Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Browser Hijacker Adware Elex, ändert Suchmaschine, Startseite, etc. in amisites.com (https://www.trojaner-board.de/183636-browser-hijacker-adware-elex-aendert-suchmaschine-startseite-etc-amisites-com.html)

magdeburger 22.12.2016 14:15
Browser Hijacker Adware Elex, ändert Suchmaschine, Startseite, etc. in amisites.com
 
Liste der Anhänge anzeigen (Anzahl: 3)
Ich habe versucht die Adware mit Malwarebytes und Avira zu löschen, doch sie kommt immer wieder (trotz Fundes). Die Startseite/Suchmaschine des Browsers ändert sich dann immer in amisites.com.

Desweiteren habe ich auch die herkömmlichen Tipps: adwcleaner und Junkmal removal tool durchlaufen lassen.

cosinus 22.12.2016 14:27
Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit.
Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten.
Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
http://www.trojaner-board.de/picture...&pictureid=307

magdeburger 22.12.2016 14:38
Code:
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 21-12-2016
durchgeführt von db (Administrator) auf SONYDB (22-12-2016 14:09:48)
Gestartet von D:\heruntergeladene Programme
Geladene Profile: db &  (Verfügbare Profile: db)
Platform: Windows 10 Pro Version 1607 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: Chrome)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Foxit Software Inc.) C:\Program Files (x86)\FOXIT SOFTWARE\FOXIT READER\FoxitConnectedPDFService.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Windows\SysWOW64\PnkBstrB.exe
() C:\Program Files (x86)\Sparhandy Modem\BackgroundService\ServiceManager.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
() C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\23200290-138c-4bb8-8d4e-873f3af03dd7.com
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7981600 2009-07-23] (Realtek Semiconductor)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [163800 2016-07-30] (IvoSoft)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [917576 2016-12-12] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [115048 2011-09-16] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [210432 2016-07-05] (Geek Software GmbH)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [60136 2016-11-15] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-2865356430-1766797703-3585162535-1001\...\Run: [EPSON Stylus Office BX300F] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIEJE.EXE [221696 2008-01-22] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-2865356430-1766797703-3585162535-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-2865356430-1766797703-3585162535-1001\...\MountPoints2: {993b80d7-a4a9-11e4-833a-0024bebd199b} - "E:\autorun.exe"
HKU\S-1-5-21-2865356430-1766797703-3585162535-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12222016131541623\...\Run: [EPSON Stylus Office BX300F] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIEJE.EXE [221696 2008-01-22] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-2865356430-1766797703-3585162535-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12222016131541623\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-2865356430-1766797703-3585162535-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12222016131541623\...\MountPoints2: {993b80d7-a4a9-11e4-833a-0024bebd199b} - "E:\autorun.exe"
ShellExecuteHooks: Kein Name - {23D5E59C-A5C9-11E6-91E4-64006A5CFC23} -  -> Keine Datei
ShellIconOverlayIdentifiers: [KzShlobj] -> {AAA0C5B8-933F-4200-93AD-B143D7FFF9F2} =>  -> Keine Datei
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2016-07-30] (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2016-07-30] (IvoSoft)

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\Parameters: [NameServer] 8.8.8.8,8.8.8.4
Tcpip\..\Interfaces\{bf3a2940-db0d-47e1-8c05-cc90ab7858d4}: [DhcpNameServer] 192.168.2.1
ManualProxies:

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-2865356430-1766797703-3585162535-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
HKU\S-1-5-21-2865356430-1766797703-3585162535-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12222016131541623\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope Wert fehlt
SearchScopes: HKU\S-1-5-21-2865356430-1766797703-3585162535-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=U220DF&PC=U220&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2865356430-1766797703-3585162535-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12222016131541623 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=U220DF&PC=U220&q={searchTerms}&src=IE-SearchBox
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2016-10-18] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2016-11-15] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2016-08-27] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2016-11-15] (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2016-05-17] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\db\AppData\Roaming\Mozilla\Firefox\Profiles\mb9a2erg.default-1482084049159 [2016-12-22]
FF Homepage: Mozilla\Firefox\Profiles\mb9a2erg.default-1482084049159 -> about:home
FF Session Restore: Mozilla\Firefox\Profiles\mb9a2erg.default-1482084049159 -> ist aktiviert.
FF Extension: (Adblock Plus Pop-up Addon) - C:\Users\db\AppData\Roaming\Mozilla\Firefox\Profiles\mb9a2erg.default-1482084049159\Extensions\adblockpopups@jessehakanen.net.xpi [2016-04-27]
FF Extension: (Element Hiding Helper for Adblock Plus) - C:\Users\db\AppData\Roaming\Mozilla\Firefox\Profiles\mb9a2erg.default-1482084049159\Extensions\elemhidehelper@adblockplus.org.xpi [2016-11-26]
FF Extension: (Adblock Plus) - C:\Users\db\AppData\Roaming\Mozilla\Firefox\Profiles\mb9a2erg.default-1482084049159\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-11-26]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [Keine Datei]
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [Keine Datei]
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [Keine Datei]
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [Keine Datei]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [Keine Datei]
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2012-08-23] (Nero AG)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-18] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
StartMenuInternet: FIREFOX.EXE - firefox.exe

Chrome:
=======
CHR HomePage: Default -> hxxps://www.google.de/?gws_rd=ssl
CHR StartupUrls: Default -> "hxxp://www.amisites.com/?type=hp&ts=1482396042&z=915db875878109ad6287d4cgdz7b8o5c5t1q3e3z5o&from=che0812&uid=SAMSUNGXSSDX830XSeries_S0WJNYABC04625"
CHR Profile: C:\Users\db\AppData\Local\Google\Chrome\User Data\Default [2016-12-22]
CHR Extension: (Google Docs) - C:\Users\db\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-12-18]
CHR Extension: (Google Drive) - C:\Users\db\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-12-18]
CHR Extension: (YouTube) - C:\Users\db\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-12-18]
CHR Extension: (Google Tabellen) - C:\Users\db\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-12-16]
CHR Extension: (Google Docs Offline) - C:\Users\db\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-12-18]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\db\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-12-16]
CHR Extension: (Google Mail) - C:\Users\db\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-12-18]
CHR Extension: (Chrome Media Router) - C:\Users\db\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-18]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
StartMenuInternet: Google Chrome - Chrome.exe

==================== Dienste (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-08-18] (SUPERAntiSpyware.com)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [1089592 2016-12-12] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [476736 2016-12-12] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [476736 2016-12-12] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1490296 2016-12-12] (Avira Operations GmbH & Co. KG)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [350528 2016-11-24] (Avira Operations GmbH & Co. KG)
R2 FoxitReaderService; C:\Program Files (x86)\FOXIT SOFTWARE\FOXIT READER\FoxitConnectedPDFService.exe [1647808 2016-06-21] (Foxit Software Inc.)
R3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4317648 2016-12-14] (Malwarebytes)
S2 Mobile Partner. RunOuc; C:\Program Files (x86)\Mobile Partner\UpdateDog\ouc.exe [246112 2014-01-14] ()
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [66872 2014-12-06] ()
R2 PnkBstrB; C:\Windows\SysWOW64\PnkBstrB.exe [107832 2014-12-06] ()
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-09-15] (Microsoft Corporation)
R2 Sparhandy_Germany Silverstone Modem Device Helper; C:\Program Files (x86)\Sparhandy Modem\BackgroundService\ServiceManager.exe [53312 2012-03-14] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
S2 HWDeviceService64.exe; "C:\ProgramData\DatacardService\HWDeviceService64.exe" -/service [X]
S2 Juqokchukity; C:\Program Files (x86)\Ckerketain\jprcnf.dll [X]

===================== Treiber (Nicht auf der Ausnahmeliste) ======================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S3 AlcatelOTnet; C:\WINDOWS\system32\DRIVERS\AlcatelOTUsbnet.sys [138752 2011-06-20] (TCT International Mobile Ltd)
R0 amdkmafd; C:\WINDOWS\System32\drivers\amdkmafd.sys [23240 2016-02-26] (Advanced Micro Devices, Inc.)
R2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [151352 2016-12-12] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [153904 2016-12-12] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\WINDOWS\system32\DRIVERS\avkmgr.sys [35488 2015-12-15] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\WINDOWS\system32\DRIVERS\avnetflt.sys [78208 2016-05-13] (Avira Operations GmbH & Co. KG)
R1 dtsoftbus01; C:\WINDOWS\System32\drivers\dtsoftbus01.sys [283064 2015-01-27] (Disc Soft Ltd)
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [16776 2011-07-29] () [Datei ist nicht signiert]
S3 epmntdrv; C:\Windows\SysWOW64\epmntdrv.sys [14216 2011-07-29] () [Datei ist nicht signiert]
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [9096 2011-07-29] () [Datei ist nicht signiert]
S3 EuGdiDrv; C:\Windows\SysWOW64\EuGdiDrv.sys [8456 2011-07-29] () [Datei ist nicht signiert]
U5 iaStor; C:\Windows\System32\Drivers\iaStor.sys [537112 2009-11-20] (Intel Corporation)
S3 jrdusbser; C:\WINDOWS\system32\DRIVERS\jrdusbser.sys [120832 2011-06-20] (TCT International Mobile Ltd)
R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [176064 2016-12-22] (Malwarebytes)
S3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [43968 2016-12-22] (Malwarebytes)
R0 MBAMSwissArmy; C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys [250816 2016-12-22] (Malwarebytes)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R2 npf; C:\WINDOWS\system32\drivers\npf.sys [36600 2015-08-21] (Riverbed Technology, Inc.)
U5 nusb3xhc; C:\Windows\System32\Drivers\nusb3xhc.sys [226696 2012-08-27] (Renesas Electronics Corporation)
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19152 2013-09-30] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] ()
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 ucdrv; C:\WINDOWS\System32\drivers:ucdrv-x64.sys [80850 ] (UC Web Inc.) <==== ACHTUNG
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
R3 ykinw8; C:\WINDOWS\System32\drivers\ykinx64.sys [288768 2016-07-16] (Marvell)

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-12-22 13:39 - 2016-12-22 14:09 - 00000000 ____D C:\FRST
2016-12-22 12:37 - 2016-12-22 12:37 - 00000916 _____ C:\Users\Public\Desktop\VLC media player.lnk
2016-12-22 12:37 - 2016-12-22 12:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2016-12-22 12:26 - 2016-12-22 12:26 - 00000000 ____D C:\Users\db\AppData\Roaming\WinRAR
2016-12-22 12:11 - 2016-12-22 12:11 - 00102856 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2016-12-22 12:10 - 2016-12-22 12:10 - 54199488 _____ (Malwarebytes ) C:\Users\db\Downloads\malwarebytes3-setup-consumer-3.0.5.1299.exe
2016-12-22 12:10 - 2016-12-22 12:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2016-12-22 12:10 - 2016-12-22 12:10 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-12-22 12:10 - 2016-12-22 12:10 - 00000000 ____D C:\Program Files\Malwarebytes
2016-12-22 12:10 - 2016-12-14 12:55 - 00077416 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2016-12-22 12:03 - 2016-12-22 14:03 - 00000000 ____D C:\Users\db\AppData\LocalLow\Mozilla
2016-12-22 12:03 - 2016-12-22 12:03 - 00000000 ____D C:\Users\db\Tracing
2016-12-22 12:00 - 2016-12-22 12:01 - 00000000 ____D C:\AdwCleaner
2016-12-22 11:52 - 2016-12-22 11:52 - 00000000 ____D C:\Users\db\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2016-12-22 11:52 - 2016-12-22 11:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2016-12-22 11:50 - 2016-12-22 11:50 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2016-12-22 11:36 - 2016-12-22 11:36 - 00000000 ____D C:\ProgramData\DAEMON Tools Lite
2016-12-22 11:35 - 2016-12-22 11:42 - 00000000 ____D C:\ProgramData\Nero
2016-12-22 11:35 - 2016-12-22 11:35 - 00000000 ____D C:\ProgramData\TreeCardGames
2016-12-22 11:35 - 2016-12-22 11:35 - 00000000 ____D C:\ProgramData\Foxit Software
2016-12-22 10:51 - 2016-12-22 10:52 - 41650235 _____ C:\Users\db\Desktop\Firefox 50.1.0 (x86 de) - 2016-12-22.pcv
2016-12-18 15:59 - 2016-12-22 12:16 - 00002340 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-12-18 15:59 - 2016-12-22 12:16 - 00002328 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-12-18 15:58 - 2016-12-18 16:04 - 00003628 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-12-18 15:58 - 2016-12-18 16:04 - 00003504 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2016-12-18 15:58 - 2016-12-18 15:59 - 00000000 ____D C:\Program Files (x86)\Google
2016-12-17 09:04 - 2016-12-22 11:23 - 00000000 ____D C:\WINDOWS\System32\Tasks\WiseCleaner
2016-12-16 20:45 - 2016-12-22 12:16 - 00001232 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-12-16 20:45 - 2016-12-22 11:22 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-12-16 20:45 - 2016-12-22 10:27 - 00001220 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-12-16 20:45 - 2016-12-17 01:30 - 00000000 ____D C:\Users\db\AppData\Local\Mozilla
2016-12-16 20:45 - 2016-12-16 20:45 - 00000000 ____D C:\Users\db\AppData\Roaming\Mozilla
2016-12-16 19:38 - 2016-12-18 16:07 - 00000000 ____D C:\Users\db\AppData\Local\Google
2016-12-16 19:38 - 2016-12-16 19:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2016-12-16 19:14 - 2016-12-16 19:15 - 00000000 ____D C:\WINDOWS\system32\appmgmt
2016-12-14 21:26 - 2016-12-14 21:26 - 00083909 _____ C:\Users\db\Desktop\DKB - Deutsche Kreditbank AG - Internet Banking.pdf
2016-12-14 20:14 - 2016-12-14 20:18 - 00000000 ___HD C:\WINDOWS\msdownld.tmp
2016-12-14 06:36 - 2016-12-14 06:36 - 00000000 ____D C:\Users\db\AppData\Local\MicrosoftEdge
2016-12-13 19:51 - 2016-12-09 11:32 - 07816032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-12-13 19:51 - 2016-12-09 11:29 - 02681200 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2016-12-13 19:51 - 2016-12-09 11:19 - 01293152 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2016-12-13 19:51 - 2016-12-09 11:18 - 01100128 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2016-12-13 19:51 - 2016-12-09 11:18 - 00989024 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2016-12-13 19:51 - 2016-12-09 11:18 - 00947552 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.efi
2016-12-13 19:51 - 2016-12-09 11:18 - 00811872 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe
2016-12-13 19:51 - 2016-12-09 11:15 - 08168000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2016-12-13 19:51 - 2016-12-09 11:15 - 01988560 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2016-12-13 19:51 - 2016-12-09 11:14 - 01274712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-12-13 19:51 - 2016-12-09 11:01 - 02323728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2016-12-13 19:51 - 2016-12-09 11:01 - 01503544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2016-12-13 19:51 - 2016-12-09 10:57 - 01852720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2016-12-13 19:51 - 2016-12-09 10:52 - 01435896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2016-12-13 19:51 - 2016-12-09 10:51 - 00117240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sspicli.dll
2016-12-13 19:51 - 2016-12-09 10:45 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2016-12-13 19:51 - 2016-12-09 10:45 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\WordBreakers.dll
2016-12-13 19:51 - 2016-12-09 10:41 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WordBreakers.dll
2016-12-13 19:51 - 2016-12-09 10:40 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2016-12-13 19:51 - 2016-12-09 10:38 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2016-12-13 19:51 - 2016-12-09 10:37 - 00411136 _____ (Microsoft Corporation) C:\WINDOWS\system32\facecredentialprovider.dll
2016-12-13 19:51 - 2016-12-09 10:36 - 06285312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2016-12-13 19:51 - 2016-12-09 10:36 - 03059200 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2016-12-13 19:51 - 2016-12-09 10:36 - 00425984 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2016-12-13 19:51 - 2016-12-09 10:36 - 00410112 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2016-12-13 19:51 - 2016-12-09 10:33 - 03777536 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2016-12-13 19:51 - 2016-12-09 10:33 - 01589760 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtctm.dll
2016-12-13 19:51 - 2016-12-09 10:31 - 00313856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2016-12-13 19:51 - 2016-12-09 10:30 - 04612608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2016-12-13 19:51 - 2016-12-09 10:28 - 03306496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2016-12-13 19:51 - 2016-12-09 10:27 - 00981504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.OnlineId.dll
2016-12-13 19:51 - 2016-12-09 10:26 - 01692672 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2016-12-13 19:51 - 2016-12-09 10:24 - 02275840 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-12-13 19:51 - 2016-12-09 10:22 - 02820096 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2016-12-13 19:51 - 2016-12-09 10:22 - 02688512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-12-13 19:51 - 2016-12-09 10:21 - 00716800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ShareHost.dll
2016-12-13 19:51 - 2016-12-09 10:19 - 01121280 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2016-12-13 19:51 - 2016-12-09 10:19 - 00433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2016-12-13 19:51 - 2016-12-09 10:19 - 00261120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2016-12-13 19:51 - 2016-12-09 10:19 - 00119296 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
2016-12-13 19:51 - 2016-12-09 10:19 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditBufferTestHook.dll
2016-12-13 19:51 - 2016-12-09 10:18 - 02138112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2016-12-13 19:51 - 2016-12-09 10:16 - 02998272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2016-12-13 19:51 - 2016-12-09 10:16 - 00353280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2016-12-13 19:51 - 2016-12-09 10:15 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2016-12-13 19:51 - 2016-12-09 10:15 - 00092672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputLocaleManager.dll
2016-12-13 19:51 - 2016-12-09 10:15 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EditBufferTestHook.dll
2016-12-13 19:51 - 2016-11-02 11:25 - 00956416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2016-12-13 19:50 - 2016-12-09 11:42 - 01637728 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-12-13 19:50 - 2016-12-09 11:42 - 00137568 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-12-13 19:50 - 2016-12-09 11:34 - 01051112 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2016-12-13 19:50 - 2016-12-09 11:34 - 00894096 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2016-12-13 19:50 - 2016-12-09 11:33 - 01354320 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-12-13 19:50 - 2016-12-09 11:33 - 01173496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-12-13 19:50 - 2016-12-09 11:30 - 00377184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2016-12-13 19:50 - 2016-12-09 11:28 - 00764392 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2016-12-13 19:50 - 2016-12-09 11:27 - 00172528 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspicli.dll
2016-12-13 19:50 - 2016-12-09 11:20 - 02677544 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2016-12-13 19:50 - 2016-12-09 11:20 - 02189664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-12-13 19:50 - 2016-12-09 11:20 - 01738560 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2016-12-13 19:50 - 2016-12-09 11:20 - 00658784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-12-13 19:50 - 2016-12-09 11:20 - 00402272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2016-12-13 19:50 - 2016-12-09 11:19 - 00168424 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcrypt.dll
2016-12-13 19:50 - 2016-12-09 11:18 - 02913144 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2016-12-13 19:50 - 2016-12-09 11:18 - 01267512 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2016-12-13 19:50 - 2016-12-09 11:18 - 00624048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-12-13 19:50 - 2016-12-09 11:14 - 00241504 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2016-12-13 19:50 - 2016-12-09 11:11 - 02048496 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2016-12-13 19:50 - 2016-12-09 11:10 - 01572768 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2016-12-13 19:50 - 2016-12-09 11:10 - 01461200 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2016-12-13 19:50 - 2016-12-09 11:09 - 00455520 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2016-12-13 19:50 - 2016-12-09 11:01 - 00861024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2016-12-13 19:50 - 2016-12-09 11:00 - 00106896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcrypt.dll
2016-12-13 19:50 - 2016-12-09 10:59 - 02166752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2016-12-13 19:50 - 2016-12-09 10:59 - 00846560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2016-12-13 19:50 - 2016-12-09 10:57 - 06668040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2016-12-13 19:50 - 2016-12-09 10:56 - 00959112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2016-12-13 19:50 - 2016-12-09 10:52 - 01415752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2016-12-13 19:50 - 2016-12-09 10:47 - 22563328 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-12-13 19:50 - 2016-12-09 10:42 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2016-12-13 19:50 - 2016-12-09 10:41 - 00380928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wincorlib.dll
2016-12-13 19:50 - 2016-12-09 10:37 - 00261632 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll
2016-12-13 19:50 - 2016-12-09 10:37 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-12-13 19:50 - 2016-12-09 10:36 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2016-12-13 19:50 - 2016-12-09 10:34 - 00822784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2016-12-13 19:50 - 2016-12-09 10:34 - 00288768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincorlib.dll
2016-12-13 19:50 - 2016-12-09 10:32 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2016-12-13 19:50 - 2016-12-09 10:31 - 03689984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2016-12-13 19:50 - 2016-12-09 10:31 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\indexeddbserver.dll
2016-12-13 19:50 - 2016-12-09 10:30 - 23677952 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-12-13 19:50 - 2016-12-09 10:30 - 19413504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-12-13 19:50 - 2016-12-09 10:29 - 04749312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2016-12-13 19:50 - 2016-12-09 10:28 - 01004544 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2016-12-13 19:50 - 2016-12-09 10:27 - 19417088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-12-13 19:50 - 2016-12-09 10:27 - 13084160 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-12-13 19:50 - 2016-12-09 10:27 - 05114368 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2016-12-13 19:50 - 2016-12-09 10:26 - 08129536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-12-13 19:50 - 2016-12-09 10:25 - 00376832 _____ (Microsoft Corporation) C:\WINDOWS\system32\CryptoWinRT.dll
2016-12-13 19:50 - 2016-12-09 10:23 - 12177920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-12-13 19:50 - 2016-12-09 10:22 - 01490944 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-12-13 19:50 - 2016-12-09 10:21 - 04746752 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-12-13 19:50 - 2016-12-09 10:21 - 03616768 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-12-13 19:50 - 2016-12-09 10:21 - 01512960 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-12-13 19:50 - 2016-12-09 10:20 - 06044160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-12-13 19:50 - 2016-12-09 10:20 - 03198464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2016-12-13 19:50 - 2016-12-09 10:20 - 00730624 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2016-12-13 19:50 - 2016-12-09 10:20 - 00187392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2016-12-13 19:50 - 2016-12-09 10:20 - 00172544 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2016-12-13 19:50 - 2016-12-09 10:18 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-12-13 19:50 - 2016-12-09 10:18 - 00165376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll
2016-12-13 19:50 - 2016-12-09 10:17 - 00886272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2016-12-13 19:50 - 2016-12-09 10:17 - 00566784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ShareHost.dll
2016-12-13 19:50 - 2016-12-09 10:16 - 01880576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-12-13 19:50 - 2016-12-09 09:54 - 00483840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2016-12-13 19:50 - 2016-11-02 11:28 - 00807424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.OnlineId.dll
2016-12-13 19:50 - 2016-09-15 17:36 - 00216576 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll
2016-12-12 18:59 - 2016-12-12 20:14 - 00000000 _____ C:\Users\Public\Documents\report.dat
2016-12-12 18:59 - 2016-12-12 18:59 - 00000000 ____D C:\WINDOWS\system32\log
2016-12-12 18:59 - 2016-12-12 18:59 - 00000000 _____ C:\Users\Public\Documents\temp.dat
2016-12-10 19:54 - 2016-11-11 11:22 - 00590960 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2016-12-10 19:54 - 2016-11-11 11:15 - 00198856 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscapi.dll
2016-12-10 19:54 - 2016-11-11 11:15 - 00101216 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceReactivation.dll
2016-12-10 19:54 - 2016-11-11 11:14 - 02482280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2016-12-10 19:54 - 2016-11-11 11:14 - 02186896 _____ (Microsoft Corporation) C:\WINDOWS\system32\hevcdecoder.dll
2016-12-10 19:54 - 2016-11-11 11:14 - 00603488 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll
2016-12-10 19:54 - 2016-11-11 11:13 - 02213760 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2016-12-10 19:54 - 2016-11-11 11:13 - 01886344 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-12-10 19:54 - 2016-11-11 11:13 - 00352096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
2016-12-10 19:54 - 2016-11-11 11:12 - 00128352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys
2016-12-10 19:54 - 2016-11-11 11:08 - 00142176 _____ (Microsoft Corporation) C:\WINDOWS\system32\migisol.dll
2016-12-10 19:54 - 2016-11-11 11:03 - 01069720 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2016-12-10 19:54 - 2016-11-11 11:03 - 00328008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2016-12-10 19:54 - 2016-11-11 11:03 - 00266544 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2016-12-10 19:54 - 2016-11-11 11:02 - 02828376 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2016-12-10 19:54 - 2016-11-11 11:02 - 00360040 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2016-12-10 19:54 - 2016-11-11 11:01 - 07219672 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2016-12-10 19:54 - 2016-11-11 11:01 - 01859264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2016-12-10 19:54 - 2016-11-11 11:01 - 00637400 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2016-12-10 19:54 - 2016-11-11 11:00 - 00335712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2016-12-10 19:54 - 2016-11-11 11:00 - 00223584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2016-12-10 19:54 - 2016-11-11 11:00 - 00219488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
2016-12-10 19:54 - 2016-11-11 10:57 - 22224480 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-12-10 19:54 - 2016-11-11 10:57 - 04130432 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2016-12-10 19:54 - 2016-11-11 10:57 - 01473048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2016-12-10 19:54 - 2016-11-11 10:56 - 01062480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2016-12-10 19:54 - 2016-11-11 10:56 - 00534096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2016-12-10 19:54 - 2016-11-11 10:56 - 00424616 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFPlay.dll
2016-12-10 19:54 - 2016-11-11 10:56 - 00418952 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2016-12-10 19:54 - 2016-11-11 10:56 - 00187520 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudStorageWizard.exe
2016-12-10 19:54 - 2016-11-11 10:56 - 00163752 _____ (Microsoft Corporation) C:\WINDOWS\system32\RTWorkQ.dll
2016-12-10 19:54 - 2016-11-11 10:56 - 00126568 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfaudiocnv.dll
2016-12-10 19:54 - 2016-11-11 10:55 - 01600624 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2016-12-10 19:54 - 2016-11-11 10:55 - 00882680 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeManagerObj.dll
2016-12-10 19:54 - 2016-11-11 10:55 - 00743224 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2016-12-10 19:54 - 2016-11-11 10:54 - 01418312 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2016-12-10 19:54 - 2016-11-11 10:51 - 00454592 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2016-12-10 19:54 - 2016-11-11 10:31 - 00366080 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
2016-12-10 19:54 - 2016-11-11 10:29 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2016-12-10 19:54 - 2016-11-11 10:27 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpremove.exe
2016-12-10 19:54 - 2016-11-11 10:26 - 00258560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xboxgip.sys
2016-12-10 19:54 - 2016-11-11 10:26 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseModernAppMgmtCSP.dll
2016-12-10 19:54 - 2016-11-11 10:26 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReportingCSP.dll
2016-12-10 19:54 - 2016-11-11 10:26 - 00042496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\modem.sys
2016-12-10 19:54 - 2016-11-11 10:26 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgentc.exe
2016-12-10 19:54 - 2016-11-11 10:25 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\system32\BcastDVRHelper.dll
2016-12-10 19:54 - 2016-11-11 10:25 - 00185344 _____ (Microsoft Corporation) C:\WINDOWS\system32\DisplayManager.dll
2016-12-10 19:54 - 2016-11-11 10:25 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcertinst.exe
2016-12-10 19:54 - 2016-11-11 10:25 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\system32\HttpsDataSource.dll
2016-12-10 19:54 - 2016-11-11 10:25 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryBroker.dll
2016-12-10 19:54 - 2016-11-11 10:24 - 00170496 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2016-12-10 19:54 - 2016-11-11 10:24 - 00159744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ACPBackgroundManagerPolicy.dll
2016-12-10 19:54 - 2016-11-11 10:24 - 00158720 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll
2016-12-10 19:54 - 2016-11-11 10:24 - 00122880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryClient.dll
2016-12-10 19:54 - 2016-11-11 10:24 - 00110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.BackgroundManagerPolicy.dll
2016-12-10 19:54 - 2016-11-11 10:24 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\VPNv2CSP.dll
2016-12-10 19:54 - 2016-11-11 10:24 - 00098304 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2016-12-10 19:54 - 2016-11-11 10:23 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnr.dll
2016-12-10 19:54 - 2016-11-11 10:23 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.Search.UriHandler.dll
2016-12-10 19:54 - 2016-11-11 10:23 - 00041472 _____ (Microsoft Corporation) C:\WINDOWS\system32\EAMProgressHandler.dll
2016-12-10 19:54 - 2016-11-11 10:22 - 00211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2016-12-10 19:54 - 2016-11-11 10:22 - 00143360 _____ (Microsoft Corporation) C:\WINDOWS\system32\EDPCleanup.exe
2016-12-10 19:54 - 2016-11-11 10:21 - 00748544 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2016-12-10 19:54 - 2016-11-11 10:21 - 00690688 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2016-12-10 19:54 - 2016-11-11 10:21 - 00379392 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepsync.dll
2016-12-10 19:54 - 2016-11-11 10:21 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2016-12-10 19:54 - 2016-11-11 10:20 - 00641024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngccredprov.dll
2016-12-10 19:54 - 2016-11-11 10:20 - 00574464 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_StorageSense.dll
2016-12-10 19:54 - 2016-11-11 10:20 - 00407552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2016-12-10 19:54 - 2016-11-11 10:20 - 00381952 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll
2016-12-10 19:54 - 2016-11-11 10:20 - 00339456 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpusersvc.dll
2016-12-10 19:54 - 2016-11-11 10:20 - 00260608 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2016-12-10 19:54 - 2016-11-11 10:20 - 00176128 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepapi.dll
2016-12-10 19:54 - 2016-11-11 10:19 - 00620544 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2016-12-10 19:54 - 2016-11-11 10:19 - 00495104 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataSenseHandlers.dll
2016-12-10 19:54 - 2016-11-11 10:19 - 00411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpsvc.dll
2016-12-10 19:54 - 2016-11-11 10:19 - 00389632 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2016-12-10 19:54 - 2016-11-11 10:19 - 00366080 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFolder.dll
2016-12-10 19:54 - 2016-11-11 10:19 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2016-12-10 19:54 - 2016-11-11 10:19 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll
2016-12-10 19:54 - 2016-11-11 10:19 - 00198144 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
2016-12-10 19:54 - 2016-11-11 10:18 - 17188352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-12-10 19:54 - 2016-11-11 10:18 - 02084352 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceFlows.DataModel.dll
2016-12-10 19:54 - 2016-11-11 10:18 - 00278016 _____ (Microsoft Corporation) C:\WINDOWS\system32\netplwiz.dll
2016-12-10 19:54 - 2016-11-11 10:17 - 01220096 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscui.cpl
2016-12-10 19:54 - 2016-11-11 10:17 - 01002496 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2016-12-10 19:54 - 2016-11-11 10:17 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvSysprep.dll
2016-12-10 19:54 - 2016-11-11 10:16 - 01477632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsecedit.dll
2016-12-10 19:54 - 2016-11-11 10:16 - 00560128 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll
2016-12-10 19:54 - 2016-11-11 10:16 - 00184832 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll
2016-12-10 19:54 - 2016-11-11 10:16 - 00161792 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeHelper.dll
2016-12-10 19:54 - 2016-11-11 10:16 - 00105984 _____ (Microsoft Corporation) C:\WINDOWS\system32\RjvMDMConfig.dll
2016-12-10 19:54 - 2016-11-11 10:15 - 00282624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2016-12-10 19:54 - 2016-11-11 10:15 - 00159232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscinterop.dll
2016-12-10 19:54 - 2016-11-11 10:14 - 02104320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2016-12-10 19:54 - 2016-11-11 10:14 - 00713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2016-12-10 19:54 - 2016-11-11 10:14 - 00615424 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnprv.dll
2016-12-10 19:54 - 2016-11-11 10:14 - 00178176 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppnp.dll
2016-12-10 19:54 - 2016-11-11 10:13 - 00396800 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2016-12-10 19:54 - 2016-11-11 10:13 - 00306176 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtcuiu.dll
2016-12-10 19:54 - 2016-11-11 10:12 - 00870912 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtcprx.dll
2016-12-10 19:54 - 2016-11-11 10:11 - 00942080 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2016-12-10 19:54 - 2016-11-11 10:11 - 00870400 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmkvsrcsnk.dll
2016-12-10 19:54 - 2016-11-11 10:11 - 00337920 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2016-12-10 19:54 - 2016-11-11 10:09 - 01366016 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2016-12-10 19:54 - 2016-11-11 10:09 - 00164352 _____ (Microsoft Corporation) C:\WINDOWS\system32\dialserver.dll
2016-12-10 19:54 - 2016-11-11 10:08 - 00539136 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToManager.dll
2016-12-10 19:54 - 2016-11-11 10:07 - 02510848 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2016-12-10 19:54 - 2016-11-11 10:07 - 02009600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2016-12-10 19:54 - 2016-11-11 10:07 - 01691136 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2016-12-10 19:54 - 2016-11-11 10:07 - 00991232 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2016-12-10 19:54 - 2016-11-11 10:07 - 00347648 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2016-12-10 19:54 - 2016-11-11 10:06 - 00960000 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2016-12-10 19:54 - 2016-11-11 10:06 - 00650752 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2016-12-10 19:54 - 2016-11-11 10:05 - 04136448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2016-12-10 19:54 - 2016-11-11 10:05 - 02852864 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2016-12-10 19:54 - 2016-11-11 10:05 - 00673792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2016-12-10 19:54 - 2016-11-11 10:04 - 06664192 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe
2016-12-10 19:54 - 2016-11-11 10:04 - 02800128 _____ (Microsoft Corporation) C:\WINDOWS\system32\netshell.dll
2016-12-10 19:54 - 2016-11-11 10:04 - 01359360 _____ (Microsoft Corporation) C:\WINDOWS\system32\usercpl.dll
2016-12-10 19:54 - 2016-11-11 10:04 - 01232384 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2016-12-10 19:54 - 2016-11-11 10:04 - 00909312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2016-12-10 19:54 - 2016-11-11 10:04 - 00691712 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsm.dll
2016-12-10 19:54 - 2016-11-11 10:04 - 00455168 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2016-12-10 19:54 - 2016-11-11 10:04 - 00389632 _____ (Microsoft Corporation) C:\WINDOWS\system32\stobject.dll
2016-12-10 19:54 - 2016-11-11 10:03 - 04708864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2016-12-10 19:54 - 2016-11-11 10:03 - 02287616 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2016-12-10 19:54 - 2016-11-11 10:03 - 00842240 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntshrui.dll
2016-12-10 19:54 - 2016-11-11 10:03 - 00717824 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2016-12-10 19:54 - 2016-11-11 10:03 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2016-12-10 19:54 - 2016-11-11 10:03 - 00283648 _____ (Microsoft Corporation) C:\WINDOWS\system32\wkssvc.dll
2016-12-10 19:54 - 2016-11-11 10:02 - 03542016 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2016-12-10 19:54 - 2016-11-11 10:02 - 01726976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2016-12-10 19:54 - 2016-11-11 09:39 - 00484584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2016-12-10 19:54 - 2016-11-11 09:00 - 01706488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2016-12-10 19:54 - 2016-11-11 08:59 - 01572768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2016-12-10 19:54 - 2016-11-11 08:54 - 00122208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\migisol.dll
2016-12-10 19:54 - 2016-11-11 08:49 - 00869848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2016-12-10 19:54 - 2016-11-11 08:49 - 00263472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll
2016-12-10 19:54 - 2016-11-11 08:49 - 00248480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2016-12-10 19:54 - 2016-11-11 08:48 - 02277248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2016-12-10 19:54 - 2016-11-11 08:47 - 05722832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2016-12-10 19:54 - 2016-11-11 08:47 - 01430720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2016-12-10 19:54 - 2016-11-11 08:47 - 00527880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2016-12-10 19:54 - 2016-11-11 08:42 - 03892864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2016-12-10 19:54 - 2016-11-11 08:42 - 01123912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2016-12-10 19:54 - 2016-11-11 08:42 - 00952416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2016-12-10 19:54 - 2016-11-11 08:42 - 00382784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2016-12-10 19:54 - 2016-11-11 08:42 - 00374448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFPlay.dll
2016-12-10 19:54 - 2016-11-11 08:42 - 00152416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RTWorkQ.dll
2016-12-10 19:54 - 2016-11-11 08:42 - 00091936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfaudiocnv.dll
2016-12-10 19:54 - 2016-11-11 08:41 - 04311736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2016-12-10 19:54 - 2016-11-11 08:41 - 00157536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudStorageWizard.exe
2016-12-10 19:54 - 2016-11-11 08:38 - 01263856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2016-12-10 19:54 - 2016-11-11 08:28 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2016-12-10 19:54 - 2016-11-11 08:27 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
2016-12-10 19:54 - 2016-11-11 08:25 - 00117248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll
2016-12-10 19:54 - 2016-11-11 08:25 - 00071168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosStorage.dll
2016-12-10 19:54 - 2016-11-11 08:24 - 00519168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ngccredprov.dll
2016-12-10 19:54 - 2016-11-11 08:24 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BcastDVRHelper.dll
2016-12-10 19:54 - 2016-11-11 08:24 - 00138240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DisplayManager.dll
2016-12-10 19:54 - 2016-11-11 08:24 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Shell.Search.UriHandler.dll
2016-12-10 19:54 - 2016-11-11 08:23 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppCapture.dll
2016-12-10 19:54 - 2016-11-11 08:23 - 00094208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryClient.dll
2016-12-10 19:54 - 2016-11-11 08:22 - 00505856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe
2016-12-10 19:54 - 2016-11-11 08:22 - 00122880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sendmail.dll
2016-12-10 19:54 - 2016-11-11 08:21 - 00332288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2016-12-10 19:54 - 2016-11-11 08:21 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2016-12-10 19:54 - 2016-11-11 08:21 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.BackgroundManagerPolicy.dll
2016-12-10 19:54 - 2016-11-11 08:20 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2016-12-10 19:54 - 2016-11-11 08:20 - 00306176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2016-12-10 19:54 - 2016-11-11 08:20 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2016-12-10 19:54 - 2016-11-11 08:19 - 13868544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-12-10 19:54 - 2016-11-11 08:19 - 01755136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DeviceFlows.DataModel.dll
2016-12-10 19:54 - 2016-11-11 08:19 - 00506880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DevicePairing.dll
2016-12-10 19:54 - 2016-11-11 08:19 - 00298496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2016-12-10 19:54 - 2016-11-11 08:19 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepsync.dll
2016-12-10 19:54 - 2016-11-11 08:19 - 00125952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepapi.dll
2016-12-10 19:54 - 2016-11-11 08:18 - 02333184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmSvc.dll
2016-12-10 19:54 - 2016-11-11 08:18 - 01336320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsecedit.dll
2016-12-10 19:54 - 2016-11-11 08:18 - 00431616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\efswrt.dll
2016-12-10 19:54 - 2016-11-11 08:18 - 00318464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchFolder.dll
2016-12-10 19:54 - 2016-11-11 08:17 - 00333312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
2016-12-10 19:54 - 2016-11-11 08:17 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSManHTTPConfig.exe
2016-12-10 19:54 - 2016-11-11 08:15 - 07626752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-12-10 19:54 - 2016-11-11 08:15 - 01357824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2016-12-10 19:54 - 2016-11-11 08:15 - 00838144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2016-12-10 19:54 - 2016-11-11 08:15 - 00348672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\zipfldr.dll
2016-12-10 19:54 - 2016-11-11 08:15 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll
2016-12-10 19:54 - 2016-11-11 08:14 - 00395264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmenrollengine.dll
2016-12-10 19:54 - 2016-11-11 08:13 - 00499200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2016-12-10 19:54 - 2016-11-11 08:12 - 00259584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdtcuiu.dll
2016-12-10 19:54 - 2016-11-11 08:10 - 06109184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2016-12-10 19:54 - 2016-11-11 08:10 - 00746496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdtcprx.dll
2016-12-10 19:54 - 2016-11-11 08:09 - 05380608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2016-12-10 19:54 - 2016-11-11 08:09 - 00545280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll
2016-12-10 19:54 - 2016-11-11 08:08 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xolehlp.dll
2016-12-10 19:54 - 2016-11-11 08:06 - 06474752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspaint.exe
2016-12-10 19:54 - 2016-11-11 08:06 - 02362880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapRouter.dll
2016-12-10 19:54 - 2016-11-11 08:06 - 02109952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapGeocoder.dll
2016-12-10 19:54 - 2016-11-11 08:06 - 01228288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usercpl.dll
2016-12-10 19:54 - 2016-11-11 08:06 - 00400384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToManager.dll
2016-12-10 19:54 - 2016-11-11 08:06 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mtxclu.dll
2016-12-10 19:54 - 2016-11-11 08:05 - 04423680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2016-12-10 19:54 - 2016-11-11 08:05 - 03370496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2016-12-10 19:54 - 2016-11-11 08:04 - 02682880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netshell.dll
2016-12-10 19:54 - 2016-11-11 08:04 - 01992704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2016-12-10 19:54 - 2016-11-11 08:04 - 01595392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-12-10 19:54 - 2016-11-11 08:04 - 00912896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2016-12-10 19:54 - 2016-11-11 08:04 - 00715264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2016-12-10 19:54 - 2016-11-11 08:04 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\stobject.dll
2016-12-10 19:54 - 2016-11-11 08:03 - 02484736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gameux.dll
2016-12-10 19:54 - 2016-11-11 08:03 - 02256384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-12-10 19:54 - 2016-11-11 08:03 - 01576448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2016-12-10 19:54 - 2016-11-11 08:03 - 01556480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2016-12-10 19:54 - 2016-11-11 08:03 - 00760832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
2016-12-10 19:54 - 2016-11-11 08:03 - 00565248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2016-12-10 19:54 - 2016-11-11 08:02 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2016-12-10 19:53 - 2016-11-11 10:59 - 00433504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2016-12-10 19:53 - 2016-11-11 10:56 - 04673304 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2016-12-10 19:53 - 2016-11-11 10:28 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2016-12-10 19:53 - 2016-11-11 10:28 - 00040960 _____ (Microsoft Corporation) C:\WINDOWS\system32\CbtBackgroundManagerPolicy.dll
2016-12-10 19:53 - 2016-11-11 10:27 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetCfgNotifyObjectHost.exe
2016-12-10 19:53 - 2016-11-11 10:25 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2016-12-10 19:53 - 2016-11-11 10:25 - 00089600 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll
2016-12-10 19:53 - 2016-11-11 10:24 - 00136192 _____ (Microsoft Corporation) C:\WINDOWS\system32\sendmail.dll
2016-12-10 19:53 - 2016-11-11 10:23 - 00567296 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicePairing.dll
2016-12-10 19:53 - 2016-11-11 10:22 - 00489472 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2016-12-10 19:53 - 2016-11-11 10:22 - 00082944 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll
2016-12-10 19:53 - 2016-11-11 10:21 - 00587776 _____ (Microsoft Corporation) C:\WINDOWS\system32\vpnike.dll
2016-12-10 19:53 - 2016-11-11 10:21 - 00313856 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2016-12-10 19:53 - 2016-11-11 10:20 - 00657920 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2016-12-10 19:53 - 2016-11-11 10:20 - 00590336 _____ (Microsoft Corporation) C:\WINDOWS\system32\efswrt.dll
2016-12-10 19:53 - 2016-11-11 10:20 - 00446976 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2016-12-10 19:53 - 2016-11-11 10:20 - 00125952 _____ (Microsoft Corporation) C:\WINDOWS\system32\setupugc.exe
2016-12-10 19:53 - 2016-11-11 10:20 - 00115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\IdCtrls.dll
2016-12-10 19:53 - 2016-11-11 10:19 - 09131008 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-12-10 19:53 - 2016-11-11 10:19 - 00388096 _____ (Microsoft Corporation) C:\WINDOWS\system32\zipfldr.dll
2016-12-10 19:53 - 2016-11-11 10:16 - 02716672 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmSvc.dll
2016-12-10 19:53 - 2016-11-11 10:15 - 00032256 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSManHTTPConfig.exe
2016-12-10 19:53 - 2016-11-11 10:14 - 07654400 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2016-12-10 19:53 - 2016-11-11 10:13 - 07812096 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2016-12-10 19:53 - 2016-11-11 10:11 - 00096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\umpoext.dll
2016-12-10 19:53 - 2016-11-11 10:07 - 03441152 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapRouter.dll
2016-12-10 19:53 - 2016-11-11 10:07 - 02953216 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapGeocoder.dll
2016-12-10 19:53 - 2016-11-11 10:07 - 01060864 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2016-12-10 19:53 - 2016-11-11 10:07 - 00779776 _____ (Microsoft Corporation) C:\WINDOWS\system32\cscui.dll
2016-12-10 19:53 - 2016-11-11 10:06 - 03400192 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncCenter.dll
2016-12-10 19:53 - 2016-11-11 10:05 - 01779712 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-12-10 19:53 - 2016-11-11 10:05 - 01031680 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2016-12-10 19:53 - 2016-11-11 10:04 - 02611200 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameux.dll
2016-12-10 19:53 - 2016-11-11 10:04 - 02317312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-12-10 19:53 - 2016-11-11 10:04 - 01709056 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2016-12-10 19:53 - 2016-11-11 10:03 - 02669056 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-12-10 19:53 - 2016-11-11 10:03 - 00905216 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2016-12-10 19:53 - 2016-11-11 10:03 - 00632320 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2016-12-10 19:53 - 2016-11-11 10:02 - 00936448 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2016-12-10 19:53 - 2016-11-11 09:01 - 02206496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2016-12-10 19:53 - 2016-11-11 09:01 - 01969912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hevcdecoder.dll
2016-12-10 19:53 - 2016-11-11 09:01 - 00167848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscapi.dll
2016-12-10 19:53 - 2016-11-11 08:42 - 20969928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-12-10 19:53 - 2016-11-11 08:27 - 00065024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetCfgNotifyObjectHost.exe
2016-12-10 19:53 - 2016-11-11 08:26 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgentc.exe
2016-12-10 19:53 - 2016-11-11 08:19 - 00364544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
2016-12-10 19:53 - 2016-11-11 08:19 - 00114176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setupugc.exe
2016-12-10 19:53 - 2016-11-11 08:18 - 01196544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscui.cpl
2016-12-10 19:53 - 2016-11-11 08:18 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscinterop.dll
2016-12-10 19:53 - 2016-11-11 08:16 - 00253952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2016-12-10 19:53 - 2016-11-11 08:03 - 00772608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntshrui.dll
2016-12-09 20:05 - 2016-12-09 20:05 - 00000374 _____ C:\WINDOWS\SysWOW64\data.bin
2016-11-26 11:51 - 2016-11-26 11:51 - 00004444 _____ C:\WINDOWS\System32\Tasks\SecureUpdater
2016-11-26 11:51 - 2016-11-26 11:51 - 00000000 ____D C:\Users\db\AppData\Roaming\Softlink
2016-11-26 11:50 - 2016-11-26 12:10 - 00000000 ____D C:\WINDOWS\system32\SSL
2016-11-26 11:50 - 2016-11-26 11:50 - 00000000 __SHD C:\Users\db\AppData\Local\svchost
2016-11-26 11:50 - 2016-11-26 11:50 - 00000000 ____D C:\Users\db\AppData\Local\app
2016-11-26 11:50 - 2016-11-09 15:55 - 00778752 _____ C:\WINDOWS\system32\chtbrkg.dll
2016-11-26 11:50 - 2016-11-09 15:55 - 00590848 _____ C:\WINDOWS\SysWOW64\chtbrkg.dll
2016-11-26 11:10 - 2016-11-26 11:10 - 00006106 _____ C:\WINDOWS\System32\Tasks\Hfodompherzuward Manager
2016-11-26 11:09 - 2016-11-26 11:09 - 00000000 ____D C:\Users\db\AppData\Local\Reasward
2016-11-26 11:08 - 2016-11-26 11:08 - 00000000 _____ C:\TOSTACK
2016-11-24 21:24 - 2016-11-24 21:24 - 01897142 _____ C:\WINDOWS\064d7d72e3926d63a5a21c8682c56df4.exe
2016-11-23 16:25 - 2016-11-23 16:25 - 00000013 _____ C:\Users\db\Desktop\Post NL.txt
2016-11-23 12:32 - 2016-11-23 12:32 - 00000000 _____ C:\autoexec.bat
2016-11-23 12:21 - 2016-12-10 15:39 - 00002121 _____ C:\Users\db\Desktop\Skype.lnk
2016-11-23 11:49 - 2016-12-22 12:24 - 00000000 ____D C:\Users\db\AppData\Roaming\Skype
2016-11-23 11:49 - 2016-11-23 11:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-12-22 13:50 - 2014-01-12 06:08 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2016-12-22 13:48 - 2016-06-18 12:47 - 00000000 ____D C:\Users\db\AppData\Local\ClassicShell
2016-12-22 13:18 - 2016-07-16 23:51 - 01618568 _____ C:\WINDOWS\system32\perfh007.dat
2016-12-22 13:18 - 2016-07-16 23:51 - 00401826 _____ C:\WINDOWS\system32\perfc007.dat
2016-12-22 13:18 - 2016-06-18 12:14 - 03527176 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-12-22 13:14 - 2016-10-29 16:26 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-12-22 13:14 - 2014-04-17 10:49 - 00250816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-12-22 13:14 - 2014-04-17 10:49 - 00043968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-12-22 13:13 - 2016-10-29 16:18 - 00000000 ____D C:\Users\db
2016-12-22 13:13 - 2016-07-16 07:04 - 00262144 _____ C:\WINDOWS\system32\config\BBI
2016-12-22 12:49 - 2016-07-16 12:47 - 00000000 ___HD C:\Program Files\WindowsApps
2016-12-22 12:49 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-12-22 12:49 - 2014-01-12 05:33 - 00000000 ____D C:\Users\db\AppData\Local\Packages
2016-12-22 12:48 - 2014-02-23 15:45 - 00000000 ____D C:\Users\db\AppData\Roaming\vlc
2016-12-22 12:36 - 2014-02-23 15:22 - 00000000 ____D C:\Program Files\VideoLAN
2016-12-22 12:11 - 2014-04-17 10:49 - 00176064 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-12-22 12:11 - 2014-04-17 10:49 - 00091584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2016-12-22 12:01 - 2016-07-16 12:45 - 00000000 ____D C:\WINDOWS\INF
2016-12-22 11:52 - 2015-01-02 18:15 - 00000000 ____D C:\Program Files\WinRAR
2016-12-22 11:31 - 2014-01-12 06:17 - 00000000 ____D C:\ProgramData\Avira
2016-12-22 11:10 - 2016-07-16 12:47 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-12-22 11:07 - 2014-01-12 05:52 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-12-20 21:56 - 2014-01-12 20:15 - 00000000 ____D C:\Users\db\AppData\Local\JDownloader 2.0
2016-12-20 21:23 - 2016-10-29 16:15 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2016-12-18 18:32 - 2014-01-22 19:02 - 00000000 ____D C:\Users\db\AppData\Local\Microsoft Help
2016-12-17 22:52 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\rescache
2016-12-17 14:30 - 2014-01-12 12:22 - 00000000 ____D C:\Users\db\Desktop\Programme
2016-12-17 14:06 - 2016-10-29 16:18 - 03407872 ____H C:\Users\db\NTUSER.bak
2016-12-16 19:53 - 2016-01-28 14:38 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-12-16 19:51 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2016-12-16 19:51 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\Macromed
2016-12-16 19:49 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\ShellExperiences
2016-12-14 20:17 - 2014-12-04 12:44 - 00000000 ____D C:\Users\db\AppData\Local\ElevatedDiagnostics
2016-12-14 19:36 - 2016-07-16 12:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-12-14 07:11 - 2014-01-12 13:58 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-12-14 07:06 - 2016-10-29 16:15 - 00344752 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-12-14 06:57 - 2014-01-22 19:03 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2016-12-14 06:49 - 2014-01-12 13:58 - 135632432 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-12-14 06:36 - 2014-10-01 20:58 - 00000000 ____D C:\Users\db\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spiele
2016-12-14 06:36 - 2014-02-22 18:38 - 00000000 ____D C:\Users\db\Documents\My Games
2016-12-12 23:02 - 2016-10-06 20:12 - 00028272 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avusbflt.sys
2016-12-12 23:02 - 2014-01-12 06:17 - 00153904 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys
2016-12-12 23:02 - 2014-01-12 06:17 - 00151352 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys
2016-12-12 22:51 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2016-12-12 20:12 - 2014-03-17 18:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet und Sicherheit
2016-12-12 18:55 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2016-12-12 00:56 - 2016-07-16 12:49 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-12-12 00:56 - 2016-07-16 12:49 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-12-11 08:14 - 2013-08-22 14:25 - 00000167 _____ C:\WINDOWS\win.ini
2016-12-11 01:40 - 2016-07-16 12:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-12-11 01:40 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\SysWOW64\oobe
2016-12-11 01:40 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2016-12-11 01:40 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-12-11 01:40 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-12-11 01:40 - 2016-07-16 07:04 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
2016-12-11 01:40 - 2016-07-16 07:04 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2016-12-11 01:40 - 2016-07-16 07:04 - 00000000 ____D C:\WINDOWS\system32\Dism
2016-12-11 01:40 - 2016-07-16 07:04 - 00000000 ____D C:\WINDOWS\servicing
2016-12-10 15:39 - 2016-10-29 16:23 - 00001576 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-12-10 15:39 - 2016-10-02 07:03 - 00002378 _____ C:\Users\db\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-12-10 15:39 - 2016-04-24 20:51 - 00000718 _____ C:\Users\db\Desktop\Ausbildung Sozifa.lnk
2016-12-10 15:39 - 2016-03-30 11:29 - 00001051 _____ C:\Users\db\Desktop\F! Manager.lnk
2016-12-10 15:39 - 2016-03-25 10:21 - 00001092 _____ C:\Users\db\Desktop\Dungeon.lnk
2016-12-10 15:39 - 2016-03-01 22:47 - 00001004 _____ C:\Users\db\Desktop\Core Temp.lnk
2016-12-10 15:39 - 2015-06-16 03:56 - 00001085 _____ C:\Users\Public\Desktop\D-Fend Reloaded.lnk
2016-12-10 15:39 - 2015-02-15 21:25 - 00000295 _____ C:\Users\db\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Papierkorb.lnk
2016-12-10 15:39 - 2014-07-10 00:55 - 00001043 _____ C:\Users\Public\Desktop\123 Free Solitaire.lnk
2016-12-10 15:39 - 2014-01-22 22:01 - 00001484 _____ C:\Users\db\Desktop\Music.lnk
2016-12-10 15:39 - 2014-01-13 00:51 - 00001449 _____ C:\Users\db\Desktop\Anstoss3.lnk
2016-12-10 15:39 - 2014-01-12 21:04 - 00002163 _____ C:\Users\db\Desktop\JDownloader 2.lnk
2016-12-10 15:39 - 2014-01-12 13:28 - 00000781 _____ C:\Users\db\Desktop\heruntergeladene Programme.lnk
2016-12-10 15:39 - 2014-01-12 13:28 - 00000725 _____ C:\Users\db\Desktop\Studium Geschichte.lnk
2016-12-10 15:39 - 2014-01-12 13:28 - 00000662 _____ C:\Users\db\Desktop\sonstiges.lnk
2016-12-10 15:39 - 2014-01-12 13:27 - 00000676 _____ C:\Users\db\Desktop\Downloads 1.lnk
2016-12-10 15:39 - 2014-01-12 13:27 - 00000639 _____ C:\Users\db\Desktop\Bilder.lnk
2016-12-10 15:39 - 2014-01-12 06:15 - 00001019 _____ C:\Users\Public\Desktop\AMP WinOFF.lnk
2016-12-10 15:39 - 2014-01-12 05:34 - 00000424 _____ C:\Users\db\Desktop\Arbeitsplatz.lnk
2016-12-09 19:57 - 2016-07-16 12:42 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
2016-12-09 15:52 - 2013-08-22 16:44 - 00389408 __RSH C:\bootmgr
2016-12-05 21:03 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\ModemLogs
2016-12-05 21:03 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\MediaViewer
2016-11-26 18:38 - 2014-08-21 18:34 - 00000000 ____D C:\Program Files (x86)\Renesas Electronics
2016-11-26 18:38 - 2014-01-12 06:15 - 00000000 ____D C:\Program Files (x86)\ImgBurn
2016-11-26 18:15 - 2016-04-04 16:49 - 00000000 ____D C:\Program Files\Intel
2016-11-26 16:57 - 2016-03-01 23:30 - 00000000 ____D C:\Program Files (x86)\SpeedFan
2016-11-26 11:12 - 2014-01-14 14:13 - 00000000 ____D C:\Program Files (x86)\Mobile Partner
2016-11-26 11:12 - 2014-01-12 20:33 - 00000000 ____D C:\Program Files (x86)\ANSTOSS 3
2016-11-26 11:11 - 2016-10-29 17:07 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2016-11-26 11:11 - 2016-10-29 17:07 - 00000000 ____D C:\Program Files (x86)\MSBuild
2016-11-26 11:11 - 2016-07-16 12:47 - 00000000 __SHD C:\Program Files (x86)\Windows Sidebar
2016-11-26 11:11 - 2016-07-16 12:47 - 00000000 ____D C:\Program Files (x86)\Windows Portable Devices
2016-11-26 11:11 - 2016-07-16 12:47 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2016-11-26 11:11 - 2016-07-16 12:47 - 00000000 ____D C:\Program Files (x86)\Windows NT
2016-11-26 11:11 - 2016-07-16 12:47 - 00000000 ____D C:\Program Files (x86)\Windows Multimedia Platform
2016-11-26 11:11 - 2016-07-16 12:47 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2016-11-26 11:11 - 2016-07-04 17:11 - 00000000 ____D C:\Program Files (x86)\ATI Technologies
2016-11-26 11:11 - 2015-10-10 14:11 - 00000000 ____D C:\Program Files (x86)\PDF24
2016-11-26 11:11 - 2015-09-06 13:11 - 00000000 ____D C:\Program Files (x86)\TSR Soft
2016-11-26 11:11 - 2015-06-16 03:56 - 00000000 ____D C:\Program Files (x86)\D-Fend Reloaded
2016-11-26 11:11 - 2015-06-15 18:11 - 00000000 ____D C:\Program Files (x86)\DOSBox-0.74
2016-11-26 11:11 - 2015-04-03 08:58 - 00000000 ____D C:\Program Files (x86)\Airline Tycoon - Deluxe
2016-11-26 11:11 - 2015-01-27 12:23 - 00000000 ____D C:\Program Files (x86)\DAEMON Tools Lite
2016-11-26 11:11 - 2014-11-26 19:31 - 00000000 ____D C:\Program Files (x86)\EaseUS
2016-11-26 11:11 - 2014-09-26 16:58 - 00000000 ____D C:\Program Files (x86)\Telestar
2016-11-26 11:11 - 2014-07-10 00:55 - 00000000 ____D C:\Program Files (x86)\123 Free Solitaire
2016-11-26 11:11 - 2014-06-11 15:03 - 00000000 ____D C:\Program Files (x86)\ClockworkMod
2016-11-26 11:11 - 2014-04-17 10:49 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-11-26 11:11 - 2014-03-25 15:08 - 00000000 ____D C:\Program Files (x86)\KWorld Multimedia
2016-11-26 11:11 - 2014-03-21 12:28 - 00000000 ____D C:\Program Files (x86)\FOXIT SOFTWARE
2016-11-26 11:11 - 2014-03-20 18:14 - 00000000 ____D C:\Program Files (x86)\JAM Software
2016-11-26 11:11 - 2014-02-23 15:46 - 00000000 ____D C:\Program Files (x86)\VideoLAN
2016-11-26 11:11 - 2014-02-21 18:07 - 00000000 ____D C:\Program Files (x86)\Valve
2016-11-26 11:11 - 2014-01-29 13:45 - 00000000 ____D C:\Program Files (x86)\Breakaway
2016-11-26 11:11 - 2014-01-23 20:31 - 00000000 ____D C:\Program Files (x86)\IrfanView
2016-11-26 11:11 - 2014-01-22 19:03 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server
2016-11-26 11:11 - 2014-01-22 19:02 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2016-11-26 11:11 - 2014-01-22 19:02 - 00000000 ____D C:\Program Files (x86)\Microsoft Analysis Services
2016-11-26 11:11 - 2014-01-18 14:08 - 00000000 ____D C:\Program Files (x86)\Sparhandy Modem
2016-11-26 11:11 - 2014-01-12 06:19 - 00000000 ____D C:\Program Files (x86)\Intel
2016-11-26 11:11 - 2014-01-12 06:17 - 00000000 ____D C:\Program Files (x86)\Avira
2016-11-26 11:11 - 2014-01-12 06:15 - 00000000 ____D C:\Program Files (x86)\AMP WinOFF
2016-11-26 11:11 - 2014-01-12 06:11 - 00000000 ____D C:\Program Files (x86)\MozBackup
2016-11-26 11:11 - 2014-01-12 06:09 - 00000000 ____D C:\Program Files (x86)\Nero
2016-11-26 11:11 - 2014-01-12 05:52 - 00000000 ___HD C:\Program Files (x86)\Temp
2016-11-26 11:11 - 2014-01-12 05:52 - 00000000 ____D C:\Program Files (x86)\Realtek
2016-11-23 15:38 - 2016-08-23 05:53 - 00000000 ____D C:\Users\db\AppData\Local\Video4you
2016-11-23 13:46 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\appcompat
2016-11-23 10:54 - 2014-03-17 18:38 - 00000000 ____D C:\Users\db\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Arbeitsprogramme
2016-11-23 09:47 - 2016-07-16 07:04 - 00032768 _____ C:\WINDOWS\system32\config\ELAM
2016-11-23 09:46 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\SystemApps

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2014-04-18 01:41 - 2015-06-16 03:52 - 0000346 ___SH () C:\Users\db\AppData\Local\70149b02515b3bb20dd492.47983420
2016-03-20 17:02 - 2016-03-20 17:02 - 0000001 _____ () C:\Users\db\AppData\Local\llftool.4.40.agreement
2016-08-05 11:03 - 2016-08-05 11:03 - 0001932 _____ () C:\Users\db\AppData\Local\recently-used.xbel

Einige Dateien in TEMP:
====================
C:\Users\db\AppData\Local\Temp\gkey.exe
C:\Users\db\AppData\Local\Temp\mininewsrepair.exe
C:\Users\db\AppData\Local\Temp\onOneWait.exe
C:\Users\db\AppData\Local\Temp\pkeyui.exe
C:\Users\db\AppData\Local\Temp\proxy_vole6225539603837152109.dll
C:\Users\db\AppData\Local\Temp\proxy_vole6240871480467010692.dll
C:\Users\db\AppData\Local\Temp\proxy_vole8257398346994971055.dll
C:\Users\db\AppData\Local\Temp\Quarantine.exe
C:\Users\db\AppData\Local\Temp\softconfig.dll
C:\Users\db\AppData\Local\Temp\wabk.exe


==================== Bamital & volsnap ======================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert

LastRegBack: 2016-12-14 06:49

==================== Ende von FRST.txt ============================

magdeburger 22.12.2016 14:41
Code:
Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 21-12-2016
durchgeführt von db (22-12-2016 14:10:28)
Gestartet von D:\heruntergeladene Programme
Windows 10 Pro Version 1607 (X64) (2016-10-29 15:28:11)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-2865356430-1766797703-3585162535-500 - Administrator - Disabled)
db (S-1-5-21-2865356430-1766797703-3585162535-1001 - Administrator - Enabled) => C:\Users\db
DefaultAccount (S-1-5-21-2865356430-1766797703-3585162535-503 - Limited - Disabled)
Gast (S-1-5-21-2865356430-1766797703-3585162535-501 - Limited - Disabled)

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Disabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Malwarebytes (Disabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

Airline Tycoon - Deluxe (HKLM-x32\...\Airline Tycoon - Deluxe) (Version:  - Spellbound Entertainment AG)
AMD Install Manager (HKLM\...\AMD Catalyst Install Manager) (Version: 5.00 - Advanced Micro Devices, Inc.)
AMP WinOFF 5.0.1 (HKLM-x32\...\AMP WinOFF) (Version: 5.0.1 - Alberto Martinez Perez)
amuleC (HKLM-x32\...\{19539992-061C-4E8B-9053-07B175303AF4}) (Version: 1.0.1 - amuleC) <==== ACHTUNG
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.24.146 - Avira Operations GmbH & Co. KG)
Avira Connect (HKLM-x32\...\{707e8edf-9482-4417-ae39-c9b5fe605e87}) (Version: 1.2.76.27124 - Avira Operations GmbH & Co. KG)
Avira Connect (x32 Version: 1.2.76.27124 - Avira Operations GmbH & Co. KG) Hidden
calibre 64bit (HKLM\...\{31ED17F1-B223-404B-9415-C31404A24CE9}) (Version: 2.16.0 - Kovid Goyal)
Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch (x32 Version:  - ) Hidden
Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch (x32 Version: 1.6 - Activision) Hidden
Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch (x32 Version:  - ) Hidden
Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch (x32 Version: 1.7 - Activision) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.25 - Piriform)
Classic Shell (HKLM\...\{383BB30A-B4A7-4666-9A83-22CFA8640097}) (Version: 4.3.0 - IvoSoft)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
D-Fend Reloaded 1.4.2 (deinstallieren) (HKLM-x32\...\D-Fend Reloaded) (Version: 1.4.2 - Alexander Herzog)
EPSON BX300F Series Printer Uninstall (HKLM\...\EPSON BX300F Series) (Version:  - SEIKO EPSON Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 55.0.2883.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.21.169 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Intel(R) Turbo Boost Technology Driver (HKLM-x32\...\{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}) (Version: 01.02.00.1002 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.35 - Irfan Skiljan)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
Malwarebytes Version 3.0.5.1299 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.5.1299 - Malwarebytes)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Mobile Partner (HKLM-x32\...\Mobile Partner) (Version: 21.005.20.00.858 - Huawei Technologies Co.,Ltd)
MozBackup 1.5.1 (HKLM-x32\...\MozBackup) (Version:  - Pavel Cvrcek)
Mozilla Firefox 50.1.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 50.1.0 (x86 de)) (Version: 50.1.0 - Mozilla)
Nero12EssTSST (HKLM-x32\...\{1DEC64C1-7F34-44CD-BC35-8E0A096300CF}) (Version: 12.0.01100 - Nero AG)
Outils de vérification linguistique 2013 de Microsoft Office*- Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Prerequisite installer (x32 Version: 12.0.0002 - Nero AG) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5901 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.1.39.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.1.39.0 - Renesas Electronics Corporation) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version:  - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version:  - Microsoft) Hidden
Skype™ 7.30 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.30.105 - Skype Technologies S.A.)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.6.1040 - SUPERAntiSpyware.com)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Universal Adb Driver (HKLM-x32\...\{D9C4202E-6D51-4B06-A8F1-22316E654BCA}) (Version: 1.0.0 - ClockworkMod)
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
Update for Skype for Business 2015 (KB3039776) 64-Bit Edition (HKLM\...\{90150000-012B-0407-1000-0000000FF1CE}_Office15.PROPLUS_{5D2260D6-DB16-41DC-915B-A39BF4F66362}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB3127976) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{E0107125-62C7-43B6-8E66-0582F397469E}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB3127976) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{E0107125-62C7-43B6-8E66-0582F397469E}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB3127976) 64-Bit Edition (HKLM\...\{90150000-012B-0407-1000-0000000FF1CE}_Office15.PROPLUS_{E0107125-62C7-43B6-8E66-0582F397469E}) (Version:  - Microsoft)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN)
WinRAR 5.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {06A7254F-59F3-4968-B748-A932F2897FBA} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Keine Datei <==== ACHTUNG
Task: {0AB6B009-7DBF-426E-9578-CB671A7BAAB4} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {0AEA29F8-65A6-46EF-95E6-7FE2D1362BAA} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {0AEFA67C-250A-4CF6-BE90-87AACA791AF9} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Keine Datei <==== ACHTUNG
Task: {0CDFFD09-FDAE-4002-8589-E6B03A623286} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Keine Datei <==== ACHTUNG
Task: {0D5260B3-58B0-49AC-89B7-195D7DF1E783} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {0F3C25D8-8FA6-4E4D-A028-0215E2E799D0} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {13AB359D-4D1D-4581-A999-84566CDB9E35} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {194E8F57-194A-4DA4-BB0E-27C79F59CC4D} - System32\Tasks\Hfodompherzuward Manager => C:\Program Files (x86)\Serlingplsuing\varise.exe
Task: {1B13BC78-82C4-4B14-BF20-C1E4DDD17DC7} - System32\Tasks\{ED3DEA28-263B-4849-AD42-442E4E240903} => pcalua.exe -a E:\battlefield2.exe -d E:\
Task: {1EA73746-34FE-4FE0-A07B-2FD4F7F44DF0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-12-18] (Google Inc.)
Task: {2454F47A-A5FC-4223-BC7B-824C5440788C} - System32\Tasks\{1BC10A7A-E47A-4D51-BD6F-71E275B9D006} => pcalua.exe -a E:\battlefield2.exe -d E:\
Task: {2566AA22-6F1B-40CF-B16A-94EB37BB6F47} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> Keine Datei <==== ACHTUNG
Task: {2E78B88E-2F42-4529-8286-2902DC993395} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {34FA9A2C-6C92-415E-ABCE-828CE00479D1} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {3730C43B-1868-462C-B00D-A2793CCD5CC2} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {38683607-310D-49F9-AF7A-EF28A3A1E5C1} - System32\Tasks\SecureUpdater => C:\Program Files (x86)\UCBrowser\Application\uclauncher.exe <==== ACHTUNG
Task: {3BBF2C0B-A3FC-4259-8F9A-1AB8E384E466} - \Microsoft\Windows\Setup\gwx\rundetector -> Keine Datei <==== ACHTUNG
Task: {3F034658-1B6E-4A94-9350-D103B77B541A} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {3F5C17E2-0992-41FA-AF83-2C31A45AA512} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {436E6C34-F7A8-43BA-B84C-5430F8AE0EDE} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {46355976-A45A-4DEF-80ED-2A10AF3E669F} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {4891C0AF-9830-49E5-9272-721F8DCE13FB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-12-18] (Google Inc.)
Task: {4D3846F9-2377-4BF8-9335-BA5F337877F9} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {51F52900-00B6-468D-AA64-7FF49F07D37A} - System32\Tasks\Microsoft\Windows\Application Experience\RenewalService => C:\ProgramData\RenewalService\Renewal.exe <==== ACHTUNG
Task: {53AAAD09-0874-4310-AB3E-E0D9ECF24D1B} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {5E7822EA-E5F4-48A3-94C8-2D8324A39BB3} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe
Task: {66A0B4A0-1F70-40E0-95DA-2077B53F523D} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Keine Datei <==== ACHTUNG
Task: {6C944835-49CB-4067-A329-93F83C7178F3} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\WINDOWS\ehome\ehrec.exe
Task: {6EBA4820-091E-44EF-B766-B3B459D86E57} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe
Task: {71111D05-B70F-4968-95D7-9233E2575526} - System32\Tasks\{13CF39C7-1E82-40A0-AB33-F8A1074CE36D} => pcalua.exe -a C:\UT2004\System\Setup.exe -d C:\UT2004\System -c uninstall "UT2004"
Task: {7C09F44F-961E-4674-B8B6-A5FEA826D61F} - \WPD\SqmUpload_S-1-5-21-2865356430-1766797703-3585162535-1001 -> Keine Datei <==== ACHTUNG
Task: {81DB740A-FAE3-43FD-91AB-C95D2BEBCCC7} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> Keine Datei <==== ACHTUNG
Task: {91C0991C-9E6A-49D6-A1D4-C30ABC030E58} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Keine Datei <==== ACHTUNG
Task: {9543497F-AF18-46B1-A9CF-2EAE531999E8} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Keine Datei <==== ACHTUNG
Task: {97BEE186-07E7-4B9E-89FA-0330B3499536} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {A9BDE5B3-2260-4238-8A45-16F52CDD028E} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-12-06] (Piriform Ltd)
Task: {ABEB7469-3657-4409-8957-4FC0DACFB05B} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {B0C2DD2B-9C43-4349-834D-0F68F9B1CA5B} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {B90AB521-FB73-403A-A6B9-9103C85B8CB3} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {B9D938EF-4D34-4AE5-8CDE-456A1F98B022} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {BF22CBA3-F4D0-4791-A4B7-FC4C5AF0BDF0} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> Keine Datei <==== ACHTUNG
Task: {C1364F06-9243-4244-B49E-B4893C55A2BB} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Keine Datei <==== ACHTUNG
Task: {C4BA3D3C-E832-41FA-8F9A-9FE02DFD5A3E} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {C969B2A2-2115-49A2-BBD1-EB52A29845DF} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Keine Datei <==== ACHTUNG
Task: {CE460513-80E6-49BF-9A73-986389515D06} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Keine Datei <==== ACHTUNG
Task: {D334B8AE-B700-4951-9118-159328ECBAD2} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {DF9730D3-0190-45D3-9028-2F5EE0E3083E} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {EA204623-908C-4208-BE97-6334C67693CF} - \Microsoft\Windows\Setup\GWXTriggers\Time-Weekend -> Keine Datei <==== ACHTUNG
Task: {ED75BD0B-9BDC-4BB9-BCA3-2E2FC7EAE788} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {F7D64D7D-6860-4F05-AB8F-BDD62B076F7C} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {F9D110F7-064E-4360-9F6F-D6A8AF2AC8A3} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Keine Datei <==== ACHTUNG

