2017-06-03 11:14 - 00047104 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2017-06-14 18:03 - 2017-06-03 11:12 - 00119296 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2017-06-14 18:03 - 2017-06-03 11:11 - 02958848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-06-14 18:03 - 2017-06-03 11:11 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2017-06-14 18:03 - 2017-06-03 11:11 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2017-06-14 18:03 - 2017-06-03 11:11 - 00038912 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2017-06-14 18:03 - 2017-06-03 11:11 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
2017-06-14 18:03 - 2017-06-03 11:11 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2017-06-14 18:03 - 2017-06-03 11:10 - 00293376 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2017-06-14 18:03 - 2017-06-03 11:10 - 00102400 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2017-06-14 18:03 - 2017-06-03 11:09 - 00271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Identity.Provider.dll
2017-06-14 18:03 - 2017-06-03 11:09 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\devicengccredprov.dll
2017-06-14 18:03 - 2017-06-03 11:09 - 00094720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2017-06-14 18:03 - 2017-06-03 11:07 - 23682048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-06-14 18:03 - 2017-06-03 11:07 - 00778240 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2017-06-14 18:03 - 2017-06-03 11:07 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2017-06-14 18:03 - 2017-06-03 11:07 - 00197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdboot.exe
2017-06-14 18:03 - 2017-06-03 11:07 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2017-06-14 18:03 - 2017-06-03 11:05 - 20506624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-06-14 18:03 - 2017-06-03 11:05 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Identity.Provider.dll
2017-06-14 18:03 - 2017-06-03 11:05 - 00169984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\devicengccredprov.dll
2017-06-14 18:03 - 2017-06-03 11:04 - 12787200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-06-14 18:03 - 2017-06-03 11:04 - 00805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-06-14 18:03 - 2017-06-03 11:03 - 19336192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-06-14 18:03 - 2017-06-03 11:03 - 01260544 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2017-06-14 18:03 - 2017-06-03 11:03 - 00467456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TpmCoreProvisioning.dll
2017-06-14 18:03 - 2017-06-03 11:02 - 08245760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-06-14 18:03 - 2017-06-03 11:01 - 02804736 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-06-14 18:03 - 2017-06-03 11:00 - 03379200 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2017-06-14 18:03 - 2017-06-03 11:00 - 00933376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2017-06-14 18:03 - 2017-06-03 11:00 - 00358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-06-14 18:03 - 2017-06-03 10:59 - 04730368 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-06-14 18:03 - 2017-06-03 10:59 - 02672128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2017-06-14 18:03 - 2017-06-03 10:59 - 02597376 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2017-06-14 18:03 - 2017-06-03 10:59 - 01142784 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2017-06-14 18:03 - 2017-06-03 10:59 - 00975360 _____ (Microsoft Corporation) C:\WINDOWS\HelpPane.exe
2017-06-14 18:03 - 2017-06-03 10:59 - 00636416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-06-14 18:03 - 2017-06-03 10:58 - 05961216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-06-14 18:03 - 2017-06-03 10:58 - 02516480 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2017-06-14 18:03 - 2017-06-03 10:58 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2017-06-14 18:03 - 2017-06-03 10:58 - 01046016 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2017-06-14 18:03 - 2017-06-03 10:58 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2017-06-14 18:03 - 2017-06-03 10:57 - 11870720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-06-14 18:03 - 2017-06-03 10:57 - 06535168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspaint.exe
2017-06-14 18:03 - 2017-06-03 10:57 - 05557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2017-06-14 18:03 - 2017-06-03 10:57 - 02829824 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2017-06-14 18:03 - 2017-06-03 10:57 - 01675264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2017-06-14 18:03 - 2017-06-03 10:57 - 01248768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-06-14 18:03 - 2017-06-03 10:57 - 00797184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2017-06-14 18:03 - 2017-06-03 10:56 - 06292992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-06-14 18:03 - 2017-06-03 10:55 - 03656192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-06-14 18:03 - 2017-06-03 10:55 - 02132480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2017-06-14 18:03 - 2017-06-03 10:55 - 01019904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-06-14 18:03 - 2017-06-03 10:54 - 02341376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2017-06-14 18:03 - 2017-06-03 10:54 - 02298368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2017-06-14 18:03 - 2017-06-03 10:53 - 04559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2017-06-14 18:03 - 2017-06-03 10:51 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\bfsvc.exe
2017-06-14 18:02 - 2017-06-03 12:15 - 01596600 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2017-06-14 18:02 - 2017-06-03 12:14 - 01147296 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-06-14 18:02 - 2017-06-03 12:14 - 01024928 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-06-14 18:02 - 2017-06-03 12:10 - 00130464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tm.sys
2017-06-14 18:02 - 2017-06-03 12:07 - 00923048 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-06-14 18:02 - 2017-06-03 12:02 - 02444192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-06-14 18:02 - 2017-06-03 12:01 - 05477096 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2017-06-14 18:02 - 2017-06-03 12:00 - 00872472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2017-06-14 18:02 - 2017-06-03 12:00 - 00321376 _____ (Microsoft Corporation) C:\WINDOWS\system32\capauthz.dll
2017-06-14 18:02 - 2017-06-03 11:58 - 21352696 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-06-14 18:02 - 2017-06-03 11:58 - 00660384 _____ (Microsoft Corporation) C:\WINDOWS\system32\comctl32.dll
2017-06-14 18:02 - 2017-06-03 11:57 - 00371616 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2017-06-14 18:02 - 2017-06-03 11:14 - 00443392 _____ (Microsoft Corporation) C:\WINDOWS\system32\PerceptionSimulationExtensions.dll
2017-06-14 18:02 - 2017-06-03 11:14 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmredir.dll
2017-06-14 18:02 - 2017-06-03 11:10 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCredentialDeployment.exe
2017-06-14 18:02 - 2017-06-03 11:09 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-06-14 18:02 - 2017-06-03 11:06 - 00551936 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmCoreProvisioning.dll
2017-06-14 18:02 - 2017-06-03 11:05 - 07336448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-06-14 18:02 - 2017-06-03 11:05 - 01878016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-06-14 18:02 - 2017-06-03 11:04 - 00925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-06-14 18:02 - 2017-06-03 11:01 - 06726656 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe
2017-06-14 18:02 - 2017-06-03 10:59 - 02625024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2017-06-14 18:02 - 2017-06-03 10:59 - 02056192 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-06-14 18:02 - 2017-06-03 10:59 - 01293824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-06-14 18:02 - 2017-06-03 10:58 - 02650112 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2017-06-12 14:21 - 2017-06-12 14:21 - 02895643 _____ C:\Users\Derya\Downloads\Sensitive_byStudex_Collection_EN.pdf
2017-06-11 14:18 - 2017-06-11 14:18 - 10096308 _____ C:\Users\Derya\Downloads\9783423143356.zip

==================== Ein Monat: GeÃ¤nderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2017-07-05 23:50 - 2015-11-16 14:14 - 00000000 ____D C:\Program Files\Emsisoft Internet Security
2017-07-05 20:40 - 2017-06-04 13:32 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-07-05 17:42 - 2015-09-01 20:56 - 00000000 ____D C:\Users\Derya\Documents\Neuer Ordner
2017-07-05 15:42 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-07-05 15:36 - 2015-11-05 20:45 - 00000074 _____ C:\Users\Derya\AppData\Roaming\sp_data.sys
2017-07-05 15:34 - 2017-06-04 13:36 - 00000000 ____D C:\Users\Derya
2017-07-05 15:34 - 2017-04-14 09:58 - 00000000 ____D C:\ProgramData\ASUS Smart Gesture
2017-07-05 15:34 - 2015-09-01 14:04 - 00000000 __SHD C:\Users\Derya\IntelGraphicsProfiles
2017-07-05 06:43 - 2016-11-29 01:23 - 00000000 ____D C:\Users\Derya\AppData\LocalLow\Mozilla
2017-07-05 05:02 - 2017-06-04 13:58 - 00004152 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{9E6F6878-ACFE-4895-8063-AA9240D6E13D}
2017-07-04 14:48 - 2017-03-18 23:03 - 00000000 ___HD C:\Program Files\WindowsApps
2017-07-04 03:30 - 2015-06-08 12:38 - 00000000 ____D C:\Users\Derya\AppData\Roaming\Spotify
2017-07-04 02:17 - 2015-06-08 12:39 - 00000000 ____D C:\Users\Derya\AppData\Local\Spotify
2017-07-03 00:23 - 2015-11-03 19:44 - 00251832 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-07-03 00:20 - 2017-06-04 13:58 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-07-03 00:20 - 2014-12-18 00:08 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-07-02 19:36 - 2017-03-18 23:01 - 00000000 ____D C:\WINDOWS\INF
2017-07-01 17:00 - 2016-11-29 01:23 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-06-27 22:35 - 2014-11-18 21:50 - 00000000 ____D C:\Users\Derya\AppData\Roaming\Dropbox
2017-06-27 22:24 - 2015-12-18 10:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2017-06-27 22:24 - 2015-10-30 14:13 - 00000000 ____D C:\ProgramData\Package Cache
2017-06-26 19:40 - 2015-11-07 00:17 - 00002266 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-06-26 19:40 - 2015-11-07 00:17 - 00002254 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-06-22 00:00 - 2017-06-04 14:21 - 00003270 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-06-22 00:00 - 2015-09-01 14:11 - 00002426 _____ C:\Users\Derya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-06-22 00:00 - 2014-10-29 12:33 - 00000000 __RDO C:\Users\Derya\OneDrive
2017-06-19 16:19 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-06-17 13:32 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-06-17 13:32 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-06-16 14:13 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\rescache
2017-06-15 11:52 - 2014-10-13 22:36 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-06-15 11:47 - 2017-06-04 13:56 - 01851652 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-06-15 11:47 - 2017-03-20 06:35 - 00802486 _____ C:\WINDOWS\system32\perfh007.dat
2017-06-15 11:47 - 2017-03-20 06:35 - 00162784 _____ C:\WINDOWS\system32\perfc007.dat
2017-06-15 11:40 - 2017-06-04 13:32 - 00305296 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-06-15 11:39 - 2014-10-24 21:16 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2017-06-15 11:39 - 2014-10-24 21:16 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2017-06-14 21:33 - 2017-03-18 13:40 - 03145728 _____ C:\WINDOWS\system32\config\BBI
2017-06-14 21:31 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\system32\oobe
2017-06-14 21:31 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\system32\appraiser
2017-06-14 21:26 - 2016-10-06 19:26 - 00038048 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avusbflt.sys
2017-06-14 21:26 - 2015-12-18 10:57 - 00167504 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys
2017-06-14 21:26 - 2015-12-18 10:57 - 00164824 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys
2017-06-14 18:21 - 2014-10-19 21:22 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-06-14 18:14 - 2017-03-18 22:51 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-06-14 18:14 - 2014-10-19 21:22 - 133627792 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-06-14 18:08 - 2014-10-24 21:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2017-06-13 21:47 - 2015-06-16 21:49 - 00000000 ____D C:\Users\Derya\AppData\Local\Dropbox
2017-06-13 18:32 - 2017-06-04 13:58 - 00004428 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2017-06-12 11:59 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-06-05 11:04 - 2016-09-05 11:31 - 00000000 ____D C:\Users\Derya\AppData\Local\ConnectedDevicesPlatform
2017-06-05 03:51 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\appcompat

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2015-11-05 20:45 - 2017-07-05 15:36 - 0000074 _____ () C:\Users\Derya\AppData\Roaming\sp_data.sys
2016-07-21 13:19 - 2016-07-21 13:19 - 0013310 _____ () C:\Users\Derya\AppData\Local\recently-used.xbel
2017-06-04 13:35 - 2017-06-04 13:35 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2015-01-09 22:09 - 2016-11-11 18:52 - 0066192 _____ () C:\ProgramData\dudenbib.wav
2013-04-26 01:15 - 2012-09-07 13:40 - 0000256 _____ () C:\ProgramData\SetStretch.cmd
2013-04-26 01:15 - 2009-07-22 12:04 - 0024576 _____ () C:\ProgramData\SetStretch.exe
2013-04-26 01:15 - 2012-09-07 13:37 - 0000103 _____ () C:\ProgramData\SetStretch.VBS

==================== Bamital & volsnap ======================

(Es ist kein automatischer Fix fÃ¼r Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert

LastRegBack: 2017-07-02 17:08

==================== Ende von FRST.txt ============================

Code:

ATTFilter

ZusÃ¤tzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 05-07-2017
durchgefÃ¼hrt von Derya (05-07-2017 23:55:40)
Gestartet von C:\Users\Derya\Desktop
Windows 10 Home Version 1703 (X64) (2017-06-04 12:12:53)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-2045481624-1955495486-2742246077-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2045481624-1955495486-2742246077-503 - Limited - Disabled)
Derya (S-1-5-21-2045481624-1955495486-2742246077-1001 - Administrator - Enabled) => C:\Users\Derya
Gast (S-1-5-21-2045481624-1955495486-2742246077-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2045481624-1955495486-2742246077-1005 - Limited - Enabled)

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Avira Antivirus (Enabled - Up to date) {B3F630BD-538D-1B4A-14FA-14B63235278F}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Emsisoft Internet Security (Disabled - Out of date) {2F44E1F9-850B-1C7A-0E56-EB2E0A3E20C9}
AS: Avira Antivirus (Enabled - Up to date) {0897D159-75B7-14C4-2E4A-2FC449B26D32}
AS: Emsisoft Internet Security (Disabled - Out of date) {9425001D-A331-13F4-34E6-D05C71B96A74}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Emsisoft Internet Security (Disabled) {177F60DC-CF64-1D22-2509-421BF4ED67B2}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" kÃ¶nnen in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

7-Zip 9.22 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0922-000001000000}) (Version: 9.22.00.0 - Igor Pavlov)
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 17.009.20044 - Adobe Systems Incorporated)
Adobe Digital Editions 3.0 (HKLM-x32\...\Adobe Digital Editions 3.0) (Version: 3.0.1 - Adobe Systems Incorporated)
Adobe Flash Player 26 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 26.0.0.131 - Adobe Systems Incorporated)
Amazon Music (HKU\S-1-5-21-2045481624-1955495486-2742246077-1001\...\Amazon Amazon Music) (Version: 5.4.2.1801 - Amazon Services LLC)
Anki (HKLM-x32\...\Anki) (Version:  - )
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.2.7 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 3.0.6 - ASUS)
ASUS Screen Saver (HKLM-x32\...\{0FBEEDF8-30FA-4FA3-B31F-C9C7E7E8DFA2}) (Version: 1.0.2 - ASUS)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 4.0.18 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 2.01.0021 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 2.1.5 - ASUS)
ASUS WebStorage Sync Agent (HKLM-x32\...\ASUS WebStorage) (Version: 1.1.18.159 - ASUS Cloud Corporation)
ASUSDVD (HKLM-x32\...\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5710.52 - CyberLink Corp.) Hidden
ASUSDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5710.52 - CyberLink Corp.)
AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.12.311 - ASUSTEK)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0031 - ASUS)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.27.34 - Avira Operations GmbH & Co. KG)
Avira Connect (HKLM-x32\...\{14d00649-a178-473f-bf48-eec016dc4bfa}) (Version: 1.2.89.29905 - Avira Operations GmbH & Co. KG)
Avira Connect (HKLM-x32\...\{271D5399-34AF-4611-BCD9-B09185B2BBE0}) (Version: 1.2.89.29905 - Avira Operations GmbH & Co. KG) Hidden
Azteca (HKLM-x32\...\WTA-874d1d57-0527-4e80-adaa-bce83e1a070b) (Version: 2.2.0.97 - WildTangent) Hidden
Bejeweled 3 (HKLM-x32\...\WTA-cf23f5a3-be59-42a3-91d4-7147cb84c427) (Version: 2.2.0.97 - WildTangent) Hidden
Citavi 5  (HKLM-x32\...\{7EB278FB-0C3C-445E-8665-4A6CDD9B794E}) (Version: 5.3.1.0 - Swiss Academic Software)
Cut the Rope (HKLM-x32\...\WTA-f9eaaca9-82be-44ea-8a23-da50b5803b42) (Version: 3.0.2.38 - WildTangent) Hidden
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Dropbox (HKU\S-1-5-21-2045481624-1955495486-2742246077-1001\...\Dropbox) (Version: 29.4.20 - Dropbox, Inc.)
Duden-Bibliothek (HKLM-x32\...\{5C81B189-5456-40C4-9313-7FE6FA6DD64C}) (Version: 5.1.0 - Bibliographisches Institut GmbH)
ELAN Touchpad 15.8.4.3_X64_WHQL (HKLM\...\Elantech) (Version: 15.8.4.3 - ELAN Microelectronic Corp.)
Emsisoft Internet Security (HKLM\...\{5502032C-88C1-4303-99FE-B5CBD7684CEA}_is1) (Version: 11.0 - Emsisoft Ltd.)
Fotogalerie (HKLM-x32\...\{3CBD94C1-BA15-488C-888B-D8DD296CC6DC}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galerie de photos (HKLM-x32\...\{446CC8CE-0E90-44F7-ADD0-774B243EF090}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
GIMP 2.8.18 (HKLM\...\GIMP-2_is1) (Version: 2.8.18 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 59.0.3071.115 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4276 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Java 8 Update 131 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180131F0}) (Version: 8.0.1310.11 - Oracle Corporation)
L&H TTS3000 Deutsch (HKLM-x32\...\LHTTSGED) (Version:  - )
Langenscheidt Vokabeltrainer 6.0 Englisch (HKLM-x32\...\{BA49C568-7380-494F-9D15-EC2CE7F142C4}) (Version: 6.0.1 - Langenscheidt)
LDOCE5 Viewer 2013.03.24 (HKLM-x32\...\{69AF89EB-727E-4F9E-ADCA-87102CBAC142}_is1) (Version: 2013.03.24 - hakidame.net)
Lernout & Hauspie TruVoice American English TTS Engine (HKLM-x32\...\tv_enua) (Version:  - )
LibreOffice 5.2.6.2 (HKLM-x32\...\{443795BA-BBA0-46CF-A07F-DB5B461785F7}) (Version: 5.2.6.2 - The Document Foundation)
linguatec Voice Reader (HKLM-x32\...\{93293322-B694-4270-B7FE-DDE1A681ACCA}) (Version: 1.00.0000 - linguatec)
Longman Dictionary of Contemporary English 5th Edition (HKLM-x32\...\NSIS_ldoce5) (Version:  - )
Malwarebytes Version 3.0.5.1299 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.5.1299 - Malwarebytes)
Maxx Audio Installer (x64) (HKLM\...\{307032B2-6AF2-46D7-B933-62438DEB2B9A}) (Version: 2.6.6168.8 - Waves Audio Ltd.) Hidden
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2045481624-1955495486-2742246077-1001\...\OneDriveSetup.exe) (Version: 17.3.6917.0607 - Microsoft Corporation)
Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0407-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Movie Maker (HKLM-x32\...\{03CC9D58-B132-4CC0-A521-4F3660AA43C7}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{701FE1BC-834A-4857-AF62-6EBA50CFBC78}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{8E6E8CBB-8E58-493C-943F-4664F5F2FEDB}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{A17946CA-18E5-4CF0-8D55-A56D804718F8}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{AE8044B5-FCA3-4EBE-AC78-0FB3A6E8DC76}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{ED6C77F9-4D7E-447C-9EC0-9A212D075535}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 54.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 54.0.1 (x86 de)) (Version: 54.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 54.0.1.6388 - Mozilla)
MyBitCast 2.0 (HKLM-x32\...\MyBitCast) (Version: 2.0 - ASUS)
Oxford Advanced Learner's Dictionary - 8th Edition (HKLM-x32\...\NSIS_oald8) (Version:  - )
Paragon Software PONS 7 (HKLM-x32\...\Paragon Software PONS 7) (Version:  - )
Peggle (HKLM-x32\...\WTA-4ac01422-47f4-450d-be29-dd2c93505f68) (Version: 2.2.0.95 - WildTangent) Hidden
Penguins! (HKLM-x32\...\WTA-0eda17f7-fdf1-44cd-87c0-caf591ca3a2e) (Version: 2.2.0.98 - WildTangent) Hidden
PROMT Personal 9.0 EGGE (HKLM-x32\...\{E0FF8A03-2606-46CC-964E-4583BBA10DB9}) (Version: 9.0.00020 - PROMT Ltd.)
QUICKfind server v1.1 (HKLM-x32\...\QUICKfind) (Version:  - IDM)
Raccolta foto (HKLM-x32\...\{D04EBB49-C985-4A38-8695-62000861293A}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Ralink RT2860 Wireless LAN Card (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}) (Version: 1.2.0.41 - Ralink)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.14.327.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C9661090-C134-46E8-90B2-76D72355C2A6}) (Version: 6.2.9200.27038 - Realtek Semiconductor Corp.)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Skypeâ„¢ 7.32 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.32.104 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-2045481624-1955495486-2742246077-1001\...\Spotify) (Version: 1.0.57.474.gca9c9538 - Spotify AB)
Tales of Lagoona (HKLM-x32\...\WTA-d927468d-46de-4206-b527-35d00680ffb7) (Version: 2.2.0.110 - WildTangent) Hidden
Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version:  - WildTangent) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Vokabeltrainer-Update 6.0.141 (HKLM-x32\...\{C90B2DAE-C958-4DC8-9B26-CFEA485A3E1B}) (Version: 6.0.141 - Langenscheidt)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.0.0 - WildTangent)
WildTangent Games App (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-asus) (Version: 4.0.10.5 - WildTangent) Hidden
Windows 10 Update and Privacy Settings (HKLM\...\{293F2009-0145-450B-B4AA-063D43FB368C}) (Version: 1.0.13.0 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.42.0 - ASUS)
Write or Die 2.1.7 (HKLM-x32\...\{EC5AF270-5A63-4230-A90D-921235AE711F}_is1) (Version:  - Write or Die LLC)
Yahoo Search Set (HKLM-x32\...\Yahoo! SearchSet) (Version:  - Yahoo Inc.)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

CustomCLSID: HKU\S-1-5-21-2045481624-1955495486-2742246077-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Derya\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2045481624-1955495486-2742246077-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-2045481624-1955495486-2742246077-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Derya\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2045481624-1955495486-2742246077-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Derya\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2045481624-1955495486-2742246077-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Derya\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2045481624-1955495486-2742246077-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Derya\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2045481624-1955495486-2742246077-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Derya\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2045481624-1955495486-2742246077-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Derya\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2045481624-1955495486-2742246077-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Derya\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2045481624-1955495486-2742246077-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Derya\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2045481624-1955495486-2742246077-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Derya\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2045481624-1955495486-2742246077-1001_Classes\CLSID\{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Derya\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2045481624-1955495486-2742246077-1001_Classes\CLSID\{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Derya\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2045481624-1955495486-2742246077-1001_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Derya\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Derya\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll [2017-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Derya\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll [2017-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Derya\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll [2017-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Derya\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll [2017-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Derya\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll [2017-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Derya\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll [2017-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Derya\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll [2017-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Derya\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll [2017-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> Keine Datei
ContextMenuHandlers01: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2011-04-19] (Igor Pavlov)
ContextMenuHandlers01: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files (x86)\Avira\Antivirus\shlext64.dll [2017-06-14] (Avira Operations GmbH & Co. KG)
ContextMenuHandlers02: [Emsisoft Shell Extension] -> {AB77609F-2178-4E6F-9C4B-44AC179D937A} =>  -> Keine Datei
ContextMenuHandlers02: [Emsisoft Shell Extension x64] -> {E3F21FC7-6D65-48E7-B62B-E9ED8200C764} => C:\PROGRAM FILES\EMSISOFT INTERNET SECURITY\A2CONTMENU64.DLL [2015-10-21] (Emsisoft Ltd)
ContextMenuHandlers03: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> Keine Datei
ContextMenuHandlers03: [BackupContextMenuExtension] -> {b1b96b20-da1d-4a3c-92c1-7229b32f2325} => C:\WINDOWS\system32\mscoree.dll [2017-03-18] (Microsoft Corporation)
ContextMenuHandlers03: [Emsisoft Shell Extension] -> {AB77609F-2178-4E6F-9C4B-44AC179D937A} =>  -> Keine Datei
ContextMenuHandlers03: [Emsisoft Shell Extension x64] -> {E3F21FC7-6D65-48E7-B62B-E9ED8200C764} => C:\PROGRAM FILES\EMSISOFT INTERNET SECURITY\A2CONTMENU64.DLL [2015-10-21] (Emsisoft Ltd)
ContextMenuHandlers03: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2016-12-14] (Malwarebytes)
ContextMenuHandlers04: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2011-04-19] (Igor Pavlov)
ContextMenuHandlers04: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> Keine Datei
ContextMenuHandlers05: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> Keine Datei
ContextMenuHandlers05: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2016-05-03] (Intel Corporation)
ContextMenuHandlers06: [Emsisoft Shell Extension] -> {AB77609F-2178-4E6F-9C4B-44AC179D937A} =>  -> Keine Datei
ContextMenuHandlers06: [Emsisoft Shell Extension x64] -> {E3F21FC7-6D65-48E7-B62B-E9ED8200C764} => C:\PROGRAM FILES\EMSISOFT INTERNET SECURITY\A2CONTMENU64.DLL [2015-10-21] (Emsisoft Ltd)
ContextMenuHandlers06: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2016-12-14] (Malwarebytes)
ContextMenuHandlers06: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> Keine Datei
ContextMenuHandlers06: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files (x86)\Avira\Antivirus\shlext64.dll [2017-06-14] (Avira Operations GmbH & Co. KG)
ContextMenuHandlers1_S-1-5-21-2045481624-1955495486-2742246077-1001: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\Derya\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll [2017-06-26] (Dropbox, Inc.)
ContextMenuHandlers4_S-1-5-21-2045481624-1955495486-2742246077-1001: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\Derya\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll [2017-06-26] (Dropbox, Inc.)
ContextMenuHandlers5_S-1-5-21-2045481624-1955495486-2742246077-1001: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\Derya\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll [2017-06-26] (Dropbox, Inc.)

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {060E1437-945D-4FE4-83EA-FB49460F512D} - System32\Tasks\ASUS InstantOn Config => C:\Program Files\ASUS\P4G\InsOnCfg.exe
Task: {253A9F58-5A67-4B0E-85B8-13A8C526CFFF} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Keine Datei <==== ACHTUNG
Task: {29950DB4-7643-447B-8979-9D5246966111} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-07] (Google Inc.)
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {4488AEBB-EE58-483E-AA1E-F33C536DA402} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-06-17] (Adobe Systems Incorporated)
Task: {4AAFCB02-F4D4-4FEA-BD50-9CA191C483DA} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2017-06-14] (Microsoft Corporation)
Task: {4C478B3A-0E5A-4100-8CB8-F826DF62F049} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Keine Datei <==== ACHTUNG
Task: {53B75930-DE86-4DD6-8766-D079A2BFEF37} - System32\Tasks\ASUS Live Update1 => C:\Program Files (x86) [Argument = -critical]
Task: {5DDB61B9-7E88-40AA-BD92-8591D97C5AA0} - System32\Tasks\ASUS Live Update2 => C:\Program Files (x86) [Argument = -check]
Task: {5FFD3882-F615-49DD-A497-CA3F6FAC3EDF} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Keine Datei <==== ACHTUNG
Task: {64D8FD42-BEE8-41FA-A988-D14259726C24} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Keine Datei <==== ACHTUNG
Task: {69FAFFDD-52F7-4F1F-BC99-2BF53056D08A} - System32\Tasks\ASUS Splendid ColorU => C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe [2013-10-07] (ASUSTeK Computer Inc.)
Task: {70BA45BF-2CC3-4ECD-AED8-9268E7D7C99F} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\BrowserChoice\browserchoice.exe
Task: {753704DA-8CCD-4CEF-8867-424E9FCDBB49} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Keine Datei <==== ACHTUNG
Task: {789344E1-0DA7-431B-A6D5-7D2D0F240E33} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2012-09-18] (ASUSTek Computer Inc.)
Task: {7E1F25DB-2E60-415D-8960-4735756F85AC} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Keine Datei <==== ACHTUNG
Task: {8727F5F9-E35C-4A6F-97D0-C821FF03038E} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Keine Datei <==== ACHTUNG
Task: {8D82E38A-A7D3-481E-AB01-7A342A1D067D} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK
Task: {8DB462E1-E7F8-482C-BC9F-468AAA86565D} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Keine Datei <==== ACHTUNG
Task: {8DD622C6-2C0C-4CD8-9C3E-62D1917BC8B8} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-04-25] (Adobe Systems Incorporated)
Task: {9250C7D3-39A8-4A07-BE57-C1C313159C82} - System32\Tasks\avastBCLRestart_chrome.exe => Chrome.exe 
Task: {9B1740F5-C217-4705-BD67-724DDF755186} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Keine Datei <==== ACHTUNG
Task: {B13A1E02-4508-4B78-958B-BF96BF8FF898} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2013-10-07] (ASUS)
Task: {CD116C33-CF19-48C7-8B24-F93219DAC374} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-07] (Google Inc.)
Task: {DB912004-E006-4CE3-8DD2-BFB5075C5910} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Keine Datei <==== ACHTUNG
Task: {DF5965BD-A1CF-435F-B9E1-107CF5952516} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2017-03-09] (AsusTek)
Task: {E5BB5305-6E29-4177-AF79-9D8E36016A13} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2013-08-29] (ASUS)
Task: {EDE6626D-7B4F-46E3-B2B5-D41DBF4D84FB} - System32\Tasks\AsusVibeSchedule => C:\Program Files (x86)\Asus\AsusVibe\AsusVibeLauncher.exe [2013-11-04] ()
Task: {F269495B-D870-4AED-881A-039B5EC1614E} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> Keine Datei <==== ACHTUNG

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-2045481624-1955495486-2742246077-1001Core1d249eaab9ca3df.job => C:\Users\Derya\AppData\Local\Dropbox\Update\DropboxUpdate.exe

==================== VerknÃ¼pfungen & WMI ========================

(Die EintrÃ¤ge kÃ¶nnen gelistet werden, um sie zurÃ¼ckzusetzen oder zu entfernen.)


==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2016-12-21 05:29 - 2017-04-19 00:21 - 02271520 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
2017-03-18 22:58 - 2017-03-18 22:58 - 00138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2013-08-29 17:01 - 2013-08-29 17:01 - 00031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll
2017-03-18 22:59 - 2017-03-20 06:36 - 01731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-06-26 19:40 - 2017-06-23 05:21 - 03807064 _____ () C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.115\libglesv2.dll
2017-06-26 19:40 - 2017-06-23 05:21 - 00100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.115\libegl.dll
2017-06-04 14:50 - 2017-06-04 14:50 - 03139496 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11705.1001.21.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2017-06-22 11:52 - 2017-06-22 11:52 - 10628608 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11705.1001.21.0_x64__8wekyb3d8bbwe\WinStore.Entertainment.Mobile.dll
2017-06-22 11:52 - 2017-06-22 11:52 - 02640384 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11705.1001.21.0_x64__8wekyb3d8bbwe\MS.Entertainment.Common.Mobile.dll
2017-06-22 11:52 - 2017-06-22 11:52 - 00766464 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11705.1001.21.0_x64__8wekyb3d8bbwe\WinStore.Vui.dll
2017-04-22 19:27 - 2017-04-22 19:27 - 00017408 _____ () C:\Program Files\WindowsApps\Microsoft.BingWeather_4.20.1102.0_x64__8wekyb3d8bbwe\Microsoft.Msn.Weather.exe
2017-04-22 19:27 - 2017-04-22 19:27 - 15069696 _____ () C:\Program Files\WindowsApps\Microsoft.BingWeather_4.20.1102.0_x64__8wekyb3d8bbwe\Microsoft.Msn.Weather.dll
2017-03-29 12:33 - 2017-03-29 12:34 - 04123032 _____ () C:\Program Files\WindowsApps\Microsoft.BingWeather_4.20.1102.0_x64__8wekyb3d8bbwe\Microsoft.Advertising.dll
2016-03-03 21:23 - 2016-03-03 21:24 - 00291328 _____ () C:\Program Files\WindowsApps\Microsoft.BingWeather_4.20.1102.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll
2017-06-23 11:31 - 2017-06-23 11:32 - 01199816 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.8241.41125.0_x64__8wekyb3d8bbwe\Office.UI.Xaml.Word.dll
2017-06-23 11:31 - 2017-06-23 11:32 - 13207232 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.8241.41125.0_x64__8wekyb3d8bbwe\Office.UI.Xaml.Core.dll
2017-06-17 10:51 - 2017-06-17 10:53 - 00020480 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.18062.12990.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2017-06-17 10:51 - 2017-06-17 10:53 - 27430400 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.18062.12990.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2017-06-06 12:51 - 2017-06-06 12:54 - 00460288 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.18062.12990.0_x64__8wekyb3d8bbwe\Microsoft.Photos.AGM.Native.Windows.dll
2017-06-06 12:51 - 2017-06-06 12:54 - 02275328 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.18062.12990.0_x64__8wekyb3d8bbwe\MediaEngine.dll
2017-06-04 14:50 - 2017-06-04 14:50 - 03139496 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.18062.12990.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2017-06-06 12:51 - 2017-06-06 12:54 - 00046080 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.18062.12990.0_x64__8wekyb3d8bbwe\Microsoft.Photos.Edit.Services.dll
2016-06-03 12:49 - 2016-06-03 12:51 - 00680448 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.18062.12990.0_x64__8wekyb3d8bbwe\Microsoft.DesignCore.dll
2017-06-06 12:51 - 2017-06-06 12:54 - 00900096 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.18062.12990.0_x64__8wekyb3d8bbwe\Microsoft.RichMedia.Ink.Controls.dll
2017-05-09 17:24 - 2017-05-09 17:27 - 01062400 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.18062.12990.0_x64__8wekyb3d8bbwe\Microsoft.Sharing.dll
2016-03-03 21:23 - 2016-03-03 21:24 - 00291328 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.18062.12990.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll
2014-06-10 03:34 - 2012-06-25 11:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2013-10-08 21:41 - 2013-10-08 21:41 - 00037968 _____ () C:\Program Files (x86)\ASUS\Splendid\DetectDisplayDC.dll
2013-09-09 19:23 - 2013-09-09 19:23 - 00162816 _____ () C:\Program Files (x86)\ASUS\Splendid\CCTAdjust.dll
2016-11-06 03:23 - 2017-06-22 16:42 - 00189040 _____ () C:\Users\Derya\AppData\Roaming\Spotify\SpotifyWinRT.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)


==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)


==================== VerknÃ¼pfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurÃ¼ckgesetzt oder entfernt.)


==================== Internet Explorer VertrauenswÃ¼rdig/EingeschrÃ¤nkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)


==================== Hosts Inhalt: ===============================

(Wenn benÃ¶tigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurÃ¼ckzusetzen.)

2013-08-22 15:25 - 2015-11-08 14:04 - 00000855 _____ C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1       localhost

==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix fÃ¼r diesen Bereich.)

HKU\S-1-5-21-2045481624-1955495486-2742246077-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Derya\Pictures\wolf.jpg
DNS Servers: 10.173.68.21 - 10.173.68.20
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte EintrÃ¤ge ==

HKLM\...\StartupApproved\Run32: => "ASUSPRP"
HKLM\...\StartupApproved\Run32: => "PDFPrint"
HKU\S-1-5-21-2045481624-1955495486-2742246077-1001\...\StartupApproved\StartupFolder: => "Dropbox.lnk"
HKU\S-1-5-21-2045481624-1955495486-2742246077-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-2045481624-1955495486-2742246077-1001\...\StartupApproved\Run: => "Spotify"

==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [UDP Query User{257D6F79-E949-45F1-ACE7-0D5ACA0214F4}C:\users\derya\appdata\local\amazon music\amazon music helper.exe] => (Allow) C:\users\derya\appdata\local\amazon music\amazon music helper.exe
FirewallRules: [TCP Query User{141964D7-98B6-49D7-AB96-0F1B3F31C138}C:\users\derya\appdata\local\amazon music\amazon music helper.exe] => (Allow) C:\users\derya\appdata\local\amazon music\amazon music helper.exe
FirewallRules: [{AE6A6C6A-4322-4DCD-BC14-E28A9ED39374}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{CF816965-7A7B-4C28-85C0-A55B0DCEAD82}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [UDP Query User{E798088E-3ACB-44CD-837E-BD928DB342E8}C:\program files (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [TCP Query User{4D409AEF-94F7-47E3-AB08-9687526DE941}C:\program files (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [{57C7C09A-7346-4AC7-9027-A3DAB343FE0B}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{836BF7B0-5DDF-4D27-B68B-D66B5D413867}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{7BD86B0E-D061-44E1-8F1C-1074DD5701F7}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{508FE17C-E133-40FE-8639-5974B8448C4E}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{9CBDB688-1560-4EC3-B3C4-13B86FD1A88A}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{08DF9207-336B-4D4F-B1FD-122BC45D324B}] => (Allow) LPort=1900
FirewallRules: [{CACDB418-5466-44CB-97EB-234638B11E8D}] => (Allow) LPort=2869
FirewallRules: [{8F742722-EB63-4B60-8280-435B83C49A8F}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{FA6213C5-9C4C-4DED-9260-23B94CE919B8}] => (Allow) C:\Users\Derya\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{A497A879-5BF2-4C91-9F36-4D69DC8F2881}] => (Allow) C:\Users\Derya\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [TCP Query User{46F933D7-0BD6-4060-8997-A487F30AC4B4}C:\users\derya\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\derya\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{2F0FE9AA-4DFD-4D99-AF3B-2AE5A632447C}C:\users\derya\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\derya\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [TCP Query User{3E0D46C8-C693-4C22-884F-D00D8E0E835C}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{F7B505C5-5023-4A53-A32F-E17150DF0619}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{FD90B076-5698-4B9E-A399-35D4FB4FFC57}C:\users\derya\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\derya\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{76B0E31B-3A34-41EF-B6FC-0C26E0FDE697}C:\users\derya\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\derya\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{AE9E2725-B0FE-44AD-9DD0-05E71C0BB461}C:\users\derya\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\derya\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{25E6452C-8EE3-4A35-9105-570D7F6DD3AC}C:\users\derya\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\derya\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{B08D7D50-5CCE-48E9-AA5F-6F64EA9EEF94}C:\program files (x86)\write or die 2\writeordie2.exe] => (Allow) C:\program files (x86)\write or die 2\writeordie2.exe
FirewallRules: [UDP Query User{6F1840A7-8444-443C-BDF8-3A6B7EEC6168}C:\program files (x86)\write or die 2\writeordie2.exe] => (Allow) C:\program files (x86)\write or die 2\writeordie2.exe
FirewallRules: [{7E12D159-18AE-4782-B928-A19555B32474}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Wiederherstellungspunkte =========================

12-06-2017 18:48:41 Geplanter PrÃ¼fpunkt
21-06-2017 14:25:12 Geplanter PrÃ¼fpunkt
30-06-2017 16:08:28 Geplanter PrÃ¼fpunkt

==================== Fehlerhafte GerÃ¤te im GerÃ¤temanager =============


==================== FehlereintrÃ¤ge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (07/05/2017 11:41:00 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DERYA)
Description: Bei der Aktivierung der App â€žMicrosoft.BingWeather_8wekyb3d8bbwe!Appâ€œ ist folgender Fehler aufgetreten: -2144927148. Weitere Informationen finden Sie im Protokoll â€žMicrosoft-Windows-TWinUI/Betriebsbereitâ€œ.

Error: (07/05/2017 11:13:42 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DERYA)
Description: Bei der Aktivierung der App â€žMicrosoft.BingWeather_8wekyb3d8bbwe!Appâ€œ ist folgender Fehler aufgetreten: -2144927148. Weitere Informationen finden Sie im Protokoll â€žMicrosoft-Windows-TWinUI/Betriebsbereitâ€œ.

Error: (07/05/2017 10:40:54 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DERYA)
Description: Bei der Aktivierung der App â€žMicrosoft.BingWeather_8wekyb3d8bbwe!Appâ€œ ist folgender Fehler aufgetreten: -2144927148. Weitere Informationen finden Sie im Protokoll â€žMicrosoft-Windows-TWinUI/Betriebsbereitâ€œ.

Error: (07/05/2017 10:10:59 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DERYA)
Description: Bei der Aktivierung der App â€žMicrosoft.BingWeather_8wekyb3d8bbwe!Appâ€œ ist folgender Fehler aufgetreten: -2144927148. Weitere Informationen finden Sie im Protokoll â€žMicrosoft-Windows-TWinUI/Betriebsbereitâ€œ.

Error: (07/05/2017 09:44:53 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DERYA)
Description: Bei der Aktivierung der App â€žMicrosoft.BingWeather_8wekyb3d8bbwe!Appâ€œ ist folgender Fehler aufgetreten: -2144927148. Weitere Informationen finden Sie im Protokoll â€žMicrosoft-Windows-TWinUI/Betriebsbereitâ€œ.

Error: (07/05/2017 09:21:55 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DERYA)
Description: Bei der Aktivierung der App â€žMicrosoft.BingWeather_8wekyb3d8bbwe!Appâ€œ ist folgender Fehler aufgetreten: -2144927148. Weitere Informationen finden Sie im Protokoll â€žMicrosoft-Windows-TWinUI/Betriebsbereitâ€œ.

Error: (07/05/2017 08:45:42 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DERYA)
Description: Bei der Aktivierung der App â€žMicrosoft.BingWeather_8wekyb3d8bbwe!Appâ€œ ist folgender Fehler aufgetreten: -2144927148. Weitere Informationen finden Sie im Protokoll â€žMicrosoft-Windows-TWinUI/Betriebsbereitâ€œ.

Error: (07/05/2017 08:23:55 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DERYA)
Description: Bei der Aktivierung der App â€žMicrosoft.BingWeather_8wekyb3d8bbwe!Appâ€œ ist folgender Fehler aufgetreten: -2144927148. Weitere Informationen finden Sie im Protokoll â€žMicrosoft-Windows-TWinUI/Betriebsbereitâ€œ.

Error: (07/05/2017 07:45:43 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DERYA)
Description: Bei der Aktivierung der App â€žMicrosoft.BingWeather_8wekyb3d8bbwe!Appâ€œ ist folgender Fehler aufgetreten: -2144927148. Weitere Informationen finden Sie im Protokoll â€žMicrosoft-Windows-TWinUI/Betriebsbereitâ€œ.

Error: (07/05/2017 07:10:54 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DERYA)
Description: Bei der Aktivierung der App â€žMicrosoft.BingWeather_8wekyb3d8bbwe!Appâ€œ ist folgender Fehler aufgetreten: -2144927148. Weitere Informationen finden Sie im Protokoll â€žMicrosoft-Windows-TWinUI/Betriebsbereitâ€œ.


Systemfehler:
=============
Error: (07/05/2017 03:37:43 PM) (Source: DCOM) (EventID: 10010) (User: NT-AUTORITÃ„T)
Description: Der Server "{784E29F4-5EBE-4279-9948-1E8FE941646D}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (07/05/2017 05:01:54 AM) (Source: DCOM) (EventID: 10010) (User: NT-AUTORITÃ„T)
Description: Der Server "{784E29F4-5EBE-4279-9948-1E8FE941646D}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (07/04/2017 08:48:45 PM) (Source: DCOM) (EventID: 10010) (User: NT-AUTORITÃ„T)
Description: Der Server "{784E29F4-5EBE-4279-9948-1E8FE941646D}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (07/04/2017 02:46:21 PM) (Source: DCOM) (EventID: 10010) (User: NT-AUTORITÃ„T)
Description: Der Server "{784E29F4-5EBE-4279-9948-1E8FE941646D}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (07/03/2017 09:58:59 PM) (Source: DCOM) (EventID: 10010) (User: NT-AUTORITÃ„T)
Description: Der Server "{784E29F4-5EBE-4279-9948-1E8FE941646D}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (07/03/2017 03:44:57 PM) (Source: DCOM) (EventID: 10010) (User: DERYA)
Description: Der Server "Microsoft.Windows.Photos_2017.18062.12990.0_x64__8wekyb3d8bbwe!App.AppXy9rh3t8m2jfpvhhxp6y2ksgeq77vymbq.mca" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (07/03/2017 01:30:46 PM) (Source: DCOM) (EventID: 10010) (User: NT-AUTORITÃ„T)
Description: Der Server "{784E29F4-5EBE-4279-9948-1E8FE941646D}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (07/03/2017 12:25:12 AM) (Source: DCOM) (EventID: 10010) (User: NT-AUTORITÃ„T)
Description: Der Server "{784E29F4-5EBE-4279-9948-1E8FE941646D}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (07/03/2017 12:24:40 AM) (Source: DCOM) (EventID: 10010) (User: DERYA)
Description: Der Server "Microsoft.ZuneVideo_10.17042.14211.0_x64__8wekyb3d8bbwe!Microsoft.ZuneVideo.AppXjgy0dfr6tssa93yj5px65cbv2gsc8r39.mca" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (07/03/2017 12:22:19 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Windows Presentation Foundation-Schriftartcache 3.0.0.0" wurde aufgrund folgenden Fehlers nicht gestartet: 
Der Dienst antwortete nicht rechtzeitig auf die Start- oder Steuerungsanforderung.


==================== Speicherinformationen =========================== 

Prozessor: Intel(R) Core(TM) i3-3217U CPU @ 1.80GHz
Prozentuale Nutzung des RAM: 64%
Installierter physikalischer RAM: 3981.68 MB
VerfÃ¼gbarer physikalischer RAM: 1428.48 MB
Summe virtueller Speicher: 6224.42 MB
VerfÃ¼gbarer virtueller Speicher: 2339.22 MB

==================== Laufwerke ================================

Drive c: (OS) (Fixed) (Total:371.76 GB) (Free:271.81 GB) NTFS ==>[System mit Startkomponenten (eingeholt von Laufwerk)]
Drive d: () (Fixed) (Total:537.8 GB) (Free:536.83 GB) NTFS

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 0FE4DC0A)

Partition: GPT.

==================== Ende von Addition.txt ============================

Hallo Matthias. Vielen Dank für deine Hilfe. Aber ich werde bald verrückt, denn ich versuche schon ca. einer Stunde die Logdateien zu posten. Die Logdatei von FRST habe ich geschafft. Aber von TDSSKiller schaffe ich nicht. Jedesmal wenn ich hier poste, kriege ich diese Meldung:" Der Text, den Sie eingegeben haben, besteht aus 139860 Zeichen und ist damit zu lang. Bitte die Logs auf mehrere Beiträge aufspalten mit maximaler Länge von 120000 Zeichen." Es ist wohl zu lang. Nach der Anleitung poste ich in CodeTags aber es funktioniert einfach nicht. Das Ergebnis bei der Analyse mit TDSSKiller steht: No threats found. Ich drücke dann auf Report und versuche es zu schicken aber wohl zu lang. ? Was mache ich nun?

derya84 · 06.07.2017, 13:29

Code:

ATTFilter

00:09:55.0707 0x2678  TDSS rootkit removing tool 3.1.0.15 Apr 18 2017 11:34:02
00:09:55.0723 0x2678  UEFI system
00:10:05.0641 0x2678  ============================================================
00:10:05.0641 0x2678  Current date / time: 2017/07/06 00:10:05.0641
00:10:05.0641 0x2678  SystemInfo:
00:10:05.0641 0x2678  
00:10:05.0641 0x2678  OS Version: 10.0.15063 ServicePack: 0.0
00:10:05.0641 0x2678  Product type: Workstation
00:10:05.0641 0x2678  ComputerName: DERYA
00:10:05.0641 0x2678  UserName: Derya
00:10:05.0641 0x2678  Windows directory: C:\WINDOWS
00:10:05.0641 0x2678  System windows directory: C:\WINDOWS
00:10:05.0641 0x2678  Running under WOW64
00:10:05.0641 0x2678  Processor architecture: Intel x64
00:10:05.0641 0x2678  Number of processors: 4
00:10:05.0641 0x2678  Page size: 0x1000
00:10:05.0641 0x2678  Boot type: Normal boot
00:10:05.0641 0x2678  CodeIntegrityOptions = 0x00000001
00:10:05.0641 0x2678  ============================================================
00:10:05.0954 0x2678  KLMD registered as C:\WINDOWS\system32\drivers\18966184.sys
00:10:05.0954 0x2678  KLMD ARK init status: drvProperties = 0xFFF00, osBuild = 15063.0, osProperties = 0x19
00:10:06.0172 0x2678  System UUID: {FF141102-697A-B5CC-0B91-18F1CB40B8B1}
00:10:07.0032 0x2678  Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
00:10:07.0064 0x2678  ============================================================
00:10:07.0064 0x2678  \Device\Harddisk0\DR0:
00:10:07.0079 0x2678  GPT partitions:
00:10:07.0079 0x2678  \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {EE46D80F-652E-45DA-AA27-163D89DABF7D}, Name: EFI system partition, StartLBA 0x800, BlocksNum 0x32000
00:10:07.0079 0x2678  \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {0C01494D-ADF2-4E9F-A40F-43B471A8405B}, Name: Basic data partition, StartLBA 0x32800, BlocksNum 0x1C2000
00:10:07.0079 0x2678  \Device\Harddisk0\DR0\Partition3: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {53646C7B-DC54-4C16-9BD4-195AD5EFF3CB}, Name: Microsoft reserved partition, StartLBA 0x1F4800, BlocksNum 0x40000
00:10:07.0079 0x2678  \Device\Harddisk0\DR0\Partition4: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {BD9ADE34-4A2A-44BE-A072-74B08EE1E4F5}, Name: Basic data partition, StartLBA 0x234800, BlocksNum 0x2E7879C1
00:10:07.0079 0x2678  \Device\Harddisk0\DR0\Partition5: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {C38400CA-7640-4358-A377-B3B6E7B25BA4}, Name: , StartLBA 0x2E9BC800, BlocksNum 0x1AD800
00:10:07.0079 0x2678  \Device\Harddisk0\DR0\Partition6: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {FDD28438-2479-4B9D-80EE-06A5FAF4823D}, Name: Basic data partition, StartLBA 0x2EB6A000, BlocksNum 0x43397800
00:10:07.0079 0x2678  \Device\Harddisk0\DR0\Partition7: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {4440628D-75EC-441A-9232-AA7D96FF2C7E}, Name: Basic data partition, StartLBA 0x71F01800, BlocksNum 0x2805000
00:10:07.0079 0x2678  MBR partitions:
00:10:07.0079 0x2678  ============================================================
00:10:07.0095 0x2678  C: <-> \Device\Harddisk0\DR0\Partition4
00:10:07.0126 0x2678  D: <-> \Device\Harddisk0\DR0\Partition6
00:10:07.0126 0x2678  ============================================================
00:10:07.0126 0x2678  Initialize success
00:10:07.0126 0x2678  ============================================================
00:10:44.0601 0x10e8  ============================================================
00:10:44.0601 0x10e8  Scan started
00:10:44.0601 0x10e8  Mode: Manual; SigCheck; TDLFS; 
00:10:44.0601 0x10e8  ============================================================
00:10:44.0601 0x10e8  KSN ping started
00:11:07.0762 0x10e8  KSN ping finished: true
00:11:12.0476 0x10e8  ================ Scan system memory ========================
00:11:12.0476 0x10e8  System memory - ok
00:11:12.0476 0x10e8  ================ Scan services =============================
00:11:12.0695 0x10e8  [ AAB860A5E606B9621E130D8C29D3F305, 93466620433B27F3BCFECDA26DD420AD1E5219034BA3B4E930EDED6D6728AE5C ] 1394ohci        C:\WINDOWS\System32\drivers\1394ohci.sys
00:11:12.0805 0x10e8  1394ohci - ok
00:11:12.0836 0x10e8  [ 4140B14929C555E9513D59A2EEB5C471, 39A8400B3AA7FB1D8EBE87E65F89881AB23B6AE911BECAEC1FD86C7DADD4F1AA ] 3ware           C:\WINDOWS\system32\drivers\3ware.sys
00:11:12.0851 0x10e8  3ware - ok
00:11:13.0289 0x10e8  [ B9C1F601491926464C238B1FE538FCF1, 497D3CC6D7629A4F92047FD9BA38884F7DAA7EB46EDD30789F7D54802E9F2FB1 ] a2AntiMalware   C:\Program Files\Emsisoft Internet Security\a2service.exe
00:11:13.0789 0x10e8  a2AntiMalware - ok
00:11:13.0852 0x10e8  [ D3DB4E3C096EFF74FB6E73E37CB66DD7, 451BE72D50D2316690910B86ACA1EBB5C0F3FE688BAB806EC94BCCB6F3798A0A ] ACPI            C:\WINDOWS\system32\drivers\ACPI.sys
00:11:13.0898 0x10e8  ACPI - ok
00:11:13.0914 0x10e8  [ 3E5E5DAE5CAEC0209C93D3AD8128D8A0, 5CFA4D715AE8D928EA11F213C5A7B0B1C1705D2A8FF041E0A1988E645E669C54 ] AcpiDev         C:\WINDOWS\System32\drivers\AcpiDev.sys
00:11:13.0930 0x10e8  AcpiDev - ok
00:11:13.0977 0x10e8  [ F72D7CC7E7A97A09757313F3B4C7E17A, 36E3363380C51A2DB58D3177655A0A75DAA977C00C5A9C60A189068C0AFDC643 ] acpiex          C:\WINDOWS\system32\Drivers\acpiex.sys
00:11:14.0008 0x10e8  acpiex - ok
00:11:14.0023 0x10e8  [ F04B6F53FBDB2B6B0451AE53DE19F0C9, 41A8C314A46867BAA45CD9666AAF734AD45B74E2033A8E66D93E17CDDAD66578 ] acpipagr        C:\WINDOWS\System32\drivers\acpipagr.sys
00:11:14.0055 0x10e8  acpipagr - ok
00:11:14.0070 0x10e8  [ C347A6095F3BE417D24F1E1349F4AF0F, 72C9D759BB132985AF55860658DC01F08590A2BD7E976FCF25E1314C5AA1D37B ] AcpiPmi         C:\WINDOWS\System32\drivers\acpipmi.sys
00:11:14.0102 0x10e8  AcpiPmi - ok
00:11:14.0117 0x10e8  [ 686BFFC47454DD2F58795C2EE891CA9F, 6CC4B6679914742D700A8373DED2DD9A821CA5284D4D73493BA0855DB8E6520A ] acpitime        C:\WINDOWS\System32\drivers\acpitime.sys
00:11:14.0133 0x10e8  acpitime - ok
00:11:14.0227 0x10e8  [ 8D6BA8E7676038A27FD4ECF12CC744B0, F5D59B764DCB4A06A51939533DC7B2391FD68E3979C48939C023A60DCE0D2101 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
00:11:14.0258 0x10e8  AdobeARMservice - ok
00:11:14.0367 0x10e8  [ 7DE8B8AC559E16AEB388E7D098E7C288, 37F24B6182E3DE39BDE568304E5ED97CDE9CB45B6BF5C7A4096A09138C1D0B89 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
00:11:14.0398 0x10e8  AdobeFlashPlayerUpdateSvc - ok
00:11:14.0461 0x10e8  [ FBDA59118E59B3722248C66BAD89CAA9, 11AB83499757E3143834348DE39E85D56EC853071C96337C3ADD8A1E374C6CBC ] ADP80XX         C:\WINDOWS\system32\drivers\ADP80XX.SYS
00:11:14.0523 0x10e8  ADP80XX - ok
00:11:14.0555 0x10e8  [ AC1928C2F7505BD556C552F153B062AB, B48EA30F76DEA57868CA74CC775DD60257021A3DE10CE101B8BEFA1CE9D22CF4 ] AFD             C:\WINDOWS\system32\drivers\afd.sys
00:11:14.0586 0x10e8  AFD - ok
00:11:14.0617 0x10e8  [ 1D914C996F2C3134E2344BB74F79BCF6, D27AF01BA29784555AF7D2E89A3A65E81D6AFE1D3C7E8F9367F06D9DF5F88069 ] ahcache         C:\WINDOWS\system32\DRIVERS\ahcache.sys
00:11:14.0648 0x10e8  ahcache - ok
00:11:14.0680 0x10e8  [ 16F6F6B7903B913AB41AB848C8BB5658, 7304257048CB42E5274B3F6400F4A053A38E3B70A157662FE9D2B7C5979DE851 ] AiCharger       C:\WINDOWS\system32\DRIVERS\AiCharger.sys
00:11:14.0680 0x10e8  AiCharger - ok
00:11:14.0711 0x10e8  [ 41856B40EE15F96DEC8755AB01FA3CF7, 33C3C899AF9CA15BE5A4CF097FF43DF3F0DBA0E48B6F1E28AE3E76AD76A1C361 ] AJRouter        C:\WINDOWS\System32\AJRouter.dll
00:11:14.0742 0x10e8  AJRouter - ok
00:11:14.0773 0x10e8  [ F485CA5559DB37A4882467A4F7D58BEA, A1C648EFE12A5A3356BC0949372ADD0FF0CA2F5A8F992EB71C87E9C0D5C92BB2 ] ALG             C:\WINDOWS\System32\alg.exe
00:11:14.0789 0x10e8  ALG - ok
00:11:14.0820 0x10e8  [ 9C39FBA94FFEF04561D13ED0D1B50DD0, 53FA118DEF37F0BA6030B9CB4C17019E6B5934941514756D66143B7BB66D7CA1 ] AmdK8           C:\WINDOWS\System32\drivers\amdk8.sys
00:11:14.0852 0x10e8  AmdK8 - ok
00:11:14.0883 0x10e8  [ 395D56FA2E22A10AE4774440D086F559, 24D7CBE9B82DC8900D9A5E345347FEC330D47FDBD1517A2AC10218BA2A9DFAA9 ] AmdPPM          C:\WINDOWS\System32\drivers\amdppm.sys
00:11:14.0898 0x10e8  AmdPPM - ok
00:11:14.0914 0x10e8  [ EB729A9ADCB9F9C406B533F95E2F67D4, EDCB8E39C503FF30ECB82F368242179E2788C12B4FD9B557F38380A934E7D8E7 ] amdsata         C:\WINDOWS\system32\drivers\amdsata.sys
00:11:14.0945 0x10e8  amdsata - ok
00:11:14.0977 0x10e8  [ 3B5C5C696F33FE61F1922533B03B9316, C9BAAA9B02547C66A276A31958DFD2A289C5963A4EE3FF306535565240D816CC ] amdsbs          C:\WINDOWS\system32\drivers\amdsbs.sys
00:11:14.0992 0x10e8  amdsbs - ok
00:11:15.0023 0x10e8  [ A7D45A303FF8A9493C96C4B804051E6E, 6074C264876A398039D3F89905A486ABA5BDACA038B79920A34323B38CFCB358 ] amdxata         C:\WINDOWS\system32\drivers\amdxata.sys
00:11:15.0039 0x10e8  amdxata - ok
00:11:15.0148 0x10e8  [ 2C5A37BC42D91CD54FEAFCC51D3E4924, FDF678E91D1FAF789A2E0C8315D65D4BAF7997705D66D0450EFF81631BD79F59 ] AntiVirMailService C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe
00:11:15.0195 0x10e8  AntiVirMailService - ok
00:11:15.0242 0x10e8  [ 1CE285653AD840CBC168957C5ACA6DDE, DBF70B3AFBF5287332B27534E94F2917E3960B74ADBEED938AFD16B87065A2A9 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\Antivirus\sched.exe
00:11:15.0273 0x10e8  AntiVirSchedulerService - ok
00:11:15.0305 0x10e8  [ 1CE285653AD840CBC168957C5ACA6DDE, DBF70B3AFBF5287332B27534E94F2917E3960B74ADBEED938AFD16B87065A2A9 ] AntiVirService  C:\Program Files (x86)\Avira\Antivirus\avguard.exe
00:11:15.0336 0x10e8  AntiVirService - ok
00:11:15.0414 0x10e8  [ B1DEA30E906DC1A90AA9D89FBF3FE490, B37AA43BA8B3C91A657C94D9621C40818BAAFF6C2445D66C4C225E9DB657C2A3 ] AntiVirWebService C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe
00:11:15.0477 0x10e8  AntiVirWebService - ok
00:11:15.0492 0x10e8  [ 5180537517C27375B1F2CB37ED599FAF, 121BF0E3BDE068CC1E1E9B24DC334BA29348725E9BFB790699E4CC66664A4C3D ] AppID           C:\WINDOWS\system32\drivers\appid.sys
00:11:15.0523 0x10e8  AppID - ok
00:11:15.0539 0x10e8  [ F7FEBF66A705F18DC063DFD259F15102, 394DA8A7355573C4D81C375450DF5C5B2FA6360E246B06FDE8E7F9ADF21360FA ] AppIDSvc        C:\WINDOWS\System32\appidsvc.dll
00:11:15.0570 0x10e8  AppIDSvc - ok
00:11:15.0602 0x10e8  [ 13D7FEA71091D1EAD8ADDD10BFFEA06D, A707CAC76CBF0334E2FCE3220147B382F5E44DEF9E23DD459CF7C40F27771695 ] Appinfo         C:\WINDOWS\System32\appinfo.dll
00:11:15.0617 0x10e8  Appinfo - ok
00:11:15.0633 0x10e8  [ EAF36A714E16A69B8B4ED7591CBA77B6, 11FE2A5D991FB8AF78F4E78FB6DF02005EC5404DC298FE2D4E7774BB0011AB52 ] applockerfltr   C:\WINDOWS\system32\drivers\applockerfltr.sys
00:11:15.0680 0x10e8  applockerfltr - ok
00:11:15.0727 0x10e8  [ 1C8DA5C681B603BBC893D50C5D643504, D38EDDB67C993498761978D5DC3DB648E20CB2CA16BA66A8629B16EAA04519EA ] AppReadiness    C:\WINDOWS\system32\AppReadiness.dll
00:11:15.0773 0x10e8  AppReadiness - ok
00:11:15.0914 0x10e8  [ CC2D94671F2185383AEAEAD8784784CD, 98453192A1203B768F59EEF48EDE9CF0F45BF259F3771B254920E1FC0A8BAF06 ] AppXSvc         C:\WINDOWS\system32\appxdeploymentserver.dll
00:11:16.0102 0x10e8  AppXSvc - ok
00:11:16.0117 0x10e8  [ 6E456A94B9BD7F6B4758729BCEDE40C3, 2F3146AC960992FA947A8E8C4D5497624A5BC69B7A3EECA117AD599C70DDE8E3 ] arcsas          C:\WINDOWS\system32\drivers\arcsas.sys
00:11:16.0149 0x10e8  arcsas - ok
00:11:16.0227 0x10e8  [ 28C27484043BDE86B91D1428673B7D2A, 137CDC07F269BEDD5767921CC9D98F13294BEAA2B18C7C3696F106D31835DAB3 ] ASLDRService    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
00:11:16.0258 0x10e8  ASLDRService - ok
00:11:16.0258 0x10e8  [ 4C016FD76ED5C05E84CA8CAB77993961, 025E7BE9FCEFD6A83F4471BBA0C11F1C11BD5047047D26626DA24EE9A419CDC4 ] ASMMAP64        C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys
00:11:16.0274 0x10e8  ASMMAP64 - ok
00:11:16.0352 0x10e8  [ 6A122B4F0E5293CACFA8A5F2CBA9B356, 9D69076B697BEE8742E32EBEF1802D829DEA6B1D93AF485D11CC89A08CA4D809 ] ASUS InstantOn  C:\Program Files\ASUS\P4G\InsOnSrv.exe
00:11:16.0383 0x10e8  ASUS InstantOn - ok
00:11:16.0414 0x10e8  [ AAE374280DDC307061A43ED9FAD1AD57, BFBE60D67B4283868D148C38502689FFE52CC7F13F4294E21F47B37D14FB5821 ] Asus WebStorage Windows Service C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe
00:11:16.0445 0x10e8  Asus WebStorage Windows Service - detected UnsignedFile.Multi.Generic ( 1 )
00:11:17.0680 0x10e8  Detect skipped due to KSN trusted
00:11:17.0680 0x10e8  Asus WebStorage Windows Service - ok
00:11:17.0727 0x10e8  [ 645768721834630DB0666D11C5ED2914, BA12E415226072D44A24ACCB4174411E5A3462EB6C322EC6A9F9A3B52F386B01 ] AsusTP          C:\WINDOWS\System32\drivers\AsusTP.sys
00:11:17.0758 0x10e8  AsusTP - ok
00:11:17.0774 0x10e8  [ 766F3A7E42AFCF74265FAC78987D1665, 8FE82913DF5CF79B49B28B3CD782AF09FF30585A37473AE3E518A26C5D6453D0 ] AsyncMac        C:\WINDOWS\System32\drivers\asyncmac.sys
00:11:17.0805 0x10e8  AsyncMac - ok
00:11:17.0836 0x10e8  [ 01733BEEE02E51F712330D5909BD701C, A583B482DBE701A752EDFDEAE2EF16D7160DFEA6077E0C8EF013828E285D960A ] atapi           C:\WINDOWS\system32\drivers\atapi.sys
00:11:17.0867 0x10e8  atapi - ok
00:11:17.0883 0x10e8  [ DBC598E47E7A382E60E2A4745D41FEF9, A810AC197CA456B0285E2CAE6986D38B31F4ADA32BEB47EC7A48A2B2196BA639 ] ATKGFNEXSrv     C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
00:11:17.0899 0x10e8  ATKGFNEXSrv - ok
00:11:17.0945 0x10e8  [ C435191FAD19B43E5C3082E4275DCE75, 12D8AF471CA89FE59790092EF3274D638B4B978F1F061423F8D70F270121CF7A ] ATKWMIACPIIO    C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys
00:11:17.0945 0x10e8  ATKWMIACPIIO - ok
00:11:17.0992 0x10e8  [ 5F9C86F133D50EC14BC247B1408EB339, D5C9DC375B91774E580C128677F36C4A4949FC70C7EE82F573EFC8841C084D18 ] AudioEndpointBuilder C:\WINDOWS\System32\AudioEndpointBuilder.dll
00:11:18.0055 0x10e8  AudioEndpointBuilder - ok
00:11:18.0117 0x10e8  [ 18DD15CD20F3AFB8A056B6250CDD4ABE, B17DDF9C79EE51CBF274BB8763935F841CC865168A8C27512290946D053EC332 ] Audiosrv        C:\WINDOWS\System32\Audiosrv.dll
00:11:18.0211 0x10e8  Audiosrv - ok
00:11:18.0227 0x10e8  [ 4621EA3385170B087A03F3C90E276B4A, 1513802CF844B1B7A70C820AEF732EDA432D44CD8726560D95F05EB5CA556CD7 ] avdevprot       C:\WINDOWS\system32\DRIVERS\avdevprot.sys
00:11:18.0242 0x10e8  avdevprot - ok
00:11:18.0274 0x10e8  [ 0C6D49FFD4B70F95E24EF5311ED57A28, AB58DC263E3B5DE2E5E76DCBE8061D9B6736B411C2D572E56AD68BB326818FAF ] avgntflt        C:\WINDOWS\system32\DRIVERS\avgntflt.sys
00:11:18.0289 0x10e8  avgntflt - ok
00:11:18.0305 0x10e8  [ DAA6BD143D3AC4274791018FFAD5543A, 2D85818C52FF768579528A81DEB8D106421D986B28837B301F53B600E382E6CF ] avipbb          C:\WINDOWS\system32\DRIVERS\avipbb.sys
00:11:18.0320 0x10e8  avipbb - ok
00:11:18.0367 0x10e8  [ 0BEA4FBBB8AE477B437A8077C48AE5D0, 5B1ABDB03E2B0B99D16E95CDD61802C9D89A98718CF59E783DA1B77EF305C8C5 ] Avira.ServiceHost C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
00:11:18.0383 0x10e8  Avira.ServiceHost - ok
00:11:18.0414 0x10e8  [ 2CBA09A7983B1D39531B768BCED08C20, B40968DFE1A648CCB9260033E1EA57B5D496274A335B000354156B0DB740EDE0 ] avkmgr          C:\WINDOWS\system32\DRIVERS\avkmgr.sys
00:11:18.0430 0x10e8  avkmgr - ok
00:11:18.0461 0x10e8  [ 8D18C6406FF8DC39028177E1E5675182, 44985DEE74F235567FB849350256F342BCE26EF66439D761FA3F6EDA22882092 ] avnetflt        C:\WINDOWS\system32\DRIVERS\avnetflt.sys
00:11:18.0461 0x10e8  avnetflt - ok
00:11:18.0492 0x10e8  [ 6086B5EE0DA4600B2EC2725D82DEB74E, C67CA7021D710CFDCF62B17A2B2890E61E4F1E3D956312688454FD85738C303F ] AxInstSV        C:\WINDOWS\System32\AxInstSV.dll
00:11:18.0524 0x10e8  AxInstSV - ok
00:11:18.0555 0x10e8  [ 0914A5E66C0775CE11960452A6434FEC, 978C1E20023841FBFEF0CEAFE09EDB679612C8E5986C6E40C1F6D0835112D13E ] b06bdrv         C:\WINDOWS\system32\drivers\bxvbda.sys
00:11:18.0586 0x10e8  b06bdrv - ok
00:11:18.0617 0x10e8  [ F8129321B1874D4386F7FEB754BC3380, 7264E7E2A339E456C0A1A40FDFAE0D202905467400B93FA0700498B86172337F ] BasicDisplay    C:\WINDOWS\System32\drivers\BasicDisplay.sys
00:11:18.0649 0x10e8  BasicDisplay - ok
00:11:18.0664 0x10e8  [ E2BFD01BD0ECF2BDE9420022147952A4, 7798211996143067787881A1362D07B95CF688E96192E3627D30347C719D40CB ] BasicRender     C:\WINDOWS\System32\drivers\BasicRender.sys
00:11:18.0695 0x10e8  BasicRender - ok
00:11:18.0727 0x10e8  [ 739D089777D2B66DBE7201E5EA4BA2D7, 9AD12E18A042C5B8EFB19297BC2E7BD1FEF75A138FEFB64C6BF0261FD3E53AB1 ] bcmfn2          C:\WINDOWS\System32\drivers\bcmfn2.sys
00:11:18.0758 0x10e8  bcmfn2 - ok
00:11:18.0805 0x10e8  [ C3B27514035315E3C1FCE64E69E253ED, 03AF100927077AD608C5EA47A17081CEA849F44C471AF978F410B83E2ABA5AE7 ] BDESVC          C:\WINDOWS\System32\bdesvc.dll
00:11:18.0852 0x10e8  BDESVC - ok
00:11:18.0867 0x10e8  [ ED03D2ACE378C9EB8BB957ABBD85B951, E9AE3025DC4956B736651B20AEA665909C2B468F9AE3E317F545DD4EEEA7D9E8 ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
00:11:18.0899 0x10e8  Beep - ok
00:11:18.0961 0x10e8  [ 1FDC6CB56572203E6F4BF4E3FB30B886, 81D5C77C823DC078EEEB2DABEE5203D542C824E04FEDD96AA58F96037C065155 ] BFE             C:\WINDOWS\System32\bfe.dll
00:11:19.0008 0x10e8  BFE - ok
00:11:19.0070 0x10e8  [ 5C0D4DBACB90D9ECE77907F4F6CF9EF6, FC29F03FB7E58A9ED17A34BC2D8E39533070B8B23D1A110622C3A213BF48CD2D ] BITS            C:\WINDOWS\System32\qmgr.dll
00:11:19.0164 0x10e8  BITS - ok
00:11:19.0195 0x10e8  [ 2342B8619193B0D9FAC0D02C69DCE74A, 06A1512C9750ACD154DE8873DE6628355B7195759CE54FA96097EA6D56BE320E ] bowser          C:\WINDOWS\system32\DRIVERS\bowser.sys
00:11:19.0227 0x10e8  bowser - ok
00:11:19.0274 0x10e8  [ DD459140CBD075DCFA898097327DB8EB, 8EB685107F06566BC7516F6921547844F1E05A6CD3F0EE80E449638302F46F97 ] BrokerInfrastructure C:\WINDOWS\System32\bisrv.dll
00:11:19.0352 0x10e8  BrokerInfrastructure - ok
00:11:19.0367 0x10e8  [ 9C7F445B018AB4744B6E0C657B5D1833, 83D04F5E3D4BA46BBD8A67764A60F5731F86B0BE3A85C2858E002ABCC362F592 ] Browser         C:\WINDOWS\System32\browser.dll
00:11:19.0399 0x10e8  Browser - ok
00:11:19.0430 0x10e8  [ AF57F0B0E284BE06860A7B701341324D, F94E44C777FDC049158B7BF73DAFCDB103D08493AC898D1C928771650F664412 ] BthAvrcpTg      C:\WINDOWS\System32\drivers\BthAvrcpTg.sys
00:11:19.0445 0x10e8  BthAvrcpTg - ok
00:11:19.0477 0x10e8  [ 729CC10B1658178F0F009FE0E9159281, B0F692CAB2BE47415C8A8CCCE8D53CDDF2B70518536ACF91CF96D74ADD04AF9C ] BthHFEnum       C:\WINDOWS\System32\drivers\bthhfenum.sys
00:11:19.0508 0x10e8  BthHFEnum - ok
00:11:19.0539 0x10e8  [ 336A9C0254A0178ED50281B6EDF5B836, C9C454C6EC4FF5897B1873A7E90D1CE8122E43783E978A570CEA75E15F65DE97 ] bthhfhid        C:\WINDOWS\System32\drivers\BthHFHid.sys
00:11:19.0555 0x10e8  bthhfhid - ok
00:11:19.0586 0x10e8  [ D8428BEF4033C7BFCD981074E2318F89, 9C0692F8387BAD94CCA4E36B59701A7A7B8FDCB5377B4C2CA75424583835E112 ] BthHFSrv        C:\WINDOWS\System32\BthHFSrv.dll
00:11:19.0633 0x10e8  BthHFSrv - ok
00:11:19.0649 0x10e8  [ 5428242193611BF91DDBF4F58900A55A, 91D59B0D0C7CA3DBBA8CA7CAD1E24845A224F451FC1880BE8CB7C1585AC79080 ] BTHMODEM        C:\WINDOWS\System32\drivers\bthmodem.sys
00:11:19.0664 0x10e8  BTHMODEM - ok
00:11:19.0711 0x10e8  [ 6927D295017E9F1A5D655A8F3A122672, 4B686C93056924580390440B49C721BD9039D5C972994D8EA96CA848B786B693 ] bthserv         C:\WINDOWS\system32\bthserv.dll
00:11:19.0742 0x10e8  bthserv - ok
00:11:19.0758 0x10e8  [ 102CAA11BA89290D48FBFD2E04274BA0, 9C6786AD6C8BE5AF7538BAD553C401B0D7443E533CDE59E975CF3E07EF262F0C ] buttonconverter C:\WINDOWS\System32\drivers\buttonconverter.sys
00:11:19.0789 0x10e8  buttonconverter - ok
00:11:19.0805 0x10e8  [ 029434AC0A3935F9125ABBD08BF7C30B, 742338B882488CA83F502ACEBFEDC2783B8D9D6C391FE1088988276315A065F6 ] CAD             C:\WINDOWS\System32\drivers\CAD.sys
00:11:19.0820 0x10e8  CAD - ok
00:11:19.0852 0x10e8  [ 307AE8BC9B45772DA02FB952A1D86C35, 4983AC71C8E164D9E6669D345925B4FBEDD0A0A4566887E7ECC56C996B66DBD4 ] CapImg          C:\WINDOWS\System32\drivers\capimg.sys
00:11:19.0883 0x10e8  CapImg - ok
00:11:19.0899 0x10e8  [ B6E5AD7C83A5254DEE9D86023C0E5A81, 40F297406A025378A6273535475C1FF8C99BC6502B17C0E161131DA754D7974B ] cdfs            C:\WINDOWS\system32\DRIVERS\cdfs.sys
00:11:19.0914 0x10e8  cdfs - ok
00:11:19.0977 0x10e8  [ A0E5905465CBCCB63FE915F5B08752A8, 435B39A8B1684FFE9F2720A2CD11AF5A5F55E701709939756322C2CD6A22E0FA ] CDPSvc          C:\WINDOWS\System32\CDPSvc.dll
00:11:20.0055 0x10e8  CDPSvc - ok
00:11:20.0117 0x10e8  [ 618DA70D0D90DF3602259C1B121794DD, D2AF7967DE38F3B7C10824A1C900A145F45C57C0F179753A85989406600C4279 ] CDPUserSvc      C:\WINDOWS\System32\CDPUserSvc.dll
00:11:20.0180 0x10e8  CDPUserSvc - ok
00:11:20.0227 0x10e8  [ ABE77AD954BC3D72F559CF0C381E50BC, D0F24B023D7CADD4893AAF223A9BAC00B2C58D552E0C314B506C01767FB74133 ] cdrom           C:\WINDOWS\System32\drivers\cdrom.sys
00:11:20.0242 0x10e8  cdrom - ok
00:11:20.0289 0x10e8  [ 0EC94DA356D89CACD89B6E139E4D0A7D, 2F887681FDD5AB787154403E34623B1DFB61C70DAE5E2BFF1565E100F228870B ] CertPropSvc     C:\WINDOWS\System32\certprop.dll
00:11:20.0321 0x10e8  CertPropSvc - ok
00:11:20.0352 0x10e8  [ 05EA22CFC40EDE05BF6E3BC782E5204C, F0C9C692FC31387E9D19426D3253317B6BA86D7118E3884C11E3287695006443 ] cht4iscsi       C:\WINDOWS\system32\drivers\cht4sx64.sys
00:11:20.0383 0x10e8  cht4iscsi - ok
00:11:20.0461 0x10e8  [ 863E1C9F6750446DFB9EDCAEC3531367, 88C5EE76FD85640EB1440DEFC7B6CB918E18DC09507BA91FAE285370B8C7D56A ] cht4vbd         C:\WINDOWS\System32\drivers\cht4vx64.sys
00:11:20.0539 0x10e8  cht4vbd - ok
00:11:20.0571 0x10e8  [ 3E416539352B007AD0610BF34AC15D31, E2041129770B24AE95C5EC4B507477C72DFE8CB08D412E2621BF67207F9DEB8C ] circlass        C:\WINDOWS\System32\drivers\circlass.sys
00:11:20.0586 0x10e8  circlass - ok
00:11:20.0602 0x10e8  [ 616E1ED94FA7F96D429D985FDB203D2E, EA681C442AA0F7D424C8DABD8D1C14653E61BDE740C0BC4C6C308B5FB4FE67AA ] CldFlt          C:\WINDOWS\system32\drivers\cldflt.sys
00:11:20.0633 0x10e8  CldFlt - ok
00:11:20.0664 0x10e8  [ 96C01F97576D2542FCBD28E13C8CC6A1, 98E2501197B97399EB1F7C8AA96B5696931736E44400314E768A6C029B9E1C62 ] CLFS            C:\WINDOWS\system32\drivers\CLFS.sys
00:11:20.0696 0x10e8  CLFS - ok
00:11:20.0742 0x10e8  [ FA57DEAD00DF87AF861B5FAF253ED3B9, 81BD591549CC1F2312AE85A455B28D051FC7D3A54D6371A634DF09DF8A00F952 ] ClipSVC         C:\WINDOWS\System32\ClipSVC.dll
00:11:20.0789 0x10e8  ClipSVC - ok
00:11:20.0821 0x10e8  [ 5118CFC33BBB51C7E3ED441B7085AD26, 8D33864FF750926C4B95827FFAD24C558DE8A90FC5B2663084DEAB5ADBBFAFD2 ] clreg           C:\WINDOWS\System32\drivers\registry.sys
00:11:20.0852 0x10e8  clreg - ok
00:11:20.0867 0x10e8  [ 232F3A3AC3A2FB32C5C46503A6517073, 9E0232E095471E6C8825E870F5842838F1AE515E56410F6A5CC3D58A9A4AF33A ] CmBatt          C:\WINDOWS\System32\drivers\CmBatt.sys
00:11:20.0883 0x10e8  CmBatt - ok
00:11:20.0923 0x10e8  [ 3413CE81E02C091F33C4C3DD3071630F, 4758A2BB2FD453E9867C04CC420D12B279BB97E3C4E664A7058EA5F1EC63D04C ] CNG             C:\WINDOWS\system32\Drivers\cng.sys
00:11:20.0970 0x10e8  CNG - ok
00:11:20.0985 0x10e8  [ E1BFF774FF67CA951A5DFF0E104FB132, 68809C4B72C54CEDE3AD33F5634E15A0225A67B391F9012EC7CEBA8AFC6EC3D5 ] cnghwassist     C:\WINDOWS\system32\DRIVERS\cnghwassist.sys
00:11:21.0001 0x10e8  cnghwassist - ok
00:11:21.0063 0x10e8  [ DFDAEDB857BC18764F0D8ECDCC3C1499, AE12E908BAF53C605A17A9FB1AFD6BFBEC75EBE45D893541281473C197C71FED ] CompositeBus    C:\WINDOWS\System32\DriverStore\FileRepository\compositebus.inf_amd64_de4c68ea4fb1be53\CompositeBus.sys
00:11:21.0079 0x10e8  CompositeBus - ok
00:11:21.0079 0x10e8  COMSysApp - ok
00:11:21.0095 0x10e8  [ 04532711732BE9DBC364E88E4A9EC18A, FCEB1F486E146A3FE7307397C1EB6760BFD8A327545F81C546F7134B08615B9E ] condrv          C:\WINDOWS\system32\drivers\condrv.sys
00:11:21.0110 0x10e8  condrv - ok
00:11:21.0157 0x10e8  [ 605D4C2E374197FEA0D0BC9C41E5945A, 0E655CEBB86DECC76153776AA4B78B7B7457ABA899B3437F76A7BE09F08752BB ] CoreMessagingRegistrar C:\WINDOWS\system32\coremessaging.dll
00:11:21.0204 0x10e8  CoreMessagingRegistrar - ok
00:11:21.0280 0x10e8  [ A28D6FA203CE094BDE7ED8CEC6079E42, 5DCA8BA21F5FD0D9F00620E7592949ABCF3BA202CF7AF3D84F93DF7C13E2D4C9 ] cphs            C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
00:11:21.0327 0x10e8  cphs - ok
00:11:21.0343 0x10e8  [ 1F7F1A15B807BC7B241BB2FEEA79BC92, D756E2247757C274F3470B46FCDBB63317C05E8E66FDA9DB7ABF3A6820933D4C ] CryptSvc        C:\WINDOWS\system32\cryptsvc.dll
00:11:21.0374 0x10e8  CryptSvc - ok
00:11:21.0390 0x10e8  [ F51953EC4B9AACD92A3B3CE66E05CEF4, D39C9696213F53F89209000F245AC178B342A84E46EE766B634BB8DB86A26BB8 ] dam             C:\WINDOWS\system32\drivers\dam.sys
00:11:21.0405 0x10e8  dam - ok
00:11:21.0452 0x10e8  [ 0E79A4C76CAAA0CFE9CA42C13E5AA086, C4D90EDA54216CC7897128D39517E4E18195BF28254796C6D0684E2C7DB90642 ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
00:11:21.0530 0x10e8  DcomLaunch - ok
00:11:21.0577 0x10e8  [ 1175E107082287A58A756239F48E1A73, 0DB2017061D94FAC95CEBD7C4729E42018A92698D72CEE3EA412A9D14DB8D552 ] defragsvc       C:\WINDOWS\System32\defragsvc.dll
00:11:21.0640 0x10e8  defragsvc - ok
00:11:21.0671 0x10e8  [ BBCAC50027D030E07EC7E5C36469FAFF, FEF39659F21D2AE676E4882FBAF5A881C534BB7EA26E5EFF9F7B5F8B952D6532 ] DeviceAssociationService C:\WINDOWS\system32\das.dll
00:11:21.0718 0x10e8  DeviceAssociationService - ok
00:11:21.0749 0x10e8  [ A2BACEBAC01BE7A6656B454E75C23262, C2C168718A341D48679AC4CA8005BD06E9F1F0D1F7C72D3C30A7A8CE1F665A43 ] DeviceInstall   C:\WINDOWS\system32\umpnpmgr.dll
00:11:21.0796 0x10e8  DeviceInstall - ok
00:11:21.0843 0x10e8  [ 5B84093D490A6B060C8BE60BA52C876F, D34A854418A66529B18313A50E6D7EAB982611AD9AB0335245AE764FE0602C22 ] DevicesFlowUserSvc C:\WINDOWS\System32\DevicesFlowBroker.dll
00:11:21.0890 0x10e8  DevicesFlowUserSvc - ok
00:11:21.0921 0x10e8  [ F08F70BBD833BAA3BF0D5E500CBEE6CC, 8BB99E6D96CB8B25036549030986EC267C26BF1FC66E4EB00A3E41FE3BB5DE70 ] DevQueryBroker  C:\WINDOWS\system32\DevQueryBroker.dll
00:11:21.0952 0x10e8  DevQueryBroker - ok
00:11:21.0983 0x10e8  [ 185A4519B7764F4DEF714D890A7A9FD2, 9805D9DB42D11582583EA3F0FFEE9EF2B0C536DA99A9A3D3863B2669B1CC34A7 ] Dfsc            C:\WINDOWS\system32\Drivers\dfsc.sys
00:11:22.0015 0x10e8  Dfsc - ok
00:11:22.0046 0x10e8  [ 9593475FBC857A05D93BFF4FA7323C2B, D2A958AF5EFDC6136A6ABB7F8D5FE1F84C967E79BEA96C5BE3661A0145DEB907 ] dg_ssudbus      C:\WINDOWS\system32\DRIVERS\ssudbus.sys
00:11:22.0061 0x10e8  dg_ssudbus - ok
00:11:22.0093 0x10e8  [ BC5188B3F35BB8070888441A2A740465, 05C18A3DC1BD96C6751E76DBF57C47E526A1F9DF5E013B20B69EA0159CD6CE56 ] Dhcp            C:\WINDOWS\system32\dhcpcore.dll
00:11:22.0140 0x10e8  Dhcp - ok
00:11:22.0186 0x10e8  [ 5DF493C7954890EEC65CC2A21D479F76, 67087AAAC2AF93F265077AA392444E32DC299918A843A8AECFBE73636A5F2314 ] diagnosticshub.standardcollector.service C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
00:11:22.0233 0x10e8  diagnosticshub.standardcollector.service - ok
00:11:22.0343 0x10e8  [ 3835D0DD7A932266CC0746FDC5EC5568, 9F0933698C94FB51960818D20DAF2EE7530EA77DCA6E30603EEE85B60D807891 ] DiagTrack       C:\WINDOWS\system32\diagtrack.dll
00:11:22.0483 0x10e8  DiagTrack - ok
00:11:22.0499 0x10e8  [ 1203EA16F36C5BEB2509FB7CC03DC178, 195209CB711E5BDE24A50C88AA62F32E8AE26F6A83B423374FCA41444F55D1CE ] Disk            C:\WINDOWS\system32\drivers\disk.sys
00:11:22.0515 0x10e8  Disk - ok
00:11:22.0546 0x10e8  [ 626E3564A7588139DE2367E14F8CAAB2, 472530B6DD70F4A5E61A8572B0479A6DF3BE8B4DD1E021BF00D05B3553927463 ] DmEnrollmentSvc C:\WINDOWS\system32\Windows.Internal.Management.dll
00:11:22.0624 0x10e8  DmEnrollmentSvc - ok
00:11:22.0640 0x10e8  [ 038B8B76284BC291EC75B005BB3EB13F, FE7BD7CF833C4A96ABF4FD6EBAB829CC4D8096780A22A313035D7E49BBA12D36 ] dmvsc           C:\WINDOWS\System32\drivers\dmvsc.sys
00:11:22.0671 0x10e8  dmvsc - ok
00:11:22.0702 0x10e8  [ 32C76DFE2586EBECFFA4112E9196591C, 190C294F50B96B13D0B776F7C19DCB47EAACBEE999CBA50236CF8C856CF38B17 ] dmwappushservice C:\WINDOWS\system32\dmwappushsvc.dll
00:11:22.0733 0x10e8  dmwappushservice - ok
00:11:22.0765 0x10e8  [ FC3AA34608A69BDAC67E31FB70C8A720, 38815F527DF963B4A7D93895776DDD618BD29782B1FA74EB1A7319AE58739A06 ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
00:11:22.0796 0x10e8  Dnscache - ok
00:11:22.0811 0x10e8  [ F08CB37830A1F9950E8B2F7B1F78CC7E, E4E75645893597F6A02B98DC4F126A664F5DEF7B1CD4C2DEE5CA8ED18DB64C9C ] dot3svc         C:\WINDOWS\System32\dot3svc.dll
00:11:22.0843 0x10e8  dot3svc - ok
00:11:22.0874 0x10e8  [ 3425E26D0A7792F2EE7745C0336C2062, 54A3AFFC31C2641BCE1877F2CBA61D2CD7191BA39FD5B3659491E4E307570C1E ] DPS             C:\WINDOWS\system32\dps.dll
00:11:22.0905 0x10e8  DPS - ok
00:11:22.0936 0x10e8  [ 3D934A1C02EB6979CF45C70A71F580EC, 279B325E18ABF82FF523095D8D5958A3A48C7B7A4F64BD562DDED1D0662B608A ] drmkaud         C:\WINDOWS\system32\DRIVERS\drmkaud.sys
00:11:22.0968 0x10e8  drmkaud - ok
00:11:22.0999 0x10e8  [ 5E92CB292D676634058E6C62653C9227, CE35C51B444664641306B4C2E21978B3418B58B2A973B19B908D86FE723FB4C4 ] DsmSvc          C:\WINDOWS\System32\DeviceSetupManager.dll
00:11:23.0046 0x10e8  DsmSvc - ok
00:11:23.0062 0x10e8  [ E479C2656A3A47F5D4FAD10AE6EAED52, B17D18D5440CF131EEADA385989A8ED0DB7728CAAC4E745720947DD1BC4F9EF6 ] DsSvc           C:\WINDOWS\System32\DsSvc.dll
00:11:23.0093 0x10e8  DsSvc - ok
00:11:23.0124 0x10e8  [ 682D7DF9704217DD8716307F9E2EEC05, A8D36414A7316C59995CF9689DD84B2FD3FECE47E39F515C81BC3C439890E993 ] DusmSvc         C:\WINDOWS\System32\dusmsvc.dll
00:11:23.0171 0x10e8  DusmSvc - ok
00:11:23.0280 0x10e8  [ F5DFB6D800946ADE35C71BE9928098A9, 7B187EC9CCA233C16C9F98F9CFFB1A85A42FC79C652B26C8FED40890F11871F3 ] DXGKrnl         C:\WINDOWS\System32\drivers\dxgkrnl.sys
00:11:23.0390 0x10e8  DXGKrnl - ok
00:11:23.0421 0x10e8  [ ECA1628436628362856ACF239E6AFD29, 19051DC348918B863E0A272CF56891B8CB49E7E705B8BAC7663D36C797A7B962 ] EapHost         C:\WINDOWS\System32\eapsvc.dll
00:11:23.0468 0x10e8  EapHost - ok
00:11:23.0623 0x10e8  [ D64CD3AE93125EDA383190C2AF607E70, 3D180B96C6A2318842FA03AE5F703320A93CF1F440FF7D0E6F6F9BAD98F2FA02 ] ebdrv           C:\WINDOWS\system32\drivers\evbda.sys
00:11:23.0795 0x10e8  ebdrv - ok
00:11:23.0827 0x10e8  [ EABFCDA6E996F8A32DC1B302F7683BB2, 5FF2BA89D9A7BDE78C40866F15EC576527699ADD0F120E1A8388C4404A69F0E8 ] EFS             C:\WINDOWS\System32\lsass.exe
00:11:23.0842 0x10e8  EFS - ok
00:11:23.0873 0x10e8  [ FFBB37982E6D24AEC7A2E5459098EAC9, E89DD74540088ECAC9E802D7A059C0A6E3E5412BD42E5E9F26258724458EF8DB ] EhStorClass     C:\WINDOWS\system32\drivers\EhStorClass.sys
00:11:23.0889 0x10e8  EhStorClass - ok
00:11:23.0905 0x10e8  [ ABF38D02E01D6ED87AE1DF65FC5DF62D, 57D48609DA30F60016D2ADEB9A772942FB39A117247EB63FAE3FCF50D726B698 ] EhStorTcgDrv    C:\WINDOWS\system32\drivers\EhStorTcgDrv.sys
00:11:23.0920 0x10e8  EhStorTcgDrv - ok
00:11:23.0952 0x10e8  [ 5E4AB60D50F368A09275F4055D621EDC, C840F5DF3C0813EC6CB9BA0C3C91F2C6410227A6255DEF5FA94C8AC1E43E36A0 ] embeddedmode    C:\WINDOWS\System32\embeddedmodesvc.dll
00:11:23.0983 0x10e8  embeddedmode - ok
00:11:24.0014 0x10e8  [ CA966CED8970A60FB00A3592564EF093, 4BD904032445235EE69DAA0024E0FB3D8B2325D897A683E334754EB3CA90AB39 ] EntAppSvc       C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll
00:11:24.0061 0x10e8  EntAppSvc - ok
00:11:24.0123 0x10e8  [ AD2D0DD976F59A93B95B2268CC956E7C, B613254237B68A55BBDA38FA79923E39F4D687A2299E99F1990A8322A1F014D6 ] epp             C:\PROGRAM FILES\EMSISOFT INTERNET SECURITY\epp.sys
00:11:24.0186 0x10e8  epp - ok
00:11:24.0202 0x10e8  [ B9A59B4AD516E38C39FA416398B96CCB, 4630A9AD414476B47F634F2EB5659597797222A8938B68847B97FECCE1A1B5F8 ] ErrDev          C:\WINDOWS\System32\drivers\errdev.sys
00:11:24.0248 0x10e8  ErrDev - ok
00:11:24.0295 0x10e8  [ 028DE72382B615EED1E67C674645F605, 1CD04531216BFC05238F7E324E3A3772014DC578230941EED0CC959612CD290F ] ETD             C:\WINDOWS\system32\DRIVERS\ETD.sys
00:11:24.0311 0x10e8  ETD - ok
00:11:24.0342 0x10e8  [ FDEBB26E388550F77282B85BE3A14B0A, 22E25E8172921265DFE5FB6EA96737CDB50D5A6FE79ACAA99B76EB80E998AC70 ] ETDService      C:\Program Files\Elantech\ETDService.exe
00:11:24.0358 0x10e8  ETDService - ok
00:11:24.0389 0x10e8  [ 40C3A0FFB78F345D5A0178B2899F9767, 781CAE54432DD8C0EFA9DE86D86E328849DD84A1813C8C745551080C617FD035 ] ETDSMBus        C:\WINDOWS\System32\drivers\ETDSMBus.sys
00:11:24.0405 0x10e8  ETDSMBus - ok
00:11:24.0452 0x10e8  [ 1541374239F33512D7F4D24ED1E9238C, 8B1548D4052A72175EB6ADA9FD4286ACD5041E1CE071DCAC3760BB227FCD3621 ] EventSystem     C:\WINDOWS\system32\es.dll
00:11:24.0483 0x10e8  EventSystem - ok
00:11:24.0530 0x10e8  [ 9C4D88E8614487AD85A6F18A71A7298F, EE6F48C89D6379C7361484EAE7C7FAAA477D48032BFDD0D363E48642E62EADF4 ] exfat           C:\WINDOWS\system32\drivers\exfat.sys
00:11:24.0566 0x10e8  exfat - ok
00:11:24.0586 0x10e8  [ C61014A176ECAAF97589E6FC979CE786, FB913AC647B68DB9854367BB1E53A504A85833966211279C8D7171698F743B27 ] fastfat         C:\WINDOWS\system32\drivers\fastfat.sys
00:11:24.0617 0x10e8  fastfat - ok
00:11:24.0664 0x10e8  [ ECC5AEFEA31F1A078E954305B8CA6373, 15948D017E3B52D3B4BBEC047F963BD77247E24A59F0532B6A023B0C4159FC84 ] Fax             C:\WINDOWS\system32\fxssvc.exe
00:11:24.0711 0x10e8  Fax - ok
00:11:24.0742 0x10e8  [ 853081957BA148F38FD8DE4390CFCF4A, 37C92C7ABA55A5FF7094F77F8EBEEE1F4BEE161CEC6B01A50FC0D0C39E36C142 ] fdc             C:\WINDOWS\System32\drivers\fdc.sys
00:11:24.0758 0x10e8  fdc - ok
00:11:24.0789 0x10e8  [ 885C06C35CC8FAEDDE3CDA36B72CA2A9, FF6584E7AF2FB540B2183665C3E216BE98DE953CEA6A7E4C5F13514BE4AAC9D3 ] fdPHost         C:\WINDOWS\system32\fdPHost.dll
00:11:24.0852 0x10e8  fdPHost - ok
00:11:24.0867 0x10e8  [ 367E878C79D9F391E3D53B6BBC1B6386, 739D89F6954E17B73F53702CFF8EE985FB241255D962A83BAF1A20E783CAF466 ] FDResPub        C:\WINDOWS\system32\fdrespub.dll
00:11:24.0914 0x10e8  FDResPub - ok
00:11:24.0946 0x10e8  [ 514F6A0B83527DD6ACCC8B21A57B10E3, EA3D401E42D05BA39E5874513DFB895A086BECE4D69FC1AC12F85F326A435A4B ] fhsvc           C:\WINDOWS\system32\fhsvc.dll
00:11:24.0992 0x10e8  fhsvc - ok
00:11:25.0024 0x10e8  [ 27E764D6460504B7271AFECE7A59FB76, A32B08142068BF042B3E47C0CA7F4FCFD07A37807B1B8DAAE614F3A132475D52 ] FileCrypt       C:\WINDOWS\system32\drivers\filecrypt.sys
00:11:25.0055 0x10e8  FileCrypt - ok
00:11:25.0071 0x10e8  [ 3D6087F51110F3CC0DA89385354F8C5E, 49FF976C3391A257BCD4B048BF6D1273F8537005E32D65E5F272AF3294639F05 ] FileInfo        C:\WINDOWS\system32\drivers\fileinfo.sys
00:11:25.0102 0x10e8  FileInfo - ok
00:11:25.0133 0x10e8  [ 057E95E53C38260C4EF49B3A077770CD, 7008E71663046FF1D91D9DC3570094561C812067E1CA07715A1D2E4F787207AE ] Filetrace       C:\WINDOWS\system32\drivers\filetrace.sys
00:11:25.0149 0x10e8  Filetrace - ok
00:11:25.0164 0x10e8  [ 90B2983D8495C26345A1DC5F0C3BB07B, 50D834D40C27EEF5023556A77B13D3335789333E302A73DF221CD86D156FDEE9 ] flpydisk        C:\WINDOWS\System32\drivers\flpydisk.sys
00:11:25.0180 0x10e8  flpydisk - ok
00:11:25.0211 0x10e8  [ A84261F75F490E45CFEDBA77EFE4F67E, 292BA04D8996140255E4B6105015C2A640890BEFB6C022E30E0D9CBF45D5F4DB ] FltMgr          C:\WINDOWS\system32\drivers\fltmgr.sys
00:11:25.0242 0x10e8  FltMgr - ok
00:11:25.0336 0x10e8  [ 4255A21E89EFEDD8488E3ED81A9F7993, CA918E83A204A38C022A8EF28ACBF4575CEA39EED04FC739C5AD9BC464FF1753 ] FontCache       C:\WINDOWS\system32\FntCache.dll
00:11:25.0461 0x10e8  FontCache - ok
00:11:25.0539 0x10e8  [ B282011D13BBEEA0273DF33C5E776D55, B4AF068BBB09D0F546F5590FCDD745250CFD58DD3A8ABF5DC26670FA32D181FB ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
00:11:25.0571 0x10e8  FontCache3.0.0.0 - ok
00:11:25.0618 0x10e8  [ 8E0A89C8BC29F4B066B1DA4B96A63609, 1F4ABEC209ECDCA20620C7D7DB0C407F8D1032D506259B11FEAF2A0C3E14B1A3 ] FrameServer     C:\WINDOWS\system32\FrameServer.dll
00:11:25.0664 0x10e8  FrameServer - ok