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)


==================== Verknüpfungen =============================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)

Shortcut: C:\Users\db\Desktop\F! Manager.lnk -> D:\Downloads 1\F1Manager\START.bat ()
Shortcut: C:\Users\db\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spiele\Blue Byte\Die Siedler IV\Blue Byte Game Channel.lnk -> hxxp://www.bluebyte.net/

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2016-07-16 12:42 - 2016-07-16 12:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-12-13 19:51 - 2016-12-09 11:29 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2014-02-21 21:44 - 2014-12-06 02:01 - 00066872 _____ () C:\WINDOWS\SysWoW64\PnkBstrA.exe
2014-02-21 21:44 - 2014-12-06 02:02 - 00107832 _____ () C:\WINDOWS\SysWoW64\PnkBstrB.exe
2014-01-18 14:08 - 2012-03-14 12:05 - 00053312 _____ () C:\Program Files (x86)\Sparhandy Modem\BackgroundService\ServiceManager.exe
2016-12-22 12:10 - 2016-12-14 12:55 - 02259232 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
2014-01-14 14:14 - 2014-01-14 14:14 - 00246112 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe
2016-12-13 19:51 - 2016-12-09 11:29 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-10-29 16:30 - 2016-10-29 16:30 - 01864384 _____ () C:\Users\db\AppData\Local\Microsoft\OneDrive\17.3.6517.0809_1\amd64\ClientTelemetry.dll
2010-07-15 05:44 - 2010-07-15 05:44 - 00020032 _____ () C:\Program Files\Unlocker\UnlockerCOM.dll
2016-10-29 17:11 - 2016-10-29 17:11 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2016-12-13 19:50 - 2016-12-09 10:41 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2014-01-14 14:14 - 2014-01-14 14:14 - 00011362 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\mingwm10.dll
2014-01-14 14:14 - 2014-01-14 14:14 - 00043008 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\libgcc_s_dw2-1.dll
2014-01-14 14:14 - 2014-01-14 14:14 - 02415104 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\QtCore4.dll
2014-01-14 14:14 - 2014-01-14 14:14 - 01148416 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\QtNetwork4.dll
2014-01-14 14:14 - 2014-01-14 14:14 - 00384512 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\QueryStrategy.dll
2014-01-14 14:14 - 2014-01-14 14:14 - 00398336 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\QtXml4.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)

AlternateDataStreams: C:\WINDOWS\system32\drivers:ucdrv-x64.sys [80850]
AlternateDataStreams: C:\WINDOWS\system32\drivers:x64 [360536]
AlternateDataStreams: C:\WINDOWS\system32\drivers:x86 [1156450]

==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)


==================== Hosts Inhalt: ===============================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____N C:\WINDOWS\system32\Drivers\etc\hosts


==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12222016131541558\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12222016131541592\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-21-2865356430-1766797703-3585162535-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\db\AppData\Roaming\Microsoft\Windows Photo Viewer\Hintergrundbild der Windows-Fotoanzeige.jpg
HKU\S-1-5-21-2865356430-1766797703-3585162535-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12222016131541623\Control Panel\Desktop\\Wallpaper -> C:\Users\db\AppData\Roaming\Microsoft\Windows Photo Viewer\Hintergrundbild der Windows-Fotoanzeige.jpg
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

HKLM\...\StartupApproved\Run: => "StartCN"
HKLM\...\StartupApproved\Run32: => "avgnt"
HKLM\...\StartupApproved\Run32: => "StartCCC"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "Avira Systray"
HKLM\...\StartupApproved\Run32: => "PlaysTV"
HKLM\...\StartupApproved\Run32: => "Raptr"
HKLM\...\StartupApproved\Run32: => "Avira SystrayStartTrigger"
HKU\S-1-5-21-2865356430-1766797703-3585162535-1001\...\StartupApproved\Run: => "HydraVisionDesktopManager"
HKU\S-1-5-21-2865356430-1766797703-3585162535-1001\...\StartupApproved\Run: => "EPSON Stylus Office BX300F"
HKU\S-1-5-21-2865356430-1766797703-3585162535-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12222016131541623\...\StartupApproved\Run: => "HydraVisionDesktopManager"
HKU\S-1-5-21-2865356430-1766797703-3585162535-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12222016131541623\...\StartupApproved\Run: => "EPSON Stylus Office BX300F"

==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [vm-monitoring-nb-session] => LPort=139
FirewallRules: [{014DF778-9A0B-4A9D-881C-537C17DCAAE4}] => C:\Program Files (x86)\Nero\Nero 12\Nero BackItUp\BackItUp.exe
FirewallRules: [{7FDE83D3-11B7-4D4B-B335-56403F7B2DD8}] => C:\Program Files (x86)\Nero\Nero 12\Nero BackItUp\BackItUp.exe
FirewallRules: [{0E4A56FA-955C-4330-883B-B1607E6FA733}] => C:\Program Files (x86)\Nero\KM\KwikMedia.exe
FirewallRules: [{601A22F8-6E9A-4575-9FC5-6DEE1D4971D2}] => C:\Program Files (x86)\Nero\KM\KwikMedia.exe
FirewallRules: [{64F2A352-A960-46FA-B313-F4E936D874BE}] => C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{CFBE1B6D-B1CD-4471-A8EC-11A098B89754}] => C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{6C1135A9-AFD2-47A0-A2FD-0C75895D5F20}] => C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{D5206996-B1ED-40CF-9509-3BDD0522981F}] => C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{CF24AF9E-F8BF-49BD-BFBB-B5B5F21D2D49}] => C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{3488443A-FE54-4DFE-AD00-2A7BEA0F955F}] => C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{934B94D4-EE6C-4936-94EE-1CD317E382BF}] => C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{8CCC3458-3CA2-4AFB-85BE-0602DDA7CA93}] => C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{0079C627-51B6-4178-8F81-A07BAE786BBD}] => C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{40EE72F9-E40D-4D84-8776-5E103EA9F762}] => C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{8ACE0E43-AE05-4D01-A20F-6D139E969FA3}] => C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{3D03CF39-629D-4847-8B37-EC6D612BA4D5}] => C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [TCP Query User{6EC1A918-2C6C-4757-A7F2-D1208923B223}C:\windows\syswow64\dplaysvr.exe] => C:\windows\syswow64\dplaysvr.exe
FirewallRules: [UDP Query User{2EA2EF77-1347-4595-8C09-7DC22D18919A}C:\windows\syswow64\dplaysvr.exe] => C:\windows\syswow64\dplaysvr.exe
FirewallRules: [TCP Query User{B3CF27DE-9720-4603-8C41-6ED088A48264}C:\program files (x86)\kworld multimedia\hypermedia\liveupdate\liveupdate.exe] => C:\program files (x86)\kworld multimedia\hypermedia\liveupdate\liveupdate.exe
FirewallRules: [UDP Query User{69E858C0-6B85-47C3-9074-0292F385A6D7}C:\program files (x86)\kworld multimedia\hypermedia\liveupdate\liveupdate.exe] => C:\program files (x86)\kworld multimedia\hypermedia\liveupdate\liveupdate.exe
FirewallRules: [{253034A2-3C02-414A-BB3C-0634D23E4D1C}] => LPort=80
FirewallRules: [{B2EC26D2-E0B1-46AF-B990-16F98BB17653}] => LPort=443
FirewallRules: [{3D4B0D62-326B-4D57-A6DA-278D4A6F6688}] => LPort=20010
FirewallRules: [{A880EC3B-22AF-4F2B-9714-3C85C973D3D2}] => LPort=3478
FirewallRules: [{951B7EDD-ED2E-4405-B16F-D9D2923A787C}] => LPort=7850
FirewallRules: [{6CF1E03F-5F7A-4CA1-8D9F-E3726C889122}] => LPort=7852
FirewallRules: [{1D0B4EEC-3172-4167-A454-011B17867B41}] => LPort=7853
FirewallRules: [{F115EE06-A299-4C21-B7F1-575E1AB70798}] => LPort=27022
FirewallRules: [{6A77E5F4-BEF0-4B82-A9CF-320AC72BA6D4}] => LPort=6881
FirewallRules: [{132D4B2B-3CDF-43BF-93AA-C7E33E537AF4}] => LPort=33333
FirewallRules: [{684C5A27-CEC3-490D-97C7-7B907746B871}] => LPort=20443
FirewallRules: [{CBC8C096-2C19-4B1D-AA71-1909130CABF9}] => LPort=8090
FirewallRules: [TCP Query User{A507A371-5BF0-4A78-A2F2-FA9A72719B29}C:\program files (x86)\telestar\telestar.exe] => C:\program files (x86)\telestar\telestar.exe
FirewallRules: [UDP Query User{9AEAE644-063C-45CC-9528-FE3D512E22DF}C:\program files (x86)\telestar\telestar.exe] => C:\program files (x86)\telestar\telestar.exe
FirewallRules: [{DA433F71-62F0-49C4-8663-4D43558951FA}] => C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{568DD947-A74A-4266-A099-6C7FBE491A0A}] => C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{8C71E734-7651-4CF1-8682-1671AD6595FC}] => C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{B0E30C76-C0C7-49E1-B137-DD67636A5C4D}] => C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [UDP Query User{3C8820C5-D8E1-42A8-B397-52D01B5F8B18}C:\program files (x86)\skype\phone\skype.exe] => C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{2BFF209A-BA93-4357-BCC1-120D0C12A121}C:\program files (x86)\skype\phone\skype.exe] => C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{C925960E-5025-4319-B251-04F930A2A28C}C:\program files (x86)\skype\phone\skype.exe] => C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{F30AF08D-D92C-48C6-B170-70BB85DE65F0}] => C:\Users\db\AppData\Local\Temp\is-7V9CD.tmp\download\MiniThunderPlatform.exe
FirewallRules: [{39E1D2A5-5990-4CCD-BB6D-971F4180DE90}] => LPort=1688
FirewallRules: [{E1C81A22-33CD-4CA2-A2DD-3FEAEF232B8E}] => LPort=1688
FirewallRules: [{212EB54C-3E17-4B80-BC16-1119E69CA757}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{DC6CFF15-4107-4F62-B1C9-73398426599E}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{5120A1FC-2DBA-4328-841F-795966F9F2F1}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Wiederherstellungspunkte =========================

22-12-2016 11:51:41 JRT Pre-Junkware Removal
22-12-2016 13:34:52 JRT Pre-Junkware Removal

==================== Fehlerhafte Geräte im Gerätemanager =============

Name: USB 2.0 Camera
Description: USB-Videogerät
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: Microsoft
Service: usbvideo
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (12/22/2016 01:51:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: mbam.exe, Version: 2.3.173.0, Zeitstempel: 0x56e065b4
Name des fehlerhaften Moduls: MSVCR100.dll, Version: 10.0.40219.325, Zeitstempel: 0x4df2be1e
Ausnahmecode: 0x40000015
Fehleroffset: 0x0008d6fd
ID des fehlerhaften Prozesses: 0x4f4
Startzeit der fehlerhaften Anwendung: 0x01d25c520f726809
Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
Pfad des fehlerhaften Moduls: C:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dll
Berichtskennung: 877673a6-b590-4444-8de8-4ee9c9682449
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (12/22/2016 01:34:54 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.

System Error:
Zugriff verweigert
.

Error: (12/22/2016 12:02:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: mbam.exe, Version: 2.3.173.0, Zeitstempel: 0x56e065b4
Name des fehlerhaften Moduls: MSVCR100.dll, Version: 10.0.40219.325, Zeitstempel: 0x4df2be1e
Ausnahmecode: 0x40000015
Fehleroffset: 0x0008d6fd
ID des fehlerhaften Prozesses: 0x11b8
Startzeit der fehlerhaften Anwendung: 0x01d25c42eecb6cf2
Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
Pfad des fehlerhaften Moduls: C:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dll
Berichtskennung: f4428dc0-3935-4350-bf42-e743b6936350
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (12/22/2016 11:51:43 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.

System Error:
Zugriff verweigert
.

Error: (12/22/2016 11:51:04 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: mbam.exe, Version: 2.3.173.0, Zeitstempel: 0x56e065b4
Name des fehlerhaften Moduls: MSVCR100.dll, Version: 10.0.40219.325, Zeitstempel: 0x4df2be1e
Ausnahmecode: 0x40000015
Fehleroffset: 0x0008d6fd
ID des fehlerhaften Prozesses: 0xb34
Startzeit der fehlerhaften Anwendung: 0x01d25c414abebf0a
Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
Pfad des fehlerhaften Moduls: C:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dll
Berichtskennung: 465f6162-3e90-4e63-a23b-3cfc6284e5d9
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (12/22/2016 11:36:40 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: mbam.exe, Version: 2.3.173.0, Zeitstempel: 0x56e065b4
Name des fehlerhaften Moduls: MSVCR100.dll, Version: 10.0.40219.325, Zeitstempel: 0x4df2be1e
Ausnahmecode: 0x40000015
Fehleroffset: 0x0008d6fd
ID des fehlerhaften Prozesses: 0x5b8
Startzeit der fehlerhaften Anwendung: 0x01d25c3f47a72251
Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
Pfad des fehlerhaften Moduls: C:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dll
Berichtskennung: c55f945a-c16c-474c-acfb-56f7b9bdbfa1
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (12/22/2016 11:36:27 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: mbam.exe, Version: 2.3.173.0, Zeitstempel: 0x56e065b4
Name des fehlerhaften Moduls: MSVCR100.dll, Version: 10.0.40219.325, Zeitstempel: 0x4df2be1e
Ausnahmecode: 0x40000015
Fehleroffset: 0x0008d6fd
ID des fehlerhaften Prozesses: 0x16ac
Startzeit der fehlerhaften Anwendung: 0x01d25c3f3ffb2ae9
Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
Pfad des fehlerhaften Moduls: C:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dll
Berichtskennung: d7ce9413-c1aa-4e74-97f2-5f33e812a75b
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (12/22/2016 11:23:26 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: iexplore.exe, Version: 11.0.14393.0, Zeitstempel: 0x57899953
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 10.0.14393.479, Zeitstempel: 0x582588e6
Ausnahmecode: 0xc06d007e
Fehleroffset: 0x0000000000017788
ID des fehlerhaften Prozesses: 0x116c
Startzeit der fehlerhaften Anwendung: 0x01d25c3d6e66edd4
Pfad der fehlerhaften Anwendung: C:\Program Files\Internet Explorer\iexplore.exe
Pfad des fehlerhaften Moduls: C:\WINDOWS\System32\KERNELBASE.dll
Berichtskennung: a7fe21de-c87d-40f6-9a77-7dfd8e97fd65
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (12/22/2016 11:21:55 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: iexplore.exe, Version: 11.0.14393.0, Zeitstempel: 0x57899953
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 10.0.14393.479, Zeitstempel: 0x582588e6
Ausnahmecode: 0xc06d007e
Fehleroffset: 0x0000000000017788
ID des fehlerhaften Prozesses: 0xdbc
Startzeit der fehlerhaften Anwendung: 0x01d25c3d385f0738
Pfad der fehlerhaften Anwendung: C:\Program Files\Internet Explorer\iexplore.exe
Pfad des fehlerhaften Moduls: C:\WINDOWS\System32\KERNELBASE.dll
Berichtskennung: 5d047517-28f5-4001-87db-04227c599b90
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (12/22/2016 11:17:04 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: iexplore.exe, Version: 11.0.14393.0, Zeitstempel: 0x57899953
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 10.0.14393.479, Zeitstempel: 0x582588e6
Ausnahmecode: 0xc06d007e
Fehleroffset: 0x0000000000017788
ID des fehlerhaften Prozesses: 0x1bd8
Startzeit der fehlerhaften Anwendung: 0x01d25c3c8a9bc6a4
Pfad der fehlerhaften Anwendung: C:\Program Files\Internet Explorer\iexplore.exe
Pfad des fehlerhaften Moduls: C:\WINDOWS\System32\KERNELBASE.dll
Berichtskennung: b462eccd-1f62-42f9-a40f-47229c8bf1a7
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:


Systemfehler:
=============
Error: (12/22/2016 01:14:33 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\SYSTEM" (SID: S-1-5-18) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 und der APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.

Error: (12/22/2016 01:14:06 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Mobile Partner. RunOuc" wurde aufgrund folgenden Fehlers nicht gestartet:
Der Dienst antwortete nicht rechtzeitig auf die Start- oder Steuerungsanforderung.

Error: (12/22/2016 01:14:06 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (60000 ms) wurde beim Verbindungsversuch mit dem Dienst Mobile Partner. RunOuc erreicht.

Error: (12/22/2016 01:14:06 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Juqokchukity" wurde mit folgendem Fehler beendet:
Das angegebene Modul wurde nicht gefunden.

Error: (12/22/2016 01:14:05 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "HWDeviceService64.exe" wurde aufgrund folgenden Fehlers nicht gestartet:
Das System kann die angegebene Datei nicht finden.

Error: (12/22/2016 01:13:58 PM) (Source: Application Popup) (EventID: 56) (User: )
Description: RISD0001

Error: (12/22/2016 12:02:08 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\SYSTEM" (SID: S-1-5-18) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 und der APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.

Error: (12/22/2016 12:01:48 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Mobile Partner. RunOuc" wurde aufgrund folgenden Fehlers nicht gestartet:
Der Dienst antwortete nicht rechtzeitig auf die Start- oder Steuerungsanforderung.

Error: (12/22/2016 12:01:48 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (60000 ms) wurde beim Verbindungsversuch mit dem Dienst Mobile Partner. RunOuc erreicht.

Error: (12/22/2016 12:01:48 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Juqokchukity" wurde mit folgendem Fehler beendet:
Das angegebene Modul wurde nicht gefunden.


CodeIntegrity:
===================================
  Date: 2016-12-22 11:38:25.504
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\winhttp.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-12-22 11:38:25.486
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\winhttp.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-12-16 20:04:34.106
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\winhttp.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-12-16 20:04:34.088
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\winhttp.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-12-13 06:17:46.173
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\winhttp.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-12-13 06:17:46.155
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\winhttp.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-12-12 22:26:46.667
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\winhttp.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-12-12 22:26:46.642
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\winhttp.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-12-12 22:24:57.006
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\winhttp.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-12-12 22:24:56.987
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\winhttp.dll because the set of per-page image hashes could not be found on the system.


==================== Speicherinformationen ===========================

Prozessor: Intel(R) Core(TM) i5 CPU M 480 @ 2.67GHz
Prozentuale Nutzung des RAM: 41%
Installierter physikalischer RAM: 5998.09 MB
Verfügbarer physikalischer RAM: 3506.19 MB
Summe virtueller Speicher: 12398.09 MB
Verfügbarer virtueller Speicher: 10039.92 MB

==================== Laufwerke ================================

Drive c: () (Fixed) (Total:118.8 GB) (Free:46.36 GB) NTFS ==>[Laufwerk mit Startkomponenten (eingeholt von BCD)]
Drive d: () (Fixed) (Total:465.75 GB) (Free:224.06 GB) NTFS
Drive h: () (Removable) (Total:29.8 GB) (Free:25.73 GB) FAT32

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 119.2 GB) (Disk ID: EC22E958)
Partition 1: (Active) - (Size=118.8 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=450 MB) - (Type=27)

========================================================
Disk: 1 (Size: 465.8 GB) (Disk ID: 0FC8EF90)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=OF Extended)

========================================================
Disk: 4 (Size: 29.8 GB) (Disk ID: 05CF5B9E)
Partition 1: (Not Active) - (Size=29.8 GB) - (Type=0C)

==================== Ende von Addition.txt ============================
Code:
Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 14:14:58, on 22.12.2016
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Unable to get Internet Explorer version!

FIREFOX: 50.1.0 (x86 de)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
D:\heruntergeladene Programme\Antivirusprogramme\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
F2 - REG:system.ini: UserInit=
O2 - BHO: Skype for Business Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
O4 - HKLM\..\Run: [PDFPrint] "C:\Program Files (x86)\PDF24\pdf24.exe"
O4 - HKLM\..\Run: [Avira SystrayStartTrigger] "C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe"
O4 - HKCU\..\Run: [EPSON Stylus Office BX300F] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIEJE.EXE /FU "C:\Windows\TEMP\E_S78F9.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-21-2865356430-1766797703-3585162535-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12222016131541623\..\Run: [EPSON Stylus Office BX300F] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIEJE.EXE /FU "C:\Windows\TEMP\E_S78F9.tmp" /EF "HKCU" (User '?')
O4 - HKUS\S-1-5-21-2865356430-1766797703-3585162535-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12222016131541623\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun (User '?')
O8 - Extra context menu item: An OneNote s&enden - res://C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll/105
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\Program Files\Microsoft Office\Office15\EXCEL.EXE/3000
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra button: Lync: Anruf per Mausklick - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra 'Tools' menuitem: Lync: Anruf per Mausklick - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 8.8.8.8,8.8.8.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 8.8.8.8,8.8.8.4
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - (no file)
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\WINDOWS\system32\atiesrxx.exe (file missing)
O23 - Service: Avira Email-Schutz (AntiVirMailService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe
O23 - Service: Avira Planer (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Echtzeit-Scanner (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira Service Host (Avira.ServiceHost) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: Foxit Reader Service (FoxitReaderService) - Foxit Software Inc. - C:\Program Files (x86)\FOXIT SOFTWARE\FOXIT READER\FoxitConnectedPDFService.exe
O23 - Service: Google Update-Dienst (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-Dienst (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HWDeviceService64.exe - Unknown owner - C:\ProgramData\DatacardService\HWDeviceService64.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
O23 - Service: Mobile Partner. OUC (Mobile Partner. RunOuc) - Unknown owner - C:\Program Files (x86)\Mobile Partner\UpdateDog\ouc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: Nero Update (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender Advanced Threat Protection\MsSense.exe,-1001 (Sense) - Unknown owner - C:\Program Files (x86)\Windows Defender Advanced Threat Protection\MsSense.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: Sparhandy_Germany Silverstone Modem Device Helper - Unknown owner - C:\Program Files (x86)\Sparhandy Modem\BackgroundService\ServiceManager.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\WINDOWS\system32\TieringEngineService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9476 bytes
Code:
Malwarebytes
www.malwarebytes.com

-Protokolldetails-
Scan-Datum: 22.12.16
Scan-Zeit: 14:27
Protokolldatei:
Administrator: Ja

-Softwaredaten-
Version: 3.0.5.1299
Komponentenversion: 1.0.43
Version des Aktualisierungspakets: 1.0.827
Lizenz: Testversion

-Systemdaten-
Betriebssystem: Windows 10
CPU: x64
Dateisystem: NTFS
Benutzer: Sonydb\db

-Scan-Übersicht-
Scan-Typ: Bedrohungs-Scan
Ergebnis: Abgeschlossen
Gescannte Objekte: 402077
Abgelaufene Zeit: 3 Min., 16 Sek.

-Scan-Optionen-
Speicher: Aktiviert
Start: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

-Scan-Details-
Prozess: 0
(keine bösartigen Elemente erkannt)

Modul: 0
(keine bösartigen Elemente erkannt)

Registrierungsschlüssel: 0
(keine bösartigen Elemente erkannt)

Registrierungswert: 0
(keine bösartigen Elemente erkannt)

Daten-Stream: 0
(keine bösartigen Elemente erkannt)

Ordner: 0
(keine bösartigen Elemente erkannt)

Datei: 0
(keine bösartigen Elemente erkannt)

Physischer Sektor: 0
(keine bösartigen Elemente erkannt)


(end)
Code:
Malwarebytes
www.malwarebytes.com

-Protokolldetails-
Scan-Datum: 22.12.16
Scan-Zeit: 13:08
Protokolldatei:
Administrator: Ja

-Softwaredaten-
Version: 3.0.5.1299
Komponentenversion: 1.0.43
Version des Aktualisierungspakets: 1.0.826
Lizenz: Testversion

-Systemdaten-
Betriebssystem: Windows 10
CPU: x64
Dateisystem: NTFS
Benutzer: Sonydb\db

-Scan-Übersicht-
Scan-Typ: Bedrohungs-Scan
Ergebnis: Abgeschlossen
Gescannte Objekte: 402103
Abgelaufene Zeit: 3 Min., 30 Sek.

-Scan-Optionen-
Speicher: Aktiviert
Start: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

-Scan-Details-
Prozess: 0
(keine bösartigen Elemente erkannt)

Modul: 1
PUP.Optional.Elex, C:\PROGRAMDATA\WINSAPSVC\WINSAP.DLL, Keine Aktion durch Benutzer, [15], [338081],1.0.826

Registrierungsschlüssel: 0
(keine bösartigen Elemente erkannt)

Registrierungswert: 0
(keine bösartigen Elemente erkannt)

Daten-Stream: 0
(keine bösartigen Elemente erkannt)

Ordner: 1
PUP.Optional.Elex, C:\PROGRAMDATA\WINSAPSVC, Keine Aktion durch Benutzer, [15], [338081],1.0.826

Datei: 1
PUP.Optional.Elex, C:\PROGRAMDATA\WINSAPSVC\WINSAP.DLL, Keine Aktion durch Benutzer, [15], [338081],1.0.826

Physischer Sektor: 0
(keine bösartigen Elemente erkannt)


(end)

cosinus 22.12.2016 16:02
+++ WICHTIGER HINWEIS +++


Während der Analyse und Bereinigung nimmst du KEINERLEI Änderungen auf eigene Faust vor, d.h. du installierst oder deinstallierst keine Software ohne Absprache.
Auch veränderst du keine Systemeinstellungen, solange wir deinen Fall bearbeiten. Änderungen, Installationen oder Deinstallationen machst du AUSSCHLIESSLICH nur auf Anweisung!
Es wird erforderlich sein, deinen Virenscanner zu deaktivieren und in bestimmten Fällen auch zu deinstallieren, damit vernünftig bereinigt werden kann. Dein System ist daher erst wenn wir hier fertig sind wieder für den alltäglichen Gebrauch wie surfen oder mailen von mir freigegeben.

Gelesen und verstanden?



Bitte Avira deinstallieren. Das Teil empfehlen wir schon seit Jahren aus mehreren Gründen nicht mehr. Ein Grund ist ne rel. hohe Fehlalarmquote, der zweite Hauptgrund ist, dass die immer noch mit ASK zusammenarbeiten (Avira Suchfunktion geht über ASK). Auch andere Freewareanbieter wie AVG, Avast oder Panda sprangen auf diesen Zug auf; so was ist bei Sicherheitssoftware einfach inakzeptabel. Vgl. Antivirensoftware: Schutz Für Ihre Dateien, Aber Auf Kosten Ihrer Privatsphäre? | Emsisoft Blog

Gib Bescheid wenn Avira weg ist; wenn wir hier durch sind, kannst du auf einen anderen Virenscanner umsteigen, Infos folgen dann im Abschlussposting. Bitte JETZT nix mehr ohne Absprache installieren!

magdeburger 22.12.2016 16:55
Nutze Avira schon seit Jahren und fand ihn immer gut und schonnend, was empfiehlt ihr denn?

Ich habe den Virenscanner mal deinstalliert..

cosinus 22.12.2016 16:57
1. Schritt: Malwarebytes Anti-Rootkit (MBAR)

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers




2. Schritt: Kaspersky TDSS-Killer

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.




Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit.
Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten.
Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
http://www.trojaner-board.de/picture...&pictureid=307

magdeburger 22.12.2016 17:20
Code:
Malwarebytes Anti-Rootkit BETA 1.9.3.1001
www.malwarebytes.org

Database version:
  main:    v2016.12.22.08
  rootkit: v2016.11.20.01

Windows 10 x64 NTFS
Internet Explorer 11.576.14393.0
db :: SONYDB [administrator]

22.12.2016 17:05:33
mbar-log-2016-12-22 (17-05-33).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 327519
Time elapsed: 7 minute(s), 5 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)


Code:
17:15:06.0577 0x17f0  TDSS rootkit removing tool 3.1.0.12 Nov  7 2016 07:10:01
17:15:09.0042 0x17f0  ============================================================
17:15:09.0042 0x17f0  Current date / time: 2016/12/22 17:15:09.0042
17:15:09.0042 0x17f0  SystemInfo:
17:15:09.0043 0x17f0 
17:15:09.0043 0x17f0  OS Version: 10.0.14393 ServicePack: 0.0
17:15:09.0043 0x17f0  Product type: Workstation
17:15:09.0043 0x17f0  ComputerName: SONYDB
17:15:09.0043 0x17f0  UserName: db
17:15:09.0043 0x17f0  Windows directory: C:\WINDOWS
17:15:09.0043 0x17f0  System windows directory: C:\WINDOWS
17:15:09.0043 0x17f0  Running under WOW64
17:15:09.0043 0x17f0  Processor architecture: Intel x64
17:15:09.0043 0x17f0  Number of processors: 4
17:15:09.0043 0x17f0  Page size: 0x1000
17:15:09.0043 0x17f0  Boot type: Normal boot
17:15:09.0043 0x17f0  CodeIntegrityOptions = 0x00000001
17:15:09.0043 0x17f0  ============================================================
17:15:09.0148 0x17f0  KLMD registered as C:\WINDOWS\system32\drivers\33984246.sys
17:15:09.0148 0x17f0  KLMD ARK init status: drvProperties = 0xFFF00, osBuild = 14393.576, osProperties = 0x19
17:15:09.0206 0x17f0  System UUID: {89ED3A84-A01E-3FFA-4466-86F945B2E9B7}
17:15:09.0535 0x17f0  Drive \Device\Harddisk0\DR0 - Size: 0x1DCF856000 ( 119.24 Gb ), SectorSize: 0x200, Cylinders: 0x3CCE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:15:09.0593 0x17f0  Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:15:09.0612 0x17f0  Drive \Device\Harddisk4\DR4 - Size: 0x773C00000 ( 29.81 Gb ), SectorSize: 0x200, Cylinders: 0xF33, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
17:15:09.0614 0x17f0  ============================================================
17:15:09.0615 0x17f0  \Device\Harddisk0\DR0:
17:15:09.0615 0x17f0  MBR partitions:
17:15:09.0615 0x17f0  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xED9A000
17:15:09.0615 0x17f0  \Device\Harddisk1\DR1:
17:15:09.0615 0x17f0  MBR partitions:
17:15:09.0625 0x17f0  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F00, BlocksNum 0x3A380D41
17:15:09.0625 0x17f0  \Device\Harddisk4\DR4:
17:15:09.0626 0x17f0  MBR partitions:
17:15:09.0626 0x17f0  \Device\Harddisk4\DR4\Partition1: MBR, Type 0xC, StartLBA 0x2000, BlocksNum 0x3B9E000
17:15:09.0626 0x17f0  ============================================================
17:15:09.0629 0x17f0  C: <-> \Device\Harddisk0\DR0\Partition1
17:15:09.0638 0x17f0  D: <-> \Device\Harddisk1\DR1\Partition1
17:15:09.0638 0x17f0  ============================================================
17:15:09.0638 0x17f0  Initialize success
17:15:09.0638 0x17f0  ============================================================
17:15:51.0103 0x144c  ============================================================
17:15:51.0103 0x144c  Scan started
17:15:51.0103 0x144c  Mode: Manual; SigCheck; TDLFS;
17:15:51.0103 0x144c  ============================================================
17:15:51.0103 0x144c  KSN ping started
17:15:51.0194 0x144c  KSN ping finished: true
17:15:53.0318 0x144c  ================ Scan system memory ========================
17:15:53.0318 0x144c  System memory - ok
17:15:53.0319 0x144c  ================ Scan services =============================
17:15:53.0329 0x144c  [ 970C70F6B2953ED43822D3797855D84C, CB22723678B514277BC6E6DDDD206F3B2377CD889C9D473A47A7056BE597BC6B ] !SASCORE        C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
17:15:53.0455 0x144c  !SASCORE - ok
17:15:53.0508 0x144c  1394ohci - ok
17:15:53.0513 0x144c  3ware - ok
17:15:53.0520 0x144c  ACPI - ok
17:15:53.0526 0x144c  AcpiDev - ok
17:15:53.0532 0x144c  acpiex - ok
17:15:53.0540 0x144c  acpipagr - ok
17:15:53.0546 0x144c  AcpiPmi - ok
17:15:53.0552 0x144c  acpitime - ok
17:15:53.0561 0x144c  ADP80XX - ok
17:15:53.0570 0x144c  AFD - ok
17:15:53.0580 0x144c  ahcache - ok
17:15:53.0585 0x144c  AJRouter - ok
17:15:53.0594 0x144c  [ 808820DEF092FA0A6D93BAE3E5D069CD, D1F49B6D99E346242EF6A9C37D2EC9333411FBDB031BE87FE0F8CDFEC545DD89 ] AlcatelOTnet    C:\WINDOWS\system32\DRIVERS\AlcatelOTUsbnet.sys
17:15:53.0636 0x144c  AlcatelOTnet - ok
17:15:53.0642 0x144c  ALG - ok
17:15:53.0654 0x144c  [ D7A72B9BA6AB996DADB37BFCB0363D63, A223684978928B59D39DFB49F6658E0CF04ADD15AD8ACFCEC384DBD4D8C8CBCA ] AMD External Events Utility C:\WINDOWS\system32\atiesrxx.exe
17:15:53.0702 0x144c  AMD External Events Utility - ok
17:15:53.0708 0x144c  AmdK8 - ok
17:15:53.0715 0x144c  [ 83ADF64C5BEAC0A065D7D2811E9A79CA, C724DC6EC9CB0E93DC034054FFB79284E70502FA155EFF624E112243F6C8D8E8 ] amdkmafd        C:\WINDOWS\system32\drivers\amdkmafd.sys
17:15:53.0732 0x144c  amdkmafd - ok
17:15:53.0737 0x144c  amdkmdag - ok
17:15:53.0758 0x144c  [ C14D7E5F24381BC8F333C4EB77892400, 8B8EF49D2398AF39E36EFFE6D1E0489727D5612DEFA43C71E3C7E4C0650010A5 ] amdkmdap        C:\WINDOWS\system32\DRIVERS\atikmpag.sys
17:15:53.0810 0x144c  amdkmdap - ok
17:15:53.0817 0x144c  AmdPPM - ok
17:15:53.0823 0x144c  amdsata - ok
17:15:53.0828 0x144c  amdsbs - ok
17:15:53.0833 0x144c  amdxata - ok
17:15:53.0842 0x144c  AppID - ok
17:15:53.0848 0x144c  AppIDSvc - ok
17:15:53.0854 0x144c  Appinfo - ok
17:15:53.0860 0x144c  applockerfltr - ok
17:15:53.0866 0x144c  AppMgmt - ok
17:15:53.0873 0x144c  AppReadiness - ok
17:15:53.0878 0x144c  AppVClient - ok
17:15:53.0884 0x144c  AppvStrm - ok
17:15:53.0891 0x144c  AppvVemgr - ok
17:15:53.0897 0x144c  AppvVfs - ok
17:15:53.0904 0x144c  AppXSvc - ok
17:15:53.0910 0x144c  arcsas - ok
17:15:53.0917 0x144c  AsyncMac - ok
17:15:53.0924 0x144c  atapi - ok
17:15:53.0931 0x144c  athr - ok
17:15:53.0940 0x144c  AudioEndpointBuilder - ok
17:15:53.0946 0x144c  Audiosrv - ok
17:15:53.0963 0x144c  [ 14FCA1D1720A68C2D586940ABBE2DB3C, 274DB01CFD3024357602748FE36882ACE6BB3764A9FB62B2B40F9232B84A9B3E ] Avira.ServiceHost C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
17:15:54.0000 0x144c  Avira.ServiceHost - ok
17:15:54.0006 0x144c  AxInstSV - ok
17:15:54.0013 0x144c  b06bdrv - ok
17:15:54.0019 0x144c  BasicDisplay - ok
17:15:54.0025 0x144c  BasicRender - ok
17:15:54.0035 0x144c  bcmfn - ok
17:15:54.0042 0x144c  bcmfn2 - ok
17:15:54.0047 0x144c  BDESVC - ok
17:15:54.0054 0x144c  Beep - ok
17:15:54.0060 0x144c  BFE - ok
17:15:54.0066 0x144c  BITS - ok
17:15:54.0072 0x144c  bowser - ok
17:15:54.0077 0x144c  BrokerInfrastructure - ok
17:15:54.0083 0x144c  Browser - ok
17:15:54.0089 0x144c  BthAvrcpTg - ok
17:15:54.0095 0x144c  BthHFEnum - ok
17:15:54.0101 0x144c  bthhfhid - ok
17:15:54.0108 0x144c  BthHFSrv - ok
17:15:54.0114 0x144c  BTHMODEM - ok
17:15:54.0173 0x144c  bthserv - ok
17:15:54.0180 0x144c  buttonconverter - ok
17:15:54.0186 0x144c  CapImg - ok
17:15:54.0193 0x144c  cdfs - ok
17:15:54.0200 0x144c  CDPSvc - ok
17:15:54.0205 0x144c  CDPUserSvc - ok
17:15:54.0215 0x144c  cdrom - ok
17:15:54.0220 0x144c  CertPropSvc - ok
17:15:54.0227 0x144c  cht4iscsi - ok
17:15:54.0232 0x144c  cht4vbd - ok
17:15:54.0237 0x144c  circlass - ok
17:15:54.0243 0x144c  CLFS - ok
17:15:54.0248 0x144c  ClipSVC - ok
17:15:54.0253 0x144c  clreg - ok
17:15:54.0268 0x144c  CmBatt - ok
17:15:54.0274 0x144c  CNG - ok
17:15:54.0279 0x144c  cnghwassist - ok
17:15:54.0292 0x144c  CompositeBus - ok
17:15:54.0298 0x144c  COMSysApp - ok
17:15:54.0307 0x144c  condrv - ok
17:15:54.0314 0x144c  CoreMessagingRegistrar - ok
17:15:54.0326 0x144c  CryptSvc - ok
17:15:54.0333 0x144c  CSC - ok
17:15:54.0339 0x144c  CscService - ok
17:15:54.0345 0x144c  dam - ok
17:15:54.0354 0x144c  DcomLaunch - ok
17:15:54.0360 0x144c  DcpSvc - ok
17:15:54.0367 0x144c  defragsvc - ok
17:15:54.0373 0x144c  DeviceAssociationService - ok
17:15:54.0379 0x144c  DeviceInstall - ok
17:15:54.0385 0x144c  DevQueryBroker - ok
17:15:54.0391 0x144c  Dfsc - ok
17:15:54.0401 0x144c  [ 73BDD44A6088916964945886F9025409, 8E2ECC9AAEF3C6EBA2E61D25F657FDFCC72AB517CC4FD5FFF992E1F9EB942662 ] dg_ssudbus      C:\WINDOWS\system32\DRIVERS\ssudbus.sys
17:15:54.0426 0x144c  dg_ssudbus - ok
17:15:54.0432 0x144c  Dhcp - ok
17:15:54.0439 0x144c  diagnosticshub.standardcollector.service - ok
17:15:54.0445 0x144c  DiagTrack - ok
17:15:54.0451 0x144c  disk - ok
17:15:54.0459 0x144c  DmEnrollmentSvc - ok
17:15:54.0465 0x144c  dmvsc - ok
17:15:54.0471 0x144c  dmwappushservice - ok
17:15:54.0476 0x144c  Dnscache - ok
17:15:54.0484 0x144c  dot3svc - ok
17:15:54.0490 0x144c  DPS - ok
17:15:54.0496 0x144c  drmkaud - ok
17:15:54.0502 0x144c  DsmSvc - ok
17:15:54.0508 0x144c  DsSvc - ok
17:15:54.0521 0x144c  [ 33F90B202E9DD9B7D489EB59310FDC34, 6ECF6669433E090E9CF6B1875AF18D2C06F8CDB3901D58BF89C3E2202574ABBD ] dtsoftbus01    C:\WINDOWS\System32\drivers\dtsoftbus01.sys
17:15:54.0546 0x144c  dtsoftbus01 - ok
17:15:54.0552 0x144c  DXGKrnl - ok
17:15:54.0557 0x144c  EapHost - ok
17:15:54.0563 0x144c  ebdrv - ok
17:15:54.0568 0x144c  EFS - ok
17:15:54.0576 0x144c  EhStorClass - ok
17:15:54.0584 0x144c  EhStorTcgDrv - ok
17:15:54.0589 0x144c  embeddedmode - ok
17:15:54.0594 0x144c  EntAppSvc - ok
17:15:54.0601 0x144c  [ 9EAFB3B3B60B8AD958985152A9309ACA, EC58F487D50A125DA3F747670282EA2104580CCAAF709EA494B61C7549576AE6 ] epmntdrv        C:\Windows\system32\epmntdrv.sys
17:15:54.0620 0x144c  epmntdrv - detected UnsignedFile.Multi.Generic ( 1 )
17:15:54.0718 0x144c  Detect skipped due to KSN trusted
17:15:54.0718 0x144c  epmntdrv - ok
17:15:54.0724 0x144c  ErrDev - ok
17:15:54.0732 0x144c  [ FB949ED2C93C878A189039F3D7730942, 857AFB9965F14C80C21948C05A44D37948BD206961101DFF087735D6A7CCAA8A ] EuGdiDrv        C:\Windows\system32\EuGdiDrv.sys
17:15:54.0751 0x144c  EuGdiDrv - detected UnsignedFile.Multi.Generic ( 1 )
17:15:54.0860 0x144c  Detect skipped due to KSN trusted
17:15:54.0860 0x144c  EuGdiDrv - ok
17:15:54.0868 0x144c  EventSystem - ok
17:15:54.0886 0x144c  [ CA2E486FE6212FFD5FD171AC1A0B17BE, 4534A8496C8044F4DF3573B4021391327BE3BED026BC5CD1A35A5708651A9E1D ] ewusbmbb        C:\WINDOWS\system32\DRIVERS\ewusbwwan.sys
17:15:54.0934 0x144c  ewusbmbb - ok
17:15:54.0943 0x144c  [ 86F7951BBCEE4A86E79A97306BD14318, 84B52A0392DA53ED71A2C4D483DD93DDF552BF8AC764C7BD47BE0EB58C7C8219 ] ew_hwusbdev    C:\WINDOWS\system32\DRIVERS\ew_hwusbdev.sys
17:15:54.0980 0x144c  ew_hwusbdev - ok
17:15:54.0986 0x144c  exfat - ok
17:15:54.0992 0x144c  fastfat - ok
17:15:54.0998 0x144c  Fax - ok
17:15:55.0004 0x144c  fdc - ok
17:15:55.0011 0x144c  fdPHost - ok
17:15:55.0016 0x144c  FDResPub - ok
17:15:55.0023 0x144c  fhsvc - ok
17:15:55.0028 0x144c  FileCrypt - ok
17:15:55.0034 0x144c  FileInfo - ok
17:15:55.0040 0x144c  Filetrace - ok
17:15:55.0047 0x144c  flpydisk - ok
17:15:55.0052 0x144c  FltMgr - ok
17:15:55.0059 0x144c  FontCache - ok
17:15:55.0064 0x144c  FontCache3.0.0.0 - ok
17:15:55.0113 0x144c  [ B3A740CF5841D2087F2A8ACBAD9CA9AD, 587D966D8FF6A6704E8367B470B4F6CA5F6A29A25E960C718E9AB51899D53DD1 ] FoxitReaderService C:\Program Files (x86)\FOXIT SOFTWARE\FOXIT READER\FoxitConnectedPDFService.exe
17:15:55.0191 0x144c  FoxitReaderService - ok
17:15:55.0200 0x144c  FrameServer - ok
17:15:55.0206 0x144c  FsDepends - ok
17:15:55.0212 0x144c  Fs_Rec - ok
17:15:55.0219 0x144c  fvevol - ok
17:15:55.0227 0x144c  gencounter - ok
17:15:55.0233 0x144c  genericusbfn - ok
17:15:55.0239 0x144c  GPIOClx0101 - ok
17:15:55.0246 0x144c  gpsvc - ok
17:15:55.0251 0x144c  GpuEnergyDrv - ok
17:15:55.0262 0x144c  [ A8FD9222E4D72596BB37DA8BE95C0BA4, 52FC3AA9F704300041E486E57FE863218E4CDF4C8EEE05CA6B99A296EFEE5737 ] gupdate        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
17:15:55.0284 0x144c  gupdate - ok
17:15:55.0291 0x144c  [ A8FD9222E4D72596BB37DA8BE95C0BA4, 52FC3AA9F704300041E486E57FE863218E4CDF4C8EEE05CA6B99A296EFEE5737 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
17:15:55.0310 0x144c  gupdatem - ok
17:15:55.0316 0x144c  HdAudAddService - ok
17:15:55.0321 0x144c  HDAudBus - ok
17:15:55.0329 0x144c  [ B6AC71AAA2B10848F57FC49D55A651AF, 4FAD833654E86F9FAF972AC8AF87FD4A9A765B26B96F096BBD63506B5D521A91 ] HECIx64        C:\WINDOWS\System32\drivers\HECIx64.sys
17:15:55.0348 0x144c  HECIx64 - ok
17:15:55.0354 0x144c  HidBatt - ok
17:15:55.0360 0x144c  HidBth - ok
17:15:55.0366 0x144c  hidi2c - ok
17:15:55.0375 0x144c  hidinterrupt - ok
17:15:55.0382 0x144c  HidIr - ok
17:15:55.0389 0x144c  hidserv - ok
17:15:55.0395 0x144c  HidUsb - ok
17:15:55.0401 0x144c  HomeGroupListener - ok
17:15:55.0407 0x144c  HomeGroupProvider - ok
17:15:55.0414 0x144c  HpSAMD - ok
17:15:55.0420 0x144c  HTTP - ok
17:15:55.0428 0x144c  [ 1642C62F1FD5E1FF44608283994A7BB8, 4646AA0EF74A2AEE6C17D12206FCFE1E84D6FA712AD95A171F16D11BC9D3F11A ] huawei_enumerator C:\WINDOWS\System32\drivers\ew_jubusenum.sys
17:15:55.0458 0x144c  huawei_enumerator - ok
17:15:55.0465 0x144c  HvHost - ok
17:15:55.0470 0x144c  hvservice - ok
17:15:55.0478 0x144c  HWDeviceService64.exe - ok
17:15:55.0485 0x144c  hwpolicy - ok
17:15:55.0494 0x144c  hyperkbd - ok
17:15:55.0500 0x144c  i8042prt - ok
17:15:55.0507 0x144c  iagpio - ok
17:15:55.0513 0x144c  iai2c - ok
17:15:55.0519 0x144c  iaLPSS2i_GPIO2 - ok
17:15:55.0526 0x144c  iaLPSS2i_I2C - ok
17:15:55.0532 0x144c  iaLPSSi_GPIO - ok
17:15:55.0539 0x144c  iaLPSSi_I2C - ok
17:15:55.0548 0x144c  iaStorAV - ok
17:15:55.0554 0x144c  iaStorV - ok
17:15:55.0561 0x144c  ibbus - ok
17:15:55.0567 0x144c  icssvc - ok
17:15:55.0573 0x144c  IKEEXT - ok
17:15:55.0584 0x144c  [ DD587A55390ED2295BCE6D36AD567DA9, AEB7DCB8EF89BEE8D9649A05FC482B1E4E3F44243D57A2577C862EB69166C48E ] Impcd          C:\WINDOWS\System32\drivers\Impcd.sys
17:15:55.0620 0x144c  Impcd - ok
17:15:55.0625 0x144c  IndirectKmd - ok
17:15:55.0680 0x144c  [ 1A6241B70453A6629A83DB942AA6B08C, EF93785E20E18BF36F667E35F89BBF2A17C86F57E2D17D077F5031CE70E9DC9D ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RTKVHD64.sys
17:15:55.0755 0x144c  IntcAzAudAddService - ok
17:15:55.0764 0x144c  intelide - ok
17:15:55.0770 0x144c  intelpep - ok
17:15:55.0776 0x144c  intelppm - ok
17:15:55.0782 0x144c  iorate - ok
17:15:55.0787 0x144c  IpFilterDriver - ok
17:15:55.0794 0x144c  iphlpsvc - ok
17:15:55.0800 0x144c  IPMIDRV - ok
17:15:55.0805 0x144c  IPNAT - ok
17:15:55.0811 0x144c  irda - ok
17:15:55.0818 0x144c  IRENUM - ok
17:15:55.0824 0x144c  irmon - ok
17:15:55.0830 0x144c  isapnp - ok
17:15:55.0836 0x144c  iScsiPrt - ok
17:15:55.0844 0x144c  [ 5678EC677028221EC5C815BCD07AB697, 02FD1A0290A9A17823D24A0E55D4AB35C3F939C986AB8BB54C6248287466FE0D ] jrdusbser      C:\WINDOWS\system32\DRIVERS\jrdusbser.sys
17:15:55.0878 0x144c  jrdusbser - ok
17:15:55.0882 0x144c  Juqokchukity - ok
17:15:55.0890 0x144c  kbdclass - ok
17:15:55.0897 0x144c  kbdhid - ok
17:15:55.0903 0x144c  kdnic - ok
17:15:55.0910 0x144c  KeyIso - ok
17:15:55.0917 0x144c  KSecDD - ok
17:15:55.0924 0x144c  KSecPkg - ok
17:15:55.0930 0x144c  ksthunk - ok
17:15:55.0936 0x144c  KtmRm - ok
17:15:55.0943 0x144c  LanmanServer - ok
17:15:55.0949 0x144c  LanmanWorkstation - ok
17:15:55.0957 0x144c  lfsvc - ok
17:15:55.0963 0x144c  LicenseManager - ok
17:15:55.0969 0x144c  lltdio - ok
17:15:55.0976 0x144c  lltdsvc - ok
17:15:55.0982 0x144c  lmhosts - ok
17:15:55.0991 0x144c  LSI_SAS - ok
17:15:55.0997 0x144c  LSI_SAS2i - ok
17:15:56.0003 0x144c  LSI_SAS3i - ok
17:15:56.0010 0x144c  LSI_SSS - ok
17:15:56.0018 0x144c  LSM - ok
17:15:56.0024 0x144c  luafv - ok
17:15:56.0041 0x144c  [ A0A527569856B9814E8920F52EBB67F5, 4347277C84B47E4CC048850BDEFB258CFB3B476AA99FD503FD71FBB70FFF5ACF ] LVRS64          C:\WINDOWS\system32\DRIVERS\lvrs64.sys
17:15:56.0075 0x144c  LVRS64 - ok
17:15:56.0202 0x144c  [ 415E344294D1C0D04627B29146F68481, B4A1A05BDF07E8F226A98E51F62BE18BE2C046A084C495BD8A95CABC79FD0614 ] LVUVC64        C:\WINDOWS\system32\DRIVERS\lvuvc64.sys
17:15:56.0351 0x144c  LVUVC64 - ok
17:15:56.0366 0x144c  MapsBroker - ok
17:15:56.0378 0x144c  [ 3BEC6134F1E45AEF5E971F69F0D38510, 245D7CEEB6561166EE0472551D39A9D3CFDDA52A6BF2E924AB243CCA7FBC9009 ] MBAMChameleon  C:\WINDOWS\system32\drivers\MBAMChameleon.sys
17:15:56.0406 0x144c  MBAMChameleon - ok
17:15:56.0414 0x144c  [ 88BD122C3A35DE63D75D382DF75554CE, ABDF59543CAD186A6ED4E66257205D9CF5047732A5DA74A96A28B468B41BC396 ] MBAMProtection  C:\WINDOWS\system32\drivers\mbam.sys
17:15:56.0436 0x144c  MBAMProtection - ok
17:15:56.0557 0x144c  [ 28E521A6ABA9DE062A3719452816F495, B312A37DA052229DFB19353170CD5828582F8AC6426E857CA7C8ACA0DD91C160 ] MBAMService    C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
17:15:56.0711 0x144c  MBAMService - ok
17:15:56.0724 0x144c  megasas - ok
17:15:56.0730 0x144c  megasas2i - ok
17:15:56.0736 0x144c  megasr - ok
17:15:56.0742 0x144c  MessagingService - ok
17:15:56.0752 0x144c  mlx4_bus - ok
17:15:56.0758 0x144c  MMCSS - ok
17:15:56.0770 0x144c  [ 1CE0621B591913C12BECAA5B50E88BB2, 115068C57570140C9389BD923A4E68236ACEBB4F733DA09D05AEEDAD7317AB46 ] Mobile Partner. RunOuc C:\Program Files (x86)\Mobile Partner\UpdateDog\ouc.exe
17:15:56.0791 0x144c  Mobile Partner. RunOuc - ok
17:15:56.0797 0x144c  Modem - ok
17:15:56.0803 0x144c  monitor - ok
17:15:56.0810 0x144c  mouclass - ok
17:15:56.0816 0x144c  mouhid - ok
17:15:56.0821 0x144c  mountmgr - ok
17:15:56.0828 0x144c  mpsdrv - ok
17:15:56.0835 0x144c  MpsSvc - ok
17:15:56.0841 0x144c  MRxDAV - ok
17:15:56.0847 0x144c  mrxsmb - ok
17:15:56.0853 0x144c  mrxsmb10 - ok
17:15:56.0860 0x144c  mrxsmb20 - ok
17:15:56.0867 0x144c  MsBridge - ok
17:15:56.0874 0x144c  MSDTC - ok
17:15:56.0886 0x144c  Msfs - ok
17:15:56.0893 0x144c  msgpiowin32 - ok
17:15:56.0899 0x144c  mshidkmdf - ok
17:15:56.0906 0x144c  mshidumdf - ok
17:15:56.0912 0x144c  msisadrv - ok
17:15:56.0919 0x144c  MSiSCSI - ok
17:15:56.0925 0x144c  msiserver - ok
17:15:56.0931 0x144c  MSKSSRV - ok
17:15:56.0939 0x144c  MsLldp - ok
17:15:56.0945 0x144c  MSPCLOCK - ok
17:15:56.0952 0x144c  MSPQM - ok
17:15:56.0958 0x144c  MsRPC - ok
17:15:56.0967 0x144c  MsSecFlt - ok
17:15:56.0974 0x144c  mssmbios - ok
17:15:56.0980 0x144c  MSTEE - ok
17:15:56.0987 0x144c  MTConfig - ok
17:15:56.0993 0x144c  Mup - ok
17:15:56.0999 0x144c  mvumis - ok
17:15:57.0009 0x144c  NativeWifiP - ok
17:15:57.0035 0x144c  [ E0E4A1F81A7D69C595A8A9DDAD084C19, 8F55F3637AE8BFFB0ACE37AFC5122026525137E0B2923899B779C1BD08DF0E22 ] NAUpdate        C:\Program Files (x86)\Nero\Update\NASvc.exe
17:15:57.0075 0x144c  NAUpdate - ok
17:15:57.0083 0x144c  NcaSvc - ok
17:15:57.0089 0x144c  NcbService - ok
17:15:57.0102 0x144c  NcdAutoSetup - ok
17:15:57.0108 0x144c  ndfltr - ok
17:15:57.0114 0x144c  NDIS - ok
17:15:57.0121 0x144c  NdisCap - ok
17:15:57.0127 0x144c  NdisImPlatform - ok
17:15:57.0134 0x144c  NdisTapi - ok
17:15:57.0140 0x144c  Ndisuio - ok
17:15:57.0146 0x144c  NdisVirtualBus - ok
17:15:57.0153 0x144c  NdisWan - ok
17:15:57.0159 0x144c  ndiswanlegacy - ok
17:15:57.0165 0x144c  ndproxy - ok
17:15:57.0172 0x144c  Ndu - ok
17:15:57.0178 0x144c  NetAdapterCx - ok
17:15:57.0184 0x144c  NetBIOS - ok
17:15:57.0194 0x144c  NetBT - ok
17:15:57.0202 0x144c  Netlogon - ok
17:15:57.0209 0x144c  Netman - ok
17:15:57.0215 0x144c  netprofm - ok
17:15:57.0222 0x144c  NetSetupSvc - ok
17:15:57.0229 0x144c  NetTcpPortSharing - ok
17:15:57.0238 0x144c  NgcCtnrSvc - ok
17:15:57.0244 0x144c  NgcSvc - ok
17:15:57.0251 0x144c  NlaSvc - ok
17:15:57.0258 0x144c  [ DE7FCC77F4A503AF4CA6A47D49B3713D, 4BFAA99393F635CD05D91A64DE73EDB5639412C129E049F0FE34F88517A10FC6 ] npf            C:\WINDOWS\system32\drivers\npf.sys
17:15:57.0279 0x144c  npf - ok
17:15:57.0285 0x144c  Npfs - ok
17:15:57.0291 0x144c  npsvctrig - ok
17:15:57.0303 0x144c  nsi - ok
17:15:57.0317 0x144c  nsiproxy - ok
17:15:57.0334 0x144c  NTFS - ok
17:15:57.0341 0x144c  Null - ok
17:15:57.0351 0x144c  [ B01C1E6D7477961D6D1CBDCD44AF3E67, 407BD335FE7C87DFBD9EDE49BDD828263D8C8D25C8216FF04AC70320E74AE8B6 ] nusb3hub        C:\WINDOWS\System32\drivers\nusb3hub.sys
17:15:57.0374 0x144c  nusb3hub - ok
17:15:57.0383 0x144c  nvraid - ok
17:15:57.0389 0x144c  nvstor - ok
17:15:57.0397 0x144c  OneSyncSvc - ok
17:15:57.0410 0x144c  [ 11E0B35479C895888BA3D7F619DCFFF3, 6ED82C19898101EC00BD64A9F90595C3D20AD2D2902AA8765B740FB3B9312DDF ] ose64          C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:15:57.0441 0x144c  ose64 - ok
17:15:57.0450 0x144c  p2pimsvc - ok
17:15:57.0457 0x144c  p2psvc - ok
17:15:57.0465 0x144c  Parport - ok
17:15:57.0473 0x144c  partmgr - ok
17:15:57.0480 0x144c  PcaSvc - ok
17:15:57.0487 0x144c  pci - ok
17:15:57.0493 0x144c  pciide - ok
17:15:57.0499 0x144c  pcmcia - ok
17:15:57.0505 0x144c  pcw - ok
17:15:57.0511 0x144c  pdc - ok
17:15:57.0517 0x144c  PEAUTH - ok
17:15:57.0523 0x144c  PeerDistSvc - ok
17:15:57.0529 0x144c  percsas2i - ok
17:15:57.0535 0x144c  percsas3i - ok
17:15:57.0555 0x144c  PerfHost - ok
17:15:57.0568 0x144c  PhoneSvc - ok
17:15:57.0577 0x144c  PimIndexMaintenanceSvc - ok
17:15:57.0587 0x144c  pla - ok
17:15:57.0594 0x144c  PlugPlay - ok
17:15:57.0601 0x144c  PnkBstrA - ok
17:15:57.0606 0x144c  PnkBstrB - ok
17:15:57.0613 0x144c  PNRPAutoReg - ok
17:15:57.0619 0x144c  PNRPsvc - ok
17:15:57.0625 0x144c  PolicyAgent - ok
17:15:57.0634 0x144c  Power - ok
17:15:57.0640 0x144c  PptpMiniport - ok
17:15:57.0742 0x144c  [ 7196D3C2E2E3129814C8DAB91F9A7D1E, 6763E4BF8E846B597E78778E520F5BADC95608BAA4EA0AC84971384B5D976DD7 ] PrintNotify    C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll
17:15:57.0939 0x144c  PrintNotify - ok
17:15:57.0952 0x144c  Processor - ok
17:15:57.0965 0x144c  ProfSvc - ok
17:15:57.0972 0x144c  Psched - ok
17:15:57.0978 0x144c  [ C32ECB99AD25E9A04F01C8665DF29EF8, 0489B3DEC6A33E50D8A48A8DAD3F5B923A81F7300E4A71358D90D2879BAC9AA2 ] pwdrvio        C:\Windows\system32\pwdrvio.sys
17:15:58.0012 0x144c  pwdrvio - ok
17:15:58.0018 0x144c  [ D619356B955EEFA642F5FF72755E8B3C, 1FD54978A77ACD6FBF1236E177ED074894743A9141E4169FE9AFE28680FC93C5 ] pwdspio        C:\Windows\system32\pwdspio.sys
17:15:58.0047 0x144c  pwdspio - ok
17:15:58.0053 0x144c  QWAVE - ok
17:15:58.0059 0x144c  QWAVEdrv - ok
17:15:58.0065 0x144c  RasAcd - ok
17:15:58.0072 0x144c  RasAgileVpn - ok
17:15:58.0079 0x144c  RasAuto - ok
17:15:58.0085 0x144c  Rasl2tp - ok
17:15:58.0092 0x144c  RasMan - ok
17:15:58.0098 0x144c  RasPppoe - ok
17:15:58.0104 0x144c  RasSstp - ok
17:15:58.0111 0x144c  rdbss - ok
17:15:58.0121 0x144c  rdpbus - ok
17:15:58.0127 0x144c  RDPDR - ok
17:15:58.0140 0x144c  RdpVideoMiniport - ok
17:15:58.0146 0x144c  rdyboost - ok
17:15:58.0152 0x144c  ReFSv1 - ok
17:15:58.0162 0x144c  RemoteAccess - ok
17:15:58.0169 0x144c  RemoteRegistry - ok
17:15:58.0175 0x144c  RetailDemo - ok
17:15:58.0184 0x144c  [ 5CA4ABD888B602551B59BAA26941C167, F6FC0F828153E07EAFFAB6E11556DA23A5F6D9FC063E36947B1AC73E7E7E705E ] rimspci        C:\WINDOWS\System32\drivers\rimssne64.sys
17:15:58.0218 0x144c  rimspci - ok
17:15:58.0227 0x144c  [ BB6E138AEB351728959DA5E2731D8140, E6656869A03380EB96A31E4E5FF4D565916EB0A7ED334330D2DD039390441D15 ] risdsnpe        C:\WINDOWS\System32\drivers\risdsne64.sys
17:15:58.0257 0x144c  risdsnpe - ok
17:15:58.0263 0x144c  RmSvc - ok
17:15:58.0269 0x144c  RpcEptMapper - ok
17:15:58.0276 0x144c  RpcLocator - ok
17:15:58.0283 0x144c  RpcSs - ok
17:15:58.0290 0x144c  rspndr - ok
17:15:58.0302 0x144c  [ 7421A35C45484B95E83B5E9E107CEFC2, 128BB6A7552B9D57284056FB8946A6FE3C620F7B706F709F896828304A6FCD77 ] RTHDMIAzAudService C:\WINDOWS\system32\drivers\RtHDMIVX.sys
17:15:58.0326 0x144c  RTHDMIAzAudService - ok
17:15:58.0332 0x144c  s3cap - ok
17:15:58.0351 0x144c  SamSs - ok
17:15:58.0357 0x144c  [ 3289766038DB2CB14D07DC84392138D5, A7790B787690CC1A8B97E4532090C5295350A836A9474DEA74CEB3E81CF26124 ] SASDIFSV        C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
17:15:58.0374 0x144c  SASDIFSV - ok
17:15:58.0378 0x144c  [ 58A38E75F3316A83C23DF6173D41F2B5, B0A8CDA1D164B7534FB41AB80792861384709BF0F914F44553275CF20194F1A1 ] SASKUTIL        C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
17:15:58.0395 0x144c  SASKUTIL - ok
17:15:58.0401 0x144c  sbp2port - ok
17:15:58.0408 0x144c  SCardSvr - ok
17:15:58.0414 0x144c  ScDeviceEnum - ok
17:15:58.0420 0x144c  scfilter - ok
17:15:58.0438 0x144c  Schedule - ok
17:15:58.0451 0x144c  scmbus - ok
17:15:58.0458 0x144c  scmdisk0101 - ok
17:15:58.0464 0x144c  SCPolicySvc - ok
17:15:58.0472 0x144c  sdbus - ok
17:15:58.0479 0x144c  SDRSVC - ok
17:15:58.0486 0x144c  sdstor - ok
17:15:58.0492 0x144c  seclogon - ok
17:15:58.0498 0x144c  SENS - ok
17:15:58.0504 0x144c  Sense - ok
17:15:58.0512 0x144c  SensorDataService - ok
17:15:58.0519 0x144c  SensorService - ok
17:15:58.0526 0x144c  SensrSvc - ok
17:15:58.0532 0x144c  SerCx - ok
17:15:58.0540 0x144c  SerCx2 - ok
17:15:58.0553 0x144c  Serenum - ok
17:15:58.0565 0x144c  Serial - ok
17:15:58.0578 0x144c  sermouse - ok
17:15:58.0602 0x144c  SessionEnv - ok
17:15:58.0608 0x144c  [ 70F9C476B62DE4F2823E918A6C181ADE, E1A641418A6CB4FA38BB29B86934838B28D8909B8066E5089D85BF72FD61F4C4 ] SFEP            C:\WINDOWS\System32\drivers\SFEP.sys
17:15:58.0634 0x144c  SFEP - ok
17:15:58.0639 0x144c  sfloppy - ok
17:15:58.0647 0x144c  SharedAccess - ok
17:15:58.0653 0x144c  ShellHWDetection - ok
17:15:58.0660 0x144c  shpamsvc - ok
17:15:58.0667 0x144c  SiSRaid2 - ok
17:15:58.0673 0x144c  SiSRaid4 - ok
17:15:58.0687 0x144c  [ F3AAB7DF6408431C762D8721B68F46E4, 56ED764AA660955B8B06322703D086B3A52106625A83CCAF195B08BCBDEDA88F ] SkypeUpdate    C:\Program Files (x86)\Skype\Updater\Updater.exe
17:15:58.0722 0x144c  SkypeUpdate - ok
17:15:58.0728 0x144c  smphost - ok
17:15:58.0736 0x144c  SmsRouter - ok
17:15:58.0749 0x144c  SNMPTRAP - ok
17:15:58.0755 0x144c  spaceport - ok
17:15:58.0761 0x144c  Sparhandy_Germany Silverstone Modem Device Helper - ok
17:15:58.0768 0x144c  SpbCx - ok
17:15:58.0786 0x144c  [ 0FFE35F0B0CD5A324BBE22F02569AE3B, F4EE803EEFDB4EAEEDB3024C3516F1F9A202C77F4870D6B74356BBDE32B3B560 ] speedfan        C:\Windows\SysWOW64\speedfan.sys
17:15:58.0821 0x144c  speedfan - ok
17:15:58.0827 0x144c  Spooler - ok
17:15:58.0834 0x144c  sppsvc - ok
17:15:58.0840 0x144c  srv - ok
17:15:58.0847 0x144c  srv2 - ok
17:15:58.0854 0x144c  srvnet - ok
17:15:58.0861 0x144c  SSDPSRV - ok
17:15:58.0868 0x144c  SstpSvc - ok
17:15:58.0881 0x144c  [ 5252D7BC56E5E0ED715AEA8FE173A455, 1408B3E98B35A449434718777EE70595F0D306197A428279C6281D2F1953F259 ] ssudmdm        C:\WINDOWS\system32\DRIVERS\ssudmdm.sys
17:15:58.0904 0x144c  ssudmdm - ok
17:15:58.0911 0x144c  StateRepository - ok
17:15:58.0918 0x144c  stexstor - ok
17:15:58.0924 0x144c  stisvc - ok
17:15:58.0931 0x144c  storahci - ok
17:15:58.0938 0x144c  storflt - ok
17:15:58.0944 0x144c  stornvme - ok
17:15:58.0951 0x144c  storqosflt - ok
17:15:58.0958 0x144c  StorSvc - ok
17:15:58.0964 0x144c  storufs - ok
17:15:58.0971 0x144c  storvsc - ok
17:15:58.0977 0x144c  svsvc - ok
17:15:58.0984 0x144c  swenum - ok
17:15:58.0991 0x144c  swprv - ok
17:15:58.0997 0x144c  Synth3dVsc - ok
17:15:59.0004 0x144c  SysMain - ok
17:15:59.0011 0x144c  SystemEventsBroker - ok
17:15:59.0018 0x144c  TabletInputService - ok
17:15:59.0026 0x144c  [ 3C32FF010F869BC184DF71290477384E, 55CFCEC7F026C6E2E96A2FBE846AB513BB12BB0348735274FE1B71AF019C837B ] tap0901        C:\WINDOWS\System32\drivers\tap0901.sys
17:15:59.0050 0x144c  tap0901 - ok
17:15:59.0056 0x144c  TapiSrv - ok
17:15:59.0063 0x144c  Tcpip - ok
17:15:59.0069 0x144c  Tcpip6 - ok
17:15:59.0078 0x144c  tcpipreg - ok
17:15:59.0088 0x144c  tdx - ok
17:15:59.0094 0x144c  terminpt - ok
17:15:59.0101 0x144c  TermService - ok
17:15:59.0107 0x144c  Themes - ok
17:15:59.0113 0x144c  TieringEngineService - ok
17:15:59.0120 0x144c  tiledatamodelsvc - ok
17:15:59.0126 0x144c  TimeBrokerSvc - ok
17:15:59.0133 0x144c  TPM - ok
17:15:59.0140 0x144c  TrkWks - ok
17:15:59.0146 0x144c  TrustedInstaller - ok
17:15:59.0155 0x144c  tsusbflt - ok
17:15:59.0162 0x144c  TsUsbGD - ok
17:15:59.0169 0x144c  tsusbhub - ok
17:15:59.0175 0x144c  tunnel - ok
17:15:59.0181 0x144c  tzautoupdate - ok
17:15:59.0188 0x144c  UASPStor - ok
17:15:59.0196 0x144c  [ 209F5CEAAAFE601851E7B40902FC230D, B7BFD753DF9EA1AD6D6BD8FB47F24E79FA84208E7A66C88B934C3A13B087901D ] ucdrv          C:\WINDOWS\System32\drivers:ucdrv-x64.sys
17:15:59.0217 0x144c  Suspicious file ( Hidden ): C:\WINDOWS\System32\drivers:ucdrv-x64.sys. md5: 209F5CEAAAFE601851E7B40902FC230D, sha256: B7BFD753DF9EA1AD6D6BD8FB47F24E79FA84208E7A66C88B934C3A13B087901D
17:15:59.0217 0x144c  ucdrv - detected HiddenFile.Multi.Generic ( 1 )
17:15:59.0333 0x144c  Detect skipped due to KSN trusted
17:15:59.0333 0x144c  ucdrv - ok
17:15:59.0338 0x144c  UcmCx0101 - ok
17:15:59.0346 0x144c  UcmTcpciCx0101 - ok
17:15:59.0352 0x144c  UcmUcsi - ok
17:15:59.0358 0x144c  Ucx01000 - ok
17:15:59.0365 0x144c  UdeCx - ok
17:15:59.0371 0x144c  udfs - ok
17:15:59.0378 0x144c  UEFI - ok
17:15:59.0385 0x144c  UevAgentDriver - ok
17:15:59.0392 0x144c  UevAgentService - ok
17:15:59.0398 0x144c  Ufx01000 - ok
17:15:59.0404 0x144c  UfxChipidea - ok
17:15:59.0411 0x144c  ufxsynopsys - ok
17:15:59.0424 0x144c  UI0Detect - ok
17:15:59.0430 0x144c  umbus - ok
17:15:59.0436 0x144c  UmPass - ok
17:15:59.0443 0x144c  UmRdpService - ok
17:15:59.0450 0x144c  UnistoreSvc - ok
17:15:59.0460 0x144c  [ 9DC07E73A4ABB9ACF692113B36A5009F, CA7176FC219515D58DCFA66EC61880ECE5617275C9B83701BB74D8B60E733D34 ] UnlockerDriver5 C:\Program Files\Unlocker\UnlockerDriver5.sys
17:15:59.0478 0x144c  UnlockerDriver5 - ok
17:15:59.0485 0x144c  upnphost - ok
17:15:59.0491 0x144c  UrsChipidea - ok
17:15:59.0498 0x144c  UrsCx01000 - ok
17:15:59.0505 0x144c  UrsSynopsys - ok
17:15:59.0529 0x144c  [ 55020D37C29F05D583A76F20127B4FD7, 9BFB5F16D5C15ADF3ECB8769B66F443250497F6A2F58FA74954EC64EF2F6C33E ] USB28xxBGA      C:\WINDOWS\system32\DRIVERS\emBDA64.sys
17:15:59.0596 0x144c  USB28xxBGA - ok
17:15:59.0606 0x144c  [ D7940283C43E440FCF83AB55B85689C9, C41DD0E5CE66328694047FF468BBBB3D35FBB9CB41A249202A05DB411EFEEFB1 ] USB28xxOEM      C:\WINDOWS\system32\DRIVERS\emOEM64.sys
17:15:59.0636 0x144c  USB28xxOEM - ok
17:15:59.0643 0x144c  usbaudio - ok
17:15:59.0650 0x144c  usbccgp - ok
17:15:59.0656 0x144c  usbcir - ok
17:15:59.0663 0x144c  usbehci - ok
17:15:59.0670 0x144c  usbhub - ok
17:15:59.0677 0x144c  USBHUB3 - ok
17:15:59.0685 0x144c  usbohci - ok
17:15:59.0692 0x144c  usbprint - ok
17:15:59.0698 0x144c  usbscan - ok
17:15:59.0705 0x144c  usbser - ok
17:15:59.0712 0x144c  USBSTOR - ok
17:15:59.0719 0x144c  usbuhci - ok
17:15:59.0726 0x144c  usbvideo - ok
17:15:59.0733 0x144c  USBXHCI - ok
17:15:59.0741 0x144c  UserDataSvc - ok
17:15:59.0752 0x144c  UserManager - ok
17:15:59.0759 0x144c  UsoSvc - ok
17:15:59.0766 0x144c  VaultSvc - ok
17:15:59.0773 0x144c  vdrvroot - ok
17:15:59.0780 0x144c  vds - ok
17:15:59.0787 0x144c  VerifierExt - ok
17:15:59.0794 0x144c  vhdmp - ok
17:15:59.0802 0x144c  vhf - ok
17:15:59.0809 0x144c  vmbus - ok
17:15:59.0816 0x144c  VMBusHID - ok
17:15:59.0824 0x144c  vmgid - ok
17:15:59.0831 0x144c  vmicguestinterface - ok
17:15:59.0838 0x144c  vmicheartbeat - ok
17:15:59.0844 0x144c  vmickvpexchange - ok
17:15:59.0852 0x144c  vmicrdv - ok
17:15:59.0858 0x144c  vmicshutdown - ok
17:15:59.0865 0x144c  vmictimesync - ok
17:15:59.0872 0x144c  vmicvmsession - ok
17:15:59.0879 0x144c  vmicvss - ok
17:15:59.0886 0x144c  volmgr - ok
17:15:59.0893 0x144c  volmgrx - ok
17:15:59.0901 0x144c  volsnap - ok
17:15:59.0908 0x144c  volume - ok
17:15:59.0915 0x144c  vpci - ok
17:15:59.0922 0x144c  vsmraid - ok
17:15:59.0929 0x144c  VSS - ok
17:15:59.0936 0x144c  VSTXRAID - ok
17:15:59.0943 0x144c  vwifibus - ok
17:15:59.0950 0x144c  vwififlt - ok
17:15:59.0957 0x144c  vwifimp - ok
17:15:59.0965 0x144c  W32Time - ok
17:15:59.0971 0x144c  WacomPen - ok
17:15:59.0979 0x144c  WalletService - ok
17:15:59.0986 0x144c  wanarp - ok
17:15:59.0993 0x144c  wanarpv6 - ok
17:16:00.0000 0x144c  wbengine - ok
17:16:00.0008 0x144c  WbioSrvc - ok
17:16:00.0015 0x144c  wcifs - ok
17:16:00.0022 0x144c  Wcmsvc - ok
17:16:00.0029 0x144c  wcncsvc - ok
17:16:00.0036 0x144c  wcnfs - ok
17:16:00.0044 0x144c  WdBoot - ok
17:16:00.0052 0x144c  Wdf01000 - ok
17:16:00.0059 0x144c  WdFilter - ok
17:16:00.0066 0x144c  WdiServiceHost - ok
17:16:00.0072 0x144c  WdiSystemHost - ok
17:16:00.0079 0x144c  wdiwifi - ok
17:16:00.0086 0x144c  WdNisDrv - ok
17:16:00.0092 0x144c  WdNisSvc - ok
17:16:00.0099 0x144c  WebClient - ok
17:16:00.0106 0x144c  Wecsvc - ok
17:16:00.0112 0x144c  WEPHOSTSVC - ok
17:16:00.0120 0x144c  wercplsupport - ok
17:16:00.0129 0x144c  WerSvc - ok
17:16:00.0135 0x144c  WFPLWFS - ok
17:16:00.0142 0x144c  WiaRpc - ok
17:16:00.0149 0x144c  WIMMount - ok
17:16:00.0154 0x144c  WinDefend - ok
17:16:00.0169 0x144c  WindowsTrustedRT - ok
17:16:00.0176 0x144c  WindowsTrustedRTProxy - ok
17:16:00.0183 0x144c  WinHttpAutoProxySvc - ok
17:16:00.0191 0x144c  WinMad - ok
17:16:00.0199 0x144c  Winmgmt - ok
17:16:00.0206 0x144c  WinRM - ok
17:16:00.0219 0x144c  WINUSB - ok
17:16:00.0225 0x144c  WinVerbs - ok
17:16:00.0232 0x144c  wisvc - ok
17:16:00.0239 0x144c  WlanSvc - ok
17:16:00.0247 0x144c  wlidsvc - ok
17:16:00.0253 0x144c  WmiAcpi - ok
17:16:00.0263 0x144c  wmiApSrv - ok
17:16:00.0269 0x144c  WMPNetworkSvc - ok
17:16:00.0277 0x144c  Wof - ok
17:16:00.0287 0x144c  workfolderssvc - ok
17:16:00.0294 0x144c  WPDBusEnum - ok
17:16:00.0301 0x144c  WpdUpFltr - ok
17:16:00.0308 0x144c  WpnService - ok
17:16:00.0315 0x144c  WpnUserService - ok
17:16:00.0326 0x144c  ws2ifsl - ok
17:16:00.0333 0x144c  wscsvc - ok
17:16:00.0339 0x144c  WSearch - ok
17:16:00.0350 0x144c  wuauserv - ok
17:16:00.0357 0x144c  WudfPf - ok
17:16:00.0364 0x144c  WUDFRd - ok
17:16:00.0371 0x144c  wudfsvc - ok
17:16:00.0380 0x144c  WUDFWpdFs - ok
17:16:00.0387 0x144c  WUDFWpdMtp - ok
17:16:00.0394 0x144c  WwanSvc - ok
17:16:00.0401 0x144c  XblAuthManager - ok
17:16:00.0408 0x144c  XblGameSave - ok
17:16:00.0415 0x144c  xboxgip - ok
17:16:00.0422 0x144c  XboxNetApiSvc - ok
17:16:00.0429 0x144c  xinputhid - ok
17:16:00.0440 0x144c  ykinw8 - ok
17:16:00.0441 0x144c  ================ Scan global ===============================
17:16:00.0462 0x144c  [ Global ] - ok
17:16:00.0463 0x144c  ================ Scan MBR ==================================
17:16:00.0466 0x144c  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
17:16:00.0568 0x144c  \Device\Harddisk0\DR0 - ok
17:16:00.0631 0x144c  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR1
17:16:00.0768 0x144c  \Device\Harddisk1\DR1 - ok
17:16:00.0773 0x144c  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk4\DR4
17:16:00.0850 0x144c  \Device\Harddisk4\DR4 - ok
17:16:00.0851 0x144c  ================ Scan VBR ==================================
17:16:00.0854 0x144c  [ B75D89CA6D84C3CB1A6CA73A56716F49 ] \Device\Harddisk0\DR0\Partition1
17:16:00.0856 0x144c  \Device\Harddisk0\DR0\Partition1 - ok
17:16:00.0859 0x144c  [ BF802D8035F06A0BA68F026159CA8763 ] \Device\Harddisk1\DR1\Partition1
17:16:00.0862 0x144c  \Device\Harddisk1\DR1\Partition1 - ok
17:16:00.0865 0x144c  [ 55D863E4CA2B9A5E1BB7A9B572FDDD70 ] \Device\Harddisk4\DR4\Partition1
17:16:00.0867 0x144c  \Device\Harddisk4\DR4\Partition1 - ok
17:16:00.0868 0x144c  ================ Scan generic autorun ======================
17:16:01.0085 0x144c  [ 5229C2546E151D368A1CE0E451351231, 2E421986933D70789665195A92D2A9022500E9382B2881881B741F0023D6422E ] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
17:16:01.0333 0x144c  RtHDVCpl - ok
17:16:01.0353 0x144c  [ 5677C8C60F4659E8626AC9036EEF38DF, 1C7D3EC3BCB3E34900DD9556A3EBAF449C68585DC8E07682E680790497105B8B ] C:\Program Files\Classic Shell\ClassicStartMenu.exe
17:16:01.0377 0x144c  Classic Start Menu - ok
17:16:01.0385 0x144c  [ 8943465BEFA91044227D42E84ECB8280, 76D19CE3EB7E6C6573F250543CDC10B3601604535BFB756805AE246FA55AC265 ] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
17:16:01.0404 0x144c  NUSB3MON - ok
17:16:01.0414 0x144c  [ CD0362AEE36CFE1EF5DF973230742E67, 9F1D8AD4E09D16C39CD6A35CB298456468C1808226FFA8AD65BF9562A6ECC07D ] C:\Program Files (x86)\PDF24\pdf24.exe
17:16:01.0441 0x144c  PDFPrint - ok
17:16:01.0447 0x144c  [ B69B3F28C5DB496202C88F5A181640AC, 6ECD6DCFE27A043457BA910289849534ED9D173856DAF694687366E1A2C7A135 ] C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe
17:16:01.0465 0x144c  Avira SystrayStartTrigger - ok
17:16:01.0479 0x144c  OneDriveSetup - ok
17:16:01.0482 0x144c  OneDriveSetup - ok
17:16:01.0502 0x144c  [ 7D0F245088942BCB888A0AC149A6F378, 20B8145FC6988DB195E7E153FB8CA20DDE39CFC540AC5DC9BC1E91497E3ACC92 ] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIEJE.EXE
17:16:01.0540 0x144c  EPSON Stylus Office BX300F - ok
17:16:01.0672 0x144c  [ F73154E180105822A5F9B755BA933737, 1CD775B6CE3736A70EC5FC7A6B77A2FEDA70D59B49A66046CC20B341005501D9 ] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
17:16:01.0827 0x144c  DAEMON Tools Lite - ok
17:16:01.0833 0x144c  Waiting for KSN requests completion. In queue: 51
17:16:02.0866 0x144c  AV detected via SS2: Windows Defender, C:\Program Files\Windows Defender\MSASCui.exe ( 4.10.14393.187 ), 0x60100 ( disabled : updated )
17:16:02.0870 0x144c  AV detected via SS2: Malwarebytes, C:\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe ( 3.0.0.134 ), 0x60000 ( disabled : updated )
17:16:02.0880 0x144c  Win FW state via NFP2: enabled ( trusted )
17:16:02.0982 0x144c  ============================================================
17:16:02.0982 0x144c  Scan finished
17:16:02.0982 0x144c  ============================================================
17:16:02.0993 0x1754  Detected object count: 0
17:16:02.0993 0x1754  Actual detected object count: 0
17:16:35.0469 0x0fd4  ============================================================
17:16:35.0469 0x0fd4  Scan started
17:16:35.0469 0x0fd4  Mode: Manual; SigCheck; TDLFS;
17:16:35.0469 0x0fd4  ============================================================
17:16:35.0469 0x0fd4  KSN ping started
17:16:35.0548 0x0fd4  KSN ping finished: true
17:16:36.0438 0x0fd4  ================ Scan system memory ========================
17:16:36.0438 0x0fd4  System memory - ok
17:16:36.0438 0x0fd4  ================ Scan services =============================
17:16:36.0454 0x0fd4  [ 970C70F6B2953ED43822D3797855D84C, CB22723678B514277BC6E6DDDD206F3B2377CD889C9D473A47A7056BE597BC6B ] !SASCORE        C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
17:16:36.0470 0x0fd4  !SASCORE - ok
17:16:36.0516 0x0fd4  1394ohci - ok
17:16:36.0516 0x0fd4  3ware - ok
17:16:36.0532 0x0fd4  ACPI - ok
17:16:36.0532 0x0fd4  AcpiDev - ok
17:16:36.0548 0x0fd4  acpiex - ok
17:16:36.0548 0x0fd4  acpipagr - ok
17:16:36.0548 0x0fd4  AcpiPmi - ok
17:16:36.0563 0x0fd4  acpitime - ok
17:16:36.0563 0x0fd4  ADP80XX - ok
17:16:36.0579 0x0fd4  AFD - ok
17:16:36.0579 0x0fd4  ahcache - ok
17:16:36.0579 0x0fd4  AJRouter - ok
17:16:36.0595 0x0fd4  [ 808820DEF092FA0A6D93BAE3E5D069CD, D1F49B6D99E346242EF6A9C37D2EC9333411FBDB031BE87FE0F8CDFEC545DD89 ] AlcatelOTnet    C:\WINDOWS\system32\DRIVERS\AlcatelOTUsbnet.sys
17:16:36.0626 0x0fd4  AlcatelOTnet - ok
17:16:36.0626 0x0fd4  ALG - ok
17:16:36.0641 0x0fd4  [ D7A72B9BA6AB996DADB37BFCB0363D63, A223684978928B59D39DFB49F6658E0CF04ADD15AD8ACFCEC384DBD4D8C8CBCA ] AMD External Events Utility C:\WINDOWS\system32\atiesrxx.exe
17:16:36.0673 0x0fd4  AMD External Events Utility - ok
17:16:36.0673 0x0fd4  AmdK8 - ok
17:16:36.0688 0x0fd4  [ 83ADF64C5BEAC0A065D7D2811E9A79CA, C724DC6EC9CB0E93DC034054FFB79284E70502FA155EFF624E112243F6C8D8E8 ] amdkmafd        C:\WINDOWS\system32\drivers\amdkmafd.sys
17:16:36.0688 0x0fd4  amdkmafd - ok
17:16:36.0704 0x0fd4  amdkmdag - ok
17:16:36.0720 0x0fd4  [ C14D7E5F24381BC8F333C4EB77892400, 8B8EF49D2398AF39E36EFFE6D1E0489727D5612DEFA43C71E3C7E4C0650010A5 ] amdkmdap        C:\WINDOWS\system32\DRIVERS\atikmpag.sys
17:16:36.0766 0x0fd4  amdkmdap - ok
17:16:36.0766 0x0fd4  AmdPPM - ok
17:16:36.0782 0x0fd4  amdsata - ok
17:16:36.0782 0x0fd4  amdsbs - ok
17:16:36.0782 0x0fd4  amdxata - ok
17:16:36.0798 0x0fd4  AppID - ok
17:16:36.0798 0x0fd4  AppIDSvc - ok
17:16:36.0813 0x0fd4  Appinfo - ok
17:16:36.0813 0x0fd4  applockerfltr - ok
17:16:36.0813 0x0fd4  AppMgmt - ok
17:16:36.0829 0x0fd4  AppReadiness - ok
17:16:36.0829 0x0fd4  AppVClient - ok
17:16:36.0829 0x0fd4  AppvStrm - ok
17:16:36.0845 0x0fd4  AppvVemgr - ok
17:16:36.0845 0x0fd4  AppvVfs - ok
17:16:36.0845 0x0fd4  AppXSvc - ok
17:16:36.0860 0x0fd4  arcsas - ok
17:16:36.0860 0x0fd4  AsyncMac - ok
17:16:36.0860 0x0fd4  atapi - ok
17:16:36.0876 0x0fd4  athr - ok
17:16:36.0876 0x0fd4  AudioEndpointBuilder - ok
17:16:36.0891 0x0fd4  Audiosrv - ok
17:16:36.0907 0x0fd4  [ 14FCA1D1720A68C2D586940ABBE2DB3C, 274DB01CFD3024357602748FE36882ACE6BB3764A9FB62B2B40F9232B84A9B3E ] Avira.ServiceHost C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
17:16:36.0923 0x0fd4  Avira.ServiceHost - ok
17:16:36.0938 0x0fd4  AxInstSV - ok
17:16:36.0938 0x0fd4  b06bdrv - ok
17:16:36.0938 0x0fd4  BasicDisplay - ok
17:16:36.0954 0x0fd4  BasicRender - ok
17:16:36.0954 0x0fd4  bcmfn - ok
17:16:36.0970 0x0fd4  bcmfn2 - ok
17:16:36.0970 0x0fd4  BDESVC - ok
17:16:36.0970 0x0fd4  Beep - ok
17:16:36.0985 0x0fd4  BFE - ok
17:16:36.0985 0x0fd4  BITS - ok
17:16:36.0985 0x0fd4  bowser - ok
17:16:37.0001 0x0fd4  BrokerInfrastructure - ok
17:16:37.0001 0x0fd4  Browser - ok
17:16:37.0001 0x0fd4  BthAvrcpTg - ok
17:16:37.0016 0x0fd4  BthHFEnum - ok
17:16:37.0016 0x0fd4  bthhfhid - ok
17:16:37.0016 0x0fd4  BthHFSrv - ok
17:16:37.0032 0x0fd4  BTHMODEM - ok
17:16:37.0032 0x0fd4  bthserv - ok
17:16:37.0048 0x0fd4  buttonconverter - ok
17:16:37.0048 0x0fd4  CapImg - ok
17:16:37.0048 0x0fd4  cdfs - ok
17:16:37.0063 0x0fd4  CDPSvc - ok
17:16:37.0063 0x0fd4  CDPUserSvc - ok
17:16:37.0063 0x0fd4  cdrom - ok
17:16:37.0079 0x0fd4  CertPropSvc - ok
17:16:37.0079 0x0fd4  cht4iscsi - ok
17:16:37.0095 0x0fd4  cht4vbd - ok
17:16:37.0095 0x0fd4  circlass - ok
17:16:37.0095 0x0fd4  CLFS - ok
17:16:37.0110 0x0fd4  ClipSVC - ok
17:16:37.0110 0x0fd4  clreg - ok
17:16:37.0126 0x0fd4  CmBatt - ok
17:16:37.0126 0x0fd4  CNG - ok
17:16:37.0141 0x0fd4  cnghwassist - ok
17:16:37.0157 0x0fd4  CompositeBus - ok
17:16:37.0157 0x0fd4  COMSysApp - ok
17:16:37.0157 0x0fd4  condrv - ok
17:16:37.0173 0x0fd4  CoreMessagingRegistrar - ok
17:16:37.0173 0x0fd4  CryptSvc - ok
17:16:37.0188 0x0fd4  CSC - ok
17:16:37.0188 0x0fd4  CscService - ok
17:16:37.0188 0x0fd4  dam - ok
17:16:37.0204 0x0fd4  DcomLaunch - ok
17:16:37.0204 0x0fd4  DcpSvc - ok
17:16:37.0220 0x0fd4  defragsvc - ok
17:16:37.0220 0x0fd4  DeviceAssociationService - ok
17:16:37.0220 0x0fd4  DeviceInstall - ok
17:16:37.0235 0x0fd4  DevQueryBroker - ok
17:16:37.0235 0x0fd4  Dfsc - ok
17:16:37.0251 0x0fd4  [ 73BDD44A6088916964945886F9025409, 8E2ECC9AAEF3C6EBA2E61D25F657FDFCC72AB517CC4FD5FFF992E1F9EB942662 ] dg_ssudbus      C:\WINDOWS\system32\DRIVERS\ssudbus.sys
17:16:37.0266 0x0fd4  dg_ssudbus - ok
17:16:37.0266 0x0fd4  Dhcp - ok
17:16:37.0282 0x0fd4  diagnosticshub.standardcollector.service - ok
17:16:37.0282 0x0fd4  DiagTrack - ok
17:16:37.0282 0x0fd4  disk - ok
17:16:37.0298 0x0fd4  DmEnrollmentSvc - ok
17:16:37.0298 0x0fd4  dmvsc - ok
17:16:37.0313 0x0fd4  dmwappushservice - ok
17:16:37.0313 0x0fd4  Dnscache - ok
17:16:37.0313 0x0fd4  dot3svc - ok
17:16:37.0329 0x0fd4  DPS - ok
17:16:37.0329 0x0fd4  drmkaud - ok
17:16:37.0329 0x0fd4  DsmSvc - ok
17:16:37.0345 0x0fd4  DsSvc - ok
17:16:37.0360 0x0fd4  [ 33F90B202E9DD9B7D489EB59310FDC34, 6ECF6669433E090E9CF6B1875AF18D2C06F8CDB3901D58BF89C3E2202574ABBD ] dtsoftbus01    C:\WINDOWS\System32\drivers\dtsoftbus01.sys
17:16:37.0376 0x0fd4  dtsoftbus01 - ok
17:16:37.0376 0x0fd4  DXGKrnl - ok
17:16:37.0391 0x0fd4  EapHost - ok
17:16:37.0391 0x0fd4  ebdrv - ok
17:16:37.0391 0x0fd4  EFS - ok
17:16:37.0407 0x0fd4  EhStorClass - ok
17:16:37.0407 0x0fd4  EhStorTcgDrv - ok
17:16:37.0423 0x0fd4  embeddedmode - ok
17:16:37.0423 0x0fd4  EntAppSvc - ok
17:16:37.0423 0x0fd4  [ 9EAFB3B3B60B8AD958985152A9309ACA, EC58F487D50A125DA3F747670282EA2104580CCAAF709EA494B61C7549576AE6 ] epmntdrv        C:\Windows\system32\epmntdrv.sys
17:16:37.0438 0x0fd4  epmntdrv - detected UnsignedFile.Multi.Generic ( 1 )
17:16:37.0438 0x0fd4  Detect skipped due to KSN trusted
17:16:37.0438 0x0fd4  epmntdrv - ok
17:16:37.0454 0x0fd4  ErrDev - ok
17:16:37.0454 0x0fd4  [ FB949ED2C93C878A189039F3D7730942, 857AFB9965F14C80C21948C05A44D37948BD206961101DFF087735D6A7CCAA8A ] EuGdiDrv        C:\Windows\system32\EuGdiDrv.sys
17:16:37.0470 0x0fd4  EuGdiDrv - detected UnsignedFile.Multi.Generic ( 1 )
17:16:37.0470 0x0fd4  Detect skipped due to KSN trusted
17:16:37.0470 0x0fd4  EuGdiDrv - ok
17:16:37.0485 0x0fd4  EventSystem - ok
17:16:37.0501 0x0fd4  [ CA2E486FE6212FFD5FD171AC1A0B17BE, 4534A8496C8044F4DF3573B4021391327BE3BED026BC5CD1A35A5708651A9E1D ] ewusbmbb        C:\WINDOWS\system32\DRIVERS\ewusbwwan.sys
17:16:37.0532 0x0fd4  ewusbmbb - ok
17:16:37.0532 0x0fd4  [ 86F7951BBCEE4A86E79A97306BD14318, 84B52A0392DA53ED71A2C4D483DD93DDF552BF8AC764C7BD47BE0EB58C7C8219 ] ew_hwusbdev    C:\WINDOWS\system32\DRIVERS\ew_hwusbdev.sys
17:16:37.0563 0x0fd4  ew_hwusbdev - ok
17:16:37.0563 0x0fd4  exfat - ok
17:16:37.0563 0x0fd4  fastfat - ok
17:16:37.0579 0x0fd4  Fax - ok
17:16:37.0579 0x0fd4  fdc - ok
17:16:37.0595 0x0fd4  fdPHost - ok
17:16:37.0595 0x0fd4  FDResPub - ok
17:16:37.0595 0x0fd4  fhsvc - ok
17:16:37.0610 0x0fd4  FileCrypt - ok
17:16:37.0610 0x0fd4  FileInfo - ok
17:16:37.0610 0x0fd4  Filetrace - ok
17:16:37.0626 0x0fd4  flpydisk - ok
17:16:37.0626 0x0fd4  FltMgr - ok
17:16:37.0626 0x0fd4  FontCache - ok
17:16:37.0641 0x0fd4  FontCache3.0.0.0 - ok
17:16:37.0673 0x0fd4  [ B3A740CF5841D2087F2A8ACBAD9CA9AD, 587D966D8FF6A6704E8367B470B4F6CA5F6A29A25E960C718E9AB51899D53DD1 ] FoxitReaderService C:\Program Files (x86)\FOXIT SOFTWARE\FOXIT READER\FoxitConnectedPDFService.exe
17:16:37.0735 0x0fd4  FoxitReaderService - ok
17:16:37.0735 0x0fd4  FrameServer - ok
17:16:37.0735 0x0fd4  FsDepends - ok
17:16:37.0751 0x0fd4  Fs_Rec - ok
17:16:37.0751 0x0fd4  fvevol - ok
17:16:37.0766 0x0fd4  gencounter - ok
17:16:37.0766 0x0fd4  genericusbfn - ok
17:16:37.0766 0x0fd4  GPIOClx0101 - ok
17:16:37.0782 0x0fd4  gpsvc - ok
17:16:37.0782 0x0fd4  GpuEnergyDrv - ok
17:16:37.0782 0x0fd4  [ A8FD9222E4D72596BB37DA8BE95C0BA4, 52FC3AA9F704300041E486E57FE863218E4CDF4C8EEE05CA6B99A296EFEE5737 ] gupdate        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
17:16:37.0813 0x0fd4  gupdate - ok
17:16:37.0813 0x0fd4  [ A8FD9222E4D72596BB37DA8BE95C0BA4, 52FC3AA9F704300041E486E57FE863218E4CDF4C8EEE05CA6B99A296EFEE5737 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
17:16:37.0829 0x0fd4  gupdatem - ok
17:16:37.0829 0x0fd4  HdAudAddService - ok
17:16:37.0845 0x0fd4  HDAudBus - ok
17:16:37.0845 0x0fd4  [ B6AC71AAA2B10848F57FC49D55A651AF, 4FAD833654E86F9FAF972AC8AF87FD4A9A765B26B96F096BBD63506B5D521A91 ] HECIx64        C:\WINDOWS\System32\drivers\HECIx64.sys
17:16:37.0860 0x0fd4  HECIx64 - ok
17:16:37.0860 0x0fd4  HidBatt - ok
17:16:37.0876 0x0fd4  HidBth - ok
17:16:37.0876 0x0fd4  hidi2c - ok
17:16:37.0891 0x0fd4  hidinterrupt - ok
17:16:37.0891 0x0fd4  HidIr - ok
17:16:37.0891 0x0fd4  hidserv - ok
17:16:37.0907 0x0fd4  HidUsb - ok
17:16:37.0907 0x0fd4  HomeGroupListener - ok
17:16:37.0907 0x0fd4  HomeGroupProvider - ok
17:16:37.0923 0x0fd4  HpSAMD - ok
17:16:37.0923 0x0fd4  HTTP - ok
17:16:37.0938 0x0fd4  [ 1642C62F1FD5E1FF44608283994A7BB8, 4646AA0EF74A2AEE6C17D12206FCFE1E84D6FA712AD95A171F16D11BC9D3F11A ] huawei_enumerator C:\WINDOWS\System32\drivers\ew_jubusenum.sys
17:16:37.0954 0x0fd4  huawei_enumerator - ok
17:16:37.0954 0x0fd4  HvHost - ok
17:16:37.0970 0x0fd4  hvservice - ok
17:16:37.0970 0x0fd4  HWDeviceService64.exe - ok
17:16:37.0985 0x0fd4  hwpolicy - ok
17:16:37.0985 0x0fd4  hyperkbd - ok
17:16:38.0001 0x0fd4  i8042prt - ok
17:16:38.0001 0x0fd4  iagpio - ok
17:16:38.0001 0x0fd4  iai2c - ok
17:16:38.0016 0x0fd4  iaLPSS2i_GPIO2 - ok
17:16:38.0016 0x0fd4  iaLPSS2i_I2C - ok
17:16:38.0016 0x0fd4  iaLPSSi_GPIO - ok
17:16:38.0016 0x0fd4  iaLPSSi_I2C - ok
17:16:38.0032 0x0fd4  iaStorAV - ok
17:16:38.0032 0x0fd4  iaStorV - ok
17:16:38.0048 0x0fd4  ibbus - ok
17:16:38.0048 0x0fd4  icssvc - ok
17:16:38.0048 0x0fd4  IKEEXT - ok
17:16:38.0063 0x0fd4  [ DD587A55390ED2295BCE6D36AD567DA9, AEB7DCB8EF89BEE8D9649A05FC482B1E4E3F44243D57A2577C862EB69166C48E ] Impcd          C:\WINDOWS\System32\drivers\Impcd.sys
17:16:38.0095 0x0fd4  Impcd - ok
17:16:38.0095 0x0fd4  IndirectKmd - ok
17:16:38.0157 0x0fd4  [ 1A6241B70453A6629A83DB942AA6B08C, EF93785E20E18BF36F667E35F89BBF2A17C86F57E2D17D077F5031CE70E9DC9D ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RTKVHD64.sys
17:16:38.0220 0x0fd4  IntcAzAudAddService - ok
17:16:38.0235 0x0fd4  intelide - ok
17:16:38.0235 0x0fd4  intelpep - ok
17:16:38.0251 0x0fd4  intelppm - ok
17:16:38.0251 0x0fd4  iorate - ok
17:16:38.0266 0x0fd4  IpFilterDriver - ok
17:16:38.0266 0x0fd4  iphlpsvc - ok
17:16:38.0266 0x0fd4  IPMIDRV - ok
17:16:38.0282 0x0fd4  IPNAT - ok
17:16:38.0282 0x0fd4  irda - ok
17:16:38.0282 0x0fd4  IRENUM - ok
17:16:38.0298 0x0fd4  irmon - ok
17:16:38.0298 0x0fd4  isapnp - ok
17:16:38.0298 0x0fd4  iScsiPrt - ok
17:16:38.0313 0x0fd4  [ 5678EC677028221EC5C815BCD07AB697, 02FD1A0290A9A17823D24A0E55D4AB35C3F939C986AB8BB54C6248287466FE0D ] jrdusbser      C:\WINDOWS\system32\DRIVERS\jrdusbser.sys
17:16:38.0345 0x0fd4  jrdusbser - ok
17:16:38.0345 0x0fd4  Juqokchukity - ok
17:16:38.0345 0x0fd4  kbdclass - ok
17:16:38.0360 0x0fd4  kbdhid - ok
17:16:38.0360 0x0fd4  kdnic - ok
17:16:38.0360 0x0fd4  KeyIso - ok
17:16:38.0376 0x0fd4  KSecDD - ok
17:16:38.0376 0x0fd4  KSecPkg - ok
17:16:38.0376 0x0fd4  ksthunk - ok
17:16:38.0391 0x0fd4  KtmRm - ok
17:16:38.0391 0x0fd4  LanmanServer - ok
17:16:38.0407 0x0fd4  LanmanWorkstation - ok
17:16:38.0407 0x0fd4  lfsvc - ok
17:16:38.0407 0x0fd4  LicenseManager - ok
17:16:38.0423 0x0fd4  lltdio - ok
17:16:38.0423 0x0fd4  lltdsvc - ok
17:16:38.0423 0x0fd4  lmhosts - ok
17:16:38.0438 0x0fd4  LSI_SAS - ok
17:16:38.0438 0x0fd4  LSI_SAS2i - ok
17:16:38.0454 0x0fd4  LSI_SAS3i - ok
17:16:38.0454 0x0fd4  LSI_SSS - ok
17:16:38.0454 0x0fd4  LSM - ok
17:16:38.0470 0x0fd4  luafv - ok
17:16:38.0485 0x0fd4  [ A0A527569856B9814E8920F52EBB67F5, 4347277C84B47E4CC048850BDEFB258CFB3B476AA99FD503FD71FBB70FFF5ACF ] LVRS64          C:\WINDOWS\system32\DRIVERS\lvrs64.sys
17:16:38.0501 0x0fd4  LVRS64 - ok
17:16:38.0626 0x0fd4  [ 415E344294D1C0D04627B29146F68481, B4A1A05BDF07E8F226A98E51F62BE18BE2C046A084C495BD8A95CABC79FD0614 ] LVUVC64        C:\WINDOWS\system32\DRIVERS\lvuvc64.sys
17:16:38.0767 0x0fd4  LVUVC64 - ok
17:16:38.0782 0x0fd4  MapsBroker - ok
17:16:38.0782 0x0fd4  [ 3BEC6134F1E45AEF5E971F69F0D38510, 245D7CEEB6561166EE0472551D39A9D3CFDDA52A6BF2E924AB243CCA7FBC9009 ] MBAMChameleon  C:\WINDOWS\system32\drivers\MBAMChameleon.sys
17:16:38.0798 0x0fd4  MBAMChameleon - ok
17:16:38.0813 0x0fd4  [ 88BD122C3A35DE63D75D382DF75554CE, ABDF59543CAD186A6ED4E66257205D9CF5047732A5DA74A96A28B468B41BC396 ] MBAMProtection  C:\WINDOWS\system32\drivers\mbam.sys
17:16:38.0829 0x0fd4  MBAMProtection - ok
17:16:38.0938 0x0fd4  [ 28E521A6ABA9DE062A3719452816F495, B312A37DA052229DFB19353170CD5828582F8AC6426E857CA7C8ACA0DD91C160 ] MBAMService    C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
17:16:39.0063 0x0fd4  MBAMService - ok
17:16:39.0079 0x0fd4  megasas - ok
17:16:39.0079 0x0fd4  megasas2i - ok
17:16:39.0095 0x0fd4  megasr - ok
17:16:39.0095 0x0fd4  MessagingService - ok
17:16:39.0110 0x0fd4  mlx4_bus - ok
17:16:39.0110 0x0fd4  MMCSS - ok
17:16:39.0126 0x0fd4  [ 1CE0621B591913C12BECAA5B50E88BB2, 115068C57570140C9389BD923A4E68236ACEBB4F733DA09D05AEEDAD7317AB46 ] Mobile Partner. RunOuc C:\Program Files (x86)\Mobile Partner\UpdateDog\ouc.exe
17:16:39.0142 0x0fd4  Mobile Partner. RunOuc - ok
17:16:39.0157 0x0fd4  Modem - ok
17:16:39.0157 0x0fd4  monitor - ok
17:16:39.0157 0x0fd4  mouclass - ok
17:16:39.0173 0x0fd4  mouhid - ok
17:16:39.0173 0x0fd4  mountmgr - ok
17:16:39.0173 0x0fd4  mpsdrv - ok
17:16:39.0188 0x0fd4  MpsSvc - ok
17:16:39.0188 0x0fd4  MRxDAV - ok
17:16:39.0204 0x0fd4  mrxsmb - ok
17:16:39.0204 0x0fd4  mrxsmb10 - ok
17:16:39.0204 0x0fd4  mrxsmb20 - ok
17:16:39.0220 0x0fd4  MsBridge - ok
17:16:39.0220 0x0fd4  MSDTC - ok
17:16:39.0235 0x0fd4  Msfs - ok
17:16:39.0235 0x0fd4  msgpiowin32 - ok
17:16:39.0251 0x0fd4  mshidkmdf - ok
17:16:39.0251 0x0fd4  mshidumdf - ok
17:16:39.0251 0x0fd4  msisadrv - ok
17:16:39.0267 0x0fd4  MSiSCSI - ok
17:16:39.0267 0x0fd4  msiserver - ok
17:16:39.0267 0x0fd4  MSKSSRV - ok
17:16:39.0282 0x0fd4  MsLldp - ok
17:16:39.0282 0x0fd4  MSPCLOCK - ok
17:16:39.0298 0x0fd4  MSPQM - ok
17:16:39.0298 0x0fd4  MsRPC - ok
17:16:39.0298 0x0fd4  MsSecFlt - ok
17:16:39.0313 0x0fd4  mssmbios - ok
17:16:39.0313 0x0fd4  MSTEE - ok
17:16:39.0329 0x0fd4  MTConfig - ok
17:16:39.0329 0x0fd4  Mup - ok
17:16:39.0329 0x0fd4  mvumis - ok
17:16:39.0345 0x0fd4  NativeWifiP - ok
17:16:39.0376 0x0fd4  [ E0E4A1F81A7D69C595A8A9DDAD084C19, 8F55F3637AE8BFFB0ACE37AFC5122026525137E0B2923899B779C1BD08DF0E22 ] NAUpdate        C:\Program Files (x86)\Nero\Update\NASvc.exe
17:16:39.0407 0x0fd4  NAUpdate - ok
17:16:39.0407 0x0fd4  NcaSvc - ok
17:16:39.0423 0x0fd4  NcbService - ok
17:16:39.0423 0x0fd4  NcdAutoSetup - ok
17:16:39.0423 0x0fd4  ndfltr - ok
17:16:39.0438 0x0fd4  NDIS - ok
17:16:39.0438 0x0fd4  NdisCap - ok
17:16:39.0438 0x0fd4  NdisImPlatform - ok
17:16:39.0454 0x0fd4  NdisTapi - ok
17:16:39.0454 0x0fd4  Ndisuio - ok
17:16:39.0470 0x0fd4  NdisVirtualBus - ok
17:16:39.0470 0x0fd4  NdisWan - ok
17:16:39.0470 0x0fd4  ndiswanlegacy - ok
17:16:39.0485 0x0fd4  ndproxy - ok
17:16:39.0485 0x0fd4  Ndu - ok
17:16:39.0485 0x0fd4  NetAdapterCx - ok
17:16:39.0501 0x0fd4  NetBIOS - ok
17:16:39.0501 0x0fd4  NetBT - ok
17:16:39.0501 0x0fd4  Netlogon - ok
17:16:39.0517 0x0fd4  Netman - ok
17:16:39.0517 0x0fd4  netprofm - ok
17:16:39.0532 0x0fd4  NetSetupSvc - ok
17:16:39.0532 0x0fd4  NetTcpPortSharing - ok
17:16:39.0548 0x0fd4  NgcCtnrSvc - ok
17:16:39.0548 0x0fd4  NgcSvc - ok
17:16:39.0548 0x0fd4  NlaSvc - ok
17:16:39.0563 0x0fd4  [ DE7FCC77F4A503AF4CA6A47D49B3713D, 4BFAA99393F635CD05D91A64DE73EDB5639412C129E049F0FE34F88517A10FC6 ] npf            C:\WINDOWS\system32\drivers\npf.sys
17:16:39.0579 0x0fd4  npf - ok
17:16:39.0579 0x0fd4  Npfs - ok
17:16:39.0579 0x0fd4  npsvctrig - ok
17:16:39.0595 0x0fd4  nsi - ok
17:16:39.0595 0x0fd4  nsiproxy - ok
17:16:39.0610 0x0fd4  NTFS - ok
17:16:39.0610 0x0fd4  Null - ok
17:16:39.0610 0x0fd4  [ B01C1E6D7477961D6D1CBDCD44AF3E67, 407BD335FE7C87DFBD9EDE49BDD828263D8C8D25C8216FF04AC70320E74AE8B6 ] nusb3hub        C:\WINDOWS\System32\drivers\nusb3hub.sys
17:16:39.0626 0x0fd4  nusb3hub - ok
17:16:39.0642 0x0fd4  nvraid - ok
17:16:39.0642 0x0fd4  nvstor - ok
17:16:39.0657 0x0fd4  OneSyncSvc - ok
17:16:39.0673 0x0fd4  [ 11E0B35479C895888BA3D7F619DCFFF3, 6ED82C19898101EC00BD64A9F90595C3D20AD2D2902AA8765B740FB3B9312DDF ] ose64          C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:16:39.0688 0x0fd4  ose64 - ok
17:16:39.0704 0x0fd4  p2pimsvc - ok
17:16:39.0704 0x0fd4  p2psvc - ok
17:16:39.0720 0x0fd4  Parport - ok
17:16:39.0720 0x0fd4  partmgr - ok
17:16:39.0735 0x0fd4  PcaSvc - ok
17:16:39.0735 0x0fd4  pci - ok
17:16:39.0735 0x0fd4  pciide - ok
17:16:39.0751 0x0fd4  pcmcia - ok
17:16:39.0751 0x0fd4  pcw - ok
17:16:39.0751 0x0fd4  pdc - ok
17:16:39.0767 0x0fd4  PEAUTH - ok
17:16:39.0767 0x0fd4  PeerDistSvc - ok
17:16:39.0782 0x0fd4  percsas2i - ok
17:16:39.0782 0x0fd4  percsas3i - ok
17:16:39.0798 0x0fd4  PerfHost - ok
17:16:39.0813 0x0fd4  PhoneSvc - ok
17:16:39.0813 0x0fd4  PimIndexMaintenanceSvc - ok
17:16:39.0829 0x0fd4  pla - ok
17:16:39.0829 0x0fd4  PlugPlay - ok
17:16:39.0845 0x0fd4  PnkBstrA - ok
17:16:39.0845 0x0fd4  PnkBstrB - ok
17:16:39.0845 0x0fd4  PNRPAutoReg - ok
17:16:39.0860 0x0fd4  PNRPsvc - ok
17:16:39.0860 0x0fd4  PolicyAgent - ok
17:16:39.0860 0x0fd4  Power - ok
17:16:39.0876 0x0fd4  PptpMiniport - ok
17:16:39.0954 0x0fd4  [ 7196D3C2E2E3129814C8DAB91F9A7D1E, 6763E4BF8E846B597E78778E520F5BADC95608BAA4EA0AC84971384B5D976DD7 ] PrintNotify    C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll
17:16:40.0095 0x0fd4  PrintNotify - ok
17:16:40.0110 0x0fd4  Processor - ok
17:16:40.0110 0x0fd4  ProfSvc - ok
17:16:40.0110 0x0fd4  Psched - ok
17:16:40.0126 0x0fd4  [ C32ECB99AD25E9A04F01C8665DF29EF8, 0489B3DEC6A33E50D8A48A8DAD3F5B923A81F7300E4A71358D90D2879BAC9AA2 ] pwdrvio        C:\Windows\system32\pwdrvio.sys
17:16:40.0142 0x0fd4  pwdrvio - ok
17:16:40.0157 0x0fd4  [ D619356B955EEFA642F5FF72755E8B3C, 1FD54978A77ACD6FBF1236E177ED074894743A9141E4169FE9AFE28680FC93C5 ] pwdspio        C:\Windows\system32\pwdspio.sys
17:16:40.0173 0x0fd4  pwdspio - ok
17:16:40.0188 0x0fd4  QWAVE - ok
17:16:40.0188 0x0fd4  QWAVEdrv - ok
17:16:40.0188 0x0fd4  RasAcd - ok
17:16:40.0204 0x0fd4  RasAgileVpn - ok
17:16:40.0204 0x0fd4  RasAuto - ok
17:16:40.0204 0x0fd4  Rasl2tp - ok
17:16:40.0220 0x0fd4  RasMan - ok
17:16:40.0220 0x0fd4  RasPppoe - ok
17:16:40.0235 0x0fd4  RasSstp - ok
17:16:40.0235 0x0fd4  rdbss - ok
17:16:40.0235 0x0fd4  rdpbus - ok
17:16:40.0251 0x0fd4  RDPDR - ok
17:16:40.0251 0x0fd4  RdpVideoMiniport - ok
17:16:40.0267 0x0fd4  rdyboost - ok
17:16:40.0267 0x0fd4  ReFSv1 - ok
17:16:40.0282 0x0fd4  RemoteAccess - ok
17:16:40.0282 0x0fd4  RemoteRegistry - ok
17:16:40.0298 0x0fd4  RetailDemo - ok
17:16:40.0298 0x0fd4  [ 5CA4ABD888B602551B59BAA26941C167, F6FC0F828153E07EAFFAB6E11556DA23A5F6D9FC063E36947B1AC73E7E7E705E ] rimspci        C:\WINDOWS\System32\drivers\rimssne64.sys
17:16:40.0329 0x0fd4  rimspci - ok
17:16:40.0329 0x0fd4  [ BB6E138AEB351728959DA5E2731D8140, E6656869A03380EB96A31E4E5FF4D565916EB0A7ED334330D2DD039390441D15 ] risdsnpe        C:\WINDOWS\System32\drivers\risdsne64.sys
17:16:40.0360 0x0fd4  risdsnpe - ok
17:16:40.0360 0x0fd4  RmSvc - ok
17:16:40.0360 0x0fd4  RpcEptMapper - ok
17:16:40.0376 0x0fd4  RpcLocator - ok
17:16:40.0376 0x0fd4  RpcSs - ok
17:16:40.0392 0x0fd4  rspndr - ok
17:16:40.0392 0x0fd4  [ 7421A35C45484B95E83B5E9E107CEFC2, 128BB6A7552B9D57284056FB8946A6FE3C620F7B706F709F896828304A6FCD77 ] RTHDMIAzAudService C:\WINDOWS\system32\drivers\RtHDMIVX.sys
17:16:40.0407 0x0fd4  RTHDMIAzAudService - ok
17:16:40.0423 0x0fd4  s3cap - ok
17:16:40.0423 0x0fd4  SamSs - ok
17:16:40.0423 0x0fd4  [ 3289766038DB2CB14D07DC84392138D5, A7790B787690CC1A8B97E4532090C5295350A836A9474DEA74CEB3E81CF26124 ] SASDIFSV        C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
17:16:40.0438 0x0fd4  SASDIFSV - ok
17:16:40.0454 0x0fd4  [ 58A38E75F3316A83C23DF6173D41F2B5, B0A8CDA1D164B7534FB41AB80792861384709BF0F914F44553275CF20194F1A1 ] SASKUTIL        C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
17:16:40.0454 0x0fd4  SASKUTIL - ok
17:16:40.0470 0x0fd4  sbp2port - ok
17:16:40.0470 0x0fd4  SCardSvr - ok
17:16:40.0485 0x0fd4  ScDeviceEnum - ok
17:16:40.0485 0x0fd4  scfilter - ok
17:16:40.0501 0x0fd4  Schedule - ok
17:16:40.0501 0x0fd4  scmbus - ok
17:16:40.0501 0x0fd4  scmdisk0101 - ok
17:16:40.0517 0x0fd4  SCPolicySvc - ok
17:16:40.0517 0x0fd4  sdbus - ok
17:16:40.0532 0x0fd4  SDRSVC - ok
17:16:40.0532 0x0fd4  sdstor - ok
17:16:40.0532 0x0fd4  seclogon - ok
17:16:40.0548 0x0fd4  SENS - ok
17:16:40.0548 0x0fd4  Sense - ok
17:16:40.0563 0x0fd4  SensorDataService - ok
17:16:40.0563 0x0fd4  SensorService - ok
17:16:40.0563 0x0fd4  SensrSvc - ok
17:16:40.0579 0x0fd4  SerCx - ok
17:16:40.0579 0x0fd4  SerCx2 - ok
17:16:40.0595 0x0fd4  Serenum - ok
17:16:40.0595 0x0fd4  Serial - ok
17:16:40.0595 0x0fd4  sermouse - ok
17:16:40.0610 0x0fd4  SessionEnv - ok
17:16:40.0626 0x0fd4  [ 70F9C476B62DE4F2823E918A6C181ADE, E1A641418A6CB4FA38BB29B86934838B28D8909B8066E5089D85BF72FD61F4C4 ] SFEP            C:\WINDOWS\System32\drivers\SFEP.sys
17:16:40.0642 0x0fd4  SFEP - ok
17:16:40.0642 0x0fd4  sfloppy - ok
17:16:40.0657 0x0fd4  SharedAccess - ok
17:16:40.0657 0x0fd4  ShellHWDetection - ok
17:16:40.0657 0x0fd4  shpamsvc - ok
17:16:40.0673 0x0fd4  SiSRaid2 - ok
17:16:40.0673 0x0fd4  SiSRaid4 - ok
17:16:40.0688 0x0fd4  [ F3AAB7DF6408431C762D8721B68F46E4, 56ED764AA660955B8B06322703D086B3A52106625A83CCAF195B08BCBDEDA88F ] SkypeUpdate    C:\Program Files (x86)\Skype\Updater\Updater.exe
17:16:40.0720 0x0fd4  SkypeUpdate - ok
17:16:40.0720 0x0fd4  smphost - ok
17:16:40.0735 0x0fd4  SmsRouter - ok
17:16:40.0751 0x0fd4  SNMPTRAP - ok
17:16:40.0751 0x0fd4  spaceport - ok
17:16:40.0751 0x0fd4  Sparhandy_Germany Silverstone Modem Device Helper - ok
17:16:40.0767 0x0fd4  SpbCx - ok
17:16:40.0782 0x0fd4  [ 0FFE35F0B0CD5A324BBE22F02569AE3B, F4EE803EEFDB4EAEEDB3024C3516F1F9A202C77F4870D6B74356BBDE32B3B560 ] speedfan        C:\Windows\SysWOW64\speedfan.sys
17:16:40.0798 0x0fd4  speedfan - ok
17:16:40.0813 0x0fd4  Spooler - ok
17:16:40.0813 0x0fd4  sppsvc - ok
17:16:40.0813 0x0fd4  srv - ok
17:16:40.0829 0x0fd4  srv2 - ok
17:16:40.0829 0x0fd4  srvnet - ok
17:16:40.0845 0x0fd4  SSDPSRV - ok
17:16:40.0845 0x0fd4  SstpSvc - ok
17:16:40.0860 0x0fd4  [ 5252D7BC56E5E0ED715AEA8FE173A455, 1408B3E98B35A449434718777EE70595F0D306197A428279C6281D2F1953F259 ] ssudmdm        C:\WINDOWS\system32\DRIVERS\ssudmdm.sys
17:16:40.0876 0x0fd4  ssudmdm - ok
17:16:40.0876 0x0fd4  StateRepository - ok
17:16:40.0892 0x0fd4  stexstor - ok
17:16:40.0892 0x0fd4  stisvc - ok
17:16:40.0892 0x0fd4  storahci - ok
17:16:40.0907 0x0fd4  storflt - ok
17:16:40.0907 0x0fd4  stornvme - ok
17:16:40.0923 0x0fd4  storqosflt - ok
17:16:40.0923 0x0fd4  StorSvc - ok
17:16:40.0923 0x0fd4  storufs - ok
17:16:40.0938 0x0fd4  storvsc - ok
17:16:40.0938 0x0fd4  svsvc - ok
17:16:40.0954 0x0fd4  swenum - ok
17:16:40.0954 0x0fd4  swprv - ok
17:16:40.0954 0x0fd4  Synth3dVsc - ok
17:16:40.0970 0x0fd4  SysMain - ok
17:16:40.0970 0x0fd4  SystemEventsBroker - ok
17:16:40.0985 0x0fd4  TabletInputService - ok
17:16:40.0985 0x0fd4  [ 3C32FF010F869BC184DF71290477384E, 55CFCEC7F026C6E2E96A2FBE846AB513BB12BB0348735274FE1B71AF019C837B ] tap0901        C:\WINDOWS\System32\drivers\tap0901.sys
17:16:41.0001 0x0fd4  tap0901 - ok
17:16:41.0001 0x0fd4  TapiSrv - ok
17:16:41.0017 0x0fd4  Tcpip - ok
17:16:41.0017 0x0fd4  Tcpip6 - ok
17:16:41.0032 0x0fd4  tcpipreg - ok
17:16:41.0032 0x0fd4  tdx - ok
17:16:41.0048 0x0fd4  terminpt - ok
17:16:41.0048 0x0fd4  TermService - ok
17:16:41.0048 0x0fd4  Themes - ok
17:16:41.0063 0x0fd4  TieringEngineService - ok
17:16:41.0063 0x0fd4  tiledatamodelsvc - ok
17:16:41.0079 0x0fd4  TimeBrokerSvc - ok
17:16:41.0079 0x0fd4  TPM - ok
17:16:41.0079 0x0fd4  TrkWks - ok
17:16:41.0095 0x0fd4  TrustedInstaller - ok
17:16:41.0095 0x0fd4  tsusbflt - ok
17:16:41.0110 0x0fd4  TsUsbGD - ok
17:16:41.0110 0x0fd4  tsusbhub - ok
17:16:41.0110 0x0fd4  tunnel - ok
17:16:41.0126 0x0fd4  tzautoupdate - ok
17:16:41.0126 0x0fd4  UASPStor - ok
17:16:41.0142 0x0fd4  [ 209F5CEAAAFE601851E7B40902FC230D, B7BFD753DF9EA1AD6D6BD8FB47F24E79FA84208E7A66C88B934C3A13B087901D ] ucdrv          C:\WINDOWS\System32\drivers:ucdrv-x64.sys
17:16:41.0157 0x0fd4  Suspicious file ( Hidden ): C:\WINDOWS\System32\drivers:ucdrv-x64.sys. md5: 209F5CEAAAFE601851E7B40902FC230D, sha256: B7BFD753DF9EA1AD6D6BD8FB47F24E79FA84208E7A66C88B934C3A13B087901D
17:16:41.0157 0x0fd4  ucdrv - detected HiddenFile.Multi.Generic ( 1 )
17:16:41.0157 0x0fd4  Detect skipped due to KSN trusted
17:16:41.0157 0x0fd4  ucdrv - ok
17:16:41.0157 0x0fd4  UcmCx0101 - ok
17:16:41.0157 0x0fd4  UcmTcpciCx0101 - ok
17:16:41.0173 0x0fd4  UcmUcsi - ok
17:16:41.0173 0x0fd4  Ucx01000 - ok
17:16:41.0188 0x0fd4  UdeCx - ok
17:16:41.0188 0x0fd4  udfs - ok
17:16:41.0188 0x0fd4  UEFI - ok
17:16:41.0204 0x0fd4  UevAgentDriver - ok
17:16:41.0204 0x0fd4  UevAgentService - ok
17:16:41.0204 0x0fd4  Ufx01000 - ok
17:16:41.0220 0x0fd4  UfxChipidea - ok
17:16:41.0220 0x0fd4  ufxsynopsys - ok
17:16:41.0235 0x0fd4  UI0Detect - ok
17:16:41.0235 0x0fd4  umbus - ok
17:16:41.0251 0x0fd4  UmPass - ok
17:16:41.0251 0x0fd4  UmRdpService - ok
17:16:41.0251 0x0fd4  UnistoreSvc - ok
17:16:41.0267 0x0fd4  [ 9DC07E73A4ABB9ACF692113B36A5009F, CA7176FC219515D58DCFA66EC61880ECE5617275C9B83701BB74D8B60E733D34 ] UnlockerDriver5 C:\Program Files\Unlocker\UnlockerDriver5.sys
17:16:41.0282 0x0fd4  UnlockerDriver5 - ok
17:16:41.0282 0x0fd4  upnphost - ok
17:16:41.0298 0x0fd4  UrsChipidea - ok
17:16:41.0298 0x0fd4  UrsCx01000 - ok
17:16:41.0298 0x0fd4  UrsSynopsys - ok
17:16:41.0329 0x0fd4  [ 55020D37C29F05D583A76F20127B4FD7, 9BFB5F16D5C15ADF3ECB8769B66F443250497F6A2F58FA74954EC64EF2F6C33E ] USB28xxBGA      C:\WINDOWS\system32\DRIVERS\emBDA64.sys
17:16:41.0360 0x0fd4  USB28xxBGA - ok
17:16:41.0376 0x0fd4  [ D7940283C43E440FCF83AB55B85689C9, C41DD0E5CE66328694047FF468BBBB3D35FBB9CB41A249202A05DB411EFEEFB1 ] USB28xxOEM      C:\WINDOWS\system32\DRIVERS\emOEM64.sys
17:16:41.0392 0x0fd4  USB28xxOEM - ok
17:16:41.0392 0x0fd4  usbaudio - ok
17:16:41.0407 0x0fd4  usbccgp - ok
17:16:41.0407 0x0fd4  usbcir - ok
17:16:41.0423 0x0fd4  usbehci - ok
17:16:41.0423 0x0fd4  usbhub - ok
17:16:41.0423 0x0fd4  USBHUB3 - ok
17:16:41.0439 0x0fd4  usbohci - ok
17:16:41.0439 0x0fd4  usbprint - ok
17:16:41.0454 0x0fd4  usbscan - ok
17:16:41.0454 0x0fd4  usbser - ok
17:16:41.0454 0x0fd4  USBSTOR - ok
17:16:41.0470 0x0fd4  usbuhci - ok
17:16:41.0470 0x0fd4  usbvideo - ok
17:16:41.0485 0x0fd4  USBXHCI - ok
17:16:41.0485 0x0fd4  UserDataSvc - ok
17:16:41.0485 0x0fd4  UserManager - ok
17:16:41.0501 0x0fd4  UsoSvc - ok
17:16:41.0501 0x0fd4  VaultSvc - ok
17:16:41.0517 0x0fd4  vdrvroot - ok
17:16:41.0517 0x0fd4  vds - ok
17:16:41.0532 0x0fd4  VerifierExt - ok
17:16:41.0532 0x0fd4  vhdmp - ok
17:16:41.0548 0x0fd4  vhf - ok
17:16:41.0548 0x0fd4  vmbus - ok
17:16:41.0564 0x0fd4  VMBusHID - ok
17:16:41.0564 0x0fd4  vmgid - ok
17:16:41.0579 0x0fd4  vmicguestinterface - ok
17:16:41.0579 0x0fd4  vmicheartbeat - ok
17:16:41.0579 0x0fd4  vmickvpexchange - ok
17:16:41.0595 0x0fd4  vmicrdv - ok
17:16:41.0595 0x0fd4  vmicshutdown - ok
17:16:41.0610 0x0fd4  vmictimesync - ok
17:16:41.0610 0x0fd4  vmicvmsession - ok
17:16:41.0626 0x0fd4  vmicvss - ok
17:16:41.0626 0x0fd4  volmgr - ok
17:16:41.0626 0x0fd4  volmgrx - ok
17:16:41.0642 0x0fd4  volsnap - ok
17:16:41.0642 0x0fd4  volume - ok
17:16:41.0657 0x0fd4  vpci - ok
17:16:41.0657 0x0fd4  vsmraid - ok
17:16:41.0657 0x0fd4  VSS - ok
17:16:41.0673 0x0fd4  VSTXRAID - ok
17:16:41.0673 0x0fd4  vwifibus - ok
17:16:41.0689 0x0fd4  vwififlt - ok
17:16:41.0689 0x0fd4  vwifimp - ok
17:16:41.0689 0x0fd4  W32Time - ok
17:16:41.0704 0x0fd4  WacomPen - ok
17:16:41.0704 0x0fd4  WalletService - ok
17:16:41.0720 0x0fd4  wanarp - ok
17:16:41.0720 0x0fd4  wanarpv6 - ok
17:16:41.0720 0x0fd4  wbengine - ok
17:16:41.0735 0x0fd4  WbioSrvc - ok
17:16:41.0735 0x0fd4  wcifs - ok
17:16:41.0751 0x0fd4  Wcmsvc - ok
17:16:41.0751 0x0fd4  wcncsvc - ok
17:16:41.0767 0x0fd4  wcnfs - ok
17:16:41.0767 0x0fd4  WdBoot - ok
17:16:41.0767 0x0fd4  Wdf01000 - ok
17:16:41.0782 0x0fd4  WdFilter - ok
17:16:41.0782 0x0fd4  WdiServiceHost - ok
17:16:41.0798 0x0fd4  WdiSystemHost - ok
17:16:41.0798 0x0fd4  wdiwifi - ok
17:16:41.0798 0x0fd4  WdNisDrv - ok
17:16:41.0814 0x0fd4  WdNisSvc - ok
17:16:41.0814 0x0fd4  WebClient - ok
17:16:41.0829 0x0fd4  Wecsvc - ok
17:16:41.0829 0x0fd4  WEPHOSTSVC - ok
17:16:41.0829 0x0fd4  wercplsupport - ok
17:16:41.0845 0x0fd4  WerSvc - ok
17:16:41.0845 0x0fd4  WFPLWFS - ok
17:16:41.0860 0x0fd4  WiaRpc - ok
17:16:41.0860 0x0fd4  WIMMount - ok
17:16:41.0860 0x0fd4  WinDefend - ok
17:16:41.0876 0x0fd4  WindowsTrustedRT - ok
17:16:41.0876 0x0fd4  WindowsTrustedRTProxy - ok
17:16:41.0892 0x0fd4  WinHttpAutoProxySvc - ok
17:16:41.0892 0x0fd4  WinMad - ok
17:16:41.0907 0x0fd4  Winmgmt - ok
17:16:41.0907 0x0fd4  WinRM - ok
17:16:41.0923 0x0fd4  WINUSB - ok
17:16:41.0923 0x0fd4  WinVerbs - ok
17:16:41.0939 0x0fd4  wisvc - ok
17:16:41.0939 0x0fd4  WlanSvc - ok
17:16:41.0954 0x0fd4  wlidsvc - ok
17:16:41.0954 0x0fd4  WmiAcpi - ok
17:16:41.0970 0x0fd4  wmiApSrv - ok
17:16:41.0970 0x0fd4  WMPNetworkSvc - ok
17:16:41.0985 0x0fd4  Wof - ok
17:16:41.0985 0x0fd4  workfolderssvc - ok
17:16:42.0001 0x0fd4  WPDBusEnum - ok
17:16:42.0001 0x0fd4  WpdUpFltr - ok
17:16:42.0017 0x0fd4  WpnService - ok
17:16:42.0017 0x0fd4  WpnUserService - ok
17:16:42.0032 0x0fd4  ws2ifsl - ok
17:16:42.0032 0x0fd4  wscsvc - ok
17:16:42.0032 0x0fd4  WSearch - ok
17:16:42.0048 0x0fd4  wuauserv - ok
17:16:42.0048 0x0fd4  WudfPf - ok
17:16:42.0064 0x0fd4  WUDFRd - ok
17:16:42.0064 0x0fd4  wudfsvc - ok
17:16:42.0079 0x0fd4  WUDFWpdFs - ok
17:16:42.0079 0x0fd4  WUDFWpdMtp - ok
17:16:42.0095 0x0fd4  WwanSvc - ok
17:16:42.0095 0x0fd4  XblAuthManager - ok
17:16:42.0095 0x0fd4  XblGameSave - ok
17:16:42.0110 0x0fd4  xboxgip - ok
17:16:42.0110 0x0fd4  XboxNetApiSvc - ok
17:16:42.0126 0x0fd4  xinputhid - ok
17:16:42.0142 0x0fd4  ykinw8 - ok
17:16:42.0142 0x0fd4  ================ Scan global ===============================
17:16:42.0157 0x0fd4  [ Global ] - ok
17:16:42.0157 0x0fd4  ================ Scan MBR ==================================
17:16:42.0157 0x0fd4  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
17:16:42.0251 0x0fd4  \Device\Harddisk0\DR0 - ok
17:16:42.0251 0x0fd4  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR1
17:16:42.0329 0x0fd4  \Device\Harddisk1\DR1 - ok
17:16:42.0329 0x0fd4  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk4\DR4
17:16:42.0407 0x0fd4  \Device\Harddisk4\DR4 - ok
17:16:42.0407 0x0fd4  ================ Scan VBR ==================================
17:16:42.0407 0x0fd4  [ B75D89CA6D84C3CB1A6CA73A56716F49 ] \Device\Harddisk0\DR0\Partition1
17:16:42.0423 0x0fd4  \Device\Harddisk0\DR0\Partition1 - ok
17:16:42.0423 0x0fd4  [ BF802D8035F06A0BA68F026159CA8763 ] \Device\Harddisk1\DR1\Partition1
17:16:42.0423 0x0fd4  \Device\Harddisk1\DR1\Partition1 - ok
17:16:42.0423 0x0fd4  [ 55D863E4CA2B9A5E1BB7A9B572FDDD70 ] \Device\Harddisk4\DR4\Partition1
17:16:42.0423 0x0fd4  \Device\Harddisk4\DR4\Partition1 - ok
17:16:42.0423 0x0fd4  ================ Scan generic autorun ======================
17:16:42.0610 0x0fd4  [ 5229C2546E151D368A1CE0E451351231, 2E421986933D70789665195A92D2A9022500E9382B2881881B741F0023D6422E ] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
17:16:42.0798 0x0fd4  RtHDVCpl - ok
17:16:42.0814 0x0fd4  [ 5677C8C60F4659E8626AC9036EEF38DF, 1C7D3EC3BCB3E34900DD9556A3EBAF449C68585DC8E07682E680790497105B8B ] C:\Program Files\Classic Shell\ClassicStartMenu.exe
17:16:42.0829 0x0fd4  Classic Start Menu - ok
17:16:42.0829 0x0fd4  [ 8943465BEFA91044227D42E84ECB8280, 76D19CE3EB7E6C6573F250543CDC10B3601604535BFB756805AE246FA55AC265 ] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
17:16:42.0845 0x0fd4  NUSB3MON - ok
17:16:42.0860 0x0fd4  [ CD0362AEE36CFE1EF5DF973230742E67, 9F1D8AD4E09D16C39CD6A35CB298456468C1808226FFA8AD65BF9562A6ECC07D ] C:\Program Files (x86)\PDF24\pdf24.exe
17:16:42.0892 0x0fd4  PDFPrint - ok
17:16:42.0892 0x0fd4  [ B69B3F28C5DB496202C88F5A181640AC, 6ECD6DCFE27A043457BA910289849534ED9D173856DAF694687366E1A2C7A135 ] C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe
17:16:42.0907 0x0fd4  Avira SystrayStartTrigger - ok
17:16:42.0923 0x0fd4  OneDriveSetup - ok
17:16:42.0923 0x0fd4  OneDriveSetup - ok
17:16:42.0954 0x0fd4  [ 7D0F245088942BCB888A0AC149A6F378, 20B8145FC6988DB195E7E153FB8CA20DDE39CFC540AC5DC9BC1E91497E3ACC92 ] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIEJE.EXE
17:16:42.0970 0x0fd4  EPSON Stylus Office BX300F - ok
17:16:43.0079 0x0fd4  [ F73154E180105822A5F9B755BA933737, 1CD775B6CE3736A70EC5FC7A6B77A2FEDA70D59B49A66046CC20B341005501D9 ] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
17:16:43.0189 0x0fd4  DAEMON Tools Lite - ok
17:16:43.0204 0x0fd4  AV detected via SS2: Windows Defender, C:\Program Files\Windows Defender\MSASCui.exe ( 4.10.14393.187 ), 0x60100 ( disabled : updated )
17:16:43.0204 0x0fd4  AV detected via SS2: Malwarebytes, C:\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe ( 3.0.0.134 ), 0x60000 ( disabled : updated )
17:16:43.0204 0x0fd4  Win FW state via NFP2: enabled ( trusted )
17:16:43.0298 0x0fd4  ============================================================
17:16:43.0298 0x0fd4  Scan finished
17:16:43.0298 0x0fd4  ============================================================
17:16:43.0298 0x00d4  Detected object count: 0
17:16:43.0298 0x00d4  Actual detected object count: 0
17:17:47.0598 0x0380  Deinitialize success