00:11:25.0696 0x10e8  [ D2814848206DFC18EB8D3D069FAE703E, A62263CDF9261B692423473F4FF23B01AC864C05850BA5591EB9019906B4A08B ] FsDepends       C:\WINDOWS\system32\drivers\FsDepends.sys
00:11:25.0727 0x10e8  FsDepends - ok
00:11:25.0743 0x10e8  [ AE7EDF845F41ACA3B74567C3CE20E987, 6159C227C85912B03D8C35A1EF91705AE6C1C23C7228D6FCC0A9529844798E1B ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
00:11:25.0758 0x10e8  Fs_Rec - ok
00:11:25.0789 0x10e8  [ FF0699483185CE3B4E1144DF19AC5E97, 9BA0A2F04A1A51AFC3B830452AC75BE2D76300BAF1918BCF5AB60E4EB9888F0F ] fvevol          C:\WINDOWS\system32\DRIVERS\fvevol.sys
00:11:25.0836 0x10e8  fvevol - ok
00:11:25.0868 0x10e8  [ CE499AC35643557A7AFDE6850A26B3F2, EF6CA7B9C132ED8F7F41B00590EF56408FCF1A59B76AB16820FB18C92A3D0C50 ] FWNDIS_LWF      C:\WINDOWS\system32\DRIVERS\fwndislwf64.sys
00:11:25.0883 0x10e8  FWNDIS_LWF - ok
00:11:25.0924 0x10e8  [ 7C301CD533772C905764994AFF1BE9DD, DCFC30515168598C32E7DF97E61687D45F204EFAC774D340F252F7C9F22135FB ] fwwfp           C:\Program Files\Emsisoft Internet Security\fwwfp764.sys
00:11:25.0955 0x10e8  fwwfp - ok
00:11:26.0018 0x10e8  [ C403C5DB49A0F9AAF4F2128EDC0106D8, 3C6948B63278022D8182F773C5FA15784514F76C1546118DDBADBA322B962D12 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
00:11:26.0049 0x10e8  GamesAppService - ok
00:11:26.0096 0x10e8  [ 4616F61E24B3AEA6E0E4EA7D69531EF4, 34CB16F68E4A4D19346C7FEC29BB5FE09BAAEC19EA730C9B93450F940D124D49 ] gencounter      C:\WINDOWS\System32\drivers\vmgencounter.sys
00:11:26.0127 0x10e8  gencounter - ok
00:11:26.0159 0x10e8  [ 23174BB6937459B924BB8EF667FB28EF, 6675B87F4DE9CCA96B6BAB9F77C4E0B377828613D9FFB03F7D443AF11321F157 ] genericusbfn    C:\WINDOWS\System32\drivers\genericusbfn.sys
00:11:26.0190 0x10e8  genericusbfn - ok
00:11:26.0221 0x10e8  [ 4B11CFBE1D9B73A9D865F6AB26F800BA, BD76CB5AF0EE6DD404875A4C36622C6BC8CCF2975C47E28DD305EB041C6C0B91 ] GPIOClx0101     C:\WINDOWS\system32\Drivers\msgpioclx.sys
00:11:26.0237 0x10e8  GPIOClx0101 - ok
00:11:26.0299 0x10e8  [ CF22C0941409C772AA1568DC4F89A111, ED5895F024E64B672EB3FAE6C456FA0D30A068CF2B475A7EE988DEA4DCD6D8DE ] gpsvc           C:\WINDOWS\System32\gpsvc.dll
00:11:26.0377 0x10e8  gpsvc - ok
00:11:26.0409 0x10e8  [ 3FC3FCF557D0BE3D724EA10642E1F6FF, 744D0DDE748A1B681087668CB893F9A60A2BBE80A71098944E75B6A9AA934C82 ] GpuEnergyDrv    C:\WINDOWS\system32\drivers\gpuenergydrv.sys
00:11:26.0440 0x10e8  GpuEnergyDrv - ok
00:11:26.0487 0x10e8  [ 053EEEE1ABAE53F044F1E386E22AE525, 195C8B78C0CF68F3DC1C08E58CE2A7146764F9273C39EF369194A366FA8EE1AD ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
00:11:26.0518 0x10e8  gupdate - ok
00:11:26.0534 0x10e8  [ 053EEEE1ABAE53F044F1E386E22AE525, 195C8B78C0CF68F3DC1C08E58CE2A7146764F9273C39EF369194A366FA8EE1AD ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
00:11:26.0549 0x10e8  gupdatem - ok
00:11:26.0549 0x10e8  [ DD1A6F4998E7E21564FA9BAFE21C87ED, CAD04E9B8244ACA3314C6FD4422BE7A3B578AF1E61F13773A2C5DB388B3337F6 ] HDAudBus        C:\WINDOWS\System32\drivers\HDAudBus.sys
00:11:26.0580 0x10e8  HDAudBus - ok
00:11:26.0596 0x10e8  [ 9F90819E301C70A3A042FC05D3E41B5F, D2175786775D08686264001ABAA4B61DC08A847666F6B9A2A64D10BFC022F646 ] HidBatt         C:\WINDOWS\System32\drivers\HidBatt.sys
00:11:26.0612 0x10e8  HidBatt - ok
00:11:26.0627 0x10e8  [ 3CA3244C45B25F3B3ED9445C195E40EB, 9C43B31DAB473D29069D0D6BC130660424FE2414BA519107641FA1561C10C76D ] HidBth          C:\WINDOWS\System32\drivers\hidbth.sys
00:11:26.0659 0x10e8  HidBth - ok
00:11:26.0674 0x10e8  [ 55DAF856F9633DD2519BA4E942870F02, 5283548CB93EB46C5FD3B08E45C97BBFB33D47F11F89560508775889FBF2F754 ] hidi2c          C:\WINDOWS\System32\drivers\hidi2c.sys
00:11:26.0690 0x10e8  hidi2c - ok
00:11:26.0721 0x10e8  [ E34216A190D9BF8EAA666F6903BCD0EF, DA8529DAF903B447CC5FF2D112F670696549A4B66F54DF9A8C8C615D969CD477 ] hidinterrupt    C:\WINDOWS\System32\drivers\hidinterrupt.sys
00:11:26.0737 0x10e8  hidinterrupt - ok
00:11:26.0737 0x10e8  [ 852DBB5185996AD8C73872A43A453729, 8C20331AE99E280799407CC5FCF88F8F645C331604230876A2CD7C253B9BD633 ] HidIr           C:\WINDOWS\System32\drivers\hidir.sys
00:11:26.0768 0x10e8  HidIr - ok
00:11:26.0799 0x10e8  [ 6339CC87F0F610D1575C9A419940602A, B2A054ED0B669FA54E250EC2926955B1D944FA1FB2AF5B590C181CB2E9D297BA ] hidserv         C:\WINDOWS\system32\hidserv.dll
00:11:26.0815 0x10e8  hidserv - ok
00:11:26.0846 0x10e8  [ 7222DC0F811BBD1B4B4A7C28B7C31AE5, B161D32B2EDD4BB110C80918A36B05D7990CE76567BE59FD1C3C07D53C3AFE03 ] HIDSwitch       C:\WINDOWS\System32\drivers\AsHIDSwitch64.sys
00:11:26.0862 0x10e8  HIDSwitch - ok
00:11:26.0877 0x10e8  [ C1A608120DE0DF52E51B8BAF86AF19F9, F3529822E78CFCA2E323A75926A833529889E40BB9602B287CC343C496CB2062 ] HidUsb          C:\WINDOWS\System32\drivers\hidusb.sys
00:11:26.0909 0x10e8  HidUsb - ok
00:11:26.0940 0x10e8  [ BD1CF47172B97707DFC66ADA741AE2BE, 9607AB7074FC54D88FDF6E2A31506BCF8ECBF8FD651BB5CEA2421471C24BCED1 ] HomeGroupListener C:\WINDOWS\system32\ListSvc.dll
00:11:26.0987 0x10e8  HomeGroupListener - ok
00:11:27.0018 0x10e8  [ A004895B838003BAE2281DAF193B6A09, 587FCDCEF769B2AED12551B6426477B764CB8A025E692D4EC8B24E1CBA1C06E3 ] HomeGroupProvider C:\WINDOWS\system32\provsvc.dll
00:11:27.0049 0x10e8  HomeGroupProvider - ok
00:11:27.0080 0x10e8  [ 8ADD9CA3E0F18CEA11EA6FAED794A228, B46BA885ED8253A253B1C87C331CA145F7F397AF49853038B3F1EDAF81B2C4BA ] HpSAMD          C:\WINDOWS\system32\drivers\HpSAMD.sys
00:11:27.0096 0x10e8  HpSAMD - ok
00:11:27.0143 0x10e8  [ 2413454E305678EA9A486E8DE2E67849, 5E821E909F99BAB782D89A0CDBFAE5474FEA211EB4F626A824D10D733F3FDC67 ] HTTP            C:\WINDOWS\system32\drivers\HTTP.sys
00:11:27.0190 0x10e8  HTTP - ok
00:11:27.0237 0x10e8  [ D3C45F1B5BB3EE772CDA416A4A3EEB9B, 97CD988CF307EBCC34F37F130F4F2C989DD17E70B2498DB1929B566A3387887B ] HvHost          C:\WINDOWS\System32\hvhostsvc.dll
00:11:27.0268 0x10e8  HvHost - ok
00:11:27.0346 0x10e8  [ F60F8390B635156593F7493AE898AFB0, AC5E58CDA12072C5FDBFEA0FA009CE2E251D143FC0878B2658ECCCF797B8B0EC ] hvservice       C:\WINDOWS\system32\drivers\hvservice.sys
00:11:27.0377 0x10e8  hvservice - ok
00:11:27.0377 0x10e8  [ 563F5FC3B46A70A91AB6C8822AC8BF25, 43E647A7752D7444BF306E38571130AB778AA2A6892782C6C1112E47FBEFBC87 ] hwpolicy        C:\WINDOWS\system32\drivers\hwpolicy.sys
00:11:27.0393 0x10e8  hwpolicy - ok
00:11:27.0424 0x10e8  [ C082249BC3E972C8A132D9EC6AD9EAD5, D69EEFD97CF5E0BD64D11DE1C331D02A9BE522BB93A40FF32ED434D960B85D39 ] hyperkbd        C:\WINDOWS\System32\drivers\hyperkbd.sys
00:11:27.0440 0x10e8  hyperkbd - ok
00:11:27.0455 0x10e8  [ C6C8315E3262FAE460529C6DA2951682, 4ADBFA6601209BF6F5A9797721CBE2011905775CF4E266D7B42F89915D477E95 ] i8042prt        C:\WINDOWS\System32\drivers\i8042prt.sys
00:11:27.0487 0x10e8  i8042prt - ok
00:11:27.0502 0x10e8  [ C6B8743B213F06AA60943D8366FE968F, 758954F70B810063914B243115B2C753B2BCE40190F95C30ACBA0BF04EBD5B33 ] iagpio          C:\WINDOWS\System32\drivers\iagpio.sys
00:11:27.0518 0x10e8  iagpio - ok
00:11:27.0534 0x10e8  [ 9A2A2F3C69B9A30B6E78536F6D258BAD, 5E28E132A7300E6F5E0C6439D6BA00F1AEF66D729FF671FDA91274A25A921463 ] iai2c           C:\WINDOWS\System32\drivers\iai2c.sys
00:11:27.0565 0x10e8  iai2c - ok
00:11:27.0580 0x10e8  [ 42962355A7911407026E920E7252E3E5, 4A4016A53ED61354C81C594968339E6F3CCCFF4A64F8F28AD008ED8137E05AD2 ] iaLPSS2i_GPIO2  C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2.sys
00:11:27.0612 0x10e8  iaLPSS2i_GPIO2 - ok
00:11:27.0627 0x10e8  [ BD47B2FEABFA48C6224D43EE9EA9BC06, 304628CA458AA7B1B8B1CFF12074AD75C1CE7BD41820B99607D7FA99A817D007 ] iaLPSS2i_GPIO2_BXT_P C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2_BXT_P.sys
00:11:27.0643 0x10e8  iaLPSS2i_GPIO2_BXT_P - ok
00:11:27.0659 0x10e8  [ 2184CB3A65888F446FCD6DBA9F073F4C, 0B3D63EC7F61BFAD490C123084965A9F38DBFE587AC9DAE6F4E6B68AD8093DB2 ] iaLPSS2i_I2C    C:\WINDOWS\System32\drivers\iaLPSS2i_I2C.sys
00:11:27.0690 0x10e8  iaLPSS2i_I2C - ok
00:11:27.0705 0x10e8  [ 4126F8DA08CE7924A3AE6F7235F85D5F, 668DC1D09496A95F44C07C5C1F6ED7D3EFC6F89523B2744A86B460E5BECAEFB5 ] iaLPSS2i_I2C_BXT_P C:\WINDOWS\System32\drivers\iaLPSS2i_I2C_BXT_P.sys
00:11:27.0737 0x10e8  iaLPSS2i_I2C_BXT_P - ok
00:11:27.0752 0x10e8  [ 16A10CCEDCF5AC4CAAE43DC9FC40392F, F77696AE55B992154A3B35F7660BD73E0AB35A6ECEEC1931C0D35748CFA605C0 ] iaLPSSi_GPIO    C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys
00:11:27.0768 0x10e8  iaLPSSi_GPIO - ok
00:11:27.0784 0x10e8  [ EB82A11613326691508D9ED9A4FE29E7, 8445E41BAB21964C7F014742795E462BDDC6C37A261990B3D6BF4E637A719547 ] iaLPSSi_I2C     C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys
00:11:27.0799 0x10e8  iaLPSSi_I2C - ok
00:11:27.0846 0x10e8  [ 0A34D806EF2767E62CAFEA1A150A8830, 2C5C9C0924C6AE379E3CD071E6687885006843A17742B083CE14719F666F7FE6 ] iaStorA         C:\WINDOWS\system32\drivers\iaStorA.sys
00:11:27.0877 0x10e8  iaStorA - ok
00:11:27.0909 0x10e8  [ D820075D3395BED28FC57AEF8FBA666F, 7589CCCD355D2685C0E6D317AB39F0DB061153E6859A0F53834B001643CFDF57 ] iaStorAV        C:\WINDOWS\system32\drivers\iaStorAV.sys
00:11:27.0955 0x10e8  iaStorAV - ok
00:11:27.0987 0x10e8  [ A243E0CE8644378C9A9D015ABC3EDA27, 0C72F6D39DD64A16F54BCE185F4D8E670D386823F6364E9ED284F7F8DE11CBF5 ] iaStorV         C:\WINDOWS\system32\drivers\iaStorV.sys
00:11:28.0034 0x10e8  iaStorV - ok
00:11:28.0065 0x10e8  [ E16E4FC9F250E48CB2CAD93E59D010E2, EFF558EDD63DB0FD8BA240E94BD5999106233B95BF86BFB99EE9B897F41C542B ] ibbus           C:\WINDOWS\System32\drivers\ibbus.sys
00:11:28.0096 0x10e8  ibbus - ok
00:11:28.0190 0x10e8  [ 83FF82FE209E7997067B375DAD6CF23D, E312DD068E51DBF96A8232D7D1C9F158652FDA23649655F1102928B320795091 ] ICCS            C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
00:11:28.0221 0x10e8  ICCS - ok
00:11:28.0252 0x10e8  [ E3061D5ABA80394D29E26EA58AF7F69A, 9BCF1AD2CC9C7E48FD350F9D59797E17F355C840EDE428143764F93716159C20 ] icssvc          C:\WINDOWS\System32\tetheringservice.dll
00:11:28.0299 0x10e8  icssvc - ok
00:11:28.0440 0x10e8  [ 9CE4D3A79D3180AC5A141E2F7E7137F4, 1D717D2156B78632895281779D2646AB066619EA1DB293A9505BF7C174F53271 ] igfx            C:\WINDOWS\system32\DRIVERS\igdkmd64.sys
00:11:28.0627 0x10e8  igfx - ok
00:11:28.0659 0x10e8  [ 6A9C613D0F5F9676D128F39B63ACE45B, 027B9568C740E336C7CBBE952309E2719E8FFA14E7DFC2B85B49E0C0CE7D2149 ] igfxCUIService1.0.0.0 C:\WINDOWS\system32\igfxCUIService.exe
00:11:28.0690 0x10e8  igfxCUIService1.0.0.0 - ok
00:11:28.0737 0x10e8  [ E9E4BB312F6B544392F44D513FAA2243, 3E6917BCE9F1AF554D57FED9E76B33F36D92145B0090A5F8F64E2A53EB4C54A4 ] IKEEXT          C:\WINDOWS\System32\ikeext.dll
00:11:28.0815 0x10e8  IKEEXT - ok
00:11:28.0831 0x10e8  [ 0E33BC018502E7FDE77C343055D9C626, CD1C60E8EDAA044E03E5776962E091C1288204033A57A799D446F9B058D6AD59 ] IndirectKmd     C:\WINDOWS\System32\drivers\IndirectKmd.sys
00:11:28.0862 0x10e8  IndirectKmd - ok
00:11:28.0893 0x10e8  [ 41CD73C13FCAEA4942F0CF7608B7530F, 835BF370E6624975E3CB7106D4835488D6F527C545E7B0ECD26A161D36CABABB ] intaud_WaveExtensible C:\WINDOWS\system32\drivers\intelaud.sys
00:11:28.0909 0x10e8  intaud_WaveExtensible - ok
00:11:29.0081 0x10e8  [ 622868E4BAE8FBCD22CB1A5901A2C824, C1A2264C0984DD16C83B663C9CE43E049E1356E32C5771C3ACE225F285699138 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RTKVHD64.sys
00:11:29.0299 0x10e8  IntcAzAudAddService - ok
00:11:29.0346 0x10e8  [ 87871AB7AC797F922A6F3D4C874CED96, 2BCD89911E42827CD294DD7D1486A7845D1F98019E51958E0F488384401B2944 ] IntcDAud        C:\WINDOWS\system32\DRIVERS\IntcDAud.sys
00:11:29.0377 0x10e8  IntcDAud - ok
00:11:29.0471 0x10e8  [ C99F8E90DE4B8F0C7FE15BB1CBCD29DC, F791EE101EEF8B9F48102B6C63A89B78F7C0041C750C4F4C0D16D54B583B7B5C ] Intel(R) Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe
00:11:29.0502 0x10e8  Intel(R) Capability Licensing Service Interface - ok
00:11:29.0565 0x10e8  [ 9656F8E29F6C3161A3E99BCD3A472FF9, 30AD00B53CCB2E4121508729F3471D3C0568F1C32324C398382C97E8BC43ECF0 ] Intel(R) ME Service C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
00:11:29.0581 0x10e8  Intel(R) ME Service - ok
00:11:29.0612 0x10e8  [ 4B7F8A1AAC7172DB6918A0E10E1D78A3, 1E9922AF9B5458F23A379EDCD61B615B6E53BAF8927237C1C7DCC04122CCF417 ] intelide        C:\WINDOWS\system32\drivers\intelide.sys
00:11:29.0627 0x10e8  intelide - ok
00:11:29.0643 0x10e8  [ 0A3DBE89C965FFB7C0D0E38834E77B90, 0166BE79228ED6B3D7AA1BACB4F1BB68357DBF70DF778B2F8A3776E374EE690C ] intelpep        C:\WINDOWS\system32\drivers\intelpep.sys
00:11:29.0659 0x10e8  intelpep - ok
00:11:29.0690 0x10e8  [ 64EC687A811DC4F69DF3816F073352AA, F70942B67448DF9848F32F88D37E1E0C548CE9FEFC4376628D7CBEF62494D8E1 ] intelppm        C:\WINDOWS\System32\drivers\intelppm.sys
00:11:29.0721 0x10e8  intelppm - ok
00:11:29.0737 0x10e8  [ 549C278119FF539C3B219C55B98B0E87, B4C15AB0C77EAB6C5ADEBD014F610BBFC537EAEB0E3960636624001C8A5DE56E ] iorate          C:\WINDOWS\system32\drivers\iorate.sys
00:11:29.0752 0x10e8  iorate - ok
00:11:29.0784 0x10e8  [ A0F9F2E87F0C751FE164D90EB44A9B63, BE816F17E43E5F80AC65E913AB7F9E77B8D6B70B90A784CB00C907D3DAFFD4DB ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
00:11:29.0799 0x10e8  IpFilterDriver - ok
00:11:29.0877 0x10e8  [ 57A93FCF94FAB8C2161335E56C81CD16, 4A642E4FF70DA209074B78EC50B76A024DB5D01B8C9FCC405A64AF0F1A7EA389 ] iphlpsvc        C:\WINDOWS\System32\iphlpsvc.dll
00:11:29.0959 0x10e8  iphlpsvc - ok
00:11:29.0975 0x10e8  [ 656DDB34996A96539BA6E2843B5F2A77, EDC3F1A2BA38A9655361A20B6C8001984AEB1A530C5385CF6EC0AF595305DBC7 ] IPMIDRV         C:\WINDOWS\System32\drivers\IPMIDrv.sys
00:11:29.0991 0x10e8  IPMIDRV - ok
00:11:30.0006 0x10e8  [ DCC05E5EAA580C97F13B434FAFACED85, 5C6CFD3D9FAEB7274E05F3D19D3AA064624500C616650DE227B849B505662BB4 ] IPNAT           C:\WINDOWS\system32\drivers\ipnat.sys
00:11:30.0037 0x10e8  IPNAT - ok
00:11:30.0069 0x10e8  [ 9A6B993A95CCA15502DE3C980508DC44, 370A1A4531A72CFBF331ED274913925A269115A13E3A6B5E1821FB48DD7242AE ] IpxlatCfgSvc    C:\WINDOWS\System32\IpxlatCfg.dll
00:11:30.0100 0x10e8  IpxlatCfgSvc - ok
00:11:30.0116 0x10e8  [ 9035C10C7EB8CF7C87CEA82A62EBB43A, A0DA94E80E503DB3C2877CE1BCDC70B3FCC6861ADFBCCE66C6D2592BD63F27DC ] irda            C:\WINDOWS\system32\drivers\irda.sys
00:11:30.0131 0x10e8  irda - ok
00:11:30.0162 0x10e8  [ E7FD479E3298F3C8852A0D2F092BDB35, 07F2E779268EBBF4F32ED1C8423493B36BA823905E71B524C6AEBA0093193307 ] IRENUM          C:\WINDOWS\system32\drivers\irenum.sys
00:11:30.0194 0x10e8  IRENUM - ok
00:11:30.0209 0x10e8  [ 65B145143F6E5E1B5A213F0D9F4C4C44, 0E390BD8D7B4B9562E8FEE0D109DCE0D9EA823FD2D20B39FFACE3331F30FE5BC ] irmon           C:\WINDOWS\System32\irmon.dll
00:11:30.0225 0x10e8  irmon - ok
00:11:30.0241 0x10e8  [ 7FE3B3A30FA20F27AF7022A01C2266BA, 8AB924F08ABF1DCB154B6A3BDB7E3E5A863008B5AFF8E3DB9759848774E00E8A ] isapnp          C:\WINDOWS\system32\drivers\isapnp.sys
00:11:30.0272 0x10e8  isapnp - ok
00:11:30.0303 0x10e8  [ D492648D96A14BA639B76D177B24CD82, D65D2494BAC8A317FD70293E59D039078D1D19FAE20A4EB2665246CAACFF0C6F ] iScsiPrt        C:\WINDOWS\System32\drivers\msiscsi.sys
00:11:30.0319 0x10e8  iScsiPrt - ok
00:11:30.0350 0x10e8  [ 48B904D31F2369D7B0122617038D3F5B, 8A43CB37667929CCCC37B6E79E82509BBCA6C8884B44059DC87BCA7C21BE7FE1 ] iwdbus          C:\WINDOWS\System32\drivers\iwdbus.sys
00:11:30.0366 0x10e8  iwdbus - ok
00:11:30.0381 0x10e8  [ 78ABBE558F57144047F10A0F50FE4B2F, 6BE608F7697D83FD6C7E6EA422AC5637933BDC96B1044C12DE9A419CE7D6F6CE ] jhi_service     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
00:11:30.0397 0x10e8  jhi_service - ok
00:11:30.0428 0x10e8  [ D36B404BF979297C6572AEF98B2594F2, CB2F4E6589936D35D59CA70B39A29D091540EA125BE4B937AF92CEA0C6D0AAEB ] kbdclass        C:\WINDOWS\System32\drivers\kbdclass.sys
00:11:30.0444 0x10e8  kbdclass - ok
00:11:30.0444 0x10e8  [ 7E2036A846789D6D6A2EE21915017EE1, 82AF85CA30B440E453F7694C7EDABB5D2DB213AD2FE8620B92667DFB492229A1 ] kbdhid          C:\WINDOWS\System32\drivers\kbdhid.sys
00:11:30.0475 0x10e8  kbdhid - ok
00:11:30.0506 0x10e8  [ A8080BEBCDB7A16495CE1205921DCAC5, D4B0EF97B75BF75934A0BEEE48CACD20E8F505600C3A07243DF7627680EE8552 ] kbfiltr         C:\WINDOWS\System32\drivers\kbfiltr.sys
00:11:30.0593 0x10e8  kbfiltr - ok
00:11:30.0609 0x10e8  [ 4C054B8E901F41F5743DADE8A29FF256, 1009CC2503E08AFEA849BA83135C2D75C573FC4D6EFB5DBCDCC7ACB17AF83152 ] kdnic           C:\WINDOWS\System32\drivers\kdnic.sys
00:11:30.0656 0x10e8  kdnic - ok
00:11:30.0671 0x10e8  [ EABFCDA6E996F8A32DC1B302F7683BB2, 5FF2BA89D9A7BDE78C40866F15EC576527699ADD0F120E1A8388C4404A69F0E8 ] KeyIso          C:\WINDOWS\system32\lsass.exe
00:11:30.0703 0x10e8  KeyIso - ok
00:11:30.0718 0x10e8  [ BA7A5838866618A4E82FBC05B8923605, 96E898C7768BED66487A00E02B2E50516602BCF54E6648F5528E3334AE8527EB ] KSecDD          C:\WINDOWS\system32\Drivers\ksecdd.sys
00:11:30.0734 0x10e8  KSecDD - ok
00:11:30.0765 0x10e8  [ 6629CAA1F157088B9EDD1EAD24C6D753, 3E5F3BCB34F4B52BE46B96F9F720FE5FB37A01D4E408875F6BB89F5B5C5A3900 ] KSecPkg         C:\WINDOWS\system32\Drivers\ksecpkg.sys
00:11:30.0781 0x10e8  KSecPkg - ok
00:11:30.0796 0x10e8  [ 9778205F28DC4F2EFFCC146647FE5CF0, 6B7EFFB08C7757A2830745920A624F89DBD5B323E0A884932FECF06471894F9D ] ksthunk         C:\WINDOWS\system32\drivers\ksthunk.sys
00:11:30.0828 0x10e8  ksthunk - ok
00:11:30.0859 0x10e8  [ 08F9C3F7FE3019BF53B1405B1820528F, E90940533F88A33C396E1DF9D186E945F030315FB2201E479F144E27387333CA ] KtmRm           C:\WINDOWS\system32\msdtckrm.dll
00:11:30.0906 0x10e8  KtmRm - ok
00:11:30.0937 0x10e8  [ 0DD3C5101AE1AA7E28B4CE5AB190C261, FAFFE2102972798210ED5E766F54C5EED6262354E132E1C24539DAA598895608 ] LanmanServer    C:\WINDOWS\system32\srvsvc.dll
00:11:30.0968 0x10e8  LanmanServer - ok
00:11:31.0000 0x10e8  [ B82D6C634638534E41748FCEC909E55D, C286EB7B3E780549F77E75B4B9F053861D82EFDCD43B1308848A08D23EFADDCA ] LanmanWorkstation C:\WINDOWS\System32\wkssvc.dll
00:11:31.0047 0x10e8  LanmanWorkstation - ok
00:11:31.0078 0x10e8  [ AF1077E89AD4458EC9B1CABB35595346, 762AE3218B7B05032C4199F0AE9ABCC822C3DF88BBB09536202B6B26A7944024 ] lfsvc           C:\WINDOWS\System32\lfsvc.dll
00:11:31.0109 0x10e8  lfsvc - ok
00:11:31.0125 0x10e8  [ C0CB3B9F1F92C36B91309FDACCDF918B, 5D40C11388A48323D9D9AC18A950B09E2654092BC2F9DE45779A9354668BA18E ] LicenseManager  C:\WINDOWS\system32\LicenseManagerSvc.dll
00:11:31.0156 0x10e8  LicenseManager - ok
00:11:31.0156 0x10e8  [ FC37745959DFA4871759E4DCC836227A, 8B63F798440FD0A34E2F2940B2598238BC852EF3EFD22147A77AB4BA6FB9E704 ] lltdio          C:\WINDOWS\system32\drivers\lltdio.sys
00:11:31.0203 0x10e8  lltdio - ok
00:11:31.0234 0x10e8  [ 1797F544956D46966C67A2F7879403A9, D7820D2F8E936FF13D709BA1BD0541AABA8402F38698FE96DAE70B4E7A730835 ] lltdsvc         C:\WINDOWS\System32\lltdsvc.dll
00:11:31.0281 0x10e8  lltdsvc - ok
00:11:31.0297 0x10e8  [ AE561CB0813D4DFA7D3E4471B2B70F5F, 344EA5E02D04098F032353962C1B70B0F578BCCD2843C70D6330B3F967D2FDB5 ] lmhosts         C:\WINDOWS\System32\lmhsvc.dll
00:11:31.0328 0x10e8  lmhosts - ok
00:11:31.0359 0x10e8  [ 2C24DC448DBE8DB9BE1441B824C57E79, DA2257EEC964A47D03C2BB13317FD788E51D4685E2395B303ED7B2575FEF3B19 ] LMS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
00:11:31.0375 0x10e8  LMS - ok
00:11:31.0422 0x10e8  [ 16C9D4D822CCA795A72DC88B25A577CC, AEF93AA4E815F90C1A42D574C6DE7EF31FE69AD7B78B8E1AC7C27304F3CD7959 ] LSI_SAS         C:\WINDOWS\system32\drivers\lsi_sas.sys
00:11:31.0437 0x10e8  LSI_SAS - ok
00:11:31.0468 0x10e8  [ 920F0CFCED5F28A31B79F1C470649D11, 5A5F390F2FD7C26807E7896E9F8F94EE7E69FE3C4B247BEA515588EB076148EF ] LSI_SAS2i       C:\WINDOWS\system32\drivers\lsi_sas2i.sys
00:11:31.0484 0x10e8  LSI_SAS2i - ok
00:11:31.0515 0x10e8  [ 0FE63316F1C70A0F759A449FAC64C24B, CF99D62FDA862095BA1EB57DD58CEC070E0552E15B6F454B87D593707132636B ] LSI_SAS3i       C:\WINDOWS\system32\drivers\lsi_sas3i.sys
00:11:31.0531 0x10e8  LSI_SAS3i - ok
00:11:31.0567 0x10e8  [ 80E82C46B27A923A3744531069B63857, C73A200FC2A009D19F2C26FAC07489EA0F4329CD7A1D80EB3200B19DFC883F8D ] LSI_SSS         C:\WINDOWS\system32\drivers\lsi_sss.sys
00:11:31.0584 0x10e8  LSI_SSS - ok
00:11:31.0634 0x10e8  [ A69A59CD52D26443FF728FD52283598C, E416481B23CDADBB9E608E49C9DC9A520D14935E92CA9B63E7763692DB382D7D ] LSM             C:\WINDOWS\System32\lsm.dll
00:11:31.0681 0x10e8  LSM - ok
00:11:31.0712 0x10e8  [ 88F5570C04766EE561FF129B2F93030C, A36F7FF563F813EC0F69E5BFB76C58A1C9824F54BA1729C4096E8B7B7C8D90EC ] luafv           C:\WINDOWS\system32\drivers\luafv.sys
00:11:31.0743 0x10e8  luafv - ok
00:11:31.0775 0x10e8  [ D365217A6D4528ABB41B40C8FBD227E8, 340129785A5788A8FFE0E1B339A616D290F7504F3658F63E1A3B169B38460FBF ] MapsBroker      C:\WINDOWS\System32\moshost.dll
00:11:31.0790 0x10e8  MapsBroker - ok
00:11:31.0837 0x10e8  [ C3EED732789052C98A2613A7E1C37CDA, D71735C8FB772EEB7F3F304CD79D8D774A9A285A94365DE0E635F61357EC9F0F ] mausbhost       C:\WINDOWS\System32\drivers\mausbhost.sys
00:11:31.0868 0x10e8  mausbhost - ok
00:11:31.0884 0x10e8  [ 4DCE65116A28488593FF5A6A18B03DB0, AAFA7E7C1C9A38B8CF5CE530F96028191F52B1FDD2790246E413B63CF7C5F02A ] mausbip         C:\WINDOWS\System32\drivers\mausbip.sys
00:11:31.0900 0x10e8  mausbip - ok
00:11:32.0087 0x10e8  [ 28E521A6ABA9DE062A3719452816F495, B312A37DA052229DFB19353170CD5828582F8AC6426E857CA7C8ACA0DD91C160 ] MBAMService     C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
00:11:32.0290 0x10e8  MBAMService - ok
00:11:32.0322 0x10e8  [ 53283EB9998AC9350E14C35A880989DB, 11DD963C67DB7584742810C54BEC4871584413A1BAA8209F79AC923006DE45BB ] MBAMSwissArmy   C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
00:11:32.0337 0x10e8  MBAMSwissArmy - ok
00:11:32.0369 0x10e8  [ 0609BF877A2F4DEECC62EEE220AB6242, 393268836EB055669997BD05866487497AFC396C9516DA4C4F143679B1DDCA6E ] megasas         C:\WINDOWS\system32\drivers\megasas.sys
00:11:32.0384 0x10e8  megasas - ok
00:11:32.0400 0x10e8  [ EEC64C8D498D121607C7615FDFBEE4D0, B605B9886C1A05C999B005AEA6D0677DF632E2F34F4FF03F09C2E6C05F554D50 ] megasas2i       C:\WINDOWS\system32\drivers\MegaSas2i.sys
00:11:32.0415 0x10e8  megasas2i - ok
00:11:32.0447 0x10e8  [ 2B7D3B206833D769218A1F4BE2D73B97, 25901A5E931DC3659993448E59ABC3601B7B0ED9AFEF0F5ECC139D0D0442F73B ] megasr          C:\WINDOWS\system32\drivers\megasr.sys
00:11:32.0478 0x10e8  megasr - ok
00:11:32.0509 0x10e8  [ 772A1DEEDFDBC244183B5C805D1B7D85, 7D821B8DF1F174E5414FFDEAB5207DB687740E9842F7203600AEBA086945AFC9 ] MEIx64          C:\WINDOWS\System32\drivers\HECIx64.sys
00:11:32.0509 0x10e8  MEIx64 - ok
00:11:32.0548 0x10e8  [ 4F708DA590EDBCC124FB79066D44759B, B8DA803299AF5FDE1594CF958EA6B99D4B99E8163438A70A692CA33A96DBF8DE ] MessagingService C:\WINDOWS\System32\MessagingService.dll
00:11:32.0560 0x10e8  MessagingService - ok
00:11:32.0638 0x10e8  [ 89257B8D3826B5629CF7F73F97DA44F9, F056D67EC82072BA209FF7942862862FDF562F8C038F3128861C387F8F63B494 ] mlx4_bus        C:\WINDOWS\System32\drivers\mlx4_bus.sys
00:11:32.0685 0x10e8  mlx4_bus - ok
00:11:32.0701 0x10e8  [ 9AE3C0CC0865B1618A3C97744A6A9E9B, BF72AEF0360AC278B36ED31E5BFC2E8F72136B0952490A105CB6929654C97F6C ] MMCSS           C:\WINDOWS\system32\drivers\mmcss.sys
00:11:32.0732 0x10e8  MMCSS - ok
00:11:32.0748 0x10e8  [ 0CD29540C32C2E2E0E3D7E9832752AF3, E64C3F5323C59D53409E33E88989FDD2A38B5B602336FC1D8C3702CA9B5EBFC7 ] Modem           C:\WINDOWS\system32\drivers\modem.sys
00:11:32.0763 0x10e8  Modem - ok
00:11:32.0779 0x10e8  [ 534477FCAFDFCA6B841BFA06BD26BCC5, 96404FDF0BA2127A3BD24319637EC0C8BE8C42618D9FEDF66F41C5F72840D427 ] monitor         C:\WINDOWS\System32\drivers\monitor.sys
00:11:32.0810 0x10e8  monitor - ok
00:11:32.0826 0x10e8  [ F5D4E18A70BA069D479154442CDEB60D, 96345E88BC6A50415E112A4B4CFDF3F4306EA049741C5B0A2BFFC142F15EB5CB ] mouclass        C:\WINDOWS\System32\drivers\mouclass.sys
00:11:32.0842 0x10e8  mouclass - ok
00:11:32.0857 0x10e8  [ 5C09868963B0C076AC3BC7759A46B7B1, 64CD200A8D90CDC31317009636A3BB6574ABF04BCAC903F93C47823C40CC03F6 ] mouhid          C:\WINDOWS\System32\drivers\mouhid.sys
00:11:32.0888 0x10e8  mouhid - ok
00:11:32.0920 0x10e8  [ 8BF7039787036529B98E50AE86A0E46B, 69C04D012D026A14E2D2A138EDA79227F9BE4BE1892D517DCDB797F2A5AEDB14 ] mountmgr        C:\WINDOWS\system32\drivers\mountmgr.sys
00:11:32.0935 0x10e8  mountmgr - ok
00:11:32.0982 0x10e8  [ 86C9215967686BB8A6AEE8008D914BF8, 907A156AADC880F06EB7BBBC0C57EC14A205CEE43A2AD509F6BD4040CA4F327D ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
00:11:33.0013 0x10e8  MozillaMaintenance - ok
00:11:33.0029 0x10e8  [ AD118EC95E9EF4D5223D681D8F183567, 395B76626956F5B7992676B9CA57B2CA075F0CDA881E14B3ED07ABE2DC0EEDBC ] mpsdrv          C:\WINDOWS\system32\drivers\mpsdrv.sys
00:11:33.0060 0x10e8  mpsdrv - ok
00:11:33.0107 0x10e8  [ FA53A01517BBA97EA3B71CF5CC2052F4, C6F7CBDFAD629B2D4B6ED6A471708E8DBEB5CD5E0A992848359D3C0A82FDFCBE ] MpsSvc          C:\WINDOWS\system32\mpssvc.dll
00:11:33.0170 0x10e8  MpsSvc - ok
00:11:33.0201 0x10e8  [ D14C297933C82B8CB0B5CBBA4DDC830B, 2EF356F5373F16A7AE2421187FC5C150C09452C835229275B7403181D65C210F ] MRxDAV          C:\WINDOWS\system32\drivers\mrxdav.sys
00:11:33.0232 0x10e8  MRxDAV - ok
00:11:33.0263 0x10e8  [ F2AD1B72C5A6475FB5FF332E1980DF88, 41E24496FBD61C0A333F567DA7C4E38C5A792724FB56448189099F60114749D5 ] mrxsmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
00:11:33.0295 0x10e8  mrxsmb - ok
00:11:33.0310 0x10e8  [ 469DD958B1D8CB09E38BE2298B8C398D, 97CCEFF58D8865B0D27C4E16B082C20FA5279CF01A37F47B5F2DA39B334F0667 ] mrxsmb10        C:\WINDOWS\system32\DRIVERS\mrxsmb10.sys
00:11:33.0342 0x10e8  mrxsmb10 - ok
00:11:33.0357 0x10e8  [ 1FC4802B593494746B6FE3BDAC25E371, 774CC950B46B3E32603D368D9938BFCF60D2BB3C14C3FE8B03CB1E724AAC29EF ] mrxsmb20        C:\WINDOWS\system32\DRIVERS\mrxsmb20.sys
00:11:33.0373 0x10e8  mrxsmb20 - ok
00:11:33.0404 0x10e8  [ BD12E1941A87671A767447B02C6A51A1, 7FCB3077E827639CE23CC2C6FE997A33F7A702D266C0277AF01453B5ACC0966D ] MsBridge        C:\WINDOWS\system32\drivers\bridge.sys
00:11:33.0435 0x10e8  MsBridge - ok
00:11:33.0451 0x10e8  [ 41C5D9B52F4A1B30C3F7219D601CF12C, E1C1B1CED19D32FA1B765C7C380B9E749893B2018CF358F448E40DA60CB63166 ] MSDTC           C:\WINDOWS\System32\msdtc.exe
00:11:33.0482 0x10e8  MSDTC - ok
00:11:33.0498 0x10e8  [ 92C00BD9616F353CA59A755C33269757, E67F05A4A1C44137CCAC0C7292A7010B5920172ACAE32638600E231F28F33035 ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
00:11:33.0529 0x10e8  Msfs - ok
00:11:33.0545 0x10e8  [ F27EC8F7A0A779276E5DA2E70C2B01EE, A450DB309F84CAFFCE2A720612BDB260D88E9C390D2BC60874D73A55D8567E04 ] msgpiowin32     C:\WINDOWS\System32\drivers\msgpiowin32.sys
00:11:33.0560 0x10e8  msgpiowin32 - ok
00:11:33.0592 0x10e8  [ CBA955A54C9446CAAD28C76789D3B071, F6CA1BECA35B13B7CCC9FFB325FACF22713F6B81E8A6540C9967A462E425BBEC ] mshidkmdf       C:\WINDOWS\System32\drivers\mshidkmdf.sys
00:11:33.0607 0x10e8  mshidkmdf - ok
00:11:33.0623 0x10e8  [ E8E568EF60677E4534F387C53EE1B35F, 2E250EE1A9AE8AFDCA5216BED87328B05713386BD7E61C66A74EF021F2AFE7D7 ] mshidumdf       C:\WINDOWS\System32\drivers\mshidumdf.sys
00:11:33.0638 0x10e8  mshidumdf - ok
00:11:33.0654 0x10e8  [ 16376B7B0730C04DD1A2C0CC8E09E420, 2F39D3254FD272E277B5496A8C93A7CBFBF80F6004AE0343BE9F09C538975910 ] msisadrv        C:\WINDOWS\system32\drivers\msisadrv.sys
00:11:33.0670 0x10e8  msisadrv - ok
00:11:33.0701 0x10e8  [ 75FE54E84C1EB0C9C5E09F9FD5928ECC, 971CFEE8FB8364D17CD392E32A32AE57BE6461EAB6C580B52E6D752D4CFDD6B3 ] MSiSCSI         C:\WINDOWS\system32\iscsiexe.dll
00:11:33.0732 0x10e8  MSiSCSI - ok
00:11:33.0732 0x10e8  msiserver - ok
00:11:33.0748 0x10e8  [ B26E1C10C8323D2B6ADAF504CD487757, 758DBCDA43D62547ED274D2E09A66B266470C86A89A3BEF387E535DB37A7EA44 ] MSKSSRV         C:\WINDOWS\system32\DRIVERS\MSKSSRV.sys
00:11:33.0779 0x10e8  MSKSSRV - ok
00:11:33.0795 0x10e8  [ E40B960078A15D4901265D32E071C42D, AC11B8221C8F529FE3CA6FEB99AF699664C86008A732C3A8E6B1CE31C2272454 ] MsLldp          C:\WINDOWS\system32\drivers\mslldp.sys
00:11:33.0826 0x10e8  MsLldp - ok
00:11:33.0857 0x10e8  [ B4860AB91DC4E73936F0FF504D6B4B07, 7371093D9EB62218D20F6B8B3C88CBF01932AEA2923ED119962A78BE46E5A939 ] MSPCLOCK        C:\WINDOWS\system32\DRIVERS\MSPCLOCK.sys
00:11:33.0888 0x10e8  MSPCLOCK - ok
00:11:33.0904 0x10e8  [ 8EDC45C3F7F64A51C98B59E24648F74B, 445731F32A37A99FAB3CD5D178A84FB4F835727826211FF18623409D29FF3A1A ] MSPQM           C:\WINDOWS\system32\DRIVERS\MSPQM.sys
00:11:33.0935 0x10e8  MSPQM - ok
00:11:33.0967 0x10e8  [ 7DA5FAC2A49D30CA5B7B96B8B26281AC, 168C3AA5C7318184D8F67EA832920FCE64E11D4CC418517D7BDACB9632F0BEA8 ] MsRPC           C:\WINDOWS\system32\drivers\MsRPC.sys
00:11:33.0982 0x10e8  MsRPC - ok
00:11:34.0013 0x10e8  [ 7E3365C8BC83DCE88D6226BB5C7170C4, 69D741039CAAFCA93A4CC09CEC14F117527D732A6CF3077AA83E935B03EC3F9C ] mssmbios        C:\WINDOWS\System32\drivers\mssmbios.sys
00:11:34.0029 0x10e8  mssmbios - ok
00:11:34.0045 0x10e8  [ 09D51564E49181E9928910D6B91C920E, FB3C918820ACF4506AC49478709B4D4C6489BA0B5113E666C34B916CA5CD6DE7 ] MSTEE           C:\WINDOWS\system32\DRIVERS\MSTEE.sys
00:11:34.0076 0x10e8  MSTEE - ok
00:11:34.0092 0x10e8  [ 793AE56A3946EAD5F906C28D294FEFE6, BB563D088084026606C2FBD30A0850BA18363CC173CC6C77272D727CA6C1F9BD ] MTConfig        C:\WINDOWS\System32\drivers\MTConfig.sys
00:11:34.0107 0x10e8  MTConfig - ok
00:11:34.0138 0x10e8  [ E35F51C7474A26680627477462715206, 435490915CDD416D666B64C6B4526285EC946E6918CFA85585692B9ED43518B6 ] Mup             C:\WINDOWS\system32\Drivers\mup.sys
00:11:34.0154 0x10e8  Mup - ok
00:11:34.0185 0x10e8  [ 74BD1149BF50F1E24934042A3BD17C90, DC4626DC4D629CA7DF336EC7E6435F27D2E252D81945E57F4BF2C981DBCD9B45 ] mvumis          C:\WINDOWS\system32\drivers\mvumis.sys
00:11:34.0248 0x10e8  mvumis - ok
00:11:34.0295 0x10e8  [ 39C772E20B8C61858F969E4D60699D89, 32146D265CD315597C48FB233D77DDACB0FEDDB7E800A0F411A67844BB3ACC67 ] NativeWifiP     C:\WINDOWS\system32\DRIVERS\nwifi.sys
00:11:34.0357 0x10e8  NativeWifiP - ok
00:11:34.0435 0x10e8  [ BC80F85C129F12A5F64D6741A120B539, AD410F13BCBDE54F98E353BD4DAF30CC5A0A9990FC4F1AB3623EF3175EEBCAF7 ] NaturalAuthentication C:\WINDOWS\System32\NaturalAuth.dll
00:11:34.0498 0x10e8  NaturalAuthentication - ok
00:11:34.0513 0x10e8  [ F2EA6F3165E154C24C084AC35DD6C3F8, 4F8CB75770945F5A28CC308917A124109F7462CE933695B9CAA3FE2CAE76C445 ] NcaSvc          C:\WINDOWS\System32\ncasvc.dll
00:11:34.0560 0x10e8  NcaSvc - ok
00:11:34.0592 0x10e8  [ 9B3C6582CFB91BA2A04B1D06D8E2FB98, 431E6B075FD24002724E8A2ED9FB3221AD66D1F1D021B56466187D97E5B43A1F ] NcbService      C:\WINDOWS\System32\ncbservice.dll
00:11:34.0623 0x10e8  NcbService - ok
00:11:34.0638 0x10e8  [ 932E2E43078A3D786A46A5428F21B314, 17F1CC3388D80F1E1850063114C1EB72EEA149D9C8FA3501C0F9EB55C9E0C58D ] NcdAutoSetup    C:\WINDOWS\System32\NcdAutoSetup.dll
00:11:34.0685 0x10e8  NcdAutoSetup - ok
00:11:34.0701 0x10e8  [ 0FFE8AF1B94C5FD54E6ACC6DAE990D31, B67D3CA3460D4700D8B83EFE4B6A7AA940650E84D985484FBAA1EE80F3632133 ] ndfltr          C:\WINDOWS\System32\drivers\ndfltr.sys
00:11:34.0717 0x10e8  ndfltr - ok
00:11:34.0764 0x10e8  [ E27876B335FEB441DA511030AA85624D, 6B4FA08463166A2B32F317E6FEDE3C22EB8FFA5B2077955A0B2F2184858BDDE7 ] NDIS            C:\WINDOWS\system32\drivers\ndis.sys
00:11:34.0826 0x10e8  NDIS - ok
00:11:34.0857 0x10e8  [ 4EA73CFDEE4A628D387D95464A131F29, 38A6E2389FA9B20A7AFDF3CFCD13B66489B92D853EE486BF81019F0A36A142E1 ] NdisCap         C:\WINDOWS\system32\drivers\ndiscap.sys
00:11:34.0889 0x10e8  NdisCap - ok
00:11:34.0904 0x10e8  [ EB127689AF6F24091AB73538A556257F, BC25067D355084D6893E9262750433044C28893BB27A67BF7AF5008742C6D359 ] NdisImPlatform  C:\WINDOWS\system32\drivers\NdisImPlatform.sys
00:11:34.0935 0x10e8  NdisImPlatform - ok
00:11:34.0967 0x10e8  [ 73B4C72FB6170A08C64BDA92DE93ECF7, 766BBE659232F0F5EAEE577EE88091FB76175BC52D65B9637126069C97E795D4 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
00:11:34.0998 0x10e8  NdisTapi - ok
00:11:35.0014 0x10e8  [ 6704F27EB15A5B30AA7FA5A4F4D1FD47, 841F99B3C751F4D4E23C0E7B5C275B4871C1D5EF937A93129DF64DF49F6B6736 ] Ndisuio         C:\WINDOWS\system32\drivers\ndisuio.sys
00:11:35.0045 0x10e8  Ndisuio - ok
00:11:35.0076 0x10e8  [ FE87CCAA89433FC306A80F15E848F4B2, 3269FDF53DA59057E066D582FCBB96B71C8063B8F488856A9DEA414B4797E43A ] NdisVirtualBus  C:\WINDOWS\System32\drivers\NdisVirtualBus.sys
00:11:35.0092 0x10e8  NdisVirtualBus - ok
00:11:35.0107 0x10e8  [ 94517BC9F29A1B73D377F1BF1C3DCA34, 45A34D7AAA851C643E80C0F61CBF8544B8A2E8E7DAB2D5AB6F3A34FDEE4AB0B3 ] NdisWan         C:\WINDOWS\System32\drivers\ndiswan.sys
00:11:35.0154 0x10e8  NdisWan - ok
00:11:35.0170 0x10e8  [ 94517BC9F29A1B73D377F1BF1C3DCA34, 45A34D7AAA851C643E80C0F61CBF8544B8A2E8E7DAB2D5AB6F3A34FDEE4AB0B3 ] ndiswanlegacy   C:\WINDOWS\system32\DRIVERS\ndiswan.sys
00:11:35.0201 0x10e8  ndiswanlegacy - ok
00:11:35.0217 0x10e8  [ AC6AC99075732F5C29DB0004DD5B1AC6, 684EC821EF5C60DA540CA36EC192B09E62440AAD5B13F0F4C23DDC4A9B96F28C ] ndproxy         C:\WINDOWS\system32\DRIVERS\NDProxy.sys
00:11:35.0264 0x10e8  ndproxy - ok
00:11:35.0295 0x10e8  [ 9AC090451D92E6081EB89CDA83D74189, D4D442412F112853AA8D88DFB5F695AE4E8E2C361905992537EE53BE675FECE8 ] Ndu             C:\WINDOWS\system32\drivers\Ndu.sys
00:11:35.0342 0x10e8  Ndu - ok
00:11:35.0357 0x10e8  [ A115DDB2C7805C41EEC9A5276FF5764E, FC81D0BE2DAAC6E7161C0FC5C90050022A39AD50E28040D5357C0E1FD6C0B6B5 ] NetAdapterCx    C:\WINDOWS\system32\drivers\NetAdapterCx.sys
00:11:35.0389 0x10e8  NetAdapterCx - ok
00:11:35.0404 0x10e8  [ F420B6CAB5151A38E4DBBFFB500C11DA, 271F495B261461B8EA847BFDD87C155E6DC1B6236C161B8253A1F023706B1B1D ] NetBIOS         C:\WINDOWS\system32\drivers\netbios.sys
00:11:35.0420 0x10e8  NetBIOS - ok
00:11:35.0435 0x10e8  [ 30C2F67EC84EB11B22011620107E0325, 98088685F457566FD8D13B83A0BF6B06CDC70AC156B67BF87A8A8446C150C1F3 ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
00:11:35.0482 0x10e8  NetBT - ok
00:11:35.0498 0x10e8  [ EABFCDA6E996F8A32DC1B302F7683BB2, 5FF2BA89D9A7BDE78C40866F15EC576527699ADD0F120E1A8388C4404A69F0E8 ] Netlogon        C:\WINDOWS\system32\lsass.exe
00:11:35.0514 0x10e8  Netlogon - ok
00:11:35.0545 0x10e8  [ D9FF8CA42C3541F4840693F17143C595, B05FB0B6439B34BD93EE59DC48BBE3D712A7428EFBFE37A887CE8546E57EE68F ] Netman          C:\WINDOWS\System32\netman.dll
00:11:35.0576 0x10e8  Netman - ok
00:11:35.0639 0x10e8  [ 96173660A4DD4A56E4B8938A67DAD9B7, F1D8F94625C6461DB89F8D3BDC73748F8A7F3446694BD1F148AF9BE6F17E9543 ] netprofm        C:\WINDOWS\System32\netprofmsvc.dll
00:11:35.0701 0x10e8  netprofm - ok
00:11:35.0842 0x10e8  [ A3F8BF8193D36C4C8CEF20AFF28411E9, E6C6321820AFB4D3ABF2DAF894EFE0E8FC308F5DE6F9FE2FFE56F89A319C8C0E ] netr28x         C:\WINDOWS\System32\drivers\netr28x.sys
00:11:35.0982 0x10e8  netr28x - ok
00:11:36.0014 0x10e8  [ 79C810D49E6D2825F51B0D7CAA6E2FAD, 19B7FB87FC8CE8FEA456F06D32099ED5B69FE38D2954580D4CEC32998D206E9F ] NetSetupSvc     C:\WINDOWS\System32\NetSetupSvc.dll
00:11:36.0045 0x10e8  NetSetupSvc - ok
00:11:36.0092 0x10e8  [ 4D37150AB4D61598919AB70ACFD1369A, 9ABF73213988ED9AA72B2658F8B91967A24C7CC2049859D86CE9C51A4AB57A84 ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
00:11:36.0185 0x10e8  NetTcpPortSharing - ok
00:11:36.0217 0x10e8  [ 8C03F2F5A9E93AEB08B3AEE51552394A, F95185FB8D5FDEAB39E593488BA6ABCFA9C081BFED05008E0CD95F29B894AFC8 ] netvsc          C:\WINDOWS\System32\drivers\netvsc.sys
00:11:36.0264 0x10e8  netvsc - ok
00:11:36.0310 0x10e8  [ 0C124EAC0EF7B3767280C94A8C03615B, D10216726A221C8FBC67C47F4B266C271A7C7A4438F77AC44BB561E0A6EB6D34 ] NgcCtnrSvc      C:\WINDOWS\System32\NgcCtnrSvc.dll
00:11:36.0342 0x10e8  NgcCtnrSvc - ok
00:11:36.0420 0x10e8  [ 9ECFD7DD594DBEAED3A2889045B2DCBD, 984B10A88E304B805153C49B3D618315926635A270AB34D2976E7AA5AE00E2F4