Code:
17:26:27.0450 0x0fe4  TDSS rootkit removing tool 3.1.0.12 Nov  7 2016 07:10:01
17:26:30.0419 0x0fe4  ============================================================
17:26:30.0419 0x0fe4  Current date / time: 2016/12/22 17:26:30.0419
17:26:30.0419 0x0fe4  SystemInfo:
17:26:30.0419 0x0fe4 
17:26:30.0419 0x0fe4  OS Version: 10.0.14393 ServicePack: 0.0
17:26:30.0419 0x0fe4  Product type: Workstation
17:26:30.0419 0x0fe4  ComputerName: SONYDB
17:26:30.0419 0x0fe4  UserName: db
17:26:30.0419 0x0fe4  Windows directory: C:\WINDOWS
17:26:30.0419 0x0fe4  System windows directory: C:\WINDOWS
17:26:30.0419 0x0fe4  Running under WOW64
17:26:30.0419 0x0fe4  Processor architecture: Intel x64
17:26:30.0419 0x0fe4  Number of processors: 4
17:26:30.0419 0x0fe4  Page size: 0x1000
17:26:30.0419 0x0fe4  Boot type: Normal boot
17:26:30.0419 0x0fe4  CodeIntegrityOptions = 0x00000001
17:26:30.0434 0x0fe4  ============================================================
17:26:30.0497 0x0fe4  KLMD registered as C:\WINDOWS\system32\drivers\06235165.sys
17:26:30.0497 0x0fe4  KLMD ARK init status: drvProperties = 0xFFF00, osBuild = 14393.576, osProperties = 0x19
17:26:30.0575 0x0fe4  System UUID: {89ED3A84-A01E-3FFA-4466-86F945B2E9B7}
17:26:30.0841 0x0fe4  Drive \Device\Harddisk0\DR0 - Size: 0x1DCF856000 ( 119.24 Gb ), SectorSize: 0x200, Cylinders: 0x3CCE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:26:30.0903 0x0fe4  Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:26:30.0934 0x0fe4  Drive \Device\Harddisk4\DR4 - Size: 0x773C00000 ( 29.81 Gb ), SectorSize: 0x200, Cylinders: 0xF33, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
17:26:30.0934 0x0fe4  ============================================================
17:26:30.0934 0x0fe4  \Device\Harddisk0\DR0:
17:26:30.0934 0x0fe4  MBR partitions:
17:26:30.0934 0x0fe4  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xED9A000
17:26:30.0934 0x0fe4  \Device\Harddisk1\DR1:
17:26:30.0934 0x0fe4  MBR partitions:
17:26:30.0950 0x0fe4  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F00, BlocksNum 0x3A380D41
17:26:30.0950 0x0fe4  \Device\Harddisk4\DR4:
17:26:30.0950 0x0fe4  MBR partitions:
17:26:30.0950 0x0fe4  \Device\Harddisk4\DR4\Partition1: MBR, Type 0xC, StartLBA 0x2000, BlocksNum 0x3B9E000
17:26:30.0950 0x0fe4  ============================================================
17:26:30.0950 0x0fe4  C: <-> \Device\Harddisk0\DR0\Partition1
17:26:30.0966 0x0fe4  D: <-> \Device\Harddisk1\DR1\Partition1
17:26:30.0966 0x0fe4  ============================================================
17:26:30.0966 0x0fe4  Initialize success
17:26:30.0966 0x0fe4  ============================================================
17:26:38.0310 0x11a0  ============================================================
17:26:38.0310 0x11a0  Scan started
17:26:38.0310 0x11a0  Mode: Manual; SigCheck; TDLFS;
17:26:38.0310 0x11a0  ============================================================
17:26:38.0310 0x11a0  KSN ping started
17:26:38.0325 0x11a0  KSN ping finished: false
17:26:39.0185 0x11a0  ================ Scan system memory ========================
17:26:39.0185 0x11a0  System memory - ok
17:26:39.0185 0x11a0  ================ Scan services =============================
17:26:39.0185 0x11a0  [ 970C70F6B2953ED43822D3797855D84C, CB22723678B514277BC6E6DDDD206F3B2377CD889C9D473A47A7056BE597BC6B ] !SASCORE        C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
17:26:39.0263 0x11a0  !SASCORE - ok
17:26:39.0310 0x11a0  1394ohci - ok
17:26:39.0310 0x11a0  3ware - ok
17:26:39.0325 0x11a0  ACPI - ok
17:26:39.0325 0x11a0  AcpiDev - ok
17:26:39.0325 0x11a0  acpiex - ok
17:26:39.0341 0x11a0  acpipagr - ok
17:26:39.0341 0x11a0  AcpiPmi - ok
17:26:39.0357 0x11a0  acpitime - ok
17:26:39.0357 0x11a0  ADP80XX - ok
17:26:39.0357 0x11a0  AFD - ok
17:26:39.0372 0x11a0  ahcache - ok
17:26:39.0372 0x11a0  AJRouter - ok
17:26:39.0388 0x11a0  [ 808820DEF092FA0A6D93BAE3E5D069CD, D1F49B6D99E346242EF6A9C37D2EC9333411FBDB031BE87FE0F8CDFEC545DD89 ] AlcatelOTnet    C:\WINDOWS\system32\DRIVERS\AlcatelOTUsbnet.sys
17:26:39.0404 0x11a0  AlcatelOTnet - ok
17:26:39.0419 0x11a0  ALG - ok
17:26:39.0419 0x11a0  [ D7A72B9BA6AB996DADB37BFCB0363D63, A223684978928B59D39DFB49F6658E0CF04ADD15AD8ACFCEC384DBD4D8C8CBCA ] AMD External Events Utility C:\WINDOWS\system32\atiesrxx.exe
17:26:39.0450 0x11a0  AMD External Events Utility - ok
17:26:39.0466 0x11a0  AmdK8 - ok
17:26:39.0466 0x11a0  [ 83ADF64C5BEAC0A065D7D2811E9A79CA, C724DC6EC9CB0E93DC034054FFB79284E70502FA155EFF624E112243F6C8D8E8 ] amdkmafd        C:\WINDOWS\system32\drivers\amdkmafd.sys
17:26:39.0482 0x11a0  amdkmafd - ok
17:26:39.0482 0x11a0  amdkmdag - ok
17:26:39.0497 0x11a0  [ C14D7E5F24381BC8F333C4EB77892400, 8B8EF49D2398AF39E36EFFE6D1E0489727D5612DEFA43C71E3C7E4C0650010A5 ] amdkmdap        C:\WINDOWS\system32\DRIVERS\atikmpag.sys
17:26:39.0544 0x11a0  amdkmdap - ok
17:26:39.0544 0x11a0  AmdPPM - ok
17:26:39.0560 0x11a0  amdsata - ok
17:26:39.0560 0x11a0  amdsbs - ok
17:26:39.0560 0x11a0  amdxata - ok
17:26:39.0575 0x11a0  AppID - ok
17:26:39.0575 0x11a0  AppIDSvc - ok
17:26:39.0575 0x11a0  Appinfo - ok
17:26:39.0591 0x11a0  applockerfltr - ok
17:26:39.0591 0x11a0  AppMgmt - ok
17:26:39.0591 0x11a0  AppReadiness - ok
17:26:39.0607 0x11a0  AppVClient - ok
17:26:39.0607 0x11a0  AppvStrm - ok
17:26:39.0607 0x11a0  AppvVemgr - ok
17:26:39.0622 0x11a0  AppvVfs - ok
17:26:39.0622 0x11a0  AppXSvc - ok
17:26:39.0622 0x11a0  arcsas - ok
17:26:39.0638 0x11a0  AsyncMac - ok
17:26:39.0638 0x11a0  atapi - ok
17:26:39.0638 0x11a0  athr - ok
17:26:39.0654 0x11a0  AudioEndpointBuilder - ok
17:26:39.0654 0x11a0  Audiosrv - ok
17:26:39.0669 0x11a0  [ 14FCA1D1720A68C2D586940ABBE2DB3C, 274DB01CFD3024357602748FE36882ACE6BB3764A9FB62B2B40F9232B84A9B3E ] Avira.ServiceHost C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
17:26:39.0685 0x11a0  Avira.ServiceHost - ok
17:26:39.0700 0x11a0  AxInstSV - ok
17:26:39.0700 0x11a0  b06bdrv - ok
17:26:39.0700 0x11a0  BasicDisplay - ok
17:26:39.0716 0x11a0  BasicRender - ok
17:26:39.0716 0x11a0  bcmfn - ok
17:26:39.0732 0x11a0  bcmfn2 - ok
17:26:39.0732 0x11a0  BDESVC - ok
17:26:39.0732 0x11a0  Beep - ok
17:26:39.0747 0x11a0  BFE - ok
17:26:39.0747 0x11a0  BITS - ok
17:26:39.0747 0x11a0  bowser - ok
17:26:39.0747 0x11a0  BrokerInfrastructure - ok
17:26:39.0763 0x11a0  Browser - ok
17:26:39.0763 0x11a0  BthAvrcpTg - ok
17:26:39.0763 0x11a0  BthHFEnum - ok
17:26:39.0779 0x11a0  bthhfhid - ok
17:26:39.0794 0x11a0  BthHFSrv - ok
17:26:39.0794 0x11a0  BTHMODEM - ok
17:26:39.0810 0x11a0  bthserv - ok
17:26:39.0810 0x11a0  buttonconverter - ok
17:26:39.0825 0x11a0  CapImg - ok
17:26:39.0825 0x11a0  cdfs - ok
17:26:39.0825 0x11a0  CDPSvc - ok
17:26:39.0841 0x11a0  CDPUserSvc - ok
17:26:39.0841 0x11a0  cdrom - ok
17:26:39.0841 0x11a0  CertPropSvc - ok
17:26:39.0857 0x11a0  cht4iscsi - ok
17:26:39.0857 0x11a0  cht4vbd - ok
17:26:39.0857 0x11a0  circlass - ok
17:26:39.0872 0x11a0  CLFS - ok
17:26:39.0872 0x11a0  ClipSVC - ok
17:26:39.0872 0x11a0  clreg - ok
17:26:39.0888 0x11a0  CmBatt - ok
17:26:39.0888 0x11a0  CNG - ok
17:26:39.0904 0x11a0  cnghwassist - ok
17:26:39.0904 0x11a0  CompositeBus - ok
17:26:39.0919 0x11a0  COMSysApp - ok
17:26:39.0919 0x11a0  condrv - ok
17:26:39.0935 0x11a0  CoreMessagingRegistrar - ok
17:26:39.0935 0x11a0  CryptSvc - ok
17:26:39.0935 0x11a0  CSC - ok
17:26:39.0951 0x11a0  CscService - ok
17:26:39.0951 0x11a0  dam - ok
17:26:39.0966 0x11a0  DcomLaunch - ok
17:26:39.0966 0x11a0  DcpSvc - ok
17:26:39.0966 0x11a0  defragsvc - ok
17:26:39.0966 0x11a0  DeviceAssociationService - ok
17:26:39.0982 0x11a0  DeviceInstall - ok
17:26:39.0982 0x11a0  DevQueryBroker - ok
17:26:39.0982 0x11a0  Dfsc - ok
17:26:39.0997 0x11a0  [ 73BDD44A6088916964945886F9025409, 8E2ECC9AAEF3C6EBA2E61D25F657FDFCC72AB517CC4FD5FFF992E1F9EB942662 ] dg_ssudbus      C:\WINDOWS\system32\DRIVERS\ssudbus.sys
17:26:40.0013 0x11a0  dg_ssudbus - ok
17:26:40.0013 0x11a0  Dhcp - ok
17:26:40.0013 0x11a0  diagnosticshub.standardcollector.service - ok
17:26:40.0029 0x11a0  DiagTrack - ok
17:26:40.0029 0x11a0  disk - ok
17:26:40.0044 0x11a0  DmEnrollmentSvc - ok
17:26:40.0044 0x11a0  dmvsc - ok
17:26:40.0044 0x11a0  dmwappushservice - ok
17:26:40.0044 0x11a0  Dnscache - ok
17:26:40.0060 0x11a0  dot3svc - ok
17:26:40.0060 0x11a0  DPS - ok
17:26:40.0075 0x11a0  drmkaud - ok
17:26:40.0075 0x11a0  DsmSvc - ok
17:26:40.0075 0x11a0  DsSvc - ok
17:26:40.0091 0x11a0  [ 33F90B202E9DD9B7D489EB59310FDC34, 6ECF6669433E090E9CF6B1875AF18D2C06F8CDB3901D58BF89C3E2202574ABBD ] dtsoftbus01    C:\WINDOWS\System32\drivers\dtsoftbus01.sys
17:26:40.0107 0x11a0  dtsoftbus01 - ok
17:26:40.0107 0x11a0  DXGKrnl - ok
17:26:40.0122 0x11a0  EapHost - ok
17:26:40.0122 0x11a0  ebdrv - ok
17:26:40.0122 0x11a0  EFS - ok
17:26:40.0138 0x11a0  EhStorClass - ok
17:26:40.0138 0x11a0  EhStorTcgDrv - ok
17:26:40.0138 0x11a0  embeddedmode - ok
17:26:40.0154 0x11a0  EntAppSvc - ok
17:26:40.0154 0x11a0  [ 9EAFB3B3B60B8AD958985152A9309ACA, EC58F487D50A125DA3F747670282EA2104580CCAAF709EA494B61C7549576AE6 ] epmntdrv        C:\Windows\system32\epmntdrv.sys
17:26:40.0169 0x11a0  epmntdrv - detected UnsignedFile.Multi.Generic ( 1 )
17:26:40.0263 0x11a0  epmntdrv ( UnsignedFile.Multi.Generic ) - warning
17:26:40.0279 0x11a0  ErrDev - ok
17:26:40.0279 0x11a0  [ FB949ED2C93C878A189039F3D7730942, 857AFB9965F14C80C21948C05A44D37948BD206961101DFF087735D6A7CCAA8A ] EuGdiDrv        C:\Windows\system32\EuGdiDrv.sys
17:26:40.0294 0x11a0  EuGdiDrv - detected UnsignedFile.Multi.Generic ( 1 )
17:26:40.0294 0x11a0  EuGdiDrv ( UnsignedFile.Multi.Generic ) - warning
17:26:40.0294 0x11a0  Force sending object to P2P due to detect: EuGdiDrv
17:26:40.0294 0x11a0  Object send P2P result: false
17:26:40.0294 0x11a0  EventSystem - ok
17:26:40.0310 0x11a0  [ CA2E486FE6212FFD5FD171AC1A0B17BE, 4534A8496C8044F4DF3573B4021391327BE3BED026BC5CD1A35A5708651A9E1D ] ewusbmbb        C:\WINDOWS\system32\DRIVERS\ewusbwwan.sys
17:26:40.0341 0x11a0  ewusbmbb - ok
17:26:40.0357 0x11a0  [ 86F7951BBCEE4A86E79A97306BD14318, 84B52A0392DA53ED71A2C4D483DD93DDF552BF8AC764C7BD47BE0EB58C7C8219 ] ew_hwusbdev    C:\WINDOWS\system32\DRIVERS\ew_hwusbdev.sys
17:26:40.0372 0x11a0  ew_hwusbdev - ok
17:26:40.0372 0x11a0  exfat - ok
17:26:40.0388 0x11a0  fastfat - ok
17:26:40.0388 0x11a0  Fax - ok
17:26:40.0388 0x11a0  fdc - ok
17:26:40.0404 0x11a0  fdPHost - ok
17:26:40.0404 0x11a0  FDResPub - ok
17:26:40.0404 0x11a0  fhsvc - ok
17:26:40.0419 0x11a0  FileCrypt - ok
17:26:40.0419 0x11a0  FileInfo - ok
17:26:40.0419 0x11a0  Filetrace - ok
17:26:40.0435 0x11a0  flpydisk - ok
17:26:40.0435 0x11a0  FltMgr - ok
17:26:40.0435 0x11a0  FontCache - ok
17:26:40.0450 0x11a0  FontCache3.0.0.0 - ok
17:26:40.0482 0x11a0  [ B3A740CF5841D2087F2A8ACBAD9CA9AD, 587D966D8FF6A6704E8367B470B4F6CA5F6A29A25E960C718E9AB51899D53DD1 ] FoxitReaderService C:\Program Files (x86)\FOXIT SOFTWARE\FOXIT READER\FoxitConnectedPDFService.exe
17:26:40.0529 0x11a0  FoxitReaderService - ok
17:26:40.0544 0x11a0  FrameServer - ok
17:26:40.0544 0x11a0  FsDepends - ok
17:26:40.0544 0x11a0  Fs_Rec - ok
17:26:40.0560 0x11a0  fvevol - ok
17:26:40.0560 0x11a0  gencounter - ok
17:26:40.0575 0x11a0  genericusbfn - ok
17:26:40.0575 0x11a0  GPIOClx0101 - ok
17:26:40.0575 0x11a0  gpsvc - ok
17:26:40.0575 0x11a0  GpuEnergyDrv - ok
17:26:40.0591 0x11a0  [ A8FD9222E4D72596BB37DA8BE95C0BA4, 52FC3AA9F704300041E486E57FE863218E4CDF4C8EEE05CA6B99A296EFEE5737 ] gupdate        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
17:26:40.0607 0x11a0  gupdate - ok
17:26:40.0607 0x11a0  [ A8FD9222E4D72596BB37DA8BE95C0BA4, 52FC3AA9F704300041E486E57FE863218E4CDF4C8EEE05CA6B99A296EFEE5737 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
17:26:40.0622 0x11a0  gupdatem - ok
17:26:40.0622 0x11a0  HdAudAddService - ok
17:26:40.0638 0x11a0  HDAudBus - ok
17:26:40.0638 0x11a0  [ B6AC71AAA2B10848F57FC49D55A651AF, 4FAD833654E86F9FAF972AC8AF87FD4A9A765B26B96F096BBD63506B5D521A91 ] HECIx64        C:\WINDOWS\System32\drivers\HECIx64.sys
17:26:40.0654 0x11a0  HECIx64 - ok
17:26:40.0654 0x11a0  HidBatt - ok
17:26:40.0669 0x11a0  HidBth - ok
17:26:40.0669 0x11a0  hidi2c - ok
17:26:40.0669 0x11a0  hidinterrupt - ok
17:26:40.0685 0x11a0  HidIr - ok
17:26:40.0685 0x11a0  hidserv - ok
17:26:40.0685 0x11a0  HidUsb - ok
17:26:40.0701 0x11a0  HomeGroupListener - ok
17:26:40.0701 0x11a0  HomeGroupProvider - ok
17:26:40.0701 0x11a0  HpSAMD - ok
17:26:40.0716 0x11a0  HTTP - ok
17:26:40.0716 0x11a0  [ 1642C62F1FD5E1FF44608283994A7BB8, 4646AA0EF74A2AEE6C17D12206FCFE1E84D6FA712AD95A171F16D11BC9D3F11A ] huawei_enumerator C:\WINDOWS\System32\drivers\ew_jubusenum.sys
17:26:40.0732 0x11a0  huawei_enumerator - ok
17:26:40.0747 0x11a0  HvHost - ok
17:26:40.0747 0x11a0  hvservice - ok
17:26:40.0747 0x11a0  HWDeviceService64.exe - ok
17:26:40.0763 0x11a0  hwpolicy - ok
17:26:40.0763 0x11a0  hyperkbd - ok
17:26:40.0763 0x11a0  i8042prt - ok
17:26:40.0779 0x11a0  iagpio - ok
17:26:40.0779 0x11a0  iai2c - ok
17:26:40.0779 0x11a0  iaLPSS2i_GPIO2 - ok
17:26:40.0794 0x11a0  iaLPSS2i_I2C - ok
17:26:40.0794 0x11a0  iaLPSSi_GPIO - ok
17:26:40.0794 0x11a0  iaLPSSi_I2C - ok
17:26:40.0810 0x11a0  iaStorAV - ok
17:26:40.0810 0x11a0  iaStorV - ok
17:26:40.0810 0x11a0  ibbus - ok
17:26:40.0826 0x11a0  icssvc - ok
17:26:40.0826 0x11a0  IKEEXT - ok
17:26:40.0826 0x11a0  [ DD587A55390ED2295BCE6D36AD567DA9, AEB7DCB8EF89BEE8D9649A05FC482B1E4E3F44243D57A2577C862EB69166C48E ] Impcd          C:\WINDOWS\System32\drivers\Impcd.sys
17:26:40.0857 0x11a0  Impcd - ok
17:26:40.0857 0x11a0  IndirectKmd - ok
17:26:40.0904 0x11a0  [ 1A6241B70453A6629A83DB942AA6B08C, EF93785E20E18BF36F667E35F89BBF2A17C86F57E2D17D077F5031CE70E9DC9D ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RTKVHD64.sys
17:26:40.0966 0x11a0  IntcAzAudAddService - ok
17:26:40.0966 0x11a0  intelide - ok
17:26:40.0966 0x11a0  intelpep - ok
17:26:40.0982 0x11a0  intelppm - ok
17:26:40.0982 0x11a0  iorate - ok
17:26:40.0997 0x11a0  IpFilterDriver - ok
17:26:40.0997 0x11a0  iphlpsvc - ok
17:26:40.0997 0x11a0  IPMIDRV - ok
17:26:40.0997 0x11a0  IPNAT - ok
17:26:41.0013 0x11a0  irda - ok
17:26:41.0013 0x11a0  IRENUM - ok
17:26:41.0013 0x11a0  irmon - ok
17:26:41.0029 0x11a0  isapnp - ok
17:26:41.0029 0x11a0  iScsiPrt - ok
17:26:41.0029 0x11a0  [ 5678EC677028221EC5C815BCD07AB697, 02FD1A0290A9A17823D24A0E55D4AB35C3F939C986AB8BB54C6248287466FE0D ] jrdusbser      C:\WINDOWS\system32\DRIVERS\jrdusbser.sys
17:26:41.0060 0x11a0  jrdusbser - ok
17:26:41.0060 0x11a0  Juqokchukity - ok
17:26:41.0060 0x11a0  kbdclass - ok
17:26:41.0060 0x11a0  kbdhid - ok
17:26:41.0076 0x11a0  kdnic - ok
17:26:41.0076 0x11a0  KeyIso - ok
17:26:41.0091 0x11a0  KSecDD - ok
17:26:41.0091 0x11a0  KSecPkg - ok
17:26:41.0091 0x11a0  ksthunk - ok
17:26:41.0091 0x11a0  KtmRm - ok
17:26:41.0107 0x11a0  LanmanServer - ok
17:26:41.0107 0x11a0  LanmanWorkstation - ok
17:26:41.0122 0x11a0  lfsvc - ok
17:26:41.0122 0x11a0  LicenseManager - ok
17:26:41.0122 0x11a0  lltdio - ok
17:26:41.0122 0x11a0  lltdsvc - ok
17:26:41.0138 0x11a0  lmhosts - ok
17:26:41.0138 0x11a0  LSI_SAS - ok
17:26:41.0138 0x11a0  LSI_SAS2i - ok
17:26:41.0154 0x11a0  LSI_SAS3i - ok
17:26:41.0154 0x11a0  LSI_SSS - ok
17:26:41.0154 0x11a0  LSM - ok
17:26:41.0169 0x11a0  luafv - ok
17:26:41.0169 0x11a0  [ A0A527569856B9814E8920F52EBB67F5, 4347277C84B47E4CC048850BDEFB258CFB3B476AA99FD503FD71FBB70FFF5ACF ] LVRS64          C:\WINDOWS\system32\DRIVERS\lvrs64.sys
17:26:41.0201 0x11a0  LVRS64 - ok
17:26:41.0294 0x11a0  [ 415E344294D1C0D04627B29146F68481, B4A1A05BDF07E8F226A98E51F62BE18BE2C046A084C495BD8A95CABC79FD0614 ] LVUVC64        C:\WINDOWS\system32\DRIVERS\lvuvc64.sys
17:26:41.0404 0x11a0  LVUVC64 - ok
17:26:41.0419 0x11a0  MapsBroker - ok
17:26:41.0435 0x11a0  [ 3BEC6134F1E45AEF5E971F69F0D38510, 245D7CEEB6561166EE0472551D39A9D3CFDDA52A6BF2E924AB243CCA7FBC9009 ] MBAMChameleon  C:\WINDOWS\system32\drivers\MBAMChameleon.sys
17:26:41.0451 0x11a0  MBAMChameleon - ok
17:26:41.0451 0x11a0  [ 88BD122C3A35DE63D75D382DF75554CE, ABDF59543CAD186A6ED4E66257205D9CF5047732A5DA74A96A28B468B41BC396 ] MBAMProtection  C:\WINDOWS\system32\drivers\mbam.sys
17:26:41.0466 0x11a0  MBAMProtection - ok
17:26:41.0560 0x11a0  [ 28E521A6ABA9DE062A3719452816F495, B312A37DA052229DFB19353170CD5828582F8AC6426E857CA7C8ACA0DD91C160 ] MBAMService    C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
17:26:41.0669 0x11a0  MBAMService - ok
17:26:41.0685 0x11a0  megasas - ok
17:26:41.0685 0x11a0  megasas2i - ok
17:26:41.0685 0x11a0  megasr - ok
17:26:41.0701 0x11a0  MessagingService - ok
17:26:41.0701 0x11a0  mlx4_bus - ok
17:26:41.0716 0x11a0  MMCSS - ok
17:26:41.0716 0x11a0  [ 1CE0621B591913C12BECAA5B50E88BB2, 115068C57570140C9389BD923A4E68236ACEBB4F733DA09D05AEEDAD7317AB46 ] Mobile Partner. RunOuc C:\Program Files (x86)\Mobile Partner\UpdateDog\ouc.exe
17:26:41.0732 0x11a0  Mobile Partner. RunOuc - ok
17:26:41.0747 0x11a0  Modem - ok
17:26:41.0747 0x11a0  monitor - ok
17:26:41.0747 0x11a0  mouclass - ok
17:26:41.0763 0x11a0  mouhid - ok
17:26:41.0763 0x11a0  mountmgr - ok
17:26:41.0763 0x11a0  mpsdrv - ok
17:26:41.0779 0x11a0  MpsSvc - ok
17:26:41.0779 0x11a0  MRxDAV - ok
17:26:41.0779 0x11a0  mrxsmb - ok
17:26:41.0794 0x11a0  mrxsmb10 - ok
17:26:41.0794 0x11a0  mrxsmb20 - ok
17:26:41.0794 0x11a0  MsBridge - ok
17:26:41.0794 0x11a0  MSDTC - ok
17:26:41.0810 0x11a0  Msfs - ok
17:26:41.0810 0x11a0  msgpiowin32 - ok
17:26:41.0826 0x11a0  mshidkmdf - ok
17:26:41.0826 0x11a0  mshidumdf - ok
17:26:41.0826 0x11a0  msisadrv - ok
17:26:41.0841 0x11a0  MSiSCSI - ok
17:26:41.0841 0x11a0  msiserver - ok
17:26:41.0841 0x11a0  MSKSSRV - ok
17:26:41.0841 0x11a0  MsLldp - ok
17:26:41.0857 0x11a0  MSPCLOCK - ok
17:26:41.0857 0x11a0  MSPQM - ok
17:26:41.0857 0x11a0  MsRPC - ok
17:26:41.0872 0x11a0  MsSecFlt - ok
17:26:41.0872 0x11a0  mssmbios - ok
17:26:41.0872 0x11a0  MSTEE - ok
17:26:41.0888 0x11a0  MTConfig - ok
17:26:41.0888 0x11a0  Mup - ok
17:26:41.0888 0x11a0  mvumis - ok
17:26:41.0904 0x11a0  NativeWifiP - ok
17:26:41.0919 0x11a0  [ E0E4A1F81A7D69C595A8A9DDAD084C19, 8F55F3637AE8BFFB0ACE37AFC5122026525137E0B2923899B779C1BD08DF0E22 ] NAUpdate        C:\Program Files (x86)\Nero\Update\NASvc.exe
17:26:41.0951 0x11a0  NAUpdate - ok
17:26:41.0951 0x11a0  NcaSvc - ok
17:26:41.0951 0x11a0  NcbService - ok
17:26:41.0966 0x11a0  NcdAutoSetup - ok
17:26:41.0966 0x11a0  ndfltr - ok
17:26:41.0966 0x11a0  NDIS - ok
17:26:41.0982 0x11a0  NdisCap - ok
17:26:41.0982 0x11a0  NdisImPlatform - ok
17:26:41.0982 0x11a0  NdisTapi - ok
17:26:41.0997 0x11a0  Ndisuio - ok
17:26:41.0997 0x11a0  NdisVirtualBus - ok
17:26:41.0997 0x11a0  NdisWan - ok
17:26:42.0013 0x11a0  ndiswanlegacy - ok
17:26:42.0013 0x11a0  ndproxy - ok
17:26:42.0013 0x11a0  Ndu - ok
17:26:42.0029 0x11a0  NetAdapterCx - ok
17:26:42.0029 0x11a0  NetBIOS - ok
17:26:42.0029 0x11a0  NetBT - ok
17:26:42.0044 0x11a0  Netlogon - ok
17:26:42.0044 0x11a0  Netman - ok
17:26:42.0044 0x11a0  netprofm - ok
17:26:42.0044 0x11a0  NetSetupSvc - ok
17:26:42.0060 0x11a0  NetTcpPortSharing - ok
17:26:42.0060 0x11a0  NgcCtnrSvc - ok
17:26:42.0076 0x11a0  NgcSvc - ok
17:26:42.0076 0x11a0  NlaSvc - ok
17:26:42.0076 0x11a0  [ DE7FCC77F4A503AF4CA6A47D49B3713D, 4BFAA99393F635CD05D91A64DE73EDB5639412C129E049F0FE34F88517A10FC6 ] npf            C:\WINDOWS\system32\drivers\npf.sys
17:26:42.0091 0x11a0  npf - ok
17:26:42.0091 0x11a0  Npfs - ok
17:26:42.0107 0x11a0  npsvctrig - ok
17:26:42.0107 0x11a0  nsi - ok
17:26:42.0107 0x11a0  nsiproxy - ok
17:26:42.0122 0x11a0  NTFS - ok
17:26:42.0122 0x11a0  Null - ok
17:26:42.0138 0x11a0  [ B01C1E6D7477961D6D1CBDCD44AF3E67, 407BD335FE7C87DFBD9EDE49BDD828263D8C8D25C8216FF04AC70320E74AE8B6 ] nusb3hub        C:\WINDOWS\System32\drivers\nusb3hub.sys
17:26:42.0154 0x11a0  nusb3hub - ok
17:26:42.0154 0x11a0  nvraid - ok
17:26:42.0169 0x11a0  nvstor - ok
17:26:42.0169 0x11a0  OneSyncSvc - ok
17:26:42.0185 0x11a0  [ 11E0B35479C895888BA3D7F619DCFFF3, 6ED82C19898101EC00BD64A9F90595C3D20AD2D2902AA8765B740FB3B9312DDF ] ose64          C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:26:42.0201 0x11a0  ose64 - ok
17:26:42.0201 0x11a0  p2pimsvc - ok
17:26:42.0216 0x11a0  p2psvc - ok
17:26:42.0216 0x11a0  Parport - ok
17:26:42.0232 0x11a0  partmgr - ok
17:26:42.0232 0x11a0  PcaSvc - ok
17:26:42.0232 0x11a0  pci - ok
17:26:42.0247 0x11a0  pciide - ok
17:26:42.0247 0x11a0  pcmcia - ok
17:26:42.0247 0x11a0  pcw - ok
17:26:42.0263 0x11a0  pdc - ok
17:26:42.0263 0x11a0  PEAUTH - ok
17:26:42.0263 0x11a0  PeerDistSvc - ok
17:26:42.0279 0x11a0  percsas2i - ok
17:26:42.0279 0x11a0  percsas3i - ok
17:26:42.0294 0x11a0  PerfHost - ok
17:26:42.0310 0x11a0  PhoneSvc - ok
17:26:42.0310 0x11a0  PimIndexMaintenanceSvc - ok
17:26:42.0310 0x11a0  pla - ok
17:26:42.0326 0x11a0  PlugPlay - ok
17:26:42.0326 0x11a0  PnkBstrA - ok
17:26:42.0326 0x11a0  PnkBstrB - ok
17:26:42.0341 0x11a0  PNRPAutoReg - ok
17:26:42.0341 0x11a0  PNRPsvc - ok
17:26:42.0341 0x11a0  PolicyAgent - ok
17:26:42.0357 0x11a0  Power - ok
17:26:42.0357 0x11a0  PptpMiniport - ok
17:26:42.0435 0x11a0  [ 7196D3C2E2E3129814C8DAB91F9A7D1E, 6763E4BF8E846B597E78778E520F5BADC95608BAA4EA0AC84971384B5D976DD7 ] PrintNotify    C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll
17:26:42.0576 0x11a0  PrintNotify - ok
17:26:42.0591 0x11a0  Processor - ok
17:26:42.0591 0x11a0  ProfSvc - ok
17:26:42.0607 0x11a0  Psched - ok
17:26:42.0607 0x11a0  [ C32ECB99AD25E9A04F01C8665DF29EF8, 0489B3DEC6A33E50D8A48A8DAD3F5B923A81F7300E4A71358D90D2879BAC9AA2 ] pwdrvio        C:\Windows\system32\pwdrvio.sys
17:26:42.0622 0x11a0  pwdrvio - ok
17:26:42.0638 0x11a0  [ D619356B955EEFA642F5FF72755E8B3C, 1FD54978A77ACD6FBF1236E177ED074894743A9141E4169FE9AFE28680FC93C5 ] pwdspio        C:\Windows\system32\pwdspio.sys
17:26:42.0654 0x11a0  pwdspio - ok
17:26:42.0654 0x11a0  QWAVE - ok
17:26:42.0669 0x11a0  QWAVEdrv - ok
17:26:42.0669 0x11a0  RasAcd - ok
17:26:42.0669 0x11a0  RasAgileVpn - ok
17:26:42.0685 0x11a0  RasAuto - ok
17:26:42.0685 0x11a0  Rasl2tp - ok
17:26:42.0685 0x11a0  RasMan - ok
17:26:42.0701 0x11a0  RasPppoe - ok
17:26:42.0701 0x11a0  RasSstp - ok
17:26:42.0701 0x11a0  rdbss - ok
17:26:42.0716 0x11a0  rdpbus - ok
17:26:42.0716 0x11a0  RDPDR - ok
17:26:42.0716 0x11a0  RdpVideoMiniport - ok
17:26:42.0732 0x11a0  rdyboost - ok
17:26:42.0732 0x11a0  ReFSv1 - ok
17:26:42.0747 0x11a0  RemoteAccess - ok
17:26:42.0747 0x11a0  RemoteRegistry - ok
17:26:42.0747 0x11a0  RetailDemo - ok
17:26:42.0763 0x11a0  [ 5CA4ABD888B602551B59BAA26941C167, F6FC0F828153E07EAFFAB6E11556DA23A5F6D9FC063E36947B1AC73E7E7E705E ] rimspci        C:\WINDOWS\System32\drivers\rimssne64.sys
17:26:42.0779 0x11a0  rimspci - ok
17:26:42.0779 0x11a0  [ BB6E138AEB351728959DA5E2731D8140, E6656869A03380EB96A31E4E5FF4D565916EB0A7ED334330D2DD039390441D15 ] risdsnpe        C:\WINDOWS\System32\drivers\risdsne64.sys
17:26:42.0794 0x11a0  risdsnpe - ok
17:26:42.0810 0x11a0  RmSvc - ok
17:26:42.0810 0x11a0  RpcEptMapper - ok
17:26:42.0810 0x11a0  RpcLocator - ok
17:26:42.0826 0x11a0  RpcSs - ok
17:26:42.0826 0x11a0  rspndr - ok
17:26:42.0841 0x11a0  [ 7421A35C45484B95E83B5E9E107CEFC2, 128BB6A7552B9D57284056FB8946A6FE3C620F7B706F709F896828304A6FCD77 ] RTHDMIAzAudService C:\WINDOWS\system32\drivers\RtHDMIVX.sys
17:26:42.0857 0x11a0  RTHDMIAzAudService - ok
17:26:42.0857 0x11a0  s3cap - ok
17:26:42.0857 0x11a0  SamSs - ok
17:26:42.0873 0x11a0  [ 3289766038DB2CB14D07DC84392138D5, A7790B787690CC1A8B97E4532090C5295350A836A9474DEA74CEB3E81CF26124 ] SASDIFSV        C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
17:26:42.0873 0x11a0  SASDIFSV - ok
17:26:42.0888 0x11a0  [ 58A38E75F3316A83C23DF6173D41F2B5, B0A8CDA1D164B7534FB41AB80792861384709BF0F914F44553275CF20194F1A1 ] SASKUTIL        C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
17:26:42.0888 0x11a0  SASKUTIL - ok
17:26:42.0904 0x11a0  sbp2port - ok
17:26:42.0904 0x11a0  SCardSvr - ok
17:26:42.0904 0x11a0  ScDeviceEnum - ok
17:26:42.0919 0x11a0  scfilter - ok
17:26:42.0919 0x11a0  Schedule - ok
17:26:42.0919 0x11a0  scmbus - ok
17:26:42.0935 0x11a0  scmdisk0101 - ok
17:26:42.0935 0x11a0  SCPolicySvc - ok
17:26:42.0935 0x11a0  sdbus - ok
17:26:42.0951 0x11a0  SDRSVC - ok
17:26:42.0951 0x11a0  sdstor - ok
17:26:42.0951 0x11a0  seclogon - ok
17:26:42.0966 0x11a0  SENS - ok
17:26:42.0966 0x11a0  Sense - ok
17:26:42.0966 0x11a0  SensorDataService - ok
17:26:42.0982 0x11a0  SensorService - ok
17:26:42.0982 0x11a0  SensrSvc - ok
17:26:42.0982 0x11a0  SerCx - ok
17:26:42.0997 0x11a0  SerCx2 - ok
17:26:42.0997 0x11a0  Serenum - ok
17:26:42.0997 0x11a0  Serial - ok
17:26:42.0997 0x11a0  sermouse - ok
17:26:43.0013 0x11a0  SessionEnv - ok
17:26:43.0013 0x11a0  [ 70F9C476B62DE4F2823E918A6C181ADE, E1A641418A6CB4FA38BB29B86934838B28D8909B8066E5089D85BF72FD61F4C4 ] SFEP            C:\WINDOWS\System32\drivers\SFEP.sys
17:26:43.0029 0x11a0  SFEP - ok
17:26:43.0044 0x11a0  sfloppy - ok
17:26:43.0044 0x11a0  SharedAccess - ok
17:26:43.0044 0x11a0  ShellHWDetection - ok
17:26:43.0060 0x11a0  shpamsvc - ok
17:26:43.0060 0x11a0  SiSRaid2 - ok
17:26:43.0076 0x11a0  SiSRaid4 - ok
17:26:43.0076 0x11a0  [ F3AAB7DF6408431C762D8721B68F46E4, 56ED764AA660955B8B06322703D086B3A52106625A83CCAF195B08BCBDEDA88F ] SkypeUpdate    C:\Program Files (x86)\Skype\Updater\Updater.exe
17:26:43.0107 0x11a0  SkypeUpdate - ok
17:26:43.0107 0x11a0  smphost - ok
17:26:43.0107 0x11a0  SmsRouter - ok
17:26:43.0122 0x11a0  SNMPTRAP - ok
17:26:43.0122 0x11a0  spaceport - ok
17:26:43.0138 0x11a0  Sparhandy_Germany Silverstone Modem Device Helper - ok
17:26:43.0138 0x11a0  SpbCx - ok
17:26:43.0154 0x11a0  [ 0FFE35F0B0CD5A324BBE22F02569AE3B, F4EE803EEFDB4EAEEDB3024C3516F1F9A202C77F4870D6B74356BBDE32B3B560 ] speedfan        C:\Windows\SysWOW64\speedfan.sys
17:26:43.0169 0x11a0  speedfan - ok
17:26:43.0185 0x11a0  Spooler - ok
17:26:43.0185 0x11a0  sppsvc - ok
17:26:43.0185 0x11a0  srv - ok
17:26:43.0201 0x11a0  srv2 - ok
17:26:43.0201 0x11a0  srvnet - ok
17:26:43.0216 0x11a0  SSDPSRV - ok
17:26:43.0216 0x11a0  SstpSvc - ok
17:26:43.0232 0x11a0  [ 5252D7BC56E5E0ED715AEA8FE173A455, 1408B3E98B35A449434718777EE70595F0D306197A428279C6281D2F1953F259 ] ssudmdm        C:\WINDOWS\system32\DRIVERS\ssudmdm.sys
17:26:43.0232 0x11a0  ssudmdm - ok
17:26:43.0247 0x11a0  StateRepository - ok
17:26:43.0247 0x11a0  stexstor - ok
17:26:43.0247 0x11a0  stisvc - ok
17:26:43.0263 0x11a0  storahci - ok
17:26:43.0263 0x11a0  storflt - ok
17:26:43.0263 0x11a0  stornvme - ok
17:26:43.0279 0x11a0  storqosflt - ok
17:26:43.0279 0x11a0  StorSvc - ok
17:26:43.0279 0x11a0  storufs - ok
17:26:43.0294 0x11a0  storvsc - ok
17:26:43.0294 0x11a0  svsvc - ok
17:26:43.0294 0x11a0  swenum - ok
17:26:43.0310 0x11a0  swprv - ok
17:26:43.0310 0x11a0  Synth3dVsc - ok
17:26:43.0310 0x11a0  SysMain - ok
17:26:43.0326 0x11a0  SystemEventsBroker - ok
17:26:43.0326 0x11a0  TabletInputService - ok
17:26:43.0326 0x11a0  [ 3C32FF010F869BC184DF71290477384E, 55CFCEC7F026C6E2E96A2FBE846AB513BB12BB0348735274FE1B71AF019C837B ] tap0901        C:\WINDOWS\System32\drivers\tap0901.sys
17:26:43.0341 0x11a0  tap0901 - ok
17:26:43.0357 0x11a0  TapiSrv - ok
17:26:43.0357 0x11a0  Tcpip - ok
17:26:43.0357 0x11a0  Tcpip6 - ok
17:26:43.0373 0x11a0  tcpipreg - ok
17:26:43.0373 0x11a0  tdx - ok
17:26:43.0388 0x11a0  terminpt - ok
17:26:43.0388 0x11a0  TermService - ok
17:26:43.0388 0x11a0  Themes - ok
17:26:43.0404 0x11a0  TieringEngineService - ok
17:26:43.0404 0x11a0  tiledatamodelsvc - ok
17:26:43.0404 0x11a0  TimeBrokerSvc - ok
17:26:43.0419 0x11a0  TPM - ok
17:26:43.0419 0x11a0  TrkWks - ok
17:26:43.0419 0x11a0  TrustedInstaller - ok
17:26:43.0435 0x11a0  tsusbflt - ok
17:26:43.0435 0x11a0  TsUsbGD - ok
17:26:43.0451 0x11a0  tsusbhub - ok
17:26:43.0451 0x11a0  tunnel - ok
17:26:43.0451 0x11a0  tzautoupdate - ok
17:26:43.0466 0x11a0  UASPStor - ok
17:26:43.0466 0x11a0  [ 209F5CEAAAFE601851E7B40902FC230D, B7BFD753DF9EA1AD6D6BD8FB47F24E79FA84208E7A66C88B934C3A13B087901D ] ucdrv          C:\WINDOWS\System32\drivers:ucdrv-x64.sys
17:26:43.0482 0x11a0  Suspicious file ( Hidden ): C:\WINDOWS\System32\drivers:ucdrv-x64.sys. md5: 209F5CEAAAFE601851E7B40902FC230D, sha256: B7BFD753DF9EA1AD6D6BD8FB47F24E79FA84208E7A66C88B934C3A13B087901D
17:26:43.0482 0x11a0  ucdrv - detected HiddenFile.Multi.Generic ( 1 )
17:26:43.0482 0x11a0  ucdrv ( HiddenFile.Multi.Generic ) - warning
17:26:43.0482 0x11a0  Force sending object to P2P due to detect: ucdrv
17:26:43.0482 0x11a0  Object send P2P result: false
17:26:43.0482 0x11a0  UcmCx0101 - ok
17:26:43.0497 0x11a0  UcmTcpciCx0101 - ok
17:26:43.0497 0x11a0  UcmUcsi - ok
17:26:43.0497 0x11a0  Ucx01000 - ok
17:26:43.0513 0x11a0  UdeCx - ok
17:26:43.0513 0x11a0  udfs - ok
17:26:43.0513 0x11a0  UEFI - ok
17:26:43.0529 0x11a0  UevAgentDriver - ok
17:26:43.0529 0x11a0  UevAgentService - ok
17:26:43.0529 0x11a0  Ufx01000 - ok
17:26:43.0544 0x11a0  UfxChipidea - ok
17:26:43.0544 0x11a0  ufxsynopsys - ok
17:26:43.0560 0x11a0  UI0Detect - ok
17:26:43.0560 0x11a0  umbus - ok
17:26:43.0560 0x11a0  UmPass - ok
17:26:43.0576 0x11a0  UmRdpService - ok
17:26:43.0576 0x11a0  UnistoreSvc - ok
17:26:43.0591 0x11a0  [ 9DC07E73A4ABB9ACF692113B36A5009F, CA7176FC219515D58DCFA66EC61880ECE5617275C9B83701BB74D8B60E733D34 ] UnlockerDriver5 C:\Program Files\Unlocker\UnlockerDriver5.sys
17:26:43.0591 0x11a0  UnlockerDriver5 - ok
17:26:43.0607 0x11a0  upnphost - ok
17:26:43.0607 0x11a0  UrsChipidea - ok
17:26:43.0623 0x11a0  UrsCx01000 - ok
17:26:43.0623 0x11a0  UrsSynopsys - ok
17:26:43.0638 0x11a0  [ 55020D37C29F05D583A76F20127B4FD7, 9BFB5F16D5C15ADF3ECB8769B66F443250497F6A2F58FA74954EC64EF2F6C33E ] USB28xxBGA      C:\WINDOWS\system32\DRIVERS\emBDA64.sys
17:26:43.0669 0x11a0  USB28xxBGA - ok
17:26:43.0685 0x11a0  [ D7940283C43E440FCF83AB55B85689C9, C41DD0E5CE66328694047FF468BBBB3D35FBB9CB41A249202A05DB411EFEEFB1 ] USB28xxOEM      C:\WINDOWS\system32\DRIVERS\emOEM64.sys
17:26:43.0701 0x11a0  USB28xxOEM - ok
17:26:43.0701 0x11a0  usbaudio - ok
17:26:43.0716 0x11a0  usbccgp - ok
17:26:43.0716 0x11a0  usbcir - ok
17:26:43.0716 0x11a0  usbehci - ok
17:26:43.0732 0x11a0  usbhub - ok
17:26:43.0732 0x11a0  USBHUB3 - ok
17:26:43.0732 0x11a0  usbohci - ok
17:26:43.0748 0x11a0  usbprint - ok
17:26:43.0748 0x11a0  usbscan - ok
17:26:43.0748 0x11a0  usbser - ok
17:26:43.0763 0x11a0  USBSTOR - ok
17:26:43.0763 0x11a0  usbuhci - ok
17:26:43.0763 0x11a0  usbvideo - ok
17:26:43.0779 0x11a0  USBXHCI - ok
17:26:43.0779 0x11a0  UserDataSvc - ok
17:26:43.0794 0x11a0  UserManager - ok
17:26:43.0794 0x11a0  UsoSvc - ok
17:26:43.0794 0x11a0  VaultSvc - ok
17:26:43.0810 0x11a0  vdrvroot - ok
17:26:43.0810 0x11a0  vds - ok
17:26:43.0810 0x11a0  VerifierExt - ok
17:26:43.0826 0x11a0  vhdmp - ok
17:26:43.0826 0x11a0  vhf - ok
17:26:43.0826 0x11a0  vmbus - ok
17:26:43.0841 0x11a0  VMBusHID - ok
17:26:43.0841 0x11a0  vmgid - ok
17:26:43.0841 0x11a0  vmicguestinterface - ok
17:26:43.0857 0x11a0  vmicheartbeat - ok
17:26:43.0857 0x11a0  vmickvpexchange - ok
17:26:43.0857 0x11a0  vmicrdv - ok
17:26:43.0873 0x11a0  vmicshutdown - ok
17:26:43.0873 0x11a0  vmictimesync - ok
17:26:43.0873 0x11a0  vmicvmsession - ok
17:26:43.0888 0x11a0  vmicvss - ok
17:26:43.0888 0x11a0  volmgr - ok
17:26:43.0888 0x11a0  volmgrx - ok
17:26:43.0904 0x11a0  volsnap - ok
17:26:43.0904 0x11a0  volume - ok
17:26:43.0904 0x11a0  vpci - ok
17:26:43.0919 0x11a0  vsmraid - ok
17:26:43.0919 0x11a0  VSS - ok
17:26:43.0919 0x11a0  VSTXRAID - ok
17:26:43.0935 0x11a0  vwifibus - ok
17:26:43.0935 0x11a0  vwififlt - ok
17:26:43.0935 0x11a0  vwifimp - ok
17:26:43.0951 0x11a0  W32Time - ok
17:26:43.0951 0x11a0  WacomPen - ok
17:26:43.0966 0x11a0  WalletService - ok
17:26:43.0966 0x11a0  wanarp - ok
17:26:43.0966 0x11a0  wanarpv6 - ok
17:26:43.0966 0x11a0  wbengine - ok
17:26:43.0982 0x11a0  WbioSrvc - ok
17:26:43.0982 0x11a0  wcifs - ok
17:26:43.0982 0x11a0  Wcmsvc - ok
17:26:43.0998 0x11a0  wcncsvc - ok
17:26:43.0998 0x11a0  wcnfs - ok
17:26:43.0998 0x11a0  WdBoot - ok
17:26:44.0013 0x11a0  Wdf01000 - ok
17:26:44.0013 0x11a0  WdFilter - ok
17:26:44.0013 0x11a0  WdiServiceHost - ok
17:26:44.0029 0x11a0  WdiSystemHost - ok
17:26:44.0029 0x11a0  wdiwifi - ok
17:26:44.0029 0x11a0  WdNisDrv - ok
17:26:44.0044 0x11a0  WdNisSvc - ok
17:26:44.0044 0x11a0  WebClient - ok
17:26:44.0044 0x11a0  Wecsvc - ok
17:26:44.0060 0x11a0  WEPHOSTSVC - ok
17:26:44.0060 0x11a0  wercplsupport - ok
17:26:44.0060 0x11a0  WerSvc - ok
17:26:44.0076 0x11a0  WFPLWFS - ok
17:26:44.0076 0x11a0  WiaRpc - ok
17:26:44.0076 0x11a0  WIMMount - ok
17:26:44.0091 0x11a0  WinDefend - ok
17:26:44.0091 0x11a0  WindowsTrustedRT - ok
17:26:44.0107 0x11a0  WindowsTrustedRTProxy - ok
17:26:44.0107 0x11a0  WinHttpAutoProxySvc - ok
17:26:44.0107 0x11a0  WinMad - ok
17:26:44.0123 0x11a0  Winmgmt - ok
17:26:44.0123 0x11a0  WinRM - ok
17:26:44.0138 0x11a0  WINUSB - ok
17:26:44.0138 0x11a0  WinVerbs - ok
17:26:44.0154 0x11a0  wisvc - ok
17:26:44.0154 0x11a0  WlanSvc - ok
17:26:44.0154 0x11a0  wlidsvc - ok
17:26:44.0169 0x11a0  WmiAcpi - ok
17:26:44.0169 0x11a0  wmiApSrv - ok
17:26:44.0169 0x11a0  WMPNetworkSvc - ok
17:26:44.0185 0x11a0  Wof - ok
17:26:44.0185 0x11a0  workfolderssvc - ok
17:26:44.0201 0x11a0  WPDBusEnum - ok
17:26:44.0201 0x11a0  WpdUpFltr - ok
17:26:44.0201 0x11a0  WpnService - ok
17:26:44.0201 0x11a0  WpnUserService - ok
17:26:44.0216 0x11a0  ws2ifsl - ok
17:26:44.0216 0x11a0  wscsvc - ok
17:26:44.0232 0x11a0  WSearch - ok
17:26:44.0232 0x11a0  wuauserv - ok
17:26:44.0248 0x11a0  WudfPf - ok
17:26:44.0248 0x11a0  WUDFRd - ok
17:26:44.0248 0x11a0  wudfsvc - ok
17:26:44.0263 0x11a0  WUDFWpdFs - ok
17:26:44.0263 0x11a0  WUDFWpdMtp - ok
17:26:44.0263 0x11a0  WwanSvc - ok
17:26:44.0279 0x11a0  XblAuthManager - ok
17:26:44.0279 0x11a0  XblGameSave - ok
17:26:44.0279 0x11a0  xboxgip - ok
17:26:44.0294 0x11a0  XboxNetApiSvc - ok
17:26:44.0294 0x11a0  xinputhid - ok
17:26:44.0310 0x11a0  ykinw8 - ok
17:26:44.0310 0x11a0  ================ Scan global ===============================
17:26:44.0326 0x11a0  [ Global ] - ok
17:26:44.0326 0x11a0  ================ Scan MBR ==================================
17:26:44.0326 0x11a0  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
17:26:44.0466 0x11a0  \Device\Harddisk0\DR0 - ok
17:26:44.0466 0x11a0  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR1
17:26:44.0654 0x11a0  \Device\Harddisk1\DR1 - ok
17:26:44.0654 0x11a0  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk4\DR4
17:26:44.0748 0x11a0  \Device\Harddisk4\DR4 - ok
17:26:44.0748 0x11a0  ================ Scan VBR ==================================
17:26:44.0748 0x11a0  [ B75D89CA6D84C3CB1A6CA73A56716F49 ] \Device\Harddisk0\DR0\Partition1
17:26:44.0763 0x11a0  \Device\Harddisk0\DR0\Partition1 - ok
17:26:44.0763 0x11a0  [ BF802D8035F06A0BA68F026159CA8763 ] \Device\Harddisk1\DR1\Partition1
17:26:44.0763 0x11a0  \Device\Harddisk1\DR1\Partition1 - ok
17:26:44.0779 0x11a0  [ 55D863E4CA2B9A5E1BB7A9B572FDDD70 ] \Device\Harddisk4\DR4\Partition1
17:26:44.0779 0x11a0  \Device\Harddisk4\DR4\Partition1 - ok
17:26:44.0779 0x11a0  ================ Scan generic autorun ======================
17:26:44.0966 0x11a0  [ 5229C2546E151D368A1CE0E451351231, 2E421986933D70789665195A92D2A9022500E9382B2881881B741F0023D6422E ] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
17:26:45.0138 0x11a0  RtHDVCpl - ok
17:26:45.0154 0x11a0  [ 5677C8C60F4659E8626AC9036EEF38DF, 1C7D3EC3BCB3E34900DD9556A3EBAF449C68585DC8E07682E680790497105B8B ] C:\Program Files\Classic Shell\ClassicStartMenu.exe
17:26:45.0169 0x11a0  Classic Start Menu - ok
17:26:45.0216 0x11a0  [ 8943465BEFA91044227D42E84ECB8280, 76D19CE3EB7E6C6573F250543CDC10B3601604535BFB756805AE246FA55AC265 ] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
17:26:45.0232 0x11a0  NUSB3MON - ok
17:26:45.0248 0x11a0  [ CD0362AEE36CFE1EF5DF973230742E67, 9F1D8AD4E09D16C39CD6A35CB298456468C1808226FFA8AD65BF9562A6ECC07D ] C:\Program Files (x86)\PDF24\pdf24.exe
17:26:45.0279 0x11a0  PDFPrint - ok
17:26:45.0279 0x11a0  [ B69B3F28C5DB496202C88F5A181640AC, 6ECD6DCFE27A043457BA910289849534ED9D173856DAF694687366E1A2C7A135 ] C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe
17:26:45.0294 0x11a0  Avira SystrayStartTrigger - ok
17:26:45.0326 0x11a0  OneDriveSetup - ok
17:26:45.0326 0x11a0  OneDriveSetup - ok
17:26:45.0341 0x11a0  [ 7D0F245088942BCB888A0AC149A6F378, 20B8145FC6988DB195E7E153FB8CA20DDE39CFC540AC5DC9BC1E91497E3ACC92 ] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIEJE.EXE
17:26:45.0373 0x11a0  EPSON Stylus Office BX300F - ok
17:26:45.0451 0x11a0  [ F73154E180105822A5F9B755BA933737, 1CD775B6CE3736A70EC5FC7A6B77A2FEDA70D59B49A66046CC20B341005501D9 ] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
17:26:45.0529 0x11a0  DAEMON Tools Lite - ok
17:26:45.0560 0x11a0  AV detected via SS2: Windows Defender, C:\Program Files\Windows Defender\MSASCui.exe ( 4.10.14393.187 ), 0x60100 ( disabled : updated )
17:26:45.0560 0x11a0  AV detected via SS2: Malwarebytes, C:\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe ( 3.0.0.134 ), 0x60000 ( disabled : updated )
17:26:45.0560 0x11a0  Win FW state via NFP2: enabled ( trusted )
17:26:45.0576 0x11a0  ============================================================
17:26:45.0576 0x11a0  Scan finished
17:26:45.0576 0x11a0  ============================================================
17:26:45.0576 0x1028  Detected object count: 3
17:26:45.0576 0x1028  Actual detected object count: 3
17:26:50.0685 0x1028  epmntdrv ( UnsignedFile.Multi.Generic ) - skipped by user
17:26:50.0685 0x1028  epmntdrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:26:50.0701 0x1028  EuGdiDrv ( UnsignedFile.Multi.Generic ) - skipped by user
17:26:50.0701 0x1028  EuGdiDrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:26:50.0701 0x1028  ucdrv ( HiddenFile.Multi.Generic ) - skipped by user
17:26:50.0701 0x1028  ucdrv ( HiddenFile.Multi.Generic ) - User select action: Skip
17:27:03.0983 0x1754  Deinitialize success

cosinus 23.12.2016 11:39
Adware/Junkware/Toolbars entfernen

Alte Versionen von adwCleaner und falls vorhanden JRT vorher löschen, danach neu runterladen auf den Desktop!
Virenscanner jetzt vor dem Einsatz dieser Tools bitte komplett deaktivieren!

1. Schritt: adwCleaner

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).