derya84 · 06.07.2017, 13:32

Code:

ATTFilter

] NgcSvc          C:\WINDOWS\system32\ngcsvc.dll
00:11:36.0498 0x10e8  NgcSvc - ok
00:11:36.0529 0x10e8  [ 50F98CD010326B58F09082BACF3123AE, 124446A2905E23BB3F5763E347842F3F511EC44C37C2F85E409F73EC8F53924E ] NlaSvc          C:\WINDOWS\System32\nlasvc.dll
00:11:36.0576 0x10e8  NlaSvc - ok
00:11:36.0607 0x10e8  [ 9573223E205907247AE6D948E3453770, 35D32A415F74863D7408229508F134D53CA0FA7EDD8B0E5FEEFC9DE588D0607B ] nmwcdnsux64     C:\WINDOWS\system32\drivers\nmwcdnsux64.sys
00:11:36.0654 0x10e8  nmwcdnsux64 - ok
00:11:36.0685 0x10e8  [ 6D8F6A9C53CFB0C49E8251A442B7283F, C3E913E4997C35A9B4C2E613A499F01D15264EAB699B93269B690B2A74A70E9A ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
00:11:36.0701 0x10e8  Npfs - ok
00:11:36.0732 0x10e8  [ BABF7E1757D6908941C9F9CBD66A5EF0, 323E743CB26583763A9C5DE64E7E08138CB8D3E2DE0A8BCE9F774E1C7426E7F8 ] npsvctrig       C:\WINDOWS\System32\drivers\npsvctrig.sys
00:11:36.0764 0x10e8  npsvctrig - ok
00:11:36.0779 0x10e8  [ A85EB5721C7203AAAAAA04F551960CD9, E61ED728E154799346C749159BFE36FAEB2CE64FC5735F533B910017D66A7EE5 ] nsi             C:\WINDOWS\system32\nsisvc.dll
00:11:36.0795 0x10e8  nsi - ok
00:11:36.0810 0x10e8  [ 7A6BA778B48DF9FB7AC231D4FF6E3248, 5959CA59C75D2C4DD8A539CAA8D99EF6A0CB5AA3F0D485B14C8B35911748F1F7 ] nsiproxy        C:\WINDOWS\system32\drivers\nsiproxy.sys
00:11:36.0826 0x10e8  nsiproxy - ok
00:11:36.0951 0x10e8  [ 731FD52461C8107E5B19B9AEDBB82BFB, 51B6722B9B2863B4AE23CE6B1DBD8481DA341748196BD482C6C5F4A6959F24F9 ] NTFS            C:\WINDOWS\system32\drivers\NTFS.sys
00:11:37.0045 0x10e8  NTFS - ok
00:11:37.0076 0x10e8  [ 4FFB2D5655D10700D5B8E205C4DB86BD, 69078960669A373F9C2D47AF2ED841619831106B681EBAAEAAE5BD569A54CE6D ] Null            C:\WINDOWS\system32\drivers\Null.sys
00:11:37.0092 0x10e8  Null - ok
00:11:37.0107 0x10e8  [ 99EB6376EC2C03CE5F668577651E3454, A783FFBF89A9074E2074ACAF3F55862DF2F05CAFEAF6A2D509DDA665EB0D59CB ] nvdimmn         C:\WINDOWS\System32\drivers\nvdimmn.sys
00:11:37.0123 0x10e8  nvdimmn - ok
00:11:37.0139 0x10e8  [ 3DB2E9E207358BFBD09B77B5119ECA5B, 55FED85EFC06B7AB5031D9986E4E4D2FA8841C549081ABBA9F9D9BBAB7852B37 ] nvraid          C:\WINDOWS\system32\drivers\nvraid.sys
00:11:37.0170 0x10e8  nvraid - ok
00:11:37.0186 0x10e8  [ 4C04BFBD4DB2EECCC47F5FA39D65BB6E, 9312DC4F7000991946D92D87DD9D37D70E336629EDBA553BFC79804049E34B73 ] nvstor          C:\WINDOWS\system32\drivers\nvstor.sys
00:11:37.0217 0x10e8  nvstor - ok
00:11:37.0264 0x10e8  [ 0D611DC17E48B6F8DD466A089170D118, E55A78E2CC6A0A5F7B8F0B75DFB2297FBC3B959C4FDEFBEA1C6C4E7706724AEB ] OneSyncSvc      C:\WINDOWS\System32\APHostService.dll
00:11:37.0311 0x10e8  OneSyncSvc - ok
00:11:37.0342 0x10e8  [ F5F10CE848CAF07A12A7B92290DBA38A, AC6AC13B692D07A6853B24A6396F1C3388586FD5D528F79FA3E373428D54D29A ] p2pimsvc        C:\WINDOWS\system32\pnrpsvc.dll
00:11:37.0373 0x10e8  p2pimsvc - ok
00:11:37.0420 0x10e8  [ D1A9C22A98A10EB11A190B8FC7C07C6A, 1DE5F07E707DA9D833F105A8D948BBAEF0172DB2147D9A665EC7320F88D57B9E ] p2psvc          C:\WINDOWS\system32\p2psvc.dll
00:11:37.0451 0x10e8  p2psvc - ok
00:11:37.0482 0x10e8  [ 2CC6C325B271C7CA60F374F8F868CB45, 569391CA5DF003ED33CAA89FD38834641023C24F7FAE2261F6DA8ABC5CC9C3C9 ] Parport         C:\WINDOWS\System32\drivers\parport.sys
00:11:37.0498 0x10e8  Parport - ok
00:11:37.0547 0x10e8  [ 664B7DDEE982ADF5EAB480C75B9F6218, 1D1403CBD75916B83EEFA9B235E237583C40025C87C13676247F1EAD3F1D33EE ] partmgr         C:\WINDOWS\system32\drivers\partmgr.sys
00:11:37.0577 0x10e8  partmgr - ok
00:11:37.0624 0x10e8  [ 72ABB842C15A6C3AC3D954308C6BF206, 8F2A69E3BE43BCD2C8A39153062216B5CCEC9FA62205EC8A23FAB209DFAE7062 ] PcaSvc          C:\WINDOWS\System32\pcasvc.dll
00:11:37.0655 0x10e8  PcaSvc - ok
00:11:37.0671 0x10e8  [ C5B74C6D87E77BC64DEBD1BF57DEB375, AEBC86E404D4E3985D9FBAD9913AC52127DDE7C79062830717CDFEEA4CD7CC0B ] pci             C:\WINDOWS\system32\drivers\pci.sys
00:11:37.0702 0x10e8  pci - ok
00:11:37.0733 0x10e8  [ CFB85CB7A6F6926EA0EB96EDFB3C8A91, 7B3A58C165DF231BB202D8A2036272932439864F8EBDC62811E2BEFA8B36FC01 ] pciide          C:\WINDOWS\system32\drivers\pciide.sys
00:11:37.0749 0x10e8  pciide - ok
00:11:37.0784 0x10e8  [ 13B7D84B397A90E82682C47A15C3A98D, 7F897DA83209381A8C26B34416899E276256AB587DC4E2B60B185CAC8D1877F0 ] pcmcia          C:\WINDOWS\system32\drivers\pcmcia.sys
00:11:37.0789 0x10e8  pcmcia - ok
00:11:37.0820 0x10e8  [ 76EA512FD9D4673CF7A57775EE8922E2, 6D2B90616A46BC4F9BB6BACBD78EB33C23834987365C87617AFC2E147871C984 ] pcw             C:\WINDOWS\system32\drivers\pcw.sys
00:11:37.0836 0x10e8  pcw - ok
00:11:37.0852 0x10e8  [ 4A88D29869609A39782EF53145E6F7CA, 6200E0B96FD0289D7F95779723E3CABBDEE17EDE5F802CC51E5539F475711027 ] pdc             C:\WINDOWS\system32\drivers\pdc.sys
00:11:37.0867 0x10e8  pdc - ok
00:11:37.0930 0x10e8  [ 4F190BA3C9BD2F0277BCBF480F396091, F09613C76350706992B39D7EA9B859D28F00790E5AC17CA7D49C3E270B9D8994 ] PEAUTH          C:\WINDOWS\system32\drivers\peauth.sys
00:11:38.0008 0x10e8  PEAUTH - ok
00:11:38.0039 0x10e8  [ FE52FF97A094609429FEF098EDC6FB08, 6762ED340048AF61B756CB7B576BE2057768FDB677623D01F2A592727C0E5A00 ] percsas2i       C:\WINDOWS\system32\drivers\percsas2i.sys
00:11:38.0070 0x10e8  percsas2i - ok
00:11:38.0086 0x10e8  [ FCA143274792F12383C35902E801E83A, 87D93226E32153794993035553C9935D07242631E182460D8ED13650175C0F01 ] percsas3i       C:\WINDOWS\system32\drivers\percsas3i.sys
00:11:38.0102 0x10e8  percsas3i - ok
00:11:38.0180 0x10e8  [ 4DAD2C73778D41F951B33854936E7BDC, 1421FDA2D083D5923422A038C54603BF798C48DDB7244DBEDA46D537B8CE1534 ] PerfHost        C:\WINDOWS\SysWow64\perfhost.exe
00:11:38.0227 0x10e8  PerfHost - ok
00:11:38.0289 0x10e8  [ B730E963A31B73938A76D7B80666D60D, FADF452637E2EB50CC8C0E75956FE01F029C587F6EF2F8B347213263DE9D3A80 ] PhoneSvc        C:\WINDOWS\System32\PhoneService.dll
00:11:38.0367 0x10e8  PhoneSvc - ok
00:11:38.0383 0x10e8  [ 97D85602B8131C487EB08A36F7343F5E, BEDC106AF06358D40BB034390645A5BFF9C138CFD51B5997D32614741D3D2372 ] PimIndexMaintenanceSvc C:\WINDOWS\System32\PimIndexMaintenance.dll
00:11:38.0430 0x10e8  PimIndexMaintenanceSvc - ok
00:11:38.0523 0x10e8  [ F9FB601621FF33376F3908C2C27C6EF4, 8689565D4FD1C68826EA0A9C2B44377A2AEC3CD812595F0D32904D8FA5809672 ] pla             C:\WINDOWS\system32\pla.dll
00:11:38.0617 0x10e8  pla - ok
00:11:38.0648 0x10e8  [ A2BACEBAC01BE7A6656B454E75C23262, C2C168718A341D48679AC4CA8005BD06E9F1F0D1F7C72D3C30A7A8CE1F665A43 ] PlugPlay        C:\WINDOWS\system32\umpnpmgr.dll
00:11:38.0680 0x10e8  PlugPlay - ok
00:11:38.0711 0x10e8  [ 414CA4DCC31D795882B25ADC1DACE779, AFD8D9AA24C64DD9569FDCBE65171810FE27AF24B8DD2941FECE6245EABB6AAC ] pmem            C:\WINDOWS\System32\drivers\pmem.sys
00:11:38.0727 0x10e8  pmem - ok
00:11:38.0758 0x10e8  [ D54385DD5A39A5636D1587FC9ECFC337, DEEA5D433CB2DA55AE58C7C5431A1249C94B61606F0A75E4A44D516619060263 ] PNRPAutoReg     C:\WINDOWS\system32\pnrpauto.dll
00:11:38.0789 0x10e8  PNRPAutoReg - ok
00:11:38.0820 0x10e8  [ F5F10CE848CAF07A12A7B92290DBA38A, AC6AC13B692D07A6853B24A6396F1C3388586FD5D528F79FA3E373428D54D29A ] PNRPsvc         C:\WINDOWS\system32\pnrpsvc.dll
00:11:38.0852 0x10e8  PNRPsvc - ok
00:11:38.0899 0x10e8  [ 118E91AEE8F6DDAD088F955498CF2487, F4447C64CF1F36432E0FF09B6712DCE61BF28E3499F20C6C69E80D98B42D671E ] PolicyAgent     C:\WINDOWS\System32\ipsecsvc.dll
00:11:38.0930 0x10e8  PolicyAgent - ok
00:11:38.0977 0x10e8  [ F6A0B848F75CF55E3980EA0FADCBA317, 11D8B12B4DE867B180965B0F2FD0F362265C518F76FE3351A2B7C9C2FFC5E137 ] Power           C:\WINDOWS\system32\umpo.dll
00:11:38.0992 0x10e8  Power - ok
00:11:39.0039 0x10e8  [ D292D7FADCEE481CC64A9DE8FE9C3347, BD870A375E33CD8434CA97FFE9C2F84E58C6CD0EAEEEE8922172CB01F9674B55 ] PptpMiniport    C:\WINDOWS\System32\drivers\raspptp.sys
00:11:39.0070 0x10e8  PptpMiniport - ok
00:11:39.0242 0x10e8  [ 5404E7A968A26DF03793B6F68536594D, BE5A85581E87EFE4DB43AD17B8D42D3F7F32364AEEC1416DBB94279C4A203FF2 ] PrintNotify     C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll
00:11:39.0445 0x10e8  PrintNotify - ok
00:11:39.0477 0x10e8  [ D57CF871B3977731A91FE9611A54C7C1, B6C7F685716A88D0978377B83C5320C88EED0CAA44A001849AAFF71E4E0682E7 ] Processor       C:\WINDOWS\System32\drivers\processr.sys
00:11:39.0524 0x10e8  Processor - ok
00:11:39.0555 0x10e8  [ 56A7713DE64B16FB309D132E88FDB098, A658C8DCA87442F33B726A9B2060B20393D83B8658D0894C046CAFEAB00E2D8A ] ProfSvc         C:\WINDOWS\system32\profsvc.dll
00:11:39.0602 0x10e8  ProfSvc - ok
00:11:39.0633 0x10e8  [ B60431D2A046AD97F8427F6E568370F5, CD488E343585A5AC19D9AAF88BF0BB7EEA1BC48F6DA4A4FBF9BE5A04ECF5040B ] Psched          C:\WINDOWS\system32\drivers\pacer.sys
00:11:39.0649 0x10e8  Psched - ok
00:11:39.0680 0x10e8  [ E0DCCA2A78516D155A6485CCA99F0EA5, EAFD24F815ECD6373BEC8E75B24FB54694CB8E4FF430FB6886F9B5B1C1762BFC ] QWAVE           C:\WINDOWS\system32\qwave.dll
00:11:39.0727 0x10e8  QWAVE - ok
00:11:39.0742 0x10e8  [ A2B0F46FBA2521E7E732BDBDB1238515, 7F0FEFB09770BF5889D6C2219F68399C962A3F1071E70C4951B6FDAE196CF041 ] QWAVEdrv        C:\WINDOWS\system32\drivers\qwavedrv.sys
00:11:39.0774 0x10e8  QWAVEdrv - ok
00:11:39.0805 0x10e8  [ EA9EB06EFC325CD2ACF5DF2F26A4894E, 32AC7EDB42CDA736E2AD9AB67795735F16234D9BD80D56FDAE5B8B3C3C1CC26F ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
00:11:39.0836 0x10e8  RasAcd - ok
00:11:39.0852 0x10e8  [ 4E9379389D0A851DD19D130C8FAEFBD0, 279A25EF8949A5BAF311CA75493A5F89F74A02711EF875F67D0A95849B409C00 ] RasAgileVpn     C:\WINDOWS\System32\drivers\AgileVpn.sys
00:11:39.0899 0x10e8  RasAgileVpn - ok
00:11:39.0914 0x10e8  [ 3E8CB44832FE3F96047187291523CDA1, 999A10D4D50CD2C39309FDC04A9F4CB0959BA061AE9305D4DF7F00F37F3813F9 ] RasAuto         C:\WINDOWS\System32\rasauto.dll
00:11:39.0945 0x10e8  RasAuto - ok
00:11:39.0977 0x10e8  [ 5279EC98F6218D29EADDFECCC0D80E9A, 6F376FC3BEFA9F521635192177962AF1F41173502EC067896B7C2A5FB71E7A3B ] Rasl2tp         C:\WINDOWS\System32\drivers\rasl2tp.sys
00:11:40.0039 0x10e8  Rasl2tp - ok
00:11:40.0086 0x10e8  [ AC6A0AE3B33EE783717820458882F91C, EA503A90DBC31FB6B5D047D59E0F2855880EF3877877AD576579DB5CD8188E4A ] RasMan          C:\WINDOWS\System32\rasmans.dll
00:11:40.0164 0x10e8  RasMan - ok
00:11:40.0180 0x10e8  [ D7FF75ED7A48FD60A573C9E959CF4DB5, C67673E2D678527F8C07C9BCC487D385B92282D9D73396CFB01F14F5211CA991 ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
00:11:40.0195 0x10e8  RasPppoe - ok
00:11:40.0211 0x10e8  [ 6A4E45A7F17FA0B4B1B48C550E311944, 1E84A559B7AA5F07E8156D223EFFB1B2B43D1E4E90E561D8DF2C257FFBCFDC0D ] RasSstp         C:\WINDOWS\System32\drivers\rassstp.sys
00:11:40.0258 0x10e8  RasSstp - ok
00:11:40.0305 0x10e8  [ F2C575A9657F7B2E027C6CE7BC8F1A2D, 5D002488CCEDCEBF0542F508FCE47DC9105C67D5685489970048437BD243AC0E ] rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
00:11:40.0336 0x10e8  rdbss - ok
00:11:40.0352 0x10e8  [ 9414B22E093243636D362BF8C8C12A67, 575CE91AFADD771CBF86377962EDFAF70150BBA575F8DF144FEE6CC1C0FF88E0 ] rdpbus          C:\WINDOWS\System32\drivers\rdpbus.sys
00:11:40.0383 0x10e8  rdpbus - ok
00:11:40.0399 0x10e8  [ 53A01D3FDB701AC5D9DDE4140227E3D9, 833AF0BAAB49B58C71C684D2AA20B900C27E19DDCE5E15355C7ABAAB33BC7673 ] RDPDR           C:\WINDOWS\system32\drivers\rdpdr.sys
00:11:40.0430 0x10e8  RDPDR - ok
00:11:40.0461 0x10e8  [ DF32ED51DC0C3F6F3B1C4CEF71B8B426, DBEAD271B5DE6439E3106BDDB8B1E47D7BA47AE203CF3E1F8924CE02FDCA6E0B ] RdpVideoMiniport C:\WINDOWS\system32\drivers\rdpvideominiport.sys
00:11:40.0477 0x10e8  RdpVideoMiniport - ok
00:11:40.0492 0x10e8  [ 2369A5B651308E0C3458143976E9B03B, 0EDE99F7E2A7668E90C2FCA11D4BCE0676FBEA2CCFB57A004827CE5FE96D1584 ] rdyboost        C:\WINDOWS\system32\drivers\rdyboost.sys
00:11:40.0524 0x10e8  rdyboost - ok
00:11:40.0586 0x10e8  [ 3581FB9529035F8EC6DB681664CA70B1, 0C7BCD6A3B4248683C52B69F0B373D5929C2375F9BBF6CA80C480A8E7446A30C ] ReFS            C:\WINDOWS\system32\drivers\ReFS.sys
00:11:40.0664 0x10e8  ReFS - ok
00:11:40.0711 0x10e8  [ 79E1ADE19D8B7C56EF29D098EAF57AD0, 295D0F04359A00849759976710F6CB83DB96E5007946930EA19865620EA3EFE7 ] ReFSv1          C:\WINDOWS\system32\drivers\ReFSv1.sys
00:11:40.0758 0x10e8  ReFSv1 - ok
00:11:40.0820 0x10e8  [ D91C597DE82E1500525945E1FFF24B0F, 3F5837A743715FB2CCBFC9458FBE010AED170B46515925D4C7C59BBAC792F695 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
00:11:40.0867 0x10e8  RemoteAccess - ok
00:11:40.0899 0x10e8  [ 19D1072193DAF71C97E5A05FC7673BB3, 313C3762CCC490C20B5561A78E6002E7A52F0142B370F17849DD4AB2F0AF6513 ] RemoteRegistry  C:\WINDOWS\system32\regsvc.dll
00:11:40.0945 0x10e8  RemoteRegistry - ok
00:11:40.0992 0x10e8  [ A12D167F73C3E285AC623BCA62B3A8BC, 6E8213808C22C0688BD40721FBBBAA88BFEFA1BD304BC19AA015FC541CA5BF84 ] RetailDemo      C:\WINDOWS\system32\RDXService.dll
00:11:41.0039 0x10e8  RetailDemo - ok
00:11:41.0070 0x10e8  [ D31B2CD9458D2E212A5F24D56D2FB8D5, D8EC0BDB9D143C050A48217C57AA1BA6D60EEFEF67A98441064BD8FD339987DD ] RmSvc           C:\WINDOWS\System32\RMapi.dll
00:11:41.0102 0x10e8  RmSvc - ok
00:11:41.0133 0x10e8  [ C79F1F7C8A5FCBE90E3C833299AA1F59, 7969E79B2095BDA144AA369DE21F49C9FAD272B5864B2F0FD28CB28D148F2AD6 ] RpcEptMapper    C:\WINDOWS\System32\RpcEpMap.dll
00:11:41.0164 0x10e8  RpcEptMapper - ok
00:11:41.0180 0x10e8  [ 1CE6928C1587F9760F7C3A036786CAE8, 3E4F5371E0DDDBA612BF61891D17D691DCAFB2E1010BBD84737FBD98DA8C03DE ] RpcLocator      C:\WINDOWS\system32\locator.exe
00:11:41.0211 0x10e8  RpcLocator - ok
00:11:41.0258 0x10e8  [ 0E79A4C76CAAA0CFE9CA42C13E5AA086, C4D90EDA54216CC7897128D39517E4E18195BF28254796C6D0684E2C7DB90642 ] RpcSs           C:\WINDOWS\system32\rpcss.dll
00:11:41.0321 0x10e8  RpcSs - ok
00:11:41.0352 0x10e8  [ C167028F97C6DEC11A5F845707BB892F, B03F2861FFB92E1355F0C61B2A5291A2FAE593501D6DB5493F1490111B98A7DA ] RSBASTOR        C:\WINDOWS\system32\DRIVERS\RtsBaStor.sys
00:11:41.0367 0x10e8  RSBASTOR - ok
00:11:41.0383 0x10e8  [ E87EECED9287C275B6CF30EB598B1D77, D0C5D4E37A3FAD422C0ECFFAB53904D9FD5385129DE2BC5AF75D91CD016EA6AC ] rspndr          C:\WINDOWS\system32\drivers\rspndr.sys
00:11:41.0430 0x10e8  rspndr - ok
00:11:41.0477 0x10e8  [ DFE1602D6A08A0C27C48DD8C4EFB11CA, 18368C921075780ABAFCC489BB69C5CBCE788A8C29B5CEAFB23C8EAB42CD1129 ] rt640x64        C:\WINDOWS\System32\drivers\rt640x64.sys
00:11:41.0508 0x10e8  rt640x64 - ok
00:11:41.0539 0x10e8  [ 6308366D3CDEA5F427CFF4BCF0081B4E, ABB91A41C09A1607C66BD380FD0A3EECAAF9AD534856CCC78DE1A4E450ADB07F ] s3cap           C:\WINDOWS\System32\drivers\vms3cap.sys
00:11:41.0555 0x10e8  s3cap - ok
00:11:41.0571 0x10e8  [ EABFCDA6E996F8A32DC1B302F7683BB2, 5FF2BA89D9A7BDE78C40866F15EC576527699ADD0F120E1A8388C4404A69F0E8 ] SamSs           C:\WINDOWS\system32\lsass.exe
00:11:41.0586 0x10e8  SamSs - ok
00:11:41.0617 0x10e8  [ 33B2DC5C2F19DA89F862484E23D9833D, 1C3BD1804767D087BE1510EEDCE94FFAC096922C821A123DB1BACDA5777246A7 ] sbp2port        C:\WINDOWS\system32\drivers\sbp2port.sys
00:11:41.0633 0x10e8  sbp2port - ok
00:11:41.0664 0x10e8  [ 6A7F961E0E6382F185809AEC6A97E078, 434E215337453C3973762A2F10806A57F3B296DDD34A948F781B67E374836AF5 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.dll
00:11:41.0696 0x10e8  SCardSvr - ok
00:11:41.0711 0x10e8  [ 45B203A8CD642F72E86690B957B6490D, 29D5733D2A6FF9F051FD74FFDCCDB5272EC8E7734021F5BBF0E9E521E61B150F ] ScDeviceEnum    C:\WINDOWS\System32\ScDeviceEnum.dll
00:11:41.0742 0x10e8  ScDeviceEnum - ok
00:11:41.0758 0x10e8  [ 5CFEEFCC6FAD1FD09ACCFBD652DDD85B, F90104CC42073ACD48A2FCCEDF58B57D8663223406ECB0A270140A053E9260B3 ] scfilter        C:\WINDOWS\system32\DRIVERS\scfilter.sys
00:11:41.0789 0x10e8  scfilter - ok
00:11:41.0836 0x10e8  [ 5BBFA6CA63E8A5BB8FA2FA84A5562CE2, C74CD0A76473343A8620D26C96F7300026C295EDF61B8A336AB326DFE861678D ] Schedule        C:\WINDOWS\system32\schedsvc.dll
00:11:41.0914 0x10e8  Schedule - ok
00:11:41.0930 0x10e8  [ 5C8620FAC0E3C1658C8EF7AD7BB7EA5F, FEBE7FC79FCDF692167D82DE54031FD68BD2941544007EEB3D82C21E7F1C5C83 ] scmbus          C:\WINDOWS\system32\drivers\scmbus.sys
00:11:41.0946 0x10e8  scmbus - ok
00:11:41.0977 0x10e8  [ 0EC94DA356D89CACD89B6E139E4D0A7D, 2F887681FDD5AB787154403E34623B1DFB61C70DAE5E2BFF1565E100F228870B ] SCPolicySvc     C:\WINDOWS\System32\certprop.dll
00:11:42.0008 0x10e8  SCPolicySvc - ok
00:11:42.0039 0x10e8  [ 71A494A502F24465317E88E80F6C0C2C, D85F139982804B8419D7CCF01F35CCDDA580BA5276A6261D0662028080F7765B ] sdbus           C:\WINDOWS\System32\drivers\sdbus.sys
00:11:42.0071 0x10e8  sdbus - ok
00:11:42.0086 0x10e8  [ 464B615872981015AC4FEEBDEA83A063, 5CF491352B267241CA11F08E72E6EA668A595662561892E0D02CCA5B71172E14 ] SDFRd           C:\WINDOWS\System32\drivers\SDFRd.sys
00:11:42.0102 0x10e8  SDFRd - ok
00:11:42.0133 0x10e8  [ 847F01FB8504425BB255856A14278A86, 41997D25D12779CA79551988C56FA0A302367076B09A82F620858EDDDBFCE3FF ] SDRSVC          C:\WINDOWS\System32\SDRSVC.dll
00:11:42.0164 0x10e8  SDRSVC - ok
00:11:42.0180 0x10e8  [ 6BC219F1D9CDE08CEB9084ADB41FBA01, DA8AC3B42A72515A1976961976203A52D4C8636586EB5EF6B466AAF967A6567E ] sdstor          C:\WINDOWS\System32\drivers\sdstor.sys
00:11:42.0196 0x10e8  sdstor - ok
00:11:42.0227 0x10e8  [ 2AE8505519C7E8A903DD7BE793A79846, 7044B1BC183E028BCFB544489B033F0968F033696F9816F354329ABD26C6EE7E ] seclogon        C:\WINDOWS\system32\seclogon.dll
00:11:42.0258 0x10e8  seclogon - ok
00:11:42.0289 0x10e8  [ 112134D19C8F08228D4EC84C16342ED6, F99095458BDD74F1531C4FB7A283D7A3F07BEC33FA8423F26D647EB4C5AAFC2E ] SecurityHealthService C:\WINDOWS\system32\SecurityHealthService.exe
00:11:42.0321 0x10e8  SecurityHealthService - ok
00:11:42.0383 0x10e8  [ 77FB9BE8EDDCC999D09F2B1A7878A2A9, 589774C006A339FCA9772C37C9103C73C8592E018553804B97F34E2A0069A3F7 ] SEMgrSvc        C:\WINDOWS\system32\SEMgrSvc.dll
00:11:42.0477 0x10e8  SEMgrSvc - ok
00:11:42.0492 0x10e8  [ 25456AF499A0C9C4A93CFAC70BDE9CC2, 885C1A9C8BFA73D9C9C454759DF871237F7C0F28D879E98B4BE0D0113C549B09 ] SENS            C:\WINDOWS\System32\sens.dll
00:11:42.0524 0x10e8  SENS - ok
00:11:42.0586 0x10e8  [ 892C955E1081412942F64679E0DD7A5D, 6A28012270FA1FB3BB279102C67FA5296564630181C887E1EA6EA1F952A30C37 ] SensorDataService C:\WINDOWS\System32\SensorDataService.exe
00:11:42.0680 0x10e8  SensorDataService - ok
00:11:42.0727 0x10e8  [ 358008CBDE5603F3B56789C977661CE3, 2C81180B27B854F201A683D2C75677660CA54ADC685F86CD414537C60D51FB4A ] SensorService   C:\WINDOWS\system32\SensorService.dll
00:11:42.0789 0x10e8  SensorService - ok
00:11:42.0805 0x10e8  [ 9B3744C26F206F9F90713D93A93C8B6E, D194F668D8BDDDB4356136CACF1FAD46E7566939C624029EF6E28D7A192B8EBF ] SensrSvc        C:\WINDOWS\system32\sensrsvc.dll
00:11:42.0852 0x10e8  SensrSvc - ok
00:11:42.0867 0x10e8  [ 585329F62195A4B7AAD0A95F6EC89751, E7ADED97ACA8E8E06C368E24702C22D4C2B0B9495DEA24A2DC2A30782099BDCE ] SerCx           C:\WINDOWS\system32\drivers\SerCx.sys
00:11:42.0883 0x10e8  SerCx - ok
00:11:42.0914 0x10e8  [ C8F4FDA8B3D039D7947344614FF5BFB2, 1A3B88EC59F2A820AFE4F3AC65F7149EAC68672D1F0D729CBB575694005A8911 ] SerCx2          C:\WINDOWS\system32\drivers\SerCx2.sys
00:11:42.0930 0x10e8  SerCx2 - ok
00:11:42.0946 0x10e8  [ E5B450E4E0DC1591254BF9CCF6C57B40, 958E7378D9BDE1F2EBE736D8D9912D56835A606AABDD042443A35CA37EC70F11 ] Serenum         C:\WINDOWS\System32\drivers\serenum.sys
00:11:42.0961 0x10e8  Serenum - ok
00:11:42.0977 0x10e8  [ 628D8DD136F92316BFEB58FA005338B7, 0CDA673D31F40EBD07E9F67667DB6077F23DCADE2DD8376AB550575224625D44 ] Serial          C:\WINDOWS\System32\drivers\serial.sys
00:11:43.0008 0x10e8  Serial - ok
00:11:43.0027 0x10e8  [ E5BA0B7353ADC5C95AB466D2E4DC89B1, 98F2A22ED892B2610C85EAAAB51DF25939599955A27611FCE9E68C3701CFD4EA ] sermouse        C:\WINDOWS\System32\drivers\sermouse.sys
00:11:43.0045 0x10e8  sermouse - ok
00:11:43.0092 0x10e8  [ 043D7B39E693C610036BD56DF30EF440, 329D29CE1CB5F502B7DFCBE24878CA61EC56787A1B02195E19499701B194DE08 ] SessionEnv      C:\WINDOWS\system32\sessenv.dll
00:11:43.0123 0x10e8  SessionEnv - ok
00:11:43.0154 0x10e8  [ 15CFCC4692DA8887B977CE5FC5181084, 31D86E122E35AB9E7275F2B0573EE98770BBE517ED3B9CCED97F4969C9A619F9 ] sfloppy         C:\WINDOWS\System32\drivers\sfloppy.sys
00:11:43.0170 0x10e8  sfloppy - ok
00:11:43.0217 0x10e8  [ 87B083252816171A17F833CBCB7AA85E, 200AB93CEF384791DC9B04D2AF17877CA10595B2CEDF4B9505E367A2382C4AB7 ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
00:11:43.0280 0x10e8  SharedAccess - ok
00:11:43.0342 0x10e8  [ 4293E11951DEAAFB3924AB1DAB1FAC08, 644974816DDF690B26F369E48533D654A5B298BCA993EE53EACB5C00E52E5243 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
00:11:43.0420 0x10e8  ShellHWDetection - ok
00:11:43.0451 0x10e8  [ 7CA2E9B6EDC87FCCA9C49D3D9BE62B65, 3FE1A2DD8581BF8D29EA2000424EB992BCA8E00986F107C22489D006F729D2E3 ] shpamsvc        C:\WINDOWS\system32\Windows.SharedPC.AccountManager.dll
00:11:43.0530 0x10e8  shpamsvc - ok
00:11:43.0545 0x10e8  [ 2339F6B45E1D863B1D327F3AFD75A675, 03304ADC42EF6E8F671C8AA78A0D3E40408D870FBF2DA2B31A1727F86EF8F213 ] SiSRaid2        C:\WINDOWS\system32\drivers\SiSRaid2.sys
00:11:43.0561 0x10e8  SiSRaid2 - ok
00:11:43.0592 0x10e8  [ F520D50AD7266ED31D25DF4C8EA6BC2D, F68CF9EFB8319E59A8D9C24A36A198185DD79CBACD14510F5450F0024F0CD4D3 ] SiSRaid4        C:\WINDOWS\system32\drivers\sisraid4.sys
00:11:43.0608 0x10e8  SiSRaid4 - ok
00:11:43.0686 0x10e8  [ B72B80E6FF423C5011E745CB76DA9A08, 18A6B9D46E91AD4D463EB5CB832702392D2E162577F90C328B515FCE69FABD15 ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
00:11:43.0733 0x10e8  SkypeUpdate - ok
00:11:43.0764 0x10e8  [ 70A2FD5F5B7B1A5E1146BE45E4DFB75D, 598824F06BBC2E37B9A6474411637C73233C8D2E13AE963C3229279A8519A9D3 ] smphost         C:\WINDOWS\System32\smphost.dll
00:11:43.0795 0x10e8  smphost - ok
00:11:43.0842 0x10e8  [ CB001810FD0C56F1D57229D023A84AE8, E423B53EE3A3710D6F45CD14C8BA5EF8E955344C8477385D470E6687FC661A75 ] SmsRouter       C:\WINDOWS\system32\SmsRouterSvc.dll
00:11:43.0905 0x10e8  SmsRouter - ok
00:11:43.0936 0x10e8  [ 9977AFF389C0C32DE419226564886E09, 453ABAB020E3ACD04A45BD05B224C182A47534C23023C4E1AD1903E5377B3CCF ] SNMPTRAP        C:\WINDOWS\System32\snmptrap.exe
00:11:43.0983 0x10e8  SNMPTRAP - ok
00:11:44.0030 0x10e8  [ 2334ED0B61CAE7E7B1B454674206CDAC, 4EAA11805C2282E0306A381CF56E4B28D83C68BA1B401BFD512AE70C05C8A4CD ] spaceport       C:\WINDOWS\system32\drivers\spaceport.sys
00:11:44.0061 0x10e8  spaceport - ok
00:11:44.0092 0x10e8  [ F3F0B8CAC1F3E6C3382EAFCE762475AD, 9F2EB373FB9216CDA71965979EE5E18F3AFDD26FF7E0C09DD7C3D880205C2554 ] SpatialGraphFilter C:\WINDOWS\system32\drivers\SpatialGraphFilter.sys
00:11:44.0108 0x10e8  SpatialGraphFilter - ok
00:11:44.0139 0x10e8  [ 83E82B0E292DCDE4C75B9241BF0FB300, 494D2FD4CD082CC416CA5FF1ABE06BDC65A769F371CF0E18AD25C380B45AEE32 ] SpbCx           C:\WINDOWS\system32\drivers\SpbCx.sys
00:11:44.0155 0x10e8  SpbCx - ok
00:11:44.0201 0x10e8  [ 10CD42898C9E4849193E78A87337B2E9, 7C4FCB36EE1AF92C6962F14AE6DEF2CB154468EC3963DCDB9BDF8398C98B475B ] spectrum        C:\WINDOWS\system32\spectrum.exe
00:11:44.0264 0x10e8  spectrum - ok
00:11:44.0311 0x10e8  [ 29D813B5D84BC2C26BBC607CAA57A675, 2C4D5F4E2F7B6580E22ABF67690B0D32CAF5063DEA79E6F57E565782973F3990 ] Spooler         C:\WINDOWS\System32\spoolsv.exe
00:11:44.0373 0x10e8  Spooler - ok
00:11:44.0558 0x10e8  [ E910861720DE6EDFB5CC6158CE3C7E17, 526BA8EEB9EE5312FEC39753D728E05F49AD81132346A354C95D4D4938001E2B ] sppsvc          C:\WINDOWS\system32\sppsvc.exe
00:11:44.0779 0x10e8  sppsvc - ok
00:11:44.0826 0x10e8  [ 36EAC4FE629FC036632F13EC14788FD1, 6AEE37816306FE46FA99EADB23E98CE6A6674C11ED847F1F5575926E26B09F9A ] srv             C:\WINDOWS\system32\DRIVERS\srv.sys
00:11:44.0873 0x10e8  srv - ok
00:11:44.0920 0x10e8  [ A84B05C7C2A233497BE1D518A662C326, 85B291B6783AD48F2111B46050311A553BE6D6A7C3D90861DC010FA65730D2B5 ] srv2            C:\WINDOWS\system32\DRIVERS\srv2.sys
00:11:44.0967 0x10e8  srv2 - ok
00:11:44.0998 0x10e8  [ 0351B28EEDFBD6C8CC69A7224A098CFA, D1D08D63F773CAEEA66585D090C073C0748AE96A2AAE8487E4B8BA54F7E59558 ] srvnet          C:\WINDOWS\system32\DRIVERS\srvnet.sys
00:11:45.0045 0x10e8  srvnet - ok
00:11:45.0076 0x10e8  [ E95A6C339AE68515897B2E4C6B0842CA, 29DD7E83CD68432EAE4A7ED92CDA40AA52028F5FBB52152F0A1C752B572C2684 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
00:11:45.0139 0x10e8  SSDPSRV - ok
00:11:45.0170 0x10e8  [ FBD45746B2EDEECA10CCA6A861F8049B, 34383B0A07A93E0FA89CA32CD45AC5061F73723B2A9E0BF4AF93A53F70F1678E ] SstpSvc         C:\WINDOWS\system32\sstpsvc.dll
00:11:45.0201 0x10e8  SstpSvc - ok
00:11:45.0232 0x10e8  [ 592FF34A2FD6C6351B8A3AA76B2C0A9E, 152B7472DE531AC45492F562DD470B2CE33F1EEF13BC78F26046AE5ABF54E32F ] ssudmdm         C:\WINDOWS\system32\DRIVERS\ssudmdm.sys
00:11:45.0248 0x10e8  ssudmdm - ok
00:11:45.0451 0x10e8  [ F1A5AC00B8CD7E28BBC8DD7E60D48B65, AC185DD46A8B63500DDE74C2446F6409B0B4612068C33B4B7C30E43F389908DF ] StateRepository C:\WINDOWS\system32\windows.staterepository.dll
00:11:45.0648 0x10e8  StateRepository - ok
00:11:45.0695 0x10e8  [ D40C589F80EB1C511263D0547C0259AE, A0236F6BB515AE006CC4C9F40FCCE250407888757A3646BB4BCB59EF8EEF1311 ] stexstor        C:\WINDOWS\system32\drivers\stexstor.sys
00:11:45.0726 0x10e8  stexstor - ok
00:11:45.0773 0x10e8  [ F83F43CD328E6CEEAAC27612F3EB1FF5, E3D35E5154CD228301806706E6EADCA36E9113EAF44BC06E3C43B2E902187326 ] stisvc          C:\WINDOWS\System32\wiaservc.dll
00:11:45.0820 0x10e8  stisvc - ok
00:11:45.0851 0x10e8  [ 576A818562069B1E091CC719C143AED2, 48880CF4D33033E9A6024C2A0AD673AFBCE400C74574913F8E24717BA6BADE7C ] storahci        C:\WINDOWS\system32\drivers\storahci.sys
00:11:45.0867 0x10e8  storahci - ok
00:11:45.0898 0x10e8  [ E5F703788DFA05411F1469E96838F438, A7E8D2DC23E23EA52B068C71D9387E69FF49798A27CE0243A994A2B1B09FA042 ] storflt         C:\WINDOWS\system32\drivers\vmstorfl.sys
00:11:45.0914 0x10e8  storflt - ok
00:11:45.0929 0x10e8  [ 0D0128244FF55EAD3F878D3FE542DBA5, 4FCFA1B2113E07264A71A22298CA6E9FDC2AB722E0AE184A8F5656C18113A858 ] stornvme        C:\WINDOWS\system32\drivers\stornvme.sys
00:11:45.0945 0x10e8  stornvme - ok
00:11:45.0961 0x10e8  [ 3A62FF78619258E6126C5C4B4CC82C8E, C72CC295680B35E0EEE5A5310E0241E2FFE0E540BFAA49C35C06AA882229C1CD ] storqosflt      C:\WINDOWS\system32\drivers\storqosflt.sys
00:11:46.0007 0x10e8  storqosflt - ok
00:11:46.0054 0x10e8  [ 212CB512B785E218667CCA56C4BFD71D, 5FD4CFEE5AB2187D928632076E6AD5C2C53D66884479C4D34930DCFCA3CCEE34 ] StorSvc         C:\WINDOWS\system32\storsvc.dll
00:11:46.0117 0x10e8  StorSvc - ok
00:11:46.0148 0x10e8  [ C6097966F8EA3B288070CDF7C3C8C3E8, D12C4AF3E54DCE1E5DC9C8AA0E83420F481DC0165A7F7845083A85BABC102D37 ] storufs         C:\WINDOWS\system32\drivers\storufs.sys
00:11:46.0164 0x10e8  storufs - ok
00:11:46.0179 0x10e8  [ 3DC3B17E92DA02E36B4138733DF6C1AC, 398F20B6D6DAF6DA950C149F63F3B23864E1478119BFE53218C220CEADEC800D ] storvsc         C:\WINDOWS\system32\drivers\storvsc.sys
00:11:46.0195 0x10e8  storvsc - ok
00:11:46.0226 0x10e8  [ D284AB2CA6C30317D142D38CE1F848BE, 4C9EAE174F5C673CA550C9382E85CE7DAF5DC9965495BAB09078B634A4CDD4FB ] svsvc           C:\WINDOWS\system32\svsvc.dll
00:11:46.0258 0x10e8  svsvc - ok
00:11:46.0289 0x10e8  [ 2BC4D0EBC2467FE90302AE0AFAF23768, CF8BCC9CA1FBA8407FD044613A2497BEEC641DE463B076F0ED1FA7674C202ADE ] swenum          C:\WINDOWS\System32\drivers\swenum.sys
00:11:46.0320 0x10e8  swenum - ok
00:11:46.0351 0x10e8  [ 13985DA558FBCBFD9108A2CACB5FE494, DD457A73E82147AA90C36D695A47E862FF90D96FB1E22760FAB5780F7C332A46 ] swprv           C:\WINDOWS\System32\swprv.dll
00:11:46.0398 0x10e8  swprv - ok
00:11:46.0414 0x10e8  [ 572F81CF08972D53BAFFC2A110A2A586, D9AF8EBB31CE097849F93FC8C0F06178B2E1CA8C48D08BBDD85174CCD64A16D6 ] Synth3dVsc      C:\WINDOWS\System32\drivers\Synth3dVsc.sys
00:11:46.0429 0x10e8  Synth3dVsc - ok
00:11:46.0492 0x10e8  [ 7C29BBF63178BB6788AD1C2B231150A5, 5114AC1260C5447D3B21C7C56D825C1E77FCE388C5630D0200C8256F69EFA6B4 ] SysMain         C:\WINDOWS\system32\sysmain.dll
00:11:46.0554 0x10e8  SysMain - ok
00:11:46.0586 0x10e8  [ 97E0FD613D031EAA73E8AD259169AC22, E86E9B9C18AF2E79D7CF80B177A12D89418CDBD3CBB74307809DD0377408DB82 ] SystemEventsBroker C:\WINDOWS\System32\SystemEventsBrokerServer.dll
00:11:46.0633 0x10e8  SystemEventsBroker - ok
00:11:46.0664 0x10e8  [ 7750219DFABC38261575B6CEFBF84EC6, 50DF85E34AF7C1343281AD0EF34FD94AB0E279DA5C61976ABA0135B8F013C543 ] TabletInputService C:\WINDOWS\System32\TabSvc.dll
00:11:46.0679 0x10e8  TabletInputService - ok
00:11:46.0711 0x10e8  [ C1C6A802C2A9A57029D4347E251F4D18, 9F75B7F003C829FFDB2CDC98231D32FE988754D23873048FA4F6EB82ED1DCED4 ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
00:11:46.0742 0x10e8  TapiSrv - ok
00:11:46.0867 0x10e8  [ D8D7A91B56DEF4A771A4414E9F07D138, 47712749937D945B15181F79D3FBD0151C021E0F4030E152CED88C96F1D072E6 ] Tcpip           C:\WINDOWS\system32\drivers\tcpip.sys
00:11:46.0976 0x10e8  Tcpip - ok
00:11:47.0054 0x10e8  [ D8D7A91B56DEF4A771A4414E9F07D138, 47712749937D945B15181F79D3FBD0151C021E0F4030E152CED88C96F1D072E6 ] Tcpip6          C:\WINDOWS\system32\drivers\tcpip.sys
00:11:47.0148 0x10e8  Tcpip6 - ok
00:11:47.0211 0x10e8  [ 1C35A5C62D110346379C55E39A3D547C, 5BDBD593AB51ECA5A6B703E86F300E3B2B153E128BEB9A006ABD827AE726BD62 ] tcpipreg        C:\WINDOWS\system32\drivers\tcpipreg.sys
00:11:47.0258 0x10e8  tcpipreg - ok
00:11:47.0273 0x10e8  [ 892AB2637603A5E9507C39E61101C3C3, 04B06BBEFC033BC9395123AE623E0BB3A241F05AA93EA2625CF2DBE1B3FFD1B6 ] tdx             C:\WINDOWS\system32\DRIVERS\tdx.sys
00:11:47.0289 0x10e8  tdx - ok
00:11:47.0304 0x10e8  [ 96A35CDBA661D41C5A3914257CA1D200, 691ABBAA99C673E7D0B81D811BCC60976C3EC050F2B39B35B87A3BCC211F119A ] terminpt        C:\WINDOWS\System32\drivers\terminpt.sys
00:11:47.0320 0x10e8  terminpt - ok
00:11:47.0383 0x10e8  [ 0B5C6D1683CDE89B3488326C60EA6EF2, 3B822CF005FA3002F27FF9BF39E7E133987230DA3481CFCF99F3B2B6B373A718 ] TermService     C:\WINDOWS\System32\termsrv.dll
00:11:47.0445 0x10e8  TermService - ok
00:11:47.0461 0x10e8  [ 6568EF1B30101979107055B7E515EE58, A318082E5FDD79C9F85E8C00A78EBFA0EC44B1046976E85633DC7BD123DA38B9 ] Themes          C:\WINDOWS\system32\themeservice.dll
00:11:47.0492 0x10e8  Themes - ok
00:11:47.0523 0x10e8  [ 2ABC11CFC2F03A919AF78A6E3E29C570, 54D91F89993A0FF090E2213EED92DE3659DCB693FBDA5932E31C6D6D7CFC8E80 ] TieringEngineService C:\WINDOWS\system32\TieringEngineService.exe
00:11:47.0570 0x10e8  TieringEngineService - ok
00:11:47.0633 0x10e8  [ 8949EED671F531E7B4A0FD7333CCC125, 2D55A1B4FD6843A11383BB71D0409943CA0C47350153F3EDAAA3CADFA4A3504A ] tiledatamodelsvc C:\WINDOWS\system32\tileobjserver.dll
00:11:47.0679 0x10e8  tiledatamodelsvc - ok
00:11:47.0711 0x10e8  [ E59D4F92FE11B47AB727C6D192CC977F, 1DA06663889A20A1B22DDF90E5C99A5668023C0B89E252F3E820C0D1964B1948 ] TimeBrokerSvc   C:\WINDOWS\System32\TimeBrokerServer.dll
00:11:47.0742 0x10e8  TimeBrokerSvc - ok
00:11:47.0820 0x10e8  [ C83505A5CC15E39D6C6D7B3C20187E5C, A6AB47C041A7C99CB0D5EA706CC31B3D88DC83BAF5AF7E59F651F9D7068D94B2 ] TokenBroker     C:\WINDOWS\System32\TokenBroker.dll
00:11:47.0883 0x10e8  TokenBroker - ok
00:11:47.0914 0x10e8  [ F76A92975340DAA99939DA297D677EA8, 51DA87E921BBA21BF39D7D9B691CEF8B1D2BCE2BBB0BA5B3C12B7E98CB5C702E ] TPM             C:\WINDOWS\System32\drivers\tpm.sys
00:11:47.0945 0x10e8  TPM - ok
00:11:47.0961 0x10e8  [ 85E0D4431D61675A94EA99C9E1F56436, 9FA750703E04D20A62DBB0185CBDD70AFC4573FB65F86E61AAF7CF7A7D8E1E3E ] TrkWks          C:\WINDOWS\System32\trkwks.dll
00:11:47.0992 0x10e8  TrkWks - ok
00:11:48.0054 0x10e8  [ F21A69013A67B372675F523262AC1E33, C3F910E375C0F4B7FFA6F6D755622FF6B0CAE36DF691C938DE177C94815FE3C8 ] TrustedInstaller C:\WINDOWS\servicing\TrustedInstaller.exe
00:11:48.0101 0x10e8  TrustedInstaller - ok
00:11:48.0133 0x10e8  [ 9856BCCD1CD5DE4D17E8DBBA7CEFC688, F4B532DCE6F4728092848FE7B2FC05AB921EC7B3FDD7E62AB40EE0029C008398 ] TsUsbFlt        C:\WINDOWS\system32\drivers\tsusbflt.sys
00:11:48.0164 0x10e8  TsUsbFlt - ok
00:11:48.0164 0x10e8  [ 837AD2B941E721BCCEB7EF137E2DEE18, 84BE22616A50467B1957434C8BD19C8B0FC3B21CD77FFB8E16A09347CEAE0F4E ] TsUsbGD         C:\WINDOWS\System32\drivers\TsUsbGD.sys
00:11:48.0195 0x10e8  TsUsbGD - ok
00:11:48.0211 0x10e8  [ B3142C6118703E98EB0510CF7B43D0F2, 40FDCBAA2AD93026AD479BF8C1B4EE7A4E2E65590608B6B1C5DEB3C4716E5C03 ] tunnel          C:\WINDOWS\System32\drivers\tunnel.sys
00:11:48.0258 0x10e8  tunnel - ok
00:11:48.0304 0x10e8  [ B097B77121A057AB6D70C647636978D4, 10F78A18AC898CDD0FA91D6FA29B8B45C6D8F6CE65B064C39256EB20FC6CD085 ] tzautoupdate    C:\WINDOWS\system32\tzautoupdate.dll
00:11:48.0320 0x10e8  tzautoupdate - ok
00:11:48.0351 0x10e8  [ B4C846ABD462558D45CA578C855759C3, E0F0DD39A6C101C2209CA46EF2B5A5F4559843C9EE37CC08ED78D9E124A566D2 ] UASPStor        C:\WINDOWS\System32\drivers\uaspstor.sys
00:11:48.0367 0x10e8  UASPStor - ok
00:11:48.0383 0x10e8  [ 5C2C0296D9EE7DC92A3F14642FBE656D, 94A7D549EC53C71095AD8DE4DB8F846D1DB3438FE2679E41DCAE62C34C0654DD ] UcmCx0101       C:\WINDOWS\system32\Drivers\UcmCx.sys
00:11:48.0414 0x10e8  UcmCx0101 - ok
00:11:48.0445 0x10e8  [ 8BB64E04CD97AD8C68543181D93E2AFC, FBA2FB9A9906721BAD42CDFFCCE0234AF3F72B83E2571E526801F19173B7C9CE ] UcmTcpciCx0101  C:\WINDOWS\system32\Drivers\UcmTcpciCx.sys
00:11:48.0476 0x10e8  UcmTcpciCx0101 - ok
00:11:48.0492 0x10e8  [ 5A7CE114C8DA9060F32633F81A5625E5, B49163951B380827ADBF13D336D5BDC1EEE90A70058019928A603AA1C24D8EB7 ] UcmUcsi         C:\WINDOWS\System32\drivers\UcmUcsi.sys
00:11:48.0508 0x10e8  UcmUcsi - ok
00:11:48.0523 0x10e8  [ 5D4EAF3D0911338CB8FDB088386D6DCA, 1AC5B494C39570E66C4D4F867C6B8E37C174FB5D67C2865B07247122F60F8895 ] Ucx01000        C:\WINDOWS\system32\drivers\ucx01000.sys
00:11:48.0555 0x10e8  Ucx01000 - ok
00:11:48.0570 0x10e8  [ 384E1F0D84B465820416338E52FE7C2B, 8F82778332EA1199987BA569536CBED8FEAF5E9D920321B0C9DFCBDDD91EEA35 ] UdeCx           C:\WINDOWS\system32\drivers\udecx.sys
00:11:48.0601 0x10e8  UdeCx - ok
00:11:48.0633 0x10e8  [ C82BE75239D412057C9E3DB1785680C6, AE712E40440F5725DA41C95C3E558B5E9ABB17C55B70297DD40D7D1BDA7CE45D ] udfs            C:\WINDOWS\system32\DRIVERS\udfs.sys
00:11:48.0680 0x10e8  udfs - ok
00:11:48.0695 0x10e8  [ CCDF6EFF952BF3BF34DC17600F479397, 2A2009B3C4BD1A44F1C6E334CB0A7DD02443BCE1EB48837C1C70A2A04CC7C54A ] UEFI            C:\WINDOWS\System32\drivers\UEFI.sys
00:11:48.0711 0x10e8  UEFI - ok
00:11:48.0726 0x10e8  [ 00BEF71C45FD6B06E7525E7B31EFA88C, C0BDE8CB41BF9A34E395EA86756637E4CD6B88EF1C842364ECA639948D6CD59A ] Ufx01000        C:\WINDOWS\system32\drivers\ufx01000.sys
00:11:48.0758 0x10e8  Ufx01000 - ok
00:11:48.0773 0x10e8  [ 9450AB15C30CF7D1F23C8A42E778C3A2, E62455008ED5B7220AEE62E0F459A67E26FB2878349ABA5AAF0164C2E7A8C0E9 ] UfxChipidea     C:\WINDOWS\System32\drivers\UfxChipidea.sys
00:11:48.0789 0x10e8  UfxChipidea - ok
00:11:48.0820 0x10e8  [ CEE12C7A689BDF448715024A7E0EB9C3, EC48E1469800E34A71C8A97A6F2F0B7C67385BCB8438844E6967DE0A82E39B94 ] ufxsynopsys     C:\WINDOWS\System32\drivers\ufxsynopsys.sys
00:11:48.0836 0x10e8  ufxsynopsys - ok
00:11:48.0867 0x10e8  [ 5A2F610B31CC3FD23D3E20C1D5F1EF52, D470B7C1CAE066C2DCDBA47001913FB1A7C9CC5B200FB8324DB896B641C1A132 ] UI0Detect       C:\WINDOWS\system32\UI0Detect.exe
00:11:48.0898 0x10e8  UI0Detect - ok
00:11:48.0914 0x10e8  [ F39ED750EDF5948FA8CD99D1F4EC9372, AE42AE50DE09F26D3CA4ACDCD5ECABD59D26926707030F0532A885266FE83EF9 ] umbus           C:\WINDOWS\System32\drivers\umbus.sys
00:11:48.0930 0x10e8  umbus - ok
00:11:48.0945 0x10e8  [ 55984D4E64C2F8E4223542CBCC15EDEB, ECBC832FBBA6AFCAEDEBB2728FA4A6DDCF52A6421929E72CA29B61CDBED840DF ] UmPass          C:\WINDOWS\System32\drivers\umpass.sys
00:11:48.0976 0x10e8  UmPass - ok
00:11:49.0008 0x10e8  [ FBEF4641E3E08A03CA84AF5C393CA86B, 9A14A0FB645AB6DD0B49F3A14FBF38FECC65796F2503324E93994113CC7AD52F ] UmRdpService    C:\WINDOWS\System32\umrdp.dll
00:11:49.0039 0x10e8  UmRdpService - ok
00:11:49.0101 0x10e8  [ 3699DED879B2FF8FC1ECE91489109796, 05B1283256F6CA6AF3ABBE003360BF0BAB3400223092E7E9F0822120BF576BD2 ] UnistoreSvc     C:\WINDOWS\System32\unistore.dll
00:11:49.0164 0x10e8  UnistoreSvc - ok
00:11:49.0273 0x10e8  [ E1A119AD21F5AFE22EB516C549306D3D, 48769D5E7A78B7A2C00F1F6798AC133CF3E0B2C76F71D3719BD741DDD8F2D229 ] UNS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
00:11:49.0289 0x10e8  UNS - ok
00:11:49.0336 0x10e8  [ BBB6BDBE5ADCE6F87F70623D5A1EC5BC, E8BD5804FF82417890A9D1A44096B174E81A8C7AD3059B1F0C62740E0B39D137 ] upnphost        C:\WINDOWS\System32\upnphost.dll
00:11:49.0383 0x10e8  upnphost - ok
00:11:49.0414 0x10e8  [ 4D23214CB8B1C36B82061280EB8FDAB3, 387C01A7F9D8F89ED894EDF894AAAF8830DD7C90DF2F12A2CB4C4E9C7CB773BE ] UrsChipidea     C:\WINDOWS\System32\drivers\urschipidea.sys
00:11:49.0430 0x10e8  UrsChipidea - ok
00:11:49.0445 0x10e8  [ 4329D880DB96B504F0DDC991A7374CCD, 1486BEF2C03ED281B24A17D3C18FEA2360E37A6B46D1A67D4690CD871B0A13DA ] UrsCx01000      C:\WINDOWS\system32\drivers\urscx01000.sys
00:11:49.0461 0x10e8  UrsCx01000 - ok
00:11:49.0461 0x10e8  [ 93FAD0AC5879F274FA248A49E3F3EA33, D936F408E23040B33F30AB3B43D8B8BB9F3CCF2549E821F4C47357987AFF386F ] UrsSynopsys     C:\WINDOWS\System32\drivers\urssynopsys.sys
00:11:49.0476 0x10e8  UrsSynopsys - ok
00:11:49.0539 0x10e8  [ 6B09AA6A04C8261E787B6523229E7159, F97BED424E988AC6272D51025FD0D3180E89BAF0FFC83DAB609774D6269B353A ] usbccgp         C:\WINDOWS\System32\drivers\usbccgp.sys
00:11:49.0601 0x10e8  usbccgp - ok
00:11:49.0633 0x10e8  [ ECE3AD18B4C22ED0C4AB1A2AD9AC32C8, 2062D400305075E886CF2C9D710A1C48B3F4AD48E7A75A77C66547357E96CB6E ] usbcir          C:\WINDOWS\System32\drivers\usbcir.sys
00:11:49.0664 0x10e8  usbcir - ok
00:11:49.0695 0x10e8  [ F8BCB536866474C6D8008F4C69B778A1, F86F4330DE2F50D48559C1ED46168ADB8F6AA7C8FE3834FFE00085C1783C5750 ] usbehci         C:\WINDOWS\System32\drivers\usbehci.sys
00:11:49.0711 0x10e8  usbehci - ok
00:11:49.0742 0x10e8  [ 1F723DA014062DBF3288B408A7611845, 0CCC9360259E6FBC510BBF69AE991A53A92516023AAC32C60A44BD3B43371C66 ] usbhub          C:\WINDOWS\System32\drivers\usbhub.sys
00:11:49.0773 0x10e8  usbhub - ok
00:11:49.0789 0x10e8  [ C3F953D10C486D6A190AF548B3CF7DC9, B0FB45B3045D499A44853A9D4CFD39C9D92873FC0A62A3D76B6149E601DFECD8 ] USBHUB3         C:\WINDOWS\System32\drivers\UsbHub3.sys
00:11:49.0836 0x10e8  USBHUB3 - ok
00:11:49.0836 0x10e8  [ BE6ED98FD0D3FE5FB11762AD7CCD6C96, 54C6C929CA55EA6770474F7E230190FC7574C1FA52437B564B3B5FA4D6106D8A ] usbohci         C:\WINDOWS\System32\drivers\usbohci.sys
00:11:49.0867 0x10e8  usbohci - ok
00:11:49.0883 0x10e8  [ CEE43CD5357DB8786CE6E2C430841AE4, 50F4629AE488A12D18EFFAD486D2F95545049AB1F6A3248BA44D2132EEC9A653 ] usbprint        C:\WINDOWS\System32\drivers\usbprint.sys
00:11:49.0914 0x10e8  usbprint - ok
00:11:49.0930 0x10e8  [ 99F0738B320B7A8D11351A32F68AA5F1, DAA887C31E3F56245C15F04044C12B6E832FA7E837F4107376A6F8D8E3A99FEC ] usbser          C:\WINDOWS\System32\drivers\usbser.sys
00:11:49.0961 0x10e8  usbser - ok
00:11:49.0976 0x10e8  [ 67E26F56CF7EACCBD9C9F75343A3D7C2, 210FA280897CCCB2458E9E683A8B4CA8A5DF9606B54F8B9CE05CA4AA6FD810AB ] USBSTOR         C:\WINDOWS\System32\drivers\USBSTOR.SYS
00:11:49.0992 0x10e8  USBSTOR - ok
00:11:50.0023 0x10e8  [ 7BA802C9F73A84B75BB22538ADA495BE, 7D97E6305168C4CA86AB9BD5B63300156DFE97032251CB83DB1D4C4DB9C28DC8 ] usbuhci         C:\WINDOWS\System32\drivers\usbuhci.sys
00:11:50.0039 0x10e8  usbuhci - ok
00:11:50.0055 0x10e8  [ 1854D3C5FBBA761BE838B58F2C96B3A6, 12042C28884F417C6B36648FC0CA8FB75D8732542B6384D8362E7BC9C8417C3E ] usbvideo        C:\WINDOWS\System32\Drivers\usbvideo.sys
00:11:50.0086 0x10e8  usbvideo - ok
00:11:50.0133 0x10e8  [ 50E70B3A95138AA4A30B095270EE0DE6, 9B7072C36230102A089C4A6DFE1980CD9DB28E566EF02830600DEBAF3AAD31C7 ] USBXHCI         C:\WINDOWS\System32\drivers\USBXHCI.SYS
00:11:50.0164 0x10e8  USBXHCI - ok
00:11:50.0258 0x10e8  [ 3156FFFB2B3BF5375814F777D343AD9F, C4E63043EB9D9227CDD487608AF9BA25C755D85E5FF8E63C2079D68CCC79E4BB ] UserDataSvc     C:\WINDOWS\System32\userdataservice.dll
00:11:50.0351 0x10e8  UserDataSvc - ok
00:11:50.0461 0x10e8  [ C0E60CC6D48013728C7E4168D61A0B39, CA283312E9669BCC74A3B5E6332502D1CAA7148C049B94AF3996F3C7CD2676EF ] UserManager     C:\WINDOWS\System32\usermgr.dll
00:11:50.0523 0x10e8  UserManager - ok
00:11:50.0570 0x10e8  [ 86FF5780D885B09F3C4CD62145470CB1, B0070E3567A7F8E993F2650E251026DF0A4FA0D3F5258C4F88D9819F9B9EC395 ] UsoSvc          C:\WINDOWS\system32\usocore.dll
00:11:50.0617 0x10e8  UsoSvc - ok
00:11:50.0633 0x10e8  [ EABFCDA6E996F8A32DC1B302F7683BB2, 5FF2BA89D9A7BDE78C40866F15EC576527699ADD0F120E1A8388C4404A69F0E8 ] VaultSvc        C:\WINDOWS\system32\lsass.exe
00:11:50.0648 0x10e8  VaultSvc - ok
00:11:50.0680 0x10e8  [ C1EC9211C7759D2487FD30934AA3EE96, 6914BB8B44550DFE75E5A3772E93ADF8459EB621CA400BDD9B7E3185A09B6F9A ] vdrvroot        C:\WINDOWS\system32\drivers\vdrvroot.sys
00:11:50.0695 0x10e8  vdrvroot - ok
00:11:50.0742 0x10e8  [ 374CD93271184F04988FDC1C25B3E855, 09727093C5F7B258867C16D41F7F9835BF549CC339288BFE01A8F34AC7E93E23 ] vds             C:\WINDOWS\System32\vds.exe
00:11:50.0805 0x10e8  vds - ok
00:11:50.0820 0x10e8  [ C83F3BC00651448DB127D497CF955089, 31B8838CEED08E7D5DD8635A805A8010798BD9B10A3775FAFDB576FBD7303D39 ] VerifierExt     C:\WINDOWS\system32\drivers\VerifierExt.sys
00:11:50.0851 0x10e8  VerifierExt - ok
00:11:50.0898 0x10e8  [ 0E12F5F6B1C813D17AFDA197C4394423, B0AFDFE0E12633C6D984DA366197BE09ED2649BAFF525FA0DE84701E5B335DB9 ] vhdmp           C:\WINDOWS\System32\drivers\vhdmp.sys
00:11:50.0945 0x10e8  vhdmp - ok
00:11:50.0961 0x10e8  [ 1AD096A5C00E522398D0092D875A8CB6, 6959FCD6DD2115CD293DBD4BCD6D1BA0AE4F7495A9BBB48F7388384EEABB38E9 ] vhf             C:\WINDOWS\System32\drivers\vhf.sys
00:11:50.0993 0x10e8  vhf - ok
00:11:51.0015 0x10e8  [ EE9A22CFD9AEDD7B52F98B0272494609, F668131BABD048857F011A471936B52EDF0F2A42CB6000ACB4E0E43F88782AAD ] vmbus           C:\WINDOWS\system32\drivers\vmbus.sys
00:11:51.0032 0x10e8  vmbus - ok
00:11:51.0048 0x10e8  [ BFBD0895926FD98A03AD6BB845B569B7, 5B7913ACD6CC132B2F36B079BC5F897C21884A7F21046B8996CC3D74C4B6DA4C ] VMBusHID        C:\WINDOWS\System32\drivers\VMBusHID.sys
00:11:51.0063 0x10e8  VMBusHID - ok
00:11:51.0079 0x10e8  [ C123C97D351C56C75FE5335AB18255EE, 67315E332E863E5C233BA113826A5DEEE08C1A0A3358E6AC21F25DC5EAC86D07 ] vmgid           C:\WINDOWS\System32\drivers\vmgid.sys
00:11:51.0094 0x10e8  vmgid - ok
00:11:51.0126 0x10e8  [ A9C889CFDDE704A15CDC639C3D6662B6, 9EE41886D9E8DFDB512B821EAFE1857E83A3C3318EB852A2C110DB8184346AA9 ] vmicguestinterface C:\WINDOWS\System32\icsvc.dll
00:11:51.0173 0x10e8  vmicguestinterface - ok
00:11:51.0188 0x10e8  [ A9C889CFDDE704A15CDC639C3D6662B6, 9EE41886D9E8DFDB512B821EAFE1857E83A3C3318EB852A2C110DB8184346AA9 ] vmicheartbeat   C:\WINDOWS\System32\icsvc.dll
00:11:51.0219 0x10e8  vmicheartbeat - ok
00:11:51.0219 0x10e8  [ A9C889CFDDE704A15CDC639C3D6662B6, 9EE41886D9E8DFDB512B821EAFE1857E83A3C3318EB852A2C110DB8184346AA9 ] vmickvpexchange C:\WINDOWS\System32\icsvc.dll
00:11:51.0251 0x10e8  vmickvpexchange - ok
00:11:51.0266 0x10e8  [ F8F380ABEAFBC589FF6D2D96267C1210, 0CFA3D9E88D984BAFED8E08102BF4DC4077856C6C8C1EBD8D4C4D0D49B673F44 ] vmicrdv         C:\WINDOWS\System32\icsvcext.dll
00:11:51.0313 0x10e8  vmicrdv - ok
00:11:51.0344 0x10e8  [ A9C889CFDDE704A15CDC639C3D6662B6, 9EE41886D9E8DFDB512B821EAFE1857E83A3C3318EB852A2C110DB8184346AA9 ] vmicshutdown    C:\WINDOWS\System32\icsvc.dll
00:11:51.0376 0x10e8  vmicshutdown - ok
00:11:51.0376 0x10e8  [ A9C889CFDDE704A15CDC639C3D6662B6, 9EE41886D9E8DFDB512B821EAFE1857E83A3C3318EB852A2C110DB8184346AA9 ] vmictimesync    C:\WINDOWS\System32\icsvc.dll
00:11:51.0407 0x10e8  vmictimesync - ok
00:11:51.0423 0x10e8  [ A9C889CFDDE704A15CDC639C3D6662B6, 9EE41886D9E8DFDB512B821EAFE1857E83A3C3318EB852A2C110DB8184346AA9 ] vmicvmsession   C:\WINDOWS\System32\icsvc.dll
00:11:51.0454 0x10e8  vmicvmsession - ok
00:11:51.0485 0x10e8  [ F8F380ABEAFBC589FF6D2D96267C1210, 0CFA3D9E88D984BAFED8E08102BF4DC4077856C6C8C1EBD8D4C4D0D49B673F44 ] vmicvss         C:\WINDOWS\System32\icsvcext.dll
00:11:51.0516 0x10e8  vmicvss - ok
00:11:51.0549 0x10e8  [ 0AB9C264F13E2A070A8CF10EDD099ED2, 2E7EB4EE8DCBBCA497CC0E7F4BE057627E9702B6FAF56A7DBCA1325236C880EC ] volmgr          C:\WINDOWS\system32\drivers\volmgr.sys
00:11:51.0561 0x10e8  volmgr - ok
00:11:51.0592 0x10e8  [ 6EE608257C1137A25B402EF8FC77E83A, 3AE684EBA32563468AD917155C93220F938460A699FBFC3DB8436F83C0C54209 ] volmgrx         C:\WINDOWS\system32\drivers\volmgrx.sys
00:11:51.0623 0x10e8  volmgrx - ok
00:11:51.0670 0x10e8  [ E3429DBBEA3965BB96E24B16EF4A2551, 0CEE2DEF75C6761DA67AFD3BBF8DEEB1331796719EB84D658B3E517DEC824B49 ] volsnap         C:\WINDOWS\system32\drivers\volsnap.sys
00:11:51.0709 0x10e8  volsnap - ok
00:11:51.0709 0x10e8  [ 86E790B503C771E674C7DF8FFCBFEFDB, 634B27C4FA363A2165D3D6929D3B22F41EE06198C579A70D446A48830924467B ] volume          C:\WINDOWS\system32\drivers\volume.sys
00:11:51.0725 0x10e8  volume - ok
00:11:51.0756 0x10e8  [ B25589A0892E6DF8CC07E5CB48BFC954, DA29974426EFD4472A3828FA0EF31AD3860AA8068AB66B5F4BE6A412BC3E73E9 ] vpci            C:\WINDOWS\System32\drivers\vpci.sys
00:11:51.0771 0x10e8  vpci - ok
00:11:51.0803 0x10e8  [ AA4466A47D2CA7ECE3DCF5256017DCC3, 83414BFBD3DF1CB7417F0F55709E8180D97FA20A74581C34EAAFF667FBEBFD93 ] vsmraid         C:\WINDOWS\system32\drivers\vsmraid.sys
00:11:51.0818 0x10e8  vsmraid - ok
00:11:51.0912 0x10e8  [ 0BB73BF6FDDD19DE3DE9377EA95E4C64, 74B6E612F9E009A5E43B603BCAD854F3711F6C8A7ED0328B1E3A9B2D4C9EA342 ] VSS             C:\WINDOWS\system32\vssvc.exe
00:11:52.0021 0x10e8  VSS - ok
00:11:52.0068 0x10e8  [ 98BB6C9AD39D8F2E883093F28282FAEC, 63F4036A1DB23C20AAEEC1CA8ABDE9B46FA09A55EA4E5DB0C0B5D6D58ABAD62F ] VSTXRAID        C:\WINDOWS\system32\drivers\vstxraid.sys
00:11:52.0100 0x10e8  VSTXRAID - ok
00:11:52.0131 0x10e8  [ B47026E109828102266CBE2F5F9AD113, 28C76B34C48BACEA267A208CC758BB55539323B16300E869AE71B6A99A849AB5 ] vwifibus        C:\WINDOWS\System32\drivers\vwifibus.sys
00:11:52.0178 0x10e8  vwifibus - ok
00:11:52.0193 0x10e8  [ 799ECD541A9B2764B36A22A095885365, E255E74682927D662294AA3F88FDA211EEE603466EB264E8941C3BACC6A0E530 ] vwififlt        C:\WINDOWS\system32\drivers\vwififlt.sys
00:11:52.0225 0x10e8  vwififlt - ok
00:11:52.0240 0x10e8  [ 82CA088A33517D1C8571D6850CC13D7E, 0401A08EAF36DB393B74FE8693C60F62EDE10BBC9300C76812C7D01B6AE9A051 ] vwifimp         C:\WINDOWS\System32\drivers\vwifimp.sys
00:11:52.0271 0x10e8  vwifimp - ok
00:11:52.0318 0x10e8  [ E75460AC4E936BFC0703021DB0BB17B8, D9985C3206B503659FD2F4EE7FD0B9AF8CB2DE821BFD68B13C9E3BD9CE5AEF6B ] W32Time         C:\WINDOWS\system32\w32time.dll
00:11:52.0365 0x10e8  W32Time - ok
00:11:52.0396 0x10e8  [ F0F477541F7AF67CC05DA1CF4921A500, F7DD2F49B61C484596DE3893683B1172A138386BD71F54BFCF37A31005C7368F ] WacomPen        C:\WINDOWS\System32\drivers\wacompen.sys
00:11:52.0412 0x10e8  WacomPen - ok
00:11:52.0443 0x10e8  [ A0957CBC1C054A87EE7A65A994102A96, CB6339F3F67D0E33C26E6756F88869574B84426B20C907E094F83B9DC5E36A3E ] WalletService   C:\WINDOWS\system32\WalletService.dll
00:11:52.0490 0x10e8  WalletService - ok
00:11:52.0506 0x10e8  [ FDD16EF9177A8A2EF08A7FA3D3EFAA13, 148F34CBEEF0CE87103C76294AE5BE318F990A5FE7A5EDE6F47D85361248582B ] wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
00:11:52.0537 0x10e8  wanarp - ok
00:11:52.0553 0x10e8  [ FDD16EF9177A8A2EF08A7FA3D3EFAA13, 148F34CBEEF0CE87103C76294AE5BE318F990A5FE7A5EDE6F47D85361248582B ] wanarpv6        C:\WINDOWS\system32\DRIVERS\wanarp.sys
00:11:52.0587 0x10e8  wanarpv6 - ok
00:11:52.0665 0x10e8  [ EA0524A2A01792796EC80AE2FE08307A, 68CC0F3451C6797222411C276376C7741C96C45E628DD77FB1FB17C10DC0EA8A ] wbengine        C:\WINDOWS\system32\wbengine.exe
00:11:52.0759 0x10e8  wbengine - ok
00:11:52.0821 0x10e8  [ 5E3E24AA72FA75D6322C7286917BEB4A, 97D0CF00873A5A70C1B4A73AD41F4053B22810DA37FF2E8528D510216311FEE1 ] WbioSrvc        C:\WINDOWS\System32\wbiosrvc.dll
00:11:52.0900 0x10e8  WbioSrvc - ok
00:11:52.0931 0x10e8  [ 2B7CCCFBB166100842D31440228588CF, FC0BE611C5497A0579E7D8F268BBE1BD520A8A764F112C7C5CC631767B683B79 ] wcifs           C:\WINDOWS\system32\drivers\wcifs.sys
00:11:52.0946 0x10e8  wcifs - ok
00:11:53.0009 0x10e8  [ E00FE13E415C97C60E5A418965372A74, E74EBE34D3056F52231C7B12E6294AED1C4F02219E853D5E70AA05D823C800D5 ] Wcmsvc          C:\WINDOWS\System32\wcmsvc.dll
00:11:53.0087 0x10e8  Wcmsvc - ok
00:11:53.0103 0x10e8  [ 2C396871F724DDF871A2EF4CADE5151D, 8CAD8A393F0CC447432E1BED21A691E25356F7DBC06E3887138A6F86CB1D656D ] wcncsvc         C:\WINDOWS\System32\wcncsvc.dll
00:11:53.0150 0x10e8  wcncsvc - ok
00:11:53.0181 0x10e8  [ 1737BEF60CA384423CE4B32AF1C2BFFC, D61353D3B2EAEDFDCBB5DB3AD27E76396CC7755AFF01233307EAA1967493DE63 ] wcnfs           C:\WINDOWS\system32\drivers\wcnfs.sys
00:11:53.0212 0x10e8  wcnfs - ok
00:11:53.0228 0x10e8  [ 38130C1C5FE0E08820EE57E1B087B659, 3705AA4699D4C402C0BBC5BC4E1EE67CB4A4B9C27702E88952A76891C3A3F496 ] WdBoot          C:\WINDOWS\system32\drivers\WdBoot.sys
00:11:53.0243 0x10e8  WdBoot - ok
00:11:53.0290 0x10e8  [ 0C6CBF3490EE5F0D62B5820568CA30B8, 97EDEC84DA72A900D7740B8763DDDAB600628F3F1E1DDE1212383C2E60FDC77C ] Wdf01000        C:\WINDOWS\system32\drivers\Wdf01000.sys
00:11:53.0337 0x10e8  Wdf01000 - ok
00:11:53.0353 0x10e8  [ F7B6CB0F9ECD28848E2BDACEAB0D9204, B64D91A36600AEBE656F0514AF8653C294DE88054FE6DBB7B1A6D0A23D2A5131 ] WdFilter        C:\WINDOWS\system32\drivers\WdFilter.sys
00:11:53.0384 0x10e8  WdFilter - ok
00:11:53.0400 0x10e8  [ 501CB5E6999B7336BE5D0D401013D251, D4581E4FD8BE65D611E763AE88D2982A785036B2A93F2A00D3A3A395AB2AD5B3 ] WdiServiceHost  C:\WINDOWS\system32\wdi.dll
00:11:53.0431 0x10e8  WdiServiceHost - ok
00:11:53.0431 0x10e8  [ 501CB5E6999B7336BE5D0D401013D251, D4581E4FD8BE65D611E763AE88D2982A785036B2A93F2A00D3A3A395AB2AD5B3 ] WdiSystemHost   C:\WINDOWS\system32\wdi.dll
00:11:53.0462 0x10e8  WdiSystemHost - ok
00:11:53.0540 0x10e8  [ 2974422E31DBC953A585A065EF736948, B2E689579C12B1A8B2CB4F04875157E894CE747DF56A9B7083E04A8C9B85EAC5 ] wdiwifi         C:\WINDOWS\system32\DRIVERS\wdiwifi.sys
00:11:53.0603 0x10e8  wdiwifi - ok
00:11:53.0618 0x10e8  [ 82A4F22C884B4BAE8B531640859F9871, 1C662557F671FA680E7CC2FC565B198470E421778BD03749CD05B2928568C430 ] WdNisDrv        C:\WINDOWS\system32\Drivers\WdNisDrv.sys
00:11:53.0634 0x10e8  WdNisDrv - ok
00:11:53.0650 0x10e8  WdNisSvc - ok
00:11:53.0681 0x10e8  [ 9066FE8EAB91E15437CB3C43757F2A65, 1F8B3D8C90C7862CCAB91D170F49E7F1D58FABAFA1C8DDDE1796404D1DD98707 ] WebClient       C:\WINDOWS\System32\webclnt.dll
00:11:53.0728 0x10e8  WebClient - ok
00:11:53.0743 0x10e8  [ F322B8E6C5614E7975C8BF34B7A6710E, 299816001856E8C91BFBB9C48D87B7ACBD5A39F6A65147F5AE6EDB3065A893E9 ] Wecsvc          C:\WINDOWS\system32\wecsvc.dll
00:11:53.0775 0x10e8  Wecsvc - ok
00:11:53.0790 0x10e8  [ 04CA184EB5743DE5A2CCEEF2DB2DA8B3, E16921496F57B78A152A103F8D58601C9687360048A6CB51E76A96E3B64CC0FA ] WEPHOSTSVC      C:\WINDOWS\system32\wephostsvc.dll
00:11:53.0821 0x10e8  WEPHOSTSVC - ok
00:11:53.0853 0x10e8  [ BA78F20F7FD7709EA3AAAD91F8535EDA, D1DFBFCBBB8D4D992FBF3B340DB6A2F5DDC7E55F52E1100297EA2004FF752A2B ] wercplsupport   C:\WINDOWS\System32\wercplsupport.dll
00:11:53.0884 0x10e8  wercplsupport - ok
00:11:53.0915 0x10e8  [ E5AE3B23620126483B957BDFF38FE7B7, 306AAA0B37F3914FE590A5DBFBF640C79173150C006BC7A6CF1683D85C0AFC5F ] WerSvc          C:\WINDOWS\System32\WerSvc.dll
00:11:53.0946 0x10e8  WerSvc - ok
00:11:53.0993 0x10e8  [ 51D61CA3CED9A0C4E5501EEDBD48039F, 95F9CC67537DEABE501B59351624F02126BC9B9DBB72016423FF997090A2128B ] WFDSConMgrSvc   C:\WINDOWS\System32\wfdsconmgrsvc.dll
00:11:54.0056 0x10e8  WFDSConMgrSvc - ok
00:11:54.0071 0x10e8  [ 3C8F0ABD00E197101DCF43FEF8FB0D76, AF5C68B85EE1503ACD4AEA1D997F816C34293A77791D59A605DC18450B4906DE ] WFPLWFS         C:\WINDOWS\system32\drivers\wfplwfs.sys
00:11:54.0103 0x10e8  WFPLWFS - ok
00:11:54.0118 0x10e8  [ 2DEB40D6837956CE08A8F9EB3ECA5A01, B40D23E54CDF6BE05D6C5DA536BF6D998E79EDE9C391A42452F9F69EE206EA1E ] WiaRpc          C:\WINDOWS\System32\wiarpc.dll
00:11:54.0150 0x10e8  WiaRpc - ok
00:11:54.0181 0x10e8  [ 75014BF6510D4C6C69EEE5B7743A52AF, 11AEEF4D52C35E5A7006713836ECF1198A53CD02736E792B1C698144CA1363F0 ] WIMMount        C:\WINDOWS\system32\drivers\wimmount.sys
00:11:54.0196 0x10e8  WIMMount - ok
00:11:54.0196 0x10e8  WinDefend - ok
00:11:54.0212 0x10e8  [ C8EBCFED8FD2CDF725E44AF93016621E, A0B76E55CC535A0F1D79C3C0EC59753086EAB669EC7ADA4F97656DCAD2A69448 ] WindowsTrustedRT C:\WINDOWS\system32\drivers\WindowsTrustedRT.sys
00:11:54.0228 0x10e8  WindowsTrustedRT - ok
00:11:54.0275 0x10e8  [ D318557F9D7CA3836104F0B8ECB1F32E, 6850BBFB4F65167B052F3CA22FD72E9188A14FD2A9CC085861B4BC40CBA34249 ] WindowsTrustedRTProxy C:\WINDOWS\system32\drivers\WindowsTrustedRTProxy.sys
00:11:54.0290 0x10e8  WindowsTrustedRTProxy - ok
00:11:54.0337 0x10e8  [ 61F0D6574577499FB43D9F4870B08A7F, 757ACD4F292C43B04B6428D84A7147DE8E565716D94B6B02F288F3B5E2D1C135 ] WinHttpAutoProxySvc C:\WINDOWS\system32\winhttp.dll
00:11:54.0384 0x10e8  WinHttpAutoProxySvc - ok
00:11:54.0400 0x10e8  [ 31DDF1D001336B2DCE7DF24E99EF1D04, A1FCABF4A263BFAE042FE7A9F6C15FD9B3D8E985278C32AE8975ECE79B341277 ] WinMad          C:\WINDOWS\System32\drivers\winmad.sys
00:11:54.0415 0x10e8  WinMad - ok
00:11:54.0478 0x10e8  [ 9A26F7834706A6D8C8824EB08FD7C362, 750F6A0759D70BE481C70FE4BB21D18E756A8F0C23A014C2CE1E7729A1E625FE ] Winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
00:11:54.0525 0x10e8  Winmgmt - ok
00:11:54.0556 0x10e8  [ 2E1A614EFB0523E20860AE7978DDA0A4, E13564690F9977747CA676D3843B467506447F060A5FF6676835A9C7A30BA409 ] WinNat          C:\WINDOWS\system32\drivers\winnat.sys
00:11:54.0587 0x10e8  WinNat - ok
00:11:54.0712 0x10e8  [ 27DAA9AA3E03C1068678D5659461BB32, AFDED6D671C430F296C9EAA73590111D6A8A9FA93DFE0595B90467FFE28EFB35 ] WinRM           C:\WINDOWS\system32\WsmSvc.dll
00:11:54.0900 0x10e8  WinRM - ok
00:11:54.0931 0x10e8  [ 03858B18BB6DF6A400D9FC5153FD28A8, C7AD69B022AEFDDDAFB74CCCDF20AF9CCDBA0097634BBBD07A2EFBA5922560C1 ] WINUSB          C:\WINDOWS\System32\drivers\WinUSB.SYS
00:11:54.0962 0x10e8  WINUSB - ok
00:11:54.0978 0x10e8  [ 0BF4A43CF1F3A4D50AFA4561C3B4628D, 2D0B4E7004C8AC8A9EE07E6D5241BF32395CA142BF3B03FA9CF00BC6720A6AC7 ] WinVerbs        C:\WINDOWS\System32\drivers\winverbs.sys
00:11:54.0993 0x10e8  WinVerbs - ok
00:11:55.0040 0x10e8  [ 11DDD4C9BDF095A5F5B5ACA98FBBF7A2, CFA76C197987CC9EBFE4AC2AD6FE9A9620819B50E9DD423BCE13F7DB5DA641D8 ] wisvc           C:\WINDOWS\system32\flightsettings.dll
00:11:55.0087 0x10e8  wisvc - ok
00:11:55.0197 0x10e8  [ E624376E7E7D9AC203113140D9E618A2, 3553D343665194492E38B8C437DE429CEAC135D69EC0CB951BA3E3A7549F673E ] WlanSvc         C:\WINDOWS\System32\wlansvc.dll
00:11:55.0353 0x10e8  WlanSvc - ok
00:11:55.0462 0x10e8  [ 2393C4DB3DF3D19B0B920AD607098E79, D632671247DE3808D9C5B36A3FF173C86BB3AD274D03C851BCD417CE62B3820D ] wlidsvc         C:\WINDOWS\system32\wlidsvc.dll
00:11:55.0587 0x10e8  wlidsvc - ok
00:11:55.0665 0x10e8  [ E5AB2E0B4F766E34AFC768D9769A24D7, 0DE04B2F43B9DCC92F9215B1058EE4ABA228B9986051CF39959555C12DF017B3 ] wlpasvc         C:\WINDOWS\System32\lpasvc.dll
00:11:55.0759 0x10e8  wlpasvc - ok
00:11:55.0790 0x10e8  [ 0D6E1347A891607759340B1E55BA2A77, 033DF14920A581FE7E21C6930280AE159B5634F2FEAF79423E8D0B7D46500048 ] WmiAcpi         C:\WINDOWS\System32\drivers\wmiacpi.sys
00:11:55.0837 0x10e8  WmiAcpi - ok
00:11:55.0884 0x10e8  [ F7B122E8A238354DE344B77216E8D9AC, 3C4F864655CFF786B33333E643AA929B2D2B01ECD56EEEEADE7CEAB38249DA3B ] wmiApSrv        C:\WINDOWS\system32\wbem\WmiApSrv.exe
00:11:55.0931 0x10e8  wmiApSrv - ok
00:11:55.0962 0x10e8  WMPNetworkSvc - ok
00:11:55.0978 0x10e8  [ 1AE1076034392218EE89D2744EC2A071, 695C28E2697B12BBD919687176CE082E94887A5D8B6229F163A26F6EDF401C4C ] Wof             C:\WINDOWS\system32\drivers\Wof.sys
00:11:55.0993 0x10e8  Wof - ok
00:11:56.0091 0x10e8  [ D571821EDAA1F23EB521314FB9AA1C88, 7F16E6915060BD5FABE0805284631F92EEC11234579D09C3CEDDBF73D312E7F5 ] workfolderssvc  C:\WINDOWS\system32\workfolderssvc.dll
00:11:56.0205 0x10e8  workfolderssvc - ok
00:11:56.0237 0x10e8  [ 2AD9CC8445F0E1A8900A9DE123643CD2, A5928B26722DFBB201A32DEF48B25D4BF291815EA68CF50CBE79EEA9260A71E3 ] WPDBusEnum      C:\WINDOWS\system32\wpdbusenum.dll
00:11:56.0283 0x10e8  WPDBusEnum - ok
00:11:56.0315 0x10e8  [ 1FD80CBB192A20375F3664639DEB57B5, 7A4789D4B2F8E289726E1C723DC00D5AC1F8C5E00FB2879C9D0E6DDC97D2B1A6 ] WpdUpFltr       C:\WINDOWS\system32\drivers\WpdUpFltr.sys
00:11:56.0346 0x10e8  WpdUpFltr - ok
00:11:56.0393 0x10e8  [ 3369EF007E43B88EAC8F1789B43D4393, 347F9F7DF980BB739895EDFE72E2E595EF56634330DC63DAA36403AB232B5B5A ] WpnService      C:\WINDOWS\system32\WpnService.dll
00:11:56.0424 0x10e8  WpnService - ok
00:11:56.0440 0x10e8  [ 41403B9466EDA80FACD7713478A56DF8, A71BF9C7A2483FE1F660AC9688FCB38BA2310F16A69EB117C948458364953F34 ] WpnUserService  C:\WINDOWS\System32\WpnUserService.dll
00:11:56.0455 0x10e8  WpnUserService - ok
00:11:56.0487 0x10e8  [ DAF4451760B46CB383D287C4FAFFE97D, 658AFE31EF50E934FEDD2E7048257DBFE9E6DE5F1ACDC658B21737391CF1CC5A ] ws2ifsl         C:\WINDOWS\system32\drivers\ws2ifsl.sys
00:11:56.0518 0x10e8  ws2ifsl - ok
00:11:56.0549 0x10e8  [ D4A0661AB0FE542460CA76BFB4FAA2D6, 149F0A0720C47BFFCA68165A46382E5CBB273F48483DBB598CEA320801664718 ] wscsvc          C:\WINDOWS\System32\wscsvc.dll
00:11:56.0596 0x10e8  wscsvc - ok
00:11:56.0596 0x10e8  WSearch - ok
00:11:56.0705 0x10e8  [ 05BEDBBEEAAC22F98FCA529FAC659582, E4D2FFF98034E2E7FE0478AB9C8D677CA932349A976DFC0C2B65DB15C71354B4 ] wuauserv        C:\WINDOWS\system32\wuaueng.dll
00:11:56.0846 0x10e8  wuauserv - ok
00:11:56.0877 0x10e8  [ 455609BF60DA3B57EEAB863DEFCCF14D, F55271C42B7AFD17D01275703719C1F52C21996DB82AC78A70A8A8B62370623B ] WudfPf          C:\WINDOWS\system32\drivers\WudfPf.sys
00:11:56.0893 0x10e8  WudfPf - ok
00:11:56.0908 0x10e8  [ 5068DAA8F67A62E964C9C9F88B159EA9, 09FCB7A817280957D1AD365EF8B46F666C70957238BF9FBC87D51115E1B0FCB0 ] WUDFRd          C:\WINDOWS\System32\drivers\WUDFRd.sys
00:11:56.0940 0x10e8  WUDFRd - ok
00:11:56.0971 0x10e8  [ 9EFE23CA208BF4B613FF4A6028DFAB10, 483D8D8DA578BF3EA5617EAB42457543EC6F97C1977BDD8ABFDF854AE3AAFD35 ] wudfsvc         C:\WINDOWS\System32\WUDFSvc.dll
00:11:57.0002 0x10e8  wudfsvc - ok
00:11:57.0018 0x10e8  [ 5068DAA8F67A62E964C9C9F88B159EA9, 09FCB7A817280957D1AD365EF8B46F666C70957238BF9FBC87D51115E1B0FCB0 ] WUDFWpdFs       C:\WINDOWS\system32\DRIVERS\WUDFRd.sys
00:11:57.0049 0x10e8  WUDFWpdFs - ok
00:11:57.0049 0x10e8  [ 5068DAA8F67A62E964C9C9F88B159EA9, 09FCB7A817280957D1AD365EF8B46F666C70957238BF9FBC87D51115E1B0FCB0 ] WUDFWpdMtp      C:\WINDOWS\system32\DRIVERS\WUDFRd.sys
00:11:57.0080 0x10e8  WUDFWpdMtp - ok
00:11:57.0143 0x10e8  [ 3EEF7185E0974D9AB2D65CA3214132CF, 44DB1D11B6B1D180F59AB3FE4D7235F7F2FD709A853F6A64E8E379FFFD16CD3C ] WwanSvc         C:\WINDOWS\System32\wwansvc.dll
00:11:57.0252 0x10e8  WwanSvc - ok
00:11:57.0268 0x10e8  [ FC0147AB34C7CDB2D8A1B29C207F2CD1, 737D40A4BE35AD13C091D8E320FAD3FD7C0C7E41C8B50E48D3C2151712A55718 ] xbgm            C:\WINDOWS\System32\xbgmsvc.dll
00:11:57.0299 0x10e8  xbgm - ok
00:11:57.0346 0x10e8  [ 8C7C5945C3545CA767BE111D78C15314, 5A938679DA3EDA2D9CA7034908DFEFCC7DAADB10DFD0CF4ECE882FF536D1BFA2 ] XblAuthManager  C:\WINDOWS\System32\XblAuthManager.dll
00:11:57.0424 0x10e8  XblAuthManager - ok
00:11:57.0471 0x10e8  [ A8BD191F46CC58E45637CB3E262CF0F2, CA65524427ECDB5E1138A5F8E885566064E507BA60FC31E0D9D17B9556CC9ADC ] XblGameSave     C:\WINDOWS\System32\XblGameSave.dll
00:11:57.0565 0x10e8  XblGameSave - ok
00:11:57.0596 0x10e8  [ B10655A4C2EFDC25483D670EF52A4854, 2D9DC81AE73FDFE7F4E395BEC8E806E6BAD8DE0470027EEEC256AC4A4B7C7AA4 ] xboxgip         C:\WINDOWS\System32\drivers\xboxgip.sys
00:11:57.0627 0x10e8  xboxgip - ok
00:11:57.0658 0x10e8  [ E099DED5C602AE4A7ECCF7CD4B1D2E33, 7FDAFFE13B87A8E6AA8721F8905FFF6EF04CAB93009F68EDA862B57EBB04514F ] XboxGipSvc      C:\WINDOWS\System32\XboxGipSvc.dll
00:11:57.0690 0x10e8  XboxGipSvc - ok
00:11:57.0752 0x10e8  [ EF83C2EF7F152DFDC6D9F1AEC6FBE66F, 21D4FCD12F9D40D066F05936131A4F7BAB301DD800C85921476EC182B9D27D0B ] XboxNetApiSvc   C:\WINDOWS\system32\XboxNetApiSvc.dll
00:11:57.0815 0x10e8  XboxNetApiSvc - ok
00:11:57.0846 0x10e8  [ 2E50A379A8E4F6C5D85E87C26C08D329, ADA0C344FE58A3772FFF7417268160E488741C5B2F08CA12ED587AB7F75756F6 ] xinputhid       C:\WINDOWS\System32\drivers\xinputhid.sys
00:11:57.0862 0x10e8  xinputhid - ok
00:11:57.0877 0x10e8  ================ Scan global ===============================
00:11:57.0908 0x10e8  [ EEA8447A2E39A39F66C74BA66C421F92, 7FFC5294E0D0438E7450ED36947AB04D0C84DF4E1C9F2D49340D3BA586FFFAB2 ] C:\WINDOWS\system32\basesrv.dll
00:11:57.0940 0x10e8  [ A5AE05D3674CBA5DD28C5580E238B059, 5298CF9CEB84FBDC7CAD9969CAFE7D9FFFCA625D50F8BDF877FCEAE8426375F7 ] C:\WINDOWS\system32\winsrv.dll
00:11:57.0971 0x10e8  [ 7DD72CBE412C9567661F4B1CE9631FC1, 8D914805CBDAF448C8C132C4C3FEB1D90804F4F485180F7364A75EC5655A4DDB ] C:\WINDOWS\system32\sxssrv.dll
00:11:58.0018 0x10e8  [ 800D00D1A7ADA9E341CACDF287347584, 70AD5A458203B35F227F3F6B4783D00424C96AA9E29DB3090CEC8C00E62CD8E5 ] C:\WINDOWS\system32\services.exe
00:11:58.0033 0x10e8  [ Global ] - ok
00:11:58.0033 0x10e8  ================ Scan MBR ==================================
00:11:58.0049 0x10e8  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk0\DR0
00:11:58.0127 0x10e8  \Device\Harddisk0\DR0 - ok
00:11:58.0127 0x10e8  ================ Scan VBR ==================================
00:11:58.0143 0x10e8  [ 74D6E654708696AAD4A22211B140A5F4 ] \Device\Harddisk0\DR0\Partition1
00:11:58.0143 0x10e8  \Device\Harddisk0\DR0\Partition1 - ok
00:11:58.0174 0x10e8  [ 8BCEFC4E7EE22EE6ED80453CC529EA1C ] \Device\Harddisk0\DR0\Partition2
00:11:58.0190 0x10e8  \Device\Harddisk0\DR0\Partition2 - ok
00:11:58.0205 0x10e8  [ 1E0E2AC28E2028DABB663E9E8B534ED6 ] \Device\Harddisk0\DR0\Partition3
00:11:58.0205 0x10e8  \Device\Harddisk0\DR0\Partition3 - ok
00:11:58.0221 0x10e8  [ 30A46E25A59FBF99F7979817A371B9C7 ] \Device\Harddisk0\DR0\Partition4
00:11:58.0221 0x10e8  \Device\Harddisk0\DR0\Partition4 - ok
00:11:58.0252 0x10e8  [ 9F859AF79DDBFB31E3A135E58D4EDCD9 ] \Device\Harddisk0\DR0\Partition5
00:11:58.0252 0x10e8  \Device\Harddisk0\DR0\Partition5 - ok
00:11:58.0268 0x10e8  [ 7E2AEEBBF84C8C061CFD736F3136CEE3 ] \Device\Harddisk0\DR0\Partition6
00:11:58.0268 0x10e8  \Device\Harddisk0\DR0\Partition6 - ok
00:11:58.0299 0x10e8  [ DDCDA27007E247918808D02BE87280C5 ] \Device\Harddisk0\DR0\Partition7
00:11:58.0299 0x10e8  \Device\Harddisk0\DR0\Partition7 - ok
00:11:58.0299 0x10e8  ================ Scan generic autorun ======================
00:11:58.0346 0x10e8  SecurityHealth - ok
00:11:58.0346 0x10e8  ETDCtrl - ok
00:11:58.0858 0x10e8  [ 65E8545F1297CD83534C354A7BED1848, 19B3F3C17A335837454DC1851C6436D0BB2D8B1595AEB4DC71265FB20868B48F ] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
00:11:59.0499 0x10e8  RTHDVCPL - ok
00:11:59.0585 0x10e8  [ 31821EC63BDEDE18E64C11F7248B32AB, 6982AE866F8EC7943FDB3E4B77B03542A2E3E07F080B8D806C4ED903DE3368CE ] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
00:11:59.0633 0x10e8  RtHDVBg - ok
00:11:59.0789 0x10e8  [ 666FEA598D1776C7F8EDD7746F0F7F59, 54E330BCDBAB646B555DACC15F9CFB0AD6A05BF4E273F73C5133259EEE976C21 ] C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe
00:11:59.0930 0x10e8  Malwarebytes TrayApp - ok
00:12:00.0146 0x10e8  [ 2362B857693DA580E04ECE28F7D67E7E, EABF4B6502A06B94D07E25D78D8CEF8862B7FE5D117F7F145268B95688A02E62 ] C:\Program Files (x86)\ASUS\APRP\APRP.EXE
00:12:00.0364 0x10e8  ASUSPRP - detected UnsignedFile.Multi.Generic ( 1 )
00:12:01.0630 0x10e8  Detect skipped due to KSN trusted
00:12:01.0630 0x10e8  ASUSPRP - ok
00:12:01.0802 0x10e8  [ B15880A58755DA0FADB15923013A7957, 4090342AF93538C5F3157605164CF5EC051B6D767B1B7FCCF3265F1D426E88AA ] C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSPanel.exe
00:12:01.0958 0x10e8  ASUSWebStorage - ok
00:12:02.0005 0x10e8  [ C049C40CAEE8900130BD5F80B594CC7B, F54FC31662A9B8032B380793D534F34A0C63FED9C84DE313D17A61612EB31DC4 ] C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
00:12:02.0021 0x10e8  RemoteControl10 - ok
00:12:02.0083 0x10e8  [ 2CFE20EA0DB2174B564E6A1E4D378213, E2919B1ABC7F5D2269E6DE9A9B32BD3CD8DA4689A19C1594A02E1F7B2A67EEEC ] C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe
00:12:02.0114 0x10e8  Avira SystrayStartTrigger - ok
00:12:02.0208 0x10e8  [ 323B5D30CEA1179661F03E87B95B79D8, 1F3A11B908FF01D850DA71EF8FD4CD4D60C3EA76DDF308DA090C4EBF752599CE ] C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
00:12:02.0239 0x10e8  avgnt - ok
00:12:02.0286 0x10e8  [ A443A7C05ABF0FCD16E89593F63B633B, 3F579132A39AEC2513CD286AB9A43534DC05F9502FD1A369126236F69EF76282 ] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
00:12:02.0318 0x10e8  SunJavaUpdateSched - ok
00:12:03.0060 0x10e8  [ 450FDD861FD582026BDCE55FCB2162C4, 91166DBAEE6A0D97ABA5EED352D06078870A265E736ED491C666CB6A8559BEB2 ] C:\Windows\SysWOW64\OneDriveSetup.exe
00:12:03.0966 0x10e8  OneDriveSetup - ok
00:12:04.0716 0x10e8  [ 450FDD861FD582026BDCE55FCB2162C4, 91166DBAEE6A0D97ABA5EED352D06078870A265E736ED491C666CB6A8559BEB2 ] C:\Windows\SysWOW64\OneDriveSetup.exe
00:12:05.0623 0x10e8  OneDriveSetup - ok
00:12:05.0904 0x10e8  [ 1993AA1E592E75AA8E7C1B4DC3DF061A, A4D6003BA9DBB5E709C19B9ED4E93088D89E0157993DEE97EAC60732B2DC656E ] C:\Users\Derya\AppData\Local\Amazon Music\Amazon Music Helper.exe
00:12:06.0092 0x10e8  Amazon Music - ok
00:12:06.0217 0x10e8  [ 102F5E1FBE80E7F988E9856BA8091907, 152359E0605A8B28B846A90FCB7A3358CD8E3D2575AF4A21FA1BFDA77902DEB7 ] C:\Users\Derya\AppData\Roaming\Spotify\SpotifyWebHelper.exe
00:12:06.0279 0x10e8  Spotify Web Helper - ok
00:12:06.0326 0x10e8  [ A1F58FFF448E4099297D6EE0641D4D0E, 47839789332AAF8861F7731BF2D3FBB5E0991EA0D0B457BB4C8C1784F76C73DC ] C:\Users\Derya\AppData\Local\Dropbox\Update\DropboxUpdate.exe
00:12:06.0357 0x10e8  Dropbox Update - ok
00:12:06.0467 0x10e8  [ C5D30E88C97825CF0652B60C42F103AD, D605DC9021021714BDA36EF48C335F85C77F85474A21B6E5258270E1703B8DC8 ] C:\Users\Derya\AppData\Local\Microsoft\OneDrive\OneDrive.exe
00:12:06.0529 0x10e8  OneDrive - ok
00:12:06.0790 0x10e8  [ 5930DEA18B7DF0CD7990FD6FDE57F366, EA3818A682874A23CE0FCDB9CD8D4194E0A5D5AED14F6077DE3CA9E5C0E409E4 ] C:\Users\Derya\AppData\Roaming\Spotify\Spotify.exe
00:12:07.0086 0x10e8  Spotify - ok
00:12:07.0102 0x10e8  Waiting for KSN requests completion. In queue: 262
00:12:08.0118 0x10e8  Waiting for KSN requests completion. In queue: 262
00:12:09.0175 0x10e8  AV detected via SS2: Avira Antivirus, C:\Program Files (x86)\Avira\Antivirus\WindowsSecurityCenter.exe ( 15.0.27.34 ), 0x41000 ( enabled : updated )
00:12:09.0284 0x10e8  AV detected via SS2: Windows Defender, C:\Program Files\Windows Defender\MSASCui.exe ( 4.11.15063.332 ), 0x60100 ( disabled : updated )
00:12:09.0284 0x10e8  AV detected via SS2: Emsisoft Internet Security, C:\PROGRAM FILES\EMSISOFT INTERNET SECURITY\a2start.exe ( 11.0.0.5984 ), 0x40010 ( disabled : outofdate )
00:12:09.0284 0x10e8  FW detected via SS2: Emsisoft Internet Security, C:\PROGRAM FILES\EMSISOFT INTERNET SECURITY\a2start.exe ( 11.0.0.5984 ), 0x40010 ( disabled )
00:12:09.0471 0x10e8  Win FW state via NFP2: enabled ( trusted )
00:12:23.0308 0x10e8  ============================================================
00:12:23.0308 0x10e8  Scan finished
00:12:23.0308 0x10e8  ============================================================
00:12:23.0323 0x0938  Detected object count: 0
00:12:23.0323 0x0938  Actual detected object count: 0
01:43:12.0931 0x2240  Deinitialize success