2. Schritt: JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


magdeburger 23.12.2016 12:34
Schon mal vielen Dank für deine Mühe! :dankeschoen:

Code:
# AdwCleaner v6.041 - Bericht erstellt am 23/12/2016 um 12:21:24
# Aktualisiert am 16/12/2016 von Malwarebytes
# Datenbank : 2016-12-22.1 [Server]
# Betriebssystem : Windows 10 Pro  (X64)
# Benutzername : db - SONYDB
# Gestartet von : D:\heruntergeladene Programme\Antivirusprogramme\AdwCleaner_6.041.exe
# Modus: Löschen
# Unterstützung : https://www.malwarebytes.com/support



***** [ Dienste ] *****

[-] Dienst gelöscht: ucdrv


***** [ Ordner ] *****

[-] Ordner gelöscht: C:\Users\db\AppData\Local\WOB Modules
[-] Ordner gelöscht: C:\Users\db\AppData\Roaming\Softlink
[-] Ordner gelöscht: C:\WINDOWS\SysWoW64\config\systemprofile\AppData\Roaming\aMule
[-] Ordner gelöscht: C:\Users\db\AppData\Local\app


***** [ Dateien ] *****

[-] Datei gelöscht: C:\WINDOWS\SysNative\log\iSafeKrnlCall.log


***** [ DLL ] *****



***** [ WMI ] *****



***** [ Verknüpfungen ] *****



***** [ Aufgabenplanung ] *****

[-] Aufgabe gelöscht: Microsoft\Windows\Application Experience\RenewalService
[-] Aufgabe gelöscht: SecureUpdater


***** [ Registrierungsdatenbank ] *****

[-] Schlüssel gelöscht: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\SCService
[#] Schlüssel mit Neustart gelöscht: [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\SCService
[-] Schlüssel gelöscht: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\GoogleChromeUpService
[#] Schlüssel mit Neustart gelöscht: [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\GoogleChromeUpService
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\KuaiZip.kz
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\KuaiZip.zip
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\KuaiZipMount_FileAsso.Origin
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\KuaiZip_FileAsso.Origin
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\PCSU.SysUtils
[#] Schlüssel mit Neustart gelöscht: [x64] HKLM\SOFTWARE\Classes\KuaiZip.kz
[#] Schlüssel mit Neustart gelöscht: [x64] HKLM\SOFTWARE\Classes\KuaiZip.zip
[#] Schlüssel mit Neustart gelöscht: [x64] HKLM\SOFTWARE\Classes\KuaiZipMount_FileAsso.Origin
[#] Schlüssel mit Neustart gelöscht: [x64] HKLM\SOFTWARE\Classes\KuaiZip_FileAsso.Origin
[#] Schlüssel mit Neustart gelöscht: [x64] HKLM\SOFTWARE\Classes\PCSU.SysUtils
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\AppID\{9CC34070-3A38-4C7A-89CB-EF8177EF07A1}
[-] Schlüssel gelöscht: HKU\.DEFAULT\Software\UCBrowser
[-] Schlüssel gelöscht: HKU\S-1-5-21-2865356430-1766797703-3585162535-1001\Software\oTweak
[-] Schlüssel gelöscht: HKU\S-1-5-21-2865356430-1766797703-3585162535-1001\Software\tstamptoken
[-] Schlüssel gelöscht: HKU\S-1-5-21-2865356430-1766797703-3585162535-1001\Software\osTip
[-] Schlüssel gelöscht: HKU\S-1-5-21-2865356430-1766797703-3585162535-1001\Software\MICROSOFT\OTUT
[-] Schlüssel gelöscht: HKU\S-1-5-21-2865356430-1766797703-3585162535-1001\Software\UCBrowser
[-] Schlüssel gelöscht: HKU\S-1-5-21-2865356430-1766797703-3585162535-1001\Software\UCBrowserPID
[-] Schlüssel gelöscht: HKU\S-1-5-21-2865356430-1766797703-3585162535-1001\Software\AutoTime
[-] Schlüssel gelöscht: HKU\S-1-5-21-2865356430-1766797703-3585162535-1001\Software\SNDA
[#] Schlüssel mit Neustart gelöscht: HKU\S-1-5-18\Software\UCBrowser
[#] Schlüssel mit Neustart gelöscht: HKCU\Software\oTweak
[#] Schlüssel mit Neustart gelöscht: HKCU\Software\tstamptoken
[#] Schlüssel mit Neustart gelöscht: HKCU\Software\osTip
[#] Schlüssel mit Neustart gelöscht: HKCU\Software\MICROSOFT\OTUT
[#] Schlüssel mit Neustart gelöscht: HKCU\Software\UCBrowser
[#] Schlüssel mit Neustart gelöscht: HKCU\Software\UCBrowserPID
[#] Schlüssel mit Neustart gelöscht: HKCU\Software\AutoTime
[#] Schlüssel mit Neustart gelöscht: HKCU\Software\SNDA
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Elex-tech
[-] Schlüssel gelöscht: HKLM\SOFTWARE\UCBrowserPID
[-] Schlüssel gelöscht: HKLM\SOFTWARE\WinArcher
[-] Schlüssel gelöscht: HKLM\SOFTWARE\amule-custom
[-] Schlüssel gelöscht: HKLM\SOFTWARE\UvConv
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{19539992-061C-4E8B-9053-07B175303AF4}
[#] Schlüssel mit Neustart gelöscht: [x64] HKCU\Software\oTweak
[#] Schlüssel mit Neustart gelöscht: [x64] HKCU\Software\tstamptoken
[#] Schlüssel mit Neustart gelöscht: [x64] HKCU\Software\osTip
[#] Schlüssel mit Neustart gelöscht: [x64] HKCU\Software\MICROSOFT\OTUT
[#] Schlüssel mit Neustart gelöscht: [x64] HKCU\Software\UCBrowser
[#] Schlüssel mit Neustart gelöscht: [x64] HKCU\Software\UCBrowserPID
[#] Schlüssel mit Neustart gelöscht: [x64] HKCU\Software\AutoTime
[#] Schlüssel mit Neustart gelöscht: [x64] HKCU\Software\SNDA
[-] Wert gelöscht: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost [kuaizipupdatesvc]
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\Drive\shellex\ContextMenuHandlers\KuaiZipShlExt
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\KuaiZipShlExt
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\AppID\QZipShell.DLL
[-] Wert gelöscht: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost [WinSAPSvc]
[-] Wert gelöscht: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost [ArcherGroupEx]
[-] Schlüssel gelöscht: HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\KuaiZipShlExt


***** [ Browser ] *****

[-] [C:\Users\db\AppData\Local\Google\Chrome\User Data\Default] [startup_urls] Gelöscht: hxxp://www.amisites.com/?type=hp&ts=1482396042&z=915db875878109ad6287d4cgdz7b8o5c5t1q3e3z5o&from=che0812&uid=SAMSUNGXSSDX830XSeries_S0WJNYABC04625
[-] [C:\Users\db\AppData\Local\Google\Chrome\User Data\Default] [favicon_url] Gelöscht: hxxp://www.amisites.com/searchfavicon.ico
[-] [C:\Users\db\AppData\Local\Google\Chrome\User Data\Default] [extension] Gelöscht: djhangopedggnlnicpbjklghlckmndge


*************************

:: "Tracing" Schlüssel gelöscht
:: Winsock Einstellungen zurückgesetzt
:: Proxy Einstellungen zurückgesetzt
:: Internet Explorer Richtlinien gelöscht
:: Chrome Richtlinien gelöscht

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [6158 Bytes] - [23/12/2016 12:21:24]
C:\AdwCleaner\AdwCleaner[R14].txt - [916 Bytes] - [22/12/2016 12:00:30]
C:\AdwCleaner\AdwCleaner[R15].txt - [1054 Bytes] - [23/12/2016 12:12:49]
C:\AdwCleaner\AdwCleaner[S1].txt - [5956 Bytes] - [23/12/2016 12:19:44]
C:\AdwCleaner\AdwCleaner[S9].txt - [975 Bytes] - [22/12/2016 12:01:15]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [6523 Bytes] ##########



Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.0 (12.05.2016)
Operating System: Windows 10 Pro x64
Ran by db (Administrator) on 23.12.2016 at 12:25:24,16
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 0




Registry: 0





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 23.12.2016 at 12:27:57,38
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

cosinus 23.12.2016 13:42
Dann zeig mal frische FRST Logs. Haken setzen bei addition.txt dann auf Untersuchen klicken

http://www.trojaner-board.de/picture...&pictureid=611

magdeburger 23.12.2016 14:07
Code:
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 21-12-2016
durchgeführt von db (Administrator) auf SONYDB (23-12-2016 14:04:32)
Gestartet von D:\heruntergeladene Programme\Antivirusprogramme
Geladene Profile: db (Verfügbare Profile: db)
Platform: Windows 10 Pro Version 1607 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: Chrome)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
() C:\Windows\SysWOW64\PnkBstrB.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7981600 2009-07-23] (Realtek Semiconductor)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [163800 2016-07-30] (IvoSoft)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [210432 2016-07-05] (Geek Software GmbH)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [115048 2011-09-16] (Renesas Electronics Corporation)
HKU\S-1-5-21-2865356430-1766797703-3585162535-1001\...\Run: [EPSON Stylus Office BX300F] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIEJE.EXE [221696 2008-01-22] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-2865356430-1766797703-3585162535-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-2865356430-1766797703-3585162535-1001\...\MountPoints2: {993b80d7-a4a9-11e4-833a-0024bebd199b} - "E:\autorun.exe"
ShellExecuteHooks: Kein Name - {23D5E59C-A5C9-11E6-91E4-64006A5CFC23} -  -> Keine Datei
ShellIconOverlayIdentifiers: [KzShlobj] -> {AAA0C5B8-933F-4200-93AD-B143D7FFF9F2} =>  -> Keine Datei
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2016-07-30] (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2016-07-30] (IvoSoft)

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\Parameters: [NameServer] 8.8.8.8,8.8.8.4
Tcpip\..\Interfaces\{bf3a2940-db0d-47e1-8c05-cc90ab7858d4}: [DhcpNameServer] 192.168.2.1
ManualProxies:

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-2865356430-1766797703-3585162535-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope Wert fehlt
SearchScopes: HKU\S-1-5-21-2865356430-1766797703-3585162535-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=U220DF&PC=U220&q={searchTerms}&src=IE-SearchBox
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2016-05-17] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\db\AppData\Roaming\Mozilla\Firefox\Profiles\mb9a2erg.default-1482084049159 [2016-12-23]
FF Homepage: Mozilla\Firefox\Profiles\mb9a2erg.default-1482084049159 -> about:home
FF Session Restore: Mozilla\Firefox\Profiles\mb9a2erg.default-1482084049159 -> ist aktiviert.
FF Extension: (Adblock Plus Pop-up Addon) - C:\Users\db\AppData\Roaming\Mozilla\Firefox\Profiles\mb9a2erg.default-1482084049159\Extensions\adblockpopups@jessehakanen.net.xpi [2016-04-27]
FF Extension: (Element Hiding Helper for Adblock Plus) - C:\Users\db\AppData\Roaming\Mozilla\Firefox\Profiles\mb9a2erg.default-1482084049159\Extensions\elemhidehelper@adblockplus.org.xpi [2016-11-26]
FF Extension: (Adblock Plus) - C:\Users\db\AppData\Roaming\Mozilla\Firefox\Profiles\mb9a2erg.default-1482084049159\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-11-26]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [Keine Datei]
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [Keine Datei]
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [Keine Datei]
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [Keine Datei]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [Keine Datei]
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2012-08-23] (Nero AG)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-18] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
StartMenuInternet: FIREFOX.EXE - firefox.exe

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
StartMenuInternet: Google Chrome - Chrome.exe

==================== Dienste (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-08-18] (SUPERAntiSpyware.com)
S2 FoxitReaderService; C:\Program Files (x86)\FOXIT SOFTWARE\FOXIT READER\FoxitConnectedPDFService.exe [1647808 2016-06-21] (Foxit Software Inc.)
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4317648 2016-12-14] (Malwarebytes)
S2 Mobile Partner. RunOuc; C:\Program Files (x86)\Mobile Partner\UpdateDog\ouc.exe [246112 2014-01-14] ()
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [66872 2014-12-06] ()
R2 PnkBstrB; C:\Windows\SysWOW64\PnkBstrB.exe [107832 2014-12-06] ()
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-09-15] (Microsoft Corporation)
S2 Sparhandy_Germany Silverstone Modem Device Helper; C:\Program Files (x86)\Sparhandy Modem\BackgroundService\ServiceManager.exe [53312 2012-03-14] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
S2 HWDeviceService64.exe; "C:\ProgramData\DatacardService\HWDeviceService64.exe" -/service [X]
S2 Juqokchukity; C:\Program Files (x86)\Ckerketain\jprcnf.dll [X]

===================== Treiber (Nicht auf der Ausnahmeliste) ======================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S3 AlcatelOTnet; C:\WINDOWS\system32\DRIVERS\AlcatelOTUsbnet.sys [138752 2011-06-20] (TCT International Mobile Ltd)
R0 amdkmafd; C:\WINDOWS\System32\drivers\amdkmafd.sys [23240 2016-02-26] (Advanced Micro Devices, Inc.)
R1 dtsoftbus01; C:\WINDOWS\System32\drivers\dtsoftbus01.sys [283064 2015-01-27] (Disc Soft Ltd)
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [16776 2011-07-29] () [Datei ist nicht signiert]
S3 epmntdrv; C:\Windows\SysWOW64\epmntdrv.sys [14216 2011-07-29] () [Datei ist nicht signiert]
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [9096 2011-07-29] () [Datei ist nicht signiert]
S3 EuGdiDrv; C:\Windows\SysWOW64\EuGdiDrv.sys [8456 2011-07-29] () [Datei ist nicht signiert]
U5 iaStor; C:\Windows\System32\Drivers\iaStor.sys [537112 2009-11-20] (Intel Corporation)
S3 jrdusbser; C:\WINDOWS\system32\DRIVERS\jrdusbser.sys [120832 2011-06-20] (TCT International Mobile Ltd)
S3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [43968 2016-12-23] (Malwarebytes)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [250816 2016-12-23] (Malwarebytes)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R2 npf; C:\WINDOWS\system32\drivers\npf.sys [36600 2015-08-21] (Riverbed Technology, Inc.)
U5 nusb3xhc; C:\Windows\System32\Drivers\nusb3xhc.sys [226696 2012-08-27] (Renesas Electronics Corporation)
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19152 2013-09-30] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] ()
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
R3 ykinw8; C:\WINDOWS\System32\drivers\ykinx64.sys [288768 2016-07-16] (Marvell)

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-12-23 12:22 - 2016-12-23 12:22 - 00000000 ____D C:\Users\db\AppData\Local\AviraSpeedup
2016-12-23 10:08 - 2016-12-23 10:08 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_avusbflt_01011.Wdf
2016-12-23 10:04 - 2016-12-23 10:04 - 00000000 ____D C:\Users\db\AppData\Local\Avira
2016-12-22 18:19 - 2016-12-22 18:20 - 00214978 _____ C:\TDSSKiller.3.1.0.12_22.12.2016_18.19.11_log.txt
2016-12-22 17:29 - 2016-12-22 17:29 - 00000000 _____ C:\Users\db\Desktop\chuck 30min.txt
2016-12-22 17:26 - 2016-12-22 17:27 - 00077842 _____ C:\TDSSKiller.3.1.0.12_22.12.2016_17.26.27_log.txt
2016-12-22 17:15 - 2016-12-22 17:17 - 00147144 _____ C:\TDSSKiller.3.1.0.12_22.12.2016_17.15.06_log.txt
2016-12-22 17:05 - 2016-12-22 17:14 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2016-12-22 17:02 - 2016-12-22 17:02 - 16563352 _____ (Malwarebytes Corp.) C:\Users\db\Downloads\mbar-1.09.3.1001.exe
2016-12-22 15:14 - 2016-12-22 15:14 - 00000000 ____D C:\ProgramData\USOShared
2016-12-22 15:14 - 2016-12-22 15:14 - 00000000 ____D C:\ProgramData\USOPrivate
2016-12-22 14:35 - 2016-12-22 14:35 - 00000000 _____ C:\Users\db\Desktop\Codes.txt
2016-12-22 13:39 - 2016-12-23 14:04 - 00000000 ____D C:\FRST
2016-12-22 13:37 - 2016-12-23 12:37 - 00000543 _____ C:\Users\db\Desktop\JRT.txt
2016-12-22 12:37 - 2016-12-22 12:37 - 00000916 _____ C:\Users\Public\Desktop\VLC media player.lnk
2016-12-22 12:37 - 2016-12-22 12:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2016-12-22 12:26 - 2016-12-22 12:26 - 00000000 ____D C:\Users\db\AppData\Roaming\WinRAR
2016-12-22 12:11 - 2016-12-23 00:02 - 00102856 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2016-12-22 12:10 - 2016-12-22 17:05 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-12-22 12:10 - 2016-12-22 12:10 - 00000000 ____D C:\Program Files\Malwarebytes
2016-12-22 12:10 - 2016-12-14 12:55 - 00077416 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2016-12-22 12:03 - 2016-12-23 13:56 - 00000000 ____D C:\Users\db\AppData\LocalLow\Mozilla
2016-12-22 12:03 - 2016-12-22 12:03 - 00000000 ____D C:\Users\db\Tracing
2016-12-22 12:00 - 2016-12-23 12:57 - 00000000 ____D C:\AdwCleaner
2016-12-22 11:52 - 2016-12-22 11:52 - 00000000 ____D C:\Users\db\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2016-12-22 11:52 - 2016-12-22 11:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2016-12-22 11:50 - 2016-12-22 11:50 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2016-12-22 11:36 - 2016-12-22 11:36 - 00000000 ____D C:\ProgramData\DAEMON Tools Lite
2016-12-22 11:35 - 2016-12-23 12:22 - 00000000 ____D C:\ProgramData\Foxit Software
2016-12-22 11:35 - 2016-12-22 11:42 - 00000000 ____D C:\ProgramData\Nero
2016-12-22 11:35 - 2016-12-22 11:35 - 00000000 ____D C:\ProgramData\TreeCardGames
2016-12-22 10:51 - 2016-12-22 10:52 - 41650235 _____ C:\Users\db\Desktop\Firefox 50.1.0 (x86 de) - 2016-12-22.pcv
2016-12-18 15:59 - 2016-12-22 12:16 - 00002340 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-12-18 15:59 - 2016-12-22 12:16 - 00002328 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-12-18 15:58 - 2016-12-18 16:04 - 00003628 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-12-18 15:58 - 2016-12-18 16:04 - 00003504 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2016-12-18 15:58 - 2016-12-18 15:59 - 00000000 ____D C:\Program Files (x86)\Google
2016-12-17 09:04 - 2016-12-22 11:23 - 00000000 ____D C:\WINDOWS\System32\Tasks\WiseCleaner
2016-12-16 20:45 - 2016-12-23 12:45 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-12-16 20:45 - 2016-12-22 12:16 - 00001232 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-12-16 20:45 - 2016-12-22 10:27 - 00001220 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-12-16 20:45 - 2016-12-17 01:30 - 00000000 ____D C:\Users\db\AppData\Local\Mozilla
2016-12-16 20:45 - 2016-12-16 20:45 - 00000000 ____D C:\Users\db\AppData\Roaming\Mozilla
2016-12-16 19:38 - 2016-12-18 16:07 - 00000000 ____D C:\Users\db\AppData\Local\Google
2016-12-16 19:38 - 2016-12-16 19:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2016-12-16 19:14 - 2016-12-16 19:15 - 00000000 ____D C:\WINDOWS\system32\appmgmt
2016-12-14 21:26 - 2016-12-14 21:26 - 00083909 _____ C:\Users\db\Desktop\DKB - Deutsche Kreditbank AG - Internet Banking.pdf
2016-12-14 20:14 - 2016-12-14 20:18 - 00000000 ___HD C:\WINDOWS\msdownld.tmp
2016-12-14 06:36 - 2016-12-14 06:36 - 00000000 ____D C:\Users\db\AppData\Local\MicrosoftEdge
2016-12-13 19:51 - 2016-12-09 11:32 - 07816032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-12-13 19:51 - 2016-12-09 11:29 - 02681200 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2016-12-13 19:51 - 2016-12-09 11:19 - 01293152 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2016-12-13 19:51 - 2016-12-09 11:18 - 01100128 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2016-12-13 19:51 - 2016-12-09 11:18 - 00989024 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2016-12-13 19:51 - 2016-12-09 11:18 - 00947552 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.efi
2016-12-13 19:51 - 2016-12-09 11:18 - 00811872 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe
2016-12-13 19:51 - 2016-12-09 11:15 - 08168000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2016-12-13 19:51 - 2016-12-09 11:15 - 01988560 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2016-12-13 19:51 - 2016-12-09 11:14 - 01274712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-12-13 19:51 - 2016-12-09 11:01 - 02323728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2016-12-13 19:51 - 2016-12-09 11:01 - 01503544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2016-12-13 19:51 - 2016-12-09 10:57 - 01852720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2016-12-13 19:51 - 2016-12-09 10:52 - 01435896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2016-12-13 19:51 - 2016-12-09 10:51 - 00117240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sspicli.dll
2016-12-13 19:51 - 2016-12-09 10:45 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2016-12-13 19:51 - 2016-12-09 10:45 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\WordBreakers.dll
2016-12-13 19:51 - 2016-12-09 10:41 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WordBreakers.dll
2016-12-13 19:51 - 2016-12-09 10:40 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2016-12-13 19:51 - 2016-12-09 10:38 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2016-12-13 19:51 - 2016-12-09 10:37 - 00411136 _____ (Microsoft Corporation) C:\WINDOWS\system32\facecredentialprovider.dll
2016-12-13 19:51 - 2016-12-09 10:36 - 06285312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2016-12-13 19:51 - 2016-12-09 10:36 - 03059200 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2016-12-13 19:51 - 2016-12-09 10:36 - 00425984 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2016-12-13 19:51 - 2016-12-09 10:36 - 00410112 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2016-12-13 19:51 - 2016-12-09 10:33 - 03777536 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2016-12-13 19:51 - 2016-12-09 10:33 - 01589760 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtctm.dll
2016-12-13 19:51 - 2016-12-09 10:31 - 00313856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2016-12-13 19:51 - 2016-12-09 10:30 - 04612608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2016-12-13 19:51 - 2016-12-09 10:28 - 03306496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2016-12-13 19:51 - 2016-12-09 10:27 - 00981504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.OnlineId.dll
2016-12-13 19:51 - 2016-12-09 10:26 - 01692672 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2016-12-13 19:51 - 2016-12-09 10:24 - 02275840 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-12-13 19:51 - 2016-12-09 10:22 - 02820096 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2016-12-13 19:51 - 2016-12-09 10:22 - 02688512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-12-13 19:51 - 2016-12-09 10:21 - 00716800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ShareHost.dll
2016-12-13 19:51 - 2016-12-09 10:19 - 01121280 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2016-12-13 19:51 - 2016-12-09 10:19 - 00433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2016-12-13 19:51 - 2016-12-09 10:19 - 00261120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2016-12-13 19:51 - 2016-12-09 10:19 - 00119296 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
2016-12-13 19:51 - 2016-12-09 10:19 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditBufferTestHook.dll
2016-12-13 19:51 - 2016-12-09 10:18 - 02138112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2016-12-13 19:51 - 2016-12-09 10:16 - 02998272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2016-12-13 19:51 - 2016-12-09 10:16 - 00353280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2016-12-13 19:51 - 2016-12-09 10:15 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2016-12-13 19:51 - 2016-12-09 10:15 - 00092672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputLocaleManager.dll
2016-12-13 19:51 - 2016-12-09 10:15 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EditBufferTestHook.dll
2016-12-13 19:51 - 2016-11-02 11:25 - 00956416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2016-12-13 19:50 - 2016-12-09 11:42 - 01637728 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-12-13 19:50 - 2016-12-09 11:42 - 00137568 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-12-13 19:50 - 2016-12-09 11:34 - 01051112 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2016-12-13 19:50 - 2016-12-09 11:34 - 00894096 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2016-12-13 19:50 - 2016-12-09 11:33 - 01354320 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-12-13 19:50 - 2016-12-09 11:33 - 01173496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-12-13 19:50 - 2016-12-09 11:30 - 00377184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2016-12-13 19:50 - 2016-12-09 11:28 - 00764392 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2016-12-13 19:50 - 2016-12-09 11:27 - 00172528 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspicli.dll
2016-12-13 19:50 - 2016-12-09 11:20 - 02677544 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2016-12-13 19:50 - 2016-12-09 11:20 - 02189664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-12-13 19:50 - 2016-12-09 11:20 - 01738560 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2016-12-13 19:50 - 2016-12-09 11:20 - 00658784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-12-13 19:50 - 2016-12-09 11:20 - 00402272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2016-12-13 19:50 - 2016-12-09 11:19 - 00168424 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcrypt.dll
2016-12-13 19:50 - 2016-12-09 11:18 - 02913144 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2016-12-13 19:50 - 2016-12-09 11:18 - 01267512 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2016-12-13 19:50 - 2016-12-09 11:18 - 00624048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-12-13 19:50 - 2016-12-09 11:14 - 00241504 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2016-12-13 19:50 - 2016-12-09 11:11 - 02048496 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2016-12-13 19:50 - 2016-12-09 11:10 - 01572768 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2016-12-13 19:50 - 2016-12-09 11:10 - 01461200 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2016-12-13 19:50 - 2016-12-09 11:09 - 00455520 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2016-12-13 19:50 - 2016-12-09 11:01 - 00861024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2016-12-13 19:50 - 2016-12-09 11:00 - 00106896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcrypt.dll
2016-12-13 19:50 - 2016-12-09 10:59 - 02166752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2016-12-13 19:50 - 2016-12-09 10:59 - 00846560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2016-12-13 19:50 - 2016-12-09 10:57 - 06668040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2016-12-13 19:50 - 2016-12-09 10:56 - 00959112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2016-12-13 19:50 - 2016-12-09 10:52 - 01415752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2016-12-13 19:50 - 2016-12-09 10:47 - 22563328 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-12-13 19:50 - 2016-12-09 10:42 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2016-12-13 19:50 - 2016-12-09 10:41 - 00380928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wincorlib.dll
2016-12-13 19:50 - 2016-12-09 10:37 - 00261632 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll
2016-12-13 19:50 - 2016-12-09 10:37 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-12-13 19:50 - 2016-12-09 10:36 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2016-12-13 19:50 - 2016-12-09 10:34 - 00822784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2016-12-13 19:50 - 2016-12-09 10:34 - 00288768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincorlib.dll
2016-12-13 19:50 - 2016-12-09 10:32 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2016-12-13 19:50 - 2016-12-09 10:31 - 03689984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2016-12-13 19:50 - 2016-12-09 10:31 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\indexeddbserver.dll
2016-12-13 19:50 - 2016-12-09 10:30 - 23677952 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-12-13 19:50 - 2016-12-09 10:30 - 19413504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-12-13 19:50 - 2016-12-09 10:29 - 04749312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2016-12-13 19:50 - 2016-12-09 10:28 - 01004544 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2016-12-13 19:50 - 2016-12-09 10:27 - 19417088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-12-13 19:50 - 2016-12-09 10:27 - 13084160 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-12-13 19:50 - 2016-12-09 10:27 - 05114368 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2016-12-13 19:50 - 2016-12-09 10:26 - 08129536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-12-13 19:50 - 2016-12-09 10:25 - 00376832 _____ (Microsoft Corporation) C:\WINDOWS\system32\CryptoWinRT.dll
2016-12-13 19:50 - 2016-12-09 10:23 - 12177920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-12-13 19:50 - 2016-12-09 10:22 - 01490944 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-12-13 19:50 - 2016-12-09 10:21 - 04746752 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-12-13 19:50 - 2016-12-09 10:21 - 03616768 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-12-13 19:50 - 2016-12-09 10:21 - 01512960 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-12-13 19:50 - 2016-12-09 10:20 - 06044160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-12-13 19:50 - 2016-12-09 10:20 - 03198464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2016-12-13 19:50 - 2016-12-09 10:20 - 00730624 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2016-12-13 19:50 - 2016-12-09 10:20 - 00187392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2016-12-13 19:50 - 2016-12-09 10:20 - 00172544 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2016-12-13 19:50 - 2016-12-09 10:18 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-12-13 19:50 - 2016-12-09 10:18 - 00165376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll
2016-12-13 19:50 - 2016-12-09 10:17 - 00886272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2016-12-13 19:50 - 2016-12-09 10:17 - 00566784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ShareHost.dll
2016-12-13 19:50 - 2016-12-09 10:16 - 01880576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-12-13 19:50 - 2016-12-09 09:54 - 00483840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2016-12-13 19:50 - 2016-11-02 11:28 - 00807424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.OnlineId.dll
2016-12-13 19:50 - 2016-09-15 17:36 - 00216576 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll
2016-12-12 18:59 - 2016-12-23 12:20 - 00000000 ____D C:\WINDOWS\system32\log
2016-12-12 18:59 - 2016-12-12 20:14 - 00000000 _____ C:\Users\Public\Documents\report.dat
2016-12-12 18:59 - 2016-12-12 18:59 - 00000000 _____ C:\Users\Public\Documents\temp.dat
2016-12-10 19:54 - 2016-11-11 11:22 - 00590960 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2016-12-10 19:54 - 2016-11-11 11:15 - 00198856 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscapi.dll
2016-12-10 19:54 - 2016-11-11 11:15 - 00101216 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceReactivation.dll
2016-12-10 19:54 - 2016-11-11 11:14 - 02482280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2016-12-10 19:54 - 2016-11-11 11:14 - 02186896 _____ (Microsoft Corporation) C:\WINDOWS\system32\hevcdecoder.dll
2016-12-10 19:54 - 2016-11-11 11:14 - 00603488 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll
2016-12-10 19:54 - 2016-11-11 11:13 - 02213760 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2016-12-10 19:54 - 2016-11-11 11:13 - 01886344 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-12-10 19:54 - 2016-11-11 11:13 - 00352096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
2016-12-10 19:54 - 2016-11-11 11:12 - 00128352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys
2016-12-10 19:54 - 2016-11-11 11:08 - 00142176 _____ (Microsoft Corporation) C:\WINDOWS\system32\migisol.dll
2016-12-10 19:54 - 2016-11-11 11:03 - 01069720 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2016-12-10 19:54 - 2016-11-11 11:03 - 00328008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2016-12-10 19:54 - 2016-11-11 11:03 - 00266544 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2016-12-10 19:54 - 2016-11-11 11:02 - 02828376 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2016-12-10 19:54 - 2016-11-11 11:02 - 00360040 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2016-12-10 19:54 - 2016-11-11 11:01 - 07219672 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2016-12-10 19:54 - 2016-11-11 11:01 - 01859264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2016-12-10 19:54 - 2016-11-11 11:01 - 00637400 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2016-12-10 19:54 - 2016-11-11 11:00 - 00335712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2016-12-10 19:54 - 2016-11-11 11:00 - 00223584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2016-12-10 19:54 - 2016-11-11 11:00 - 00219488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
2016-12-10 19:54 - 2016-11-11 10:57 - 22224480 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-12-10 19:54 - 2016-11-11 10:57 - 04130432 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2016-12-10 19:54 - 2016-11-11 10:57 - 01473048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2016-12-10 19:54 - 2016-11-11 10:56 - 01062480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2016-12-10 19:54 - 2016-11-11 10:56 - 00534096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2016-12-10 19:54 - 2016-11-11 10:56 - 00424616 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFPlay.dll
2016-12-10 19:54 - 2016-11-11 10:56 - 00418952 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2016-12-10 19:54 - 2016-11-11 10:56 - 00187520 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudStorageWizard.exe
2016-12-10 19:54 - 2016-11-11 10:56 - 00163752 _____ (Microsoft Corporation) C:\WINDOWS\system32\RTWorkQ.dll
2016-12-10 19:54 - 2016-11-11 10:56 - 00126568 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfaudiocnv.dll
2016-12-10 19:54 - 2016-11-11 10:55 - 01600624 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2016-12-10 19:54 - 2016-11-11 10:55 - 00882680 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeManagerObj.dll
2016-12-10 19:54 - 2016-11-11 10:55 - 00743224 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2016-12-10 19:54 - 2016-11-11 10:54 - 01418312 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2016-12-10 19:54 - 2016-11-11 10:51 - 00454592 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2016-12-10 19:54 - 2016-11-11 10:31 - 00366080 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
2016-12-10 19:54 - 2016-11-11 10:29 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2016-12-10 19:54 - 2016-11-11 10:27 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpremove.exe
2016-12-10 19:54 - 2016-11-11 10:26 - 00258560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xboxgip.sys
2016-12-10 19:54 - 2016-11-11 10:26 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseModernAppMgmtCSP.dll
2016-12-10 19:54 - 2016-11-11 10:26 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReportingCSP.dll
2016-12-10 19:54 - 2016-11-11 10:26 - 00042496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\modem.sys
2016-12-10 19:54 - 2016-11-11 10:26 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgentc.exe
2016-12-10 19:54 - 2016-11-11 10:25 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\system32\BcastDVRHelper.dll
2016-12-10 19:54 - 2016-11-11 10:25 - 00185344 _____ (Microsoft Corporation) C:\WINDOWS\system32\DisplayManager.dll
2016-12-10 19:54 - 2016-11-11 10:25 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcertinst.exe
2016-12-10 19:54 - 2016-11-11 10:25 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\system32\HttpsDataSource.dll
2016-12-10 19:54 - 2016-11-11 10:25 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryBroker.dll
2016-12-10 19:54 - 2016-11-11 10:24 - 00170496 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2016-12-10 19:54 - 2016-11-11 10:24 - 00159744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ACPBackgroundManagerPolicy.dll
2016-12-10 19:54 - 2016-11-11 10:24 - 00158720 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll
2016-12-10 19:54 - 2016-11-11 10:24 - 00122880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryClient.dll
2016-12-10 19:54 - 2016-11-11 10:24 - 00110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.BackgroundManagerPolicy.dll
2016-12-10 19:54 - 2016-11-11 10:24 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\VPNv2CSP.dll
2016-12-10 19:54 - 2016-11-11 10:24 - 00098304 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2016-12-10 19:54 - 2016-11-11 10:23 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnr.dll
2016-12-10 19:54 - 2016-11-11 10:23 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.Search.UriHandler.dll
2016-12-10 19:54 - 2016-11-11 10:23 - 00041472 _____ (Microsoft Corporation) C:\WINDOWS\system32\EAMProgressHandler.dll
2016-12-10 19:54 - 2016-11-11 10:22 - 00211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2016-12-10 19:54 - 2016-11-11 10:22 - 00143360 _____ (Microsoft Corporation) C:\WINDOWS\system32\EDPCleanup.exe
2016-12-10 19:54 - 2016-11-11 10:21 - 00748544 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2016-12-10 19:54 - 2016-11-11 10:21 - 00690688 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2016-12-10 19:54 - 2016-11-11 10:21 - 00379392 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepsync.dll
2016-12-10 19:54 - 2016-11-11 10:21 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2016-12-10 19:54 - 2016-11-11 10:20 - 00641024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngccredprov.dll
2016-12-10 19:54 - 2016-11-11 10:20 - 00574464 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_StorageSense.dll
2016-12-10 19:54 - 2016-11-11 10:20 - 00407552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2016-12-10 19:54 - 2016-11-11 10:20 - 00381952 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll
2016-12-10 19:54 - 2016-11-11 10:20 - 00339456 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpusersvc.dll
2016-12-10 19:54 - 2016-11-11 10:20 - 00260608 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2016-12-10 19:54 - 2016-11-11 10:20 - 00176128 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepapi.dll
2016-12-10 19:54 - 2016-11-11 10:19 - 00620544 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2016-12-10 19:54 - 2016-11-11 10:19 - 00495104 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataSenseHandlers.dll
2016-12-10 19:54 - 2016-11-11 10:19 - 00411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpsvc.dll
2016-12-10 19:54 - 2016-11-11 10:19 - 00389632 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2016-12-10 19:54 - 2016-11-11 10:19 - 00366080 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFolder.dll
2016-12-10 19:54 - 2016-11-11 10:19 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2016-12-10 19:54 - 2016-11-11 10:19 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll
2016-12-10 19:54 - 2016-11-11 10:19 - 00198144 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
2016-12-10 19:54 - 2016-11-11 10:18 - 17188352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-12-10 19:54 - 2016-11-11 10:18 - 02084352 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceFlows.DataModel.dll
2016-12-10 19:54 - 2016-11-11 10:18 - 00278016 _____ (Microsoft Corporation) C:\WINDOWS\system32\netplwiz.dll
2016-12-10 19:54 - 2016-11-11 10:17 - 01220096 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscui.cpl
2016-12-10 19:54 - 2016-11-11 10:17 - 01002496 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2016-12-10 19:54 - 2016-11-11 10:17 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvSysprep.dll
2016-12-10 19:54 - 2016-11-11 10:16 - 01477632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsecedit.dll
2016-12-10 19:54 - 2016-11-11 10:16 - 00560128 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll
2016-12-10 19:54 - 2016-11-11 10:16 - 00184832 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll
2016-12-10 19:54 - 2016-11-11 10:16 - 00161792 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeHelper.dll
2016-12-10 19:54 - 2016-11-11 10:16 - 00105984 _____ (Microsoft Corporation) C:\WINDOWS\system32\RjvMDMConfig.dll
2016-12-10 19:54 - 2016-11-11 10:15 - 00282624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2016-12-10 19:54 - 2016-11-11 10:15 - 00159232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscinterop.dll
2016-12-10 19:54 - 2016-11-11 10:14 - 02104320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2016-12-10 19:54 - 2016-11-11 10:14 - 00713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2016-12-10 19:54 - 2016-11-11 10:14 - 00615424 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnprv.dll
2016-12-10 19:54 - 2016-11-11 10:14 - 00178176 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppnp.dll
2016-12-10 19:54 - 2016-11-11 10:13 - 00396800 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2016-12-10 19:54 - 2016-11-11 10:13 - 00306176 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtcuiu.dll
2016-12-10 19:54 - 2016-11-11 10:12 - 00870912 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtcprx.dll
2016-12-10 19:54 - 2016-11-11 10:11 - 00942080 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2016-12-10 19:54 - 2016-11-11 10:11 - 00870400 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmkvsrcsnk.dll
2016-12-10 19:54 - 2016-11-11 10:11 - 00337920 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2016-12-10 19:54 - 2016-11-11 10:09 - 01366016 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2016-12-10 19:54 - 2016-11-11 10:09 - 00164352 _____ (Microsoft Corporation) C:\WINDOWS\system32\dialserver.dll
2016-12-10 19:54 - 2016-11-11 10:08 - 00539136 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToManager.dll
2016-12-10 19:54 - 2016-11-11 10:07 - 02510848 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2016-12-10 19:54 - 2016-11-11 10:07 - 02009600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2016-12-10 19:54 - 2016-11-11 10:07 - 01691136 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2016-12-10 19:54 - 2016-11-11 10:07 - 00991232 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2016-12-10 19:54 - 2016-11-11 10:07 - 00347648 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2016-12-10 19:54 - 2016-11-11 10:06 - 00960000 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2016-12-10 19:54 - 2016-11-11 10:06 - 00650752 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2016-12-10 19:54 - 2016-11-11 10:05 - 04136448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2016-12-10 19:54 - 2016-11-11 10:05 - 02852864 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2016-12-10 19:54 - 2016-11-11 10:05 - 00673792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2016-12-10 19:54 - 2016-11-11 10:04 - 06664192 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe
2016-12-10 19:54 - 2016-11-11 10:04 - 02800128 _____ (Microsoft Corporation) C:\WINDOWS\system32\netshell.dll
2016-12-10 19:54 - 2016-11-11 10:04 - 01359360 _____ (Microsoft Corporation) C:\WINDOWS\system32\usercpl.dll
2016-12-10 19:54 - 2016-11-11 10:04 - 01232384 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2016-12-10 19:54 - 2016-11-11 10:04 - 00909312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2016-12-10 19:54 - 2016-11-11 10:04 - 00691712 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsm.dll
2016-12-10 19:54 - 2016-11-11 10:04 - 00455168 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2016-12-10 19:54 - 2016-11-11 10:04 - 00389632 _____ (Microsoft Corporation) C:\WINDOWS\system32\stobject.dll
2016-12-10 19:54 - 2016-11-11 10:03 - 04708864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2016-12-10 19:54 - 2016-11-11 10:03 - 02287616 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2016-12-10 19:54 - 2016-11-11 10:03 - 00842240 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntshrui.dll
2016-12-10 19:54 - 2016-11-11 10:03 - 00717824 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2016-12-10 19:54 - 2016-11-11 10:03 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2016-12-10 19:54 - 2016-11-11 10:03 - 00283648 _____ (Microsoft Corporation) C:\WINDOWS\system32\wkssvc.dll
2016-12-10 19:54 - 2016-11-11 10:02 - 03542016 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2016-12-10 19:54 - 2016-11-11 10:02 - 01726976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2016-12-10 19:54 - 2016-11-11 09:39 - 00484584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2016-12-10 19:54 - 2016-11-11 09:00 - 01706488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2016-12-10 19:54 - 2016-11-11 08:59 - 01572768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2016-12-10 19:54 - 2016-11-11 08:54 - 00122208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\migisol.dll
2016-12-10 19:54 - 2016-11-11 08:49 - 00869848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2016-12-10 19:54 - 2016-11-11 08:49 - 00263472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll
2016-12-10 19:54 - 2016-11-11 08:49 - 00248480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2016-12-10 19:54 - 2016-11-11 08:48 - 02277248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2016-12-10 19:54 - 2016-11-11 08:47 - 05722832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2016-12-10 19:54 - 2016-11-11 08:47 - 01430720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2016-12-10 19:54 - 2016-11-11 08:47 - 00527880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2016-12-10 19:54 - 2016-11-11 08:42 - 03892864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2016-12-10 19:54 - 2016-11-11 08:42 - 01123912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2016-12-10 19:54 - 2016-11-11 08:42 - 00952416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2016-12-10 19:54 - 2016-11-11 08:42 - 00382784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2016-12-10 19:54 - 2016-11-11 08:42 - 00374448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFPlay.dll
2016-12-10 19:54 - 2016-11-11 08:42 - 00152416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RTWorkQ.dll
2016-12-10 19:54 - 2016-11-11 08:42 - 00091936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfaudiocnv.dll
2016-12-10 19:54 - 2016-11-11 08:41 - 04311736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2016-12-10 19:54 - 2016-11-11 08:41 - 00157536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudStorageWizard.exe
2016-12-10 19:54 - 2016-11-11 08:38 - 01263856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2016-12-10 19:54 - 2016-11-11 08:28 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2016-12-10 19:54 - 2016-11-11 08:27 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
2016-12-10 19:54 - 2016-11-11 08:25 - 00117248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll
2016-12-10 19:54 - 2016-11-11 08:25 - 00071168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosStorage.dll
2016-12-10 19:54 - 2016-11-11 08:24 - 00519168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ngccredprov.dll
2016-12-10 19:54 - 2016-11-11 08:24 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BcastDVRHelper.dll
2016-12-10 19:54 - 2016-11-11 08:24 - 00138240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DisplayManager.dll
2016-12-10 19:54 - 2016-11-11 08:24 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Shell.Search.UriHandler.dll
2016-12-10 19:54 - 2016-11-11 08:23 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppCapture.dll
2016-12-10 19:54 - 2016-11-11 08:23 - 00094208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryClient.dll
2016-12-10 19:54 - 2016-11-11 08:22 - 00505856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe
2016-12-10 19:54 - 2016-11-11 08:22 - 00122880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sendmail.dll
2016-12-10 19:54 - 2016-11-11 08:21 - 00332288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2016-12-10 19:54 - 2016-11-11 08:21 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2016-12-10 19:54 - 2016-11-11 08:21 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.BackgroundManagerPolicy.dll
2016-12-10 19:54 - 2016-11-11 08:20 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2016-12-10 19:54 - 2016-11-11 08:20 - 00306176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2016-12-10 19:54 - 2016-11-11 08:20 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2016-12-10 19:54 - 2016-11-11 08:19 - 13868544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-12-10 19:54 - 2016-11-11 08:19 - 01755136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DeviceFlows.DataModel.dll
2016-12-10 19:54 - 2016-11-11 08:19 - 00506880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DevicePairing.dll
2016-12-10 19:54 - 2016-11-11 08:19 - 00298496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2016-12-10 19:54 - 2016-11-11 08:19 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepsync.dll
2016-12-10 19:54 - 2016-11-11 08:19 - 00125952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepapi.dll
2016-12-10 19:54 - 2016-11-11 08:18 - 02333184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmSvc.dll
2016-12-10 19:54 - 2016-11-11 08:18 - 01336320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsecedit.dll
2016-12-10 19:54 - 2016-11-11 08:18 - 00431616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\efswrt.dll
2016-12-10 19:54 - 2016-11-11 08:18 - 00318464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchFolder.dll
2016-12-10 19:54 - 2016-11-11 08:17 - 00333312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
2016-12-10 19:54 - 2016-11-11 08:17 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSManHTTPConfig.exe
2016-12-10 19:54 - 2016-11-11 08:15 - 07626752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-12-10 19:54 - 2016-11-11 08:15 - 01357824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2016-12-10 19:54 - 2016-11-11 08:15 - 00838144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2016-12-10 19:54 - 2016-11-11 08:15 - 00348672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\zipfldr.dll
2016-12-10 19:54 - 2016-11-11 08:15 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll
2016-12-10 19:54 - 2016-11-11 08:14 - 00395264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmenrollengine.dll
2016-12-10 19:54 - 2016-11-11 08:13 - 00499200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2016-12-10 19:54 - 2016-11-11 08:12 - 00259584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdtcuiu.dll
2016-12-10 19:54 - 2016-11-11 08:10 - 06109184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2016-12-10 19:54 - 2016-11-11 08:10 - 00746496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdtcprx.dll
2016-12-10 19:54 - 2016-11-11 08:09 - 05380608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2016-12-10 19:54 - 2016-11-11 08:09 - 00545280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll
2016-12-10 19:54 - 2016-11-11 08:08 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xolehlp.dll
2016-12-10 19:54 - 2016-11-11 08:06 - 06474752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspaint.exe
2016-12-10 19:54 - 2016-11-11 08:06 - 02362880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapRouter.dll
2016-12-10 19:54 - 2016-11-11 08:06 - 02109952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapGeocoder.dll
2016-12-10 19:54 - 2016-11-11 08:06 - 01228288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usercpl.dll
2016-12-10 19:54 - 2016-11-11 08:06 - 00400384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToManager.dll
2016-12-10 19:54 - 2016-11-11 08:06 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mtxclu.dll
2016-12-10 19:54 - 2016-11-11 08:05 - 04423680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2016-12-10 19:54 - 2016-11-11 08:05 - 03370496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2016-12-10 19:54 - 2016-11-11 08:04 - 02682880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netshell.dll
2016-12-10 19:54 - 2016-11-11 08:04 - 01992704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2016-12-10 19:54 - 2016-11-11 08:04 - 01595392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-12-10 19:54 - 2016-11-11 08:04 - 00912896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2016-12-10 19:54 - 2016-11-11 08:04 - 00715264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2016-12-10 19:54 - 2016-11-11 08:04 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\stobject.dll
2016-12-10 19:54 - 2016-11-11 08:03 - 02484736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gameux.dll
2016-12-10 19:54 - 2016-11-11 08:03 - 02256384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-12-10 19:54 - 2016-11-11 08:03 - 01576448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2016-12-10 19:54 - 2016-11-11 08:03 - 01556480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2016-12-10 19:54 - 2016-11-11 08:03 - 00760832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
2016-12-10 19:54 - 2016-11-11 08:03 - 00565248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2016-12-10 19:54 - 2016-11-11 08:02 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2016-12-10 19:53 - 2016-11-11 10:59 - 00433504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2016-12-10 19:53 - 2016-11-11 10:56 - 04673304 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2016-12-10 19:53 - 2016-11-11 10:28 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2016-12-10 19:53 - 2016-11-11 10:28 - 00040960 _____ (Microsoft Corporation) C:\WINDOWS\system32\CbtBackgroundManagerPolicy.dll
2016-12-10 19:53 - 2016-11-11 10:27 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetCfgNotifyObjectHost.exe
2016-12-10 19:53 - 2016-11-11 10:25 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2016-12-10 19:53 - 2016-11-11 10:25 - 00089600 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll
2016-12-10 19:53 - 2016-11-11 10:24 - 00136192 _____ (Microsoft Corporation) C:\WINDOWS\system32\sendmail.dll
2016-12-10 19:53 - 2016-11-11 10:23 - 00567296 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicePairing.dll
2016-12-10 19:53 - 2016-11-11 10:22 - 00489472 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2016-12-10 19:53 - 2016-11-11 10:22 - 00082944 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll
2016-12-10 19:53 - 2016-11-11 10:21 - 00587776 _____ (Microsoft Corporation) C:\WINDOWS\system32\vpnike.dll
2016-12-10 19:53 - 2016-11-11 10:21 - 00313856 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2016-12-10 19:53 - 2016-11-11 10:20 - 00657920 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2016-12-10 19:53 - 2016-11-11 10:20 - 00590336 _____ (Microsoft Corporation) C:\WINDOWS\system32\efswrt.dll
2016-12-10 19:53 - 2016-11-11 10:20 - 00446976 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2016-12-10 19:53 - 2016-11-11 10:20 - 00125952 _____ (Microsoft Corporation) C:\WINDOWS\system32\setupugc.exe
2016-12-10 19:53 - 2016-11-11 10:20 - 00115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\IdCtrls.dll
2016-12-10 19:53 - 2016-11-11 10:19 - 09131008 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-12-10 19:53 - 2016-11-11 10:19 - 00388096 _____ (Microsoft Corporation) C:\WINDOWS\system32\zipfldr.dll
2016-12-10 19:53 - 2016-11-11 10:16 - 02716672 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmSvc.dll
2016-12-10 19:53 - 2016-11-11 10:15 - 00032256 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSManHTTPConfig.exe
2016-12-10 19:53 - 2016-11-11 10:14 - 07654400 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2016-12-10 19:53 - 2016-11-11 10:13 - 07812096 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2016-12-10 19:53 - 2016-11-11 10:11 - 00096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\umpoext.dll
2016-12-10 19:53 - 2016-11-11 10:07 - 03441152 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapRouter.dll
2016-12-10 19:53 - 2016-11-11 10:07 - 02953216 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapGeocoder.dll
2016-12-10 19:53 - 2016-11-11 10:07 - 01060864 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2016-12-10 19:53 - 2016-11-11 10:07 - 00779776 _____ (Microsoft Corporation) C:\WINDOWS\system32\cscui.dll
2016-12-10 19:53 - 2016-11-11 10:06 - 03400192 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncCenter.dll
2016-12-10 19:53 - 2016-11-11 10:05 - 01779712 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-12-10 19:53 - 2016-11-11 10:05 - 01031680 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2016-12-10 19:53 - 2016-11-11 10:04 - 02611200 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameux.dll
2016-12-10 19:53 - 2016-11-11 10:04 - 02317312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-12-10 19:53 - 2016-11-11 10:04 - 01709056 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2016-12-10 19:53 - 2016-11-11 10:03 - 02669056 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-12-10 19:53 - 2016-11-11 10:03 - 00905216 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2016-12-10 19:53 - 2016-11-11 10:03 - 00632320 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2016-12-10 19:53 - 2016-11-11 10:02 - 00936448 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2016-12-10 19:53 - 2016-11-11 09:01 - 02206496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2016-12-10 19:53 - 2016-11-11 09:01 - 01969912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hevcdecoder.dll
2016-12-10 19:53 - 2016-11-11 09:01 - 00167848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscapi.dll
2016-12-10 19:53 - 2016-11-11 08:42 - 20969928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-12-10 19:53 - 2016-11-11 08:27 - 00065024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetCfgNotifyObjectHost.exe
2016-12-10 19:53 - 2016-11-11 08:26 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgentc.exe
2016-12-10 19:53 - 2016-11-11 08:19 - 00364544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
2016-12-10 19:53 - 2016-11-11 08:19 - 00114176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setupugc.exe
2016-12-10 19:53 - 2016-11-11 08:18 - 01196544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscui.cpl
2016-12-10 19:53 - 2016-11-11 08:18 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscinterop.dll
2016-12-10 19:53 - 2016-11-11 08:16 - 00253952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2016-12-10 19:53 - 2016-11-11 08:03 - 00772608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntshrui.dll
2016-12-09 20:05 - 2016-12-09 20:05 - 00000374 _____ C:\WINDOWS\SysWOW64\data.bin
2016-11-26 11:50 - 2016-12-23 12:08 - 00000000 __SHD C:\Users\db\AppData\Local\svchost
2016-11-26 11:50 - 2016-11-26 12:10 - 00000000 ____D C:\WINDOWS\system32\SSL
2016-11-26 11:50 - 2016-11-09 15:55 - 00778752 _____ C:\WINDOWS\system32\chtbrkg.dll
2016-11-26 11:50 - 2016-11-09 15:55 - 00590848 _____ C:\WINDOWS\SysWOW64\chtbrkg.dll
2016-11-26 11:10 - 2016-11-26 11:10 - 00006106 _____ C:\WINDOWS\System32\Tasks\Hfodompherzuward Manager
2016-11-26 11:09 - 2016-11-26 11:09 - 00000000 ____D C:\Users\db\AppData\Local\Reasward
2016-11-26 11:08 - 2016-11-26 11:08 - 00000000 _____ C:\TOSTACK
2016-11-23 16:25 - 2016-11-23 16:25 - 00000013 _____ C:\Users\db\Desktop\Post NL.txt
2016-11-23 12:32 - 2016-11-23 12:32 - 00000000 _____ C:\autoexec.bat
2016-11-23 12:21 - 2016-12-10 15:39 - 00002121 _____ C:\Users\db\Desktop\Skype.lnk
2016-11-23 11:49 - 2016-12-22 12:24 - 00000000 ____D C:\Users\db\AppData\Roaming\Skype
2016-11-23 11:49 - 2016-11-23 11:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-12-23 14:03 - 2016-10-29 16:26 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-12-23 14:02 - 2016-07-16 07:04 - 00262144 _____ C:\WINDOWS\system32\config\BBI
2016-12-23 13:59 - 2016-06-18 12:47 - 00000000 ____D C:\Users\db\AppData\Local\ClassicShell
2016-12-23 13:04 - 2014-01-12 06:08 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2016-12-23 12:58 - 2014-04-17 10:49 - 00250816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-12-23 12:58 - 2014-04-17 10:49 - 00176064 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-12-23 12:58 - 2014-04-17 10:49 - 00043968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-12-23 12:56 - 2016-07-16 23:51 - 01720220 _____ C:\WINDOWS\system32\perfh007.dat
2016-12-23 12:56 - 2016-07-16 23:51 - 00430242 _____ C:\WINDOWS\system32\perfc007.dat
2016-12-23 12:56 - 2016-06-18 12:14 - 03713956 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-12-23 12:52 - 2016-07-16 12:45 - 00000000 ____D C:\WINDOWS\INF
2016-12-23 12:21 - 2016-10-29 16:15 - 00345480 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-12-23 09:49 - 2014-01-12 20:15 - 00000000 ____D C:\Users\db\AppData\Local\JDownloader 2.0
2016-12-23 00:04 - 2014-04-17 10:49 - 00091584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2016-12-22 18:15 - 2014-03-17 18:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet und Sicherheit
2016-12-22 18:15 - 2014-01-12 12:22 - 00000000 ____D C:\Users\db\Desktop\Programme
2016-12-22 17:14 - 2016-07-16 12:47 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-12-22 16:39 - 2016-10-29 16:15 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2016-12-22 13:13 - 2016-10-29 16:18 - 00000000 ____D C:\Users\db
2016-12-22 12:49 - 2016-07-16 12:47 - 00000000 ___HD C:\Program Files\WindowsApps
2016-12-22 12:49 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-12-22 12:49 - 2014-01-12 05:33 - 00000000 ____D C:\Users\db\AppData\Local\Packages
2016-12-22 12:48 - 2014-02-23 15:45 - 00000000 ____D C:\Users\db\AppData\Roaming\vlc
2016-12-22 12:36 - 2014-02-23 15:22 - 00000000 ____D C:\Program Files\VideoLAN
2016-12-22 11:52 - 2015-01-02 18:15 - 00000000 ____D C:\Program Files\WinRAR
2016-12-22 11:07 - 2014-01-12 05:52 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-12-18 18:32 - 2014-01-22 19:02 - 00000000 ____D C:\Users\db\AppData\Local\Microsoft Help
2016-12-17 22:52 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\rescache
2016-12-17 14:06 - 2016-10-29 16:18 - 03407872 ____H C:\Users\db\NTUSER.bak
2016-12-16 19:53 - 2016-01-28 14:38 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-12-16 19:51 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2016-12-16 19:51 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\Macromed
2016-12-16 19:49 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\ShellExperiences
2016-12-14 20:17 - 2014-12-04 12:44 - 00000000 ____D C:\Users\db\AppData\Local\ElevatedDiagnostics
2016-12-14 19:36 - 2016-07-16 12:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-12-14 07:11 - 2014-01-12 13:58 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-12-14 06:57 - 2014-01-22 19:03 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2016-12-14 06:49 - 2014-01-12 13:58 - 135632432 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-12-14 06:36 - 2014-10-01 20:58 - 00000000 ____D C:\Users\db\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spiele
2016-12-14 06:36 - 2014-02-22 18:38 - 00000000 ____D C:\Users\db\Documents\My Games
2016-12-12 22:51 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2016-12-12 18:55 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2016-12-12 00:56 - 2016-07-16 12:49 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-12-12 00:56 - 2016-07-16 12:49 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-12-11 08:14 - 2013-08-22 14:25 - 00000167 _____ C:\WINDOWS\win.ini
2016-12-11 01:40 - 2016-07-16 12:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-12-11 01:40 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\SysWOW64\oobe
2016-12-11 01:40 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2016-12-11 01:40 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-12-11 01:40 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-12-11 01:40 - 2016-07-16 07:04 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
2016-12-11 01:40 - 2016-07-16 07:04 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2016-12-11 01:40 - 2016-07-16 07:04 - 00000000 ____D C:\WINDOWS\system32\Dism
2016-12-11 01:40 - 2016-07-16 07:04 - 00000000 ____D C:\WINDOWS\servicing
2016-12-10 15:39 - 2016-10-29 16:23 - 00001576 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-12-10 15:39 - 2016-10-02 07:03 - 00002378 _____ C:\Users\db\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-12-10 15:39 - 2016-04-24 20:51 - 00000718 _____ C:\Users\db\Desktop\Ausbildung Sozifa.lnk
2016-12-10 15:39 - 2016-03-30 11:29 - 00001051 _____ C:\Users\db\Desktop\F! Manager.lnk
2016-12-10 15:39 - 2016-03-25 10:21 - 00001092 _____ C:\Users\db\Desktop\Dungeon.lnk
2016-12-10 15:39 - 2016-03-01 22:47 - 00001004 _____ C:\Users\db\Desktop\Core Temp.lnk
2016-12-10 15:39 - 2015-06-16 03:56 - 00001085 _____ C:\Users\Public\Desktop\D-Fend Reloaded.lnk
2016-12-10 15:39 - 2015-02-15 21:25 - 00000295 _____ C:\Users\db\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Papierkorb.lnk
2016-12-10 15:39 - 2014-07-10 00:55 - 00001043 _____ C:\Users\Public\Desktop\123 Free Solitaire.lnk
2016-12-10 15:39 - 2014-01-22 22:01 - 00001484 _____ C:\Users\db\Desktop\Music.lnk
2016-12-10 15:39 - 2014-01-13 00:51 - 00001449 _____ C:\Users\db\Desktop\Anstoss3.lnk
2016-12-10 15:39 - 2014-01-12 21:04 - 00002163 _____ C:\Users\db\Desktop\JDownloader 2.lnk
2016-12-10 15:39 - 2014-01-12 13:28 - 00000781 _____ C:\Users\db\Desktop\heruntergeladene Programme.lnk
2016-12-10 15:39 - 2014-01-12 13:28 - 00000725 _____ C:\Users\db\Desktop\Studium Geschichte.lnk
2016-12-10 15:39 - 2014-01-12 13:28 - 00000662 _____ C:\Users\db\Desktop\sonstiges.lnk
2016-12-10 15:39 - 2014-01-12 13:27 - 00000676 _____ C:\Users\db\Desktop\Downloads 1.lnk
2016-12-10 15:39 - 2014-01-12 13:27 - 00000639 _____ C:\Users\db\Desktop\Bilder.lnk
2016-12-10 15:39 - 2014-01-12 06:15 - 00001019 _____ C:\Users\Public\Desktop\AMP WinOFF.lnk
2016-12-10 15:39 - 2014-01-12 05:34 - 00000424 _____ C:\Users\db\Desktop\Arbeitsplatz.lnk
2016-12-09 19:57 - 2016-07-16 12:42 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
2016-12-09 15:52 - 2013-08-22 16:44 - 00389408 __RSH C:\bootmgr
2016-12-05 21:03 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\ModemLogs
2016-12-05 21:03 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\MediaViewer
2016-11-26 18:38 - 2014-08-21 18:34 - 00000000 ____D C:\Program Files (x86)\Renesas Electronics
2016-11-26 18:38 - 2014-01-12 06:15 - 00000000 ____D C:\Program Files (x86)\ImgBurn
2016-11-26 18:15 - 2016-04-04 16:49 - 00000000 ____D C:\Program Files\Intel
2016-11-26 16:57 - 2016-03-01 23:30 - 00000000 ____D C:\Program Files (x86)\SpeedFan
2016-11-26 11:12 - 2014-01-14 14:13 - 00000000 ____D C:\Program Files (x86)\Mobile Partner
2016-11-26 11:12 - 2014-01-12 20:33 - 00000000 ____D C:\Program Files (x86)\ANSTOSS 3
2016-11-26 11:11 - 2016-10-29 17:07 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2016-11-26 11:11 - 2016-10-29 17:07 - 00000000 ____D C:\Program Files (x86)\MSBuild
2016-11-26 11:11 - 2016-07-16 12:47 - 00000000 __SHD C:\Program Files (x86)\Windows Sidebar
2016-11-26 11:11 - 2016-07-16 12:47 - 00000000 ____D C:\Program Files (x86)\Windows Portable Devices
2016-11-26 11:11 - 2016-07-16 12:47 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2016-11-26 11:11 - 2016-07-16 12:47 - 00000000 ____D C:\Program Files (x86)\Windows NT
2016-11-26 11:11 - 2016-07-16 12:47 - 00000000 ____D C:\Program Files (x86)\Windows Multimedia Platform
2016-11-26 11:11 - 2016-07-16 12:47 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2016-11-26 11:11 - 2016-07-04 17:11 - 00000000 ____D C:\Program Files (x86)\ATI Technologies
2016-11-26 11:11 - 2015-10-10 14:11 - 00000000 ____D C:\Program Files (x86)\PDF24
2016-11-26 11:11 - 2015-09-06 13:11 - 00000000 ____D C:\Program Files (x86)\TSR Soft
2016-11-26 11:11 - 2015-06-16 03:56 - 00000000 ____D C:\Program Files (x86)\D-Fend Reloaded
2016-11-26 11:11 - 2015-06-15 18:11 - 00000000 ____D C:\Program Files (x86)\DOSBox-0.74
2016-11-26 11:11 - 2015-04-03 08:58 - 00000000 ____D C:\Program Files (x86)\Airline Tycoon - Deluxe
2016-11-26 11:11 - 2015-01-27 12:23 - 00000000 ____D C:\Program Files (x86)\DAEMON Tools Lite
2016-11-26 11:11 - 2014-11-26 19:31 - 00000000 ____D C:\Program Files (x86)\EaseUS
2016-11-26 11:11 - 2014-09-26 16:58 - 00000000 ____D C:\Program Files (x86)\Telestar
2016-11-26 11:11 - 2014-07-10 00:55 - 00000000 ____D C:\Program Files (x86)\123 Free Solitaire
2016-11-26 11:11 - 2014-06-11 15:03 - 00000000 ____D C:\Program Files (x86)\ClockworkMod
2016-11-26 11:11 - 2014-04-17 10:49 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-11-26 11:11 - 2014-03-25 15:08 - 00000000 ____D C:\Program Files (x86)\KWorld Multimedia
2016-11-26 11:11 - 2014-03-21 12:28 - 00000000 ____D C:\Program Files (x86)\FOXIT SOFTWARE
2016-11-26 11:11 - 2014-03-20 18:14 - 00000000 ____D C:\Program Files (x86)\JAM Software
2016-11-26 11:11 - 2014-02-23 15:46 - 00000000 ____D C:\Program Files (x86)\VideoLAN
2016-11-26 11:11 - 2014-02-21 18:07 - 00000000 ____D C:\Program Files (x86)\Valve
2016-11-26 11:11 - 2014-01-29 13:45 - 00000000 ____D C:\Program Files (x86)\Breakaway
2016-11-26 11:11 - 2014-01-23 20:31 - 00000000 ____D C:\Program Files (x86)\IrfanView
2016-11-26 11:11 - 2014-01-22 19:03 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server
2016-11-26 11:11 - 2014-01-22 19:02 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2016-11-26 11:11 - 2014-01-22 19:02 - 00000000 ____D C:\Program Files (x86)\Microsoft Analysis Services
2016-11-26 11:11 - 2014-01-18 14:08 - 00000000 ____D C:\Program Files (x86)\Sparhandy Modem
2016-11-26 11:11 - 2014-01-12 06:19 - 00000000 ____D C:\Program Files (x86)\Intel
2016-11-26 11:11 - 2014-01-12 06:15 - 00000000 ____D C:\Program Files (x86)\AMP WinOFF
2016-11-26 11:11 - 2014-01-12 06:11 - 00000000 ____D C:\Program Files (x86)\MozBackup
2016-11-26 11:11 - 2014-01-12 06:09 - 00000000 ____D C:\Program Files (x86)\Nero
2016-11-26 11:11 - 2014-01-12 05:52 - 00000000 ___HD C:\Program Files (x86)\Temp
2016-11-26 11:11 - 2014-01-12 05:52 - 00000000 ____D C:\Program Files (x86)\Realtek
2016-11-23 15:38 - 2016-08-23 05:53 - 00000000 ____D C:\Users\db\AppData\Local\Video4you
2016-11-23 13:46 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\appcompat
2016-11-23 10:54 - 2014-03-17 18:38 - 00000000 ____D C:\Users\db\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Arbeitsprogramme
2016-11-23 09:47 - 2016-07-16 07:04 - 00032768 _____ C:\WINDOWS\system32\config\ELAM
2016-11-23 09:46 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\SystemApps

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2014-04-18 01:41 - 2015-06-16 03:52 - 0000346 ___SH () C:\Users\db\AppData\Local\70149b02515b3bb20dd492.47983420
2016-03-20 17:02 - 2016-03-20 17:02 - 0000001 _____ () C:\Users\db\AppData\Local\llftool.4.40.agreement
2016-08-05 11:03 - 2016-08-05 11:03 - 0001932 _____ () C:\Users\db\AppData\Local\recently-used.xbel

Einige Dateien in TEMP:
====================
C:\Users\db\AppData\Local\Temp\gkey.exe
C:\Users\db\AppData\Local\Temp\mininewsrepair.exe
C:\Users\db\AppData\Local\Temp\onOneWait.exe
C:\Users\db\AppData\Local\Temp\pkeyui.exe
C:\Users\db\AppData\Local\Temp\proxy_vole1461617056502777009.dll
C:\Users\db\AppData\Local\Temp\proxy_vole1937358435370225386.dll
C:\Users\db\AppData\Local\Temp\softconfig.dll
C:\Users\db\AppData\Local\Temp\wabk.exe


==================== Bamital & volsnap ======================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert

LastRegBack: 2016-12-14 06:49

==================== Ende von FRST.txt ============================

Code:
Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 21-12-2016
durchgeführt von db (23-12-2016 14:05:07)
Gestartet von D:\heruntergeladene Programme\Antivirusprogramme
Windows 10 Pro Version 1607 (X64) (2016-10-29 15:28:11)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-2865356430-1766797703-3585162535-500 - Administrator - Disabled)
db (S-1-5-21-2865356430-1766797703-3585162535-1001 - Administrator - Enabled) => C:\Users\db
DefaultAccount (S-1-5-21-2865356430-1766797703-3585162535-503 - Limited - Disabled)
Gast (S-1-5-21-2865356430-1766797703-3585162535-501 - Limited - Disabled)

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Disabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Disabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

Airline Tycoon - Deluxe (HKLM-x32\...\Airline Tycoon - Deluxe) (Version:  - Spellbound Entertainment AG)
AMD Install Manager (HKLM\...\AMD Catalyst Install Manager) (Version: 5.00 - Advanced Micro Devices, Inc.)
AMP WinOFF 5.0.1 (HKLM-x32\...\AMP WinOFF) (Version: 5.0.1 - Alberto Martinez Perez)
calibre 64bit (HKLM\...\{31ED17F1-B223-404B-9415-C31404A24CE9}) (Version: 2.16.0 - Kovid Goyal)
Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch (x32 Version:  - ) Hidden
Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch (x32 Version: 1.6 - Activision) Hidden
Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch (x32 Version:  - ) Hidden
Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch (x32 Version: 1.7 - Activision) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.25 - Piriform)
Classic Shell (HKLM\...\{383BB30A-B4A7-4666-9A83-22CFA8640097}) (Version: 4.3.0 - IvoSoft)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
D-Fend Reloaded 1.4.2 (deinstallieren) (HKLM-x32\...\D-Fend Reloaded) (Version: 1.4.2 - Alexander Herzog)
EPSON BX300F Series Printer Uninstall (HKLM\...\EPSON BX300F Series) (Version:  - SEIKO EPSON Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 55.0.2883.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.21.169 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Intel(R) Turbo Boost Technology Driver (HKLM-x32\...\{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}) (Version: 01.02.00.1002 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.35 - Irfan Skiljan)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
Malwarebytes Version 3.0.5.1299 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.5.1299 - Malwarebytes)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Mobile Partner (HKLM-x32\...\Mobile Partner) (Version: 21.005.20.00.858 - Huawei Technologies Co.,Ltd)
MozBackup 1.5.1 (HKLM-x32\...\MozBackup) (Version:  - Pavel Cvrcek)
Mozilla Firefox 50.1.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 50.1.0 (x86 de)) (Version: 50.1.0 - Mozilla)
Nero12EssTSST (HKLM-x32\...\{1DEC64C1-7F34-44CD-BC35-8E0A096300CF}) (Version: 12.0.01100 - Nero AG)
Outils de vérification linguistique 2013 de Microsoft Office*- Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Prerequisite installer (x32 Version: 12.0.0002 - Nero AG) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5901 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.1.39.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.1.39.0 - Renesas Electronics Corporation) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version:  - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version:  - Microsoft) Hidden
Skype™ 7.30 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.30.105 - Skype Technologies S.A.)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.6.1040 - SUPERAntiSpyware.com)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Universal Adb Driver (HKLM-x32\...\{D9C4202E-6D51-4B06-A8F1-22316E654BCA}) (Version: 1.0.0 - ClockworkMod)
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
Update for Skype for Business 2015 (KB3039776) 64-Bit Edition (HKLM\...\{90150000-012B-0407-1000-0000000FF1CE}_Office15.PROPLUS_{5D2260D6-DB16-41DC-915B-A39BF4F66362}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB3127976) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{E0107125-62C7-43B6-8E66-0582F397469E}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB3127976) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{E0107125-62C7-43B6-8E66-0582F397469E}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB3127976) 64-Bit Edition (HKLM\...\{90150000-012B-0407-1000-0000000FF1CE}_Office15.PROPLUS_{E0107125-62C7-43B6-8E66-0582F397469E}) (Version:  - Microsoft)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN)
WinRAR 5.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {06A7254F-59F3-4968-B748-A932F2897FBA} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Keine Datei <==== ACHTUNG
Task: {0AB6B009-7DBF-426E-9578-CB671A7BAAB4} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {0AEA29F8-65A6-46EF-95E6-7FE2D1362BAA} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {0AEFA67C-250A-4CF6-BE90-87AACA791AF9} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Keine Datei <==== ACHTUNG
Task: {0CDFFD09-FDAE-4002-8589-E6B03A623286} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Keine Datei <==== ACHTUNG
Task: {0D5260B3-58B0-49AC-89B7-195D7DF1E783} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {0F3C25D8-8FA6-4E4D-A028-0215E2E799D0} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {13AB359D-4D1D-4581-A999-84566CDB9E35} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {194E8F57-194A-4DA4-BB0E-27C79F59CC4D} - System32\Tasks\Hfodompherzuward Manager => C:\Program Files (x86)\Serlingplsuing\varise.exe
Task: {1B13BC78-82C4-4B14-BF20-C1E4DDD17DC7} - System32\Tasks\{ED3DEA28-263B-4849-AD42-442E4E240903} => pcalua.exe -a E:\battlefield2.exe -d E:\
Task: {1EA73746-34FE-4FE0-A07B-2FD4F7F44DF0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-12-18] (Google Inc.)
Task: {2454F47A-A5FC-4223-BC7B-824C5440788C} - System32\Tasks\{1BC10A7A-E47A-4D51-BD6F-71E275B9D006} => pcalua.exe -a E:\battlefield2.exe -d E:\
Task: {2566AA22-6F1B-40CF-B16A-94EB37BB6F47} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> Keine Datei <==== ACHTUNG
Task: {2E78B88E-2F42-4529-8286-2902DC993395} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {34FA9A2C-6C92-415E-ABCE-828CE00479D1} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {3730C43B-1868-462C-B00D-A2793CCD5CC2} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {3BBF2C0B-A3FC-4259-8F9A-1AB8E384E466} - \Microsoft\Windows\Setup\gwx\rundetector -> Keine Datei <==== ACHTUNG
Task: {3F034658-1B6E-4A94-9350-D103B77B541A} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {3F5C17E2-0992-41FA-AF83-2C31A45AA512} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {436E6C34-F7A8-43BA-B84C-5430F8AE0EDE} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {46355976-A45A-4DEF-80ED-2A10AF3E669F} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {4891C0AF-9830-49E5-9272-721F8DCE13FB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-12-18] (Google Inc.)
Task: {4D3846F9-2377-4BF8-9335-BA5F337877F9} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {53AAAD09-0874-4310-AB3E-E0D9ECF24D1B} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {5E7822EA-E5F4-48A3-94C8-2D8324A39BB3} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe
Task: {66A0B4A0-1F70-40E0-95DA-2077B53F523D} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Keine Datei <==== ACHTUNG
Task: {6C944835-49CB-4067-A329-93F83C7178F3} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\WINDOWS\ehome\ehrec.exe
Task: {6EBA4820-091E-44EF-B766-B3B459D86E57} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe
Task: {71111D05-B70F-4968-95D7-9233E2575526} - System32\Tasks\{13CF39C7-1E82-40A0-AB33-F8A1074CE36D} => pcalua.exe -a C:\UT2004\System\Setup.exe -d C:\UT2004\System -c uninstall "UT2004"
Task: {7C09F44F-961E-4674-B8B6-A5FEA826D61F} - \WPD\SqmUpload_S-1-5-21-2865356430-1766797703-3585162535-1001 -> Keine Datei <==== ACHTUNG
Task: {81DB740A-FAE3-43FD-91AB-C95D2BEBCCC7} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> Keine Datei <==== ACHTUNG
Task: {91C0991C-9E6A-49D6-A1D4-C30ABC030E58} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Keine Datei <==== ACHTUNG
Task: {9543497F-AF18-46B1-A9CF-2EAE531999E8} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Keine Datei <==== ACHTUNG
Task: {97BEE186-07E7-4B9E-89FA-0330B3499536} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {A9BDE5B3-2260-4238-8A45-16F52CDD028E} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-12-06] (Piriform Ltd)
Task: {ABEB7469-3657-4409-8957-4FC0DACFB05B} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {B0C2DD2B-9C43-4349-834D-0F68F9B1CA5B} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {B90AB521-FB73-403A-A6B9-9103C85B8CB3} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {B9D938EF-4D34-4AE5-8CDE-456A1F98B022} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {BF22CBA3-F4D0-4791-A4B7-FC4C5AF0BDF0} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> Keine Datei <==== ACHTUNG
Task: {C1364F06-9243-4244-B49E-B4893C55A2BB} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Keine Datei <==== ACHTUNG
Task: {C4BA3D3C-E832-41FA-8F9A-9FE02DFD5A3E} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {C969B2A2-2115-49A2-BBD1-EB52A29845DF} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Keine Datei <==== ACHTUNG
Task: {CE460513-80E6-49BF-9A73-986389515D06} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Keine Datei <==== ACHTUNG
Task: {D334B8AE-B700-4951-9118-159328ECBAD2} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {DF9730D3-0190-45D3-9028-2F5EE0E3083E} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {EA204623-908C-4208-BE97-6334C67693CF} - \Microsoft\Windows\Setup\GWXTriggers\Time-Weekend -> Keine Datei <==== ACHTUNG
Task: {ED75BD0B-9BDC-4BB9-BCA3-2E2FC7EAE788} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {F7D64D7D-6860-4F05-AB8F-BDD62B076F7C} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {F9D110F7-064E-4360-9F6F-D6A8AF2AC8A3} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Keine Datei <==== ACHTUNG

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)


==================== Verknüpfungen =============================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)

Shortcut: C:\Users\db\Desktop\F! Manager.lnk -> D:\Downloads 1\F1Manager\START.bat ()
Shortcut: C:\Users\db\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spiele\Blue Byte\Die Siedler IV\Blue Byte Game Channel.lnk -> hxxp://www.bluebyte.net/

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2016-07-16 12:42 - 2016-07-16 12:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-12-13 19:51 - 2016-12-09 11:29 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2014-02-21 21:44 - 2014-12-06 02:02 - 00107832 _____ () C:\WINDOWS\SysWoW64\PnkBstrB.exe
2014-02-21 21:44 - 2014-12-06 02:01 - 00066872 _____ () C:\WINDOWS\SysWoW64\PnkBstrA.exe
2016-12-13 19:51 - 2016-12-09 11:29 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-10-29 16:30 - 2016-10-29 16:30 - 01864384 _____ () C:\Users\db\AppData\Local\Microsoft\OneDrive\17.3.6517.0809_1\amd64\ClientTelemetry.dll
2010-07-15 05:44 - 2010-07-15 05:44 - 00020032 _____ () C:\Program Files\Unlocker\UnlockerCOM.dll
2016-10-29 17:11 - 2016-10-29 17:11 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2016-12-13 19:50 - 2016-12-09 10:41 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2000-02-14 12:38 - 2000-02-14 11:38 - 00159744 _____ () C:\Program Files (x86)\ANSTOSS 3\Archiver.dll
2000-01-25 11:33 - 2000-01-25 11:33 - 00118784 _____ () C:\Program Files (x86)\ANSTOSS 3\VTO.dll
2000-02-16 15:33 - 2000-12-07 13:58 - 00802816 _____ () C:\Program Files (x86)\ANSTOSS 3\activesim.dll
2000-01-24 16:30 - 2000-03-07 14:14 - 00393216 _____ () C:\Program Files (x86)\ANSTOSS 3\SSFX.dll
2000-02-03 14:28 - 2000-02-16 13:56 - 00102400 _____ () C:\Program Files (x86)\ANSTOSS 3\AIM.dll
2000-02-14 09:29 - 2000-06-13 09:07 - 00622646 _____ () C:\Program Files (x86)\ANSTOSS 3\d3d_dll.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)

AlternateDataStreams: C:\WINDOWS\system32\drivers:ucdrv-x64.sys [80850]
AlternateDataStreams: C:\WINDOWS\system32\drivers:x64 [360536]
AlternateDataStreams: C:\WINDOWS\system32\drivers:x86 [1156450]

==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)


==================== Hosts Inhalt: ===============================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____N C:\WINDOWS\system32\Drivers\etc\hosts


==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-2865356430-1766797703-3585162535-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\db\AppData\Roaming\Microsoft\Windows Photo Viewer\Hintergrundbild der Windows-Fotoanzeige.jpg
DNS Servers: Datenträger ist nicht mit dem Internet verbunden.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

HKLM\...\StartupApproved\Run: => "StartCN"
HKLM\...\StartupApproved\Run32: => "avgnt"
HKLM\...\StartupApproved\Run32: => "StartCCC"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "Avira Systray"
HKLM\...\StartupApproved\Run32: => "PlaysTV"
HKLM\...\StartupApproved\Run32: => "Raptr"
HKLM\...\StartupApproved\Run32: => "Avira SystrayStartTrigger"
HKU\S-1-5-21-2865356430-1766797703-3585162535-1001\...\StartupApproved\Run: => "HydraVisionDesktopManager"
HKU\S-1-5-21-2865356430-1766797703-3585162535-1001\...\StartupApproved\Run: => "EPSON Stylus Office BX300F"

==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [vm-monitoring-nb-session] => LPort=139
FirewallRules: [{014DF778-9A0B-4A9D-881C-537C17DCAAE4}] => C:\Program Files (x86)\Nero\Nero 12\Nero BackItUp\BackItUp.exe
FirewallRules: [{7FDE83D3-11B7-4D4B-B335-56403F7B2DD8}] => C:\Program Files (x86)\Nero\Nero 12\Nero BackItUp\BackItUp.exe
FirewallRules: [{0E4A56FA-955C-4330-883B-B1607E6FA733}] => C:\Program Files (x86)\Nero\KM\KwikMedia.exe
FirewallRules: [{601A22F8-6E9A-4575-9FC5-6DEE1D4971D2}] => C:\Program Files (x86)\Nero\KM\KwikMedia.exe
FirewallRules: [{64F2A352-A960-46FA-B313-F4E936D874BE}] => C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{CFBE1B6D-B1CD-4471-A8EC-11A098B89754}] => C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{6C1135A9-AFD2-47A0-A2FD-0C75895D5F20}] => C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{D5206996-B1ED-40CF-9509-3BDD0522981F}] => C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{CF24AF9E-F8BF-49BD-BFBB-B5B5F21D2D49}] => C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{3488443A-FE54-4DFE-AD00-2A7BEA0F955F}] => C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{934B94D4-EE6C-4936-94EE-1CD317E382BF}] => C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{8CCC3458-3CA2-4AFB-85BE-0602DDA7CA93}] => C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{0079C627-51B6-4178-8F81-A07BAE786BBD}] => C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{40EE72F9-E40D-4D84-8776-5E103EA9F762}] => C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{8ACE0E43-AE05-4D01-A20F-6D139E969FA3}] => C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{3D03CF39-629D-4847-8B37-EC6D612BA4D5}] => C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [TCP Query User{6EC1A918-2C6C-4757-A7F2-D1208923B223}C:\windows\syswow64\dplaysvr.exe] => C:\windows\syswow64\dplaysvr.exe
FirewallRules: [UDP Query User{2EA2EF77-1347-4595-8C09-7DC22D18919A}C:\windows\syswow64\dplaysvr.exe] => C:\windows\syswow64\dplaysvr.exe
FirewallRules: [TCP Query User{B3CF27DE-9720-4603-8C41-6ED088A48264}C:\program files (x86)\kworld multimedia\hypermedia\liveupdate\liveupdate.exe] => C:\program files (x86)\kworld multimedia\hypermedia\liveupdate\liveupdate.exe
FirewallRules: [UDP Query User{69E858C0-6B85-47C3-9074-0292F385A6D7}C:\program files (x86)\kworld multimedia\hypermedia\liveupdate\liveupdate.exe] => C:\program files (x86)\kworld multimedia\hypermedia\liveupdate\liveupdate.exe
FirewallRules: [{253034A2-3C02-414A-BB3C-0634D23E4D1C}] => LPort=80
FirewallRules: [{B2EC26D2-E0B1-46AF-B990-16F98BB17653}] => LPort=443
FirewallRules: [{3D4B0D62-326B-4D57-A6DA-278D4A6F6688}] => LPort=20010
FirewallRules: [{A880EC3B-22AF-4F2B-9714-3C85C973D3D2}] => LPort=3478
FirewallRules: [{951B7EDD-ED2E-4405-B16F-D9D2923A787C}] => LPort=7850
FirewallRules: [{6CF1E03F-5F7A-4CA1-8D9F-E3726C889122}] => LPort=7852
FirewallRules: [{1D0B4EEC-3172-4167-A454-011B17867B41}] => LPort=7853
FirewallRules: [{F115EE06-A299-4C21-B7F1-575E1AB70798}] => LPort=27022
FirewallRules: [{6A77E5F4-BEF0-4B82-A9CF-320AC72BA6D4}] => LPort=6881
FirewallRules: [{132D4B2B-3CDF-43BF-93AA-C7E33E537AF4}] => LPort=33333
FirewallRules: [{684C5A27-CEC3-490D-97C7-7B907746B871}] => LPort=20443
FirewallRules: [{CBC8C096-2C19-4B1D-AA71-1909130CABF9}] => LPort=8090
FirewallRules: [TCP Query User{A507A371-5BF0-4A78-A2F2-FA9A72719B29}C:\program files (x86)\telestar\telestar.exe] => C:\program files (x86)\telestar\telestar.exe
FirewallRules: [UDP Query User{9AEAE644-063C-45CC-9528-FE3D512E22DF}C:\program files (x86)\telestar\telestar.exe] => C:\program files (x86)\telestar\telestar.exe
FirewallRules: [{DA433F71-62F0-49C4-8663-4D43558951FA}] => C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{568DD947-A74A-4266-A099-6C7FBE491A0A}] => C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{8C71E734-7651-4CF1-8682-1671AD6595FC}] => C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{B0E30C76-C0C7-49E1-B137-DD67636A5C4D}] => C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [UDP Query User{3C8820C5-D8E1-42A8-B397-52D01B5F8B18}C:\program files (x86)\skype\phone\skype.exe] => C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{2BFF209A-BA93-4357-BCC1-120D0C12A121}C:\program files (x86)\skype\phone\skype.exe] => C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{C925960E-5025-4319-B251-04F930A2A28C}C:\program files (x86)\skype\phone\skype.exe] => C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{F30AF08D-D92C-48C6-B170-70BB85DE65F0}] => C:\Users\db\AppData\Local\Temp\is-7V9CD.tmp\download\MiniThunderPlatform.exe
FirewallRules: [{39E1D2A5-5990-4CCD-BB6D-971F4180DE90}] => LPort=1688
FirewallRules: [{E1C81A22-33CD-4CA2-A2DD-3FEAEF232B8E}] => LPort=1688
FirewallRules: [{212EB54C-3E17-4B80-BC16-1119E69CA757}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{DC6CFF15-4107-4F62-B1C9-73398426599E}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{5120A1FC-2DBA-4328-841F-795966F9F2F1}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Wiederherstellungspunkte =========================

23-12-2016 12:24:06 Avira System Speedup Optimierung
23-12-2016 12:25:24 JRT Pre-Junkware Removal
23-12-2016 12:34:31 JRT Pre-Junkware Removal

==================== Fehlerhafte Geräte im Gerätemanager =============

Name: USB 2.0 Camera
Description: USB-Videogerät
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: Microsoft
Service: usbvideo
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (12/23/2016 01:05:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: anstoss3.exe, Version: 1.1.0.0, Zeitstempel: 0x3f02fbca
Name des fehlerhaften Moduls: apphelp.dll, Version: 10.0.14393.0, Zeitstempel: 0x57898eeb
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00053f42
ID des fehlerhaften Prozesses: 0x1968
Startzeit der fehlerhaften Anwendung: 0x01d25d140e4c53c5
Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\ANSTOSS 3\anstoss3.exe
Pfad des fehlerhaften Moduls: C:\WINDOWS\system32\apphelp.dll
Berichtskennung: 039cf60b-eeac-41ce-9c89-5ed0c27ff57b
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (12/23/2016 12:34:33 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.

System Error:
Zugriff verweigert
.

Error: (12/23/2016 12:25:25 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.

System Error:
Zugriff verweigert
.

Error: (12/23/2016 12:24:09 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.

System Error:
Zugriff verweigert
.

Error: (12/23/2016 12:22:23 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: Die erweiterbare Leistungsindikator-DLL rdyboost kann nicht geladen werden. Die ersten vier Bytes (DWORD) des Datenbereichs enthalten den Windows-Fehlercode.

Error: (12/23/2016 12:22:23 PM) (Source: Perflib) (EventID: 1017) (User: )
Description: Das Zusammenstellen der Leistungsindikatorendaten vom Dienst "Outlook" wurde deaktiviert, da mindestens ein Fehler von der Leistungsindikatorenbibliothek für diesen Dienst verursacht wurde. Die Fehler, die diese Aktion erzwungen haben, wurden in das Ereignisprotokoll der Anwendung geschrieben. Die Fehler müssen behoben werden, bevor die Leistungsindikatoren für diesen Dienst aktiviert werden.

Error: (12/23/2016 12:22:23 PM) (Source: Perflib) (EventID: 1022) (User: )
Description: Windows kann die 64-Bit-Version der DLL für erweiterbare Leistungsindikatoren "Outlook" in einer 32-Bit-Umgebung nicht öffnen. Wenden Sie sich an den Hersteller der Datei, um eine 64-Bit-Version zu erhalten. Sie können aber auch die 64-Bit-Version der DLL für erweiterbare Leistungsindikatoren öffnen, indem Sie die 64-Bit-Version der Leistungsüberwachung verwenden. Öffnen Sie den Ordner "Windows", öffnen Sie den Ordner "Syswow64", und starten Sie "Perfmon.exe", um dieses Programm zu verwenden.

Error: (12/23/2016 12:22:23 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: Die Open-Prozedur für den Dienst "BITS" in der DLL "C:\Windows\System32\bitsperf.dll" war nicht erfolgreich. Die Leistungsdaten für diesen Dienst sind nicht verfügbar. Die ersten vier Bytes (DWORD) des Datenbereichs enthalten den Fehlercode.

Error: (12/22/2016 02:32:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: mbam.exe, Version: 2.3.173.0, Zeitstempel: 0x56e065b4
Name des fehlerhaften Moduls: MSVCR100.dll, Version: 10.0.40219.325, Zeitstempel: 0x4df2be1e
Ausnahmecode: 0x40000015
Fehleroffset: 0x0008d6fd
ID des fehlerhaften Prozesses: 0x590
Startzeit der fehlerhaften Anwendung: 0x01d25c57e4d9bf39
Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
Pfad des fehlerhaften Moduls: C:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dll
Berichtskennung: 703f6125-8104-441f-bf85-a371f49de8de
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (12/22/2016 02:25:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: mbam.exe, Version: 2.3.173.0, Zeitstempel: 0x56e065b4
Name des fehlerhaften Moduls: MSVCR100.dll, Version: 10.0.40219.325, Zeitstempel: 0x4df2be1e
Ausnahmecode: 0x40000015
Fehleroffset: 0x0008d6fd
ID des fehlerhaften Prozesses: 0x157c
Startzeit der fehlerhaften Anwendung: 0x01d25c56ddb524d0
Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
Pfad des fehlerhaften Moduls: C:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dll
Berichtskennung: 8b6c15d5-362e-4cf2-8e9e-4cdc9e1d3fcf
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:


Systemfehler:
=============
Error: (12/23/2016 02:05:14 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Mobile Partner. OUC" wurde aufgrund folgenden Fehlers nicht gestartet:
Der Dienst antwortete nicht rechtzeitig auf die Start- oder Steuerungsanforderung.

Error: (12/23/2016 02:05:14 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (60000 ms) wurde beim Verbindungsversuch mit dem Dienst Mobile Partner. RunOuc erreicht.

Error: (12/23/2016 02:05:13 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Juqokchukity" wurde mit folgendem Fehler beendet:
Das angegebene Modul wurde nicht gefunden.

Error: (12/23/2016 02:05:13 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "HWDeviceService64.exe" wurde aufgrund folgenden Fehlers nicht gestartet:
Das System kann die angegebene Datei nicht finden.

Error: (12/23/2016 02:03:12 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\SYSTEM" (SID: S-1-5-18) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 und der APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.

Error: (12/23/2016 02:03:06 PM) (Source: Application Popup) (EventID: 56) (User: )
Description: RISD0001

Error: (12/23/2016 02:02:53 PM) (Source: DCOM) (EventID: 10010) (User: Sonydb)
Description: Der Server "{9BA05972-F6A8-11CF-A442-00A0C90A8F39}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (12/23/2016 02:01:03 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Mobile Partner. OUC" wurde aufgrund folgenden Fehlers nicht gestartet:
Der Dienst antwortete nicht rechtzeitig auf die Start- oder Steuerungsanforderung.

Error: (12/23/2016 02:01:03 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (60000 ms) wurde beim Verbindungsversuch mit dem Dienst Mobile Partner. OUC erreicht.

Error: (12/23/2016 02:01:02 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Juqokchukity" wurde mit folgendem Fehler beendet:
Das angegebene Modul wurde nicht gefunden.


CodeIntegrity:
===================================
  Date: 2016-12-22 11:38:25.504
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\winhttp.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-12-22 11:38:25.486
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\winhttp.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-12-16 20:04:34.106
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\winhttp.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-12-16 20:04:34.088
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\winhttp.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-12-13 06:17:46.173
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\winhttp.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-12-13 06:17:46.155
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\winhttp.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-12-12 22:26:46.667
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\winhttp.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-12-12 22:26:46.642
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\winhttp.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-12-12 22:24:57.006
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\winhttp.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-12-12 22:24:56.987
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\winhttp.dll because the set of per-page image hashes could not be found on the system.


==================== Speicherinformationen ===========================

Prozessor: Intel(R) Core(TM) i5 CPU M 480 @ 2.67GHz
Prozentuale Nutzung des RAM: 18%
Installierter physikalischer RAM: 5998.09 MB
Verfügbarer physikalischer RAM: 4916.61 MB
Summe virtueller Speicher: 12398.09 MB
Verfügbarer virtueller Speicher: 11411.44 MB

==================== Laufwerke ================================

Drive c: () (Fixed) (Total:118.8 GB) (Free:51.6 GB) NTFS ==>[Laufwerk mit Startkomponenten (eingeholt von BCD)]
Drive d: () (Fixed) (Total:465.75 GB) (Free:204.16 GB) NTFS
Drive h: () (Removable) (Total:29.8 GB) (Free:25.73 GB) FAT32

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 119.2 GB) (Disk ID: EC22E958)
Partition 1: (Active) - (Size=118.8 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=450 MB) - (Type=27)

========================================================
Disk: 1 (Size: 465.8 GB) (Disk ID: 0FC8EF90)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=OF Extended)

========================================================
Disk: 4 (Size: 29.8 GB) (Disk ID: 05CF5B9E)
Partition 1: (Not Active) - (Size=29.8 GB) - (Type=0C)

==================== Ende von Addition.txt ============================

cosinus 23.12.2016 14:26
FRST-Fix

Virenscanner jetzt bitte komplett deaktivieren, damit sichergestellt ist, dass der Fix sauber durchläuft!

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
HKU\S-1-5-21-2865356430-1766797703-3585162535-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12222016131541623\...\MountPoints2: {993b80d7-a4a9-11e4-833a-0024bebd199b} - "E:\autorun.exe"
ShellExecuteHooks: Kein Name - {23D5E59C-A5C9-11E6-91E4-64006A5CFC23} -  -> Keine Datei
ShellIconOverlayIdentifiers: [KzShlobj] -> {AAA0C5B8-933F-4200-93AD-B143D7FFF9F2} =>  -> Keine Datei
S2 HWDeviceService64.exe; "C:\ProgramData\DatacardService\HWDeviceService64.exe" -/service [X]
S2 Juqokchukity; C:\Program Files (x86)\Ckerketain\jprcnf.dll [X]
R1 ucdrv; C:\WINDOWS\System32\drivers:ucdrv-x64.sys [80850 ] (UC Web Inc.) <==== ACHTUNG
C:\Program Files (x86)\Avira
C:\Users\db\AppData\Local\AviraSpeedup
C:\ProgramData\DatacardService
C:\Program Files (x86)\Ckerketain
C:\Users\db\AppData\Local\svchost
AlternateDataStreams: C:\WINDOWS\system32\drivers:ucdrv-x64.sys [80850]
AlternateDataStreams: C:\WINDOWS\system32\drivers:x64 [360536]
AlternateDataStreams: C:\WINDOWS\system32\drivers:x86 [1156450]
Task: {06A7254F-59F3-4968-B748-A932F2897FBA} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Keine Datei <==== ACHTUNG
Task: {0AEFA67C-250A-4CF6-BE90-87AACA791AF9} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Keine Datei <==== ACHTUNG
Task: {0CDFFD09-FDAE-4002-8589-E6B03A623286} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Keine Datei <==== ACHTUNG
Task: {2566AA22-6F1B-40CF-B16A-94EB37BB6F47} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> Keine Datei <==== ACHTUNG
Task: {3BBF2C0B-A3FC-4259-8F9A-1AB8E384E466} - \Microsoft\Windows\Setup\gwx\rundetector -> Keine Datei <==== ACHTUNG
Task: {66A0B4A0-1F70-40E0-95DA-2077B53F523D} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Keine Datei <==== ACHTUNG
Task: {7C09F44F-961E-4674-B8B6-A5FEA826D61F} - \WPD\SqmUpload_S-1-5-21-2865356430-1766797703-3585162535-1001 -> Keine Datei <==== ACHTUNG
Task: {81DB740A-FAE3-43FD-91AB-C95D2BEBCCC7} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> Keine Datei <==== ACHTUNG
Task: {91C0991C-9E6A-49D6-A1D4-C30ABC030E58} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Keine Datei <==== ACHTUNG
Task: {9543497F-AF18-46B1-A9CF-2EAE531999E8} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Keine Datei <==== ACHTUNG
Task: {BF22CBA3-F4D0-4791-A4B7-FC4C5AF0BDF0} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> Keine Datei <==== ACHTUNG
Task: {C1364F06-9243-4244-B49E-B4893C55A2BB} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Keine Datei <==== ACHTUNG
Task: {C969B2A2-2115-49A2-BBD1-EB52A29845DF} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Keine Datei <==== ACHTUNG
Task: {CE460513-80E6-49BF-9A73-986389515D06} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Keine Datei <==== ACHTUNG
Task: {EA204623-908C-4208-BE97-6334C67693CF} - \Microsoft\Windows\Setup\GWXTriggers\Time-Weekend -> Keine Datei <==== ACHTUNG
Task: {F9D110F7-064E-4360-9F6F-D6A8AF2AC8A3} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Keine Datei <==== ACHTUNG
emptytemp:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.


magdeburger 23.12.2016 16:12
Code:
Entferungsergebnis von Farbar Recovery Scan Tool (x64) Version: 21-12-2016
durchgeführt von db (23-12-2016 16:06:50) Run:1
Gestartet von D:\heruntergeladene Programme\Antivirusprogramme
Geladene Profile: db (Verfügbare Profile: db)
Start-Modus: Normal
==============================================

fixlist Inhalt:
*****************
HKU\S-1-5-21-2865356430-1766797703-3585162535-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12222016131541623\...\MountPoints2: {993b80d7-a4a9-11e4-833a-0024bebd199b} - "E:\autorun.exe"
ShellExecuteHooks: Kein Name - {23D5E59C-A5C9-11E6-91E4-64006A5CFC23} -  -> Keine Datei
ShellIconOverlayIdentifiers: [KzShlobj] -> {AAA0C5B8-933F-4200-93AD-B143D7FFF9F2} =>  -> Keine Datei
S2 HWDeviceService64.exe; "C:\ProgramData\DatacardService\HWDeviceService64.exe" -/service [X]
S2 Juqokchukity; C:\Program Files (x86)\Ckerketain\jprcnf.dll [X]
R1 ucdrv; C:\WINDOWS\System32\drivers:ucdrv-x64.sys [80850 ] (UC Web Inc.) <==== ACHTUNG
C:\Program Files (x86)\Avira
C:\Users\db\AppData\Local\AviraSpeedup
C:\ProgramData\DatacardService
C:\Program Files (x86)\Ckerketain
C:\Users\db\AppData\Local\svchost
AlternateDataStreams: C:\WINDOWS\system32\drivers:ucdrv-x64.sys [80850]
AlternateDataStreams: C:\WINDOWS\system32\drivers:x64 [360536]
AlternateDataStreams: C:\WINDOWS\system32\drivers:x86 [1156450]
Task: {06A7254F-59F3-4968-B748-A932F2897FBA} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Keine Datei <==== ACHTUNG
Task: {0AEFA67C-250A-4CF6-BE90-87AACA791AF9} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Keine Datei <==== ACHTUNG
Task: {0CDFFD09-FDAE-4002-8589-E6B03A623286} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Keine Datei <==== ACHTUNG
Task: {2566AA22-6F1B-40CF-B16A-94EB37BB6F47} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> Keine Datei <==== ACHTUNG
Task: {3BBF2C0B-A3FC-4259-8F9A-1AB8E384E466} - \Microsoft\Windows\Setup\gwx\rundetector -> Keine Datei <==== ACHTUNG
Task: {66A0B4A0-1F70-40E0-95DA-2077B53F523D} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Keine Datei <==== ACHTUNG
Task: {7C09F44F-961E-4674-B8B6-A5FEA826D61F} - \WPD\SqmUpload_S-1-5-21-2865356430-1766797703-3585162535-1001 -> Keine Datei <==== ACHTUNG
Task: {81DB740A-FAE3-43FD-91AB-C95D2BEBCCC7} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> Keine Datei <==== ACHTUNG
Task: {91C0991C-9E6A-49D6-A1D4-C30ABC030E58} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Keine Datei <==== ACHTUNG
Task: {9543497F-AF18-46B1-A9CF-2EAE531999E8} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Keine Datei <==== ACHTUNG
Task: {BF22CBA3-F4D0-4791-A4B7-FC4C5AF0BDF0} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> Keine Datei <==== ACHTUNG
Task: {C1364F06-9243-4244-B49E-B4893C55A2BB} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Keine Datei <==== ACHTUNG
Task: {C969B2A2-2115-49A2-BBD1-EB52A29845DF} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Keine Datei <==== ACHTUNG
Task: {CE460513-80E6-49BF-9A73-986389515D06} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Keine Datei <==== ACHTUNG
Task: {EA204623-908C-4208-BE97-6334C67693CF} - \Microsoft\Windows\Setup\GWXTriggers\Time-Weekend -> Keine Datei <==== ACHTUNG
Task: {F9D110F7-064E-4360-9F6F-D6A8AF2AC8A3} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Keine Datei <==== ACHTUNG
emptytemp:
       
*****************

HKU\S-1-5-21-2865356430-1766797703-3585162535-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12222016131541623\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4} => Schlüssel nicht gefunden.
HKCR\CLSID\{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4} => Schlüssel nicht gefunden.
HKLM\Software\Microsoft\Windows\CurrentVersion\explorer\ShellExecuteHooks\\{23D5E59C-A5C9-11E6-91E4-64006A5CFC23} => Wert erfolgreich entfernt
HKCR\CLSID\{23D5E59C-A5C9-11E6-91E4-64006A5CFC23} => Schlüssel nicht gefunden.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\KzShlobj" => Schlüssel erfolgreich entfernt
HKCR\CLSID\{AAA0C5B8-933F-4200-93AD-B143D7FFF9F2} => Schlüssel nicht gefunden.
HWDeviceService64.exe => Dienst erfolgreich entfernt
Juqokchukity => Dienst erfolgreich entfernt
ucdrv => Dienst nicht gefunden.
"C:\Program Files (x86)\Avira" => nicht gefunden.
C:\Users\db\AppData\Local\AviraSpeedup => erfolgreich verschoben
"C:\ProgramData\DatacardService" => nicht gefunden.
"C:\Program Files (x86)\Ckerketain" => nicht gefunden.
C:\Users\db\AppData\Local\svchost => erfolgreich verschoben
C:\WINDOWS\system32\drivers => ":ucdrv-x64.sys" ADS erfolgreich entfernt.
C:\WINDOWS\system32\drivers => ":x64" ADS erfolgreich entfernt.
C:\WINDOWS\system32\drivers => ":x86" ADS erfolgreich entfernt.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{06A7254F-59F3-4968-B748-A932F2897FBA}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{06A7254F-59F3-4968-B748-A932F2897FBA}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0AEFA67C-250A-4CF6-BE90-87AACA791AF9}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0AEFA67C-250A-4CF6-BE90-87AACA791AF9}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0CDFFD09-FDAE-4002-8589-E6B03A623286}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0CDFFD09-FDAE-4002-8589-E6B03A623286}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2566AA22-6F1B-40CF-B16A-94EB37BB6F47}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2566AA22-6F1B-40CF-B16A-94EB37BB6F47}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3BBF2C0B-A3FC-4259-8F9A-1AB8E384E466}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3BBF2C0B-A3FC-4259-8F9A-1AB8E384E466}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\rundetector" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{66A0B4A0-1F70-40E0-95DA-2077B53F523D}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{66A0B4A0-1F70-40E0-95DA-2077B53F523D}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7C09F44F-961E-4674-B8B6-A5FEA826D61F}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7C09F44F-961E-4674-B8B6-A5FEA826D61F}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WPD\SqmUpload_S-1-5-21-2865356430-1766797703-3585162535-1001" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{81DB740A-FAE3-43FD-91AB-C95D2BEBCCC7}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{81DB740A-FAE3-43FD-91AB-C95D2BEBCCC7}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{91C0991C-9E6A-49D6-A1D4-C30ABC030E58}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{91C0991C-9E6A-49D6-A1D4-C30ABC030E58}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9543497F-AF18-46B1-A9CF-2EAE531999E8}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9543497F-AF18-46B1-A9CF-2EAE531999E8}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BF22CBA3-F4D0-4791-A4B7-FC4C5AF0BDF0}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BF22CBA3-F4D0-4791-A4B7-FC4C5AF0BDF0}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C1364F06-9243-4244-B49E-B4893C55A2BB}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C1364F06-9243-4244-B49E-B4893C55A2BB}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C969B2A2-2115-49A2-BBD1-EB52A29845DF}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C969B2A2-2115-49A2-BBD1-EB52A29845DF}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{CE460513-80E6-49BF-9A73-986389515D06}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CE460513-80E6-49BF-9A73-986389515D06}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EA204623-908C-4208-BE97-6334C67693CF}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EA204623-908C-4208-BE97-6334C67693CF}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-Weekend" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F9D110F7-064E-4360-9F6F-D6A8AF2AC8A3}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F9D110F7-064E-4360-9F6F-D6A8AF2AC8A3}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => Schlüssel erfolgreich entfernt

=========== EmptyTemp: ==========

BITS transfer queue => 35088 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 62687938 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 2978281 B
Edge => 0 B
Chrome => 118784 B
Firefox => 374246359 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 6656 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 5714 B
NetworkService => 0 B
db => 689989871 B

RecycleBin => 0 B
EmptyTemp: => 1.1 GB temporäre Dateien entfernt.

================================


Das System musste neu gestartet werden.

==== Ende von Fixlog 16:07:11 ====

cosinus 23.12.2016 19:54
Dann zeig mal frische FRST Logs. Haken setzen bei addition.txt dann auf Untersuchen klicken

http://www.trojaner-board.de/picture...&pictureid=611

magdeburger 23.12.2016 22:49
Code:
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 21-12-2016
durchgeführt von db (Administrator) auf SONYDB (23-12-2016 14:04:32)
Gestartet von D:\heruntergeladene Programme\Antivirusprogramme
Geladene Profile: db (Verfügbare Profile: db)
Platform: Windows 10 Pro Version 1607 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: Chrome)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
() C:\Windows\SysWOW64\PnkBstrB.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7981600 2009-07-23] (Realtek Semiconductor)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [163800 2016-07-30] (IvoSoft)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [210432 2016-07-05] (Geek Software GmbH)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [115048 2011-09-16] (Renesas Electronics Corporation)
HKU\S-1-5-21-2865356430-1766797703-3585162535-1001\...\Run: [EPSON Stylus Office BX300F] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIEJE.EXE [221696 2008-01-22] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-2865356430-1766797703-3585162535-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-2865356430-1766797703-3585162535-1001\...\MountPoints2: {993b80d7-a4a9-11e4-833a-0024bebd199b} - "E:\autorun.exe"
ShellExecuteHooks: Kein Name - {23D5E59C-A5C9-11E6-91E4-64006A5CFC23} -  -> Keine Datei
ShellIconOverlayIdentifiers: [KzShlobj] -> {AAA0C5B8-933F-4200-93AD-B143D7FFF9F2} =>  -> Keine Datei
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2016-07-30] (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2016-07-30] (IvoSoft)

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\Parameters: [NameServer] 8.8.8.8,8.8.8.4
Tcpip\..\Interfaces\{bf3a2940-db0d-47e1-8c05-cc90ab7858d4}: [DhcpNameServer] 192.168.2.1
ManualProxies:

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-2865356430-1766797703-3585162535-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope Wert fehlt
SearchScopes: HKU\S-1-5-21-2865356430-1766797703-3585162535-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=U220DF&PC=U220&q={searchTerms}&src=IE-SearchBox
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2016-05-17] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\db\AppData\Roaming\Mozilla\Firefox\Profiles\mb9a2erg.default-1482084049159 [2016-12-23]
FF Homepage: Mozilla\Firefox\Profiles\mb9a2erg.default-1482084049159 -> about:home
FF Session Restore: Mozilla\Firefox\Profiles\mb9a2erg.default-1482084049159 -> ist aktiviert.
FF Extension: (Adblock Plus Pop-up Addon) - C:\Users\db\AppData\Roaming\Mozilla\Firefox\Profiles\mb9a2erg.default-1482084049159\Extensions\adblockpopups@jessehakanen.net.xpi [2016-04-27]
FF Extension: (Element Hiding Helper for Adblock Plus) - C:\Users\db\AppData\Roaming\Mozilla\Firefox\Profiles\mb9a2erg.default-1482084049159\Extensions\elemhidehelper@adblockplus.org.xpi [2016-11-26]
FF Extension: (Adblock Plus) - C:\Users\db\AppData\Roaming\Mozilla\Firefox\Profiles\mb9a2erg.default-1482084049159\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-11-26]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [Keine Datei]
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [Keine Datei]
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [Keine Datei]
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [Keine Datei]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [Keine Datei]
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2012-08-23] (Nero AG)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-18] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
StartMenuInternet: FIREFOX.EXE - firefox.exe

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
StartMenuInternet: Google Chrome - Chrome.exe

==================== Dienste (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-08-18] (SUPERAntiSpyware.com)
S2 FoxitReaderService; C:\Program Files (x86)\FOXIT SOFTWARE\FOXIT READER\FoxitConnectedPDFService.exe [1647808 2016-06-21] (Foxit Software Inc.)
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4317648 2016-12-14] (Malwarebytes)
S2 Mobile Partner. RunOuc; C:\Program Files (x86)\Mobile Partner\UpdateDog\ouc.exe [246112 2014-01-14] ()
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [66872 2014-12-06] ()
R2 PnkBstrB; C:\Windows\SysWOW64\PnkBstrB.exe [107832 2014-12-06] ()
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-09-15] (Microsoft Corporation)
S2 Sparhandy_Germany Silverstone Modem Device Helper; C:\Program Files (x86)\Sparhandy Modem\BackgroundService\ServiceManager.exe [53312 2012-03-14] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
S2 HWDeviceService64.exe; "C:\ProgramData\DatacardService\HWDeviceService64.exe" -/service [X]
S2 Juqokchukity; C:\Program Files (x86)\Ckerketain\jprcnf.dll [X]

===================== Treiber (Nicht auf der Ausnahmeliste) ======================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S3 AlcatelOTnet; C:\WINDOWS\system32\DRIVERS\AlcatelOTUsbnet.sys [138752 2011-06-20] (TCT International Mobile Ltd)
R0 amdkmafd; C:\WINDOWS\System32\drivers\amdkmafd.sys [23240 2016-02-26] (Advanced Micro Devices, Inc.)
R1 dtsoftbus01; C:\WINDOWS\System32\drivers\dtsoftbus01.sys [283064 2015-01-27] (Disc Soft Ltd)
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [16776 2011-07-29] () [Datei ist nicht signiert]
S3 epmntdrv; C:\Windows\SysWOW64\epmntdrv.sys [14216 2011-07-29] () [Datei ist nicht signiert]
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [9096 2011-07-29] () [Datei ist nicht signiert]
S3 EuGdiDrv; C:\Windows\SysWOW64\EuGdiDrv.sys [8456 2011-07-29] () [Datei ist nicht signiert]
U5 iaStor; C:\Windows\System32\Drivers\iaStor.sys [537112 2009-11-20] (Intel Corporation)
S3 jrdusbser; C:\WINDOWS\system32\DRIVERS\jrdusbser.sys [120832 2011-06-20] (TCT International Mobile Ltd)
S3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [43968 2016-12-23] (Malwarebytes)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [250816 2016-12-23] (Malwarebytes)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R2 npf; C:\WINDOWS\system32\drivers\npf.sys [36600 2015-08-21] (Riverbed Technology, Inc.)
U5 nusb3xhc; C:\Windows\System32\Drivers\nusb3xhc.sys [226696 2012-08-27] (Renesas Electronics Corporation)
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19152 2013-09-30] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] ()
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
R3 ykinw8; C:\WINDOWS\System32\drivers\ykinx64.sys [288768 2016-07-16] (Marvell)

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-12-23 12:22 - 2016-12-23 12:22 - 00000000 ____D C:\Users\db\AppData\Local\AviraSpeedup
2016-12-23 10:08 - 2016-12-23 10:08 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_avusbflt_01011.Wdf
2016-12-23 10:04 - 2016-12-23 10:04 - 00000000 ____D C:\Users\db\AppData\Local\Avira
2016-12-22 18:19 - 2016-12-22 18:20 - 00214978 _____ C:\TDSSKiller.3.1.0.12_22.12.2016_18.19.11_log.txt
2016-12-22 17:29 - 2016-12-22 17:29 - 00000000 _____ C:\Users\db\Desktop\chuck 30min.txt
2016-12-22 17:26 - 2016-12-22 17:27 - 00077842 _____ C:\TDSSKiller.3.1.0.12_22.12.2016_17.26.27_log.txt
2016-12-22 17:15 - 2016-12-22 17:17 - 00147144 _____ C:\TDSSKiller.3.1.0.12_22.12.2016_17.15.06_log.txt
2016-12-22 17:05 - 2016-12-22 17:14 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2016-12-22 17:02 - 2016-12-22 17:02 - 16563352 _____ (Malwarebytes Corp.) C:\Users\db\Downloads\mbar-1.09.3.1001.exe
2016-12-22 15:14 - 2016-12-22 15:14 - 00000000 ____D C:\ProgramData\USOShared
2016-12-22 15:14 - 2016-12-22 15:14 - 00000000 ____D C:\ProgramData\USOPrivate
2016-12-22 14:35 - 2016-12-22 14:35 - 00000000 _____ C:\Users\db\Desktop\Codes.txt
2016-12-22 13:39 - 2016-12-23 14:04 - 00000000 ____D C:\FRST
2016-12-22 13:37 - 2016-12-23 12:37 - 00000543 _____ C:\Users\db\Desktop\JRT.txt
2016-12-22 12:37 - 2016-12-22 12:37 - 00000916 _____ C:\Users\Public\Desktop\VLC media player.lnk
2016-12-22 12:37 - 2016-12-22 12:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2016-12-22 12:26 - 2016-12-22 12:26 - 00000000 ____D C:\Users\db\AppData\Roaming\WinRAR
2016-12-22 12:11 - 2016-12-23 00:02 - 00102856 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2016-12-22 12:10 - 2016-12-22 17:05 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-12-22 12:10 - 2016-12-22 12:10 - 00000000 ____D C:\Program Files\Malwarebytes
2016-12-22 12:10 - 2016-12-14 12:55 - 00077416 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2016-12-22 12:03 - 2016-12-23 13:56 - 00000000 ____D C:\Users\db\AppData\LocalLow\Mozilla
2016-12-22 12:03 - 2016-12-22 12:03 - 00000000 ____D C:\Users\db\Tracing
2016-12-22 12:00 - 2016-12-23 12:57 - 00000000 ____D C:\AdwCleaner
2016-12-22 11:52 - 2016-12-22 11:52 - 00000000 ____D C:\Users\db\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2016-12-22 11:52 - 2016-12-22 11:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2016-12-22 11:50 - 2016-12-22 11:50 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2016-12-22 11:36 - 2016-12-22 11:36 - 00000000 ____D C:\ProgramData\DAEMON Tools Lite
2016-12-22 11:35 - 2016-12-23 12:22 - 00000000 ____D C:\ProgramData\Foxit Software
2016-12-22 11:35 - 2016-12-22 11:42 - 00000000 ____D C:\ProgramData\Nero
2016-12-22 11:35 - 2016-12-22 11:35 - 00000000 ____D C:\ProgramData\TreeCardGames
2016-12-22 10:51 - 2016-12-22 10:52 - 41650235 _____ C:\Users\db\Desktop\Firefox 50.1.0 (x86 de) - 2016-12-22.pcv
2016-12-18 15:59 - 2016-12-22 12:16 - 00002340 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-12-18 15:59 - 2016-12-22 12:16 - 00002328 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-12-18 15:58 - 2016-12-18 16:04 - 00003628 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-12-18 15:58 - 2016-12-18 16:04 - 00003504 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2016-12-18 15:58 - 2016-12-18 15:59 - 00000000 ____D C:\Program Files (x86)\Google
2016-12-17 09:04 - 2016-12-22 11:23 - 00000000 ____D C:\WINDOWS\System32\Tasks\WiseCleaner
2016-12-16 20:45 - 2016-12-23 12:45 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-12-16 20:45 - 2016-12-22 12:16 - 00001232 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-12-16 20:45 - 2016-12-22 10:27 - 00001220 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-12-16 20:45 - 2016-12-17 01:30 - 00000000 ____D C:\Users\db\AppData\Local\Mozilla
2016-12-16 20:45 - 2016-12-16 20:45 - 00000000 ____D C:\Users\db\AppData\Roaming\Mozilla
2016-12-16 19:38 - 2016-12-18 16:07 - 00000000 ____D C:\Users\db\AppData\Local\Google
2016-12-16 19:38 - 2016-12-16 19:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2016-12-16 19:14 - 2016-12-16 19:15 - 00000000 ____D C:\WINDOWS\system32\appmgmt
2016-12-14 21:26 - 2016-12-14 21:26 - 00083909 _____ C:\Users\db\Desktop\DKB - Deutsche Kreditbank AG - Internet Banking.pdf
2016-12-14 20:14 - 2016-12-14 20:18 - 00000000 ___HD C:\WINDOWS\msdownld.tmp
2016-12-14 06:36 - 2016-12-14 06:36 - 00000000 ____D C:\Users\db\AppData\Local\MicrosoftEdge
2016-12-13 19:51 - 2016-12-09 11:32 - 07816032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-12-13 19:51 - 2016-12-09 11:29 - 02681200 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2016-12-13 19:51 - 2016-12-09 11:19 - 01293152 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2016-12-13 19:51 - 2016-12-09 11:18 - 01100128 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2016-12-13 19:51 - 2016-12-09 11:18 - 00989024 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2016-12-13 19:51 - 2016-12-09 11:18 - 00947552 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.efi
2016-12-13 19:51 - 2016-12-09 11:18 - 00811872 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe
2016-12-13 19:51 - 2016-12-09 11:15 - 08168000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2016-12-13 19:51 - 2016-12-09 11:15 - 01988560 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2016-12-13 19:51 - 2016-12-09 11:14 - 01274712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-12-13 19:51 - 2016-12-09 11:01 - 02323728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2016-12-13 19:51 - 2016-12-09 11:01 - 01503544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2016-12-13 19:51 - 2016-12-09 10:57 - 01852720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2016-12-13 19:51 - 2016-12-09 10:52 - 01435896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2016-12-13 19:51 - 2016-12-09 10:51 - 00117240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sspicli.dll
2016-12-13 19:51 - 2016-12-09 10:45 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2016-12-13 19:51 - 2016-12-09 10:45 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\WordBreakers.dll
2016-12-13 19:51 - 2016-12-09 10:41 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WordBreakers.dll
2016-12-13 19:51 - 2016-12-09 10:40 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2016-12-13 19:51 - 2016-12-09 10:38 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2016-12-13 19:51 - 2016-12-09 10:37 - 00411136 _____ (Microsoft Corporation) C:\WINDOWS\system32\facecredentialprovider.dll
2016-12-13 19:51 - 2016-12-09 10:36 - 06285312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2016-12-13 19:51 - 2016-12-09 10:36 - 03059200 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2016-12-13 19:51 - 2016-12-09 10:36 - 00425984 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2016-12-13 19:51 - 2016-12-09 10:36 - 00410112 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2016-12-13 19:51 - 2016-12-09 10:33 - 03777536 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2016-12-13 19:51 - 2016-12-09 10:33 - 01589760 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtctm.dll
2016-12-13 19:51 - 2016-12-09 10:31 - 00313856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2016-12-13 19:51 - 2016-12-09 10:30 - 04612608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2016-12-13 19:51 - 2016-12-09 10:28 - 03306496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2016-12-13 19:51 - 2016-12-09 10:27 - 00981504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.OnlineId.dll
2016-12-13 19:51 - 2016-12-09 10:26 - 01692672 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2016-12-13 19:51 - 2016-12-09 10:24 - 02275840 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-12-13 19:51 - 2016-12-09 10:22 - 02820096 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2016-12-13 19:51 - 2016-12-09 10:22 - 02688512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-12-13 19:51 - 2016-12-09 10:21 - 00716800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ShareHost.dll
2016-12-13 19:51 - 2016-12-09 10:19 - 01121280 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2016-12-13 19:51 - 2016-12-09 10:19 - 00433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2016-12-13 19:51 - 2016-12-09 10:19 - 00261120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2016-12-13 19:51 - 2016-12-09 10:19 - 00119296 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
2016-12-13 19:51 - 2016-12-09 10:19 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditBufferTestHook.dll
2016-12-13 19:51 - 2016-12-09 10:18 - 02138112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2016-12-13 19:51 - 2016-12-09 10:16 - 02998272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2016-12-13 19:51 - 2016-12-09 10:16 - 00353280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2016-12-13 19:51 - 2016-12-09 10:15 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2016-12-13 19:51 - 2016-12-09 10:15 - 00092672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputLocaleManager.dll
2016-12-13 19:51 - 2016-12-09 10:15 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EditBufferTestHook.dll
2016-12-13 19:51 - 2016-11-02 11:25 - 00956416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2016-12-13 19:50 - 2016-12-09 11:42 - 01637728 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-12-13 19:50 - 2016-12-09 11:42 - 00137568 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-12-13 19:50 - 2016-12-09 11:34 - 01051112 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2016-12-13 19:50 - 2016-12-09 11:34 - 00894096 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2016-12-13 19:50 - 2016-12-09 11:33 - 01354320 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-12-13 19:50 - 2016-12-09 11:33 - 01173496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-12-13 19:50 - 2016-12-09 11:30 - 00377184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2016-12-13 19:50 - 2016-12-09 11:28 - 00764392 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2016-12-13 19:50 - 2016-12-09 11:27 - 00172528 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspicli.dll
2016-12-13 19:50 - 2016-12-09 11:20 - 02677544 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2016-12-13 19:50 - 2016-12-09 11:20 - 02189664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-12-13 19:50 - 2016-12-09 11:20 - 01738560 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2016-12-13 19:50 - 2016-12-09 11:20 - 00658784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-12-13 19:50 - 2016-12-09 11:20 - 00402272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2016-12-13 19:50 - 2016-12-09 11:19 - 00168424 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcrypt.dll
2016-12-13 19:50 - 2016-12-09 11:18 - 02913144 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2016-12-13 19:50 - 2016-12-09 11:18 - 01267512 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2016-12-13 19:50 - 2016-12-09 11:18 - 00624048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-12-13 19:50 - 2016-12-09 11:14 - 00241504 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2016-12-13 19:50 - 2016-12-09 11:11 - 02048496 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2016-12-13 19:50 - 2016-12-09 11:10 - 01572768 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2016-12-13 19:50 - 2016-12-09 11:10 - 01461200 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2016-12-13 19:50 - 2016-12-09 11:09 - 00455520 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2016-12-13 19:50 - 2016-12-09 11:01 - 00861024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2016-12-13 19:50 - 2016-12-09 11:00 - 00106896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcrypt.dll
2016-12-13 19:50 - 2016-12-09 10:59 - 02166752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2016-12-13 19:50 - 2016-12-09 10:59 - 00846560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2016-12-13 19:50 - 2016-12-09 10:57 - 06668040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2016-12-13 19:50 - 2016-12-09 10:56 - 00959112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2016-12-13 19:50 - 2016-12-09 10:52 - 01415752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2016-12-13 19:50 - 2016-12-09 10:47 - 22563328 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-12-13 19:50 - 2016-12-09 10:42 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2016-12-13 19:50 - 2016-12-09 10:41 - 00380928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wincorlib.dll
2016-12-13 19:50 - 2016-12-09 10:37 - 00261632 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll
2016-12-13 19:50 - 2016-12-09 10:37 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-12-13 19:50 - 2016-12-09 10:36 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2016-12-13 19:50 - 2016-12-09 10:34 - 00822784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2016-12-13 19:50 - 2016-12-09 10:34 - 00288768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincorlib.dll
2016-12-13 19:50 - 2016-12-09 10:32 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2016-12-13 19:50 - 2016-12-09 10:31 - 03689984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2016-12-13 19:50 - 2016-12-09 10:31 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\indexeddbserver.dll
2016-12-13 19:50 - 2016-12-09 10:30 - 23677952 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-12-13 19:50 - 2016-12-09 10:30 - 19413504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-12-13 19:50 - 2016-12-09 10:29 - 04749312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2016-12-13 19:50 - 2016-12-09 10:28 - 01004544 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2016-12-13 19:50 - 2016-12-09 10:27 - 19417088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-12-13 19:50 - 2016-12-09 10:27 - 13084160 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-12-13 19:50 - 2016-12-09 10:27 - 05114368 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2016-12-13 19:50 - 2016-12-09 10:26 - 08129536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-12-13 19:50 - 2016-12-09 10:25 - 00376832 _____ (Microsoft Corporation) C:\WINDOWS\system32\CryptoWinRT.dll
2016-12-13 19:50 - 2016-12-09 10:23 - 12177920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-12-13 19:50 - 2016-12-09 10:22 - 01490944 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-12-13 19:50 - 2016-12-09 10:21 - 04746752 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-12-13 19:50 - 2016-12-09 10:21 - 03616768 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-12-13 19:50 - 2016-12-09 10:21 - 01512960 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-12-13 19:50 - 2016-12-09 10:20 - 06044160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-12-13 19:50 - 2016-12-09 10:20 - 03198464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2016-12-13 19:50 - 2016-12-09 10:20 - 00730624 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2016-12-13 19:50 - 2016-12-09 10:20 - 00187392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2016-12-13 19:50 - 2016-12-09 10:20 - 00172544 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2016-12-13 19:50 - 2016-12-09 10:18 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-12-13 19:50 - 2016-12-09 10:18 - 00165376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll
2016-12-13 19:50 - 2016-12-09 10:17 - 00886272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2016-12-13 19:50 - 2016-12-09 10:17 - 00566784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ShareHost.dll
2016-12-13 19:50 - 2016-12-09 10:16 - 01880576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-12-13 19:50 - 2016-12-09 09:54 - 00483840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2016-12-13 19:50 - 2016-11-02 11:28 - 00807424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.OnlineId.dll
2016-12-13 19:50 - 2016-09-15 17:36 - 00216576 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll
2016-12-12 18:59 - 2016-12-23 12:20 - 00000000 ____D C:\WINDOWS\system32\log
2016-12-12 18:59 - 2016-12-12 20:14 - 00000000 _____ C:\Users\Public\Documents\report.dat
2016-12-12 18:59 - 2016-12-12 18:59 - 00000000 _____ C:\Users\Public\Documents\temp.dat
2016-12-10 19:54 - 2016-11-11 11:22 - 00590960 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2016-12-10 19:54 - 2016-11-11 11:15 - 00198856 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscapi.dll
2016-12-10 19:54 - 2016-11-11 11:15 - 00101216 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceReactivation.dll
2016-12-10 19:54 - 2016-11-11 11:14 - 02482280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2016-12-10 19:54 - 2016-11-11 11:14 - 02186896 _____ (Microsoft Corporation) C:\WINDOWS\system32\hevcdecoder.dll
2016-12-10 19:54 - 2016-11-11 11:14 - 00603488 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll
2016-12-10 19:54 - 2016-11-11 11:13 - 02213760 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2016-12-10 19:54 - 2016-11-11 11:13 - 01886344 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-12-10 19:54 - 2016-11-11 11:13 - 00352096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
2016-12-10 19:54 - 2016-11-11 11:12 - 00128352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys
2016-12-10 19:54 - 2016-11-11 11:08 - 00142176 _____ (Microsoft Corporation) C:\WINDOWS\system32\migisol.dll
2016-12-10 19:54 - 2016-11-11 11:03 - 01069720 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2016-12-10 19:54 - 2016-11-11 11:03 - 00328008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2016-12-10 19:54 - 2016-11-11 11:03 - 00266544 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2016-12-10 19:54 - 2016-11-11 11:02 - 02828376 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2016-12-10 19:54 - 2016-11-11 11:02 - 00360040 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2016-12-10 19:54 - 2016-11-11 11:01 - 07219672 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2016-12-10 19:54 - 2016-11-11 11:01 - 01859264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2016-12-10 19:54 - 2016-11-11 11:01 - 00637400 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2016-12-10 19:54 - 2016-11-11 11:00 - 00335712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2016-12-10 19:54 - 2016-11-11 11:00 - 00223584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2016-12-10 19:54 - 2016-11-11 11:00 - 00219488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
2016-12-10 19:54 - 2016-11-11 10:57 - 22224480 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-12-10 19:54 - 2016-11-11 10:57 - 04130432 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2016-12-10 19:54 - 2016-11-11 10:57 - 01473048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2016-12-10 19:54 - 2016-11-11 10:56 - 01062480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2016-12-10 19:54 - 2016-11-11 10:56 - 00534096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2016-12-10 19:54 - 2016-11-11 10:56 - 00424616 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFPlay.dll
2016-12-10 19:54 - 2016-11-11 10:56 - 00418952 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2016-12-10 19:54 - 2016-11-11 10:56 - 00187520 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudStorageWizard.exe
2016-12-10 19:54 - 2016-11-11 10:56 - 00163752 _____ (Microsoft Corporation) C:\WINDOWS\system32\RTWorkQ.dll
2016-12-10 19:54 - 2016-11-11 10:56 - 00126568 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfaudiocnv.dll
2016-12-10 19:54 - 2016-11-11 10:55 - 01600624 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2016-12-10 19:54 - 2016-11-11 10:55 - 00882680 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeManagerObj.dll
2016-12-10 19:54 - 2016-11-11 10:55 - 00743224 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2016-12-10 19:54 - 2016-11-11 10:54 - 01418312 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2016-12-10 19:54 - 2016-11-11 10:51 - 00454592 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2016-12-10 19:54 - 2016-11-11 10:31 - 00366080 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
2016-12-10 19:54 - 2016-11-11 10:29 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2016-12-10 19:54 - 2016-11-11 10:27 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpremove.exe
2016-12-10 19:54 - 2016-11-11 10:26 - 00258560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xboxgip.sys
2016-12-10 19:54 - 2016-11-11 10:26 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseModernAppMgmtCSP.dll
2016-12-10 19:54 - 2016-11-11 10:26 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReportingCSP.dll
2016-12-10 19:54 - 2016-11-11 10:26 - 00042496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\modem.sys
2016-12-10 19:54 - 2016-11-11 10:26 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgentc.exe
2016-12-10 19:54 - 2016-11-11 10:25 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\system32\BcastDVRHelper.dll
2016-12-10 19:54 - 2016-11-11 10:25 - 00185344 _____ (Microsoft Corporation) C:\WINDOWS\system32\DisplayManager.dll
2016-12-10 19:54 - 2016-11-11 10:25 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcertinst.exe
2016-12-10 19:54 - 2016-11-11 10:25 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\system32\HttpsDataSource.dll
2016-12-10 19:54 - 2016-11-11 10:25 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryBroker.dll
2016-12-10 19:54 - 2016-11-11 10:24 - 00170496 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2016-12-10 19:54 - 2016-11-11 10:24 - 00159744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ACPBackgroundManagerPolicy.dll
2016-12-10 19:54 - 2016-11-11 10:24 - 00158720 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll
2016-12-10 19:54 - 2016-11-11 10:24 - 00122880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryClient.dll
2016-12-10 19:54 - 2016-11-11 10:24 - 00110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.BackgroundManagerPolicy.dll
2016-12-10 19:54 - 2016-11-11 10:24 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\VPNv2CSP.dll
2016-12-10 19:54 - 2016-11-11 10:24 - 00098304 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2016-12-10 19:54 - 2016-11-11 10:23 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnr.dll
2016-12-10 19:54 - 2016-11-11 10:23 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.Search.UriHandler.dll
2016-12-10 19:54 - 2016-11-11 10:23 - 00041472 _____ (Microsoft Corporation) C:\WINDOWS\system32\EAMProgressHandler.dll
2016-12-10 19:54 - 2016-11-11 10:22 - 00211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2016-12-10 19:54 - 2016-11-11 10:22 - 00143360 _____ (Microsoft Corporation) C:\WINDOWS\system32\EDPCleanup.exe
2016-12-10 19:54 - 2016-11-11 10:21 - 00748544 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2016-12-10 19:54 - 2016-11-11 10:21 - 00690688 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2016-12-10 19:54 - 2016-11-11 10:21 - 00379392 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepsync.dll
2016-12-10 19:54 - 2016-11-11 10:21 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2016-12-10 19:54 - 2016-11-11 10:20 - 00641024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngccredprov.dll
2016-12-10 19:54 - 2016-11-11 10:20 - 00574464 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_StorageSense.dll
2016-12-10 19:54 - 2016-11-11 10:20 - 00407552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2016-12-10 19:54 - 2016-11-11 10:20 - 00381952 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll
2016-12-10 19:54 - 2016-11-11 10:20 - 00339456 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpusersvc.dll
2016-12-10 19:54 - 2016-11-11 10:20 - 00260608 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2016-12-10 19:54 - 2016-11-11 10:20 - 00176128 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepapi.dll
2016-12-10 19:54 - 2016-11-11 10:19 - 00620544 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2016-12-10 19:54 - 2016-11-11 10:19 - 00495104 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataSenseHandlers.dll
2016-12-10 19:54 - 2016-11-11 10:19 - 00411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpsvc.dll
2016-12-10 19:54 - 2016-11-11 10:19 - 00389632 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2016-12-10 19:54 - 2016-11-11 10:19 - 00366080 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFolder.dll
2016-12-10 19:54 - 2016-11-11 10:19 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2016-12-10 19:54 - 2016-11-11 10:19 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll
2016-12-10 19:54 - 2016-11-11 10:19 - 00198144 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
2016-12-10 19:54 - 2016-11-11 10:18 - 17188352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-12-10 19:54 - 2016-11-11 10:18 - 02084352 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceFlows.DataModel.dll
2016-12-10 19:54 - 2016-11-11 10:18 - 00278016 _____ (Microsoft Corporation) C:\WINDOWS\system32\netplwiz.dll
2016-12-10 19:54 - 2016-11-11 10:17 - 01220096 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscui.cpl
2016-12-10 19:54 - 2016-11-11 10:17 - 01002496 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2016-12-10 19:54 - 2016-11-11 10:17 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvSysprep.dll
2016-12-10 19:54 - 2016-11-11 10:16 - 01477632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsecedit.dll
2016-12-10 19:54 - 2016-11-11 10:16 - 00560128 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll
2016-12-10 19:54 - 2016-11-11 10:16 - 00184832 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll
2016-12-10 19:54 - 2016-11-11 10:16 - 00161792 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeHelper.dll
2016-12-10 19:54 - 2016-11-11 10:16 - 00105984 _____ (Microsoft Corporation) C:\WINDOWS\system32\RjvMDMConfig.dll
2016-12-10 19:54 - 2016-11-11 10:15 - 00282624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2016-12-10 19:54 - 2016-11-11 10:15 - 00159232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscinterop.dll
2016-12-10 19:54 - 2016-11-11 10:14 - 02104320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2016-12-10 19:54 - 2016-11-11 10:14 - 00713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2016-12-10 19:54 - 2016-11-11 10:14 - 00615424 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnprv.dll
2016-12-10 19:54 - 2016-11-11 10:14 - 00178176 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppnp.dll
2016-12-10 19:54 - 2016-11-11 10:13 - 00396800 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2016-12-10 19:54 - 2016-11-11 10:13 - 00306176 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtcuiu.dll
2016-12-10 19:54 - 2016-11-11 10:12 - 00870912 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtcprx.dll
2016-12-10 19:54 - 2016-11-11 10:11 - 00942080 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2016-12-10 19:54 - 2016-11-11 10:11 - 00870400 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmkvsrcsnk.dll
2016-12-10 19:54 - 2016-11-11 10:11 - 00337920 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2016-12-10 19:54 - 2016-11-11 10:09 - 01366016 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2016-12-10 19:54 - 2016-11-11 10:09 - 00164352 _____ (Microsoft Corporation) C:\WINDOWS\system32\dialserver.dll
2016-12-10 19:54 - 2016-11-11 10:08 - 00539136 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToManager.dll
2016-12-10 19:54 - 2016-11-11 10:07 - 02510848 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2016-12-10 19:54 - 2016-11-11 10:07 - 02009600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2016-12-10 19:54 - 2016-11-11 10:07 - 01691136 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2016-12-10 19:54 - 2016-11-11 10:07 - 00991232 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2016-12-10 19:54 - 2016-11-11 10:07 - 00347648 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2016-12-10 19:54 - 2016-11-11 10:06 - 00960000 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2016-12-10 19:54 - 2016-11-11 10:06 - 00650752 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2016-12-10 19:54 - 2016-11-11 10:05 - 04136448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2016-12-10 19:54 - 2016-11-11 10:05 - 02852864 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2016-12-10 19:54 - 2016-11-11 10:05 - 00673792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2016-12-10 19:54 - 2016-11-11 10:04 - 06664192 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe
2016-12-10 19:54 - 2016-11-11 10:04 - 02800128 _____ (Microsoft Corporation) C:\WINDOWS\system32\netshell.dll
2016-12-10 19:54 - 2016-11-11 10:04 - 01359360 _____ (Microsoft Corporation) C:\WINDOWS\system32\usercpl.dll
2016-12-10 19:54 - 2016-11-11 10:04 - 01232384 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2016-12-10 19:54 - 2016-11-11 10:04 - 00909312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2016-12-10 19:54 - 2016-11-11 10:04 - 00691712 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsm.dll
2016-12-10 19:54 - 2016-11-11 10:04 - 00455168 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2016-12-10 19:54 - 2016-11-11 10:04 - 00389632 _____ (Microsoft Corporation) C:\WINDOWS\system32\stobject.dll
2016-12-10 19:54 - 2016-11-11 10:03 - 04708864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2016-12-10 19:54 - 2016-11-11 10:03 - 02287616 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2016-12-10 19:54 - 2016-11-11 10:03 - 00842240 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntshrui.dll
2016-12-10 19:54 - 2016-11-11 10:03 - 00717824 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2016-12-10 19:54 - 2016-11-11 10:03 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2016-12-10 19:54 - 2016-11-11 10:03 - 00283648 _____ (Microsoft Corporation) C:\WINDOWS\system32\wkssvc.dll
2016-12-10 19:54 - 2016-11-11 10:02 - 03542016 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2016-12-10 19:54 - 2016-11-11 10:02 - 01726976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2016-12-10 19:54 - 2016-11-11 09:39 - 00484584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2016-12-10 19:54 - 2016-11-11 09:00 - 01706488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2016-12-10 19:54 - 2016-11-11 08:59 - 01572768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2016-12-10 19:54 - 2016-11-11 08:54 - 00122208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\migisol.dll
2016-12-10 19:54 - 2016-11-11 08:49 - 00869848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2016-12-10 19:54 - 2016-11-11 08:49 - 00263472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll
2016-12-10 19:54 - 2016-11-11 08:49 - 00248480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2016-12-10 19:54 - 2016-11-11 08:48 - 02277248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2016-12-10 19:54 - 2016-11-11 08:47 - 05722832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2016-12-10 19:54 - 2016-11-11 08:47 - 01430720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2016-12-10 19:54 - 2016-11-11 08:47 - 00527880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2016-12-10 19:54 - 2016-11-11 08:42 - 03892864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2016-12-10 19:54 - 2016-11-11 08:42 - 01123912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2016-12-10 19:54 - 2016-11-11 08:42 - 00952416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2016-12-10 19:54 - 2016-11-11 08:42 - 00382784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2016-12-10 19:54 - 2016-11-11 08:42 - 00374448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFPlay.dll
2016-12-10 19:54 - 2016-11-11 08:42 - 00152416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RTWorkQ.dll
2016-12-10 19:54 - 2016-11-11 08:42 - 00091936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfaudiocnv.dll
2016-12-10 19:54 - 2016-11-11 08:41 - 04311736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2016-12-10 19:54 - 2016-11-11 08:41 - 00157536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudStorageWizard.exe
2016-12-10 19:54 - 2016-11-11 08:38 - 01263856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2016-12-10 19:54 - 2016-11-11 08:28 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2016-12-10 19:54 - 2016-11-11 08:27 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
2016-12-10 19:54 - 2016-11-11 08:25 - 00117248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll
2016-12-10 19:54 - 2016-11-11 08:25 - 00071168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosStorage.dll
2016-12-10 19:54 - 2016-11-11 08:24 - 00519168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ngccredprov.dll
2016-12-10 19:54 - 2016-11-11 08:24 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BcastDVRHelper.dll
2016-12-10 19:54 - 2016-11-11 08:24 - 00138240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DisplayManager.dll
2016-12-10 19:54 - 2016-11-11 08:24 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Shell.Search.UriHandler.dll
2016-12-10 19:54 - 2016-11-11 08:23 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppCapture.dll
2016-12-10 19:54 - 2016-11-11 08:23 - 00094208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryClient.dll
2016-12-10 19:54 - 2016-11-11 08:22 - 00505856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe
2016-12-10 19:54 - 2016-11-11 08:22 - 00122880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sendmail.dll
2016-12-10 19:54 - 2016-11-11 08:21 - 00332288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2016-12-10 19:54 - 2016-11-11 08:21 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2016-12-10 19:54 - 2016-11-11 08:21 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.BackgroundManagerPolicy.dll
2016-12-10 19:54 - 2016-11-11 08:20 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2016-12-10 19:54 - 2016-11-11 08:20 - 00306176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2016-12-10 19:54 - 2016-11-11 08:20 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2016-12-10 19:54 - 2016-11-11 08:19 - 13868544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-12-10 19:54 - 2016-11-11 08:19 - 01755136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DeviceFlows.DataModel.dll
2016-12-10 19:54 - 2016-11-11 08:19 - 00506880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DevicePairing.dll
2016-12-10 19:54 - 2016-11-11 08:19 - 00298496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2016-12-10 19:54 - 2016-11-11 08:19 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepsync.dll
2016-12-10 19:54 - 2016-11-11 08:19 - 00125952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepapi.dll
2016-12-10 19:54 - 2016-11-11 08:18 - 02333184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmSvc.dll
2016-12-10 19:54 - 2016-11-11 08:18 - 01336320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsecedit.dll
2016-12-10 19:54 - 2016-11-11 08:18 - 00431616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\efswrt.dll
2016-12-10 19:54 - 2016-11-11 08:18 - 00318464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchFolder.dll
2016-12-10 19:54 - 2016-11-11 08:17 - 00333312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
2016-12-10 19:54 - 2016-11-11 08:17 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSManHTTPConfig.exe
2016-12-10 19:54 - 2016-11-11 08:15 - 07626752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-12-10 19:54 - 2016-11-11 08:15 - 01357824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2016-12-10 19:54 - 2016-11-11 08:15 - 00838144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2016-12-10 19:54 - 2016-11-11 08:15 - 00348672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\zipfldr.dll
2016-12-10 19:54 - 2016-11-11 08:15 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll
2016-12-10 19:54 - 2016-11-11 08:14 - 00395264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmenrollengine.dll
2016-12-10 19:54 - 2016-11-11 08:13 - 00499200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2016-12-10 19:54 - 2016-11-11 08:12 - 00259584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdtcuiu.dll
2016-12-10 19:54 - 2016-11-11 08:10 - 06109184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2016-12-10 19:54 - 2016-11-11 08:10 - 00746496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdtcprx.dll
2016-12-10 19:54 - 2016-11-11 08:09 - 05380608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2016-12-10 19:54 - 2016-11-11 08:09 - 00545280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll
2016-12-10 19:54 - 2016-11-11 08:08 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xolehlp.dll
2016-12-10 19:54 - 2016-11-11 08:06 - 06474752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspaint.exe
2016-12-10 19:54 - 2016-11-11 08:06 - 02362880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapRouter.dll
2016-12-10 19:54 - 2016-11-11 08:06 - 02109952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapGeocoder.dll
2016-12-10 19:54 - 2016-11-11 08:06 - 01228288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usercpl.dll
2016-12-10 19:54 - 2016-11-11 08:06 - 00400384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToManager.dll
2016-12-10 19:54 - 2016-11-11 08:06 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mtxclu.dll
2016-12-10 19:54 - 2016-11-11 08:05 - 04423680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2016-12-10 19:54 - 2016-11-11 08:05 - 03370496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2016-12-10 19:54 - 2016-11-11 08:04 - 02682880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netshell.dll
2016-12-10 19:54 - 2016-11-11 08:04 - 01992704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2016-12-10 19:54 - 2016-11-11 08:04 - 01595392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-12-10 19:54 - 2016-11-11 08:04 - 00912896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2016-12-10 19:54 - 2016-11-11 08:04 - 00715264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2016-12-10 19:54 - 2016-11-11 08:04 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\stobject.dll
2016-12-10 19:54 - 2016-11-11 08:03 - 02484736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gameux.dll
2016-12-10 19:54 - 2016-11-11 08:03 - 02256384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-12-10 19:54 - 2016-11-11 08:03 - 01576448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2016-12-10 19:54 - 2016-11-11 08:03 - 01556480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2016-12-10 19:54 - 2016-11-11 08:03 - 00760832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
2016-12-10 19:54 - 2016-11-11 08:03 - 00565248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2016-12-10 19:54 - 2016-11-11 08:02 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2016-12-10 19:53 - 2016-11-11 10:59 - 00433504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2016-12-10 19:53 - 2016-11-11 10:56 - 04673304 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2016-12-10 19:53 - 2016-11-11 10:28 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2016-12-10 19:53 - 2016-11-11 10:28 - 00040960 _____ (Microsoft Corporation) C:\WINDOWS\system32\CbtBackgroundManagerPolicy.dll
2016-12-10 19:53 - 2016-11-11 10:27 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetCfgNotifyObjectHost.exe
2016-12-10 19:53 - 2016-11-11 10:25 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2016-12-10 19:53 - 2016-11-11 10:25 - 00089600 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll
2016-12-10 19:53 - 2016-11-11 10:24 - 00136192 _____ (Microsoft Corporation) C:\WINDOWS\system32\sendmail.dll
2016-12-10 19:53 - 2016-11-11 10:23 - 00567296 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicePairing.dll
2016-12-10 19:53 - 2016-11-11 10:22 - 00489472 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2016-12-10 19:53 - 2016-11-11 10:22 - 00082944 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll
2016-12-10 19:53 - 2016-11-11 10:21 - 00587776 _____ (Microsoft Corporation) C:\WINDOWS\system32\vpnike.dll
2016-12-10 19:53 - 2016-11-11 10:21 - 00313856 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2016-12-10 19:53 - 2016-11-11 10:20 - 00657920 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2016-12-10 19:53 - 2016-11-11 10:20 - 00590336 _____ (Microsoft Corporation) C:\WINDOWS\system32\efswrt.dll
2016-12-10 19:53 - 2016-11-11 10:20 - 00446976 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2016-12-10 19:53 - 2016-11-11 10:20 - 00125952 _____ (Microsoft Corporation) C:\WINDOWS\system32\setupugc.exe
2016-12-10 19:53 - 2016-11-11 10:20 - 00115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\IdCtrls.dll
2016-12-10 19:53 - 2016-11-11 10:19 - 09131008 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-12-10 19:53 - 2016-11-11 10:19 - 00388096 _____ (Microsoft Corporation) C:\WINDOWS\system32\zipfldr.dll
2016-12-10 19:53 - 2016-11-11 10:16 - 02716672 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmSvc.dll
2016-12-10 19:53 - 2016-11-11 10:15 - 00032256 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSManHTTPConfig.exe
2016-12-10 19:53 - 2016-11-11 10:14 - 07654400 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2016-12-10 19:53 - 2016-11-11 10:13 - 07812096 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2016-12-10 19:53 - 2016-11-11 10:11 - 00096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\umpoext.dll
2016-12-10 19:53 - 2016-11-11 10:07 - 03441152 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapRouter.dll
2016-12-10 19:53 - 2016-11-11 10:07 - 02953216 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapGeocoder.dll
2016-12-10 19:53 - 2016-11-11 10:07 - 01060864 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2016-12-10 19:53 - 2016-11-11 10:07 - 00779776 _____ (Microsoft Corporation) C:\WINDOWS\system32\cscui.dll
2016-12-10 19:53 - 2016-11-11 10:06 - 03400192 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncCenter.dll
2016-12-10 19:53 - 2016-11-11 10:05 - 01779712 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-12-10 19:53 - 2016-11-11 10:05 - 01031680 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2016-12-10 19:53 - 2016-11-11 10:04 - 02611200 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameux.dll
2016-12-10 19:53 - 2016-11-11 10:04 - 02317312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-12-10 19:53 - 2016-11-11 10:04 - 01709056 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2016-12-10 19:53 - 2016-11-11 10:03 - 02669056 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-12-10 19:53 - 2016-11-11 10:03 - 00905216 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2016-12-10 19:53 - 2016-11-11 10:03 - 00632320 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2016-12-10 19:53 - 2016-11-11 10:02 - 00936448 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2016-12-10 19:53 - 2016-11-11 09:01 - 02206496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2016-12-10 19:53 - 2016-11-11 09:01 - 01969912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hevcdecoder.dll
2016-12-10 19:53 - 2016-11-11 09:01 - 00167848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscapi.dll
2016-12-10 19:53 - 2016-11-11 08:42 - 20969928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-12-10 19:53 - 2016-11-11 08:27 - 00065024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetCfgNotifyObjectHost.exe
2016-12-10 19:53 - 2016-11-11 08:26 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgentc.exe
2016-12-10 19:53 - 2016-11-11 08:19 - 00364544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
2016-12-10 19:53 - 2016-11-11 08:19 - 00114176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setupugc.exe
2016-12-10 19:53 - 2016-11-11 08:18 - 01196544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscui.cpl
2016-12-10 19:53 - 2016-11-11 08:18 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscinterop.dll
2016-12-10 19:53 - 2016-11-11 08:16 - 00253952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2016-12-10 19:53 - 2016-11-11 08:03 - 00772608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntshrui.dll
2016-12-09 20:05 - 2016-12-09 20:05 - 00000374 _____ C:\WINDOWS\SysWOW64\data.bin
2016-11-26 11:50 - 2016-12-23 12:08 - 00000000 __SHD C:\Users\db\AppData\Local\svchost
2016-11-26 11:50 - 2016-11-26 12:10 - 00000000 ____D C:\WINDOWS\system32\SSL
2016-11-26 11:50 - 2016-11-09 15:55 - 00778752 _____ C:\WINDOWS\system32\chtbrkg.dll
2016-11-26 11:50 - 2016-11-09 15:55 - 00590848 _____ C:\WINDOWS\SysWOW64\chtbrkg.dll
2016-11-26 11:10 - 2016-11-26 11:10 - 00006106 _____ C:\WINDOWS\System32\Tasks\Hfodompherzuward Manager
2016-11-26 11:09 - 2016-11-26 11:09 - 00000000 ____D C:\Users\db\AppData\Local\Reasward
2016-11-26 11:08 - 2016-11-26 11:08 - 00000000 _____ C:\TOSTACK
2016-11-23 16:25 - 2016-11-23 16:25 - 00000013 _____ C:\Users\db\Desktop\Post NL.txt
2016-11-23 12:32 - 2016-11-23 12:32 - 00000000 _____ C:\autoexec.bat
2016-11-23 12:21 - 2016-12-10 15:39 - 00002121 _____ C:\Users\db\Desktop\Skype.lnk
2016-11-23 11:49 - 2016-12-22 12:24 - 00000000 ____D C:\Users\db\AppData\Roaming\Skype
2016-11-23 11:49 - 2016-11-23 11:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-12-23 14:03 - 2016-10-29 16:26 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-12-23 14:02 - 2016-07-16 07:04 - 00262144 _____ C:\WINDOWS\system32\config\BBI
2016-12-23 13:59 - 2016-06-18 12:47 - 00000000 ____D C:\Users\db\AppData\Local\ClassicShell
2016-12-23 13:04 - 2014-01-12 06:08 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2016-12-23 12:58 - 2014-04-17 10:49 - 00250816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-12-23 12:58 - 2014-04-17 10:49 - 00176064 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-12-23 12:58 - 2014-04-17 10:49 - 00043968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-12-23 12:56 - 2016-07-16 23:51 - 01720220 _____ C:\WINDOWS\system32\perfh007.dat
2016-12-23 12:56 - 2016-07-16 23:51 - 00430242 _____ C:\WINDOWS\system32\perfc007.dat
2016-12-23 12:56 - 2016-06-18 12:14 - 03713956 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-12-23 12:52 - 2016-07-16 12:45 - 00000000 ____D C:\WINDOWS\INF
2016-12-23 12:21 - 2016-10-29 16:15 - 00345480 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-12-23 09:49 - 2014-01-12 20:15 - 00000000 ____D C:\Users\db\AppData\Local\JDownloader 2.0
2016-12-23 00:04 - 2014-04-17 10:49 - 00091584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2016-12-22 18:15 - 2014-03-17 18:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet und Sicherheit
2016-12-22 18:15 - 2014-01-12 12:22 - 00000000 ____D C:\Users\db\Desktop\Programme
2016-12-22 17:14 - 2016-07-16 12:47 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-12-22 16:39 - 2016-10-29 16:15 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2016-12-22 13:13 - 2016-10-29 16:18 - 00000000 ____D C:\Users\db
2016-12-22 12:49 - 2016-07-16 12:47 - 00000000 ___HD C:\Program Files\WindowsApps
2016-12-22 12:49 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-12-22 12:49 - 2014-01-12 05:33 - 00000000 ____D C:\Users\db\AppData\Local\Packages
2016-12-22 12:48 - 2014-02-23 15:45 - 00000000 ____D C:\Users\db\AppData\Roaming\vlc
2016-12-22 12:36 - 2014-02-23 15:22 - 00000000 ____D C:\Program Files\VideoLAN
2016-12-22 11:52 - 2015-01-02 18:15 - 00000000 ____D C:\Program Files\WinRAR
2016-12-22 11:07 - 2014-01-12 05:52 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-12-18 18:32 - 2014-01-22 19:02 - 00000000 ____D C:\Users\db\AppData\Local\Microsoft Help
2016-12-17 22:52 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\rescache
2016-12-17 14:06 - 2016-10-29 16:18 - 03407872 ____H C:\Users\db\NTUSER.bak
2016-12-16 19:53 - 2016-01-28 14:38 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-12-16 19:51 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2016-12-16 19:51 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\Macromed
2016-12-16 19:49 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\ShellExperiences
2016-12-14 20:17 - 2014-12-04 12:44 - 00000000 ____D C:\Users\db\AppData\Local\ElevatedDiagnostics
2016-12-14 19:36 - 2016-07-16 12:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-12-14 07:11 - 2014-01-12 13:58 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-12-14 06:57 - 2014-01-22 19:03 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2016-12-14 06:49 - 2014-01-12 13:58 - 135632432 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-12-14 06:36 - 2014-10-01 20:58 - 00000000 ____D C:\Users\db\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spiele
2016-12-14 06:36 - 2014-02-22 18:38 - 00000000 ____D C:\Users\db\Documents\My Games
2016-12-12 22:51 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2016-12-12 18:55 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2016-12-12 00:56 - 2016-07-16 12:49 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-12-12 00:56 - 2016-07-16 12:49 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-12-11 08:14 - 2013-08-22 14:25 - 00000167 _____ C:\WINDOWS\win.ini
2016-12-11 01:40 - 2016-07-16 12:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-12-11 01:40 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\SysWOW64\oobe
2016-12-11 01:40 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2016-12-11 01:40 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-12-11 01:40 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-12-11 01:40 - 2016-07-16 07:04 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
2016-12-11 01:40 - 2016-07-16 07:04 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2016-12-11 01:40 - 2016-07-16 07:04 - 00000000 ____D C:\WINDOWS\system32\Dism
2016-12-11 01:40 - 2016-07-16 07:04 - 00000000 ____D C:\WINDOWS\servicing
2016-12-10 15:39 - 2016-10-29 16:23 - 00001576 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-12-10 15:39 - 2016-10-02 07:03 - 00002378 _____ C:\Users\db\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-12-10 15:39 - 2016-04-24 20:51 - 00000718 _____ C:\Users\db\Desktop\Ausbildung Sozifa.lnk
2016-12-10 15:39 - 2016-03-30 11:29 - 00001051 _____ C:\Users\db\Desktop\F! Manager.lnk
2016-12-10 15:39 - 2016-03-25 10:21 - 00001092 _____ C:\Users\db\Desktop\Dungeon.lnk
2016-12-10 15:39 - 2016-03-01 22:47 - 00001004 _____ C:\Users\db\Desktop\Core Temp.lnk
2016-12-10 15:39 - 2015-06-16 03:56 - 00001085 _____ C:\Users\Public\Desktop\D-Fend Reloaded.lnk
2016-12-10 15:39 - 2015-02-15 21:25 - 00000295 _____ C:\Users\db\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Papierkorb.lnk
2016-12-10 15:39 - 2014-07-10 00:55 - 00001043 _____ C:\Users\Public\Desktop\123 Free Solitaire.lnk
2016-12-10 15:39 - 2014-01-22 22:01 - 00001484 _____ C:\Users\db\Desktop\Music.lnk
2016-12-10 15:39 - 2014-01-13 00:51 - 00001449 _____ C:\Users\db\Desktop\Anstoss3.lnk
2016-12-10 15:39 - 2014-01-12 21:04 - 00002163 _____ C:\Users\db\Desktop\JDownloader 2.lnk
2016-12-10 15:39 - 2014-01-12 13:28 - 00000781 _____ C:\Users\db\Desktop\heruntergeladene Programme.lnk
2016-12-10 15:39 - 2014-01-12 13:28 - 00000725 _____ C:\Users\db\Desktop\Studium Geschichte.lnk
2016-12-10 15:39 - 2014-01-12 13:28 - 00000662 _____ C:\Users\db\Desktop\sonstiges.lnk
2016-12-10 15:39 - 2014-01-12 13:27 - 00000676 _____ C:\Users\db\Desktop\Downloads 1.lnk
2016-12-10 15:39 - 2014-01-12 13:27 - 00000639 _____ C:\Users\db\Desktop\Bilder.lnk
2016-12-10 15:39 - 2014-01-12 06:15 - 00001019 _____ C:\Users\Public\Desktop\AMP WinOFF.lnk
2016-12-10 15:39 - 2014-01-12 05:34 - 00000424 _____ C:\Users\db\Desktop\Arbeitsplatz.lnk
2016-12-09 19:57 - 2016-07-16 12:42 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
2016-12-09 15:52 - 2013-08-22 16:44 - 00389408 __RSH C:\bootmgr
2016-12-05 21:03 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\ModemLogs
2016-12-05 21:03 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\MediaViewer
2016-11-26 18:38 - 2014-08-21 18:34 - 00000000 ____D C:\Program Files (x86)\Renesas Electronics
2016-11-26 18:38 - 2014-01-12 06:15 - 00000000 ____D C:\Program Files (x86)\ImgBurn
2016-11-26 18:15 - 2016-04-04 16:49 - 00000000 ____D C:\Program Files\Intel
2016-11-26 16:57 - 2016-03-01 23:30 - 00000000 ____D C:\Program Files (x86)\SpeedFan
2016-11-26 11:12 - 2014-01-14 14:13 - 00000000 ____D C:\Program Files (x86)\Mobile Partner
2016-11-26 11:12 - 2014-01-12 20:33 - 00000000 ____D C:\Program Files (x86)\ANSTOSS 3
2016-11-26 11:11 - 2016-10-29 17:07 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2016-11-26 11:11 - 2016-10-29 17:07 - 00000000 ____D C:\Program Files (x86)\MSBuild
2016-11-26 11:11 - 2016-07-16 12:47 - 00000000 __SHD C:\Program Files (x86)\Windows Sidebar
2016-11-26 11:11 - 2016-07-16 12:47 - 00000000 ____D C:\Program Files (x86)\Windows Portable Devices
2016-11-26 11:11 - 2016-07-16 12:47 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2016-11-26 11:11 - 2016-07-16 12:47 - 00000000 ____D C:\Program Files (x86)\Windows NT
2016-11-26 11:11 - 2016-07-16 12:47 - 00000000 ____D C:\Program Files (x86)\Windows Multimedia Platform
2016-11-26 11:11 - 2016-07-16 12:47 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2016-11-26 11:11 - 2016-07-04 17:11 - 00000000 ____D C:\Program Files (x86)\ATI Technologies
2016-11-26 11:11 - 2015-10-10 14:11 - 00000000 ____D C:\Program Files (x86)\PDF24
2016-11-26 11:11 - 2015-09-06 13:11 - 00000000 ____D C:\Program Files (x86)\TSR Soft
2016-11-26 11:11 - 2015-06-16 03:56 - 00000000 ____D C:\Program Files (x86)\D-Fend Reloaded
2016-11-26 11:11 - 2015-06-15 18:11 - 00000000 ____D C:\Program Files (x86)\DOSBox-0.74
2016-11-26 11:11 - 2015-04-03 08:58 - 00000000 ____D C:\Program Files (x86)\Airline Tycoon - Deluxe
2016-11-26 11:11 - 2015-01-27 12:23 - 00000000 ____D C:\Program Files (x86)\DAEMON Tools Lite
2016-11-26 11:11 - 2014-11-26 19:31 - 00000000 ____D C:\Program Files (x86)\EaseUS
2016-11-26 11:11 - 2014-09-26 16:58 - 00000000 ____D C:\Program Files (x86)\Telestar
2016-11-26 11:11 - 2014-07-10 00:55 - 00000000 ____D C:\Program Files (x86)\123 Free Solitaire
2016-11-26 11:11 - 2014-06-11 15:03 - 00000000 ____D C:\Program Files (x86)\ClockworkMod
2016-11-26 11:11 - 2014-04-17 10:49 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-11-26 11:11 - 2014-03-25 15:08 - 00000000 ____D C:\Program Files (x86)\KWorld Multimedia
2016-11-26 11:11 - 2014-03-21 12:28 - 00000000 ____D C:\Program Files (x86)\FOXIT SOFTWARE
2016-11-26 11:11 - 2014-03-20 18:14 - 00000000 ____D C:\Program Files (x86)\JAM Software
2016-11-26 11:11 - 2014-02-23 15:46 - 00000000 ____D C:\Program Files (x86)\VideoLAN
2016-11-26 11:11 - 2014-02-21 18:07 - 00000000 ____D C:\Program Files (x86)\Valve
2016-11-26 11:11 - 2014-01-29 13:45 - 00000000 ____D C:\Program Files (x86)\Breakaway
2016-11-26 11:11 - 2014-01-23 20:31 - 00000000 ____D C:\Program Files (x86)\IrfanView
2016-11-26 11:11 - 2014-01-22 19:03 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server
2016-11-26 11:11 - 2014-01-22 19:02 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2016-11-26 11:11 - 2014-01-22 19:02 - 00000000 ____D C:\Program Files (x86)\Microsoft Analysis Services
2016-11-26 11:11 - 2014-01-18 14:08 - 00000000 ____D C:\Program Files (x86)\Sparhandy Modem
2016-11-26 11:11 - 2014-01-12 06:19 - 00000000 ____D C:\Program Files (x86)\Intel
2016-11-26 11:11 - 2014-01-12 06:15 - 00000000 ____D C:\Program Files (x86)\AMP WinOFF
2016-11-26 11:11 - 2014-01-12 06:11 - 00000000 ____D C:\Program Files (x86)\MozBackup
2016-11-26 11:11 - 2014-01-12 06:09 - 00000000 ____D C:\Program Files (x86)\Nero
2016-11-26 11:11 - 2014-01-12 05:52 - 00000000 ___HD C:\Program Files (x86)\Temp
2016-11-26 11:11 - 2014-01-12 05:52 - 00000000 ____D C:\Program Files (x86)\Realtek
2016-11-23 15:38 - 2016-08-23 05:53 - 00000000 ____D C:\Users\db\AppData\Local\Video4you
2016-11-23 13:46 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\appcompat
2016-11-23 10:54 - 2014-03-17 18:38 - 00000000 ____D C:\Users\db\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Arbeitsprogramme
2016-11-23 09:47 - 2016-07-16 07:04 - 00032768 _____ C:\WINDOWS\system32\config\ELAM
2016-11-23 09:46 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\SystemApps