Hi nochmals. Heute mit frischem Kopf habe ich es mir überlegt, die Datei zu spalten und so zu posten. Hoffentlich ist es in Ordnung

LG

M-K-D-B · 06.07.2017, 21:26

Zitat:

Emsisoft Internet Security
Avira

Mir ist aufgefallen, dass Du mehr als ein Anti-Virus-Programm mit Hintergrundwächter laufen hast. Das ist gefährlich, da sich die Programme in die Quere kommen können und dadurch Viren erst recht auf dem Rechner landen können. Außerdem bremst es auch das System aus. Entscheide Dich für eine Variante und deinstalliere die andere über Systemsteuerung.

Anschließend bitte nochmal einen FRST-Suchlauf ausführen und beide Logdateien posten.

derya84 · 06.07.2017, 22:03

Code:

ATTFilter

Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 05-07-2017
durchgeführt von Derya (Administrator) auf DERYA (06-07-2017 22:57:16)
Gestartet von C:\Users\Derya\Desktop
Geladene Profile: Derya (Verfügbare Profile: Derya)
Platform: Windows 10 Home Version 1703 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: Chrome)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
() C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(ASUS) C:\Program Files\ASUS\P4G\InsOnSrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files\ASUS\P4G\InsOnWMI.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.8241.41125.0_x64__8wekyb3d8bbwe\HxTsr.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Amazon Services LLC) C:\Users\Derya\AppData\Local\Amazon Music\Amazon Music Helper.exe
(Spotify Ltd) C:\Users\Derya\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Dropbox, Inc.) C:\Users\Derya\AppData\Local\Dropbox\Update\DropboxUpdate.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3350760 2015-07-14] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13885696 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1402624 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2776528 2016-12-14] (Malwarebytes)
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3187360 2013-04-26] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSPanel.exe [3576784 2012-12-19] (ASUS Cloud Corporation)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [95192 2013-03-08] (CyberLink Corp.)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [97512 2017-06-08] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [918008 2017-06-14] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-03-15] (Oracle Corporation)
HKU\S-1-5-21-2045481624-1955495486-2742246077-1001\...\Run: [Amazon Music] => C:\Users\Derya\AppData\Local\Amazon Music\Amazon Music Helper.exe [3694056 2017-04-18] (Amazon Services LLC)
HKU\S-1-5-21-2045481624-1955495486-2742246077-1001\...\Run: [Spotify Web Helper] => C:\Users\Derya\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1562224 2017-06-22] (Spotify Ltd)
HKU\S-1-5-21-2045481624-1955495486-2742246077-1001\...\Run: [Dropbox Update] => C:\Users\Derya\AppData\Local\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-05] (Dropbox, Inc.)
HKU\S-1-5-21-2045481624-1955495486-2742246077-1001\...\Run: [Spotify] => C:\Users\Derya\AppData\Roaming\Spotify\Spotify.exe [7047792 2017-06-22] (Spotify Ltd)
Startup: C:\Users\Derya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2016-06-03]
ShortcutTarget: Dropbox.lnk -> C:\Users\Derya\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Tcpip\Parameters: [DhcpNameServer] 10.173.68.21 10.173.68.20
Tcpip\..\Interfaces\{0abe793a-7510-44e9-9f47-33868b7518ab}: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{3212af34-2967-4860-8e30-371a4082a040}: [DhcpNameServer] 10.173.68.21 10.173.68.20

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\S-1-5-21-2045481624-1955495486-2742246077-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
HKU\S-1-5-21-2045481624-1955495486-2742246077-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://de.yahoo.com/?fr=yset_ie_syc_oracle&type=orcl_hpset
SearchScopes: HKLM-x32 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2045481624-1955495486-2742246077-1001 -> {CA4998A0-6168-4151-B867-E3DBABBABAF3} URL = hxxps://de.search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
BHO: Citavi Picker -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> C:\WINDOWS\system32\mscoree.dll [2017-03-18] (Microsoft Corporation)
BHO-x32: Citavi Picker -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> C:\WINDOWS\system32\mscoree.dll [2017-03-18] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\ssv.dll [2017-04-21] (Oracle Corporation)
BHO-x32: QUICKfind BHO Object -> {C08DF07A-3E49-4E25-9AB0-D3882835F153} -> C:\Program Files (x86)\IDM\QUICKfind\PlugIns\IEHelp.dll [2007-02-16] (IDM)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-04-21] (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2017-01-02] (Skype Technologies)

FireFox:
========
FF DefaultProfile: oseq4a8i.default
FF ProfilePath: C:\Users\Derya\AppData\Roaming\Mozilla\Firefox\Profiles\oseq4a8i.default [2017-07-06]
FF NewTab: Mozilla\Firefox\Profiles\oseq4a8i.default -> about:newtab
FF DefaultSearchUrl: Mozilla\Firefox\Profiles\oseq4a8i.default -> hxxps://www.google.com/search/?trackid=sp-004752
FF SearchEngineOrder.1: Mozilla\Firefox\Profiles\oseq4a8i.default -> Google (avast)
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\oseq4a8i.default -> Google (avast)
FF Homepage: Mozilla\Firefox\Profiles\oseq4a8i.default -> hxxps://www.google.com
FF Keyword.URL: Mozilla\Firefox\Profiles\oseq4a8i.default -> hxxps://www.google.com/search/?trackid=sp-004752
FF NetworkProxy: Mozilla\Firefox\Profiles\oseq4a8i.default -> proxy_over_tls", false
FF NetworkProxy: Mozilla\Firefox\Profiles\oseq4a8i.default -> type", 0
FF Extension: (Hoxx VPN Proxy) - C:\Users\Derya\AppData\Roaming\Mozilla\Firefox\Profiles\oseq4a8i.default\Extensions\@hoxx-vpn.xpi [2017-06-07]
FF Extension: (Avira Browser Safety) - C:\Users\Derya\AppData\Roaming\Mozilla\Firefox\Profiles\oseq4a8i.default\Extensions\abs@avira.com.xpi [2017-06-07]
FF Extension: (Dictionary (EN/DE)) - C:\Users\Derya\AppData\Roaming\Mozilla\Firefox\Profiles\oseq4a8i.default\Extensions\dictlookup@arnhold.com.xpi [2016-05-13]
FF Extension: (ZenMate Security, Privacy & Unblock VPN) - C:\Users\Derya\AppData\Roaming\Mozilla\Firefox\Profiles\oseq4a8i.default\Extensions\firefox@zenmate.com.xpi [2017-06-01]
FF Extension: (Dictionary Extension) - C:\Users\Derya\AppData\Roaming\Mozilla\Firefox\Profiles\oseq4a8i.default\Extensions\jid0-raWjElI57dRa4jx9CCiYm5qZUQU@jetpack.xpi [2016-05-10]
FF Extension: (Search and New Tab by Yahoo) - C:\Users\Derya\AppData\Roaming\Mozilla\Firefox\Profiles\oseq4a8i.default\Extensions\jid1-16aeif9OQIRKxA@jetpack.xpi [2017-07-03]
FF Extension: (Avira SafeSearch Plus) - C:\Users\Derya\AppData\Roaming\Mozilla\Firefox\Profiles\oseq4a8i.default\Extensions\safesearchplus2@avira.com.xpi [2017-06-09]
FF Extension: (SearchExtensionLight) - C:\Users\Derya\AppData\Roaming\Mozilla\Firefox\Profiles\oseq4a8i.default\Extensions\{0ea582a1-4188-45af-938d-661cece01940}.xpi [2016-05-19] [ist nicht signiert]
FF Extension: (DivX Plugin Plus) - C:\Users\Derya\AppData\Roaming\Mozilla\Firefox\Profiles\oseq4a8i.default\Extensions\{24a3289f-c0e0-4937-a759-5d109127afc1}.xpi [2015-12-21] [ist nicht signiert]
FF Extension: (uBlock) - C:\Users\Derya\AppData\Roaming\Mozilla\Firefox\Profiles\oseq4a8i.default\Extensions\{2b10c1c8-a11f-4bad-fe9c-1c11e82cac42}.xpi [2015-12-18]
FF SearchPlugin: C:\Users\Derya\AppData\Roaming\Mozilla\Firefox\Profiles\oseq4a8i.default\searchplugins\google-avast.xml [2015-11-03]
FF SearchPlugin: C:\Users\Derya\AppData\Roaming\Mozilla\Firefox\Profiles\oseq4a8i.default\searchplugins\longman-english-dictionary.xml [2016-02-09]
FF HKLM-x32\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox
FF Extension: (Citavi Picker) - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2016-05-04]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_26_0_0_131.dll [2017-06-17] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_131.dll [2017-06-17] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-04-21] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-04-21] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2012-10-12] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-05] (Adobe Systems Inc.)

Chrome: 
=======
CHR Profile: C:\Users\Derya\AppData\Local\Google\Chrome\User Data\Default [2017-07-06]
CHR Extension: (Google Präsentationen) - C:\Users\Derya\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-11-07]
CHR Extension: (Google Docs) - C:\Users\Derya\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-11-07]
CHR Extension: (Google Drive) - C:\Users\Derya\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-07]
CHR Extension: (YouTube) - C:\Users\Derya\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-07]
CHR Extension: (uBlock Origin) - C:\Users\Derya\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2017-06-22]
CHR Extension: (Google-Suche) - C:\Users\Derya\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-07]
CHR Extension: (Adobe Acrobat) - C:\Users\Derya\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-05]
CHR Extension: (Productivity Owl) - C:\Users\Derya\AppData\Local\Google\Chrome\User Data\Default\Extensions\eoagmdboiealblmpaahjlhajggndaahi [2016-07-05]
CHR Extension: (Google Tabellen) - C:\Users\Derya\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-11-07]
CHR Extension: (Avira Browserschutz) - C:\Users\Derya\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2017-06-08]
CHR Extension: (Google Docs Offline) - C:\Users\Derya\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-17]
CHR Extension: (Instant Translate: universeller Übersetzer) - C:\Users\Derya\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihmgiclibbndffejedjimfjmfoabpcke [2017-07-06]
CHR Extension: (Cambridge Dictionaries Online) - C:\Users\Derya\AppData\Local\Google\Chrome\User Data\Default\Extensions\jheadbpkjimjomnnfpeokkffdfjocekd [2016-02-14]
CHR Extension: (Google Scholar-Schaltfläche) - C:\Users\Derya\AppData\Local\Google\Chrome\User Data\Default\Extensions\ldipcbpaocekfooobnbcddclnhejkcpn [2016-05-05]
CHR Extension: (Google Dictionary (by Google)) - C:\Users\Derya\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja [2016-04-20]
CHR Extension: (Self Control) - C:\Users\Derya\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncaaipdfhdijmfdfmeoagmogddhkfdec [2017-05-16]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Derya\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-11]
CHR Extension: (Cambridge Dictionaries Online) - C:\Users\Derya\AppData\Local\Google\Chrome\User Data\Default\Extensions\oaioomolanclklopkbfkhbmjeddbgdbj [2016-02-14]
CHR Extension: (PDF Viewer) - C:\Users\Derya\AppData\Local\Google\Chrome\User Data\Default\Extensions\oemmndcbldboiebfnladdacbdfmadadm [2016-11-02]
CHR Extension: (Citavi Picker) - C:\Users\Derya\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohgndokldibnndfnjnagojmheejlengn [2017-03-05]
CHR Extension: (Google Mail) - C:\Users\Derya\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-11-07]
CHR Extension: (Chrome Media Router) - C:\Users\Derya\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-06-27]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [ipmkfpcnmccejididiaagpgchgjfajgp] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fabhkdeopjkcpkmofliimbjckmocfiom] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ipmkfpcnmccejididiaagpgchgjfajgp] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [kpdmjodecdegfglgaapafjleomjjlpnh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ohgndokldibnndfnjnagojmheejlengn] - hxxps://clients2.google.com/service/update2/crx

==================== Dienste (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [1128432 2017-06-14] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [490968 2017-06-14] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [490968 2017-06-14] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1524216 2017-06-14] (Avira Operations GmbH & Co. KG)
R2 ASUS InstantOn; C:\Program Files\ASUS\P4G\InsOnSrv.exe [277120 2013-08-29] (ASUS)
R2 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe [72192 2012-12-19] () [Datei ist nicht signiert]
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [356256 2017-06-08] (Avira Operations GmbH & Co. KG)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [147688 2015-07-14] (ELAN Microelectronics Corp.)
R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [337888 2016-05-03] (Intel Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4317648 2016-12-14] (Malwarebytes)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-03-18] (Microsoft Corporation)

===================== Treiber (Nicht auf der Ausnahmeliste) ======================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R3 AsusTP; C:\WINDOWS\System32\drivers\AsusTP.sys [128024 2017-03-09] (ASUS Corporation)
R0 avdevprot; C:\WINDOWS\System32\DRIVERS\avdevprot.sys [60920 2017-06-14] (Avira Operations GmbH & Co. KG)
R2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [167504 2017-06-14] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [164824 2017-06-14] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\WINDOWS\system32\DRIVERS\avkmgr.sys [44488 2017-03-24] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\WINDOWS\system32\DRIVERS\avnetflt.sys [88488 2017-03-24] (Avira Operations GmbH & Co. KG)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
R3 ETDSMBus; C:\WINDOWS\System32\drivers\ETDSMBus.sys [31320 2015-07-14] (ELAN Microelectronic Corp.)
R3 kbfiltr; C:\WINDOWS\System32\drivers\kbfiltr.sys [14992 2012-08-02] ( )
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [251832 2017-07-06] (Malwarebytes)
R3 netr28x; C:\WINDOWS\System32\drivers\netr28x.sys [2537984 2017-03-18] (MediaTek Inc.)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [895256 2015-07-07] (Realtek                                            )
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2017-07-06 00:09 - 2017-07-06 01:43 - 00279784 _____ C:\TDSSKiller.3.1.0.15_06.07.2017_00.09.55_log.txt
2017-07-06 00:03 - 2017-07-06 00:04 - 04922400 _____ (AO Kaspersky Lab) C:\Users\Derya\Desktop\tdsskiller.exe
2017-07-05 23:55 - 2017-07-05 23:58 - 00043931 _____ C:\Users\Derya\Desktop\Addition.txt
2017-07-05 23:52 - 2017-07-06 22:59 - 00024391 _____ C:\Users\Derya\Desktop\FRST.txt
2017-07-05 23:52 - 2017-07-06 22:57 - 00000000 ____D C:\FRST
2017-07-05 23:47 - 2017-07-05 23:48 - 02436608 _____ (Farbar) C:\Users\Derya\Desktop\FRST64.exe
2017-06-27 22:34 - 2017-06-27 22:34 - 00000000 ____D C:\Users\Derya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-06-27 22:24 - 2017-06-27 22:24 - 00001211 _____ C:\Users\Public\Desktop\Avira Connect.lnk
2017-06-14 21:28 - 2017-06-14 21:26 - 00060920 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avdevprot.sys
2017-06-14 18:03 - 2017-06-03 12:15 - 00750560 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2017-06-14 18:03 - 2017-06-03 12:15 - 00382368 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2017-06-14 18:03 - 2017-06-03 12:09 - 08318880 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-06-14 18:03 - 2017-06-03 12:09 - 01003624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2017-06-14 18:03 - 2017-06-03 12:08 - 02969880 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2017-06-14 18:03 - 2017-06-03 12:07 - 00119712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2017-06-14 18:03 - 2017-06-03 12:00 - 00219040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
2017-06-14 18:03 - 2017-06-03 11:59 - 01409048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2017-06-14 18:03 - 2017-06-03 11:59 - 00626528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2017-06-14 18:03 - 2017-06-03 11:59 - 00311200 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2017-06-14 18:03 - 2017-06-03 11:59 - 00259400 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2017-06-14 18:03 - 2017-06-03 11:58 - 07904784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-06-14 18:03 - 2017-06-03 11:58 - 00254176 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2017-06-14 18:03 - 2017-06-03 11:55 - 02681760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2017-06-14 18:03 - 2017-06-03 11:36 - 01150784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2017-06-14 18:03 - 2017-06-03 11:35 - 02259768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-06-14 18:03 - 2017-06-03 11:28 - 23677440 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-06-14 18:03 - 2017-06-03 11:26 - 00266640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\capauthz.dll
2017-06-14 18:03 - 2017-06-03 11:23 - 20373920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-06-14 18:03 - 2017-06-03 11:23 - 06760024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-06-14 18:03 - 2017-06-03 11:23 - 00573856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comctl32.dll
2017-06-14 18:03 - 2017-06-03 11:20 - 00583160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-06-14 18:03 - 2017-06-03 11:14 - 03673088 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-06-14 18:03 - 2017-06-03 11:14 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\utcutil.dll
2017-06-14 18:03 - 2017-06-03 11:14 - 00047104 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2017-06-14 18:03 - 2017-06-03 11:12 - 00119296 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2017-06-14 18:03 - 2017-06-03 11:11 - 02958848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-06-14 18:03 - 2017-06-03 11:11 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2017-06-14 18:03 - 2017-06-03 11:11 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2017-06-14 18:03 - 2017-06-03 11:11 - 00038912 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2017-06-14 18:03 - 2017-06-03 11:11 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
2017-06-14 18:03 - 2017-06-03 11:11 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2017-06-14 18:03 - 2017-06-03 11:10 - 00293376 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2017-06-14 18:03 - 2017-06-03 11:10 - 00102400 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2017-06-14 18:03 - 2017-06-03 11:09 - 00271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Identity.Provider.dll
2017-06-14 18:03 - 2017-06-03 11:09 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\devicengccredprov.dll
2017-06-14 18:03 - 2017-06-03 11:09 - 00094720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2017-06-14 18:03 - 2017-06-03 11:07 - 23682048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-06-14 18:03 - 2017-06-03 11:07 - 00778240 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2017-06-14 18:03 - 2017-06-03 11:07 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2017-06-14 18:03 - 2017-06-03 11:07 - 00197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdboot.exe
2017-06-14 18:03 - 2017-06-03 11:07 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2017-06-14 18:03 - 2017-06-03 11:05 - 20506624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-06-14 18:03 - 2017-06-03 11:05 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Identity.Provider.dll
2017-06-14 18:03 - 2017-06-03 11:05 - 00169984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\devicengccredprov.dll
2017-06-14 18:03 - 2017-06-03 11:04 - 12787200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-06-14 18:03 - 2017-06-03 11:04 - 00805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-06-14 18:03 - 2017-06-03 11:03 - 19336192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-06-14 18:03 - 2017-06-03 11:03 - 01260544 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2017-06-14 18:03 - 2017-06-03 11:03 - 00467456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TpmCoreProvisioning.dll
2017-06-14 18:03 - 2017-06-03 11:02 - 08245760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-06-14 18:03 - 2017-06-03 11:01 - 02804736 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-06-14 18:03 - 2017-06-03 11:00 - 03379200 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2017-06-14 18:03 - 2017-06-03 11:00 - 00933376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2017-06-14 18:03 - 2017-06-03 11:00 - 00358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-06-14 18:03 - 2017-06-03 10:59 - 04730368 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-06-14 18:03 - 2017-06-03 10:59 - 02672128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2017-06-14 18:03 - 2017-06-03 10:59 - 02597376 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2017-06-14 18:03 - 2017-06-03 10:59 - 01142784 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2017-06-14 18:03 - 2017-06-03 10:59 - 00975360 _____ (Microsoft Corporation) C:\WINDOWS\HelpPane.exe
2017-06-14 18:03 - 2017-06-03 10:59 - 00636416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-06-14 18:03 - 2017-06-03 10:58 - 05961216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-06-14 18:03 - 2017-06-03 10:58 - 02516480 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2017-06-14 18:03 - 2017-06-03 10:58 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2017-06-14 18:03 - 2017-06-03 10:58 - 01046016 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2017-06-14 18:03 - 2017-06-03 10:58 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2017-06-14 18:03 - 2017-06-03 10:57 - 11870720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-06-14 18:03 - 2017-06-03 10:57 - 06535168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspaint.exe
2017-06-14 18:03 - 2017-06-03 10:57 - 05557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2017-06-14 18:03 - 2017-06-03 10:57 - 02829824 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2017-06-14 18:03 - 2017-06-03 10:57 - 01675264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2017-06-14 18:03 - 2017-06-03 10:57 - 01248768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-06-14 18:03 - 2017-06-03 10:57 - 00797184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2017-06-14 18:03 - 2017-06-03 10:56 - 06292992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-06-14 18:03 - 2017-06-03 10:55 - 03656192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-06-14 18:03 - 2017-06-03 10:55 - 02132480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2017-06-14 18:03 - 2017-06-03 10:55 - 01019904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-06-14 18:03 - 2017-06-03 10:54 - 02341376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2017-06-14 18:03 - 2017-06-03 10:54 - 02298368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2017-06-14 18:03 - 2017-06-03 10:53 - 04559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2017-06-14 18:03 - 2017-06-03 10:51 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\bfsvc.exe
2017-06-14 18:02 - 2017-06-03 12:15 - 01596600 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2017-06-14 18:02 - 2017-06-03 12:14 - 01147296 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-06-14 18:02 - 2017-06-03 12:14 - 01024928 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-06-14 18:02 - 2017-06-03 12:10 - 00130464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tm.sys
2017-06-14 18:02 - 2017-06-03 12:07 - 00923048 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-06-14 18:02 - 2017-06-03 12:02 - 02444192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-06-14 18:02 - 2017-06-03 12:01 - 05477096 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2017-06-14 18:02 - 2017-06-03 12:00 - 00872472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2017-06-14 18:02 - 2017-06-03 12:00 - 00321376 _____ (Microsoft Corporation) C:\WINDOWS\system32\capauthz.dll
2017-06-14 18:02 - 2017-06-03 11:58 - 21352696 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-06-14 18:02 - 2017-06-03 11:58 - 00660384 _____ (Microsoft Corporation) C:\WINDOWS\system32\comctl32.dll
2017-06-14 18:02 - 2017-06-03 11:57 - 00371616 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2017-06-14 18:02 - 2017-06-03 11:14 - 00443392 _____ (Microsoft Corporation) C:\WINDOWS\system32\PerceptionSimulationExtensions.dll
2017-06-14 18:02 - 2017-06-03 11:14 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmredir.dll
2017-06-14 18:02 - 2017-06-03 11:10 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCredentialDeployment.exe
2017-06-14 18:02 - 2017-06-03 11:09 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-06-14 18:02 - 2017-06-03 11:06 - 00551936 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmCoreProvisioning.dll
2017-06-14 18:02 - 2017-06-03 11:05 - 07336448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-06-14 18:02 - 2017-06-03 11:05 - 01878016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-06-14 18:02 - 2017-06-03 11:04 - 00925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-06-14 18:02 - 2017-06-03 11:01 - 06726656 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe
2017-06-14 18:02 - 2017-06-03 10:59 - 02625024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2017-06-14 18:02 - 2017-06-03 10:59 - 02056192 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-06-14 18:02 - 2017-06-03 10:59 - 01293824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-06-14 18:02 - 2017-06-03 10:58 - 02650112 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2017-06-12 14:21 - 2017-06-12 14:21 - 02895643 _____ C:\Users\Derya\Downloads\Sensitive_byStudex_Collection_EN.pdf
2017-06-11 14:18 - 2017-06-11 14:18 - 10096308 _____ C:\Users\Derya\Downloads\9783423143356.zip

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2017-07-06 22:57 - 2017-04-14 09:58 - 00000000 ____D C:\ProgramData\ASUS Smart Gesture
2017-07-06 22:55 - 2015-11-03 19:44 - 00251832 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-07-06 22:55 - 2015-09-01 14:04 - 00000000 __SHD C:\Users\Derya\IntelGraphicsProfiles
2017-07-06 22:53 - 2017-06-04 13:58 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-07-06 22:53 - 2017-06-04 13:36 - 00000000 ____D C:\Users\Derya
2017-07-06 22:53 - 2017-03-18 13:40 - 01310720 _____ C:\WINDOWS\system32\config\BBI
2017-07-06 22:53 - 2015-11-16 14:14 - 00000000 ____D C:\Program Files\Emsisoft Internet Security
2017-07-06 21:32 - 2016-11-29 01:23 - 00000000 ____D C:\Users\Derya\AppData\LocalLow\Mozilla
2017-07-06 21:11 - 2017-06-04 13:32 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-07-06 20:37 - 2017-06-04 13:58 - 00004152 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{9E6F6878-ACFE-4895-8063-AA9240D6E13D}
2017-07-06 19:48 - 2015-11-05 20:45 - 00000074 _____ C:\Users\Derya\AppData\Roaming\sp_data.sys
2017-07-06 15:16 - 2017-03-18 23:03 - 00000000 ___HD C:\Program Files\WindowsApps
2017-07-06 15:16 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-07-05 23:58 - 2017-03-18 23:01 - 00000000 ____D C:\WINDOWS\INF
2017-07-05 17:42 - 2015-09-01 20:56 - 00000000 ____D C:\Users\Derya\Documents\Neuer Ordner
2017-07-04 03:30 - 2015-06-08 12:38 - 00000000 ____D C:\Users\Derya\AppData\Roaming\Spotify
2017-07-04 02:17 - 2015-06-08 12:39 - 00000000 ____D C:\Users\Derya\AppData\Local\Spotify
2017-07-03 00:20 - 2014-12-18 00:08 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-07-01 17:00 - 2016-11-29 01:23 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-06-27 22:35 - 2014-11-18 21:50 - 00000000 ____D C:\Users\Derya\AppData\Roaming\Dropbox
2017-06-27 22:24 - 2015-12-18 10:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2017-06-27 22:24 - 2015-10-30 14:13 - 00000000 ____D C:\ProgramData\Package Cache
2017-06-26 19:40 - 2015-11-07 00:17 - 00002266 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-06-26 19:40 - 2015-11-07 00:17 - 00002254 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-06-22 00:00 - 2017-06-04 14:21 - 00003270 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-06-22 00:00 - 2015-09-01 14:11 - 00002426 _____ C:\Users\Derya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-06-22 00:00 - 2014-10-29 12:33 - 00000000 __RDO C:\Users\Derya\OneDrive
2017-06-19 16:19 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-06-17 13:32 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-06-17 13:32 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-06-16 14:13 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\rescache
2017-06-15 11:52 - 2014-10-13 22:36 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-06-15 11:47 - 2017-06-04 13:56 - 01851652 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-06-15 11:47 - 2017-03-20 06:35 - 00802486 _____ C:\WINDOWS\system32\perfh007.dat
2017-06-15 11:47 - 2017-03-20 06:35 - 00162784 _____ C:\WINDOWS\system32\perfc007.dat
2017-06-15 11:40 - 2017-06-04 13:32 - 00305296 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-06-15 11:39 - 2014-10-24 21:16 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2017-06-15 11:39 - 2014-10-24 21:16 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2017-06-14 21:31 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\system32\oobe
2017-06-14 21:31 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\system32\appraiser
2017-06-14 21:26 - 2016-10-06 19:26 - 00038048 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avusbflt.sys
2017-06-14 21:26 - 2015-12-18 10:57 - 00167504 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys
2017-06-14 21:26 - 2015-12-18 10:57 - 00164824 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys
2017-06-14 18:21 - 2014-10-19 21:22 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-06-14 18:14 - 2017-03-18 22:51 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-06-14 18:14 - 2014-10-19 21:22 - 133627792 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-06-14 18:08 - 2014-10-24 21:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2017-06-13 21:47 - 2015-06-16 21:49 - 00000000 ____D C:\Users\Derya\AppData\Local\Dropbox
2017-06-13 18:32 - 2017-06-04 13:58 - 00004428 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2017-06-12 11:59 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\system32\NDF

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2015-11-05 20:45 - 2017-07-06 19:48 - 0000074 _____ () C:\Users\Derya\AppData\Roaming\sp_data.sys
2016-07-21 13:19 - 2016-07-21 13:19 - 0013310 _____ () C:\Users\Derya\AppData\Local\recently-used.xbel
2017-06-04 13:35 - 2017-06-04 13:35 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2015-01-09 22:09 - 2016-11-11 18:52 - 0066192 _____ () C:\ProgramData\dudenbib.wav
2013-04-26 01:15 - 2012-09-07 13:40 - 0000256 _____ () C:\ProgramData\SetStretch.cmd
2013-04-26 01:15 - 2009-07-22 12:04 - 0024576 _____ () C:\ProgramData\SetStretch.exe
2013-04-26 01:15 - 2012-09-07 13:37 - 0000103 _____ () C:\ProgramData\SetStretch.VBS

==================== Bamital & volsnap ======================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert

LastRegBack: 2017-07-02 17:08

==================== Ende von FRST.txt ============================

Code:

ATTFilter

Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 05-07-2017
durchgeführt von Derya (06-07-2017 23:00:13)
Gestartet von C:\Users\Derya\Desktop
Windows 10 Home Version 1703 (X64) (2017-06-04 12:12:53)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-2045481624-1955495486-2742246077-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2045481624-1955495486-2742246077-503 - Limited - Disabled)
Derya (S-1-5-21-2045481624-1955495486-2742246077-1001 - Administrator - Enabled) => C:\Users\Derya
Gast (S-1-5-21-2045481624-1955495486-2742246077-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2045481624-1955495486-2742246077-1005 - Limited - Enabled)

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Avira Antivirus (Enabled - Up to date) {B3F630BD-538D-1B4A-14FA-14B63235278F}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Antivirus (Enabled - Up to date) {0897D159-75B7-14C4-2E4A-2FC449B26D32}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

7-Zip 9.22 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0922-000001000000}) (Version: 9.22.00.0 - Igor Pavlov)
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 17.009.20044 - Adobe Systems Incorporated)
Adobe Digital Editions 3.0 (HKLM-x32\...\Adobe Digital Editions 3.0) (Version: 3.0.1 - Adobe Systems Incorporated)
Adobe Flash Player 26 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 26.0.0.131 - Adobe Systems Incorporated)
Amazon Music (HKU\S-1-5-21-2045481624-1955495486-2742246077-1001\...\Amazon Amazon Music) (Version: 5.4.2.1801 - Amazon Services LLC)
Anki (HKLM-x32\...\Anki) (Version:  - )
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.2.7 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 3.0.6 - ASUS)
ASUS Screen Saver (HKLM-x32\...\{0FBEEDF8-30FA-4FA3-B31F-C9C7E7E8DFA2}) (Version: 1.0.2 - ASUS)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 4.0.18 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 2.01.0021 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 2.1.5 - ASUS)
ASUS WebStorage Sync Agent (HKLM-x32\...\ASUS WebStorage) (Version: 1.1.18.159 - ASUS Cloud Corporation)
ASUSDVD (HKLM-x32\...\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5710.52 - CyberLink Corp.) Hidden
ASUSDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5710.52 - CyberLink Corp.)
AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.12.311 - ASUSTEK)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0031 - ASUS)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.27.34 - Avira Operations GmbH & Co. KG)
Avira Connect (HKLM-x32\...\{14d00649-a178-473f-bf48-eec016dc4bfa}) (Version: 1.2.89.29905 - Avira Operations GmbH & Co. KG)
Avira Connect (HKLM-x32\...\{271D5399-34AF-4611-BCD9-B09185B2BBE0}) (Version: 1.2.89.29905 - Avira Operations GmbH & Co. KG) Hidden
Azteca (HKLM-x32\...\WTA-874d1d57-0527-4e80-adaa-bce83e1a070b) (Version: 2.2.0.97 - WildTangent) Hidden
Bejeweled 3 (HKLM-x32\...\WTA-cf23f5a3-be59-42a3-91d4-7147cb84c427) (Version: 2.2.0.97 - WildTangent) Hidden
Citavi 5  (HKLM-x32\...\{7EB278FB-0C3C-445E-8665-4A6CDD9B794E}) (Version: 5.3.1.0 - Swiss Academic Software)
Cut the Rope (HKLM-x32\...\WTA-f9eaaca9-82be-44ea-8a23-da50b5803b42) (Version: 3.0.2.38 - WildTangent) Hidden
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Dropbox (HKU\S-1-5-21-2045481624-1955495486-2742246077-1001\...\Dropbox) (Version: 29.4.20 - Dropbox, Inc.)
Duden-Bibliothek (HKLM-x32\...\{5C81B189-5456-40C4-9313-7FE6FA6DD64C}) (Version: 5.1.0 - Bibliographisches Institut GmbH)
ELAN Touchpad 15.8.4.3_X64_WHQL (HKLM\...\Elantech) (Version: 15.8.4.3 - ELAN Microelectronic Corp.)
Fotogalerie (HKLM-x32\...\{3CBD94C1-BA15-488C-888B-D8DD296CC6DC}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galerie de photos (HKLM-x32\...\{446CC8CE-0E90-44F7-ADD0-774B243EF090}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
GIMP 2.8.18 (HKLM\...\GIMP-2_is1) (Version: 2.8.18 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 59.0.3071.115 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4276 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Java 8 Update 131 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180131F0}) (Version: 8.0.1310.11 - Oracle Corporation)
L&H TTS3000 Deutsch (HKLM-x32\...\LHTTSGED) (Version:  - )
Langenscheidt Vokabeltrainer 6.0 Englisch (HKLM-x32\...\{BA49C568-7380-494F-9D15-EC2CE7F142C4}) (Version: 6.0.1 - Langenscheidt)
LDOCE5 Viewer 2013.03.24 (HKLM-x32\...\{69AF89EB-727E-4F9E-ADCA-87102CBAC142}_is1) (Version: 2013.03.24 - hakidame.net)
Lernout & Hauspie TruVoice American English TTS Engine (HKLM-x32\...\tv_enua) (Version:  - )
LibreOffice 5.2.6.2 (HKLM-x32\...\{443795BA-BBA0-46CF-A07F-DB5B461785F7}) (Version: 5.2.6.2 - The Document Foundation)
linguatec Voice Reader (HKLM-x32\...\{93293322-B694-4270-B7FE-DDE1A681ACCA}) (Version: 1.00.0000 - linguatec)
Longman Dictionary of Contemporary English 5th Edition (HKLM-x32\...\NSIS_ldoce5) (Version:  - )
Malwarebytes Version 3.0.5.1299 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.5.1299 - Malwarebytes)
Maxx Audio Installer (x64) (HKLM\...\{307032B2-6AF2-46D7-B933-62438DEB2B9A}) (Version: 2.6.6168.8 - Waves Audio Ltd.) Hidden
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2045481624-1955495486-2742246077-1001\...\OneDriveSetup.exe) (Version: 17.3.6917.0607 - Microsoft Corporation)
Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0407-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Movie Maker (HKLM-x32\...\{03CC9D58-B132-4CC0-A521-4F3660AA43C7}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{701FE1BC-834A-4857-AF62-6EBA50CFBC78}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{8E6E8CBB-8E58-493C-943F-4664F5F2FEDB}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{A17946CA-18E5-4CF0-8D55-A56D804718F8}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{AE8044B5-FCA3-4EBE-AC78-0FB3A6E8DC76}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{ED6C77F9-4D7E-447C-9EC0-9A212D075535}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 54.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 54.0.1 (x86 de)) (Version: 54.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 54.0.1.6388 - Mozilla)
MyBitCast 2.0 (HKLM-x32\...\MyBitCast) (Version: 2.0 - ASUS)
Oxford Advanced Learner's Dictionary - 8th Edition (HKLM-x32\...\NSIS_oald8) (Version:  - )
Paragon Software PONS 7 (HKLM-x32\...\Paragon Software PONS 7) (Version:  - )
Peggle (HKLM-x32\...\WTA-4ac01422-47f4-450d-be29-dd2c93505f68) (Version: 2.2.0.95 - WildTangent) Hidden
Penguins! (HKLM-x32\...\WTA-0eda17f7-fdf1-44cd-87c0-caf591ca3a2e) (Version: 2.2.0.98 - WildTangent) Hidden
PROMT Personal 9.0 EGGE (HKLM-x32\...\{E0FF8A03-2606-46CC-964E-4583BBA10DB9}) (Version: 9.0.00020 - PROMT Ltd.)
QUICKfind server v1.1 (HKLM-x32\...\QUICKfind) (Version:  - IDM)
Raccolta foto (HKLM-x32\...\{D04EBB49-C985-4A38-8695-62000861293A}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Ralink RT2860 Wireless LAN Card (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}) (Version: 1.2.0.41 - Ralink)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.14.327.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C9661090-C134-46E8-90B2-76D72355C2A6}) (Version: 6.2.9200.27038 - Realtek Semiconductor Corp.)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Skype™ 7.32 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.32.104 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-2045481624-1955495486-2742246077-1001\...\Spotify) (Version: 1.0.57.474.gca9c9538 - Spotify AB)
Tales of Lagoona (HKLM-x32\...\WTA-d927468d-46de-4206-b527-35d00680ffb7) (Version: 2.2.0.110 - WildTangent) Hidden
Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version:  - WildTangent) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Vokabeltrainer-Update 6.0.141 (HKLM-x32\...\{C90B2DAE-C958-4DC8-9B26-CFEA485A3E1B}) (Version: 6.0.141 - Langenscheidt)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.0.0 - WildTangent)
WildTangent Games App (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-asus) (Version: 4.0.10.5 - WildTangent) Hidden
Windows 10 Update and Privacy Settings (HKLM\...\{293F2009-0145-450B-B4AA-063D43FB368C}) (Version: 1.0.13.0 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.42.0 - ASUS)
Write or Die 2.1.7 (HKLM-x32\...\{EC5AF270-5A63-4230-A90D-921235AE711F}_is1) (Version:  - Write or Die LLC)
Yahoo Search Set (HKLM-x32\...\Yahoo! SearchSet) (Version:  - Yahoo Inc.)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

CustomCLSID: HKU\S-1-5-21-2045481624-1955495486-2742246077-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Derya\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2045481624-1955495486-2742246077-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-2045481624-1955495486-2742246077-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Derya\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2045481624-1955495486-2742246077-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Derya\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2045481624-1955495486-2742246077-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Derya\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2045481624-1955495486-2742246077-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Derya\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2045481624-1955495486-2742246077-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Derya\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2045481624-1955495486-2742246077-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Derya\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2045481624-1955495486-2742246077-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Derya\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2045481624-1955495486-2742246077-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Derya\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2045481624-1955495486-2742246077-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Derya\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2045481624-1955495486-2742246077-1001_Classes\CLSID\{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Derya\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2045481624-1955495486-2742246077-1001_Classes\CLSID\{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Derya\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2045481624-1955495486-2742246077-1001_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Derya\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Derya\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll [2017-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Derya\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll [2017-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Derya\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll [2017-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Derya\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll [2017-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Derya\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll [2017-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Derya\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll [2017-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Derya\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll [2017-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Derya\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll [2017-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> Keine Datei
ContextMenuHandlers01: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2011-04-19] (Igor Pavlov)
ContextMenuHandlers01: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files (x86)\Avira\Antivirus\shlext64.dll [2017-06-14] (Avira Operations GmbH & Co. KG)
ContextMenuHandlers03: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> Keine Datei
ContextMenuHandlers03: [BackupContextMenuExtension] -> {b1b96b20-da1d-4a3c-92c1-7229b32f2325} => C:\WINDOWS\system32\mscoree.dll [2017-03-18] (Microsoft Corporation)
ContextMenuHandlers03: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2016-12-14] (Malwarebytes)
ContextMenuHandlers04: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2011-04-19] (Igor Pavlov)
ContextMenuHandlers04: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> Keine Datei
ContextMenuHandlers05: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> Keine Datei
ContextMenuHandlers05: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2016-05-03] (Intel Corporation)
ContextMenuHandlers06: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2016-12-14] (Malwarebytes)
ContextMenuHandlers06: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> Keine Datei
ContextMenuHandlers06: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files (x86)\Avira\Antivirus\shlext64.dll [2017-06-14] (Avira Operations GmbH & Co. KG)
ContextMenuHandlers1_S-1-5-21-2045481624-1955495486-2742246077-1001: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\Derya\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll [2017-06-26] (Dropbox, Inc.)
ContextMenuHandlers4_S-1-5-21-2045481624-1955495486-2742246077-1001: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\Derya\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll [2017-06-26] (Dropbox, Inc.)
ContextMenuHandlers5_S-1-5-21-2045481624-1955495486-2742246077-1001: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\Derya\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll [2017-06-26] (Dropbox, Inc.)

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {060E1437-945D-4FE4-83EA-FB49460F512D} - System32\Tasks\ASUS InstantOn Config => C:\Program Files\ASUS\P4G\InsOnCfg.exe
Task: {253A9F58-5A67-4B0E-85B8-13A8C526CFFF} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Keine Datei <==== ACHTUNG
Task: {29950DB4-7643-447B-8979-9D5246966111} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-07] (Google Inc.)
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {4488AEBB-EE58-483E-AA1E-F33C536DA402} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-06-17] (Adobe Systems Incorporated)
Task: {4AAFCB02-F4D4-4FEA-BD50-9CA191C483DA} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2017-06-14] (Microsoft Corporation)
Task: {4C478B3A-0E5A-4100-8CB8-F826DF62F049} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Keine Datei <==== ACHTUNG
Task: {53B75930-DE86-4DD6-8766-D079A2BFEF37} - System32\Tasks\ASUS Live Update1 => C:\Program Files (x86) [Argument = -critical]
Task: {5DDB61B9-7E88-40AA-BD92-8591D97C5AA0} - System32\Tasks\ASUS Live Update2 => C:\Program Files (x86) [Argument = -check]
Task: {5FFD3882-F615-49DD-A497-CA3F6FAC3EDF} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Keine Datei <==== ACHTUNG
Task: {64D8FD42-BEE8-41FA-A988-D14259726C24} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Keine Datei <==== ACHTUNG
Task: {69FAFFDD-52F7-4F1F-BC99-2BF53056D08A} - System32\Tasks\ASUS Splendid ColorU => C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe [2013-10-07] (ASUSTeK Computer Inc.)
Task: {70BA45BF-2CC3-4ECD-AED8-9268E7D7C99F} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\BrowserChoice\browserchoice.exe
Task: {753704DA-8CCD-4CEF-8867-424E9FCDBB49} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Keine Datei <==== ACHTUNG
Task: {789344E1-0DA7-431B-A6D5-7D2D0F240E33} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2012-09-18] (ASUSTek Computer Inc.)
Task: {7E1F25DB-2E60-415D-8960-4735756F85AC} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Keine Datei <==== ACHTUNG
Task: {8727F5F9-E35C-4A6F-97D0-C821FF03038E} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Keine Datei <==== ACHTUNG
Task: {8D82E38A-A7D3-481E-AB01-7A342A1D067D} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK
Task: {8DB462E1-E7F8-482C-BC9F-468AAA86565D} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Keine Datei <==== ACHTUNG
Task: {8DD622C6-2C0C-4CD8-9C3E-62D1917BC8B8} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-04-25] (Adobe Systems Incorporated)
Task: {9250C7D3-39A8-4A07-BE57-C1C313159C82} - System32\Tasks\avastBCLRestart_chrome.exe => Chrome.exe 
Task: {9B1740F5-C217-4705-BD67-724DDF755186} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Keine Datei <==== ACHTUNG
Task: {B13A1E02-4508-4B78-958B-BF96BF8FF898} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2013-10-07] (ASUS)
Task: {CD116C33-CF19-48C7-8B24-F93219DAC374} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-07] (Google Inc.)
Task: {DB912004-E006-4CE3-8DD2-BFB5075C5910} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Keine Datei <==== ACHTUNG
Task: {DF5965BD-A1CF-435F-B9E1-107CF5952516} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2017-03-09] (AsusTek)
Task: {E5BB5305-6E29-4177-AF79-9D8E36016A13} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2013-08-29] (ASUS)
Task: {EDE6626D-7B4F-46E3-B2B5-D41DBF4D84FB} - System32\Tasks\AsusVibeSchedule => C:\Program Files (x86)\Asus\AsusVibe\AsusVibeLauncher.exe [2013-11-04] ()
Task: {F269495B-D870-4AED-881A-039B5EC1614E} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> Keine Datei <==== ACHTUNG

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-2045481624-1955495486-2742246077-1001Core1d249eaab9ca3df.job => C:\Users\Derya\AppData\Local\Dropbox\Update\DropboxUpdate.exe

==================== Verknüpfungen & WMI ========================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)


==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2012-12-19 08:10 - 2012-12-19 08:10 - 00072192 _____ () C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe
2016-12-21 05:29 - 2017-04-19 00:21 - 02271520 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
2017-03-18 22:58 - 2017-03-18 22:58 - 00138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2013-08-29 17:01 - 2013-08-29 17:01 - 00031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll
2017-03-18 22:59 - 2017-03-20 06:36 - 01731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-06-14 18:03 - 2017-06-03 12:03 - 04124568 _____ () C:\Windows\SystemApps\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\ContentDeliveryManager.Background.dll
2017-03-18 22:59 - 2017-03-20 06:36 - 02487712 _____ () C:\Windows\SystemApps\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\ContentManagementSDK.dll
2017-06-08 11:08 - 2017-06-08 11:08 - 02567680 _____ () C:\Program Files\WindowsApps\Microsoft.People_10.2.1451.0_x64__8wekyb3d8bbwe\People.BackgroundTasks.dll
2017-06-08 11:08 - 2017-06-08 11:08 - 00132608 _____ () C:\Program Files\WindowsApps\Microsoft.People_10.2.1451.0_x64__8wekyb3d8bbwe\PeopleUtilRT.Windows.dll
2017-06-22 11:52 - 2017-06-22 11:52 - 00054272 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11705.1001.21.0_x64__8wekyb3d8bbwe\WinStoreTasksWrapper.dll
2017-06-26 19:40 - 2017-06-23 05:21 - 03807064 _____ () C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.115\libglesv2.dll
2017-06-26 19:40 - 2017-06-23 05:21 - 00100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.115\libegl.dll
2013-10-08 21:41 - 2013-10-08 21:41 - 00037968 _____ () C:\Program Files (x86)\ASUS\Splendid\DetectDisplayDC.dll
2013-09-09 19:23 - 2013-09-09 19:23 - 00162816 _____ () C:\Program Files (x86)\ASUS\Splendid\CCTAdjust.dll
2016-11-06 03:23 - 2017-06-22 16:42 - 00189040 _____ () C:\Users\Derya\AppData\Roaming\Spotify\SpotifyWinRT.dll
2014-06-10 03:34 - 2012-06-25 11:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)


==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)


==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)


==================== Hosts Inhalt: ===============================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2013-08-22 15:25 - 2015-11-08 14:04 - 00000855 _____ C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1       localhost

==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-2045481624-1955495486-2742246077-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Derya\Pictures\wolf.jpg
DNS Servers: 10.173.68.21 - 10.173.68.20
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

HKLM\...\StartupApproved\Run32: => "ASUSPRP"
HKLM\...\StartupApproved\Run32: => "PDFPrint"
HKU\S-1-5-21-2045481624-1955495486-2742246077-1001\...\StartupApproved\StartupFolder: => "Dropbox.lnk"
HKU\S-1-5-21-2045481624-1955495486-2742246077-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-2045481624-1955495486-2742246077-1001\...\StartupApproved\Run: => "Spotify"

==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [UDP Query User{257D6F79-E949-45F1-ACE7-0D5ACA0214F4}C:\users\derya\appdata\local\amazon music\amazon music helper.exe] => (Allow) C:\users\derya\appdata\local\amazon music\amazon music helper.exe
FirewallRules: [TCP Query User{141964D7-98B6-49D7-AB96-0F1B3F31C138}C:\users\derya\appdata\local\amazon music\amazon music helper.exe] => (Allow) C:\users\derya\appdata\local\amazon music\amazon music helper.exe
FirewallRules: [{AE6A6C6A-4322-4DCD-BC14-E28A9ED39374}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{CF816965-7A7B-4C28-85C0-A55B0DCEAD82}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [UDP Query User{E798088E-3ACB-44CD-837E-BD928DB342E8}C:\program files (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [TCP Query User{4D409AEF-94F7-47E3-AB08-9687526DE941}C:\program files (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [{57C7C09A-7346-4AC7-9027-A3DAB343FE0B}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{836BF7B0-5DDF-4D27-B68B-D66B5D413867}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{7BD86B0E-D061-44E1-8F1C-1074DD5701F7}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{508FE17C-E133-40FE-8639-5974B8448C4E}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{9CBDB688-1560-4EC3-B3C4-13B86FD1A88A}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{08DF9207-336B-4D4F-B1FD-122BC45D324B}] => (Allow) LPort=1900
FirewallRules: [{CACDB418-5466-44CB-97EB-234638B11E8D}] => (Allow) LPort=2869
FirewallRules: [{8F742722-EB63-4B60-8280-435B83C49A8F}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{FA6213C5-9C4C-4DED-9260-23B94CE919B8}] => (Allow) C:\Users\Derya\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{A497A879-5BF2-4C91-9F36-4D69DC8F2881}] => (Allow) C:\Users\Derya\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [TCP Query User{46F933D7-0BD6-4060-8997-A487F30AC4B4}C:\users\derya\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\derya\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{2F0FE9AA-4DFD-4D99-AF3B-2AE5A632447C}C:\users\derya\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\derya\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [TCP Query User{3E0D46C8-C693-4C22-884F-D00D8E0E835C}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{F7B505C5-5023-4A53-A32F-E17150DF0619}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{FD90B076-5698-4B9E-A399-35D4FB4FFC57}C:\users\derya\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\derya\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{76B0E31B-3A34-41EF-B6FC-0C26E0FDE697}C:\users\derya\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\derya\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{AE9E2725-B0FE-44AD-9DD0-05E71C0BB461}C:\users\derya\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\derya\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{25E6452C-8EE3-4A35-9105-570D7F6DD3AC}C:\users\derya\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\derya\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{B08D7D50-5CCE-48E9-AA5F-6F64EA9EEF94}C:\program files (x86)\write or die 2\writeordie2.exe] => (Allow) C:\program files (x86)\write or die 2\writeordie2.exe
FirewallRules: [UDP Query User{6F1840A7-8444-443C-BDF8-3A6B7EEC6168}C:\program files (x86)\write or die 2\writeordie2.exe] => (Allow) C:\program files (x86)\write or die 2\writeordie2.exe
FirewallRules: [{7E12D159-18AE-4782-B928-A19555B32474}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Wiederherstellungspunkte =========================

21-06-2017 14:25:12 Geplanter Prüfpunkt
30-06-2017 16:08:28 Geplanter Prüfpunkt

==================== Fehlerhafte Geräte im Gerätemanager =============


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (07/06/2017 10:57:09 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DERYA)
Description: Bei der Aktivierung der App „Microsoft.ZuneVideo_8wekyb3d8bbwe!Microsoft.ZuneVideo“ ist folgender Fehler aufgetreten: -2144927142. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (07/06/2017 10:55:06 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DERYA)
Description: Bei der Aktivierung der App „Microsoft.BingWeather_8wekyb3d8bbwe!App“ ist folgender Fehler aufgetreten: -2144927148. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (07/06/2017 10:52:43 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DERYA)
Description: Bei der Aktivierung der App „Microsoft.BingWeather_8wekyb3d8bbwe!App“ ist folgender Fehler aufgetreten: -2144927148. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (07/06/2017 10:22:15 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DERYA)
Description: Bei der Aktivierung der App „Microsoft.BingWeather_8wekyb3d8bbwe!App“ ist folgender Fehler aufgetreten: -2144927148. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (07/06/2017 09:52:39 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DERYA)
Description: Bei der Aktivierung der App „Microsoft.BingWeather_8wekyb3d8bbwe!App“ ist folgender Fehler aufgetreten: -2144927148. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (07/06/2017 09:22:39 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DERYA)
Description: Bei der Aktivierung der App „Microsoft.BingWeather_8wekyb3d8bbwe!App“ ist folgender Fehler aufgetreten: -2144927148. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (07/06/2017 08:52:39 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DERYA)
Description: Bei der Aktivierung der App „Microsoft.BingWeather_8wekyb3d8bbwe!App“ ist folgender Fehler aufgetreten: -2144927148. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (07/06/2017 08:22:39 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DERYA)
Description: Bei der Aktivierung der App „Microsoft.BingWeather_8wekyb3d8bbwe!App“ ist folgender Fehler aufgetreten: -2144927148. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (07/06/2017 07:52:39 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DERYA)
Description: Bei der Aktivierung der App „Microsoft.BingWeather_8wekyb3d8bbwe!App“ ist folgender Fehler aufgetreten: -2144927148. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (07/06/2017 07:46:15 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DERYA)
Description: Bei der Aktivierung der App „Microsoft.BingWeather_8wekyb3d8bbwe!App“ ist folgender Fehler aufgetreten: -2144927148. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.