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2014-04-18 01:41 - 2015-06-16 03:52 - 0000346 ___SH () C:\Users\db\AppData\Local\70149b02515b3bb20dd492.47983420
2016-03-20 17:02 - 2016-03-20 17:02 - 0000001 _____ () C:\Users\db\AppData\Local\llftool.4.40.agreement
2016-08-05 11:03 - 2016-08-05 11:03 - 0001932 _____ () C:\Users\db\AppData\Local\recently-used.xbel

Einige Dateien in TEMP:
====================
C:\Users\db\AppData\Local\Temp\gkey.exe
C:\Users\db\AppData\Local\Temp\mininewsrepair.exe
C:\Users\db\AppData\Local\Temp\onOneWait.exe
C:\Users\db\AppData\Local\Temp\pkeyui.exe
C:\Users\db\AppData\Local\Temp\proxy_vole1461617056502777009.dll
C:\Users\db\AppData\Local\Temp\proxy_vole1937358435370225386.dll
C:\Users\db\AppData\Local\Temp\softconfig.dll
C:\Users\db\AppData\Local\Temp\wabk.exe


==================== Bamital & volsnap ======================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert

LastRegBack: 2016-12-14 06:49

==================== Ende von FRST.txt ============================

Code:
Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 21-12-2016
durchgeführt von db (23-12-2016 14:05:07)
Gestartet von D:\heruntergeladene Programme\Antivirusprogramme
Windows 10 Pro Version 1607 (X64) (2016-10-29 15:28:11)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-2865356430-1766797703-3585162535-500 - Administrator - Disabled)
db (S-1-5-21-2865356430-1766797703-3585162535-1001 - Administrator - Enabled) => C:\Users\db
DefaultAccount (S-1-5-21-2865356430-1766797703-3585162535-503 - Limited - Disabled)
Gast (S-1-5-21-2865356430-1766797703-3585162535-501 - Limited - Disabled)

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Disabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Disabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

Airline Tycoon - Deluxe (HKLM-x32\...\Airline Tycoon - Deluxe) (Version:  - Spellbound Entertainment AG)
AMD Install Manager (HKLM\...\AMD Catalyst Install Manager) (Version: 5.00 - Advanced Micro Devices, Inc.)
AMP WinOFF 5.0.1 (HKLM-x32\...\AMP WinOFF) (Version: 5.0.1 - Alberto Martinez Perez)
calibre 64bit (HKLM\...\{31ED17F1-B223-404B-9415-C31404A24CE9}) (Version: 2.16.0 - Kovid Goyal)
Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch (x32 Version:  - ) Hidden
Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch (x32 Version: 1.6 - Activision) Hidden
Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch (x32 Version:  - ) Hidden
Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch (x32 Version: 1.7 - Activision) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.25 - Piriform)
Classic Shell (HKLM\...\{383BB30A-B4A7-4666-9A83-22CFA8640097}) (Version: 4.3.0 - IvoSoft)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
D-Fend Reloaded 1.4.2 (deinstallieren) (HKLM-x32\...\D-Fend Reloaded) (Version: 1.4.2 - Alexander Herzog)
EPSON BX300F Series Printer Uninstall (HKLM\...\EPSON BX300F Series) (Version:  - SEIKO EPSON Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 55.0.2883.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.21.169 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Intel(R) Turbo Boost Technology Driver (HKLM-x32\...\{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}) (Version: 01.02.00.1002 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.35 - Irfan Skiljan)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
Malwarebytes Version 3.0.5.1299 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.5.1299 - Malwarebytes)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Mobile Partner (HKLM-x32\...\Mobile Partner) (Version: 21.005.20.00.858 - Huawei Technologies Co.,Ltd)
MozBackup 1.5.1 (HKLM-x32\...\MozBackup) (Version:  - Pavel Cvrcek)
Mozilla Firefox 50.1.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 50.1.0 (x86 de)) (Version: 50.1.0 - Mozilla)
Nero12EssTSST (HKLM-x32\...\{1DEC64C1-7F34-44CD-BC35-8E0A096300CF}) (Version: 12.0.01100 - Nero AG)
Outils de vérification linguistique 2013 de Microsoft Office*- Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Prerequisite installer (x32 Version: 12.0.0002 - Nero AG) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5901 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.1.39.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.1.39.0 - Renesas Electronics Corporation) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version:  - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version:  - Microsoft) Hidden
Skype™ 7.30 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.30.105 - Skype Technologies S.A.)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.6.1040 - SUPERAntiSpyware.com)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Universal Adb Driver (HKLM-x32\...\{D9C4202E-6D51-4B06-A8F1-22316E654BCA}) (Version: 1.0.0 - ClockworkMod)
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
Update for Skype for Business 2015 (KB3039776) 64-Bit Edition (HKLM\...\{90150000-012B-0407-1000-0000000FF1CE}_Office15.PROPLUS_{5D2260D6-DB16-41DC-915B-A39BF4F66362}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB3127976) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{E0107125-62C7-43B6-8E66-0582F397469E}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB3127976) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{E0107125-62C7-43B6-8E66-0582F397469E}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB3127976) 64-Bit Edition (HKLM\...\{90150000-012B-0407-1000-0000000FF1CE}_Office15.PROPLUS_{E0107125-62C7-43B6-8E66-0582F397469E}) (Version:  - Microsoft)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN)
WinRAR 5.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {06A7254F-59F3-4968-B748-A932F2897FBA} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Keine Datei <==== ACHTUNG
Task: {0AB6B009-7DBF-426E-9578-CB671A7BAAB4} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {0AEA29F8-65A6-46EF-95E6-7FE2D1362BAA} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {0AEFA67C-250A-4CF6-BE90-87AACA791AF9} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Keine Datei <==== ACHTUNG
Task: {0CDFFD09-FDAE-4002-8589-E6B03A623286} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Keine Datei <==== ACHTUNG
Task: {0D5260B3-58B0-49AC-89B7-195D7DF1E783} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {0F3C25D8-8FA6-4E4D-A028-0215E2E799D0} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {13AB359D-4D1D-4581-A999-84566CDB9E35} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {194E8F57-194A-4DA4-BB0E-27C79F59CC4D} - System32\Tasks\Hfodompherzuward Manager => C:\Program Files (x86)\Serlingplsuing\varise.exe
Task: {1B13BC78-82C4-4B14-BF20-C1E4DDD17DC7} - System32\Tasks\{ED3DEA28-263B-4849-AD42-442E4E240903} => pcalua.exe -a E:\battlefield2.exe -d E:\
Task: {1EA73746-34FE-4FE0-A07B-2FD4F7F44DF0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-12-18] (Google Inc.)
Task: {2454F47A-A5FC-4223-BC7B-824C5440788C} - System32\Tasks\{1BC10A7A-E47A-4D51-BD6F-71E275B9D006} => pcalua.exe -a E:\battlefield2.exe -d E:\
Task: {2566AA22-6F1B-40CF-B16A-94EB37BB6F47} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> Keine Datei <==== ACHTUNG
Task: {2E78B88E-2F42-4529-8286-2902DC993395} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {34FA9A2C-6C92-415E-ABCE-828CE00479D1} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {3730C43B-1868-462C-B00D-A2793CCD5CC2} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {3BBF2C0B-A3FC-4259-8F9A-1AB8E384E466} - \Microsoft\Windows\Setup\gwx\rundetector -> Keine Datei <==== ACHTUNG
Task: {3F034658-1B6E-4A94-9350-D103B77B541A} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {3F5C17E2-0992-41FA-AF83-2C31A45AA512} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {436E6C34-F7A8-43BA-B84C-5430F8AE0EDE} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {46355976-A45A-4DEF-80ED-2A10AF3E669F} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {4891C0AF-9830-49E5-9272-721F8DCE13FB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-12-18] (Google Inc.)
Task: {4D3846F9-2377-4BF8-9335-BA5F337877F9} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {53AAAD09-0874-4310-AB3E-E0D9ECF24D1B} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {5E7822EA-E5F4-48A3-94C8-2D8324A39BB3} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe
Task: {66A0B4A0-1F70-40E0-95DA-2077B53F523D} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Keine Datei <==== ACHTUNG
Task: {6C944835-49CB-4067-A329-93F83C7178F3} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\WINDOWS\ehome\ehrec.exe
Task: {6EBA4820-091E-44EF-B766-B3B459D86E57} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe
Task: {71111D05-B70F-4968-95D7-9233E2575526} - System32\Tasks\{13CF39C7-1E82-40A0-AB33-F8A1074CE36D} => pcalua.exe -a C:\UT2004\System\Setup.exe -d C:\UT2004\System -c uninstall "UT2004"
Task: {7C09F44F-961E-4674-B8B6-A5FEA826D61F} - \WPD\SqmUpload_S-1-5-21-2865356430-1766797703-3585162535-1001 -> Keine Datei <==== ACHTUNG
Task: {81DB740A-FAE3-43FD-91AB-C95D2BEBCCC7} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> Keine Datei <==== ACHTUNG
Task: {91C0991C-9E6A-49D6-A1D4-C30ABC030E58} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Keine Datei <==== ACHTUNG
Task: {9543497F-AF18-46B1-A9CF-2EAE531999E8} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Keine Datei <==== ACHTUNG
Task: {97BEE186-07E7-4B9E-89FA-0330B3499536} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {A9BDE5B3-2260-4238-8A45-16F52CDD028E} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-12-06] (Piriform Ltd)
Task: {ABEB7469-3657-4409-8957-4FC0DACFB05B} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {B0C2DD2B-9C43-4349-834D-0F68F9B1CA5B} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {B90AB521-FB73-403A-A6B9-9103C85B8CB3} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {B9D938EF-4D34-4AE5-8CDE-456A1F98B022} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {BF22CBA3-F4D0-4791-A4B7-FC4C5AF0BDF0} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> Keine Datei <==== ACHTUNG
Task: {C1364F06-9243-4244-B49E-B4893C55A2BB} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Keine Datei <==== ACHTUNG
Task: {C4BA3D3C-E832-41FA-8F9A-9FE02DFD5A3E} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {C969B2A2-2115-49A2-BBD1-EB52A29845DF} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Keine Datei <==== ACHTUNG
Task: {CE460513-80E6-49BF-9A73-986389515D06} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Keine Datei <==== ACHTUNG
Task: {D334B8AE-B700-4951-9118-159328ECBAD2} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {DF9730D3-0190-45D3-9028-2F5EE0E3083E} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {EA204623-908C-4208-BE97-6334C67693CF} - \Microsoft\Windows\Setup\GWXTriggers\Time-Weekend -> Keine Datei <==== ACHTUNG
Task: {ED75BD0B-9BDC-4BB9-BCA3-2E2FC7EAE788} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {F7D64D7D-6860-4F05-AB8F-BDD62B076F7C} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {F9D110F7-064E-4360-9F6F-D6A8AF2AC8A3} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Keine Datei <==== ACHTUNG

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)


==================== Verknüpfungen =============================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)

Shortcut: C:\Users\db\Desktop\F! Manager.lnk -> D:\Downloads 1\F1Manager\START.bat ()
Shortcut: C:\Users\db\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spiele\Blue Byte\Die Siedler IV\Blue Byte Game Channel.lnk -> hxxp://www.bluebyte.net/

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2016-07-16 12:42 - 2016-07-16 12:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-12-13 19:51 - 2016-12-09 11:29 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2014-02-21 21:44 - 2014-12-06 02:02 - 00107832 _____ () C:\WINDOWS\SysWoW64\PnkBstrB.exe
2014-02-21 21:44 - 2014-12-06 02:01 - 00066872 _____ () C:\WINDOWS\SysWoW64\PnkBstrA.exe
2016-12-13 19:51 - 2016-12-09 11:29 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-10-29 16:30 - 2016-10-29 16:30 - 01864384 _____ () C:\Users\db\AppData\Local\Microsoft\OneDrive\17.3.6517.0809_1\amd64\ClientTelemetry.dll
2010-07-15 05:44 - 2010-07-15 05:44 - 00020032 _____ () C:\Program Files\Unlocker\UnlockerCOM.dll
2016-10-29 17:11 - 2016-10-29 17:11 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2016-12-13 19:50 - 2016-12-09 10:41 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2000-02-14 12:38 - 2000-02-14 11:38 - 00159744 _____ () C:\Program Files (x86)\ANSTOSS 3\Archiver.dll
2000-01-25 11:33 - 2000-01-25 11:33 - 00118784 _____ () C:\Program Files (x86)\ANSTOSS 3\VTO.dll
2000-02-16 15:33 - 2000-12-07 13:58 - 00802816 _____ () C:\Program Files (x86)\ANSTOSS 3\activesim.dll
2000-01-24 16:30 - 2000-03-07 14:14 - 00393216 _____ () C:\Program Files (x86)\ANSTOSS 3\SSFX.dll
2000-02-03 14:28 - 2000-02-16 13:56 - 00102400 _____ () C:\Program Files (x86)\ANSTOSS 3\AIM.dll
2000-02-14 09:29 - 2000-06-13 09:07 - 00622646 _____ () C:\Program Files (x86)\ANSTOSS 3\d3d_dll.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)

AlternateDataStreams: C:\WINDOWS\system32\drivers:ucdrv-x64.sys [80850]
AlternateDataStreams: C:\WINDOWS\system32\drivers:x64 [360536]
AlternateDataStreams: C:\WINDOWS\system32\drivers:x86 [1156450]

==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)


==================== Hosts Inhalt: ===============================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____N C:\WINDOWS\system32\Drivers\etc\hosts


==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-2865356430-1766797703-3585162535-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\db\AppData\Roaming\Microsoft\Windows Photo Viewer\Hintergrundbild der Windows-Fotoanzeige.jpg
DNS Servers: Datenträger ist nicht mit dem Internet verbunden.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

HKLM\...\StartupApproved\Run: => "StartCN"
HKLM\...\StartupApproved\Run32: => "avgnt"
HKLM\...\StartupApproved\Run32: => "StartCCC"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "Avira Systray"
HKLM\...\StartupApproved\Run32: => "PlaysTV"
HKLM\...\StartupApproved\Run32: => "Raptr"
HKLM\...\StartupApproved\Run32: => "Avira SystrayStartTrigger"
HKU\S-1-5-21-2865356430-1766797703-3585162535-1001\...\StartupApproved\Run: => "HydraVisionDesktopManager"
HKU\S-1-5-21-2865356430-1766797703-3585162535-1001\...\StartupApproved\Run: => "EPSON Stylus Office BX300F"

==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [vm-monitoring-nb-session] => LPort=139
FirewallRules: [{014DF778-9A0B-4A9D-881C-537C17DCAAE4}] => C:\Program Files (x86)\Nero\Nero 12\Nero BackItUp\BackItUp.exe
FirewallRules: [{7FDE83D3-11B7-4D4B-B335-56403F7B2DD8}] => C:\Program Files (x86)\Nero\Nero 12\Nero BackItUp\BackItUp.exe
FirewallRules: [{0E4A56FA-955C-4330-883B-B1607E6FA733}] => C:\Program Files (x86)\Nero\KM\KwikMedia.exe
FirewallRules: [{601A22F8-6E9A-4575-9FC5-6DEE1D4971D2}] => C:\Program Files (x86)\Nero\KM\KwikMedia.exe
FirewallRules: [{64F2A352-A960-46FA-B313-F4E936D874BE}] => C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{CFBE1B6D-B1CD-4471-A8EC-11A098B89754}] => C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{6C1135A9-AFD2-47A0-A2FD-0C75895D5F20}] => C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{D5206996-B1ED-40CF-9509-3BDD0522981F}] => C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{CF24AF9E-F8BF-49BD-BFBB-B5B5F21D2D49}] => C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{3488443A-FE54-4DFE-AD00-2A7BEA0F955F}] => C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{934B94D4-EE6C-4936-94EE-1CD317E382BF}] => C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{8CCC3458-3CA2-4AFB-85BE-0602DDA7CA93}] => C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{0079C627-51B6-4178-8F81-A07BAE786BBD}] => C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{40EE72F9-E40D-4D84-8776-5E103EA9F762}] => C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{8ACE0E43-AE05-4D01-A20F-6D139E969FA3}] => C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{3D03CF39-629D-4847-8B37-EC6D612BA4D5}] => C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [TCP Query User{6EC1A918-2C6C-4757-A7F2-D1208923B223}C:\windows\syswow64\dplaysvr.exe] => C:\windows\syswow64\dplaysvr.exe
FirewallRules: [UDP Query User{2EA2EF77-1347-4595-8C09-7DC22D18919A}C:\windows\syswow64\dplaysvr.exe] => C:\windows\syswow64\dplaysvr.exe
FirewallRules: [TCP Query User{B3CF27DE-9720-4603-8C41-6ED088A48264}C:\program files (x86)\kworld multimedia\hypermedia\liveupdate\liveupdate.exe] => C:\program files (x86)\kworld multimedia\hypermedia\liveupdate\liveupdate.exe
FirewallRules: [UDP Query User{69E858C0-6B85-47C3-9074-0292F385A6D7}C:\program files (x86)\kworld multimedia\hypermedia\liveupdate\liveupdate.exe] => C:\program files (x86)\kworld multimedia\hypermedia\liveupdate\liveupdate.exe
FirewallRules: [{253034A2-3C02-414A-BB3C-0634D23E4D1C}] => LPort=80
FirewallRules: [{B2EC26D2-E0B1-46AF-B990-16F98BB17653}] => LPort=443
FirewallRules: [{3D4B0D62-326B-4D57-A6DA-278D4A6F6688}] => LPort=20010
FirewallRules: [{A880EC3B-22AF-4F2B-9714-3C85C973D3D2}] => LPort=3478
FirewallRules: [{951B7EDD-ED2E-4405-B16F-D9D2923A787C}] => LPort=7850
FirewallRules: [{6CF1E03F-5F7A-4CA1-8D9F-E3726C889122}] => LPort=7852
FirewallRules: [{1D0B4EEC-3172-4167-A454-011B17867B41}] => LPort=7853
FirewallRules: [{F115EE06-A299-4C21-B7F1-575E1AB70798}] => LPort=27022
FirewallRules: [{6A77E5F4-BEF0-4B82-A9CF-320AC72BA6D4}] => LPort=6881
FirewallRules: [{132D4B2B-3CDF-43BF-93AA-C7E33E537AF4}] => LPort=33333
FirewallRules: [{684C5A27-CEC3-490D-97C7-7B907746B871}] => LPort=20443
FirewallRules: [{CBC8C096-2C19-4B1D-AA71-1909130CABF9}] => LPort=8090
FirewallRules: [TCP Query User{A507A371-5BF0-4A78-A2F2-FA9A72719B29}C:\program files (x86)\telestar\telestar.exe] => C:\program files (x86)\telestar\telestar.exe
FirewallRules: [UDP Query User{9AEAE644-063C-45CC-9528-FE3D512E22DF}C:\program files (x86)\telestar\telestar.exe] => C:\program files (x86)\telestar\telestar.exe
FirewallRules: [{DA433F71-62F0-49C4-8663-4D43558951FA}] => C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{568DD947-A74A-4266-A099-6C7FBE491A0A}] => C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{8C71E734-7651-4CF1-8682-1671AD6595FC}] => C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{B0E30C76-C0C7-49E1-B137-DD67636A5C4D}] => C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [UDP Query User{3C8820C5-D8E1-42A8-B397-52D01B5F8B18}C:\program files (x86)\skype\phone\skype.exe] => C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{2BFF209A-BA93-4357-BCC1-120D0C12A121}C:\program files (x86)\skype\phone\skype.exe] => C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{C925960E-5025-4319-B251-04F930A2A28C}C:\program files (x86)\skype\phone\skype.exe] => C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{F30AF08D-D92C-48C6-B170-70BB85DE65F0}] => C:\Users\db\AppData\Local\Temp\is-7V9CD.tmp\download\MiniThunderPlatform.exe
FirewallRules: [{39E1D2A5-5990-4CCD-BB6D-971F4180DE90}] => LPort=1688
FirewallRules: [{E1C81A22-33CD-4CA2-A2DD-3FEAEF232B8E}] => LPort=1688
FirewallRules: [{212EB54C-3E17-4B80-BC16-1119E69CA757}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{DC6CFF15-4107-4F62-B1C9-73398426599E}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{5120A1FC-2DBA-4328-841F-795966F9F2F1}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Wiederherstellungspunkte =========================

23-12-2016 12:24:06 Avira System Speedup Optimierung
23-12-2016 12:25:24 JRT Pre-Junkware Removal
23-12-2016 12:34:31 JRT Pre-Junkware Removal

==================== Fehlerhafte Geräte im Gerätemanager =============

Name: USB 2.0 Camera
Description: USB-Videogerät
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: Microsoft
Service: usbvideo
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (12/23/2016 01:05:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: anstoss3.exe, Version: 1.1.0.0, Zeitstempel: 0x3f02fbca
Name des fehlerhaften Moduls: apphelp.dll, Version: 10.0.14393.0, Zeitstempel: 0x57898eeb
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00053f42
ID des fehlerhaften Prozesses: 0x1968
Startzeit der fehlerhaften Anwendung: 0x01d25d140e4c53c5
Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\ANSTOSS 3\anstoss3.exe
Pfad des fehlerhaften Moduls: C:\WINDOWS\system32\apphelp.dll
Berichtskennung: 039cf60b-eeac-41ce-9c89-5ed0c27ff57b
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (12/23/2016 12:34:33 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.

System Error:
Zugriff verweigert
.

Error: (12/23/2016 12:25:25 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.

System Error:
Zugriff verweigert
.

Error: (12/23/2016 12:24:09 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.

System Error:
Zugriff verweigert
.

Error: (12/23/2016 12:22:23 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: Die erweiterbare Leistungsindikator-DLL rdyboost kann nicht geladen werden. Die ersten vier Bytes (DWORD) des Datenbereichs enthalten den Windows-Fehlercode.

Error: (12/23/2016 12:22:23 PM) (Source: Perflib) (EventID: 1017) (User: )
Description: Das Zusammenstellen der Leistungsindikatorendaten vom Dienst "Outlook" wurde deaktiviert, da mindestens ein Fehler von der Leistungsindikatorenbibliothek für diesen Dienst verursacht wurde. Die Fehler, die diese Aktion erzwungen haben, wurden in das Ereignisprotokoll der Anwendung geschrieben. Die Fehler müssen behoben werden, bevor die Leistungsindikatoren für diesen Dienst aktiviert werden.

Error: (12/23/2016 12:22:23 PM) (Source: Perflib) (EventID: 1022) (User: )
Description: Windows kann die 64-Bit-Version der DLL für erweiterbare Leistungsindikatoren "Outlook" in einer 32-Bit-Umgebung nicht öffnen. Wenden Sie sich an den Hersteller der Datei, um eine 64-Bit-Version zu erhalten. Sie können aber auch die 64-Bit-Version der DLL für erweiterbare Leistungsindikatoren öffnen, indem Sie die 64-Bit-Version der Leistungsüberwachung verwenden. Öffnen Sie den Ordner "Windows", öffnen Sie den Ordner "Syswow64", und starten Sie "Perfmon.exe", um dieses Programm zu verwenden.

Error: (12/23/2016 12:22:23 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: Die Open-Prozedur für den Dienst "BITS" in der DLL "C:\Windows\System32\bitsperf.dll" war nicht erfolgreich. Die Leistungsdaten für diesen Dienst sind nicht verfügbar. Die ersten vier Bytes (DWORD) des Datenbereichs enthalten den Fehlercode.

Error: (12/22/2016 02:32:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: mbam.exe, Version: 2.3.173.0, Zeitstempel: 0x56e065b4
Name des fehlerhaften Moduls: MSVCR100.dll, Version: 10.0.40219.325, Zeitstempel: 0x4df2be1e
Ausnahmecode: 0x40000015
Fehleroffset: 0x0008d6fd
ID des fehlerhaften Prozesses: 0x590
Startzeit der fehlerhaften Anwendung: 0x01d25c57e4d9bf39
Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
Pfad des fehlerhaften Moduls: C:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dll
Berichtskennung: 703f6125-8104-441f-bf85-a371f49de8de
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (12/22/2016 02:25:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: mbam.exe, Version: 2.3.173.0, Zeitstempel: 0x56e065b4
Name des fehlerhaften Moduls: MSVCR100.dll, Version: 10.0.40219.325, Zeitstempel: 0x4df2be1e
Ausnahmecode: 0x40000015
Fehleroffset: 0x0008d6fd
ID des fehlerhaften Prozesses: 0x157c
Startzeit der fehlerhaften Anwendung: 0x01d25c56ddb524d0
Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
Pfad des fehlerhaften Moduls: C:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dll
Berichtskennung: 8b6c15d5-362e-4cf2-8e9e-4cdc9e1d3fcf
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:


Systemfehler:
=============
Error: (12/23/2016 02:05:14 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Mobile Partner. OUC" wurde aufgrund folgenden Fehlers nicht gestartet:
Der Dienst antwortete nicht rechtzeitig auf die Start- oder Steuerungsanforderung.

Error: (12/23/2016 02:05:14 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (60000 ms) wurde beim Verbindungsversuch mit dem Dienst Mobile Partner. RunOuc erreicht.

Error: (12/23/2016 02:05:13 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Juqokchukity" wurde mit folgendem Fehler beendet:
Das angegebene Modul wurde nicht gefunden.

Error: (12/23/2016 02:05:13 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "HWDeviceService64.exe" wurde aufgrund folgenden Fehlers nicht gestartet:
Das System kann die angegebene Datei nicht finden.

Error: (12/23/2016 02:03:12 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\SYSTEM" (SID: S-1-5-18) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 und der APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.

Error: (12/23/2016 02:03:06 PM) (Source: Application Popup) (EventID: 56) (User: )
Description: RISD0001

Error: (12/23/2016 02:02:53 PM) (Source: DCOM) (EventID: 10010) (User: Sonydb)
Description: Der Server "{9BA05972-F6A8-11CF-A442-00A0C90A8F39}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (12/23/2016 02:01:03 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Mobile Partner. OUC" wurde aufgrund folgenden Fehlers nicht gestartet:
Der Dienst antwortete nicht rechtzeitig auf die Start- oder Steuerungsanforderung.

Error: (12/23/2016 02:01:03 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (60000 ms) wurde beim Verbindungsversuch mit dem Dienst Mobile Partner. OUC erreicht.

Error: (12/23/2016 02:01:02 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Juqokchukity" wurde mit folgendem Fehler beendet:
Das angegebene Modul wurde nicht gefunden.


CodeIntegrity:
===================================
  Date: 2016-12-22 11:38:25.504
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\winhttp.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-12-22 11:38:25.486
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\winhttp.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-12-16 20:04:34.106
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\winhttp.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-12-16 20:04:34.088
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\winhttp.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-12-13 06:17:46.173
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\winhttp.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-12-13 06:17:46.155
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\winhttp.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-12-12 22:26:46.667
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\winhttp.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-12-12 22:26:46.642
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\winhttp.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-12-12 22:24:57.006
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\winhttp.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-12-12 22:24:56.987
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\winhttp.dll because the set of per-page image hashes could not be found on the system.


==================== Speicherinformationen ===========================

Prozessor: Intel(R) Core(TM) i5 CPU M 480 @ 2.67GHz
Prozentuale Nutzung des RAM: 18%
Installierter physikalischer RAM: 5998.09 MB
Verfügbarer physikalischer RAM: 4916.61 MB
Summe virtueller Speicher: 12398.09 MB
Verfügbarer virtueller Speicher: 11411.44 MB

==================== Laufwerke ================================

Drive c: () (Fixed) (Total:118.8 GB) (Free:51.6 GB) NTFS ==>[Laufwerk mit Startkomponenten (eingeholt von BCD)]
Drive d: () (Fixed) (Total:465.75 GB) (Free:204.16 GB) NTFS
Drive h: () (Removable) (Total:29.8 GB) (Free:25.73 GB) FAT32

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 119.2 GB) (Disk ID: EC22E958)
Partition 1: (Active) - (Size=118.8 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=450 MB) - (Type=27)

========================================================
Disk: 1 (Size: 465.8 GB) (Disk ID: 0FC8EF90)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=OF Extended)

========================================================
Disk: 4 (Size: 29.8 GB) (Disk ID: 05CF5B9E)
Partition 1: (Not Active) - (Size=29.8 GB) - (Type=0C)

==================== Ende von Addition.txt ============================

magdeburger 24.12.2016 09:08
Code:
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 21-12-2016
durchgeführt von db (Administrator) auf SONYDB (24-12-2016 09:05:42)
Gestartet von D:\heruntergeladene Programme\Antivirusprogramme
Geladene Profile: db (Verfügbare Profile: db)
Platform: Windows 10 Pro Version 1607 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: Chrome)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(AMD) C:\Windows\System32\atiesrxx.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Windows\SysWOW64\PnkBstrB.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
(Foxit Software Inc.) C:\Program Files (x86)\FOXIT SOFTWARE\FOXIT READER\FoxitConnectedPDFService.exe
() C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
() C:\Program Files (x86)\Sparhandy Modem\BackgroundService\ServiceManager.exe
(AMD) C:\Windows\System32\atieclxx.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7981600 2009-07-23] (Realtek Semiconductor)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [163800 2016-07-30] (IvoSoft)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [210432 2016-07-05] (Geek Software GmbH)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [115048 2011-09-16] (Renesas Electronics Corporation)
HKU\S-1-5-21-2865356430-1766797703-3585162535-1001\...\Run: [EPSON Stylus Office BX300F] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIEJE.EXE [221696 2008-01-22] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-2865356430-1766797703-3585162535-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-2865356430-1766797703-3585162535-1001\...\MountPoints2: {993b80d7-a4a9-11e4-833a-0024bebd199b} - "E:\autorun.exe"
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2016-07-30] (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2016-07-30] (IvoSoft)

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\Parameters: [NameServer] 8.8.8.8,8.8.8.4
Tcpip\..\Interfaces\{bf3a2940-db0d-47e1-8c05-cc90ab7858d4}: [DhcpNameServer] 192.168.2.1
ManualProxies:

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-2865356430-1766797703-3585162535-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope Wert fehlt
SearchScopes: HKU\S-1-5-21-2865356430-1766797703-3585162535-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=U220DF&PC=U220&q={searchTerms}&src=IE-SearchBox
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2016-05-17] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\db\AppData\Roaming\Mozilla\Firefox\Profiles\mb9a2erg.default-1482084049159 [2016-12-24]
FF Homepage: Mozilla\Firefox\Profiles\mb9a2erg.default-1482084049159 -> about:home
FF Session Restore: Mozilla\Firefox\Profiles\mb9a2erg.default-1482084049159 -> ist aktiviert.
FF Extension: (Adblock Plus Pop-up Addon) - C:\Users\db\AppData\Roaming\Mozilla\Firefox\Profiles\mb9a2erg.default-1482084049159\Extensions\adblockpopups@jessehakanen.net.xpi [2016-04-27]
FF Extension: (Element Hiding Helper for Adblock Plus) - C:\Users\db\AppData\Roaming\Mozilla\Firefox\Profiles\mb9a2erg.default-1482084049159\Extensions\elemhidehelper@adblockplus.org.xpi [2016-11-26]
FF Extension: (Adblock Plus) - C:\Users\db\AppData\Roaming\Mozilla\Firefox\Profiles\mb9a2erg.default-1482084049159\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-11-26]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [Keine Datei]
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [Keine Datei]
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [Keine Datei]
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [Keine Datei]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [Keine Datei]
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2012-08-23] (Nero AG)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-18] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
StartMenuInternet: FIREFOX.EXE - firefox.exe

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
StartMenuInternet: Google Chrome - Chrome.exe

==================== Dienste (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-08-18] (SUPERAntiSpyware.com)
R2 FoxitReaderService; C:\Program Files (x86)\FOXIT SOFTWARE\FOXIT READER\FoxitConnectedPDFService.exe [1647808 2016-06-21] (Foxit Software Inc.)
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4317648 2016-12-14] (Malwarebytes)
S2 Mobile Partner. RunOuc; C:\Program Files (x86)\Mobile Partner\UpdateDog\ouc.exe [246112 2014-01-14] ()
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [66872 2014-12-06] ()
R2 PnkBstrB; C:\Windows\SysWOW64\PnkBstrB.exe [107832 2014-12-06] ()
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-09-15] (Microsoft Corporation)
R2 Sparhandy_Germany Silverstone Modem Device Helper; C:\Program Files (x86)\Sparhandy Modem\BackgroundService\ServiceManager.exe [53312 2012-03-14] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)

===================== Treiber (Nicht auf der Ausnahmeliste) ======================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S3 AlcatelOTnet; C:\WINDOWS\system32\DRIVERS\AlcatelOTUsbnet.sys [138752 2011-06-20] (TCT International Mobile Ltd)
R0 amdkmafd; C:\WINDOWS\System32\drivers\amdkmafd.sys [23240 2016-02-26] (Advanced Micro Devices, Inc.)
R1 dtsoftbus01; C:\WINDOWS\System32\drivers\dtsoftbus01.sys [283064 2015-01-27] (Disc Soft Ltd)
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [16776 2011-07-29] () [Datei ist nicht signiert]
S3 epmntdrv; C:\Windows\SysWOW64\epmntdrv.sys [14216 2011-07-29] () [Datei ist nicht signiert]
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [9096 2011-07-29] () [Datei ist nicht signiert]
S3 EuGdiDrv; C:\Windows\SysWOW64\EuGdiDrv.sys [8456 2011-07-29] () [Datei ist nicht signiert]
U5 iaStor; C:\Windows\System32\Drivers\iaStor.sys [537112 2009-11-20] (Intel Corporation)
S3 jrdusbser; C:\WINDOWS\system32\DRIVERS\jrdusbser.sys [120832 2011-06-20] (TCT International Mobile Ltd)
S3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [43968 2016-12-23] (Malwarebytes)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [250816 2016-12-23] (Malwarebytes)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R2 npf; C:\WINDOWS\system32\drivers\npf.sys [36600 2015-08-21] (Riverbed Technology, Inc.)
U5 nusb3xhc; C:\Windows\System32\Drivers\nusb3xhc.sys [226696 2012-08-27] (Renesas Electronics Corporation)
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19152 2013-09-30] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] ()
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
R3 ykinw8; C:\WINDOWS\System32\drivers\ykinx64.sys [288768 2016-07-16] (Marvell)