Systemfehler:
=============
Error: (07/06/2017 10:57:25 PM) (Source: DCOM) (EventID: 10010) (User: NT-AUTORITÄT)
Description: Der Server "{784E29F4-5EBE-4279-9948-1E8FE941646D}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (07/06/2017 10:57:11 PM) (Source: DCOM) (EventID: 10010) (User: DERYA)
Description: Der Server "Microsoft.ZuneVideo_10.17054.14711.0_x64__8wekyb3d8bbwe!Microsoft.ZuneVideo.AppXjgy0dfr6tssa93yj5px65cbv2gsc8r39.mca" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (07/06/2017 10:54:39 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "FontCache3.0.0.0" wurde aufgrund folgenden Fehlers nicht gestartet: 
Der Dienst antwortete nicht rechtzeitig auf die Start- oder Steuerungsanforderung.

Error: (07/06/2017 10:54:39 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst FontCache3.0.0.0 erreicht.

Error: (07/06/2017 10:53:56 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "CldFlt" wurde aufgrund folgenden Fehlers nicht gestartet: 
Die Anforderung wird nicht unterstützt.

Error: (07/06/2017 07:49:01 PM) (Source: DCOM) (EventID: 10010) (User: NT-AUTORITÄT)
Description: Der Server "{784E29F4-5EBE-4279-9948-1E8FE941646D}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (07/06/2017 06:02:16 PM) (Source: DCOM) (EventID: 10010) (User: DERYA)
Description: Der Server "Microsoft.Windows.ContentDeliveryManager_10.0.15063.0_neutral_neutral_cw5n1h2txyewy!App.AppXwdz8g2fxr36xz0tdtagygnvemf85s7gg.mca" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (07/06/2017 02:05:18 PM) (Source: DCOM) (EventID: 10010) (User: NT-AUTORITÄT)
Description: Der Server "{784E29F4-5EBE-4279-9948-1E8FE941646D}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (07/05/2017 03:37:43 PM) (Source: DCOM) (EventID: 10010) (User: NT-AUTORITÄT)
Description: Der Server "{784E29F4-5EBE-4279-9948-1E8FE941646D}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (07/05/2017 05:01:54 AM) (Source: DCOM) (EventID: 10010) (User: NT-AUTORITÄT)
Description: Der Server "{784E29F4-5EBE-4279-9948-1E8FE941646D}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.


==================== Speicherinformationen =========================== 

Prozessor: Intel(R) Core(TM) i3-3217U CPU @ 1.80GHz
Prozentuale Nutzung des RAM: 54%
Installierter physikalischer RAM: 3981.68 MB
Verfügbarer physikalischer RAM: 1816.16 MB
Summe virtueller Speicher: 5965.68 MB
Verfügbarer virtueller Speicher: 3555.42 MB

==================== Laufwerke ================================

Drive c: (OS) (Fixed) (Total:371.76 GB) (Free:276.59 GB) NTFS ==>[System mit Startkomponenten (eingeholt von Laufwerk)]
Drive d: () (Fixed) (Total:537.8 GB) (Free:536.83 GB) NTFS

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 0FE4DC0A)

Partition: GPT.

==================== Ende von Addition.txt ============================

Hi. Danke für deine Antwort. Emsisoft habe ich deinstalliert, weil es kostenpflichtig ist. Ich hab es hier während einer Untersuchung runtergeladen. Dann hab ich es total vergessen. Hoffe, freies Avira bietet genug Schutz. Wenn du etwas anderes empfiehlst, könnte ich auch es installieren. Viele Grüße

M-K-D-B · 07.07.2017, 06:06

Servus,

ich würde ja Avira deinstallieren und einfach den Windows Defender (der standardmäßig bei Windows 10 drauf ist) verwenden (mache ich auch).

Schritt 1
Downloade Dir bitte AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser.
Starte die adwcleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Werkzeuge > Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- Image File Execution Options Schlüssel
- "Tracing" Schlüssel
- "Prefetch" Dateien
- Proxy
- Winsock
- Firewall
- Internet Explorer Richtlinien
- Chrome Richtlinien
Bestätige die Auswahl mit Ok.
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen (auch dann wenn AdwCleaner sagt, dass nichts gefunden wurde) und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Schritt 2
Downloade Dir bitte Malwarebytes Anti-Malware 3

Installiere das Programm in den vorgegebenen Pfad.
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scan, wähle den Bedrohungs-Scan aus und klicke auf Scan starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Ausgewählte Elemente in die Quarantäne verschieben.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM nach dem Neustart, klicke auf Berichte.
Wähle den neuesten Scan-Bericht aus, klicke auf Bericht anzeigen und dann auf Export.
Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Schritt 3

Starte die FRST.exe erneut. Vergewissere dich, dass vor Addition.txt ein Haken gesetzt ist.
Setze einen Haken vor Shortcut.txt und drücke auf Untersuchen.
FRST erstellt nun drei Logdateien (FRST.txt, Addition.txt und Shortcut.txt).
Poste mir alle drei Logdateien mit deiner nächsten Antwort.

Bitte poste mit deiner nächsten Antwort

die Logdatei von AdwCleaner,
die Logdatei von MBAM,
die drei neuen Logdateien von FRST.

derya84 · 07.07.2017, 16:25

Code:

ATTFilter

# AdwCleaner v6.047 - Bericht erstellt am 07/07/2017 um 16:35:41
# Aktualisiert am 19/05/2017 von Malwarebytes
# Datenbank : 2017-07-06.2 [Server]
# Betriebssystem : Windows 10 Home  (X64)
# Benutzername : Derya - DERYA
# Gestartet von : C:\Users\Derya\Desktop\adwcleaner_6.047.exe
# Modus: LÃ¶schen
# UnterstÃ¼tzung : https://www.malwarebytes.com/support



***** [ Dienste ] *****



***** [ Ordner ] *****

[-] Ordner gelÃ¶scht: C:\Users\Derya\AppData\Local\YSearchUtil
[-] Ordner gelÃ¶scht: C:\Program Files (x86)\Yahoo!\yset


***** [ Dateien ] *****

[-] Datei gelÃ¶scht: C:\Users\Derya\AppData\Roaming\Mozilla\Firefox\Profiles\oseq4a8i.default\extensions\jid1-16aeif9OQIRKxA@jetpack.xpi
[-] Datei gelÃ¶scht: C:\Users\Derya\AppData\Roaming\Mozilla\Firefox\Profiles\oseq4a8i.default\extensions\safesearchplus2@avira.com.xpi


***** [ DLL ] *****



***** [ WMI ] *****



***** [ VerknÃ¼pfungen ] *****



***** [ Aufgabenplanung ] *****



***** [ Registrierungsdatenbank ] *****

[-] SchlÃ¼ssel gelÃ¶scht: HKLM\SOFTWARE\Classes\AnimatedGif.AniGif
[#] SchlÃ¼ssel mit Neustart gelÃ¶scht: [x64] HKLM\SOFTWARE\Classes\AnimatedGif.AniGif
[-] SchlÃ¼ssel gelÃ¶scht: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! SearchSet
[-] SchlÃ¼ssel gelÃ¶scht: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com
[-] SchlÃ¼ssel gelÃ¶scht: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cdn.castplatform.com
[-] SchlÃ¼ssel gelÃ¶scht: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\watch4.de
[-] SchlÃ¼ssel gelÃ¶scht: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.watch4.de
[-] SchlÃ¼ssel gelÃ¶scht: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\deals-way.com
[-] SchlÃ¼ssel gelÃ¶scht: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\foxi69.tlscdn.com
[-] SchlÃ¼ssel gelÃ¶scht: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\shopper.deals-way.com
[-] SchlÃ¼ssel gelÃ¶scht: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\tlscdn.com
[-] SchlÃ¼ssel gelÃ¶scht: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\deals-way.com
[-] SchlÃ¼ssel gelÃ¶scht: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\foxi69.tlscdn.com
[-] SchlÃ¼ssel gelÃ¶scht: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\shopper.deals-way.com
[-] SchlÃ¼ssel gelÃ¶scht: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\tlscdn.com
[#] SchlÃ¼ssel mit Neustart gelÃ¶scht: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com
[#] SchlÃ¼ssel mit Neustart gelÃ¶scht: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cdn.castplatform.com
[#] SchlÃ¼ssel mit Neustart gelÃ¶scht: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\watch4.de
[#] SchlÃ¼ssel mit Neustart gelÃ¶scht: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.watch4.de
[#] SchlÃ¼ssel mit Neustart gelÃ¶scht: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\deals-way.com
[#] SchlÃ¼ssel mit Neustart gelÃ¶scht: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\foxi69.tlscdn.com
[#] SchlÃ¼ssel mit Neustart gelÃ¶scht: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\shopper.deals-way.com
[#] SchlÃ¼ssel mit Neustart gelÃ¶scht: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\tlscdn.com
[#] SchlÃ¼ssel mit Neustart gelÃ¶scht: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\deals-way.com
[#] SchlÃ¼ssel mit Neustart gelÃ¶scht: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\foxi69.tlscdn.com
[#] SchlÃ¼ssel mit Neustart gelÃ¶scht: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\shopper.deals-way.com
[#] SchlÃ¼ssel mit Neustart gelÃ¶scht: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\tlscdn.com
[-] SchlÃ¼ssel gelÃ¶scht: HKLM\SOFTWARE\Google\Chrome\Extensions\ipmkfpcnmccejididiaagpgchgjfajgp
[-] SchlÃ¼ssel gelÃ¶scht: [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\ipmkfpcnmccejididiaagpgchgjfajgp


***** [ Browser ] *****

[-] [C:\Users\Derya\AppData\Local\Google\Chrome\User Data\Default] [extension] GelÃ¶scht: ipmkfpcnmccejididiaagpgchgjfajgp


*************************

:: "Tracing" SchlÃ¼ssel gelÃ¶scht
:: Winsock Einstellungen zurÃ¼ckgesetzt
:: "Image File Execution Options" SchlÃ¼ssel gelÃ¶scht
:: "Prefetch" Dateien gelÃ¶scht
:: Proxy Einstellungen zurÃ¼ckgesetzt
:: Firewall Einstellungen zurÃ¼ckgesetzt
:: Internet Explorer Richtlinien gelÃ¶scht
:: Chrome Richtlinien gelÃ¶scht

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [6566 Bytes] - [07/07/2017 16:35:41]
C:\AdwCleaner\AdwCleaner[S0].txt - [6587 Bytes] - [07/07/2017 16:33:34]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [6712 Bytes] ##########

Code:

ATTFilter

Malwarebytes
www.malwarebytes.com

-Protokolldetails-
Scan-Datum: 07.07.17
Scan-Zeit: 16:59
Protokolldatei: mbam.txt
Administrator: Ja

-Softwaredaten-
Version: 3.1.2.1733
Komponentenversion: 1.0.160
Version des Aktualisierungspakets: 1.0.2311
Lizenz: Abgelaufen

-Systemdaten-
Betriebssystem: Windows 10 (Build 15063.413)
CPU: x64
Dateisystem: NTFS
Benutzer: DERYA\Derya

-Scan-Ãœbersicht-
Scan-Typ: Bedrohungs-Scan
Ergebnis: Abgeschlossen
Gescannte Objekte: 408095
Erkannte Bedrohungen: 0
(keine bÃ¶sartigen Elemente erkannt)
In die QuarantÃ¤ne verschobene Bedrohungen: 0
(keine bÃ¶sartigen Elemente erkannt)
Abgelaufene Zeit: 10 Min., 1 Sek.

-Scan-Optionen-
Speicher: Aktiviert
Start: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

-Scan-Details-
Prozess: 0
(keine bÃ¶sartigen Elemente erkannt)

Modul: 0
(keine bÃ¶sartigen Elemente erkannt)

RegistrierungsschlÃ¼ssel: 0
(keine bÃ¶sartigen Elemente erkannt)

Registrierungswert: 0
(keine bÃ¶sartigen Elemente erkannt)

Registrierungsdaten: 0
(keine bÃ¶sartigen Elemente erkannt)

Daten-Stream: 0
(keine bÃ¶sartigen Elemente erkannt)

Ordner: 0
(keine bÃ¶sartigen Elemente erkannt)

Datei: 0
(keine bÃ¶sartigen Elemente erkannt)

Physischer Sektor: 0
(keine bÃ¶sartigen Elemente erkannt)


(end)

Code:

ATTFilter

Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 05-07-2017
durchgeführt von Derya (Administrator) auf DERYA (07-07-2017 17:13:44)
Gestartet von C:\Users\Derya\Desktop
Geladene Profile: Derya (Verfügbare Profile: Derya)
Platform: Windows 10 Home Version 1703 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: Chrome)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(ASUS) C:\Program Files\ASUS\P4G\InsOnSrv.exe
() C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files\ASUS\P4G\InsOnWMI.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Amazon Services LLC) C:\Users\Derya\AppData\Local\Amazon Music\Amazon Music Helper.exe
(Dropbox, Inc.) C:\Users\Derya\AppData\Local\Dropbox\Update\DropboxUpdate.exe
(Spotify Ltd) C:\Users\Derya\AppData\Roaming\Spotify\Spotify.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Windows NT\Accessories\wordpad.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Spotify Ltd) C:\Users\Derya\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\Derya\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\Derya\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Spotify Ltd) C:\Users\Derya\AppData\Roaming\Spotify\Spotify.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11705.1001.21.0_x64__8wekyb3d8bbwe\WinStore.App.exe
() C:\Program Files\WindowsApps\Microsoft.BingWeather_4.20.1102.0_x64__8wekyb3d8bbwe\Microsoft.Msn.Weather.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.8241.41125.0_x64__8wekyb3d8bbwe\HxOutlook.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.8241.41125.0_x64__8wekyb3d8bbwe\HxTsr.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.18062.12990.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3350760 2015-07-14] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13885696 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1402624 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes)
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3187360 2013-04-26] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSPanel.exe [3576784 2012-12-19] (ASUS Cloud Corporation)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [95192 2013-03-08] (CyberLink Corp.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-03-15] (Oracle Corporation)
HKU\S-1-5-21-2045481624-1955495486-2742246077-1001\...\Run: [Amazon Music] => C:\Users\Derya\AppData\Local\Amazon Music\Amazon Music Helper.exe [3694056 2017-04-18] (Amazon Services LLC)
HKU\S-1-5-21-2045481624-1955495486-2742246077-1001\...\Run: [Dropbox Update] => C:\Users\Derya\AppData\Local\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-05] (Dropbox, Inc.)
HKU\S-1-5-21-2045481624-1955495486-2742246077-1001\...\Run: [Spotify] => C:\Users\Derya\AppData\Roaming\Spotify\Spotify.exe [7111792 2017-07-07] (Spotify Ltd)
HKU\S-1-5-21-2045481624-1955495486-2742246077-1001\...\Run: [Spotify Web Helper] => C:\Users\Derya\AppData\Roaming\Spotify\Spotify.exe [7111792 2017-07-07] (Spotify Ltd)
Startup: C:\Users\Derya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2016-06-03]
ShortcutTarget: Dropbox.lnk -> C:\Users\Derya\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Tcpip\Parameters: [DhcpNameServer] 10.173.68.21 10.173.68.20
Tcpip\..\Interfaces\{0abe793a-7510-44e9-9f47-33868b7518ab}: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{3212af34-2967-4860-8e30-371a4082a040}: [DhcpNameServer] 10.173.68.21 10.173.68.20

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\S-1-5-21-2045481624-1955495486-2742246077-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
HKU\S-1-5-21-2045481624-1955495486-2742246077-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://de.yahoo.com/?fr=yset_ie_syc_oracle&type=orcl_hpset
SearchScopes: HKLM-x32 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2045481624-1955495486-2742246077-1001 -> {CA4998A0-6168-4151-B867-E3DBABBABAF3} URL = hxxps://de.search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
BHO: Citavi Picker -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> C:\WINDOWS\system32\mscoree.dll [2017-03-18] (Microsoft Corporation)
BHO-x32: Citavi Picker -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> C:\WINDOWS\system32\mscoree.dll [2017-03-18] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\ssv.dll [2017-04-21] (Oracle Corporation)
BHO-x32: QUICKfind BHO Object -> {C08DF07A-3E49-4E25-9AB0-D3882835F153} -> C:\Program Files (x86)\IDM\QUICKfind\PlugIns\IEHelp.dll [2007-02-16] (IDM)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-04-21] (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2017-01-02] (Skype Technologies)

FireFox:
========
FF DefaultProfile: oseq4a8i.default
FF ProfilePath: C:\Users\Derya\AppData\Roaming\Mozilla\Firefox\Profiles\oseq4a8i.default [2017-07-07]
FF NewTab: Mozilla\Firefox\Profiles\oseq4a8i.default -> about:newtab
FF DefaultSearchUrl: Mozilla\Firefox\Profiles\oseq4a8i.default -> hxxps://www.google.com/search/?trackid=sp-004752
FF SearchEngineOrder.1: Mozilla\Firefox\Profiles\oseq4a8i.default -> Google (avast)
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\oseq4a8i.default -> Google (avast)
FF Homepage: Mozilla\Firefox\Profiles\oseq4a8i.default -> hxxps://www.google.com
FF Keyword.URL: Mozilla\Firefox\Profiles\oseq4a8i.default -> hxxps://www.google.com/search/?trackid=sp-004752
FF NetworkProxy: Mozilla\Firefox\Profiles\oseq4a8i.default -> proxy_over_tls", false
FF NetworkProxy: Mozilla\Firefox\Profiles\oseq4a8i.default -> type", 0
FF Extension: (Hoxx VPN Proxy) - C:\Users\Derya\AppData\Roaming\Mozilla\Firefox\Profiles\oseq4a8i.default\Extensions\@hoxx-vpn.xpi [2017-06-07]
FF Extension: (Avira Browser Safety) - C:\Users\Derya\AppData\Roaming\Mozilla\Firefox\Profiles\oseq4a8i.default\Extensions\abs@avira.com.xpi [2017-06-07]
FF Extension: (Dictionary (EN/DE)) - C:\Users\Derya\AppData\Roaming\Mozilla\Firefox\Profiles\oseq4a8i.default\Extensions\dictlookup@arnhold.com.xpi [2016-05-13]
FF Extension: (ZenMate Security, Privacy & Unblock VPN) - C:\Users\Derya\AppData\Roaming\Mozilla\Firefox\Profiles\oseq4a8i.default\Extensions\firefox@zenmate.com.xpi [2017-06-01]
FF Extension: (Dictionary Extension) - C:\Users\Derya\AppData\Roaming\Mozilla\Firefox\Profiles\oseq4a8i.default\Extensions\jid0-raWjElI57dRa4jx9CCiYm5qZUQU@jetpack.xpi [2016-05-10]
FF Extension: (SearchExtensionLight) - C:\Users\Derya\AppData\Roaming\Mozilla\Firefox\Profiles\oseq4a8i.default\Extensions\{0ea582a1-4188-45af-938d-661cece01940}.xpi [2016-05-19] [ist nicht signiert]
FF Extension: (DivX Plugin Plus) - C:\Users\Derya\AppData\Roaming\Mozilla\Firefox\Profiles\oseq4a8i.default\Extensions\{24a3289f-c0e0-4937-a759-5d109127afc1}.xpi [2015-12-21] [ist nicht signiert]
FF Extension: (uBlock) - C:\Users\Derya\AppData\Roaming\Mozilla\Firefox\Profiles\oseq4a8i.default\Extensions\{2b10c1c8-a11f-4bad-fe9c-1c11e82cac42}.xpi [2015-12-18]
FF SearchPlugin: C:\Users\Derya\AppData\Roaming\Mozilla\Firefox\Profiles\oseq4a8i.default\searchplugins\google-avast.xml [2015-11-03]
FF SearchPlugin: C:\Users\Derya\AppData\Roaming\Mozilla\Firefox\Profiles\oseq4a8i.default\searchplugins\longman-english-dictionary.xml [2016-02-09]
FF HKLM-x32\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox
FF Extension: (Citavi Picker) - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2016-05-04]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_26_0_0_131.dll [2017-06-17] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_131.dll [2017-06-17] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-04-21] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-04-21] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2012-10-12] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-05] (Adobe Systems Inc.)

Chrome: 
=======
CHR Profile: C:\Users\Derya\AppData\Local\Google\Chrome\User Data\Default [2017-07-07]
CHR Extension: (Google Präsentationen) - C:\Users\Derya\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-11-07]
CHR Extension: (Google Docs) - C:\Users\Derya\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-11-07]
CHR Extension: (Google Drive) - C:\Users\Derya\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-07]
CHR Extension: (YouTube) - C:\Users\Derya\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-07]
CHR Extension: (uBlock Origin) - C:\Users\Derya\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2017-06-22]
CHR Extension: (Google-Suche) - C:\Users\Derya\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-07]
CHR Extension: (Adobe Acrobat) - C:\Users\Derya\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-05]
CHR Extension: (Productivity Owl) - C:\Users\Derya\AppData\Local\Google\Chrome\User Data\Default\Extensions\eoagmdboiealblmpaahjlhajggndaahi [2016-07-05]
CHR Extension: (Google Tabellen) - C:\Users\Derya\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-11-07]
CHR Extension: (Avira Browserschutz) - C:\Users\Derya\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2017-06-08]
CHR Extension: (Google Docs Offline) - C:\Users\Derya\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-17]
CHR Extension: (Instant Translate: universeller Übersetzer) - C:\Users\Derya\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihmgiclibbndffejedjimfjmfoabpcke [2017-07-06]
CHR Extension: (Cambridge Dictionaries Online) - C:\Users\Derya\AppData\Local\Google\Chrome\User Data\Default\Extensions\jheadbpkjimjomnnfpeokkffdfjocekd [2016-02-14]
CHR Extension: (Google Scholar-Schaltfläche) - C:\Users\Derya\AppData\Local\Google\Chrome\User Data\Default\Extensions\ldipcbpaocekfooobnbcddclnhejkcpn [2016-05-05]
CHR Extension: (Google Dictionary (by Google)) - C:\Users\Derya\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja [2016-04-20]
CHR Extension: (Self Control) - C:\Users\Derya\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncaaipdfhdijmfdfmeoagmogddhkfdec [2017-05-16]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Derya\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-11]
CHR Extension: (Cambridge Dictionaries Online) - C:\Users\Derya\AppData\Local\Google\Chrome\User Data\Default\Extensions\oaioomolanclklopkbfkhbmjeddbgdbj [2016-02-14]
CHR Extension: (PDF Viewer) - C:\Users\Derya\AppData\Local\Google\Chrome\User Data\Default\Extensions\oemmndcbldboiebfnladdacbdfmadadm [2016-11-02]
CHR Extension: (Citavi Picker) - C:\Users\Derya\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohgndokldibnndfnjnagojmheejlengn [2017-03-05]
CHR Extension: (Google Mail) - C:\Users\Derya\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-11-07]
CHR Extension: (Chrome Media Router) - C:\Users\Derya\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-06-27]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fabhkdeopjkcpkmofliimbjckmocfiom] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [kpdmjodecdegfglgaapafjleomjjlpnh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ohgndokldibnndfnjnagojmheejlengn] - hxxps://clients2.google.com/service/update2/crx

==================== Dienste (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 ASUS InstantOn; C:\Program Files\ASUS\P4G\InsOnSrv.exe [277120 2013-08-29] (ASUS)
R2 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe [72192 2012-12-19] () [Datei ist nicht signiert]
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [147688 2015-07-14] (ELAN Microelectronics Corp.)
R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [337888 2016-05-03] (Intel Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4470736 2017-05-09] (Malwarebytes)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-03-18] (Microsoft Corporation)

===================== Treiber (Nicht auf der Ausnahmeliste) ======================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R3 AsusTP; C:\WINDOWS\System32\drivers\AsusTP.sys [128024 2017-03-09] (ASUS Corporation)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
R3 ETDSMBus; C:\WINDOWS\System32\drivers\ETDSMBus.sys [31320 2015-07-14] (ELAN Microelectronic Corp.)
R3 kbfiltr; C:\WINDOWS\System32\drivers\kbfiltr.sys [14992 2012-08-02] ( )
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [253856 2017-07-07] (Malwarebytes)
R1 MpKsl7971f597; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{1428F803-3E5E-41B1-BC53-21E3955FD525}\MpKsl7971f597.sys [44928 2017-07-07] (Microsoft Corporation)
R3 netr28x; C:\WINDOWS\System32\drivers\netr28x.sys [2537984 2017-03-18] (MediaTek Inc.)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [895256 2015-07-07] (Realtek                                            )
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2017-07-07 17:12 - 2017-07-07 17:12 - 00001397 _____ C:\Users\Derya\Desktop\mbam.txt
2017-07-07 16:42 - 2017-07-07 16:52 - 65033984 _____ (Malwarebytes ) C:\Users\Derya\Desktop\mb3-setup-consumer-3.1.2.1733-1.0.160-1.0.2251.exe
2017-07-07 16:34 - 2017-07-07 16:34 - 00251832 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\57F62D67.sys
2017-07-07 16:28 - 2017-07-07 16:35 - 00000000 ____D C:\AdwCleaner
2017-07-07 16:27 - 2017-07-07 16:27 - 04110280 _____ C:\Users\Derya\Desktop\adwcleaner_6.047.exe
2017-07-06 00:09 - 2017-07-06 01:43 - 00279784 _____ C:\TDSSKiller.3.1.0.15_06.07.2017_00.09.55_log.txt
2017-07-06 00:03 - 2017-07-06 00:04 - 04922400 _____ (AO Kaspersky Lab) C:\Users\Derya\Desktop\tdsskiller.exe
2017-07-05 23:55 - 2017-07-06 23:02 - 00040044 _____ C:\Users\Derya\Desktop\Addition.txt
2017-07-05 23:52 - 2017-07-07 17:14 - 00023484 _____ C:\Users\Derya\Desktop\FRST.txt
2017-07-05 23:52 - 2017-07-07 17:13 - 00000000 ____D C:\FRST
2017-07-05 23:47 - 2017-07-05 23:48 - 02436608 _____ (Farbar) C:\Users\Derya\Desktop\FRST64.exe
2017-06-27 22:34 - 2017-06-27 22:34 - 00000000 ____D C:\Users\Derya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-06-14 18:03 - 2017-06-03 12:15 - 00750560 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2017-06-14 18:03 - 2017-06-03 12:15 - 00382368 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2017-06-14 18:03 - 2017-06-03 12:09 - 08318880 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-06-14 18:03 - 2017-06-03 12:09 - 01003624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2017-06-14 18:03 - 2017-06-03 12:08 - 02969880 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2017-06-14 18:03 - 2017-06-03 12:07 - 00119712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2017-06-14 18:03 - 2017-06-03 12:00 - 00219040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
2017-06-14 18:03 - 2017-06-03 11:59 - 01409048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2017-06-14 18:03 - 2017-06-03 11:59 - 00626528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2017-06-14 18:03 - 2017-06-03 11:59 - 00311200 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2017-06-14 18:03 - 2017-06-03 11:59 - 00259400 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2017-06-14 18:03 - 2017-06-03 11:58 - 07904784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-06-14 18:03 - 2017-06-03 11:58 - 00254176 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2017-06-14 18:03 - 2017-06-03 11:55 - 02681760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2017-06-14 18:03 - 2017-06-03 11:36 - 01150784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2017-06-14 18:03 - 2017-06-03 11:35 - 02259768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-06-14 18:03 - 2017-06-03 11:28 - 23677440 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-06-14 18:03 - 2017-06-03 11:26 - 00266640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\capauthz.dll
2017-06-14 18:03 - 2017-06-03 11:23 - 20373920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-06-14 18:03 - 2017-06-03 11:23 - 06760024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-06-14 18:03 - 2017-06-03 11:23 - 00573856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comctl32.dll
2017-06-14 18:03 - 2017-06-03 11:20 - 00583160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-06-14 18:03 - 2017-06-03 11:14 - 03673088 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-06-14 18:03 - 2017-06-03 11:14 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\utcutil.dll
2017-06-14 18:03 - 2017-06-03 11:14 - 00047104 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2017-06-14 18:03 - 2017-06-03 11:12 - 00119296 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2017-06-14 18:03 - 2017-06-03 11:11 - 02958848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-06-14 18:03 - 2017-06-03 11:11 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2017-06-14 18:03 - 2017-06-03 11:11 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2017-06-14 18:03 - 2017-06-03 11:11 - 00038912 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2017-06-14 18:03 - 2017-06-03 11:11 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
2017-06-14 18:03 - 2017-06-03 11:11 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2017-06-14 18:03 - 2017-06-03 11:10 - 00293376 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2017-06-14 18:03 - 2017-06-03 11:10 - 00102400 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2017-06-14 18:03 - 2017-06-03 11:09 - 00271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Identity.Provider.dll
2017-06-14 18:03 - 2017-06-03 11:09 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\devicengccredprov.dll
2017-06-14 18:03 - 2017-06-03 11:09 - 00094720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2017-06-14 18:03 - 2017-06-03 11:07 - 23682048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-06-14 18:03 - 2017-06-03 11:07 - 00778240 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2017-06-14 18:03 - 2017-06-03 11:07 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2017-06-14 18:03 - 2017-06-03 11:07 - 00197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdboot.exe
2017-06-14 18:03 - 2017-06-03 11:07 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2017-06-14 18:03 - 2017-06-03 11:05 - 20506624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-06-14 18:03 - 2017-06-03 11:05 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Identity.Provider.dll
2017-06-14 18:03 - 2017-06-03 11:05 - 00169984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\devicengccredprov.dll
2017-06-14 18:03 - 2017-06-03 11:04 - 12787200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-06-14 18:03 - 2017-06-03 11:04 - 00805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-06-14 18:03 - 2017-06-03 11:03 - 19336192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-06-14 18:03 - 2017-06-03 11:03 - 01260544 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2017-06-14 18:03 - 2017-06-03 11:03 - 00467456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TpmCoreProvisioning.dll
2017-06-14 18:03 - 2017-06-03 11:02 - 08245760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-06-14 18:03 - 2017-06-03 11:01 - 02804736 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-06-14 18:03 - 2017-06-03 11:00 - 03379200 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2017-06-14 18:03 - 2017-06-03 11:00 - 00933376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2017-06-14 18:03 - 2017-06-03 11:00 - 00358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-06-14 18:03 - 2017-06-03 10:59 - 04730368 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-06-14 18:03 - 2017-06-03 10:59 - 02672128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2017-06-14 18:03 - 2017-06-03 10:59 - 02597376 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2017-06-14 18:03 - 2017-06-03 10:59 - 01142784 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2017-06-14 18:03 - 2017-06-03 10:59 - 00975360 _____ (Microsoft Corporation) C:\WINDOWS\HelpPane.exe
2017-06-14 18:03 - 2017-06-03 10:59 - 00636416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-06-14 18:03 - 2017-06-03 10:58 - 05961216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-06-14 18:03 - 2017-06-03 10:58 - 02516480 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2017-06-14 18:03 - 2017-06-03 10:58 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2017-06-14 18:03 - 2017-06-03 10:58 - 01046016 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2017-06-14 18:03 - 2017-06-03 10:58 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2017-06-14 18:03 - 2017-06-03 10:57 - 11870720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-06-14 18:03 - 2017-06-03 10:57 - 06535168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspaint.exe
2017-06-14 18:03 - 2017-06-03 10:57 - 05557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2017-06-14 18:03 - 2017-06-03 10:57 - 02829824 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2017-06-14 18:03 - 2017-06-03 10:57 - 01675264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2017-06-14 18:03 - 2017-06-03 10:57 - 01248768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-06-14 18:03 - 2017-06-03 10:57 - 00797184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2017-06-14 18:03 - 2017-06-03 10:56 - 06292992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-06-14 18:03 - 2017-06-03 10:55 - 03656192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-06-14 18:03 - 2017-06-03 10:55 - 02132480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2017-06-14 18:03 - 2017-06-03 10:55 - 01019904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-06-14 18:03 - 2017-06-03 10:54 - 02341376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2017-06-14 18:03 - 2017-06-03 10:54 - 02298368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2017-06-14 18:03 - 2017-06-03 10:53 - 04559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2017-06-14 18:03 - 2017-06-03 10:51 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\bfsvc.exe
2017-06-14 18:02 - 2017-06-03 12:15 - 01596600 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2017-06-14 18:02 - 2017-06-03 12:14 - 01147296 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-06-14 18:02 - 2017-06-03 12:14 - 01024928 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-06-14 18:02 - 2017-06-03 12:10 - 00130464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tm.sys
2017-06-14 18:02 - 2017-06-03 12:07 - 00923048 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-06-14 18:02 - 2017-06-03 12:02 - 02444192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-06-14 18:02 - 2017-06-03 12:01 - 05477096 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2017-06-14 18:02 - 2017-06-03 12:00 - 00872472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2017-06-14 18:02 - 2017-06-03 12:00 - 00321376 _____ (Microsoft Corporation) C:\WINDOWS\system32\capauthz.dll
2017-06-14 18:02 - 2017-06-03 11:58 - 21352696 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-06-14 18:02 - 2017-06-03 11:58 - 00660384 _____ (Microsoft Corporation) C:\WINDOWS\system32\comctl32.dll
2017-06-14 18:02 - 2017-06-03 11:57 - 00371616 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2017-06-14 18:02 - 2017-06-03 11:14 - 00443392 _____ (Microsoft Corporation) C:\WINDOWS\system32\PerceptionSimulationExtensions.dll
2017-06-14 18:02 - 2017-06-03 11:14 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmredir.dll
2017-06-14 18:02 - 2017-06-03 11:10 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCredentialDeployment.exe
2017-06-14 18:02 - 2017-06-03 11:09 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-06-14 18:02 - 2017-06-03 11:06 - 00551936 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmCoreProvisioning.dll
2017-06-14 18:02 - 2017-06-03 11:05 - 07336448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-06-14 18:02 - 2017-06-03 11:05 - 01878016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-06-14 18:02 - 2017-06-03 11:04 - 00925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-06-14 18:02 - 2017-06-03 11:01 - 06726656 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe
2017-06-14 18:02 - 2017-06-03 10:59 - 02625024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2017-06-14 18:02 - 2017-06-03 10:59 - 02056192 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-06-14 18:02 - 2017-06-03 10:59 - 01293824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-06-14 18:02 - 2017-06-03 10:58 - 02650112 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2017-06-12 14:21 - 2017-06-12 14:21 - 02895643 _____ C:\Users\Derya\Downloads\Sensitive_byStudex_Collection_EN.pdf
2017-06-11 14:18 - 2017-06-11 14:18 - 10096308 _____ C:\Users\Derya\Downloads\9783423143356.zip

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2017-07-07 16:57 - 2016-12-21 05:29 - 00001914 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-07-07 16:57 - 2016-12-21 05:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-07-07 16:57 - 2015-11-03 19:44 - 00253856 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-07-07 16:46 - 2017-06-04 13:32 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-07-07 16:43 - 2015-06-08 12:38 - 00000000 ____D C:\Users\Derya\AppData\Roaming\Spotify
2017-07-07 16:41 - 2015-11-05 20:45 - 00000074 _____ C:\Users\Derya\AppData\Roaming\sp_data.sys
2017-07-07 16:39 - 2017-04-14 09:58 - 00000000 ____D C:\ProgramData\ASUS Smart Gesture
2017-07-07 16:37 - 2015-09-01 14:04 - 00000000 __SHD C:\Users\Derya\IntelGraphicsProfiles
2017-07-07 16:36 - 2017-06-04 13:58 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-07-07 16:36 - 2017-06-04 13:36 - 00000000 ____D C:\Users\Derya
2017-07-07 16:36 - 2017-03-18 13:40 - 01310720 _____ C:\WINDOWS\system32\config\BBI
2017-07-07 16:34 - 2016-07-20 22:58 - 00000000 ____D C:\Program Files (x86)\Yahoo!
2017-07-07 16:30 - 2015-02-14 21:35 - 00000000 ____D C:\Users\Derya\AppData\Roaming\vlc
2017-07-07 16:22 - 2016-11-29 01:23 - 00000000 ____D C:\Users\Derya\AppData\LocalLow\Mozilla
2017-07-07 16:18 - 2015-06-08 12:39 - 00000000 ____D C:\Users\Derya\AppData\Local\Spotify
2017-07-07 15:33 - 2015-12-18 10:50 - 00000000 ____D C:\ProgramData\Avira
2017-07-07 15:33 - 2015-10-30 14:13 - 00000000 ____D C:\ProgramData\Package Cache
2017-07-07 13:37 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-07-07 13:35 - 2017-06-04 13:58 - 00004152 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{9E6F6878-ACFE-4895-8063-AA9240D6E13D}
2017-07-06 22:53 - 2015-11-16 14:14 - 00000000 ____D C:\Program Files\Emsisoft Internet Security
2017-07-06 15:16 - 2017-03-18 23:03 - 00000000 ___HD C:\Program Files\WindowsApps
2017-07-05 23:58 - 2017-03-18 23:01 - 00000000 ____D C:\WINDOWS\INF
2017-07-05 17:42 - 2015-09-01 20:56 - 00000000 ____D C:\Users\Derya\Documents\Neuer Ordner
2017-07-03 00:20 - 2014-12-18 00:08 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-07-01 17:00 - 2016-11-29 01:23 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-06-27 22:35 - 2014-11-18 21:50 - 00000000 ____D C:\Users\Derya\AppData\Roaming\Dropbox
2017-06-27 12:06 - 2016-12-21 05:29 - 00077376 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-06-26 19:40 - 2015-11-07 00:17 - 00002266 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-06-26 19:40 - 2015-11-07 00:17 - 00002254 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-06-22 00:00 - 2017-06-04 14:21 - 00003270 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-06-22 00:00 - 2015-09-01 14:11 - 00002426 _____ C:\Users\Derya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-06-22 00:00 - 2014-10-29 12:33 - 00000000 __RDO C:\Users\Derya\OneDrive
2017-06-19 16:19 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-06-17 13:32 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-06-17 13:32 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-06-16 14:13 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\rescache
2017-06-15 11:52 - 2014-10-13 22:36 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-06-15 11:47 - 2017-06-04 13:56 - 01851652 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-06-15 11:47 - 2017-03-20 06:35 - 00802486 _____ C:\WINDOWS\system32\perfh007.dat
2017-06-15 11:47 - 2017-03-20 06:35 - 00162784 _____ C:\WINDOWS\system32\perfc007.dat
2017-06-15 11:40 - 2017-06-04 13:32 - 00305296 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-06-15 11:39 - 2014-10-24 21:16 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2017-06-15 11:39 - 2014-10-24 21:16 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2017-06-14 21:31 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\system32\oobe
2017-06-14 21:31 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\system32\appraiser
2017-06-14 18:21 - 2014-10-19 21:22 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-06-14 18:14 - 2017-03-18 22:51 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-06-14 18:14 - 2014-10-19 21:22 - 133627792 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-06-14 18:08 - 2014-10-24 21:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2017-06-13 21:47 - 2015-06-16 21:49 - 00000000 ____D C:\Users\Derya\AppData\Local\Dropbox
2017-06-13 18:32 - 2017-06-04 13:58 - 00004428 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2017-06-12 11:59 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\system32\NDF

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2015-11-05 20:45 - 2017-07-07 16:41 - 0000074 _____ () C:\Users\Derya\AppData\Roaming\sp_data.sys
2016-07-21 13:19 - 2016-07-21 13:19 - 0013310 _____ () C:\Users\Derya\AppData\Local\recently-used.xbel
2017-06-04 13:35 - 2017-06-04 13:35 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2015-01-09 22:09 - 2016-11-11 18:52 - 0066192 _____ () C:\ProgramData\dudenbib.wav
2013-04-26 01:15 - 2012-09-07 13:40 - 0000256 _____ () C:\ProgramData\SetStretch.cmd
2013-04-26 01:15 - 2009-07-22 12:04 - 0024576 _____ () C:\ProgramData\SetStretch.exe
2013-04-26 01:15 - 2012-09-07 13:37 - 0000103 _____ () C:\ProgramData\SetStretch.VBS

==================== Bamital & volsnap ======================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert

LastRegBack: 2017-07-02 17:08

==================== Ende von FRST.txt ============================

Code:

ATTFilter

Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 05-07-2017
durchgeführt von Derya (07-07-2017 17:15:42)
Gestartet von C:\Users\Derya\Desktop
Windows 10 Home Version 1703 (X64) (2017-06-04 12:12:53)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-2045481624-1955495486-2742246077-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2045481624-1955495486-2742246077-503 - Limited - Disabled)
Derya (S-1-5-21-2045481624-1955495486-2742246077-1001 - Administrator - Enabled) => C:\Users\Derya
Gast (S-1-5-21-2045481624-1955495486-2742246077-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2045481624-1955495486-2742246077-1005 - Limited - Enabled)

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

7-Zip 9.22 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0922-000001000000}) (Version: 9.22.00.0 - Igor Pavlov)
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 17.009.20044 - Adobe Systems Incorporated)
Adobe Digital Editions 3.0 (HKLM-x32\...\Adobe Digital Editions 3.0) (Version: 3.0.1 - Adobe Systems Incorporated)
Adobe Flash Player 26 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 26.0.0.131 - Adobe Systems Incorporated)
Amazon Music (HKU\S-1-5-21-2045481624-1955495486-2742246077-1001\...\Amazon Amazon Music) (Version: 5.4.2.1801 - Amazon Services LLC)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.2.7 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 3.0.6 - ASUS)
ASUS Screen Saver (HKLM-x32\...\{0FBEEDF8-30FA-4FA3-B31F-C9C7E7E8DFA2}) (Version: 1.0.2 - ASUS)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 4.0.18 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 2.01.0021 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 2.1.5 - ASUS)
ASUS WebStorage Sync Agent (HKLM-x32\...\ASUS WebStorage) (Version: 1.1.18.159 - ASUS Cloud Corporation)
ASUSDVD (HKLM-x32\...\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5710.52 - CyberLink Corp.) Hidden
ASUSDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5710.52 - CyberLink Corp.)
AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.12.311 - ASUSTEK)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0031 - ASUS)
Azteca (HKLM-x32\...\WTA-874d1d57-0527-4e80-adaa-bce83e1a070b) (Version: 2.2.0.97 - WildTangent) Hidden
Bejeweled 3 (HKLM-x32\...\WTA-cf23f5a3-be59-42a3-91d4-7147cb84c427) (Version: 2.2.0.97 - WildTangent) Hidden
Citavi 5  (HKLM-x32\...\{7EB278FB-0C3C-445E-8665-4A6CDD9B794E}) (Version: 5.3.1.0 - Swiss Academic Software)
Cut the Rope (HKLM-x32\...\WTA-f9eaaca9-82be-44ea-8a23-da50b5803b42) (Version: 3.0.2.38 - WildTangent) Hidden
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Dropbox (HKU\S-1-5-21-2045481624-1955495486-2742246077-1001\...\Dropbox) (Version: 29.4.20 - Dropbox, Inc.)
Duden-Bibliothek (HKLM-x32\...\{5C81B189-5456-40C4-9313-7FE6FA6DD64C}) (Version: 5.1.0 - Bibliographisches Institut GmbH)
ELAN Touchpad 15.8.4.3_X64_WHQL (HKLM\...\Elantech) (Version: 15.8.4.3 - ELAN Microelectronic Corp.)
Fotogalerie (HKLM-x32\...\{3CBD94C1-BA15-488C-888B-D8DD296CC6DC}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galerie de photos (HKLM-x32\...\{446CC8CE-0E90-44F7-ADD0-774B243EF090}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
GIMP 2.8.18 (HKLM\...\GIMP-2_is1) (Version: 2.8.18 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 59.0.3071.115 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4276 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Java 8 Update 131 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180131F0}) (Version: 8.0.1310.11 - Oracle Corporation)
L&H TTS3000 Deutsch (HKLM-x32\...\LHTTSGED) (Version:  - )
Langenscheidt Vokabeltrainer 6.0 Englisch (HKLM-x32\...\{BA49C568-7380-494F-9D15-EC2CE7F142C4}) (Version: 6.0.1 - Langenscheidt)
LDOCE5 Viewer 2013.03.24 (HKLM-x32\...\{69AF89EB-727E-4F9E-ADCA-87102CBAC142}_is1) (Version: 2013.03.24 - hakidame.net)
Lernout & Hauspie TruVoice American English TTS Engine (HKLM-x32\...\tv_enua) (Version:  - )
LibreOffice 5.2.6.2 (HKLM-x32\...\{443795BA-BBA0-46CF-A07F-DB5B461785F7}) (Version: 5.2.6.2 - The Document Foundation)
linguatec Voice Reader (HKLM-x32\...\{93293322-B694-4270-B7FE-DDE1A681ACCA}) (Version: 1.00.0000 - linguatec)
Longman Dictionary of Contemporary English 5th Edition (HKLM-x32\...\NSIS_ldoce5) (Version:  - )
Malwarebytes Version 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes)
Maxx Audio Installer (x64) (HKLM\...\{307032B2-6AF2-46D7-B933-62438DEB2B9A}) (Version: 2.6.6168.8 - Waves Audio Ltd.) Hidden
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2045481624-1955495486-2742246077-1001\...\OneDriveSetup.exe) (Version: 17.3.6917.0607 - Microsoft Corporation)
Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0407-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Movie Maker (HKLM-x32\...\{03CC9D58-B132-4CC0-A521-4F3660AA43C7}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{701FE1BC-834A-4857-AF62-6EBA50CFBC78}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{8E6E8CBB-8E58-493C-943F-4664F5F2FEDB}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{A17946CA-18E5-4CF0-8D55-A56D804718F8}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{AE8044B5-FCA3-4EBE-AC78-0FB3A6E8DC76}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{ED6C77F9-4D7E-447C-9EC0-9A212D075535}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 54.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 54.0.1 (x86 de)) (Version: 54.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 54.0.1.6388 - Mozilla)
MyBitCast 2.0 (HKLM-x32\...\MyBitCast) (Version: 2.0 - ASUS)
Oxford Advanced Learner's Dictionary - 8th Edition (HKLM-x32\...\NSIS_oald8) (Version:  - )
Paragon Software PONS 7 (HKLM-x32\...\Paragon Software PONS 7) (Version:  - )
Peggle (HKLM-x32\...\WTA-4ac01422-47f4-450d-be29-dd2c93505f68) (Version: 2.2.0.95 - WildTangent) Hidden
Penguins! (HKLM-x32\...\WTA-0eda17f7-fdf1-44cd-87c0-caf591ca3a2e) (Version: 2.2.0.98 - WildTangent) Hidden
PROMT Personal 9.0 EGGE (HKLM-x32\...\{E0FF8A03-2606-46CC-964E-4583BBA10DB9}) (Version: 9.0.00020 - PROMT Ltd.)
QUICKfind server v1.1 (HKLM-x32\...\QUICKfind) (Version:  - IDM)
Raccolta foto (HKLM-x32\...\{D04EBB49-C985-4A38-8695-62000861293A}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Ralink RT2860 Wireless LAN Card (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}) (Version: 1.2.0.41 - Ralink)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.14.327.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C9661090-C134-46E8-90B2-76D72355C2A6}) (Version: 6.2.9200.27038 - Realtek Semiconductor Corp.)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Skype™ 7.32 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.32.104 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-2045481624-1955495486-2742246077-1001\...\Spotify) (Version: 1.0.58.573.g57c9cd87 - Spotify AB)
Tales of Lagoona (HKLM-x32\...\WTA-d927468d-46de-4206-b527-35d00680ffb7) (Version: 2.2.0.110 - WildTangent) Hidden
Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version:  - WildTangent) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Vokabeltrainer-Update 6.0.141 (HKLM-x32\...\{C90B2DAE-C958-4DC8-9B26-CFEA485A3E1B}) (Version: 6.0.141 - Langenscheidt)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.0.0 - WildTangent)
WildTangent Games App (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-asus) (Version: 4.0.10.5 - WildTangent) Hidden
Windows 10 Update and Privacy Settings (HKLM\...\{293F2009-0145-450B-B4AA-063D43FB368C}) (Version: 1.0.13.0 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.42.0 - ASUS)
Write or Die 2.1.7 (HKLM-x32\...\{EC5AF270-5A63-4230-A90D-921235AE711F}_is1) (Version:  - Write or Die LLC)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

CustomCLSID: HKU\S-1-5-21-2045481624-1955495486-2742246077-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Derya\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2045481624-1955495486-2742246077-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-2045481624-1955495486-2742246077-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Derya\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2045481624-1955495486-2742246077-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Derya\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2045481624-1955495486-2742246077-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Derya\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2045481624-1955495486-2742246077-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Derya\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2045481624-1955495486-2742246077-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Derya\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2045481624-1955495486-2742246077-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Derya\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2045481624-1955495486-2742246077-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Derya\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2045481624-1955495486-2742246077-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Derya\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2045481624-1955495486-2742246077-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Derya\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2045481624-1955495486-2742246077-1001_Classes\CLSID\{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Derya\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2045481624-1955495486-2742246077-1001_Classes\CLSID\{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Derya\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2045481624-1955495486-2742246077-1001_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Derya\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Derya\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll [2017-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Derya\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll [2017-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Derya\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll [2017-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Derya\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll [2017-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Derya\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll [2017-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Derya\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll [2017-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Derya\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll [2017-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Derya\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll [2017-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> Keine Datei
ContextMenuHandlers01: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2011-04-19] (Igor Pavlov)
ContextMenuHandlers03: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> Keine Datei
ContextMenuHandlers03: [BackupContextMenuExtension] -> {b1b96b20-da1d-4a3c-92c1-7229b32f2325} => C:\WINDOWS\system32\mscoree.dll [2017-03-18] (Microsoft Corporation)
ContextMenuHandlers03: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
ContextMenuHandlers04: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2011-04-19] (Igor Pavlov)
ContextMenuHandlers04: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> Keine Datei
ContextMenuHandlers05: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> Keine Datei
ContextMenuHandlers05: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2016-05-03] (Intel Corporation)
ContextMenuHandlers06: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
ContextMenuHandlers06: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> Keine Datei
ContextMenuHandlers1_S-1-5-21-2045481624-1955495486-2742246077-1001: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\Derya\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll [2017-06-26] (Dropbox, Inc.)
ContextMenuHandlers4_S-1-5-21-2045481624-1955495486-2742246077-1001: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\Derya\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll [2017-06-26] (Dropbox, Inc.)
ContextMenuHandlers5_S-1-5-21-2045481624-1955495486-2742246077-1001: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\Derya\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll [2017-06-26] (Dropbox, Inc.)

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {060E1437-945D-4FE4-83EA-FB49460F512D} - System32\Tasks\ASUS InstantOn Config => C:\Program Files\ASUS\P4G\InsOnCfg.exe
Task: {253A9F58-5A67-4B0E-85B8-13A8C526CFFF} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Keine Datei <==== ACHTUNG
Task: {29950DB4-7643-447B-8979-9D5246966111} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-07] (Google Inc.)
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {4488AEBB-EE58-483E-AA1E-F33C536DA402} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-06-17] (Adobe Systems Incorporated)
Task: {4AAFCB02-F4D4-4FEA-BD50-9CA191C483DA} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2017-06-14] (Microsoft Corporation)
Task: {4C478B3A-0E5A-4100-8CB8-F826DF62F049} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Keine Datei <==== ACHTUNG
Task: {53B75930-DE86-4DD6-8766-D079A2BFEF37} - System32\Tasks\ASUS Live Update1 => C:\Program Files (x86) [Argument = -critical]
Task: {5DDB61B9-7E88-40AA-BD92-8591D97C5AA0} - System32\Tasks\ASUS Live Update2 => C:\Program Files (x86) [Argument = -check]
Task: {5FFD3882-F615-49DD-A497-CA3F6FAC3EDF} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Keine Datei <==== ACHTUNG
Task: {64D8FD42-BEE8-41FA-A988-D14259726C24} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Keine Datei <==== ACHTUNG
Task: {69FAFFDD-52F7-4F1F-BC99-2BF53056D08A} - System32\Tasks\ASUS Splendid ColorU => C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe [2013-10-07] (ASUSTeK Computer Inc.)
Task: {70BA45BF-2CC3-4ECD-AED8-9268E7D7C99F} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\BrowserChoice\browserchoice.exe
Task: {753704DA-8CCD-4CEF-8867-424E9FCDBB49} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Keine Datei <==== ACHTUNG
Task: {789344E1-0DA7-431B-A6D5-7D2D0F240E33} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2012-09-18] (ASUSTek Computer Inc.)
Task: {7E1F25DB-2E60-415D-8960-4735756F85AC} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Keine Datei <==== ACHTUNG
Task: {8727F5F9-E35C-4A6F-97D0-C821FF03038E} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Keine Datei <==== ACHTUNG
Task: {8D82E38A-A7D3-481E-AB01-7A342A1D067D} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK
Task: {8DB462E1-E7F8-482C-BC9F-468AAA86565D} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Keine Datei <==== ACHTUNG
Task: {8DD622C6-2C0C-4CD8-9C3E-62D1917BC8B8} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-04-25] (Adobe Systems Incorporated)
Task: {9250C7D3-39A8-4A07-BE57-C1C313159C82} - System32\Tasks\avastBCLRestart_chrome.exe => Chrome.exe 
Task: {9B1740F5-C217-4705-BD67-724DDF755186} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Keine Datei <==== ACHTUNG
Task: {B13A1E02-4508-4B78-958B-BF96BF8FF898} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2013-10-07] (ASUS)
Task: {CD116C33-CF19-48C7-8B24-F93219DAC374} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-07] (Google Inc.)
Task: {DB912004-E006-4CE3-8DD2-BFB5075C5910} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Keine Datei <==== ACHTUNG
Task: {DF5965BD-A1CF-435F-B9E1-107CF5952516} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2017-03-09] (AsusTek)
Task: {E5BB5305-6E29-4177-AF79-9D8E36016A13} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2013-08-29] (ASUS)
Task: {EDE6626D-7B4F-46E3-B2B5-D41DBF4D84FB} - System32\Tasks\AsusVibeSchedule => C:\Program Files (x86)\Asus\AsusVibe\AsusVibeLauncher.exe [2013-11-04] ()
Task: {F269495B-D870-4AED-881A-039B5EC1614E} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> Keine Datei <==== ACHTUNG

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-2045481624-1955495486-2742246077-1001Core1d249eaab9ca3df.job => C:\Users\Derya\AppData\Local\Dropbox\Update\DropboxUpdate.exe

==================== Verknüpfungen & WMI ========================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)


==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2012-12-19 08:10 - 2012-12-19 08:10 - 00072192 _____ () C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe
2013-08-29 17:01 - 2013-08-29 17:01 - 00031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll
2017-03-18 22:58 - 2017-03-18 22:58 - 00138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-03-18 22:59 - 2017-03-20 06:36 - 01731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-06-26 19:40 - 2017-06-23 05:21 - 03807064 _____ () C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.115\libglesv2.dll
2017-06-26 19:40 - 2017-06-23 05:21 - 00100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.115\libegl.dll
2017-06-04 14:50 - 2017-06-04 14:50 - 03139496 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11705.1001.21.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2017-06-22 11:52 - 2017-06-22 11:52 - 00766464 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11705.1001.21.0_x64__8wekyb3d8bbwe\WinStore.Vui.dll
2017-06-22 11:52 - 2017-06-22 11:52 - 10628608 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11705.1001.21.0_x64__8wekyb3d8bbwe\WinStore.Entertainment.Mobile.dll
2017-06-22 11:52 - 2017-06-22 11:52 - 02640384 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11705.1001.21.0_x64__8wekyb3d8bbwe\MS.Entertainment.Common.Mobile.dll
2017-04-22 19:27 - 2017-04-22 19:27 - 00017408 _____ () C:\Program Files\WindowsApps\Microsoft.BingWeather_4.20.1102.0_x64__8wekyb3d8bbwe\Microsoft.Msn.Weather.exe
2017-04-22 19:27 - 2017-04-22 19:27 - 15069696 _____ () C:\Program Files\WindowsApps\Microsoft.BingWeather_4.20.1102.0_x64__8wekyb3d8bbwe\Microsoft.Msn.Weather.dll
2017-03-29 12:33 - 2017-03-29 12:34 - 04123032 _____ () C:\Program Files\WindowsApps\Microsoft.BingWeather_4.20.1102.0_x64__8wekyb3d8bbwe\Microsoft.Advertising.dll
2016-03-03 21:23 - 2016-03-03 21:24 - 00291328 _____ () C:\Program Files\WindowsApps\Microsoft.BingWeather_4.20.1102.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll
2017-06-23 11:31 - 2017-06-23 11:32 - 01199816 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.8241.41125.0_x64__8wekyb3d8bbwe\Office.UI.Xaml.Word.dll
2017-06-23 11:31 - 2017-06-23 11:32 - 13207232 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.8241.41125.0_x64__8wekyb3d8bbwe\Office.UI.Xaml.Core.dll
2017-06-17 10:51 - 2017-06-17 10:53 - 00020480 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.18062.12990.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2017-06-17 10:51 - 2017-06-17 10:53 - 27430400 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.18062.12990.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2017-06-06 12:51 - 2017-06-06 12:54 - 00460288 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.18062.12990.0_x64__8wekyb3d8bbwe\Microsoft.Photos.AGM.Native.Windows.dll
2017-06-06 12:51 - 2017-06-06 12:54 - 02275328 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.18062.12990.0_x64__8wekyb3d8bbwe\MediaEngine.dll
2017-06-04 14:50 - 2017-06-04 14:50 - 03139496 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.18062.12990.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2017-06-06 12:51 - 2017-06-06 12:54 - 00046080 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.18062.12990.0_x64__8wekyb3d8bbwe\Microsoft.Photos.Edit.Services.dll
2016-06-03 12:49 - 2016-06-03 12:51 - 00680448 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.18062.12990.0_x64__8wekyb3d8bbwe\Microsoft.DesignCore.dll
2017-06-06 12:51 - 2017-06-06 12:54 - 00900096 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.18062.12990.0_x64__8wekyb3d8bbwe\Microsoft.RichMedia.Ink.Controls.dll
2017-05-09 17:24 - 2017-05-09 17:27 - 01062400 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.18062.12990.0_x64__8wekyb3d8bbwe\Microsoft.Sharing.dll
2016-03-03 21:23 - 2016-03-03 21:24 - 00291328 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.18062.12990.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll
2013-10-08 21:41 - 2013-10-08 21:41 - 00037968 _____ () C:\Program Files (x86)\ASUS\Splendid\DetectDisplayDC.dll
2013-09-09 19:23 - 2013-09-09 19:23 - 00162816 _____ () C:\Program Files (x86)\ASUS\Splendid\CCTAdjust.dll
2015-06-08 12:39 - 2017-07-07 16:18 - 67117168 _____ () C:\Users\Derya\AppData\Roaming\Spotify\libcef.dll
2015-06-08 12:39 - 2017-07-07 16:18 - 02253424 _____ () C:\Users\Derya\AppData\Roaming\Spotify\libglesv2.dll
2015-06-08 12:39 - 2017-07-07 16:18 - 00086640 _____ () C:\Users\Derya\AppData\Roaming\Spotify\libegl.dll
2014-06-10 03:34 - 2012-06-25 11:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)


==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)


==================== Hosts Inhalt: ===============================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2013-08-22 15:25 - 2015-11-08 14:04 - 00000855 _____ C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1       localhost

==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-2045481624-1955495486-2742246077-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Derya\Pictures\wolf.jpg
DNS Servers: 10.173.68.21 - 10.173.68.20
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

HKLM\...\StartupApproved\Run32: => "ASUSPRP"
HKLM\...\StartupApproved\Run32: => "PDFPrint"
HKU\S-1-5-21-2045481624-1955495486-2742246077-1001\...\StartupApproved\StartupFolder: => "Dropbox.lnk"
HKU\S-1-5-21-2045481624-1955495486-2742246077-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-2045481624-1955495486-2742246077-1001\...\StartupApproved\Run: => "Spotify"

==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [TCP Query User{6D3594E5-570E-4F22-B6FF-AB2038090F5A}C:\users\derya\appdata\local\amazon music\amazon music helper.exe] => (Allow) C:\users\derya\appdata\local\amazon music\amazon music helper.exe
FirewallRules: [UDP Query User{6861AED5-78B6-4E87-A061-CB6778DCCA47}C:\users\derya\appdata\local\amazon music\amazon music helper.exe] => (Allow) C:\users\derya\appdata\local\amazon music\amazon music helper.exe
FirewallRules: [TCP Query User{4C23C597-64B3-4D36-9310-B1CBF1AD707B}C:\users\derya\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\derya\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{183F16BF-C1E6-4EEB-AE12-943249400F94}C:\users\derya\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\derya\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{CB4FDB00-E56C-4E9E-92E1-01EFE3CC16B0}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{22CAED53-795E-4B0E-A54B-FA9157F223DD}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe

==================== Wiederherstellungspunkte =========================

21-06-2017 14:25:12 Geplanter Prüfpunkt
30-06-2017 16:08:28 Geplanter Prüfpunkt

==================== Fehlerhafte Geräte im Gerätemanager =============


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (07/07/2017 05:06:58 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DERYA)
Description: Bei der Aktivierung der App „Microsoft.BingWeather_8wekyb3d8bbwe!App“ ist folgender Fehler aufgetreten: -2144927148. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (07/07/2017 04:39:23 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DERYA)
Description: Bei der Aktivierung der App „Microsoft.ZuneVideo_8wekyb3d8bbwe!Microsoft.ZuneVideo“ ist folgender Fehler aufgetreten: -2144927142. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (07/07/2017 03:52:02 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DERYA)
Description: Bei der Aktivierung der App „Microsoft.BingWeather_8wekyb3d8bbwe!App“ ist folgender Fehler aufgetreten: -2144927148. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (07/07/2017 03:25:43 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DERYA)
Description: Bei der Aktivierung der App „Microsoft.BingWeather_8wekyb3d8bbwe!App“ ist folgender Fehler aufgetreten: -2144927148. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (07/07/2017 02:52:16 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DERYA)
Description: Bei der Aktivierung der App „Microsoft.BingWeather_8wekyb3d8bbwe!App“ ist folgender Fehler aufgetreten: -2144927148. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (07/07/2017 02:34:09 PM) (Source: COM) (EventID: 10031) (User: )
Description: Eine das Marshalling aufhebende Richtlinienprüfung wurde ausgeführt, als das Marshalling eines benutzerdefinierten gemarshallten Objekts aufgehoben wurde. Die Klasse "{95CABCC9-BC57-4C12-B8DF-BA193232AA01}" wurde abgelehnt.

Error: (07/07/2017 02:34:06 PM) (Source: COM) (EventID: 10031) (User: )
Description: Eine das Marshalling aufhebende Richtlinienprüfung wurde ausgeführt, als das Marshalling eines benutzerdefinierten gemarshallten Objekts aufgehoben wurde. Die Klasse "{95CABCC9-BC57-4C12-B8DF-BA193232AA01}" wurde abgelehnt.

Error: (07/07/2017 02:33:59 PM) (Source: COM) (EventID: 10031) (User: )
Description: Eine das Marshalling aufhebende Richtlinienprüfung wurde ausgeführt, als das Marshalling eines benutzerdefinierten gemarshallten Objekts aufgehoben wurde. Die Klasse "{41FD88F7-F295-4D39-91AC-A85F3149A05B}" wurde abgelehnt.

Error: (07/07/2017 02:25:30 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: Die Open-Prozedur für den Dienst "BITS" in der DLL "C:\Windows\System32\bitsperf.dll" war nicht erfolgreich. Die Leistungsdaten für diesen Dienst sind nicht verfügbar. Die ersten vier Bytes (DWORD) des Datenbereichs enthalten den Fehlercode.

Error: (07/07/2017 02:23:21 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DERYA)
Description: Bei der Aktivierung der App „Microsoft.BingWeather_8wekyb3d8bbwe!App“ ist folgender Fehler aufgetreten: -2144927148. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.


Systemfehler:
=============
Error: (07/07/2017 04:40:02 PM) (Source: DCOM) (EventID: 10010) (User: NT-AUTORITÄT)
Description: Der Server "{784E29F4-5EBE-4279-9948-1E8FE941646D}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (07/07/2017 04:39:25 PM) (Source: DCOM) (EventID: 10010) (User: DERYA)
Description: Der Server "Microsoft.ZuneVideo_10.17054.14711.0_x64__8wekyb3d8bbwe!Microsoft.ZuneVideo.AppXjgy0dfr6tssa93yj5px65cbv2gsc8r39.mca" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (07/07/2017 04:36:46 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "CldFlt" wurde aufgrund folgenden Fehlers nicht gestartet: 
Die Anforderung wird nicht unterstützt.

Error: (07/07/2017 04:34:52 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Windows Search" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler: 
Es wird bereits eine Instanz des Dienstes ausgeführt.

Error: (07/07/2017 04:34:22 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Presentation Foundation-Schriftartcache 3.0.0.0" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts.

Error: (07/07/2017 04:34:22 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) Management and Security Application User Notification Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (07/07/2017 04:34:22 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (07/07/2017 04:34:22 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) ME Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (07/07/2017 04:34:21 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Malwarebytes Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 5000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (07/07/2017 04:34:21 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Distributed Transaction Coordinator" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 1000 Millisekunden durchgeführt: Neustart des Diensts.


==================== Speicherinformationen =========================== 

Prozessor: Intel(R) Core(TM) i3-3217U CPU @ 1.80GHz
Prozentuale Nutzung des RAM: 57%
Installierter physikalischer RAM: 3981.68 MB
Verfügbarer physikalischer RAM: 1689.96 MB
Summe virtueller Speicher: 5965.68 MB
Verfügbarer virtueller Speicher: 3116.39 MB

==================== Laufwerke ================================

Drive c: (OS) (Fixed) (Total:371.76 GB) (Free:277.43 GB) NTFS ==>[System mit Startkomponenten (eingeholt von Laufwerk)]
Drive d: () (Fixed) (Total:537.8 GB) (Free:536.83 GB) NTFS

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 0FE4DC0A)

Partition: GPT.

==================== Ende von Addition.txt ============================

derya84 · 07.07.2017, 16:31

Code:

ATTFilter

Untersuchungsergebnis der Verknüpfungen des Benutzers (x64) Version: 05-07-2017
durchgeführt von Derya (07-07-2017 17:18:05)
Gestartet von C:\Users\Derya\Desktop
Start-Modus: Normal

==================== Verknüpfungen =============================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)


Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\01 - File Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\03 - Documents.lnk -> C:\Users\Derya\Documents ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\04 - Downloads.lnk -> C:\Users\Derya\Downloads ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\05 - Music.lnk -> C:\Users\Derya\Music ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\06 - Pictures.lnk -> C:\Users\Derya\Pictures ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\07 - Videos.lnk -> C:\Users\Derya\Videos ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\08 - Homegroup.lnk -> Microsoft.Windows.Homegroup
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\09 - Network.lnk -> Microsoft.Windows.Network
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\10 - UserProfile.lnk -> C:\Users\Derya ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk -> C:\Windows\Installer\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}\SC_Reader.ico (Flexera Software LLC)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Digital Editions 3.0.lnk -> C:\Program Files (x86)\Adobe\Adobe Digital Editions 3.0\DigitalEditions.exe (Adobe Systems Incorporated)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AudioWizard.lnk -> C:\Program Files\Waves\MaxxAudio\MaxxAudioControl64.exe (Waves Audio Ltd.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk -> C:\Program Files\GIMP 2\bin\gimp-2.8.exe (Spencer Kimball, Peter Mattis and the GIMP Development Team)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Immersive Control Panel.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft PowerPoint Viewer .lnk -> C:\Windows\Installer\{95140000-00AF-0407-0000-0000000FF1CE}\ppvwicon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiracastView.lnk -> C:\Windows\MiracastView\MiracastView.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk -> C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk -> C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PrintDialog.lnk -> C:\Windows\PrintDialog\PrintDialog.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Write or Die 2\Write or Die 2.lnk -> C:\Program Files (x86)\Write or Die 2\WriteorDie2.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\Documentation.lnk -> C:\Program Files (x86)\VideoLAN\VLC\Documentation.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\Release Notes.lnk -> C:\Program Files (x86)\VideoLAN\VLC\NEWS.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VideoLAN Website.lnk -> C:\Program Files (x86)\VideoLAN\VLC\VideoLAN Website.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player.lnk -> C:\Program Files (x86)\VideoLAN\VLC\vlc.exe (VideoLAN)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype\Skype.lnk -> C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PROMT\PROMT Personal 9.0.lnk -> C:\Windows\Installer\{E0FF8A03-2606-46CC-964E-4583BBA10DB9}\Icon_MainApp.exe (Macrovision Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paragon Software\PONS 7\Uninstall PONS.lnk -> C:\Program Files (x86)\Paragon Software\PONS 7\uninstall_PONS.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paragon Software\PONS 7\Uninstall Wörterbuch.lnk -> C:\Program Files (x86)\Paragon Software\PONS 7\uninstall_PONS.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oxford\Oxford Advanced Learner's Dictionary - 8th Edition\Oxford Advanced Learner's Dictionary - 8th Edition.lnk -> C:\Program Files (x86)\Oxford\OALD8\oald8.exe (mozilla.org)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oxford\Oxford Advanced Learner's Dictionary - 8th Edition\Uninstall.lnk -> C:\Program Files (x86)\Oxford\OALD8\uninstall.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight\Microsoft Silverlight.lnk -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\Silverlight.Configuration.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes\Malwarebytes.lnk -> C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe (Malwarebytes)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes\Uninstall Malwarebytes.lnk -> C:\Program Files\Malwarebytes\Anti-Malware\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\linguatec\Voice Reader\Handbuch.lnk -> C:\Program Files (x86)\linguatec\VoiceReader\Manual\VoiceReader_de.pdf ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\linguatec\Voice Reader\Integration Manager.lnk -> C:\Program Files (x86)\linguatec\VoiceReader\VrIntegrationManager.exe (TODO: <Firmenname>)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\linguatec\Voice Reader\Manual.lnk -> C:\Program Files (x86)\linguatec\VoiceReader\Manual\VoiceReader_en.pdf ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\linguatec\Voice Reader\Voice Reader Direct.lnk -> C:\Program Files (x86)\linguatec\VoiceReader\VRDirect.exe (Linguatec GmbH)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\linguatec\Voice Reader\Voice Reader.lnk -> C:\Program Files (x86)\linguatec\VoiceReader\VoiceReader.exe (Linguatec GmbH)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 5.2\LibreOffice Base.lnk -> C:\Program Files (x86)\LibreOffice 5\program\sbase.exe (The Document Foundation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 5.2\LibreOffice Calc.lnk -> C:\Program Files (x86)\LibreOffice 5\program\scalc.exe (The Document Foundation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 5.2\LibreOffice Draw.lnk -> C:\Program Files (x86)\LibreOffice 5\program\sdraw.exe (The Document Foundation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 5.2\LibreOffice Impress.lnk -> C:\Program Files (x86)\LibreOffice 5\program\simpress.exe (The Document Foundation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 5.2\LibreOffice Math.lnk -> C:\Program Files (x86)\LibreOffice 5\program\smath.exe (The Document Foundation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 5.2\LibreOffice Writer.lnk -> C:\Program Files (x86)\LibreOffice 5\program\swriter.exe (The Document Foundation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 5.2\LibreOffice.lnk -> C:\Program Files (x86)\LibreOffice 5\program\soffice.exe (The Document Foundation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LDOCE5 Viewer\LDOCE5 Viewer.lnk -> C:\Program Files (x86)\LDOCE5 Viewer\ldoce5viewer.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LDOCE5 Viewer\Uninstall LDOCE5 Viewer.lnk -> C:\Program Files (x86)\LDOCE5 Viewer\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Langenscheidt Vokabeltrainer 6.0\Vokabeltrainer 6.0 Englisch.lnk -> C:\Windows\Installer\{BA49C568-7380-494F-9D15-EC2CE7F142C4}\_7C1F5D9D1F3ED4008F913B.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Langenscheidt Vokabeltrainer 6.0\Vokabeltrainer 6.0-Hilfe.lnk -> C:\Windows\Installer\{BA49C568-7380-494F-9D15-EC2CE7F142C4}\_D3AC840F63372BB98F6400.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Java konfigurieren.lnk -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\javacpl.exe (Oracle Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Duden\Duden-Bibliothek\Duden-Bibliothek - Liesmich.lnk -> C:\Program Files (x86)\Duden\Duden-Bibliothek\LIESMICH.TXT ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Duden\Duden-Bibliothek\Duden-Bibliothek.lnk -> C:\Program Files (x86)\Duden\Duden-Bibliothek\dudenbib.exe (Bibliographisches Institut GmbH)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citavi 5\Citavi 5.lnk -> C:\Program Files (x86)\Citavi 5\bin\Citavi.exe (Swiss Academic Software)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUSDVD\ASUSDVD.lnk -> C:\Program Files (x86)\CyberLink\PowerDVD10\PDVDLaunchPolicy.exe (CyberLink Corp.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS\ASUS Install.lnk -> C:\eSupport\eDriver\AsInsWiz.exe (ASUSTek Computer INC.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS\ASUS Live Update.Lnk -> C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe (ASUSTeK Computer Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS\ASUS On-Screen Display.lnk -> C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSDMgr.exe (ASUSTek Computer Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS\eManual.Lnk -> C:\eSupport\Manual\eManual.exe (ASUSTek Computer Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS\Power4Gear Hybrid.lnk -> C:\Windows\Installer\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}\_07E2DD01D544B80FF38709.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS\USB Charger Plus.lnk -> C:\Windows\Installer\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}\_E8FD568838FE0C8B34DA59.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS\WinFlash.Lnk -> C:\Program Files (x86)\ASUS\WinFlash\WinFlash.exe (ASUSTek Computer Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS\WebStorage Sync Agent\WebStorage Sync Agent.lnk -> C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSPanel.exe (ASUS Cloud Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS\MyBitCast\MyBitcast.lnk -> C:\Program Files (x86)\ASUS\MyBitCast\MyBitCast.exe (Asus)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS\MyBitCast\Uninstall.lnk -> C:\Program Files (x86)\ASUS\MyBitCast\uninst.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS\AsusVibe\Agatha Christie's Mysteries Bundle.lnk -> C:\ProgramData\ASUSVibe\Agatha Christie's Mysteries Bundle.ico ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS\AsusVibe\ASUS  Vibe Fun Center.lnk -> C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS\AsusVibe\Dream Day Wedding Bundle.lnk -> C:\ProgramData\ASUSVibe\Dream Day Wedding Bundle.ico ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS\AsusVibe\Jewel Quest Mysteries Bundle.lnk -> C:\ProgramData\ASUSVibe\Jewel Quest Mysteries Bundle.ico ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS\AsusVibe\Jewel Quest.lnk -> C:\ProgramData\ASUSVibe\Jewel Quest.ico ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS\ASUS Splendid Utility\Splendid Utility.Lnk -> C:\Program Files (x86)\ASUS\Splendid\ACVT.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe\Adobe Digital Editions 3.0\Adobe Digital Editions 3.0.lnk -> C:\Program Files (x86)\Adobe\Adobe Digital Editions 3.0\DigitalEditions.exe (Adobe Systems Incorporated)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe\Adobe Digital Editions 3.0\Help.lnk -> C:\Program Files (x86)\Adobe\Adobe Digital Editions 3.0\DigitalEditions.exe (Adobe Systems Incorporated)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe\Adobe Digital Editions 3.0\Home Page.lnk -> C:\Program Files (x86)\Adobe\Adobe Digital Editions 3.0\DigitalEditions.exe (Adobe Systems Incorporated)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe\Adobe Digital Editions 3.0\Uninstall.lnk -> C:\Program Files (x86)\Adobe\Adobe Digital Editions 3.0\uninstall.exe (Adobe Systems Incorporated)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Component Services.lnk -> C:\Windows\System32\comexp.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\dfrgui.lnk -> C:\Windows\System32\dfrgui.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Disk Cleanup.lnk -> C:\Windows\System32\cleanmgr.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk -> C:\Windows\System32\iscsicpl.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk -> C:\Windows\System32\MdSched.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\ODBC Data Sources (32-bit).lnk -> C:\Windows\SysWOW64\odbcad32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\ODBC Data Sources (64-bit).lnk -> C:\Windows\System32\odbcad32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk -> C:\Windows\System32\services.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration.lnk -> C:\Windows\System32\msconfig.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Information.lnk -> C:\Windows\System32\msinfo32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk -> C:\Windows\System32\WF.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Math Input Panel.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\mip.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Paint.lnk -> C:\Windows\System32\mspaint.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Quick Assist.lnk -> C:\Windows\System32\quickassist.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk -> C:\Windows\System32\mstsc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Snipping Tool.lnk -> C:\Windows\System32\SnippingTool.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Steps Recorder.lnk -> C:\Windows\System32\psr.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Fax and Scan.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Wordpad.lnk -> C:\Program Files\Windows NT\Accessories\wordpad.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\XPS Viewer.lnk -> C:\Windows\System32\xpsrchvw.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Character Map.lnk -> C:\Windows\System32\charmap.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip\7-Zip File Manager.lnk -> C:\Program Files\7-Zip\7zFM.exe (Igor Pavlov)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip\7-Zip Help.lnk -> C:\Program Files\7-Zip\7-zip.chm ()
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk -> C:\Windows\explorer.exe,-30
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk -> C:\Windows\System32\shell32.dll (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk -> C:\Windows\System32\compmgmt.msc ()
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk -> C:\Windows\System32\diskmgmt.msc ()
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk -> C:\Windows\System32\eventvwr.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation)
Shortcut: C:\Users\Derya\Links\Desktop.lnk -> C:\Users\Derya\Desktop ()
Shortcut: C:\Users\Derya\Links\Downloads.lnk -> C:\Users\Derya\Downloads ()
Shortcut: C:\Users\Derya\Links\Dropbox.lnk -> C:\Users\Derya\Dropbox ()
Shortcut: C:\Users\Derya\Links\OneDrive.lnk -> C:\Users\Derya\OneDrive ()
Shortcut: C:\Users\Derya\Links\RecentPlaces.lnk -> [::{22877A6D-37A1-461A-91B0-DBDA5AAEBC99}]
Shortcut: C:\Users\Derya\Documents\Audible\Downloads.lnk -> C:\Users\Public\Documents\Audible\Downloads (Keine Datei)
Shortcut: C:\Users\Derya\Desktop\Amazon Music.lnk -> C:\Users\Derya\AppData\Local\Amazon Music\Amazon Music.exe (Amazon Services LLC)
Shortcut: C:\Users\Derya\Desktop\Spotify.lnk -> C:\Users\Derya\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd)
Shortcut: C:\Users\Derya\Desktop\Willkommen zur ASUS Produktregistrierung.lnk -> C:\Program Files (x86)\ASUS\APRP\aprp.exe (ASUSTek Computer Inc.)
Shortcut: C:\Users\Derya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Anki.lnk -> C:\Program Files (x86)\Anki\anki.exe (Keine Datei)
Shortcut: C:\Users\Derya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk -> C:\Users\Derya\AppData\Local\Microsoft\OneDrive\OneDrive.exe (Microsoft Corporation)
Shortcut: C:\Users\Derya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk -> C:\Users\Derya\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd)
Shortcut: C:\Users\Derya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Derya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\Users\Derya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\Users\Derya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Derya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Derya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk -> C:\Windows\explorer.exe,-30
Shortcut: C:\Users\Derya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Derya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Derya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk -> C:\Windows\System32\shell32.dll (Microsoft Corporation)
Shortcut: C:\Users\Derya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon Music\Amazon Music.lnk -> C:\Users\Derya\AppData\Local\Amazon Music\Amazon Music.exe (Amazon Services LLC)
Shortcut: C:\Users\Derya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon Music\Uninstall Amazon Music.lnk -> C:\Users\Derya\AppData\Local\Amazon Music\Uninstall.exe (Amazon)
Shortcut: C:\Users\Derya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\Derya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\Derya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\Derya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\Derya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\Derya\AppData\Roaming\Microsoft\Windows\SendTo\Bluetooth-Dateiübertragung.LNK -> C:\Windows\System32\fsquirt.exe (Microsoft Corporation)
Shortcut: C:\Users\Derya\AppData\Roaming\Microsoft\Windows\SendTo\Dropbox.lnk -> C:\Users\Derya\Dropbox ()
Shortcut: C:\Users\Derya\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Adobe Digital Editions 3.0.lnk -> C:\Program Files (x86)\Adobe\Adobe Digital Editions 3.0\DigitalEditions.exe (Adobe Systems Incorporated)
Shortcut: C:\Users\Derya\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\Derya\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\Derya\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Derya\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Derya\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Write or Die 2.lnk -> C:\Program Files (x86)\Write or Die 2\WriteorDie2.exe ()
Shortcut: C:\Users\Derya\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\ASUS Install.lnk -> C:\eSupport\eDriver\AsInsWiz.exe (ASUSTek Computer INC.)
Shortcut: C:\Users\Derya\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Duden-Bibliothek.lnk -> C:\Program Files (x86)\Duden\Duden-Bibliothek\dudenbib.exe (Bibliographisches Institut GmbH)
Shortcut: C:\Users\Derya\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\eManual.Lnk -> C:\eSupport\Manual\eManual.exe (ASUSTek Computer Inc.)
Shortcut: C:\Users\Derya\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Derya\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\Derya\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\linguatec Voice Reader.lnk -> C:\Program Files (x86)\linguatec\VoiceReader\VoiceReader.exe (Linguatec GmbH)
Shortcut: C:\Users\Derya\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Longman Dictionary of Contemporary English 5th Edition.lnk -> C:\Program Files (x86)\Longman\LDOCE5\ldoce5.exe (mozilla.org)
Shortcut: C:\Users\Derya\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Oxford Advanced Learner's Dictionary - 8th Edition.lnk -> C:\Program Files (x86)\Oxford\OALD8\oald8.exe (mozilla.org)
Shortcut: C:\Users\Derya\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\PROMT Personal 9.0.lnk -> C:\Windows\Installer\{E0FF8A03-2606-46CC-964E-4583BBA10DB9}\Icon_MainApp.exe (Macrovision Corporation)
Shortcut: C:\Users\Derya\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Derya\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Derya\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Derya\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Derya\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk -> C:\Windows\System32\compmgmt.msc ()
Shortcut: C:\Users\Derya\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk -> C:\Windows\System32\diskmgmt.msc ()
Shortcut: C:\Users\Derya\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk -> C:\Windows\System32\eventvwr.exe (Microsoft Corporation)
Shortcut: C:\Users\Derya\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation)
Shortcut: C:\Users\Derya\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation)
Shortcut: C:\Users\Derya\AppData\Local\Microsoft\Windows\Application Shortcuts\Windows.PurchaseDialog_cw5n1h2txyewy\Microsoft.Windows.PurchaseDialog.lnk -> Tile and icon assets
Shortcut: C:\Users\Derya\AppData\Local\Microsoft\Windows\Application Shortcuts\Windows.ContactSupport_cw5n1h2txyewy\App.lnk -> Tile and icon assets
Shortcut: C:\Users\Derya\AppData\Local\Microsoft\Windows\Application Shortcuts\WildTangentGames.-GamesApp-_qt5r5pa5dyg8m\WTGames.lnk -> Tile and icon assets
Shortcut: C:\Users\Derya\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.ZuneVideo_8wekyb3d8bbwe\Microsoft.ZuneVideo.lnk -> Tile and icon assets
Shortcut: C:\Users\Derya\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.ZuneMusic_8wekyb3d8bbwe\Microsoft.ZuneMusic.lnk -> Tile and icon assets
Shortcut: C:\Users\Derya\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.XboxIdentityProvider_cw5n1h2txyewy\Microsoft.XboxIdentityProvider.lnk -> Tile and icon assets
Shortcut: C:\Users\Derya\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\Microsoft.XboxGameCallableUI.lnk -> Tile and icon assets
Shortcut: C:\Users\Derya\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.XboxApp_8wekyb3d8bbwe\Microsoft.XboxApp.lnk -> Tile and icon assets
Shortcut: C:\Users\Derya\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.WindowsStore_8wekyb3d8bbwe\App.lnk -> Tile and icon assets
Shortcut: C:\Users\Derya\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\App.lnk -> Tile and icon assets
Shortcut: C:\Users\Derya\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.WindowsScan_8wekyb3d8bbwe\App.lnk -> Tile and icon assets
Shortcut: C:\Users\Derya\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.WindowsReadingList_8wekyb3d8bbwe\Microsoft.WindowsReadingList.lnk -> Tile and icon assets
Shortcut: C:\Users\Derya\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.WindowsPhone_8wekyb3d8bbwe\CompanionApp.App.lnk -> Tile and icon assets
Shortcut: C:\Users\Derya\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.WindowsMaps_8wekyb3d8bbwe\App.lnk -> Tile and icon assets
Shortcut: C:\Users\Derya\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.WindowsFeedback_cw5n1h2txyewy\App.lnk -> Tile and icon assets
Shortcut: C:\Users\Derya\AppData\Local\Microsoft\Windows\Application Shortcuts\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\microsoft.windowslive.calendar.lnk -> Tile and icon assets
Shortcut: C:\Users\Derya\AppData\Local\Microsoft\Windows\Application Shortcuts\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\microsoft.windowslive.mail.lnk -> Tile and icon assets
Shortcut: C:\Users\Derya\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.WindowsCamera_8wekyb3d8bbwe\App.lnk -> Tile and icon assets
Shortcut: C:\Users\Derya\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.WindowsCalculator_8wekyb3d8bbwe\App.lnk -> Tile and icon assets
Shortcut: C:\Users\Derya\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.WindowsAlarms_8wekyb3d8bbwe\App.lnk -> Tile and icon assets
Shortcut: C:\Users\Derya\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\App.lnk -> Tile and icon assets
Shortcut: C:\Users\Derya\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.Windows.Photos_8wekyb3d8bbwe\App.lnk -> Tile and icon assets
Shortcut: C:\Users\Derya\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.Windows.ParentalControls_cw5n1h2txyewy\App.lnk -> Tile and icon assets
Shortcut: C:\Users\Derya\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaUI.lnk -> Tile and icon assets
Shortcut: C:\Users\Derya\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\App.lnk -> Tile and icon assets
Shortcut: C:\Users\Derya\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\App.lnk -> Tile and icon assets
Shortcut: C:\Users\Derya\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.Studios.PinballFx2_8wekyb3d8bbwe\Pinball.App.lnk -> [LFhQ1SPSOYMGm5Microsoft Studios1SPSU(Ly9K-i+Microsoft.Studios.PinballFx2_8wekyb3d8bbwe7Microsoft.Studios.PinballFx2_8wekyb3d8bbwe!Pinball.AppE1SPS0%G`)Pinball FX21SPSMԆi<D*Te*data_win8\assets\package\logo_150x150.pngm.data_win8\assets\package\small_logo_30x30.pnge*data_win8\assets\package\wide_310x150.png)Pinball FX2!]
Shortcut: C:\Users\Derya\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.SkypeApp_kzf8qxf38zg5c\App.lnk -> Tile and icon assets
Shortcut: C:\Users\Derya\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.Reader_8wekyb3d8bbwe\Microsoft.Reader.lnk -> Tile and icon assets
Shortcut: C:\Users\Derya\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.People_8wekyb3d8bbwe\x4c7a3b7dy2188y46d4ya362y19ac5a5805e5x.lnk -> Tile and icon assets
Shortcut: C:\Users\Derya\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.Office.OneNote_8wekyb3d8bbwe\microsoft.onenoteim.lnk -> Tile and icon assets
Shortcut: C:\Users\Derya\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe\App.lnk -> Tile and icon assets
Shortcut: C:\Users\Derya\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\Microsoft.MicrosoftOfficeHub.lnk -> Tile and icon assets
Shortcut: C:\Users\Derya\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.lnk -> Tile and icon assets
Shortcut: C:\Users\Derya\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.LockApp_cw5n1h2txyewy\WindowsDefaultLockScreen.lnk -> Tile and icon assets
Shortcut: C:\Users\Derya\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.Getstarted_8wekyb3d8bbwe\App.lnk -> Tile and icon assets
Shortcut: C:\Users\Derya\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.FreshPaint_8wekyb3d8bbwe\Microsoft.FreshPaint.lnk -> Tile and icon assets
Shortcut: C:\Users\Derya\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.BioEnrollment_cw5n1h2txyewy\App.lnk -> Tile and icon assets
Shortcut: C:\Users\Derya\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.BingWeather_8wekyb3d8bbwe\App.lnk -> Tile and icon assets
Shortcut: C:\Users\Derya\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.BingTravel_8wekyb3d8bbwe\AppexTravel.lnk -> Tile and icon assets
Shortcut: C:\Users\Derya\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.BingSports_8wekyb3d8bbwe\AppexSports.lnk -> Tile and icon assets
Shortcut: C:\Users\Derya\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.BingNews_8wekyb3d8bbwe\AppexNews.lnk -> Tile and icon assets
Shortcut: C:\Users\Derya\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.BingHealthAndFitness_8wekyb3d8bbwe\AppexHealthAndFitness.lnk -> Tile and icon assets
Shortcut: C:\Users\Derya\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.BingFoodAndDrink_8wekyb3d8bbwe\AppexFoodAndDrink.lnk -> Tile and icon assets
Shortcut: C:\Users\Derya\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.BingFinance_8wekyb3d8bbwe\AppexFinance.lnk -> Tile and icon assets
Shortcut: C:\Users\Derya\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.Appconnector_8wekyb3d8bbwe\App.lnk -> Tile and icon assets
Shortcut: C:\Users\Derya\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.AccountsControl_cw5n1h2txyewy\App.lnk -> Tile and icon assets
Shortcut: C:\Users\Derya\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\App.lnk -> Tile and icon assets
Shortcut: C:\Users\Derya\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.3DBuilder_8wekyb3d8bbwe\App.lnk -> Tile and icon assets
Shortcut: C:\Users\Derya\AppData\Local\Microsoft\Windows\Application Shortcuts\MAGIX.MusicMakerJam_a2t3txkz9j1jw\MAGIX.MusicMakerJam.App.lnk -> Tile and icon assets
Shortcut: C:\Users\Derya\AppData\Local\Microsoft\Windows\Application Shortcuts\B9ECED6F.ASUSWelcome_qmba6cd70vzyy\App.lnk -> Tile and icon assets
Shortcut: C:\Users\Derya\AppData\Local\Microsoft\Windows\Application Shortcuts\AMZNMobileLLC.KindleforWindows8_stfe6vwa9jnbp\com.amazon.kindle.lnk -> Tile and icon assets
Shortcut: C:\Users\Derya\AppData\Local\Amazon Music\Uninstall Amazon Music.lnk -> C:\Users\Derya\AppData\Local\Amazon Music\Uninstall.exe (Amazon)
Shortcut: C:\Users\Public\Desktop\Acrobat Reader DC.lnk -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe (Adobe Systems Incorporated)
Shortcut: C:\Users\Public\Desktop\Adobe Digital Editions 3.0.lnk -> C:\Program Files (x86)\Adobe\Adobe Digital Editions 3.0\DigitalEditions.exe (Adobe Systems Incorporated)
Shortcut: C:\Users\Public\Desktop\AudioWizard.lnk -> C:\Program Files\Waves\MaxxAudio\MaxxAudioControl64.exe (Waves Audio Ltd.)
Shortcut: C:\Users\Public\Desktop\Citavi 5.lnk -> C:\Program Files (x86)\Citavi 5\bin\Citavi.exe (Swiss Academic Software)
Shortcut: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\Public\Desktop\LDOCE5 Viewer.lnk -> C:\Program Files (x86)\LDOCE5 Viewer\ldoce5viewer.exe ()
Shortcut: C:\Users\Public\Desktop\LibreOffice 5.2.lnk -> C:\Program Files (x86)\LibreOffice 5\program\soffice.exe (The Document Foundation)
Shortcut: C:\Users\Public\Desktop\linguatec Voice Reader.lnk -> C:\Program Files (x86)\linguatec\VoiceReader\VoiceReader.exe (Linguatec GmbH)
Shortcut: C:\Users\Public\Desktop\Longman Dictionary of Contemporary English 5th Edition.lnk -> C:\Program Files (x86)\Longman\LDOCE5\ldoce5.exe (mozilla.org)
Shortcut: C:\Users\Public\Desktop\Malwarebytes.lnk -> C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe (Malwarebytes)
Shortcut: C:\Users\Public\Desktop\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
Shortcut: C:\Users\Public\Desktop\Oxford Advanced Learner's Dictionary - 8th Edition.lnk -> C:\Program Files (x86)\Oxford\OALD8\oald8.exe (mozilla.org)
Shortcut: C:\Users\Public\Desktop\Skype.lnk -> C:\Windows\Installer\{FC965A47-4839-40CA-B618-18F486F042C6}\SkypeIcon.exe ()
Shortcut: C:\Users\Public\Desktop\VLC media player.lnk -> C:\Program Files (x86)\VideoLAN\VLC\vlc.exe (VideoLAN)
Shortcut: C:\Users\Public\Desktop\Vokabeltrainer 6.0 Englisch.lnk -> C:\Windows\Installer\{BA49C568-7380-494F-9D15-EC2CE7F142C4}\_1D9D218D8E037D696A1DC4.exe ()
Shortcut: C:\Users\Public\Desktop\Write or Die 2.lnk -> C:\Program Files (x86)\Write or Die 2\WriteorDie2.exe ()


ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office15\FIRSTRUN.EXE (Microsoft Corporation) -> /OEM
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WildTangent Games App - asus.lnk -> C:\Program Files (x86)\WildTangent Games\App\GameConsole-wt.exe (WildTangent) -> /src gamesmenu /dp asus
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player - reset preferences and cache files.lnk -> C:\Program Files (x86)\VideoLAN\VLC\vlc.exe (VideoLAN) -> --reset-config --reset-plugins-cache vlc://quit
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player skinned.lnk -> C:\Program Files (x86)\VideoLAN\VLC\vlc.exe (VideoLAN) -> -Iskins
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools\Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft Corporation) -> /7
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Auf Updates prüfen.lnk -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\javacpl.exe (Oracle Corporation) -> -tab update
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Info zu Java.lnk -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\javacpl.exe (Oracle Corporation) -> -tab about
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\All Casual Games.lnk -> C:\Program Files (x86)\WildGames\Game Explorer Categories - genres\provider.exe (WildTangent) -> /id=000d96f5-8034-4b74-a429-b6f0b04c75f4 /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\All Enthusiast Games.lnk -> C:\Program Files (x86)\WildGames\Game Explorer Categories - genres\provider.exe (WildTangent) -> /id=26352374-af55-4b53-b07b-6b0288ed97df /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\All Family Games.lnk -> C:\Program Files (x86)\WildGames\Game Explorer Categories - genres\provider.exe (WildTangent) -> /id=d58eecb0-0816-11de-8c30-0800200c9a66 /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\All Kids Games.lnk -> C:\Program Files (x86)\WildGames\Game Explorer Categories - genres\provider.exe (WildTangent) -> /id=3eda1e54-8889-41f5-a649-5a306789b7ef /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\All MMO Games.lnk -> C:\Program Files (x86)\WildGames\Game Explorer Categories - genres\provider.exe (WildTangent) -> /id=c3c636e0-1b04-11de-8c30-0800200c9a66 /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Computer Management.lnk -> C:\Windows\System32\compmgmt.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Event Viewer.lnk -> C:\Windows\System32\eventvwr.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk -> C:\Windows\System32\perfmon.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Resource Monitor.lnk -> C:\Windows\System32\perfmon.exe (Microsoft Corporation) -> /res
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk -> C:\Windows\System32\taskschd.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility\Speech Recognition.lnk -> C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation) -> -SpeechUX
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{f405496e-4cd5-4891-a8bc-3e58bd47b25c}\PlayTasks\0\Penguins!.lnk -> C:\Program Files (x86)\WildGames\Penguins!\Penguins-WT.exe (WildTangent, Inc.) -> /launchgc /src gameexplorer
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{d58eecb0-0816-11de-8c30-0800200c9a66}\PlayTasks\0\provider.lnk -> C:\Program Files (x86)\WildGames\Game Explorer Categories - genres\provider.exe (WildTangent) -> /id=d58eecb0-0816-11de-8c30-0800200c9a66 /src gameexploreroem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{d1bb8655-6ca7-4088-b80a-a1f6484b9d01}\PlayTasks\0\Azteca.lnk -> C:\Program Files (x86)\WildGames\Azteca\Azteca-WT.exe (WildTangent, Inc.) -> /launchgc /src gameexplorer
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{ca9f0082-7f3d-4f78-b4e6-592c73461b8c}\PlayTasks\0\Tales of Lagoona.lnk -> C:\Program Files (x86)\WildGames\Tales of Lagoona\Tales of Lagoona-WT.exe (WildTangent, Inc.) -> /launchgc /src gameexplorer
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{c3c636e0-1b04-11de-8c30-0800200c9a66}\PlayTasks\0\provider.lnk -> C:\Program Files (x86)\WildGames\Game Explorer Categories - genres\provider.exe (WildTangent) -> /id=c3c636e0-1b04-11de-8c30-0800200c9a66 /src gameexploreroem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{b87f2bde-5d44-4e86-bd37-a71616b35ea6}\PlayTasks\0\Bejeweled 3.lnk -> C:\Program Files (x86)\WildGames\Bejeweled 3\bejeweled3-WT.exe (WildTangent, Inc.) -> /launchgc /src gameexplorer
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{49edfae8-e0cc-45fb-96e6-d60571dd122d}\PlayTasks\0\Peggle.lnk -> C:\Program Files (x86)\WildGames\Peggle\Peggle-WT.exe (WildTangent, Inc.) -> /launchgc /src gameexplorer
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{3eda1e54-8889-41f5-a649-5a306789b7ef}\PlayTasks\0\provider.lnk -> C:\Program Files (x86)\WildGames\Game Explorer Categories - genres\provider.exe (WildTangent) -> /id=3eda1e54-8889-41f5-a649-5a306789b7ef /src gameexploreroem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{3a9dfc3f-0345-4048-8cbf-ac7a444a0ae6}\PlayTasks\0\Cut the Rope.lnk -> C:\Program Files (x86)\WildGames\Cut the Rope\CutTheRopeApp-WT.exe (WildTangent, Inc.) -> /launchgc /src gameexplorer
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{26352374-af55-4b53-b07b-6b0288ed97df}\PlayTasks\0\provider.lnk -> C:\Program Files (x86)\WildGames\Game Explorer Categories - genres\provider.exe (WildTangent) -> /id=26352374-af55-4b53-b07b-6b0288ed97df /src gameexploreroem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{000d96f5-8034-4b74-a429-b6f0b04c75f4}\PlayTasks\0\provider.lnk -> C:\Program Files (x86)\WildGames\Game Explorer Categories - genres\provider.exe (WildTangent) -> /id=000d96f5-8034-4b74-a429-b6f0b04c75f4 /src gameexploreroem
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageNetworkStatus
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DeviceManager
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPagePCSystemInfo
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageScreenPowerAndSleep
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageAppsSizes
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f8-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{52205fd8-5dfb-447d-801a-d0b52f2e83e1}
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft Corporation) -> /0
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{3080F90D-D7AD-11D9-BD98-0000947B0257}
ShortcutWithArgument: C:\Users\Derya\Desktop\Dropbox.lnk -> C:\Users\Derya\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) -> /home
ShortcutWithArgument: C:\Users\Derya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk -> C:\Users\Derya\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) -> /systemstartup
ShortcutWithArgument: C:\Users\Derya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox\Dropbox.lnk -> C:\Users\Derya\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) -> /home
ShortcutWithArgument: C:\Users\Derya\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\Derya\AppData\Roaming\Microsoft\Windows\SendTo\Faxempfänger.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\Derya\AppData\Roaming\Microsoft\Windows\SendTo\Skype.lnk -> C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.) -> /sendto:
ShortcutWithArgument: C:\Users\Derya\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - Network Connections.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> ::{7007ACC7-3202-11D1-AAD2-00805FC1270E}
ShortcutWithArgument: C:\Users\Derya\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageNetworkStatus
ShortcutWithArgument: C:\Users\Derya\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DeviceManager
ShortcutWithArgument: C:\Users\Derya\AppData\Local\Microsoft\Windows\WinX\Group3\06 - System.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.System
ShortcutWithArgument: C:\Users\Derya\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPagePCSystemInfo
ShortcutWithArgument: C:\Users\Derya\AppData\Local\Microsoft\Windows\WinX\Group3\08 - Power Options.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.PowerOptions
ShortcutWithArgument: C:\Users\Derya\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageScreenPowerAndSleep
ShortcutWithArgument: C:\Users\Derya\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageAppsSizes
ShortcutWithArgument: C:\Users\Derya\AppData\Local\Microsoft\Windows\WinX\Group3\10 - Programs and Features.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.ProgramsAndFeatures
ShortcutWithArgument: C:\Users\Derya\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\Derya\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f8-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\Derya\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> /e,::{20D04FE0-3AEA-1069-A2D8-08002B30309D}
ShortcutWithArgument: C:\Users\Derya\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft Corporation) -> /0
ShortcutWithArgument: C:\Users\Derya\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{3080F90D-D7AD-11D9-BD98-0000947B0257}


InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Write or Die 2\Write or Die 2 on the Web.url -> URL: hxxp://writeordie.com/
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Besuchen Sie Java.com.url -> URL: hxxp://java.com/
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Hilfe aufrufen.url -> URL: hxxp://java.com/help
InternetURL: C:\Users\Derya\OneDrive\Dokumente\Notizbuch von Derya.url -> URL: hxxps://onedrive.live.com/redir.aspx?cid=803d3eeff7b6165e&resid=803D3EEFF7B6165E!194&type=3
InternetURL: C:\Users\Derya\Favorites\Bing.url -> URL: hxxp://go.microsoft.com/fwlink/p/?LinkId=255142
InternetURL: C:\Users\Derya\Favorites\Booking.com.url -> URL: hxxp://www.booking.com/index.html?aid=379334
InternetURL: C:\Users\Derya\Favorites\Packard Bell\eBay.url -> URL: hxxp://rover.ebay.com/rover/1/707-67567-18099-0/4
InternetURL: C:\Users\Derya\Favorites\Packard Bell\Packard Bell.url -> URL: hxxp://www.packardbell.com/
InternetURL: C:\Users\Derya\Favorites\ASUS E-Service\ASUS Homepage.url -> URL: hxxp://www.asus.com/
InternetURL: C:\Users\Derya\Favorites\ASUS E-Service\ASUS Member.url -> URL: hxxp://member.asus.com/
InternetURL: C:\Users\Derya\Favorites\ASUS E-Service\ASUS Software Download.url -> URL: hxxp://support.asus.com/download
InternetURL: C:\Users\Derya\Favorites\ASUS E-Service\ASUS Technical Support.url -> URL: hxxp://support.asus.com/
InternetURL: C:\Users\Derya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox\Dropbox Website.URL -> 

==================== Ende vom Shortcut.txt =============================

Hallo

Ich hab nach deiner Empfehlung auch Avira deinstalliert. Ich hab gedacht, Windows defender würde nicht reichen, um das Computer komplett zu schützen. Man müsse zusätzliches Antivir installieren. Ich hab einmal ein Virus namens Bundespolizei Virus mir rangezogen, Das war ein absoluter Horror. Dann hat mir jemand hier geholfen, das System zu reinigen. Aber als ein absoluter Laie konnte ich diesen Alptraum nicht vergessen

Aber wenn du sagst, dass Windowsdefender reicht, dann glaube ich es dir. Das System ist, soweit ich merke, nach der Deinstallitation von Antiviren schon bisschen schneller geworden

M-K-D-B · 07.07.2017, 19:32

Servus,

wir entfernen noch ein bisschen was und kontrollieren nochmal alles.

Hinweis: Der Suchlauf mit ESET kann länger dauern.

Schritt 1

Kopiere den Inhalt der folgenden Code-Box:

Code:

ATTFilter

Start::
CloseProcesses:
FF Extension: (Avira Browser Safety) - C:\Users\Derya\AppData\Roaming\Mozilla\Firefox\Profiles\oseq4a8i.default\Extensions\abs@avira.com.xpi [2017-06-07]
CHR Extension: (Avira Browserschutz) - C:\Users\Derya\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2017-06-08]
Task: {253A9F58-5A67-4B0E-85B8-13A8C526CFFF} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Keine Datei <==== ACHTUNG
Task: {4C478B3A-0E5A-4100-8CB8-F826DF62F049} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Keine Datei <==== ACHTUNG
Task: {5FFD3882-F615-49DD-A497-CA3F6FAC3EDF} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Keine Datei <==== ACHTUNG
Task: {64D8FD42-BEE8-41FA-A988-D14259726C24} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Keine Datei <==== ACHTUNG
Task: {753704DA-8CCD-4CEF-8867-424E9FCDBB49} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Keine Datei <==== ACHTUNG
Task: {7E1F25DB-2E60-415D-8960-4735756F85AC} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Keine Datei <==== ACHTUNG
Task: {8727F5F9-E35C-4A6F-97D0-C821FF03038E} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Keine Datei <==== ACHTUNG
Task: {8DB462E1-E7F8-482C-BC9F-468AAA86565D} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Keine Datei <==== ACHTUNG
Task: {9B1740F5-C217-4705-BD67-724DDF755186} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Keine Datei <==== ACHTUNG
Task: {DB912004-E006-4CE3-8DD2-BFB5075C5910} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Keine Datei <==== ACHTUNG
Task: {F269495B-D870-4AED-881A-039B5EC1614E} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> Keine Datei <==== ACHTUNG
C:\Program Files\Emsisoft Internet Security
RemoveProxy:
CMD: ipconfig /flushdns
CMD: netsh winsock reset
EmptyTemp:
End::

Starte nun FRST und klicke den Entfernen Button.
Das Tool führt die gewünschten Schritte aus und erstellt eine fixlog.txt im selben Verzeichnis, in dem sich die FRST/FRST64.exe befindet.
Gegebenenfalls muss dein Rechner dafür neu gestartet werden.
Poste mir den Inhalt der fixlog.txt mit deiner nächsten Antwort.

Schritt 2
Downloade dir die passende Version von HitmanPro auf deinen Desktop: HitmanPro - 32 Bit | HitmanPro - 64 Bit.

Starte die HitmanPro.exe
Klicke auf
Entferne den Haken bei
Klicke auf
und
Akzeptiere die Lizenzbedingungen und klicke auf
Klicke auf

und auf
Wenn der Scan beendet wurde, nichts löschen lassen etc. sondern wähle unten links auf der Button-Leiste
und speichere die Logdatei auf Deinem Desktop.
Schließe HitmanPro und poste mir das Log.

Schritt 3

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Schritt 4

Starte die FRST.exe erneut. Vergewissere dich, dass vor Addition.txt ein Haken gesetzt ist und drücke auf Untersuchen.
FRST erstellt wieder zwei Logdateien (FRST.txt und Addition.txt).
Poste mir beide Logdateien mit deiner nächsten Antwort.

Gibt es jetzt noch Probleme mit dem PC oder mit deinen Internet Browsern? Wenn ja, welche?

Bitte poste mit deiner nächsten Antwort

die Logdatei des FRST-Fix,
die Logdatei von HitmanPro,
die Logdatei von ESET,
die beiden neuen Logdateien von FRST,
die Beantwortung der gestellten Fragen.

derya84 · 08.07.2017, 11:23

Code:

ATTFilter

Entferungsergebnis von Farbar Recovery Scan Tool (x64) Version: 05-07-2017
durchgefÃ¼hrt von Derya (08-07-2017 01:11:52) Run:1
Gestartet von C:\Users\Derya\Desktop
Geladene Profile: Derya (VerfÃ¼gbare Profile: Derya)
Start-Modus: Normal
==============================================

fixlist Inhalt:
*****************

CloseProcesses:
FF Extension: (Avira Browser Safety) - C:\Users\Derya\AppData\Roaming\Mozilla\Firefox\Profiles\oseq4a8i.default\Extensions\abs@avira.com.xpi [2017-06-07]
CHR Extension: (Avira Browserschutz) - C:\Users\Derya\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2017-06-08]
Task: {253A9F58-5A67-4B0E-85B8-13A8C526CFFF} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Keine Datei <==== ACHTUNG
Task: {4C478B3A-0E5A-4100-8CB8-F826DF62F049} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Keine Datei <==== ACHTUNG
Task: {5FFD3882-F615-49DD-A497-CA3F6FAC3EDF} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Keine Datei <==== ACHTUNG
Task: {64D8FD42-BEE8-41FA-A988-D14259726C24} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Keine Datei <==== ACHTUNG
Task: {753704DA-8CCD-4CEF-8867-424E9FCDBB49} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Keine Datei <==== ACHTUNG
Task: {7E1F25DB-2E60-415D-8960-4735756F85AC} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Keine Datei <==== ACHTUNG
Task: {8727F5F9-E35C-4A6F-97D0-C821FF03038E} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Keine Datei <==== ACHTUNG
Task: {8DB462E1-E7F8-482C-BC9F-468AAA86565D} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Keine Datei <==== ACHTUNG
Task: {9B1740F5-C217-4705-BD67-724DDF755186} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Keine Datei <==== ACHTUNG
Task: {DB912004-E006-4CE3-8DD2-BFB5075C5910} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Keine Datei <==== ACHTUNG
Task: {F269495B-D870-4AED-881A-039B5EC1614E} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> Keine Datei <==== ACHTUNG
C:\Program Files\Emsisoft Internet Security
RemoveProxy:
CMD: ipconfig /flushdns
CMD: netsh winsock reset
EmptyTemp:

*****************

Prozesse erfolgreich geschlossen.
C:\Users\Derya\AppData\Roaming\Mozilla\Firefox\Profiles\oseq4a8i.default\Extensions\abs@avira.com.xpi => erfolgreich verschoben
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{253A9F58-5A67-4B0E-85B8-13A8C526CFFF} => SchlÃ¼ssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{253A9F58-5A67-4B0E-85B8-13A8C526CFFF} => SchlÃ¼ssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess => SchlÃ¼ssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{4C478B3A-0E5A-4100-8CB8-F826DF62F049} => SchlÃ¼ssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4C478B3A-0E5A-4100-8CB8-F826DF62F049} => SchlÃ¼ssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d => SchlÃ¼ssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5FFD3882-F615-49DD-A497-CA3F6FAC3EDF} => SchlÃ¼ssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5FFD3882-F615-49DD-A497-CA3F6FAC3EDF} => SchlÃ¼ssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d => SchlÃ¼ssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{64D8FD42-BEE8-41FA-A988-D14259726C24} => SchlÃ¼ssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{64D8FD42-BEE8-41FA-A988-D14259726C24} => SchlÃ¼ssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig => SchlÃ¼ssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{753704DA-8CCD-4CEF-8867-424E9FCDBB49} => SchlÃ¼ssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{753704DA-8CCD-4CEF-8867-424E9FCDBB49} => SchlÃ¼ssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => SchlÃ¼ssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7E1F25DB-2E60-415D-8960-4735756F85AC} => SchlÃ¼ssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7E1F25DB-2E60-415D-8960-4735756F85AC} => SchlÃ¼ssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent => SchlÃ¼ssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8727F5F9-E35C-4A6F-97D0-C821FF03038E} => SchlÃ¼ssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8727F5F9-E35C-4A6F-97D0-C821FF03038E} => SchlÃ¼ssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => SchlÃ¼ssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8DB462E1-E7F8-482C-BC9F-468AAA86565D} => SchlÃ¼ssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8DB462E1-E7F8-482C-BC9F-468AAA86565D} => SchlÃ¼ssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d => SchlÃ¼ssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9B1740F5-C217-4705-BD67-724DDF755186} => SchlÃ¼ssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9B1740F5-C217-4705-BD67-724DDF755186} => SchlÃ¼ssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d => SchlÃ¼ssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DB912004-E006-4CE3-8DD2-BFB5075C5910} => SchlÃ¼ssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DB912004-E006-4CE3-8DD2-BFB5075C5910} => SchlÃ¼ssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d => SchlÃ¼ssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F269495B-D870-4AED-881A-039B5EC1614E} => SchlÃ¼ssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F269495B-D870-4AED-881A-039B5EC1614E} => SchlÃ¼ssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd => SchlÃ¼ssel erfolgreich entfernt
C:\Program Files\Emsisoft Internet Security => erfolgreich verschoben

========= RemoveProxy: =========

HKU\S-1-5-21-2045481624-1955495486-2742246077-1001\SOFTWARE\Policies\Microsoft\Internet Explorer => SchlÃ¼ssel erfolgreich entfernt
HKU\S-1-5-21-2045481624-1955495486-2742246077-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => Wert erfolgreich entfernt
HKU\S-1-5-21-2045481624-1955495486-2742246077-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => Wert erfolgreich entfernt


========= Ende von RemoveProxy: =========


========= ipconfig /flushdns =========


Windows-IP-Konfiguration

Der DNS-Auflâ€sungscache wurde geleert.

========= Ende von CMD: =========


========= netsh winsock reset =========


Der Winsock-Katalog wurde zurÂckgesetzt.
Sie mÂssen den Computer neu starten, um den Vorgang abzuschlieÃ¡en.


========= Ende von CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 7364608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 32770189 B
Java, Flash, Steam htmlcache => 728 B
Windows/system/drivers => 93011081 B
Edge => 1832640 B
Chrome => 830096956 B
Firefox => 281295903 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 128 B
LocalService => 25722 B
NetworkService => 146652 B
Derya => 179324278 B

RecycleBin => 0 B
EmptyTemp: => 1.3 GB temporÃ¤re Dateien entfernt.

================================


Das System musste neu gestartet werden.

==== Ende von Fixlog 01:17:43 ====

Code:

ATTFilter


	Code: 

 ATTFilter

  
	HitmanPro 3.7.20.286
www.hitmanpro.com

   Computer name . . . . : DERYA
   Windows . . . . . . . : 10.0.0.15063.X64/4
   User name . . . . . . : DERYA\Derya
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Free

   Scan date . . . . . . : 2017-07-08 01:27:59
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 8m 27s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No

   Threats . . . . . . . : 0
   Traces  . . . . . . . : 6

   Objects scanned . . . : 1.902.857
   Files scanned . . . . : 67.154
   Remnants scanned  . . : 531.772 files / 1.303.931 keys

Suspicious files ____________________________________________________________

   C:\Users\Derya\AppData\Roaming\Spotify\Spotify.exe
      Size . . . . . . . : 7.111.792 bytes
      Age  . . . . . . . : 0.4 days (2017-07-07 16:17:57)
      Entropy  . . . . . : 8.0
      SHA-256  . . . . . : 934E6F3E3111168C868353D2CE11F37A09CEA6FC19F92E8379AAE1E3842C4B11
      Product  . . . . . : Spotify
      Publisher  . . . . : Spotify Ltd
      Description  . . . : Spotify
      Version  . . . . . : 1.0.58.573
      RSA Key Size . . . : 2048
      LanguageID . . . . : 0
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : 23.0
         The file is completely hidden from view and most antivirus products. It may belong to a rootkit.
         Uses the Windows Registry to run each time the user logs on.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Program starts automatically without user intervention.
         Time indicates that the file appeared recently on this computer.
         Program is code signed with a valid Authenticode certificate.
      Startup
         HKU\S-1-5-21-2045481624-1955495486-2742246077-1001\Software\Microsoft\Windows\CurrentVersion\Run\Spotify
         HKU\S-1-5-21-2045481624-1955495486-2742246077-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Spotify Web Helper
      References
         C:\Users\Derya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
         C:\Users\Derya\Desktop\Spotify.lnk
      Forensic Cluster
         -1.4s C:\Users\Derya\AppData\Roaming\Spotify\locales\ja.mo
         -1.4s C:\Users\Derya\AppData\Roaming\Spotify\locales\ms.pak
         -1.4s C:\Users\Derya\AppData\Roaming\Spotify\locales\mr.pak
         -1.4s C:\Users\Derya\AppData\Roaming\Spotify\locales\ko.pak
         -1.4s C:\Users\Derya\AppData\Roaming\Spotify\locales\kn.pak
         -1.3s C:\Users\Derya\AppData\Roaming\Spotify\locales\lv.pak
         -1.3s C:\Users\Derya\AppData\Roaming\Spotify\locales\ja.pak
         -1.3s C:\Users\Derya\AppData\Roaming\Spotify\locales\ml.pak
         -1.3s C:\Users\Derya\AppData\Roaming\Spotify\locales\lt.pak
         -1.3s C:\Users\Derya\AppData\Roaming\Spotify\locales\pl.mo
         -1.3s C:\Users\Derya\AppData\Roaming\Spotify\locales\tr.mo
         -1.2s C:\Users\Derya\AppData\Roaming\Spotify\locales\te.pak
         -1.2s C:\Users\Derya\AppData\Roaming\Spotify\locales\vi.pak
         -1.2s C:\Users\Derya\AppData\Roaming\Spotify\locales\th.pak
         -1.2s C:\Users\Derya\AppData\Roaming\Spotify\locales\uk.pak
         -1.2s C:\Users\Derya\AppData\Roaming\Spotify\locales\ru.pak
         -1.2s C:\Users\Derya\AppData\Roaming\Spotify\locales\zsm.mo
         -1.2s C:\Users\Derya\AppData\Roaming\Spotify\locales\vi.mo
         -1.2s C:\Users\Derya\AppData\Roaming\Spotify\locales\tr.pak
         -1.2s C:\Users\Derya\AppData\Roaming\Spotify\locales\th.mo
         -1.1s C:\Users\Derya\AppData\Roaming\Spotify\locales\ta.pak
         -1.1s C:\Users\Derya\AppData\Roaming\Spotify\locales\sw.pak
         -1.1s C:\Users\Derya\AppData\Roaming\Spotify\locales\pl.pak
         -1.1s C:\Users\Derya\AppData\Roaming\Spotify\locales\sr.pak
         -1.1s C:\Users\Derya\AppData\Roaming\Spotify\locales\nl.mo
         -1.1s C:\Users\Derya\AppData\Roaming\Spotify\locales\ro.pak
         -1.1s C:\Users\Derya\AppData\Roaming\Spotify\locales\sk.pak
         -1.0s C:\Users\Derya\AppData\Roaming\Spotify\locales\sv.pak
         -1.0s C:\Users\Derya\AppData\Roaming\Spotify\locales\nl.pak
         -1.0s C:\Users\Derya\AppData\Roaming\Spotify\locales\sv.mo
         -1.0s C:\Users\Derya\AppData\Roaming\Spotify\locales\nb.pak
         -1.0s C:\Users\Derya\AppData\Roaming\Spotify\locales\sl.pak
         -1.0s C:\Users\Derya\AppData\Roaming\Spotify\locales\zh-Hant.mo
         -1.0s C:\Users\Derya\AppData\Roaming\Spotify\locales\zh-CN.pak
         -0.9s C:\Users\Derya\AppData\Roaming\Spotify\locales\es-419.pak
         -0.9s C:\Users\Derya\AppData\Roaming\Spotify\locales\fr-CA.mo
         -0.9s C:\Users\Derya\AppData\Roaming\Spotify\locales\pt-BR.pak
         -0.9s C:\Users\Derya\AppData\Roaming\Spotify\locales\pt-PT.pak
         -0.9s C:\Users\Derya\AppData\Roaming\Spotify\locales\pt-BR.mo
         -0.9s C:\Users\Derya\AppData\Roaming\Spotify\locales\es-419.mo
         -0.9s C:\Users\Derya\AppData\Roaming\Spotify\locales\zh-TW.pak
         -0.9s C:\Users\Derya\AppData\Roaming\Spotify\Apps\show.spa
         -0.9s C:\Users\Derya\AppData\Roaming\Spotify\locales\am.pak
         -0.9s C:\Users\Derya\AppData\Roaming\Spotify\Apps\zlink.spa
         -0.9s C:\Users\Derya\AppData\Roaming\Spotify\Apps\zlogin.spa
         -0.9s C:\Users\Derya\AppData\Roaming\Spotify\locales\cs.pak
         -0.8s C:\Users\Derya\AppData\Roaming\Spotify\locales\et.pak
         -0.8s C:\Users\Derya\AppData\Roaming\Spotify\locales\es.mo
         -0.8s C:\Users\Derya\AppData\Roaming\Spotify\locales\arb.mo
         -0.8s C:\Users\Derya\AppData\Roaming\Spotify\locales\it.mo
         -0.8s C:\Users\Derya\AppData\Roaming\Spotify\locales\id.mo
         -0.7s C:\Users\Derya\AppData\Roaming\Spotify\locales\hu.pak
         -0.7s C:\Users\Derya\AppData\Roaming\Spotify\locales\ar.pak
         -0.7s C:\Users\Derya\AppData\Roaming\Spotify\locales\gu.pak
         -0.7s C:\Users\Derya\AppData\Roaming\Spotify\locales\fr.pak
         -0.7s C:\Users\Derya\AppData\Roaming\Spotify\locales\hr.pak
         -0.7s C:\Users\Derya\AppData\Roaming\Spotify\locales\fi.mo
         -0.7s C:\Users\Derya\AppData\Roaming\Spotify\locales\el.pak
         -0.7s C:\Users\Derya\AppData\Roaming\Spotify\locales\fi.pak
         -0.7s C:\Users\Derya\AppData\Roaming\Spotify\locales\fa.pak
         -0.7s C:\Users\Derya\AppData\Roaming\Spotify\locales\de.pak
         -0.7s C:\Users\Derya\AppData\Roaming\Spotify\locales\el.mo
         -0.7s C:\Users\Derya\AppData\Roaming\Spotify\locales\fr.mo
         -0.7s C:\Users\Derya\AppData\Roaming\Spotify\locales\he.pak
         -0.7s C:\Users\Derya\AppData\Roaming\Spotify\locales\bn.pak
         -0.6s C:\Users\Derya\AppData\Roaming\Spotify\locales\hi.pak
         -0.6s C:\Users\Derya\AppData\Roaming\Spotify\locales\it.pak
         -0.6s C:\Users\Derya\AppData\Roaming\Spotify\locales\id.pak
         -0.6s C:\Users\Derya\AppData\Roaming\Spotify\locales\cs.mo
         -0.6s C:\Users\Derya\AppData\Roaming\Spotify\locales\ca.pak
         -0.5s C:\Users\Derya\AppData\Roaming\Spotify\locales\hu.mo
         -0.5s C:\Users\Derya\AppData\Roaming\Spotify\locales\en.mo
         -0.5s C:\Users\Derya\AppData\Roaming\Spotify\locales\da.pak
         -0.5s C:\Users\Derya\AppData\Roaming\Spotify\locales\fil.pak
         -0.5s C:\Users\Derya\AppData\Roaming\Spotify\locales\es.pak
         -0.5s C:\Users\Derya\AppData\Roaming\Spotify\locales\bg.pak
         -0.4s C:\Users\Derya\AppData\Roaming\Spotify\locales\de.mo
         -0.4s C:\Users\Derya\AppData\Roaming\Spotify\Apps\full-screen-modal.spa
         -0.4s C:\Users\Derya\AppData\Roaming\Spotify\Apps\collection-songs.spa
         -0.4s C:\Users\Derya\AppData\Roaming\Spotify\Apps\recently-played.spa
         -0.4s C:\Users\Derya\AppData\Roaming\Spotify\Apps\playlist-folder.spa
         -0.4s C:\Users\Derya\AppData\Roaming\Spotify\Apps\playlist-desktop.spa
         -0.4s C:\Users\Derya\AppData\Roaming\Spotify\Apps\collection-artist.spa
         -0.4s C:\Users\Derya\AppData\Roaming\Spotify\Apps\collection-album.spa
         -0.4s C:\Users\Derya\AppData\Roaming\Spotify\locales\en-US.pak
         -0.3s C:\Users\Derya\AppData\Roaming\Spotify\locales\en-GB.pak
         -0.3s C:\Users\Derya\AppData\Roaming\Spotify\Apps\radio-hub.spa
         -0.3s C:\Users\Derya\AppData\Roaming\Spotify\Apps\profile.spa
         -0.3s C:\Users\Derya\AppData\Roaming\Spotify\Apps\licenses.spa
         -0.3s C:\Users\Derya\AppData\Roaming\Spotify\Apps\zlink-queue.spa
         -0.3s C:\Users\Derya\AppData\Roaming\Spotify\Apps\findfriends.spa
         -0.3s C:\Users\Derya\AppData\Roaming\Spotify\Apps\daily-mix-hub.spa
         -0.3s C:\Users\Derya\AppData\Roaming\Spotify\Apps\notifications.spa
         -0.3s C:\Users\Derya\AppData\Roaming\Spotify\Apps\neo-search.spa
         -0.3s C:\Users\Derya\AppData\Roaming\Spotify\Apps\glue-resources.spa
         -0.3s C:\Users\Derya\AppData\Roaming\Spotify\Apps\buddy-list.spa
         -0.2s C:\Users\Derya\AppData\Roaming\Spotify\Apps\concert.spa
         -0.2s C:\Users\Derya\AppData\Roaming\Spotify\Apps\concerts.spa
         -0.2s C:\Users\Derya\AppData\Roaming\Spotify\Apps\suggest.spa
         -0.2s C:\Users\Derya\AppData\Roaming\Spotify\Apps\station.spa
         -0.2s C:\Users\Derya\AppData\Roaming\Spotify\Apps\collection.spa
         -0.2s C:\Users\Derya\AppData\Roaming\Spotify\Apps\stations.spa
         -0.2s C:\Users\Derya\AppData\Roaming\Spotify\Apps\settings.spa
         -0.2s C:\Users\Derya\AppData\Roaming\Spotify\Apps\lyrics.spa
         -0.1s C:\Users\Derya\AppData\Roaming\Spotify\Apps\genre.spa
         -0.1s C:\Users\Derya\AppData\Roaming\Spotify\Apps\hub.spa
         -0.1s C:\Users\Derya\AppData\Roaming\Spotify\Apps\error.spa
         -0.1s C:\Users\Derya\AppData\Roaming\Spotify\Apps\browse.spa
         -0.1s C:\Users\Derya\AppData\Roaming\Spotify\Apps\chart.spa
         -0.1s C:\Users\Derya\AppData\Roaming\Spotify\Apps\album.spa
         -0.1s C:\Users\Derya\AppData\Roaming\Spotify\Apps\artist.spa
         -0.1s C:\Users\Derya\AppData\Roaming\Spotify\Apps\ad.spa
         -0.0s C:\Users\Derya\AppData\Roaming\Spotify\Apps\share.spa
         -0.0s C:\Users\Derya\AppData\Roaming\Spotify\Apps\about.spa
         -0.0s C:\Users\Derya\AppData\Roaming\Spotify\Apps\search.spa
          0.0s C:\Users\Derya\AppData\Roaming\Spotify\Spotify.exe
          4.5s C:\Users\Derya\AppData\Roaming\Spotify\SpotifyLauncher.exe
          4.6s C:\Users\Derya\AppData\Roaming\Spotify\SpotifyMigrator.exe
          4.7s C:\Users\Derya\AppData\Roaming\Spotify\SpotifyStartupTask.exe
          4.8s C:\Users\Derya\AppData\Roaming\Spotify\SpotifyWebHelper.exe
          4.9s C:\Users\Derya\AppData\Roaming\Spotify\cef.pak
          4.9s C:\Users\Derya\AppData\Roaming\Spotify\cef_100_percent.pak
          4.9s C:\Users\Derya\AppData\Roaming\Spotify\cef_200_percent.pak
          4.9s C:\Users\Derya\AppData\Roaming\Spotify\cef_extensions.pak
          5.0s C:\Users\Derya\AppData\Roaming\Spotify\chrome_elf.dll
          5.1s C:\Users\Derya\AppData\Roaming\Spotify\crash_reporter.cfg
          5.1s C:\Users\Derya\AppData\Roaming\Spotify\d3dcompiler_43.dll
          5.2s C:\Users\Derya\AppData\Roaming\Spotify\d3dcompiler_47.dll
          5.5s C:\Users\Derya\AppData\Roaming\Spotify\devtools_resources.pak
          6.5s C:\Users\Derya\AppData\Roaming\Spotify\icudtl.dat
          6.5s C:\Users\Derya\AppData\Roaming\Spotify\libEGL.dll
          6.6s C:\Users\Derya\AppData\Roaming\Spotify\libGLESv2.dll
          6.8s C:\Users\Derya\AppData\Roaming\Spotify\libcef.dll
          9.5s C:\Users\Derya\AppData\Roaming\Spotify\natives_blob.bin
          9.5s C:\Users\Derya\AppData\Roaming\Spotify\snapshot_blob.bin
          9.6s C:\Users\Derya\AppData\Roaming\Spotify\widevinecdmadapter.dll

   C:\Users\Derya\Desktop\FRST64.exe
      Size . . . . . . . : 2.436.608 bytes
      Age  . . . . . . . : 2.1 days (2017-07-05 23:47:31)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 6175D6E957B9F51EC07594CA2F0A4FFB5107AE5EAF0C9A67503DF983A424D4D8
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=7dbf5990e37da049ae889ee38a475667
# end=init
# utc_time=2017-07-07 11:41:23
# local_time=2017-07-08 01:41:23 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.2.9200 NT 
Update Init
Update Download
Update Finalize
Updated modules version: 33985
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=7dbf5990e37da049ae889ee38a475667
# end=updated
# utc_time=2017-07-07 11:47:08
# local_time=2017-07-08 01:47:08 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.2.9200 NT 
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=7dbf5990e37da049ae889ee38a475667
# engine=33985
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2017-07-08 02:10:13
# local_time=2017-07-08 04:10:13 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT 
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 9730 9612809 0 0
# scanned=230183
# found=0
# cleaned=0
# scan_time=8584

Code:

ATTFilter

Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 05-07-2017
durchgeführt von Derya (Administrator) auf DERYA (08-07-2017 12:02:31)
Gestartet von C:\Users\Derya\Desktop
Geladene Profile: Derya (Verfügbare Profile: Derya)
Platform: Windows 10 Home Version 1703 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: Chrome)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(ASUS) C:\Program Files\ASUS\P4G\InsOnSrv.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
() C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files\ASUS\P4G\InsOnWMI.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Amazon Services LLC) C:\Users\Derya\AppData\Local\Amazon Music\Amazon Music Helper.exe
(Dropbox, Inc.) C:\Users\Derya\AppData\Local\Dropbox\Update\DropboxUpdate.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Spotify Ltd) C:\Users\Derya\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11705.1001.21.0_x64__8wekyb3d8bbwe\WinStore.App.exe
() C:\Program Files\WindowsApps\Microsoft.BingWeather_4.20.1102.0_x64__8wekyb3d8bbwe\Microsoft.Msn.Weather.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.8241.41125.0_x64__8wekyb3d8bbwe\HxOutlook.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.8241.41125.0_x64__8wekyb3d8bbwe\HxTsr.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.18062.12990.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3350760 2015-07-14] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13885696 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1402624 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes)
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3187360 2013-04-26] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSPanel.exe [3576784 2012-12-19] (ASUS Cloud Corporation)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [95192 2013-03-08] (CyberLink Corp.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-03-15] (Oracle Corporation)
HKU\S-1-5-21-2045481624-1955495486-2742246077-1001\...\Run: [Amazon Music] => C:\Users\Derya\AppData\Local\Amazon Music\Amazon Music Helper.exe [3694056 2017-04-18] (Amazon Services LLC)
HKU\S-1-5-21-2045481624-1955495486-2742246077-1001\...\Run: [Dropbox Update] => C:\Users\Derya\AppData\Local\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-05] (Dropbox, Inc.)
HKU\S-1-5-21-2045481624-1955495486-2742246077-1001\...\Run: [Spotify Web Helper] => C:\Users\Derya\AppData\Roaming\Spotify\Spotify.exe [7111792 2017-07-07] (Spotify Ltd)
Startup: C:\Users\Derya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2016-06-03]
ShortcutTarget: Dropbox.lnk -> C:\Users\Derya\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Tcpip\Parameters: [DhcpNameServer] 10.173.68.21 10.173.68.20
Tcpip\..\Interfaces\{0abe793a-7510-44e9-9f47-33868b7518ab}: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{3212af34-2967-4860-8e30-371a4082a040}: [DhcpNameServer] 10.173.68.21 10.173.68.20

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\S-1-5-21-2045481624-1955495486-2742246077-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
HKU\S-1-5-21-2045481624-1955495486-2742246077-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://de.yahoo.com/?fr=yset_ie_syc_oracle&type=orcl_hpset
SearchScopes: HKLM-x32 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2045481624-1955495486-2742246077-1001 -> {CA4998A0-6168-4151-B867-E3DBABBABAF3} URL = hxxps://de.search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
BHO: Citavi Picker -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> C:\WINDOWS\system32\mscoree.dll [2017-03-18] (Microsoft Corporation)
BHO-x32: Citavi Picker -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> C:\WINDOWS\system32\mscoree.dll [2017-03-18] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\ssv.dll [2017-04-21] (Oracle Corporation)
BHO-x32: QUICKfind BHO Object -> {C08DF07A-3E49-4E25-9AB0-D3882835F153} -> C:\Program Files (x86)\IDM\QUICKfind\PlugIns\IEHelp.dll [2007-02-16] (IDM)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-04-21] (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2017-01-02] (Skype Technologies)

FireFox:
========
FF DefaultProfile: oseq4a8i.default
FF ProfilePath: C:\Users\Derya\AppData\Roaming\Mozilla\Firefox\Profiles\oseq4a8i.default [2017-07-08]
FF NewTab: Mozilla\Firefox\Profiles\oseq4a8i.default -> about:newtab
FF DefaultSearchUrl: Mozilla\Firefox\Profiles\oseq4a8i.default -> hxxps://www.google.com/search/?trackid=sp-004752
FF SearchEngineOrder.1: Mozilla\Firefox\Profiles\oseq4a8i.default -> Google (avast)
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\oseq4a8i.default -> Google (avast)
FF Homepage: Mozilla\Firefox\Profiles\oseq4a8i.default -> hxxps://www.google.com
FF Keyword.URL: Mozilla\Firefox\Profiles\oseq4a8i.default -> hxxps://www.google.com/search/?trackid=sp-004752
FF NetworkProxy: Mozilla\Firefox\Profiles\oseq4a8i.default -> proxy_over_tls", false
FF NetworkProxy: Mozilla\Firefox\Profiles\oseq4a8i.default -> type", 0
FF Extension: (Dictionary (EN/DE)) - C:\Users\Derya\AppData\Roaming\Mozilla\Firefox\Profiles\oseq4a8i.default\Extensions\dictlookup@arnhold.com.xpi [2016-05-13]
FF Extension: (ZenMate Security, Privacy & Unblock VPN) - C:\Users\Derya\AppData\Roaming\Mozilla\Firefox\Profiles\oseq4a8i.default\Extensions\firefox@zenmate.com.xpi [2017-06-01]
FF Extension: (Dictionary Extension) - C:\Users\Derya\AppData\Roaming\Mozilla\Firefox\Profiles\oseq4a8i.default\Extensions\jid0-raWjElI57dRa4jx9CCiYm5qZUQU@jetpack.xpi [2016-05-10]
FF Extension: (SearchExtensionLight) - C:\Users\Derya\AppData\Roaming\Mozilla\Firefox\Profiles\oseq4a8i.default\Extensions\{0ea582a1-4188-45af-938d-661cece01940}.xpi [2016-05-19] [ist nicht signiert]
FF Extension: (DivX Plugin Plus) - C:\Users\Derya\AppData\Roaming\Mozilla\Firefox\Profiles\oseq4a8i.default\Extensions\{24a3289f-c0e0-4937-a759-5d109127afc1}.xpi [2015-12-21] [ist nicht signiert]
FF Extension: (uBlock) - C:\Users\Derya\AppData\Roaming\Mozilla\Firefox\Profiles\oseq4a8i.default\Extensions\{2b10c1c8-a11f-4bad-fe9c-1c11e82cac42}.xpi [2015-12-18]
FF SearchPlugin: C:\Users\Derya\AppData\Roaming\Mozilla\Firefox\Profiles\oseq4a8i.default\searchplugins\google-avast.xml [2015-11-03]
FF SearchPlugin: C:\Users\Derya\AppData\Roaming\Mozilla\Firefox\Profiles\oseq4a8i.default\searchplugins\longman-english-dictionary.xml [2016-02-09]
FF HKLM-x32\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox
FF Extension: (Citavi Picker) - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2016-05-04]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_26_0_0_131.dll [2017-06-17] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_131.dll [2017-06-17] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-04-21] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-04-21] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2012-10-12] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-05] (Adobe Systems Inc.)

Chrome: 
=======
CHR Profile: C:\Users\Derya\AppData\Local\Google\Chrome\User Data\Default [2017-07-08]
CHR Extension: (Google Präsentationen) - C:\Users\Derya\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-11-07]
CHR Extension: (Google Docs) - C:\Users\Derya\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-11-07]
CHR Extension: (Google Drive) - C:\Users\Derya\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-07]
CHR Extension: (YouTube) - C:\Users\Derya\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-07]
CHR Extension: (uBlock Origin) - C:\Users\Derya\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2017-06-22]
CHR Extension: (Google-Suche) - C:\Users\Derya\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-07]
CHR Extension: (Adobe Acrobat) - C:\Users\Derya\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-05]
CHR Extension: (Productivity Owl) - C:\Users\Derya\AppData\Local\Google\Chrome\User Data\Default\Extensions\eoagmdboiealblmpaahjlhajggndaahi [2016-07-05]
CHR Extension: (Google Tabellen) - C:\Users\Derya\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-11-07]
CHR Extension: (Avira Browserschutz) - C:\Users\Derya\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2017-06-08]
CHR Extension: (Google Docs Offline) - C:\Users\Derya\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-17]
CHR Extension: (Instant Translate: universeller Übersetzer) - C:\Users\Derya\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihmgiclibbndffejedjimfjmfoabpcke [2017-07-08]
CHR Extension: (Cambridge Dictionaries Online) - C:\Users\Derya\AppData\Local\Google\Chrome\User Data\Default\Extensions\jheadbpkjimjomnnfpeokkffdfjocekd [2016-02-14]
CHR Extension: (Google Scholar-Schaltfläche) - C:\Users\Derya\AppData\Local\Google\Chrome\User Data\Default\Extensions\ldipcbpaocekfooobnbcddclnhejkcpn [2016-05-05]
CHR Extension: (Google Dictionary (by Google)) - C:\Users\Derya\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja [2016-04-20]
CHR Extension: (Self Control) - C:\Users\Derya\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncaaipdfhdijmfdfmeoagmogddhkfdec [2017-05-16]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Derya\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-11]
CHR Extension: (Cambridge Dictionaries Online) - C:\Users\Derya\AppData\Local\Google\Chrome\User Data\Default\Extensions\oaioomolanclklopkbfkhbmjeddbgdbj [2016-02-14]
CHR Extension: (PDF Viewer) - C:\Users\Derya\AppData\Local\Google\Chrome\User Data\Default\Extensions\oemmndcbldboiebfnladdacbdfmadadm [2016-11-02]
CHR Extension: (Citavi Picker) - C:\Users\Derya\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohgndokldibnndfnjnagojmheejlengn [2017-03-05]
CHR Extension: (Google Mail) - C:\Users\Derya\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-11-07]
CHR Extension: (Chrome Media Router) - C:\Users\Derya\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-06-27]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fabhkdeopjkcpkmofliimbjckmocfiom] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [kpdmjodecdegfglgaapafjleomjjlpnh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ohgndokldibnndfnjnagojmheejlengn] - hxxps://clients2.google.com/service/update2/crx

==================== Dienste (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 ASUS InstantOn; C:\Program Files\ASUS\P4G\InsOnSrv.exe [277120 2013-08-29] (ASUS)
R2 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe [72192 2012-12-19] () [Datei ist nicht signiert]
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [147688 2015-07-14] (ELAN Microelectronics Corp.)
R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [337888 2016-05-03] (Intel Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4470736 2017-05-09] (Malwarebytes)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-03-18] (Microsoft Corporation)

===================== Treiber (Nicht auf der Ausnahmeliste) ======================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R3 AsusTP; C:\WINDOWS\System32\drivers\AsusTP.sys [128024 2017-03-09] (ASUS Corporation)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
R3 ETDSMBus; C:\WINDOWS\System32\drivers\ETDSMBus.sys [31320 2015-07-14] (ELAN Microelectronic Corp.)
R3 kbfiltr; C:\WINDOWS\System32\drivers\kbfiltr.sys [14992 2012-08-02] ( )
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [253856 2017-07-08] (Malwarebytes)
R1 MpKsl2eac59f4; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{3E177D90-BD37-4CD9-B1EF-A41A90A9E7DA}\MpKsl2eac59f4.sys [44928 2017-07-08] (Microsoft Corporation)
R3 netr28x; C:\WINDOWS\System32\drivers\netr28x.sys [2537984 2017-03-18] (MediaTek Inc.)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [895256 2015-07-07] (Realtek                                            )
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2017-07-08 01:41 - 2017-07-08 01:41 - 00000000 ____D C:\Program Files (x86)\ESET
2017-07-08 01:40 - 2017-07-08 01:40 - 02870984 _____ (ESET) C:\Users\Derya\Desktop\esetsmartinstaller_deu.exe
2017-07-08 01:26 - 2017-07-08 01:37 - 00000000 ____D C:\ProgramData\HitmanPro
2017-07-08 01:25 - 2017-07-08 01:25 - 11584088 _____ (SurfRight B.V.) C:\Users\Derya\Desktop\HitmanPro_x64.exe
2017-07-08 01:12 - 2017-07-08 01:12 - 00253856 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\1A06398C.sys
2017-07-08 01:11 - 2017-07-08 01:17 - 00009151 _____ C:\Users\Derya\Desktop\Fixlog.txt
2017-07-07 17:18 - 2017-07-07 17:18 - 00055793 _____ C:\Users\Derya\Desktop\Shortcut.txt
2017-07-07 17:12 - 2017-07-07 17:12 - 00001397 _____ C:\Users\Derya\Desktop\mbam.txt
2017-07-07 16:42 - 2017-07-07 16:52 - 65033984 _____ (Malwarebytes ) C:\Users\Derya\Desktop\mb3-setup-consumer-3.1.2.1733-1.0.160-1.0.2251.exe
2017-07-07 16:34 - 2017-07-07 16:34 - 00251832 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\57F62D67.sys
2017-07-07 16:28 - 2017-07-07 16:35 - 00000000 ____D C:\AdwCleaner
2017-07-07 16:27 - 2017-07-07 16:27 - 04110280 _____ C:\Users\Derya\Desktop\adwcleaner_6.047.exe
2017-07-06 00:09 - 2017-07-06 01:43 - 00279784 _____ C:\TDSSKiller.3.1.0.15_06.07.2017_00.09.55_log.txt
2017-07-06 00:03 - 2017-07-06 00:04 - 04922400 _____ (AO Kaspersky Lab) C:\Users\Derya\Desktop\tdsskiller.exe
2017-07-05 23:55 - 2017-07-07 17:18 - 00039124 _____ C:\Users\Derya\Desktop\Addition.txt
2017-07-05 23:52 - 2017-07-08 12:03 - 00022670 _____ C:\Users\Derya\Desktop\FRST.txt
2017-07-05 23:52 - 2017-07-08 12:02 - 00000000 ____D C:\FRST
2017-07-05 23:47 - 2017-07-05 23:48 - 02436608 _____ (Farbar) C:\Users\Derya\Desktop\FRST64.exe
2017-06-27 22:34 - 2017-06-27 22:34 - 00000000 ____D C:\Users\Derya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-06-14 18:03 - 2017-06-03 12:15 - 00750560 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2017-06-14 18:03 - 2017-06-03 12:15 - 00382368 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2017-06-14 18:03 - 2017-06-03 12:09 - 08318880 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-06-14 18:03 - 2017-06-03 12:09 - 01003624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2017-06-14 18:03 - 2017-06-03 12:08 - 02969880 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2017-06-14 18:03 - 2017-06-03 12:07 - 00119712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2017-06-14 18:03 - 2017-06-03 12:00 - 00219040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
2017-06-14 18:03 - 2017-06-03 11:59 - 01409048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2017-06-14 18:03 - 2017-06-03 11:59 - 00626528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2017-06-14 18:03 - 2017-06-03 11:59 - 00311200 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2017-06-14 18:03 - 2017-06-03 11:59 - 00259400 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2017-06-14 18:03 - 2017-06-03 11:58 - 07904784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-06-14 18:03 - 2017-06-03 11:58 - 00254176 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2017-06-14 18:03 - 2017-06-03 11:55 - 02681760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2017-06-14 18:03 - 2017-06-03 11:36 - 01150784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2017-06-14 18:03 - 2017-06-03 11:35 - 02259768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-06-14 18:03 - 2017-06-03 11:28 - 23677440 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-06-14 18:03 - 2017-06-03 11:26 - 00266640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\capauthz.dll
2017-06-14 18:03 - 2017-06-03 11:23 - 20373920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-06-14 18:03 - 2017-06-03 11:23 - 06760024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-06-14 18:03 - 2017-06-03 11:23 - 00573856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comctl32.dll
2017-06-14 18:03 - 2017-06-03 11:20 - 00583160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-06-14 18:03 - 2017-06-03 11:14 - 03673088 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-06-14 18:03 - 2017-06-03 11:14 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\utcutil.dll
2017-06-14 18:03 - 2017-06-03 11:14 - 00047104 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2017-06-14 18:03 - 2017-06-03 11:12 - 00119296 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2017-06-14 18:03 - 2017-06-03 11:11 - 02958848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-06-14 18:03 - 2017-06-03 11:11 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2017-06-14 18:03 - 2017-06-03 11:11 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2017-06-14 18:03 - 2017-06-03 11:11 - 00038912 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2017-06-14 18:03 - 2017-06-03 11:11 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
2017-06-14 18:03 - 2017-06-03 11:11 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2017-06-14 18:03 - 2017-06-03 11:10 - 00293376 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2017-06-14 18:03 - 2017-06-03 11:10 - 00102400 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2017-06-14 18:03 - 2017-06-03 11:09 - 00271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Identity.Provider.dll
2017-06-14 18:03 - 2017-06-03 11:09 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\devicengccredprov.dll
2017-06-14 18:03 - 2017-06-03 11:09 - 00094720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2017-06-14 18:03 - 2017-06-03 11:07 - 23682048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-06-14 18:03 - 2017-06-03 11:07 - 00778240 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2017-06-14 18:03 - 2017-06-03 11:07 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2017-06-14 18:03 - 2017-06-03 11:07 - 00197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdboot.exe
2017-06-14 18:03 - 2017-06-03 11:07 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2017-06-14 18:03 - 2017-06-03 11:05 - 20506624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-06-14 18:03 - 2017-06-03 11:05 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Identity.Provider.dll
2017-06-14 18:03 - 2017-06-03 11:05 - 00169984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\devicengccredprov.dll
2017-06-14 18:03 - 2017-06-03 11:04 - 12787200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-06-14 18:03 - 2017-06-03 11:04 - 00805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-06-14 18:03 - 2017-06-03 11:03 - 19336192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-06-14 18:03 - 2017-06-03 11:03 - 01260544 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2017-06-14 18:03 - 2017-06-03 11:03 - 00467456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TpmCoreProvisioning.dll
2017-06-14 18:03 - 2017-06-03 11:02 - 08245760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-06-14 18:03 - 2017-06-03 11:01 - 02804736 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-06-14 18:03 - 2017-06-03 11:00 - 03379200 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2017-06-14 18:03 - 2017-06-03 11:00 - 00933376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2017-06-14 18:03 - 2017-06-03 11:00 - 00358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-06-14 18:03 - 2017-06-03 10:59 - 04730368 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-06-14 18:03 - 2017-06-03 10:59 - 02672128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2017-06-14 18:03 - 2017-06-03 10:59 - 02597376 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2017-06-14 18:03 - 2017-06-03 10:59 - 01142784 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2017-06-14 18:03 - 2017-06-03 10:59 - 00975360 _____ (Microsoft Corporation) C:\WINDOWS\HelpPane.exe
2017-06-14 18:03 - 2017-06-03 10:59 - 00636416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-06-14 18:03 - 2017-06-03 10:58 - 05961216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-06-14 18:03 - 2017-06-03 10:58 - 02516480 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2017-06-14 18:03 - 2017-06-03 10:58 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2017-06-14 18:03 - 2017-06-03 10:58 - 01046016 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2017-06-14 18:03 - 2017-06-03 10:58 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2017-06-14 18:03 - 2017-06-03 10:57 - 11870720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-06-14 18:03 - 2017-06-03 10:57 - 06535168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspaint.exe
2017-06-14 18:03 - 2017-06-03 10:57 - 05557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2017-06-14 18:03 - 2017-06-03 10:57 - 02829824 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2017-06-14 18:03 - 2017-06-03 10:57 - 01675264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2017-06-14 18:03 - 2017-06-03 10:57 - 01248768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-06-14 18:03 - 2017-06-03 10:57 - 00797184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2017-06-14 18:03 - 2017-06-03 10:56 - 06292992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-06-14 18:03 - 2017-06-03 10:55 - 03656192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-06-14 18:03 - 2017-06-03 10:55 - 02132480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2017-06-14 18:03 - 2017-06-03 10:55 - 01019904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-06-14 18:03 - 2017-06-03 10:54 - 02341376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2017-06-14 18:03 - 2017-06-03 10:54 - 02298368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2017-06-14 18:03 - 2017-06-03 10:53 - 04559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2017-06-14 18:03 - 2017-06-03 10:51 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\bfsvc.exe
2017-06-14 18:02 - 2017-06-03 12:15 - 01596600 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2017-06-14 18:02 - 2017-06-03 12:14 - 01147296 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-06-14 18:02 - 2017-06-03 12:14 - 01024928 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-06-14 18:02 - 2017-06-03 12:10 - 00130464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tm.sys
2017-06-14 18:02 - 2017-06-03 12:07 - 00923048 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-06-14 18:02 - 2017-06-03 12:02 - 02444192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-06-14 18:02 - 2017-06-03 12:01 - 05477096 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2017-06-14 18:02 - 2017-06-03 12:00 - 00872472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2017-06-14 18:02 - 2017-06-03 12:00 - 00321376 _____ (Microsoft Corporation) C:\WINDOWS\system32\capauthz.dll
2017-06-14 18:02 - 2017-06-03 11:58 - 21352696 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-06-14 18:02 - 2017-06-03 11:58 - 00660384 _____ (Microsoft Corporation) C:\WINDOWS\system32\comctl32.dll
2017-06-14 18:02 - 2017-06-03 11:57 - 00371616 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2017-06-14 18:02 - 2017-06-03 11:14 - 00443392 _____ (Microsoft Corporation) C:\WINDOWS\system32\PerceptionSimulationExtensions.dll
2017-06-14 18:02 - 2017-06-03 11:14 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmredir.dll
2017-06-14 18:02 - 2017-06-03 11:10 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCredentialDeployment.exe
2017-06-14 18:02 - 2017-06-03 11:09 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-06-14 18:02 - 2017-06-03 11:06 - 00551936 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmCoreProvisioning.dll
2017-06-14 18:02 - 2017-06-03 11:05 - 07336448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-06-14 18:02 - 2017-06-03 11:05 - 01878016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-06-14 18:02 - 2017-06-03 11:04 - 00925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-06-14 18:02 - 2017-06-03 11:01 - 06726656 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe
2017-06-14 18:02 - 2017-06-03 10:59 - 02625024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2017-06-14 18:02 - 2017-06-03 10:59 - 02056192 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-06-14 18:02 - 2017-06-03 10:59 - 01293824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-06-14 18:02 - 2017-06-03 10:58 - 02650112 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2017-06-12 14:21 - 2017-06-12 14:21 - 02895643 _____ C:\Users\Derya\Downloads\Sensitive_byStudex_Collection_EN.pdf
2017-06-11 14:18 - 2017-06-11 14:18 - 10096308 _____ C:\Users\Derya\Downloads\9783423143356.zip

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2017-07-08 11:53 - 2017-06-04 13:32 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-07-08 11:02 - 2017-06-04 13:58 - 00004152 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{9E6F6878-ACFE-4895-8063-AA9240D6E13D}
2017-07-08 01:27 - 2015-06-08 12:39 - 00000000 ____D C:\Users\Derya\AppData\Local\Spotify
2017-07-08 01:27 - 2015-06-08 12:38 - 00000000 ____D C:\Users\Derya\AppData\Roaming\Spotify
2017-07-08 01:22 - 2017-04-14 09:58 - 00000000 ____D C:\ProgramData\ASUS Smart Gesture
2017-07-08 01:22 - 2015-11-05 20:45 - 00000074 _____ C:\Users\Derya\AppData\Roaming\sp_data.sys
2017-07-08 01:19 - 2017-06-04 13:36 - 00000000 ____D C:\Users\Derya
2017-07-08 01:19 - 2015-09-01 14:04 - 00000000 __SHD C:\Users\Derya\IntelGraphicsProfiles
2017-07-08 01:18 - 2017-06-04 13:58 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-07-08 01:18 - 2017-03-18 13:40 - 01310720 _____ C:\WINDOWS\system32\config\BBI
2017-07-08 01:18 - 2015-11-03 19:44 - 00253856 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-07-08 01:16 - 2016-02-29 17:01 - 00000000 ____D C:\Users\Derya\AppData\LocalLow\Temp
2017-07-08 01:09 - 2016-11-29 01:23 - 00000000 ____D C:\Users\Derya\AppData\LocalLow\Mozilla
2017-07-07 21:06 - 2017-03-18 23:03 - 00000000 ___HD C:\Program Files\WindowsApps
2017-07-07 21:06 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-07-07 16:57 - 2016-12-21 05:29 - 00001914 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-07-07 16:57 - 2016-12-21 05:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-07-07 16:34 - 2016-07-20 22:58 - 00000000 ____D C:\Program Files (x86)\Yahoo!
2017-07-07 16:30 - 2015-02-14 21:35 - 00000000 ____D C:\Users\Derya\AppData\Roaming\vlc
2017-07-07 15:33 - 2015-12-18 10:50 - 00000000 ____D C:\ProgramData\Avira
2017-07-07 15:33 - 2015-10-30 14:13 - 00000000 ____D C:\ProgramData\Package Cache
2017-07-05 23:58 - 2017-03-18 23:01 - 00000000 ____D C:\WINDOWS\INF
2017-07-05 17:42 - 2015-09-01 20:56 - 00000000 ____D C:\Users\Derya\Documents\Neuer Ordner
2017-07-03 00:20 - 2014-12-18 00:08 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-07-01 17:00 - 2016-11-29 01:23 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-06-27 22:35 - 2014-11-18 21:50 - 00000000 ____D C:\Users\Derya\AppData\Roaming\Dropbox
2017-06-27 12:06 - 2016-12-21 05:29 - 00077376 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-06-26 19:40 - 2015-11-07 00:17 - 00002266 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-06-26 19:40 - 2015-11-07 00:17 - 00002254 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-06-22 00:00 - 2017-06-04 14:21 - 00003270 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-06-22 00:00 - 2015-09-01 14:11 - 00002426 _____ C:\Users\Derya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-06-22 00:00 - 2014-10-29 12:33 - 00000000 __RDO C:\Users\Derya\OneDrive
2017-06-19 16:19 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-06-17 13:32 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-06-17 13:32 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-06-16 14:13 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\rescache
2017-06-15 11:52 - 2014-10-13 22:36 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-06-15 11:47 - 2017-06-04 13:56 - 01851652 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-06-15 11:47 - 2017-03-20 06:35 - 00802486 _____ C:\WINDOWS\system32\perfh007.dat
2017-06-15 11:47 - 2017-03-20 06:35 - 00162784 _____ C:\WINDOWS\system32\perfc007.dat
2017-06-15 11:40 - 2017-06-04 13:32 - 00305296 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-06-15 11:39 - 2014-10-24 21:16 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2017-06-15 11:39 - 2014-10-24 21:16 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2017-06-14 21:31 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\system32\oobe
2017-06-14 21:31 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\system32\appraiser
2017-06-14 18:21 - 2014-10-19 21:22 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-06-14 18:14 - 2017-03-18 22:51 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-06-14 18:14 - 2014-10-19 21:22 - 133627792 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-06-14 18:08 - 2014-10-24 21:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2017-06-13 21:47 - 2015-06-16 21:49 - 00000000 ____D C:\Users\Derya\AppData\Local\Dropbox
2017-06-13 18:32 - 2017-06-04 13:58 - 00004428 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2017-06-12 11:59 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\system32\NDF

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2015-11-05 20:45 - 2017-07-08 01:22 - 0000074 _____ () C:\Users\Derya\AppData\Roaming\sp_data.sys
2016-07-21 13:19 - 2016-07-21 13:19 - 0013310 _____ () C:\Users\Derya\AppData\Local\recently-used.xbel
2017-06-04 13:35 - 2017-06-04 13:35 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2015-01-09 22:09 - 2016-11-11 18:52 - 0066192 _____ () C:\ProgramData\dudenbib.wav
2013-04-26 01:15 - 2012-09-07 13:40 - 0000256 _____ () C:\ProgramData\SetStretch.cmd
2013-04-26 01:15 - 2009-07-22 12:04 - 0024576 _____ () C:\ProgramData\SetStretch.exe
2013-04-26 01:15 - 2012-09-07 13:37 - 0000103 _____ () C:\ProgramData\SetStretch.VBS

==================== Bamital & volsnap ======================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert

LastRegBack: 2017-07-02 17:08

==================== Ende von FRST.txt ============================

Code:

ATTFilter

Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 05-07-2017
durchgeführt von Derya (08-07-2017 12:04:55)
Gestartet von C:\Users\Derya\Desktop
Windows 10 Home Version 1703 (X64) (2017-06-04 12:12:53)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-2045481624-1955495486-2742246077-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2045481624-1955495486-2742246077-503 - Limited - Disabled)
Derya (S-1-5-21-2045481624-1955495486-2742246077-1001 - Administrator - Enabled) => C:\Users\Derya
Gast (S-1-5-21-2045481624-1955495486-2742246077-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2045481624-1955495486-2742246077-1005 - Limited - Enabled)

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

7-Zip 9.22 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0922-000001000000}) (Version: 9.22.00.0 - Igor Pavlov)
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 17.009.20044 - Adobe Systems Incorporated)
Adobe Digital Editions 3.0 (HKLM-x32\...\Adobe Digital Editions 3.0) (Version: 3.0.1 - Adobe Systems Incorporated)
Adobe Flash Player 26 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 26.0.0.131 - Adobe Systems Incorporated)
Amazon Music (HKU\S-1-5-21-2045481624-1955495486-2742246077-1001\...\Amazon Amazon Music) (Version: 5.4.2.1801 - Amazon Services LLC)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.2.7 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 3.0.6 - ASUS)
ASUS Screen Saver (HKLM-x32\...\{0FBEEDF8-30FA-4FA3-B31F-C9C7E7E8DFA2}) (Version: 1.0.2 - ASUS)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 4.0.18 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 2.01.0021 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 2.1.5 - ASUS)
ASUS WebStorage Sync Agent (HKLM-x32\...\ASUS WebStorage) (Version: 1.1.18.159 - ASUS Cloud Corporation)
ASUSDVD (HKLM-x32\...\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5710.52 - CyberLink Corp.) Hidden
ASUSDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5710.52 - CyberLink Corp.)
AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.12.311 - ASUSTEK)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0031 - ASUS)
Azteca (HKLM-x32\...\WTA-874d1d57-0527-4e80-adaa-bce83e1a070b) (Version: 2.2.0.97 - WildTangent) Hidden
Bejeweled 3 (HKLM-x32\...\WTA-cf23f5a3-be59-42a3-91d4-7147cb84c427) (Version: 2.2.0.97 - WildTangent) Hidden
Citavi 5  (HKLM-x32\...\{7EB278FB-0C3C-445E-8665-4A6CDD9B794E}) (Version: 5.3.1.0 - Swiss Academic Software)
Cut the Rope (HKLM-x32\...\WTA-f9eaaca9-82be-44ea-8a23-da50b5803b42) (Version: 3.0.2.38 - WildTangent) Hidden
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Dropbox (HKU\S-1-5-21-2045481624-1955495486-2742246077-1001\...\Dropbox) (Version: 29.4.20 - Dropbox, Inc.)
Duden-Bibliothek (HKLM-x32\...\{5C81B189-5456-40C4-9313-7FE6FA6DD64C}) (Version: 5.1.0 - Bibliographisches Institut GmbH)
ELAN Touchpad 15.8.4.3_X64_WHQL (HKLM\...\Elantech) (Version: 15.8.4.3 - ELAN Microelectronic Corp.)
Fotogalerie (HKLM-x32\...\{3CBD94C1-BA15-488C-888B-D8DD296CC6DC}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galerie de photos (HKLM-x32\...\{446CC8CE-0E90-44F7-ADD0-774B243EF090}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
GIMP 2.8.18 (HKLM\...\GIMP-2_is1) (Version: 2.8.18 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 59.0.3071.115 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4276 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Java 8 Update 131 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180131F0}) (Version: 8.0.1310.11 - Oracle Corporation)
L&H TTS3000 Deutsch (HKLM-x32\...\LHTTSGED) (Version:  - )
Langenscheidt Vokabeltrainer 6.0 Englisch (HKLM-x32\...\{BA49C568-7380-494F-9D15-EC2CE7F142C4}) (Version: 6.0.1 - Langenscheidt)
LDOCE5 Viewer 2013.03.24 (HKLM-x32\...\{69AF89EB-727E-4F9E-ADCA-87102CBAC142}_is1) (Version: 2013.03.24 - hakidame.net)
Lernout & Hauspie TruVoice American English TTS Engine (HKLM-x32\...\tv_enua) (Version:  - )
LibreOffice 5.2.6.2 (HKLM-x32\...\{443795BA-BBA0-46CF-A07F-DB5B461785F7}) (Version: 5.2.6.2 - The Document Foundation)
linguatec Voice Reader (HKLM-x32\...\{93293322-B694-4270-B7FE-DDE1A681ACCA}) (Version: 1.00.0000 - linguatec)
Longman Dictionary of Contemporary English 5th Edition (HKLM-x32\...\NSIS_ldoce5) (Version:  - )
Malwarebytes Version 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes)
Maxx Audio Installer (x64) (HKLM\...\{307032B2-6AF2-46D7-B933-62438DEB2B9A}) (Version: 2.6.6168.8 - Waves Audio Ltd.) Hidden
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2045481624-1955495486-2742246077-1001\...\OneDriveSetup.exe) (Version: 17.3.6917.0607 - Microsoft Corporation)
Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0407-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Movie Maker (HKLM-x32\...\{03CC9D58-B132-4CC0-A521-4F3660AA43C7}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{701FE1BC-834A-4857-AF62-6EBA50CFBC78}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{8E6E8CBB-8E58-493C-943F-4664F5F2FEDB}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{A17946CA-18E5-4CF0-8D55-A56D804718F8}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{AE8044B5-FCA3-4EBE-AC78-0FB3A6E8DC76}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{ED6C77F9-4D7E-447C-9EC0-9A212D075535}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 54.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 54.0.1 (x86 de)) (Version: 54.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 54.0.1.6388 - Mozilla)
MyBitCast 2.0 (HKLM-x32\...\MyBitCast) (Version: 2.0 - ASUS)
Oxford Advanced Learner's Dictionary - 8th Edition (HKLM-x32\...\NSIS_oald8) (Version:  - )
Paragon Software PONS 7 (HKLM-x32\...\Paragon Software PONS 7) (Version:  - )
Peggle (HKLM-x32\...\WTA-4ac01422-47f4-450d-be29-dd2c93505f68) (Version: 2.2.0.95 - WildTangent) Hidden
Penguins! (HKLM-x32\...\WTA-0eda17f7-fdf1-44cd-87c0-caf591ca3a2e) (Version: 2.2.0.98 - WildTangent) Hidden
PROMT Personal 9.0 EGGE (HKLM-x32\...\{E0FF8A03-2606-46CC-964E-4583BBA10DB9}) (Version: 9.0.00020 - PROMT Ltd.)
QUICKfind server v1.1 (HKLM-x32\...\QUICKfind) (Version:  - IDM)
Raccolta foto (HKLM-x32\...\{D04EBB49-C985-4A38-8695-62000861293A}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Ralink RT2860 Wireless LAN Card (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}) (Version: 1.2.0.41 - Ralink)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.14.327.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C9661090-C134-46E8-90B2-76D72355C2A6}) (Version: 6.2.9200.27038 - Realtek Semiconductor Corp.)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Skype™ 7.32 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.32.104 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-2045481624-1955495486-2742246077-1001\...\Spotify) (Version: 1.0.58.573.g57c9cd87 - Spotify AB)
Tales of Lagoona (HKLM-x32\...\WTA-d927468d-46de-4206-b527-35d00680ffb7) (Version: 2.2.0.110 - WildTangent) Hidden
Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version:  - WildTangent) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Vokabeltrainer-Update 6.0.141 (HKLM-x32\...\{C90B2DAE-C958-4DC8-9B26-CFEA485A3E1B}) (Version: 6.0.141 - Langenscheidt)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.0.0 - WildTangent)
WildTangent Games App (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-asus) (Version: 4.0.10.5 - WildTangent) Hidden
Windows 10 Update and Privacy Settings (HKLM\...\{293F2009-0145-450B-B4AA-063D43FB368C}) (Version: 1.0.13.0 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.42.0 - ASUS)
Write or Die 2.1.7 (HKLM-x32\...\{EC5AF270-5A63-4230-A90D-921235AE711F}_is1) (Version:  - Write or Die LLC)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

CustomCLSID: HKU\S-1-5-21-2045481624-1955495486-2742246077-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Derya\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2045481624-1955495486-2742246077-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-2045481624-1955495486-2742246077-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Derya\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2045481624-1955495486-2742246077-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Derya\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2045481624-1955495486-2742246077-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Derya\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2045481624-1955495486-2742246077-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Derya\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2045481624-1955495486-2742246077-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Derya\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2045481624-1955495486-2742246077-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Derya\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2045481624-1955495486-2742246077-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Derya\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2045481624-1955495486-2742246077-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Derya\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2045481624-1955495486-2742246077-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Derya\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2045481624-1955495486-2742246077-1001_Classes\CLSID\{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Derya\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2045481624-1955495486-2742246077-1001_Classes\CLSID\{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Derya\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2045481624-1955495486-2742246077-1001_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Derya\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Derya\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll [2017-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Derya\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll [2017-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Derya\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll [2017-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Derya\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll [2017-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Derya\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll [2017-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Derya\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll [2017-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Derya\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll [2017-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Derya\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll [2017-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> Keine Datei
ContextMenuHandlers01: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2011-04-19] (Igor Pavlov)
ContextMenuHandlers03: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> Keine Datei
ContextMenuHandlers03: [BackupContextMenuExtension] -> {b1b96b20-da1d-4a3c-92c1-7229b32f2325} => C:\WINDOWS\system32\mscoree.dll [2017-03-18] (Microsoft Corporation)
ContextMenuHandlers03: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
ContextMenuHandlers04: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2011-04-19] (Igor Pavlov)
ContextMenuHandlers04: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> Keine Datei
ContextMenuHandlers05: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> Keine Datei
ContextMenuHandlers05: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2016-05-03] (Intel Corporation)
ContextMenuHandlers06: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
ContextMenuHandlers06: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> Keine Datei
ContextMenuHandlers1_S-1-5-21-2045481624-1955495486-2742246077-1001: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\Derya\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll [2017-06-26] (Dropbox, Inc.)
ContextMenuHandlers4_S-1-5-21-2045481624-1955495486-2742246077-1001: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\Derya\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll [2017-06-26] (Dropbox, Inc.)
ContextMenuHandlers5_S-1-5-21-2045481624-1955495486-2742246077-1001: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\Derya\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll [2017-06-26] (Dropbox, Inc.)

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {060E1437-945D-4FE4-83EA-FB49460F512D} - System32\Tasks\ASUS InstantOn Config => C:\Program Files\ASUS\P4G\InsOnCfg.exe
Task: {29950DB4-7643-447B-8979-9D5246966111} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-07] (Google Inc.)
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {4488AEBB-EE58-483E-AA1E-F33C536DA402} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-06-17] (Adobe Systems Incorporated)
Task: {4AAFCB02-F4D4-4FEA-BD50-9CA191C483DA} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2017-06-14] (Microsoft Corporation)
Task: {53B75930-DE86-4DD6-8766-D079A2BFEF37} - System32\Tasks\ASUS Live Update1 => C:\Program Files (x86) [Argument = -critical]
Task: {5DDB61B9-7E88-40AA-BD92-8591D97C5AA0} - System32\Tasks\ASUS Live Update2 => C:\Program Files (x86) [Argument = -check]
Task: {69FAFFDD-52F7-4F1F-BC99-2BF53056D08A} - System32\Tasks\ASUS Splendid ColorU => C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe [2013-10-07] (ASUSTeK Computer Inc.)
Task: {70BA45BF-2CC3-4ECD-AED8-9268E7D7C99F} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\BrowserChoice\browserchoice.exe
Task: {789344E1-0DA7-431B-A6D5-7D2D0F240E33} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2012-09-18] (ASUSTek Computer Inc.)
Task: {8D82E38A-A7D3-481E-AB01-7A342A1D067D} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK
Task: {8DD622C6-2C0C-4CD8-9C3E-62D1917BC8B8} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-04-25] (Adobe Systems Incorporated)
Task: {9250C7D3-39A8-4A07-BE57-C1C313159C82} - System32\Tasks\avastBCLRestart_chrome.exe => Chrome.exe 
Task: {B13A1E02-4508-4B78-958B-BF96BF8FF898} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2013-10-07] (ASUS)
Task: {CD116C33-CF19-48C7-8B24-F93219DAC374} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-07] (Google Inc.)
Task: {DF5965BD-A1CF-435F-B9E1-107CF5952516} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2017-03-09] (AsusTek)
Task: {E5BB5305-6E29-4177-AF79-9D8E36016A13} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2013-08-29] (ASUS)
Task: {EDE6626D-7B4F-46E3-B2B5-D41DBF4D84FB} - System32\Tasks\AsusVibeSchedule => C:\Program Files (x86)\Asus\AsusVibe\AsusVibeLauncher.exe [2013-11-04] ()

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-2045481624-1955495486-2742246077-1001Core1d249eaab9ca3df.job => C:\Users\Derya\AppData\Local\Dropbox\Update\DropboxUpdate.exe

==================== Verknüpfungen & WMI ========================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)


==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2012-12-19 08:10 - 2012-12-19 08:10 - 00072192 _____ () C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe
2017-03-18 22:58 - 2017-03-18 22:58 - 00138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2013-08-29 17:01 - 2013-08-29 17:01 - 00031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll
2017-03-18 22:59 - 2017-03-20 06:36 - 01731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-06-26 19:40 - 2017-06-23 05:21 - 03807064 _____ () C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.115\libglesv2.dll
2017-06-26 19:40 - 2017-06-23 05:21 - 00100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.115\libegl.dll
2017-06-04 14:50 - 2017-06-04 14:50 - 03139496 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11705.1001.21.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2017-06-22 11:52 - 2017-06-22 11:52 - 00766464 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11705.1001.21.0_x64__8wekyb3d8bbwe\WinStore.Vui.dll
2017-06-22 11:52 - 2017-06-22 11:52 - 10628608 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11705.1001.21.0_x64__8wekyb3d8bbwe\WinStore.Entertainment.Mobile.dll
2017-06-22 11:52 - 2017-06-22 11:52 - 02640384 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11705.1001.21.0_x64__8wekyb3d8bbwe\MS.Entertainment.Common.Mobile.dll
2017-04-22 19:27 - 2017-04-22 19:27 - 00017408 _____ () C:\Program Files\WindowsApps\Microsoft.BingWeather_4.20.1102.0_x64__8wekyb3d8bbwe\Microsoft.Msn.Weather.exe
2017-04-22 19:27 - 2017-04-22 19:27 - 15069696 _____ () C:\Program Files\WindowsApps\Microsoft.BingWeather_4.20.1102.0_x64__8wekyb3d8bbwe\Microsoft.Msn.Weather.dll
2017-03-29 12:33 - 2017-03-29 12:34 - 04123032 _____ () C:\Program Files\WindowsApps\Microsoft.BingWeather_4.20.1102.0_x64__8wekyb3d8bbwe\Microsoft.Advertising.dll
2016-03-03 21:23 - 2016-03-03 21:24 - 00291328 _____ () C:\Program Files\WindowsApps\Microsoft.BingWeather_4.20.1102.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll
2017-06-23 11:31 - 2017-06-23 11:32 - 13207232 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.8241.41125.0_x64__8wekyb3d8bbwe\Office.UI.Xaml.Core.dll
2017-06-23 11:31 - 2017-06-23 11:32 - 01199816 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.8241.41125.0_x64__8wekyb3d8bbwe\Office.UI.Xaml.Word.dll
2017-06-17 10:51 - 2017-06-17 10:53 - 00020480 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.18062.12990.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2017-06-17 10:51 - 2017-06-17 10:53 - 27430400 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.18062.12990.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2017-06-06 12:51 - 2017-06-06 12:54 - 00460288 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.18062.12990.0_x64__8wekyb3d8bbwe\Microsoft.Photos.AGM.Native.Windows.dll
2017-06-06 12:51 - 2017-06-06 12:54 - 02275328 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.18062.12990.0_x64__8wekyb3d8bbwe\MediaEngine.dll
2017-06-04 14:50 - 2017-06-04 14:50 - 03139496 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.18062.12990.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2017-06-06 12:51 - 2017-06-06 12:54 - 00046080 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.18062.12990.0_x64__8wekyb3d8bbwe\Microsoft.Photos.Edit.Services.dll
2016-06-03 12:49 - 2016-06-03 12:51 - 00680448 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.18062.12990.0_x64__8wekyb3d8bbwe\Microsoft.DesignCore.dll
2017-06-06 12:51 - 2017-06-06 12:54 - 00900096 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.18062.12990.0_x64__8wekyb3d8bbwe\Microsoft.RichMedia.Ink.Controls.dll
2017-05-09 17:24 - 2017-05-09 17:27 - 01062400 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.18062.12990.0_x64__8wekyb3d8bbwe\Microsoft.Sharing.dll
2016-03-03 21:23 - 2016-03-03 21:24 - 00291328 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.18062.12990.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll
2013-09-09 19:23 - 2013-09-09 19:23 - 00162816 _____ () C:\Program Files (x86)\ASUS\Splendid\CCTAdjust.dll
2013-10-08 21:41 - 2013-10-08 21:41 - 00037968 _____ () C:\Program Files (x86)\ASUS\Splendid\DetectDisplayDC.dll
2014-06-10 03:34 - 2012-06-25 11:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)


==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)


==================== Hosts Inhalt: ===============================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2013-08-22 15:25 - 2015-11-08 14:04 - 00000855 _____ C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1       localhost

==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-2045481624-1955495486-2742246077-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Derya\Pictures\wolf.jpg
DNS Servers: 10.173.68.21 - 10.173.68.20
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

HKLM\...\StartupApproved\Run32: => "ASUSPRP"
HKLM\...\StartupApproved\Run32: => "PDFPrint"
HKU\S-1-5-21-2045481624-1955495486-2742246077-1001\...\StartupApproved\StartupFolder: => "Dropbox.lnk"
HKU\S-1-5-21-2045481624-1955495486-2742246077-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-2045481624-1955495486-2742246077-1001\...\StartupApproved\Run: => "Spotify"

==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [TCP Query User{6D3594E5-570E-4F22-B6FF-AB2038090F5A}C:\users\derya\appdata\local\amazon music\amazon music helper.exe] => (Allow) C:\users\derya\appdata\local\amazon music\amazon music helper.exe
FirewallRules: [UDP Query User{6861AED5-78B6-4E87-A061-CB6778DCCA47}C:\users\derya\appdata\local\amazon music\amazon music helper.exe] => (Allow) C:\users\derya\appdata\local\amazon music\amazon music helper.exe
FirewallRules: [TCP Query User{4C23C597-64B3-4D36-9310-B1CBF1AD707B}C:\users\derya\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\derya\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{183F16BF-C1E6-4EEB-AE12-943249400F94}C:\users\derya\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\derya\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{CB4FDB00-E56C-4E9E-92E1-01EFE3CC16B0}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{22CAED53-795E-4B0E-A54B-FA9157F223DD}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe

==================== Wiederherstellungspunkte =========================

21-06-2017 14:25:12 Geplanter Prüfpunkt
30-06-2017 16:08:28 Geplanter Prüfpunkt

==================== Fehlerhafte Geräte im Gerätemanager =============


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (07/08/2017 11:58:58 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DERYA)
Description: Bei der Aktivierung der App „Microsoft.BingWeather_8wekyb3d8bbwe!App“ ist folgender Fehler aufgetreten: -2144927148. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (07/08/2017 11:55:25 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile .
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.0_none_108e4f62dfe5d999.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.0_none_583b8639f462029f.manifest.

Error: (07/08/2017 11:55:24 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile .
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.0_none_108e4f62dfe5d999.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.0_none_583b8639f462029f.manifest.

Error: (07/08/2017 11:54:11 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "c:\program files (x86)\eset\eset online scanner\ESETSmartInstaller.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile .
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.0_none_108e4f62dfe5d999.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.0_none_583b8639f462029f.manifest.

Error: (07/08/2017 11:23:00 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DERYA)
Description: Bei der Aktivierung der App „Microsoft.BingWeather_8wekyb3d8bbwe!App“ ist folgender Fehler aufgetreten: -2144927148. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (07/08/2017 10:55:00 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DERYA)
Description: Bei der Aktivierung der App „Microsoft.BingWeather_8wekyb3d8bbwe!App“ ist folgender Fehler aufgetreten: -2144927148. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (07/08/2017 10:27:50 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DERYA)
Description: Bei der Aktivierung der App „Microsoft.BingWeather_8wekyb3d8bbwe!App“ ist folgender Fehler aufgetreten: -2144927148. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (07/08/2017 09:59:48 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DERYA)
Description: Bei der Aktivierung der App „Microsoft.BingWeather_8wekyb3d8bbwe!App“ ist folgender Fehler aufgetreten: -2144927148. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (07/08/2017 09:24:01 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DERYA)
Description: Bei der Aktivierung der App „Microsoft.BingWeather_8wekyb3d8bbwe!App“ ist folgender Fehler aufgetreten: -2144927148. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (07/08/2017 09:03:49 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DERYA)
Description: Bei der Aktivierung der App „Microsoft.BingWeather_8wekyb3d8bbwe!App“ ist folgender Fehler aufgetreten: -2144927148. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.


Systemfehler:
=============
Error: (07/08/2017 01:46:57 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet: 
Der Treiber konnte nicht geladen werden.

Error: (07/08/2017 01:46:57 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Derya\AppData\Local\Temp\ehdrv.sys

Error: (07/08/2017 01:46:57 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet: 
Der Treiber konnte nicht geladen werden.

Error: (07/08/2017 01:46:57 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Derya\AppData\Local\Temp\ehdrv.sys

Error: (07/08/2017 01:46:57 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet: 
Der Treiber konnte nicht geladen werden.

Error: (07/08/2017 01:46:57 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Derya\AppData\Local\Temp\ehdrv.sys

Error: (07/08/2017 01:43:05 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet: 
Der Treiber konnte nicht geladen werden.

Error: (07/08/2017 01:43:05 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Derya\AppData\Local\Temp\ehdrv.sys

Error: (07/08/2017 01:43:05 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet: 
Der Treiber konnte nicht geladen werden.

Error: (07/08/2017 01:43:05 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Derya\AppData\Local\Temp\ehdrv.sys


==================== Speicherinformationen =========================== 

Prozessor: Intel(R) Core(TM) i3-3217U CPU @ 1.80GHz
Prozentuale Nutzung des RAM: 55%
Installierter physikalischer RAM: 3981.68 MB
Verfügbarer physikalischer RAM: 1769.08 MB
Summe virtueller Speicher: 5965.68 MB
Verfügbarer virtueller Speicher: 3392.95 MB

==================== Laufwerke ================================

Drive c: (OS) (Fixed) (Total:371.76 GB) (Free:278.8 GB) NTFS ==>[System mit Startkomponenten (eingeholt von Laufwerk)]
Drive d: () (Fixed) (Total:537.8 GB) (Free:536.83 GB) NTFS

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 0FE4DC0A)

Partition: GPT.

==================== Ende von Addition.txt ============================

wow. Ich glaube das Problem ist gelöst worden. Das Internet ist auf jeden Fall schneller geworden. Nach mehrmalen Versuchen beim Surfen hab ich nicht aufs Neuladen geklickt. Die Webseiten öffnen sich

Vielen Dank! Ich hab noch eine andre Frage. Ich benutze Mozilla eher für anonymes Surfen. Da habe ich ein Vpn add-on runtergeladen. Es heißt ZenMeta. Ich hatte auch was anderes, das hat aber richtig funktioniert und dann hab ich es gelöscht. Ich weiß nicht, ob dieses Zenmeta ding echt funktioniert. Denn es lädt immer noch die Webseiten irgendwie aus Deutschland, obwohl ich zb. als country USA angebe. In Deutschland brauche ich nicht so viel vpn schutz eigentlich. Aber das brauche ich eher fürs mein Heimatland, wo Internet stark zensiert ist. Man kann da sogar nicht richtig Nachrichten lesen. Ich habs von Hotspot shield usw. gehört. Aber ich hab es mir nicht zugetraut, ein solches Programm runterzuladen. Die verlangsamen das System total. Hast du vielleicht eine Idee, für ein VPn schutz, dass das Computer nicht verlangsamt, und dass ich in meinem Heimatland nutzen kann?

M-K-D-B · 08.07.2017, 14:01

Servus,

wegen VPN frag ich mal im Team nach.

Dann wären wir durch!
Wenn du keine Probleme mehr mit Malware hast, dann sind wir hier fertig. Deine Logdateien sind sauber.

Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...

Vielleicht möchtest du das Forum mit einer kleinen Spende unterstützen.

Hinweise:
Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so dass ich dieses Thema aus meinen Abos löschen kann.
Zum Schluss müssen wir noch ein paar abschließende Schritte unternehmen, um deinen Pc aufzuräumen und abzusichern.

Cleanup
Alle Logs gepostet? Dann lade Dir bitte

DelFix herunter.

Schließe alle offenen Programme.
Starte die delfix.exe mit einem Doppelklick.
Setze vor jede Funktion ein Häkchen.
Klicke auf Start.
Starte deinen Rechner zum Abschluss neu auf.

Hinweis:
DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
Starte deinen Rechner anschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst du diese bedenkenlos löschen.

Virenscanner + Firewall
Vorab sei erwähnt, dass man niemals die Schutzwirkung eines Virenscanners überbewerten darf! Kein Antivirusprogramm erkennt 100% der Schadsoftware.

Sofern du noch unentschieden bist, verwende MAXIMAL EIN EINZIGES der folgenden Antivirusprogramme mit Echtzeitscanner und stets aktueller Signaturendatenbank:

Emsisoft Anti-Malware (kostenpflichtig)
ESET NOD32 Antivirus (kostenpflichtig)
Microsoft Security Essentials (kostenlos)

Microsoft Security Essentials (MSE) / Windows Defender (WD) ist ab Windows 8 fest eingebaut, wenn du also Windows 8, 8.1 oder 10 und dich für MSE/WD entschieden hast, brauchst du nicht extra MSE/WD zu installieren. Bei Windows 7 muss es aber manuell installiert oder über die Windows Updates als optionales Update bezogen werden. Selbstverständlich ist ein legales/aktiviertes Windows Voraussetzung dafür.

Verwende immer nur reine Virenscanner (keine Produkte mit "Suite", "Internet Security", "Endpoint" oder "Total Security" in Namen, denn diese bringen kontraproduktive Firewalls mit - die Windows-Firewall ist alles was benötigt wird)

Zusätzlich kannst Du Deinen PC regelmäßig mit Malwarebytes Anti-Malware , AdwCleaner und mit dem ESET Online Scanner scannen.
Diese Programme sind alle kostenlos und stören nicht den Betrieb deines Antivirenprogramms.

Absicherungen
Beim Betriebsystem Windows ist es wichtig, die automatischen Updates zu aktivieren.
Auch sicherheitsrelevante Software sollte immer in aktueller Version vorliegen.

Das zeitnahe Einspielen von Updates ist erforderlich, damit Sicherheitslücken geschlossen werden. Sicherheitslücken werden beispielsweise dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren.

Besonders aufpassen bzgl. der Aktualität musst du insbesondere bei folgender Software - sofern diese überhaupt benötigt wird:

Browser (Internet Explorer, Edge, Firefox, Chrome, Opera, etc.)
Flash-Player
Java
Adobe Reader

Optionale Browsererweiterungen

Adblock Plus oder uBlock Origin (Firefox - Chrome) - können Banner, Pop-ups, Videowerbung, Tracking und Malware-Seiten blockieren
NoScript - verhindert das Ausführen von aktiven Inhalten (Java, JavaScript, Flash,...) für sämtliche Websites. Man kann aber nach dem Prinzip einer Whitelist festlegen, auf welchen Seiten Scripts erlaubt werden sollen. NoScript kann gerade bei technisch nicht allzu versierten Nutzern beim Surfen zum Nervfaktor werden; ob das Tool geeignet ist, muss jeder selbst mal ausprobieren und dann für sich entscheiden.

Grundsätzliches

Ändere regelmäßig deine Online-Passwörter und erstelle regelmäßig Backups deiner wichtigen Dateien oder des Systems. Genaueres dazu findest du unten im Lesestoff zu Backups.
Lade keine Software von Chip, Softonic, SourceForge oder VLC.de. Die dort angebotene Software wird häufig mit einem sog. "Installer" verteilt, mit dem man sich nur unerwünschte Software oder Adware installiert.
Lade Software von einem sauberen Portal wie oder direkt beim jeweiligen Hersteller / Entwickler.
Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne die Haken bei allen optional angebotenen Toolbars oder sonstigen, fürs Programm, irrelevanten Ergänzungen.
Der Nutzen von Registry-Cleanern, Optimizern usw. zur Performancesteigerung ist umstritten bis nicht belegbar. Selbst Microsoft unterstützt sog. Registry-Cleaner nicht.
Ich empfehle deshalb, die Finger von der Registry zu lassen und lieber die windowseigene Datenträgerbereinigung zu verwenden.

Lesestoff:
Backup-/Image-Tools

Damit man sinnvolle Backups hat, muss man regelmäßig (z. B. wöchentlich) ein Image auf eine separate externe Festplatte erstellen. Diese externe Festplatte wird nur dann angeschlossen, wenn man das Backup erstellen will (oder etwas wiederherstellen muss), ansonsten bleibt sie aus Sicherheitsgründen sicher im Schrank verwahrt - allein schon aus dem Grund, die Backups vor "Verschlüsselungstrojanern" zu schützen.

Du solltest dich für eines der folgenden Programmen entscheiden und damit regelmäßig deine Daten sichern.

Option 1 - Drivesnapshot
Drive Snapshot - Disk Image Backup for Windows NT/2000/XP/2003/X64

Download (32-Bit) => http://www.drivesnapshot.de/download/snapshot.exe
Download (64-Bit) => http://www.drivesnapshot.de/download/snapshot64.exe

Screenshots:
http://www.drivesnapshot.de/images/startup.png
http://www.drivesnapshot.de/images/save3.png

Option 2 - Seagate DiscWizard
Seagate DiscWizard - Download - Filepony

Screenshots:
http://filepony.de/screenshot/seagate_discwizard5.jpg
http://filepony.de/screenshot/seagate_discwizard4.png
http://filepony.de/screenshot/seagate_discwizard3.jpg

Option 3 - Acronis TrueImage WD Edition
Acronis True Image WD Edition - Download - Filepony

Screenshots:
http://filepony.de/screenshot/acroni...d_edition1.jpg
http://filepony.de/screenshot/acroni...d_edition2.jpg

M-K-D-B · 11.07.2017, 14:02

Ich bin froh, dass wir helfen konnten

In diesem Forum kannst du eine kurze Rückmeldung zur Bereinigung abgeben, sofern du das möchtest:
Lob, Kritik und Wünsche
Klicke dazu auf den Button "NEUES THEMA" und poste ein kleines Feedback. Vielen Dank!

Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Solltest Du das Thema erneut brauchen, schicke mir bitte eine PM inklusive Link zum Thema.

Jeder andere bitte hier klicken und einen eigenen Thread erstellen.