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-12-23 10:08 - 2016-12-23 10:08 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_avusbflt_01011.Wdf
2016-12-23 10:04 - 2016-12-23 10:04 - 00000000 ____D C:\Users\db\AppData\Local\Avira
2016-12-22 18:19 - 2016-12-22 18:20 - 00214978 _____ C:\TDSSKiller.3.1.0.12_22.12.2016_18.19.11_log.txt
2016-12-22 17:29 - 2016-12-22 17:29 - 00000000 _____ C:\Users\db\Desktop\chuck 30min.txt
2016-12-22 17:26 - 2016-12-22 17:27 - 00077842 _____ C:\TDSSKiller.3.1.0.12_22.12.2016_17.26.27_log.txt
2016-12-22 17:15 - 2016-12-22 17:17 - 00147144 _____ C:\TDSSKiller.3.1.0.12_22.12.2016_17.15.06_log.txt
2016-12-22 17:05 - 2016-12-22 17:14 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2016-12-22 17:02 - 2016-12-22 17:02 - 16563352 _____ (Malwarebytes Corp.) C:\Users\db\Downloads\mbar-1.09.3.1001.exe
2016-12-22 15:14 - 2016-12-22 15:14 - 00000000 ____D C:\ProgramData\USOShared
2016-12-22 15:14 - 2016-12-22 15:14 - 00000000 ____D C:\ProgramData\USOPrivate
2016-12-22 14:35 - 2016-12-22 14:35 - 00000000 _____ C:\Users\db\Desktop\Codes.txt
2016-12-22 13:39 - 2016-12-24 09:05 - 00000000 ____D C:\FRST
2016-12-22 13:37 - 2016-12-23 12:37 - 00000543 _____ C:\Users\db\Desktop\JRT.txt
2016-12-22 12:37 - 2016-12-22 12:37 - 00000916 _____ C:\Users\Public\Desktop\VLC media player.lnk
2016-12-22 12:37 - 2016-12-22 12:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2016-12-22 12:26 - 2016-12-22 12:26 - 00000000 ____D C:\Users\db\AppData\Roaming\WinRAR
2016-12-22 12:11 - 2016-12-23 00:02 - 00102856 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2016-12-22 12:10 - 2016-12-22 17:05 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-12-22 12:10 - 2016-12-22 12:10 - 00000000 ____D C:\Program Files\Malwarebytes
2016-12-22 12:10 - 2016-12-14 12:55 - 00077416 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2016-12-22 12:03 - 2016-12-24 09:04 - 00000000 ____D C:\Users\db\AppData\LocalLow\Mozilla
2016-12-22 12:03 - 2016-12-22 12:03 - 00000000 ____D C:\Users\db\Tracing
2016-12-22 12:00 - 2016-12-23 12:57 - 00000000 ____D C:\AdwCleaner
2016-12-22 11:52 - 2016-12-22 11:52 - 00000000 ____D C:\Users\db\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2016-12-22 11:52 - 2016-12-22 11:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2016-12-22 11:50 - 2016-12-22 11:50 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2016-12-22 11:36 - 2016-12-22 11:36 - 00000000 ____D C:\ProgramData\DAEMON Tools Lite
2016-12-22 11:35 - 2016-12-23 12:22 - 00000000 ____D C:\ProgramData\Foxit Software
2016-12-22 11:35 - 2016-12-22 11:42 - 00000000 ____D C:\ProgramData\Nero
2016-12-22 11:35 - 2016-12-22 11:35 - 00000000 ____D C:\ProgramData\TreeCardGames
2016-12-22 10:51 - 2016-12-22 10:52 - 41650235 _____ C:\Users\db\Desktop\Firefox 50.1.0 (x86 de) - 2016-12-22.pcv
2016-12-18 15:59 - 2016-12-22 12:16 - 00002340 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-12-18 15:59 - 2016-12-22 12:16 - 00002328 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-12-18 15:58 - 2016-12-18 16:04 - 00003628 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-12-18 15:58 - 2016-12-18 16:04 - 00003504 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2016-12-18 15:58 - 2016-12-18 15:59 - 00000000 ____D C:\Program Files (x86)\Google
2016-12-17 09:04 - 2016-12-22 11:23 - 00000000 ____D C:\WINDOWS\System32\Tasks\WiseCleaner
2016-12-16 20:45 - 2016-12-23 12:45 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-12-16 20:45 - 2016-12-22 12:16 - 00001232 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-12-16 20:45 - 2016-12-22 10:27 - 00001220 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-12-16 20:45 - 2016-12-17 01:30 - 00000000 ____D C:\Users\db\AppData\Local\Mozilla
2016-12-16 20:45 - 2016-12-16 20:45 - 00000000 ____D C:\Users\db\AppData\Roaming\Mozilla
2016-12-16 19:38 - 2016-12-18 16:07 - 00000000 ____D C:\Users\db\AppData\Local\Google
2016-12-16 19:38 - 2016-12-16 19:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2016-12-16 19:14 - 2016-12-16 19:15 - 00000000 ____D C:\WINDOWS\system32\appmgmt
2016-12-14 21:26 - 2016-12-14 21:26 - 00083909 _____ C:\Users\db\Desktop\DKB - Deutsche Kreditbank AG - Internet Banking.pdf
2016-12-14 20:14 - 2016-12-14 20:18 - 00000000 ___HD C:\WINDOWS\msdownld.tmp
2016-12-14 06:36 - 2016-12-14 06:36 - 00000000 ____D C:\Users\db\AppData\Local\MicrosoftEdge
2016-12-13 19:51 - 2016-12-09 11:32 - 07816032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-12-13 19:51 - 2016-12-09 11:29 - 02681200 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2016-12-13 19:51 - 2016-12-09 11:19 - 01293152 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2016-12-13 19:51 - 2016-12-09 11:18 - 01100128 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2016-12-13 19:51 - 2016-12-09 11:18 - 00989024 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2016-12-13 19:51 - 2016-12-09 11:18 - 00947552 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.efi
2016-12-13 19:51 - 2016-12-09 11:18 - 00811872 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe
2016-12-13 19:51 - 2016-12-09 11:15 - 08168000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2016-12-13 19:51 - 2016-12-09 11:15 - 01988560 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2016-12-13 19:51 - 2016-12-09 11:14 - 01274712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-12-13 19:51 - 2016-12-09 11:01 - 02323728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2016-12-13 19:51 - 2016-12-09 11:01 - 01503544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2016-12-13 19:51 - 2016-12-09 10:57 - 01852720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2016-12-13 19:51 - 2016-12-09 10:52 - 01435896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2016-12-13 19:51 - 2016-12-09 10:51 - 00117240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sspicli.dll
2016-12-13 19:51 - 2016-12-09 10:45 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2016-12-13 19:51 - 2016-12-09 10:45 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\WordBreakers.dll
2016-12-13 19:51 - 2016-12-09 10:41 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WordBreakers.dll
2016-12-13 19:51 - 2016-12-09 10:40 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2016-12-13 19:51 - 2016-12-09 10:38 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2016-12-13 19:51 - 2016-12-09 10:37 - 00411136 _____ (Microsoft Corporation) C:\WINDOWS\system32\facecredentialprovider.dll
2016-12-13 19:51 - 2016-12-09 10:36 - 06285312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2016-12-13 19:51 - 2016-12-09 10:36 - 03059200 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2016-12-13 19:51 - 2016-12-09 10:36 - 00425984 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2016-12-13 19:51 - 2016-12-09 10:36 - 00410112 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2016-12-13 19:51 - 2016-12-09 10:33 - 03777536 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2016-12-13 19:51 - 2016-12-09 10:33 - 01589760 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtctm.dll
2016-12-13 19:51 - 2016-12-09 10:31 - 00313856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2016-12-13 19:51 - 2016-12-09 10:30 - 04612608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2016-12-13 19:51 - 2016-12-09 10:28 - 03306496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2016-12-13 19:51 - 2016-12-09 10:27 - 00981504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.OnlineId.dll
2016-12-13 19:51 - 2016-12-09 10:26 - 01692672 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2016-12-13 19:51 - 2016-12-09 10:24 - 02275840 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-12-13 19:51 - 2016-12-09 10:22 - 02820096 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2016-12-13 19:51 - 2016-12-09 10:22 - 02688512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-12-13 19:51 - 2016-12-09 10:21 - 00716800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ShareHost.dll
2016-12-13 19:51 - 2016-12-09 10:19 - 01121280 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2016-12-13 19:51 - 2016-12-09 10:19 - 00433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2016-12-13 19:51 - 2016-12-09 10:19 - 00261120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2016-12-13 19:51 - 2016-12-09 10:19 - 00119296 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
2016-12-13 19:51 - 2016-12-09 10:19 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditBufferTestHook.dll
2016-12-13 19:51 - 2016-12-09 10:18 - 02138112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2016-12-13 19:51 - 2016-12-09 10:16 - 02998272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2016-12-13 19:51 - 2016-12-09 10:16 - 00353280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2016-12-13 19:51 - 2016-12-09 10:15 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2016-12-13 19:51 - 2016-12-09 10:15 - 00092672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputLocaleManager.dll
2016-12-13 19:51 - 2016-12-09 10:15 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EditBufferTestHook.dll
2016-12-13 19:51 - 2016-11-02 11:25 - 00956416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2016-12-13 19:50 - 2016-12-09 11:42 - 01637728 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-12-13 19:50 - 2016-12-09 11:42 - 00137568 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-12-13 19:50 - 2016-12-09 11:34 - 01051112 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2016-12-13 19:50 - 2016-12-09 11:34 - 00894096 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2016-12-13 19:50 - 2016-12-09 11:33 - 01354320 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-12-13 19:50 - 2016-12-09 11:33 - 01173496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-12-13 19:50 - 2016-12-09 11:30 - 00377184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2016-12-13 19:50 - 2016-12-09 11:28 - 00764392 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2016-12-13 19:50 - 2016-12-09 11:27 - 00172528 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspicli.dll
2016-12-13 19:50 - 2016-12-09 11:20 - 02677544 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2016-12-13 19:50 - 2016-12-09 11:20 - 02189664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-12-13 19:50 - 2016-12-09 11:20 - 01738560 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2016-12-13 19:50 - 2016-12-09 11:20 - 00658784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-12-13 19:50 - 2016-12-09 11:20 - 00402272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2016-12-13 19:50 - 2016-12-09 11:19 - 00168424 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcrypt.dll
2016-12-13 19:50 - 2016-12-09 11:18 - 02913144 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2016-12-13 19:50 - 2016-12-09 11:18 - 01267512 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2016-12-13 19:50 - 2016-12-09 11:18 - 00624048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-12-13 19:50 - 2016-12-09 11:14 - 00241504 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2016-12-13 19:50 - 2016-12-09 11:11 - 02048496 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2016-12-13 19:50 - 2016-12-09 11:10 - 01572768 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2016-12-13 19:50 - 2016-12-09 11:10 - 01461200 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2016-12-13 19:50 - 2016-12-09 11:09 - 00455520 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2016-12-13 19:50 - 2016-12-09 11:01 - 00861024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2016-12-13 19:50 - 2016-12-09 11:00 - 00106896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcrypt.dll
2016-12-13 19:50 - 2016-12-09 10:59 - 02166752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2016-12-13 19:50 - 2016-12-09 10:59 - 00846560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2016-12-13 19:50 - 2016-12-09 10:57 - 06668040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2016-12-13 19:50 - 2016-12-09 10:56 - 00959112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2016-12-13 19:50 - 2016-12-09 10:52 - 01415752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2016-12-13 19:50 - 2016-12-09 10:47 - 22563328 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-12-13 19:50 - 2016-12-09 10:42 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2016-12-13 19:50 - 2016-12-09 10:41 - 00380928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wincorlib.dll
2016-12-13 19:50 - 2016-12-09 10:37 - 00261632 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll
2016-12-13 19:50 - 2016-12-09 10:37 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-12-13 19:50 - 2016-12-09 10:36 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2016-12-13 19:50 - 2016-12-09 10:34 - 00822784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2016-12-13 19:50 - 2016-12-09 10:34 - 00288768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincorlib.dll
2016-12-13 19:50 - 2016-12-09 10:32 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2016-12-13 19:50 - 2016-12-09 10:31 - 03689984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2016-12-13 19:50 - 2016-12-09 10:31 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\indexeddbserver.dll
2016-12-13 19:50 - 2016-12-09 10:30 - 23677952 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-12-13 19:50 - 2016-12-09 10:30 - 19413504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-12-13 19:50 - 2016-12-09 10:29 - 04749312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2016-12-13 19:50 - 2016-12-09 10:28 - 01004544 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2016-12-13 19:50 - 2016-12-09 10:27 - 19417088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-12-13 19:50 - 2016-12-09 10:27 - 13084160 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-12-13 19:50 - 2016-12-09 10:27 - 05114368 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2016-12-13 19:50 - 2016-12-09 10:26 - 08129536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-12-13 19:50 - 2016-12-09 10:25 - 00376832 _____ (Microsoft Corporation) C:\WINDOWS\system32\CryptoWinRT.dll
2016-12-13 19:50 - 2016-12-09 10:23 - 12177920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-12-13 19:50 - 2016-12-09 10:22 - 01490944 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-12-13 19:50 - 2016-12-09 10:21 - 04746752 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-12-13 19:50 - 2016-12-09 10:21 - 03616768 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-12-13 19:50 - 2016-12-09 10:21 - 01512960 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-12-13 19:50 - 2016-12-09 10:20 - 06044160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-12-13 19:50 - 2016-12-09 10:20 - 03198464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2016-12-13 19:50 - 2016-12-09 10:20 - 00730624 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2016-12-13 19:50 - 2016-12-09 10:20 - 00187392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2016-12-13 19:50 - 2016-12-09 10:20 - 00172544 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2016-12-13 19:50 - 2016-12-09 10:18 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-12-13 19:50 - 2016-12-09 10:18 - 00165376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll
2016-12-13 19:50 - 2016-12-09 10:17 - 00886272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2016-12-13 19:50 - 2016-12-09 10:17 - 00566784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ShareHost.dll
2016-12-13 19:50 - 2016-12-09 10:16 - 01880576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-12-13 19:50 - 2016-12-09 09:54 - 00483840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2016-12-13 19:50 - 2016-11-02 11:28 - 00807424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.OnlineId.dll
2016-12-13 19:50 - 2016-09-15 17:36 - 00216576 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll
2016-12-12 18:59 - 2016-12-23 12:20 - 00000000 ____D C:\WINDOWS\system32\log
2016-12-12 18:59 - 2016-12-12 20:14 - 00000000 _____ C:\Users\Public\Documents\report.dat
2016-12-12 18:59 - 2016-12-12 18:59 - 00000000 _____ C:\Users\Public\Documents\temp.dat
2016-12-10 19:54 - 2016-11-11 11:22 - 00590960 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2016-12-10 19:54 - 2016-11-11 11:15 - 00198856 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscapi.dll
2016-12-10 19:54 - 2016-11-11 11:15 - 00101216 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceReactivation.dll
2016-12-10 19:54 - 2016-11-11 11:14 - 02482280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2016-12-10 19:54 - 2016-11-11 11:14 - 02186896 _____ (Microsoft Corporation) C:\WINDOWS\system32\hevcdecoder.dll
2016-12-10 19:54 - 2016-11-11 11:14 - 00603488 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll
2016-12-10 19:54 - 2016-11-11 11:13 - 02213760 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2016-12-10 19:54 - 2016-11-11 11:13 - 01886344 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-12-10 19:54 - 2016-11-11 11:13 - 00352096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
2016-12-10 19:54 - 2016-11-11 11:12 - 00128352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys
2016-12-10 19:54 - 2016-11-11 11:08 - 00142176 _____ (Microsoft Corporation) C:\WINDOWS\system32\migisol.dll
2016-12-10 19:54 - 2016-11-11 11:03 - 01069720 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2016-12-10 19:54 - 2016-11-11 11:03 - 00328008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2016-12-10 19:54 - 2016-11-11 11:03 - 00266544 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2016-12-10 19:54 - 2016-11-11 11:02 - 02828376 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2016-12-10 19:54 - 2016-11-11 11:02 - 00360040 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2016-12-10 19:54 - 2016-11-11 11:01 - 07219672 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2016-12-10 19:54 - 2016-11-11 11:01 - 01859264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2016-12-10 19:54 - 2016-11-11 11:01 - 00637400 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2016-12-10 19:54 - 2016-11-11 11:00 - 00335712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2016-12-10 19:54 - 2016-11-11 11:00 - 00223584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2016-12-10 19:54 - 2016-11-11 11:00 - 00219488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
2016-12-10 19:54 - 2016-11-11 10:57 - 22224480 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-12-10 19:54 - 2016-11-11 10:57 - 04130432 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2016-12-10 19:54 - 2016-11-11 10:57 - 01473048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2016-12-10 19:54 - 2016-11-11 10:56 - 01062480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2016-12-10 19:54 - 2016-11-11 10:56 - 00534096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2016-12-10 19:54 - 2016-11-11 10:56 - 00424616 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFPlay.dll
2016-12-10 19:54 - 2016-11-11 10:56 - 00418952 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2016-12-10 19:54 - 2016-11-11 10:56 - 00187520 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudStorageWizard.exe
2016-12-10 19:54 - 2016-11-11 10:56 - 00163752 _____ (Microsoft Corporation) C:\WINDOWS\system32\RTWorkQ.dll
2016-12-10 19:54 - 2016-11-11 10:56 - 00126568 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfaudiocnv.dll
2016-12-10 19:54 - 2016-11-11 10:55 - 01600624 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2016-12-10 19:54 - 2016-11-11 10:55 - 00882680 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeManagerObj.dll
2016-12-10 19:54 - 2016-11-11 10:55 - 00743224 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2016-12-10 19:54 - 2016-11-11 10:54 - 01418312 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2016-12-10 19:54 - 2016-11-11 10:51 - 00454592 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2016-12-10 19:54 - 2016-11-11 10:31 - 00366080 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
2016-12-10 19:54 - 2016-11-11 10:29 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2016-12-10 19:54 - 2016-11-11 10:27 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpremove.exe
2016-12-10 19:54 - 2016-11-11 10:26 - 00258560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xboxgip.sys
2016-12-10 19:54 - 2016-11-11 10:26 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseModernAppMgmtCSP.dll
2016-12-10 19:54 - 2016-11-11 10:26 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReportingCSP.dll
2016-12-10 19:54 - 2016-11-11 10:26 - 00042496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\modem.sys
2016-12-10 19:54 - 2016-11-11 10:26 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgentc.exe
2016-12-10 19:54 - 2016-11-11 10:25 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\system32\BcastDVRHelper.dll
2016-12-10 19:54 - 2016-11-11 10:25 - 00185344 _____ (Microsoft Corporation) C:\WINDOWS\system32\DisplayManager.dll
2016-12-10 19:54 - 2016-11-11 10:25 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcertinst.exe
2016-12-10 19:54 - 2016-11-11 10:25 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\system32\HttpsDataSource.dll
2016-12-10 19:54 - 2016-11-11 10:25 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryBroker.dll
2016-12-10 19:54 - 2016-11-11 10:24 - 00170496 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2016-12-10 19:54 - 2016-11-11 10:24 - 00159744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ACPBackgroundManagerPolicy.dll
2016-12-10 19:54 - 2016-11-11 10:24 - 00158720 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll
2016-12-10 19:54 - 2016-11-11 10:24 - 00122880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryClient.dll
2016-12-10 19:54 - 2016-11-11 10:24 - 00110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.BackgroundManagerPolicy.dll
2016-12-10 19:54 - 2016-11-11 10:24 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\VPNv2CSP.dll
2016-12-10 19:54 - 2016-11-11 10:24 - 00098304 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2016-12-10 19:54 - 2016-11-11 10:23 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnr.dll
2016-12-10 19:54 - 2016-11-11 10:23 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.Search.UriHandler.dll
2016-12-10 19:54 - 2016-11-11 10:23 - 00041472 _____ (Microsoft Corporation) C:\WINDOWS\system32\EAMProgressHandler.dll
2016-12-10 19:54 - 2016-11-11 10:22 - 00211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2016-12-10 19:54 - 2016-11-11 10:22 - 00143360 _____ (Microsoft Corporation) C:\WINDOWS\system32\EDPCleanup.exe
2016-12-10 19:54 - 2016-11-11 10:21 - 00748544 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2016-12-10 19:54 - 2016-11-11 10:21 - 00690688 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2016-12-10 19:54 - 2016-11-11 10:21 - 00379392 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepsync.dll
2016-12-10 19:54 - 2016-11-11 10:21 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2016-12-10 19:54 - 2016-11-11 10:20 - 00641024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngccredprov.dll
2016-12-10 19:54 - 2016-11-11 10:20 - 00574464 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_StorageSense.dll
2016-12-10 19:54 - 2016-11-11 10:20 - 00407552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2016-12-10 19:54 - 2016-11-11 10:20 - 00381952 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll
2016-12-10 19:54 - 2016-11-11 10:20 - 00339456 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpusersvc.dll
2016-12-10 19:54 - 2016-11-11 10:20 - 00260608 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2016-12-10 19:54 - 2016-11-11 10:20 - 00176128 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepapi.dll
2016-12-10 19:54 - 2016-11-11 10:19 - 00620544 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2016-12-10 19:54 - 2016-11-11 10:19 - 00495104 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataSenseHandlers.dll
2016-12-10 19:54 - 2016-11-11 10:19 - 00411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpsvc.dll
2016-12-10 19:54 - 2016-11-11 10:19 - 00389632 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2016-12-10 19:54 - 2016-11-11 10:19 - 00366080 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFolder.dll
2016-12-10 19:54 - 2016-11-11 10:19 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2016-12-10 19:54 - 2016-11-11 10:19 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll
2016-12-10 19:54 - 2016-11-11 10:19 - 00198144 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
2016-12-10 19:54 - 2016-11-11 10:18 - 17188352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-12-10 19:54 - 2016-11-11 10:18 - 02084352 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceFlows.DataModel.dll
2016-12-10 19:54 - 2016-11-11 10:18 - 00278016 _____ (Microsoft Corporation) C:\WINDOWS\system32\netplwiz.dll
2016-12-10 19:54 - 2016-11-11 10:17 - 01220096 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscui.cpl
2016-12-10 19:54 - 2016-11-11 10:17 - 01002496 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2016-12-10 19:54 - 2016-11-11 10:17 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvSysprep.dll
2016-12-10 19:54 - 2016-11-11 10:16 - 01477632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsecedit.dll
2016-12-10 19:54 - 2016-11-11 10:16 - 00560128 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll
2016-12-10 19:54 - 2016-11-11 10:16 - 00184832 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll
2016-12-10 19:54 - 2016-11-11 10:16 - 00161792 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeHelper.dll
2016-12-10 19:54 - 2016-11-11 10:16 - 00105984 _____ (Microsoft Corporation) C:\WINDOWS\system32\RjvMDMConfig.dll
2016-12-10 19:54 - 2016-11-11 10:15 - 00282624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2016-12-10 19:54 - 2016-11-11 10:15 - 00159232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscinterop.dll
2016-12-10 19:54 - 2016-11-11 10:14 - 02104320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2016-12-10 19:54 - 2016-11-11 10:14 - 00713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2016-12-10 19:54 - 2016-11-11 10:14 - 00615424 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnprv.dll
2016-12-10 19:54 - 2016-11-11 10:14 - 00178176 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppnp.dll
2016-12-10 19:54 - 2016-11-11 10:13 - 00396800 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2016-12-10 19:54 - 2016-11-11 10:13 - 00306176 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtcuiu.dll
2016-12-10 19:54 - 2016-11-11 10:12 - 00870912 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtcprx.dll
2016-12-10 19:54 - 2016-11-11 10:11 - 00942080 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2016-12-10 19:54 - 2016-11-11 10:11 - 00870400 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmkvsrcsnk.dll
2016-12-10 19:54 - 2016-11-11 10:11 - 00337920 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2016-12-10 19:54 - 2016-11-11 10:09 - 01366016 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2016-12-10 19:54 - 2016-11-11 10:09 - 00164352 _____ (Microsoft Corporation) C:\WINDOWS\system32\dialserver.dll
2016-12-10 19:54 - 2016-11-11 10:08 - 00539136 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToManager.dll
2016-12-10 19:54 - 2016-11-11 10:07 - 02510848 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2016-12-10 19:54 - 2016-11-11 10:07 - 02009600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2016-12-10 19:54 - 2016-11-11 10:07 - 01691136 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2016-12-10 19:54 - 2016-11-11 10:07 - 00991232 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2016-12-10 19:54 - 2016-11-11 10:07 - 00347648 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2016-12-10 19:54 - 2016-11-11 10:06 - 00960000 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2016-12-10 19:54 - 2016-11-11 10:06 - 00650752 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2016-12-10 19:54 - 2016-11-11 10:05 - 04136448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2016-12-10 19:54 - 2016-11-11 10:05 - 02852864 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2016-12-10 19:54 - 2016-11-11 10:05 - 00673792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2016-12-10 19:54 - 2016-11-11 10:04 - 06664192 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe
2016-12-10 19:54 - 2016-11-11 10:04 - 02800128 _____ (Microsoft Corporation) C:\WINDOWS\system32\netshell.dll
2016-12-10 19:54 - 2016-11-11 10:04 - 01359360 _____ (Microsoft Corporation) C:\WINDOWS\system32\usercpl.dll
2016-12-10 19:54 - 2016-11-11 10:04 - 01232384 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2016-12-10 19:54 - 2016-11-11 10:04 - 00909312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2016-12-10 19:54 - 2016-11-11 10:04 - 00691712 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsm.dll
2016-12-10 19:54 - 2016-11-11 10:04 - 00455168 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2016-12-10 19:54 - 2016-11-11 10:04 - 00389632 _____ (Microsoft Corporation) C:\WINDOWS\system32\stobject.dll
2016-12-10 19:54 - 2016-11-11 10:03 - 04708864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2016-12-10 19:54 - 2016-11-11 10:03 - 02287616 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2016-12-10 19:54 - 2016-11-11 10:03 - 00842240 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntshrui.dll
2016-12-10 19:54 - 2016-11-11 10:03 - 00717824 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2016-12-10 19:54 - 2016-11-11 10:03 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2016-12-10 19:54 - 2016-11-11 10:03 - 00283648 _____ (Microsoft Corporation) C:\WINDOWS\system32\wkssvc.dll
2016-12-10 19:54 - 2016-11-11 10:02 - 03542016 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2016-12-10 19:54 - 2016-11-11 10:02 - 01726976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2016-12-10 19:54 - 2016-11-11 09:39 - 00484584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2016-12-10 19:54 - 2016-11-11 09:00 - 01706488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2016-12-10 19:54 - 2016-11-11 08:59 - 01572768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2016-12-10 19:54 - 2016-11-11 08:54 - 00122208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\migisol.dll
2016-12-10 19:54 - 2016-11-11 08:49 - 00869848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2016-12-10 19:54 - 2016-11-11 08:49 - 00263472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll
2016-12-10 19:54 - 2016-11-11 08:49 - 00248480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2016-12-10 19:54 - 2016-11-11 08:48 - 02277248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2016-12-10 19:54 - 2016-11-11 08:47 - 05722832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2016-12-10 19:54 - 2016-11-11 08:47 - 01430720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2016-12-10 19:54 - 2016-11-11 08:47 - 00527880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2016-12-10 19:54 - 2016-11-11 08:42 - 03892864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2016-12-10 19:54 - 2016-11-11 08:42 - 01123912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2016-12-10 19:54 - 2016-11-11 08:42 - 00952416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2016-12-10 19:54 - 2016-11-11 08:42 - 00382784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2016-12-10 19:54 - 2016-11-11 08:42 - 00374448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFPlay.dll
2016-12-10 19:54 - 2016-11-11 08:42 - 00152416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RTWorkQ.dll
2016-12-10 19:54 - 2016-11-11 08:42 - 00091936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfaudiocnv.dll
2016-12-10 19:54 - 2016-11-11 08:41 - 04311736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2016-12-10 19:54 - 2016-11-11 08:41 - 00157536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudStorageWizard.exe
2016-12-10 19:54 - 2016-11-11 08:38 - 01263856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2016-12-10 19:54 - 2016-11-11 08:28 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2016-12-10 19:54 - 2016-11-11 08:27 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
2016-12-10 19:54 - 2016-11-11 08:25 - 00117248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll
2016-12-10 19:54 - 2016-11-11 08:25 - 00071168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosStorage.dll
2016-12-10 19:54 - 2016-11-11 08:24 - 00519168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ngccredprov.dll
2016-12-10 19:54 - 2016-11-11 08:24 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BcastDVRHelper.dll
2016-12-10 19:54 - 2016-11-11 08:24 - 00138240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DisplayManager.dll
2016-12-10 19:54 - 2016-11-11 08:24 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Shell.Search.UriHandler.dll
2016-12-10 19:54 - 2016-11-11 08:23 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppCapture.dll
2016-12-10 19:54 - 2016-11-11 08:23 - 00094208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryClient.dll
2016-12-10 19:54 - 2016-11-11 08:22 - 00505856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe
2016-12-10 19:54 - 2016-11-11 08:22 - 00122880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sendmail.dll
2016-12-10 19:54 - 2016-11-11 08:21 - 00332288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2016-12-10 19:54 - 2016-11-11 08:21 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2016-12-10 19:54 - 2016-11-11 08:21 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.BackgroundManagerPolicy.dll
2016-12-10 19:54 - 2016-11-11 08:20 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2016-12-10 19:54 - 2016-11-11 08:20 - 00306176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2016-12-10 19:54 - 2016-11-11 08:20 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2016-12-10 19:54 - 2016-11-11 08:19 - 13868544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-12-10 19:54 - 2016-11-11 08:19 - 01755136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DeviceFlows.DataModel.dll
2016-12-10 19:54 - 2016-11-11 08:19 - 00506880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DevicePairing.dll
2016-12-10 19:54 - 2016-11-11 08:19 - 00298496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2016-12-10 19:54 - 2016-11-11 08:19 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepsync.dll
2016-12-10 19:54 - 2016-11-11 08:19 - 00125952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepapi.dll
2016-12-10 19:54 - 2016-11-11 08:18 - 02333184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmSvc.dll
2016-12-10 19:54 - 2016-11-11 08:18 - 01336320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsecedit.dll
2016-12-10 19:54 - 2016-11-11 08:18 - 00431616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\efswrt.dll
2016-12-10 19:54 - 2016-11-11 08:18 - 00318464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchFolder.dll
2016-12-10 19:54 - 2016-11-11 08:17 - 00333312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
2016-12-10 19:54 - 2016-11-11 08:17 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSManHTTPConfig.exe
2016-12-10 19:54 - 2016-11-11 08:15 - 07626752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-12-10 19:54 - 2016-11-11 08:15 - 01357824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2016-12-10 19:54 - 2016-11-11 08:15 - 00838144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2016-12-10 19:54 - 2016-11-11 08:15 - 00348672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\zipfldr.dll
2016-12-10 19:54 - 2016-11-11 08:15 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll
2016-12-10 19:54 - 2016-11-11 08:14 - 00395264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmenrollengine.dll
2016-12-10 19:54 - 2016-11-11 08:13 - 00499200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2016-12-10 19:54 - 2016-11-11 08:12 - 00259584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdtcuiu.dll
2016-12-10 19:54 - 2016-11-11 08:10 - 06109184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2016-12-10 19:54 - 2016-11-11 08:10 - 00746496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdtcprx.dll
2016-12-10 19:54 - 2016-11-11 08:09 - 05380608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2016-12-10 19:54 - 2016-11-11 08:09 - 00545280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll
2016-12-10 19:54 - 2016-11-11 08:08 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xolehlp.dll
2016-12-10 19:54 - 2016-11-11 08:06 - 06474752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspaint.exe
2016-12-10 19:54 - 2016-11-11 08:06 - 02362880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapRouter.dll
2016-12-10 19:54 - 2016-11-11 08:06 - 02109952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapGeocoder.dll
2016-12-10 19:54 - 2016-11-11 08:06 - 01228288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usercpl.dll
2016-12-10 19:54 - 2016-11-11 08:06 - 00400384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToManager.dll
2016-12-10 19:54 - 2016-11-11 08:06 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mtxclu.dll
2016-12-10 19:54 - 2016-11-11 08:05 - 04423680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2016-12-10 19:54 - 2016-11-11 08:05 - 03370496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2016-12-10 19:54 - 2016-11-11 08:04 - 02682880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netshell.dll
2016-12-10 19:54 - 2016-11-11 08:04 - 01992704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2016-12-10 19:54 - 2016-11-11 08:04 - 01595392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-12-10 19:54 - 2016-11-11 08:04 - 00912896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2016-12-10 19:54 - 2016-11-11 08:04 - 00715264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2016-12-10 19:54 - 2016-11-11 08:04 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\stobject.dll
2016-12-10 19:54 - 2016-11-11 08:03 - 02484736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gameux.dll
2016-12-10 19:54 - 2016-11-11 08:03 - 02256384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-12-10 19:54 - 2016-11-11 08:03 - 01576448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2016-12-10 19:54 - 2016-11-11 08:03 - 01556480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2016-12-10 19:54 - 2016-11-11 08:03 - 00760832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
2016-12-10 19:54 - 2016-11-11 08:03 - 00565248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2016-12-10 19:54 - 2016-11-11 08:02 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2016-12-10 19:53 - 2016-11-11 10:59 - 00433504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2016-12-10 19:53 - 2016-11-11 10:56 - 04673304 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2016-12-10 19:53 - 2016-11-11 10:28 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2016-12-10 19:53 - 2016-11-11 10:28 - 00040960 _____ (Microsoft Corporation) C:\WINDOWS\system32\CbtBackgroundManagerPolicy.dll
2016-12-10 19:53 - 2016-11-11 10:27 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetCfgNotifyObjectHost.exe
2016-12-10 19:53 - 2016-11-11 10:25 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2016-12-10 19:53 - 2016-11-11 10:25 - 00089600 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll
2016-12-10 19:53 - 2016-11-11 10:24 - 00136192 _____ (Microsoft Corporation) C:\WINDOWS\system32\sendmail.dll
2016-12-10 19:53 - 2016-11-11 10:23 - 00567296 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicePairing.dll
2016-12-10 19:53 - 2016-11-11 10:22 - 00489472 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2016-12-10 19:53 - 2016-11-11 10:22 - 00082944 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll
2016-12-10 19:53 - 2016-11-11 10:21 - 00587776 _____ (Microsoft Corporation) C:\WINDOWS\system32\vpnike.dll
2016-12-10 19:53 - 2016-11-11 10:21 - 00313856 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2016-12-10 19:53 - 2016-11-11 10:20 - 00657920 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2016-12-10 19:53 - 2016-11-11 10:20 - 00590336 _____ (Microsoft Corporation) C:\WINDOWS\system32\efswrt.dll
2016-12-10 19:53 - 2016-11-11 10:20 - 00446976 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2016-12-10 19:53 - 2016-11-11 10:20 - 00125952 _____ (Microsoft Corporation) C:\WINDOWS\system32\setupugc.exe
2016-12-10 19:53 - 2016-11-11 10:20 - 00115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\IdCtrls.dll
2016-12-10 19:53 - 2016-11-11 10:19 - 09131008 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-12-10 19:53 - 2016-11-11 10:19 - 00388096 _____ (Microsoft Corporation) C:\WINDOWS\system32\zipfldr.dll
2016-12-10 19:53 - 2016-11-11 10:16 - 02716672 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmSvc.dll
2016-12-10 19:53 - 2016-11-11 10:15 - 00032256 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSManHTTPConfig.exe
2016-12-10 19:53 - 2016-11-11 10:14 - 07654400 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2016-12-10 19:53 - 2016-11-11 10:13 - 07812096 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2016-12-10 19:53 - 2016-11-11 10:11 - 00096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\umpoext.dll
2016-12-10 19:53 - 2016-11-11 10:07 - 03441152 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapRouter.dll
2016-12-10 19:53 - 2016-11-11 10:07 - 02953216 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapGeocoder.dll
2016-12-10 19:53 - 2016-11-11 10:07 - 01060864 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2016-12-10 19:53 - 2016-11-11 10:07 - 00779776 _____ (Microsoft Corporation) C:\WINDOWS\system32\cscui.dll
2016-12-10 19:53 - 2016-11-11 10:06 - 03400192 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncCenter.dll
2016-12-10 19:53 - 2016-11-11 10:05 - 01779712 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-12-10 19:53 - 2016-11-11 10:05 - 01031680 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2016-12-10 19:53 - 2016-11-11 10:04 - 02611200 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameux.dll
2016-12-10 19:53 - 2016-11-11 10:04 - 02317312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-12-10 19:53 - 2016-11-11 10:04 - 01709056 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2016-12-10 19:53 - 2016-11-11 10:03 - 02669056 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-12-10 19:53 - 2016-11-11 10:03 - 00905216 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2016-12-10 19:53 - 2016-11-11 10:03 - 00632320 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2016-12-10 19:53 - 2016-11-11 10:02 - 00936448 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2016-12-10 19:53 - 2016-11-11 09:01 - 02206496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2016-12-10 19:53 - 2016-11-11 09:01 - 01969912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hevcdecoder.dll
2016-12-10 19:53 - 2016-11-11 09:01 - 00167848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscapi.dll
2016-12-10 19:53 - 2016-11-11 08:42 - 20969928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-12-10 19:53 - 2016-11-11 08:27 - 00065024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetCfgNotifyObjectHost.exe
2016-12-10 19:53 - 2016-11-11 08:26 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgentc.exe
2016-12-10 19:53 - 2016-11-11 08:19 - 00364544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
2016-12-10 19:53 - 2016-11-11 08:19 - 00114176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setupugc.exe
2016-12-10 19:53 - 2016-11-11 08:18 - 01196544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscui.cpl
2016-12-10 19:53 - 2016-11-11 08:18 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscinterop.dll
2016-12-10 19:53 - 2016-11-11 08:16 - 00253952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2016-12-10 19:53 - 2016-11-11 08:03 - 00772608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntshrui.dll
2016-12-09 20:05 - 2016-12-09 20:05 - 00000374 _____ C:\WINDOWS\SysWOW64\data.bin
2016-11-26 11:50 - 2016-11-26 12:10 - 00000000 ____D C:\WINDOWS\system32\SSL
2016-11-26 11:50 - 2016-11-09 15:55 - 00778752 _____ C:\WINDOWS\system32\chtbrkg.dll
2016-11-26 11:50 - 2016-11-09 15:55 - 00590848 _____ C:\WINDOWS\SysWOW64\chtbrkg.dll
2016-11-26 11:10 - 2016-11-26 11:10 - 00006106 _____ C:\WINDOWS\System32\Tasks\Hfodompherzuward Manager
2016-11-26 11:09 - 2016-11-26 11:09 - 00000000 ____D C:\Users\db\AppData\Local\Reasward
2016-11-26 11:08 - 2016-11-26 11:08 - 00000000 _____ C:\TOSTACK

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-12-23 22:57 - 2016-06-18 12:47 - 00000000 ____D C:\Users\db\AppData\Local\ClassicShell
2016-12-23 16:12 - 2016-07-16 23:51 - 01754104 _____ C:\WINDOWS\system32\perfh007.dat
2016-12-23 16:12 - 2016-07-16 23:51 - 00439714 _____ C:\WINDOWS\system32\perfc007.dat
2016-12-23 16:12 - 2016-06-18 12:14 - 03776216 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-12-23 16:07 - 2016-10-29 16:26 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-12-23 16:07 - 2016-07-16 07:04 - 00262144 _____ C:\WINDOWS\system32\config\BBI
2016-12-23 13:04 - 2014-01-12 06:08 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2016-12-23 12:58 - 2014-04-17 10:49 - 00250816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-12-23 12:58 - 2014-04-17 10:49 - 00176064 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-12-23 12:58 - 2014-04-17 10:49 - 00043968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-12-23 12:52 - 2016-07-16 12:45 - 00000000 ____D C:\WINDOWS\INF
2016-12-23 12:21 - 2016-10-29 16:15 - 00345480 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-12-23 09:49 - 2014-01-12 20:15 - 00000000 ____D C:\Users\db\AppData\Local\JDownloader 2.0
2016-12-23 00:04 - 2014-04-17 10:49 - 00091584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2016-12-22 18:15 - 2014-03-17 18:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet und Sicherheit
2016-12-22 18:15 - 2014-01-12 12:22 - 00000000 ____D C:\Users\db\Desktop\Programme
2016-12-22 17:14 - 2016-07-16 12:47 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-12-22 16:39 - 2016-10-29 16:15 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2016-12-22 13:13 - 2016-10-29 16:18 - 00000000 ____D C:\Users\db
2016-12-22 12:49 - 2016-07-16 12:47 - 00000000 ___HD C:\Program Files\WindowsApps
2016-12-22 12:49 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-12-22 12:49 - 2014-01-12 05:33 - 00000000 ____D C:\Users\db\AppData\Local\Packages
2016-12-22 12:48 - 2014-02-23 15:45 - 00000000 ____D C:\Users\db\AppData\Roaming\vlc
2016-12-22 12:36 - 2014-02-23 15:22 - 00000000 ____D C:\Program Files\VideoLAN
2016-12-22 12:24 - 2016-11-23 11:49 - 00000000 ____D C:\Users\db\AppData\Roaming\Skype
2016-12-22 11:52 - 2015-01-02 18:15 - 00000000 ____D C:\Program Files\WinRAR
2016-12-22 11:07 - 2014-01-12 05:52 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-12-18 18:32 - 2014-01-22 19:02 - 00000000 ____D C:\Users\db\AppData\Local\Microsoft Help
2016-12-17 22:52 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\rescache
2016-12-17 14:06 - 2016-10-29 16:18 - 03407872 ____H C:\Users\db\NTUSER.bak
2016-12-16 19:53 - 2016-01-28 14:38 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-12-16 19:51 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2016-12-16 19:51 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\Macromed
2016-12-16 19:49 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\ShellExperiences
2016-12-14 20:17 - 2014-12-04 12:44 - 00000000 ____D C:\Users\db\AppData\Local\ElevatedDiagnostics
2016-12-14 19:36 - 2016-07-16 12:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-12-14 07:11 - 2014-01-12 13:58 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-12-14 06:57 - 2014-01-22 19:03 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2016-12-14 06:49 - 2014-01-12 13:58 - 135632432 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-12-14 06:36 - 2014-10-01 20:58 - 00000000 ____D C:\Users\db\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spiele
2016-12-14 06:36 - 2014-02-22 18:38 - 00000000 ____D C:\Users\db\Documents\My Games
2016-12-12 22:51 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2016-12-12 18:55 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2016-12-12 00:56 - 2016-07-16 12:49 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-12-12 00:56 - 2016-07-16 12:49 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-12-11 08:14 - 2013-08-22 14:25 - 00000167 _____ C:\WINDOWS\win.ini
2016-12-11 01:40 - 2016-07-16 12:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-12-11 01:40 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\SysWOW64\oobe
2016-12-11 01:40 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2016-12-11 01:40 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-12-11 01:40 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-12-11 01:40 - 2016-07-16 07:04 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
2016-12-11 01:40 - 2016-07-16 07:04 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2016-12-11 01:40 - 2016-07-16 07:04 - 00000000 ____D C:\WINDOWS\system32\Dism
2016-12-11 01:40 - 2016-07-16 07:04 - 00000000 ____D C:\WINDOWS\servicing
2016-12-10 15:39 - 2016-11-23 12:21 - 00002121 _____ C:\Users\db\Desktop\Skype.lnk
2016-12-10 15:39 - 2016-10-29 16:23 - 00001576 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-12-10 15:39 - 2016-10-02 07:03 - 00002378 _____ C:\Users\db\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-12-10 15:39 - 2016-04-24 20:51 - 00000718 _____ C:\Users\db\Desktop\Ausbildung Sozifa.lnk
2016-12-10 15:39 - 2016-03-30 11:29 - 00001051 _____ C:\Users\db\Desktop\F! Manager.lnk
2016-12-10 15:39 - 2016-03-25 10:21 - 00001092 _____ C:\Users\db\Desktop\Dungeon.lnk
2016-12-10 15:39 - 2016-03-01 22:47 - 00001004 _____ C:\Users\db\Desktop\Core Temp.lnk
2016-12-10 15:39 - 2015-06-16 03:56 - 00001085 _____ C:\Users\Public\Desktop\D-Fend Reloaded.lnk
2016-12-10 15:39 - 2015-02-15 21:25 - 00000295 _____ C:\Users\db\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Papierkorb.lnk
2016-12-10 15:39 - 2014-07-10 00:55 - 00001043 _____ C:\Users\Public\Desktop\123 Free Solitaire.lnk
2016-12-10 15:39 - 2014-01-22 22:01 - 00001484 _____ C:\Users\db\Desktop\Music.lnk
2016-12-10 15:39 - 2014-01-13 00:51 - 00001449 _____ C:\Users\db\Desktop\Anstoss3.lnk
2016-12-10 15:39 - 2014-01-12 21:04 - 00002163 _____ C:\Users\db\Desktop\JDownloader 2.lnk
2016-12-10 15:39 - 2014-01-12 13:28 - 00000781 _____ C:\Users\db\Desktop\heruntergeladene Programme.lnk
2016-12-10 15:39 - 2014-01-12 13:28 - 00000725 _____ C:\Users\db\Desktop\Studium Geschichte.lnk
2016-12-10 15:39 - 2014-01-12 13:28 - 00000662 _____ C:\Users\db\Desktop\sonstiges.lnk
2016-12-10 15:39 - 2014-01-12 13:27 - 00000676 _____ C:\Users\db\Desktop\Downloads 1.lnk
2016-12-10 15:39 - 2014-01-12 13:27 - 00000639 _____ C:\Users\db\Desktop\Bilder.lnk
2016-12-10 15:39 - 2014-01-12 06:15 - 00001019 _____ C:\Users\Public\Desktop\AMP WinOFF.lnk
2016-12-10 15:39 - 2014-01-12 05:34 - 00000424 _____ C:\Users\db\Desktop\Arbeitsplatz.lnk
2016-12-09 19:57 - 2016-07-16 12:42 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
2016-12-09 15:52 - 2013-08-22 16:44 - 00389408 __RSH C:\bootmgr
2016-12-05 21:03 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\ModemLogs
2016-12-05 21:03 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\MediaViewer
2016-11-26 18:38 - 2014-08-21 18:34 - 00000000 ____D C:\Program Files (x86)\Renesas Electronics
2016-11-26 18:38 - 2014-01-12 06:15 - 00000000 ____D C:\Program Files (x86)\ImgBurn
2016-11-26 18:15 - 2016-04-04 16:49 - 00000000 ____D C:\Program Files\Intel
2016-11-26 16:57 - 2016-03-01 23:30 - 00000000 ____D C:\Program Files (x86)\SpeedFan
2016-11-26 11:12 - 2014-01-14 14:13 - 00000000 ____D C:\Program Files (x86)\Mobile Partner
2016-11-26 11:12 - 2014-01-12 20:33 - 00000000 ____D C:\Program Files (x86)\ANSTOSS 3
2016-11-26 11:11 - 2016-10-29 17:07 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2016-11-26 11:11 - 2016-10-29 17:07 - 00000000 ____D C:\Program Files (x86)\MSBuild
2016-11-26 11:11 - 2016-07-16 12:47 - 00000000 __SHD C:\Program Files (x86)\Windows Sidebar
2016-11-26 11:11 - 2016-07-16 12:47 - 00000000 ____D C:\Program Files (x86)\Windows Portable Devices
2016-11-26 11:11 - 2016-07-16 12:47 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2016-11-26 11:11 - 2016-07-16 12:47 - 00000000 ____D C:\Program Files (x86)\Windows NT
2016-11-26 11:11 - 2016-07-16 12:47 - 00000000 ____D C:\Program Files (x86)\Windows Multimedia Platform
2016-11-26 11:11 - 2016-07-16 12:47 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2016-11-26 11:11 - 2016-07-04 17:11 - 00000000 ____D C:\Program Files (x86)\ATI Technologies
2016-11-26 11:11 - 2015-10-10 14:11 - 00000000 ____D C:\Program Files (x86)\PDF24
2016-11-26 11:11 - 2015-09-06 13:11 - 00000000 ____D C:\Program Files (x86)\TSR Soft
2016-11-26 11:11 - 2015-06-16 03:56 - 00000000 ____D C:\Program Files (x86)\D-Fend Reloaded
2016-11-26 11:11 - 2015-06-15 18:11 - 00000000 ____D C:\Program Files (x86)\DOSBox-0.74
2016-11-26 11:11 - 2015-04-03 08:58 - 00000000 ____D C:\Program Files (x86)\Airline Tycoon - Deluxe
2016-11-26 11:11 - 2015-01-27 12:23 - 00000000 ____D C:\Program Files (x86)\DAEMON Tools Lite
2016-11-26 11:11 - 2014-11-26 19:31 - 00000000 ____D C:\Program Files (x86)\EaseUS
2016-11-26 11:11 - 2014-09-26 16:58 - 00000000 ____D C:\Program Files (x86)\Telestar
2016-11-26 11:11 - 2014-07-10 00:55 - 00000000 ____D C:\Program Files (x86)\123 Free Solitaire
2016-11-26 11:11 - 2014-06-11 15:03 - 00000000 ____D C:\Program Files (x86)\ClockworkMod
2016-11-26 11:11 - 2014-04-17 10:49 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-11-26 11:11 - 2014-03-25 15:08 - 00000000 ____D C:\Program Files (x86)\KWorld Multimedia
2016-11-26 11:11 - 2014-03-21 12:28 - 00000000 ____D C:\Program Files (x86)\FOXIT SOFTWARE
2016-11-26 11:11 - 2014-03-20 18:14 - 00000000 ____D C:\Program Files (x86)\JAM Software
2016-11-26 11:11 - 2014-02-23 15:46 - 00000000 ____D C:\Program Files (x86)\VideoLAN
2016-11-26 11:11 - 2014-02-21 18:07 - 00000000 ____D C:\Program Files (x86)\Valve
2016-11-26 11:11 - 2014-01-29 13:45 - 00000000 ____D C:\Program Files (x86)\Breakaway
2016-11-26 11:11 - 2014-01-23 20:31 - 00000000 ____D C:\Program Files (x86)\IrfanView
2016-11-26 11:11 - 2014-01-22 19:03 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server
2016-11-26 11:11 - 2014-01-22 19:02 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2016-11-26 11:11 - 2014-01-22 19:02 - 00000000 ____D C:\Program Files (x86)\Microsoft Analysis Services
2016-11-26 11:11 - 2014-01-18 14:08 - 00000000 ____D C:\Program Files (x86)\Sparhandy Modem
2016-11-26 11:11 - 2014-01-12 06:19 - 00000000 ____D C:\Program Files (x86)\Intel
2016-11-26 11:11 - 2014-01-12 06:15 - 00000000 ____D C:\Program Files (x86)\AMP WinOFF
2016-11-26 11:11 - 2014-01-12 06:11 - 00000000 ____D C:\Program Files (x86)\MozBackup
2016-11-26 11:11 - 2014-01-12 06:09 - 00000000 ____D C:\Program Files (x86)\Nero
2016-11-26 11:11 - 2014-01-12 05:52 - 00000000 ___HD C:\Program Files (x86)\Temp
2016-11-26 11:11 - 2014-01-12 05:52 - 00000000 ____D C:\Program Files (x86)\Realtek

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2014-04-18 01:41 - 2015-06-16 03:52 - 0000346 ___SH () C:\Users\db\AppData\Local\70149b02515b3bb20dd492.47983420
2016-03-20 17:02 - 2016-03-20 17:02 - 0000001 _____ () C:\Users\db\AppData\Local\llftool.4.40.agreement
2016-08-05 11:03 - 2016-08-05 11:03 - 0001932 _____ () C:\Users\db\AppData\Local\recently-used.xbel

==================== Bamital & volsnap ======================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert

LastRegBack: 2016-12-23 16:56

==================== Ende von FRST.txt ============================


Code:
Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 21-12-2016
durchgeführt von db (24-12-2016 09:06:09)
Gestartet von D:\heruntergeladene Programme\Antivirusprogramme
Windows 10 Pro Version 1607 (X64) (2016-10-29 15:28:11)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-2865356430-1766797703-3585162535-500 - Administrator - Disabled)
db (S-1-5-21-2865356430-1766797703-3585162535-1001 - Administrator - Enabled) => C:\Users\db
DefaultAccount (S-1-5-21-2865356430-1766797703-3585162535-503 - Limited - Disabled)
Gast (S-1-5-21-2865356430-1766797703-3585162535-501 - Limited - Disabled)

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Disabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Disabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

Airline Tycoon - Deluxe (HKLM-x32\...\Airline Tycoon - Deluxe) (Version:  - Spellbound Entertainment AG)
AMD Install Manager (HKLM\...\AMD Catalyst Install Manager) (Version: 5.00 - Advanced Micro Devices, Inc.)
AMP WinOFF 5.0.1 (HKLM-x32\...\AMP WinOFF) (Version: 5.0.1 - Alberto Martinez Perez)
calibre 64bit (HKLM\...\{31ED17F1-B223-404B-9415-C31404A24CE9}) (Version: 2.16.0 - Kovid Goyal)
Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch (x32 Version:  - ) Hidden
Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch (x32 Version: 1.6 - Activision) Hidden
Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch (x32 Version:  - ) Hidden
Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch (x32 Version: 1.7 - Activision) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.25 - Piriform)
Classic Shell (HKLM\...\{383BB30A-B4A7-4666-9A83-22CFA8640097}) (Version: 4.3.0 - IvoSoft)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
D-Fend Reloaded 1.4.2 (deinstallieren) (HKLM-x32\...\D-Fend Reloaded) (Version: 1.4.2 - Alexander Herzog)
EPSON BX300F Series Printer Uninstall (HKLM\...\EPSON BX300F Series) (Version:  - SEIKO EPSON Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 55.0.2883.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.21.169 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Intel(R) Turbo Boost Technology Driver (HKLM-x32\...\{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}) (Version: 01.02.00.1002 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.35 - Irfan Skiljan)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
Malwarebytes Version 3.0.5.1299 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.5.1299 - Malwarebytes)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Mobile Partner (HKLM-x32\...\Mobile Partner) (Version: 21.005.20.00.858 - Huawei Technologies Co.,Ltd)
MozBackup 1.5.1 (HKLM-x32\...\MozBackup) (Version:  - Pavel Cvrcek)
Mozilla Firefox 50.1.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 50.1.0 (x86 de)) (Version: 50.1.0 - Mozilla)
Nero12EssTSST (HKLM-x32\...\{1DEC64C1-7F34-44CD-BC35-8E0A096300CF}) (Version: 12.0.01100 - Nero AG)
Outils de vérification linguistique 2013 de Microsoft Office*- Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Prerequisite installer (x32 Version: 12.0.0002 - Nero AG) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5901 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.1.39.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.1.39.0 - Renesas Electronics Corporation) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version:  - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version:  - Microsoft) Hidden
Skype™ 7.30 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.30.105 - Skype Technologies S.A.)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.6.1040 - SUPERAntiSpyware.com)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Universal Adb Driver (HKLM-x32\...\{D9C4202E-6D51-4B06-A8F1-22316E654BCA}) (Version: 1.0.0 - ClockworkMod)
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
Update for Skype for Business 2015 (KB3039776) 64-Bit Edition (HKLM\...\{90150000-012B-0407-1000-0000000FF1CE}_Office15.PROPLUS_{5D2260D6-DB16-41DC-915B-A39BF4F66362}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB3127976) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{E0107125-62C7-43B6-8E66-0582F397469E}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB3127976) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{E0107125-62C7-43B6-8E66-0582F397469E}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB3127976) 64-Bit Edition (HKLM\...\{90150000-012B-0407-1000-0000000FF1CE}_Office15.PROPLUS_{E0107125-62C7-43B6-8E66-0582F397469E}) (Version:  - Microsoft)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN)
WinRAR 5.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {0AB6B009-7DBF-426E-9578-CB671A7BAAB4} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {0AEA29F8-65A6-46EF-95E6-7FE2D1362BAA} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {0D5260B3-58B0-49AC-89B7-195D7DF1E783} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {0F3C25D8-8FA6-4E4D-A028-0215E2E799D0} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {13AB359D-4D1D-4581-A999-84566CDB9E35} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {194E8F57-194A-4DA4-BB0E-27C79F59CC4D} - System32\Tasks\Hfodompherzuward Manager => C:\Program Files (x86)\Serlingplsuing\varise.exe
Task: {1B13BC78-82C4-4B14-BF20-C1E4DDD17DC7} - System32\Tasks\{ED3DEA28-263B-4849-AD42-442E4E240903} => pcalua.exe -a E:\battlefield2.exe -d E:\
Task: {1EA73746-34FE-4FE0-A07B-2FD4F7F44DF0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-12-18] (Google Inc.)
Task: {2454F47A-A5FC-4223-BC7B-824C5440788C} - System32\Tasks\{1BC10A7A-E47A-4D51-BD6F-71E275B9D006} => pcalua.exe -a E:\battlefield2.exe -d E:\
Task: {2E78B88E-2F42-4529-8286-2902DC993395} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {34FA9A2C-6C92-415E-ABCE-828CE00479D1} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {3730C43B-1868-462C-B00D-A2793CCD5CC2} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {3F034658-1B6E-4A94-9350-D103B77B541A} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {3F5C17E2-0992-41FA-AF83-2C31A45AA512} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {436E6C34-F7A8-43BA-B84C-5430F8AE0EDE} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {46355976-A45A-4DEF-80ED-2A10AF3E669F} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {4891C0AF-9830-49E5-9272-721F8DCE13FB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-12-18] (Google Inc.)
Task: {4D3846F9-2377-4BF8-9335-BA5F337877F9} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {53AAAD09-0874-4310-AB3E-E0D9ECF24D1B} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {5E7822EA-E5F4-48A3-94C8-2D8324A39BB3} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe
Task: {6C944835-49CB-4067-A329-93F83C7178F3} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\WINDOWS\ehome\ehrec.exe
Task: {6EBA4820-091E-44EF-B766-B3B459D86E57} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe
Task: {71111D05-B70F-4968-95D7-9233E2575526} - System32\Tasks\{13CF39C7-1E82-40A0-AB33-F8A1074CE36D} => pcalua.exe -a C:\UT2004\System\Setup.exe -d C:\UT2004\System -c uninstall "UT2004"
Task: {97BEE186-07E7-4B9E-89FA-0330B3499536} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {A9BDE5B3-2260-4238-8A45-16F52CDD028E} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-12-06] (Piriform Ltd)
Task: {ABEB7469-3657-4409-8957-4FC0DACFB05B} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {B0C2DD2B-9C43-4349-834D-0F68F9B1CA5B} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {B90AB521-FB73-403A-A6B9-9103C85B8CB3} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {B9D938EF-4D34-4AE5-8CDE-456A1F98B022} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {C4BA3D3C-E832-41FA-8F9A-9FE02DFD5A3E} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {D334B8AE-B700-4951-9118-159328ECBAD2} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {DF9730D3-0190-45D3-9028-2F5EE0E3083E} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {ED75BD0B-9BDC-4BB9-BCA3-2E2FC7EAE788} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {F7D64D7D-6860-4F05-AB8F-BDD62B076F7C} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)


==================== Verknüpfungen =============================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)

Shortcut: C:\Users\db\Desktop\F! Manager.lnk -> D:\Downloads 1\F1Manager\START.bat ()
Shortcut: C:\Users\db\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spiele\Blue Byte\Die Siedler IV\Blue Byte Game Channel.lnk -> hxxp://www.bluebyte.net/

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2014-02-21 21:44 - 2014-12-06 02:01 - 00066872 _____ () C:\WINDOWS\SysWoW64\PnkBstrA.exe
2014-02-21 21:44 - 2014-12-06 02:02 - 00107832 _____ () C:\WINDOWS\SysWoW64\PnkBstrB.exe
2014-01-14 14:14 - 2014-01-14 14:14 - 00246112 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe
2014-01-18 14:08 - 2012-03-14 12:05 - 00053312 _____ () C:\Program Files (x86)\Sparhandy Modem\BackgroundService\ServiceManager.exe
2016-07-16 12:42 - 2016-07-16 12:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-12-13 19:51 - 2016-12-09 11:29 - 02681200 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-12-13 19:51 - 2016-12-09 11:29 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-12-13 19:51 - 2016-12-09 11:29 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-10-29 16:30 - 2016-10-29 16:30 - 01864384 _____ () C:\Users\db\AppData\Local\Microsoft\OneDrive\17.3.6517.0809_1\amd64\ClientTelemetry.dll
2016-10-29 17:11 - 2016-10-29 17:11 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2016-12-13 19:50 - 2016-12-09 10:41 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2014-01-14 14:14 - 2014-01-14 14:14 - 00011362 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\mingwm10.dll
2014-01-14 14:14 - 2014-01-14 14:14 - 00043008 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\libgcc_s_dw2-1.dll
2014-01-14 14:14 - 2014-01-14 14:14 - 02415104 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\QtCore4.dll
2014-01-14 14:14 - 2014-01-14 14:14 - 01148416 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\QtNetwork4.dll
2014-01-14 14:14 - 2014-01-14 14:14 - 00384512 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\QueryStrategy.dll
2014-01-14 14:14 - 2014-01-14 14:14 - 00398336 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\QtXml4.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)


==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)


==================== Hosts Inhalt: ===============================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____N C:\WINDOWS\system32\Drivers\etc\hosts


==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-2865356430-1766797703-3585162535-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\db\AppData\Roaming\Microsoft\Windows Photo Viewer\Hintergrundbild der Windows-Fotoanzeige.jpg
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

HKLM\...\StartupApproved\Run: => "StartCN"
HKLM\...\StartupApproved\Run32: => "avgnt"
HKLM\...\StartupApproved\Run32: => "StartCCC"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "Avira Systray"
HKLM\...\StartupApproved\Run32: => "PlaysTV"
HKLM\...\StartupApproved\Run32: => "Raptr"
HKLM\...\StartupApproved\Run32: => "Avira SystrayStartTrigger"
HKU\S-1-5-21-2865356430-1766797703-3585162535-1001\...\StartupApproved\Run: => "HydraVisionDesktopManager"
HKU\S-1-5-21-2865356430-1766797703-3585162535-1001\...\StartupApproved\Run: => "EPSON Stylus Office BX300F"

==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [vm-monitoring-nb-session] => LPort=139
FirewallRules: [{014DF778-9A0B-4A9D-881C-537C17DCAAE4}] => C:\Program Files (x86)\Nero\Nero 12\Nero BackItUp\BackItUp.exe
FirewallRules: [{7FDE83D3-11B7-4D4B-B335-56403F7B2DD8}] => C:\Program Files (x86)\Nero\Nero 12\Nero BackItUp\BackItUp.exe
FirewallRules: [{0E4A56FA-955C-4330-883B-B1607E6FA733}] => C:\Program Files (x86)\Nero\KM\KwikMedia.exe
FirewallRules: [{601A22F8-6E9A-4575-9FC5-6DEE1D4971D2}] => C:\Program Files (x86)\Nero\KM\KwikMedia.exe
FirewallRules: [{64F2A352-A960-46FA-B313-F4E936D874BE}] => C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{CFBE1B6D-B1CD-4471-A8EC-11A098B89754}] => C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{6C1135A9-AFD2-47A0-A2FD-0C75895D5F20}] => C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{D5206996-B1ED-40CF-9509-3BDD0522981F}] => C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{CF24AF9E-F8BF-49BD-BFBB-B5B5F21D2D49}] => C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{3488443A-FE54-4DFE-AD00-2A7BEA0F955F}] => C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{934B94D4-EE6C-4936-94EE-1CD317E382BF}] => C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{8CCC3458-3CA2-4AFB-85BE-0602DDA7CA93}] => C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{0079C627-51B6-4178-8F81-A07BAE786BBD}] => C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{40EE72F9-E40D-4D84-8776-5E103EA9F762}] => C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{8ACE0E43-AE05-4D01-A20F-6D139E969FA3}] => C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{3D03CF39-629D-4847-8B37-EC6D612BA4D5}] => C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [TCP Query User{6EC1A918-2C6C-4757-A7F2-D1208923B223}C:\windows\syswow64\dplaysvr.exe] => C:\windows\syswow64\dplaysvr.exe
FirewallRules: [UDP Query User{2EA2EF77-1347-4595-8C09-7DC22D18919A}C:\windows\syswow64\dplaysvr.exe] => C:\windows\syswow64\dplaysvr.exe
FirewallRules: [TCP Query User{B3CF27DE-9720-4603-8C41-6ED088A48264}C:\program files (x86)\kworld multimedia\hypermedia\liveupdate\liveupdate.exe] => C:\program files (x86)\kworld multimedia\hypermedia\liveupdate\liveupdate.exe
FirewallRules: [UDP Query User{69E858C0-6B85-47C3-9074-0292F385A6D7}C:\program files (x86)\kworld multimedia\hypermedia\liveupdate\liveupdate.exe] => C:\program files (x86)\kworld multimedia\hypermedia\liveupdate\liveupdate.exe
FirewallRules: [{253034A2-3C02-414A-BB3C-0634D23E4D1C}] => LPort=80
FirewallRules: [{B2EC26D2-E0B1-46AF-B990-16F98BB17653}] => LPort=443
FirewallRules: [{3D4B0D62-326B-4D57-A6DA-278D4A6F6688}] => LPort=20010
FirewallRules: [{A880EC3B-22AF-4F2B-9714-3C85C973D3D2}] => LPort=3478
FirewallRules: [{951B7EDD-ED2E-4405-B16F-D9D2923A787C}] => LPort=7850
FirewallRules: [{6CF1E03F-5F7A-4CA1-8D9F-E3726C889122}] => LPort=7852
FirewallRules: [{1D0B4EEC-3172-4167-A454-011B17867B41}] => LPort=7853
FirewallRules: [{F115EE06-A299-4C21-B7F1-575E1AB70798}] => LPort=27022
FirewallRules: [{6A77E5F4-BEF0-4B82-A9CF-320AC72BA6D4}] => LPort=6881
FirewallRules: [{132D4B2B-3CDF-43BF-93AA-C7E33E537AF4}] => LPort=33333
FirewallRules: [{684C5A27-CEC3-490D-97C7-7B907746B871}] => LPort=20443
FirewallRules: [{CBC8C096-2C19-4B1D-AA71-1909130CABF9}] => LPort=8090
FirewallRules: [TCP Query User{A507A371-5BF0-4A78-A2F2-FA9A72719B29}C:\program files (x86)\telestar\telestar.exe] => C:\program files (x86)\telestar\telestar.exe
FirewallRules: [UDP Query User{9AEAE644-063C-45CC-9528-FE3D512E22DF}C:\program files (x86)\telestar\telestar.exe] => C:\program files (x86)\telestar\telestar.exe
FirewallRules: [{DA433F71-62F0-49C4-8663-4D43558951FA}] => C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{568DD947-A74A-4266-A099-6C7FBE491A0A}] => C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{8C71E734-7651-4CF1-8682-1671AD6595FC}] => C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{B0E30C76-C0C7-49E1-B137-DD67636A5C4D}] => C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [UDP Query User{3C8820C5-D8E1-42A8-B397-52D01B5F8B18}C:\program files (x86)\skype\phone\skype.exe] => C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{2BFF209A-BA93-4357-BCC1-120D0C12A121}C:\program files (x86)\skype\phone\skype.exe] => C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{C925960E-5025-4319-B251-04F930A2A28C}C:\program files (x86)\skype\phone\skype.exe] => C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{F30AF08D-D92C-48C6-B170-70BB85DE65F0}] => C:\Users\db\AppData\Local\Temp\is-7V9CD.tmp\download\MiniThunderPlatform.exe
FirewallRules: [{39E1D2A5-5990-4CCD-BB6D-971F4180DE90}] => LPort=1688
FirewallRules: [{E1C81A22-33CD-4CA2-A2DD-3FEAEF232B8E}] => LPort=1688
FirewallRules: [{212EB54C-3E17-4B80-BC16-1119E69CA757}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{DC6CFF15-4107-4F62-B1C9-73398426599E}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{5120A1FC-2DBA-4328-841F-795966F9F2F1}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Wiederherstellungspunkte =========================

23-12-2016 12:24:06 Avira System Speedup Optimierung
23-12-2016 12:25:24 JRT Pre-Junkware Removal
23-12-2016 12:34:31 JRT Pre-Junkware Removal

==================== Fehlerhafte Geräte im Gerätemanager =============

Name: USB 2.0 Camera
Description: USB-Videogerät
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: Microsoft
Service: usbvideo
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (12/23/2016 04:36:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: anstoss3.exe, Version: 1.1.0.0, Zeitstempel: 0x3f02fbca
Name des fehlerhaften Moduls: apphelp.dll, Version: 10.0.14393.0, Zeitstempel: 0x57898eeb
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00053f42
ID des fehlerhaften Prozesses: 0x810
Startzeit der fehlerhaften Anwendung: 0x01d25d321676a644
Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\ANSTOSS 3\anstoss3.exe
Pfad des fehlerhaften Moduls: C:\WINDOWS\system32\apphelp.dll
Berichtskennung: 1abd2bc8-8a7b-4bd2-8dc1-c00d2b8676ee
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (12/23/2016 02:08:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: anstoss3.exe, Version: 1.1.0.0, Zeitstempel: 0x3f02fbca
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x60bad4a1
ID des fehlerhaften Prozesses: 0x1380
Startzeit der fehlerhaften Anwendung: 0x01d25d1d26f1f7be
Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\ANSTOSS 3\anstoss3.exe
Pfad des fehlerhaften Moduls: unknown
Berichtskennung: e8fe987b-5e38-480c-91a4-9ef3da99d921
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (12/23/2016 02:08:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: anstoss3.exe, Version: 1.1.0.0, Zeitstempel: 0x3f02fbca
Name des fehlerhaften Moduls: apphelp.dll, Version: 10.0.14393.0, Zeitstempel: 0x57898eeb
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00053f42
ID des fehlerhaften Prozesses: 0x1380
Startzeit der fehlerhaften Anwendung: 0x01d25d1d26f1f7be
Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\ANSTOSS 3\anstoss3.exe
Pfad des fehlerhaften Moduls: C:\WINDOWS\system32\apphelp.dll
Berichtskennung: 813e7762-ea62-441e-9f33-b45e38094db9
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (12/23/2016 01:05:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: anstoss3.exe, Version: 1.1.0.0, Zeitstempel: 0x3f02fbca
Name des fehlerhaften Moduls: apphelp.dll, Version: 10.0.14393.0, Zeitstempel: 0x57898eeb
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00053f42
ID des fehlerhaften Prozesses: 0x1968
Startzeit der fehlerhaften Anwendung: 0x01d25d140e4c53c5
Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\ANSTOSS 3\anstoss3.exe
Pfad des fehlerhaften Moduls: C:\WINDOWS\system32\apphelp.dll
Berichtskennung: 039cf60b-eeac-41ce-9c89-5ed0c27ff57b
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (12/23/2016 12:34:33 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.

System Error:
Zugriff verweigert
.

Error: (12/23/2016 12:25:25 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.

System Error:
Zugriff verweigert
.

Error: (12/23/2016 12:24:09 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.

System Error:
Zugriff verweigert
.

Error: (12/23/2016 12:22:23 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: Die erweiterbare Leistungsindikator-DLL rdyboost kann nicht geladen werden. Die ersten vier Bytes (DWORD) des Datenbereichs enthalten den Windows-Fehlercode.

Error: (12/23/2016 12:22:23 PM) (Source: Perflib) (EventID: 1017) (User: )
Description: Das Zusammenstellen der Leistungsindikatorendaten vom Dienst "Outlook" wurde deaktiviert, da mindestens ein Fehler von der Leistungsindikatorenbibliothek für diesen Dienst verursacht wurde. Die Fehler, die diese Aktion erzwungen haben, wurden in das Ereignisprotokoll der Anwendung geschrieben. Die Fehler müssen behoben werden, bevor die Leistungsindikatoren für diesen Dienst aktiviert werden.

Error: (12/23/2016 12:22:23 PM) (Source: Perflib) (EventID: 1022) (User: )
Description: Windows kann die 64-Bit-Version der DLL für erweiterbare Leistungsindikatoren "Outlook" in einer 32-Bit-Umgebung nicht öffnen. Wenden Sie sich an den Hersteller der Datei, um eine 64-Bit-Version zu erhalten. Sie können aber auch die 64-Bit-Version der DLL für erweiterbare Leistungsindikatoren öffnen, indem Sie die 64-Bit-Version der Leistungsüberwachung verwenden. Öffnen Sie den Ordner "Windows", öffnen Sie den Ordner "Syswow64", und starten Sie "Perfmon.exe", um dieses Programm zu verwenden.


Systemfehler:
=============
Error: (12/23/2016 04:09:59 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Mobile Partner. OUC" wurde aufgrund folgenden Fehlers nicht gestartet:
Der Dienst antwortete nicht rechtzeitig auf die Start- oder Steuerungsanforderung.

Error: (12/23/2016 04:09:59 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (60000 ms) wurde beim Verbindungsversuch mit dem Dienst Mobile Partner. RunOuc erreicht.

Error: (12/23/2016 04:07:52 PM) (Source: Application Popup) (EventID: 56) (User: )
Description: RISD0001

Error: (12/23/2016 04:00:38 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\SYSTEM" (SID: S-1-5-18) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 und der APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.

Error: (12/23/2016 02:05:14 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Mobile Partner. OUC" wurde aufgrund folgenden Fehlers nicht gestartet:
Der Dienst antwortete nicht rechtzeitig auf die Start- oder Steuerungsanforderung.

Error: (12/23/2016 02:05:14 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (60000 ms) wurde beim Verbindungsversuch mit dem Dienst Mobile Partner. RunOuc erreicht.

Error: (12/23/2016 02:05:13 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Juqokchukity" wurde mit folgendem Fehler beendet:
Das angegebene Modul wurde nicht gefunden.

Error: (12/23/2016 02:05:13 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "HWDeviceService64.exe" wurde aufgrund folgenden Fehlers nicht gestartet:
Das System kann die angegebene Datei nicht finden.

Error: (12/23/2016 02:03:12 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\SYSTEM" (SID: S-1-5-18) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 und der APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.

Error: (12/23/2016 02:03:06 PM) (Source: Application Popup) (EventID: 56) (User: )
Description: RISD0001


CodeIntegrity:
===================================
  Date: 2016-12-22 11:38:25.504
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\winhttp.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-12-22 11:38:25.486
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\winhttp.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-12-16 20:04:34.106
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\winhttp.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-12-16 20:04:34.088
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\winhttp.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-12-13 06:17:46.173
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\winhttp.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-12-13 06:17:46.155
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\winhttp.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-12-12 22:26:46.667
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\winhttp.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-12-12 22:26:46.642
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\winhttp.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-12-12 22:24:57.006
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\winhttp.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-12-12 22:24:56.987
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\winhttp.dll because the set of per-page image hashes could not be found on the system.


==================== Speicherinformationen ===========================

Prozessor: Intel(R) Core(TM) i5 CPU M 480 @ 2.67GHz
Prozentuale Nutzung des RAM: 17%
Installierter physikalischer RAM: 5998.09 MB
Verfügbarer physikalischer RAM: 4948.24 MB
Summe virtueller Speicher: 12398.09 MB
Verfügbarer virtueller Speicher: 11401.64 MB

==================== Laufwerke ================================

Drive c: () (Fixed) (Total:118.8 GB) (Free:51.99 GB) NTFS ==>[Laufwerk mit Startkomponenten (eingeholt von BCD)]
Drive d: () (Fixed) (Total:465.75 GB) (Free:204.16 GB) NTFS
Drive h: () (Removable) (Total:29.8 GB) (Free:25.73 GB) FAT32

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 119.2 GB) (Disk ID: EC22E958)
Partition 1: (Active) - (Size=118.8 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=450 MB) - (Type=27)

========================================================
Disk: 1 (Size: 465.8 GB) (Disk ID: 0FC8EF90)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=OF Extended)

========================================================
Disk: 4 (Size: 29.8 GB) (Disk ID: 05CF5B9E)
Partition 1: (Not Active) - (Size=29.8 GB) - (Type=0C)

==================== Ende von Addition.txt ============================

cosinus 24.12.2016 13:38
Kontrollscans mit (1) MBAM, (2) ESET und (3) SecurityCheck bitte:


1. Schritt: MBAM

Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.




2. Schritt: ESET

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset




3. Schritt: SecurityCheck

Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

magdeburger 24.12.2016 14:35
Ich wünsche dir und deiner Familie und natürlich auch allen anderen Forenmitgliedern ein Frohes Fest!


Wie es ausschaut ist Adware Elex immer noch aktiv und kommt immer wieder wie hier in MBAM





Code:
Malwarebytes
www.malwarebytes.com

-Protokolldetails-
Scan-Datum: 24.12.16
Scan-Zeit: 14:28
Protokolldatei: mbam.txt
Administrator: Ja

-Softwaredaten-
Version: 3.0.5.1299
Komponentenversion: 1.0.43
Version des Aktualisierungspakets: 1.0.850
Lizenz: Testversion

-Systemdaten-
Betriebssystem: Windows 10
CPU: x64
Dateisystem: NTFS
Benutzer: Sonydb\db

-Scan-Übersicht-
Scan-Typ: Bedrohungs-Scan
Ergebnis: Abgeschlossen
Gescannte Objekte: 404113
Abgelaufene Zeit: 2 Min., 22 Sek.

-Scan-Optionen-
Speicher: Aktiviert
Start: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

-Scan-Details-
Prozess: 0
(keine bösartigen Elemente erkannt)

Modul: 0
(keine bösartigen Elemente erkannt)

Registrierungsschlüssel: 2
Adware.Elex, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Hfodompherzuward Manager, Keine Aktion durch Benutzer, [1624], [355520],1.0.850
Adware.Elex, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{194E8F57-194A-4DA4-BB0E-27C79F59CC4D}, Keine Aktion durch Benutzer, [1624], [355513],1.0.850

Registrierungswert: 1
Adware.Elex, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{194E8F57-194A-4DA4-BB0E-27C79F59CC4D}|PATH, Keine Aktion durch Benutzer, [1624], [355513],1.0.850

Daten-Stream: 0
(keine bösartigen Elemente erkannt)

Ordner: 1
Adware.Elex, C:\USERS\DB\APPDATA\LOCAL\Reasward, Keine Aktion durch Benutzer, [1624], [355506],1.0.850

Datei: 1
Adware.Elex, C:\WINDOWS\SYSTEM32\TASKS\HFODOMPHERZUWARD MANAGER, Keine Aktion durch Benutzer, [1624], [355521],1.0.850

Physischer Sektor: 0
(keine bösartigen Elemente erkannt)


(end)



Code:
Results of screen317's Security Check version 1.009 
  x64 (UAC is enabled) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````
Windows Defender 
Malwarebytes     
  (On Access scanning disabled!)
 Error obtaining update status for antivirus! 
`````````Anti-malware/Other Utilities Check:`````````
 Mozilla Firefox (50.1.0)
 Google Chrome (55.0.2883.87)
 Google Chrome (SetupMetrics...)
````````Process Check: objlist.exe by Laurent```````` 
 Malwarebytes Anti-Malware mbamservice.exe 
 Antivirusprogramme SecurityCheck.exe 
 ESET ESET Online Scanner OnlineScannerApp.exe 
 ESET ESET Online Scanner OnlineCmdLineScanner.exe 
 Malwarebytes Anti-Malware mbamtray.exe 
 Mobile Partner OnlineUpdate ouc.exe 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  %
````````````````````End of Log``````````````````````

cosinus 24.12.2016 18:25
Das waren nur Reste!
Wo ist das ESET Log?

magdeburger 24.12.2016 23:10
Den hatte ich noch durchlaufen lassen und musste dann die Familie zu Heiligabend beglücken:

Code:
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=58bbc5bdc9fec24ebcbf3655714eaf83
# end=init
# utc_time=2016-12-24 01:31:59
# local_time=2016-12-24 02:31:59 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# osver=6.2.9200 NT
Update Init
Update Download
Update Finalize
Updated modules version: 31844
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=58bbc5bdc9fec24ebcbf3655714eaf83
# end=updated
# utc_time=2016-12-24 01:33:50
# local_time=2016-12-24 02:33:50 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# osver=6.2.9200 NT
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=58bbc5bdc9fec24ebcbf3655714eaf83
# engine=31844
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2016-12-24 02:25:12
# local_time=2016-12-24 03:25:12 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 4831932 13920128 0 0
# scanned=279390
# found=7
# cleaned=7
# scan_time=3082
sh=415E58D4CA571D5A2D34D1211C13A475DFB58713 ft=1 fh=1e9394735a4c3692 vn="Variante von MSIL/Adware.OxyPumper.P Anwendung (Gesäubert durch Löschen)" ac=C fn="C:\Users\db\AppData\Local\Video4you\vload.exe"
sh=94BAEE5DB9D38F3378E7F9D3D1CC4BC6DFD61B15 ft=1 fh=8eadfcd77052b6ae vn="Variante von Generik.JYLYBOJ evtl. unerwünschte Anwendung (Gesäubert durch Löschen)" ac=C fn="C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\Updater_zip_res20161222_newmmm[1].exe"
sh=898D5BB64AB5C90EC110ECDE81ADA4DFD209F915 ft=1 fh=dbff32f34346eef3 vn="NSIS/StartPage.CC Trojaner (Gesäubert durch Löschen)" ac=C fn="D:\$RECYCLE.BIN\S-1-5-21-4056392676-1291578613-3646583870-1001\$R5HQJ2U.exe"
sh=B57A8EB194B8CA9690B83C0EA783468CBB405EA4 ft=1 fh=9baf54b09a59a410 vn="Win32/Toolbar.Conduit.S evtl. unerwünschte Anwendung (gelöscht)" ac=C fn="D:\heruntergeladene Programme\FreeAVIVideoConverter_5.0.20.1031.exe"
sh=5E7DDF5F273B7315BAA527E6B05B0F8AB291ABFE ft=1 fh=0ac5321dd95a0422 vn="Variante von Win32/Toolbar.Babylon.A evtl. unerwünschte Anwendung (gelöscht)" ac=C fn="D:\heruntergeladene Programme\Unlocker1.9.1-x64.exe"
sh=D9D7AE2D0044FF98FEC83F75073123E74ED2E034 ft=1 fh=4a714ab97e928760 vn="Variante von Win32/RegistryReviver evtl. unerwünschte Anwendung (gelöscht)" ac=C fn="D:\Notebook Treiber\U9200 treiber\Treiber\Driver Reviver 3.1.648\DriverReviverSetup.exe"
sh=32ADC99EF04AC3A9FEE60F17DC9B7D9A3716AD07 ft=0 fh=0000000000000000 vn="LNK/Agent.CH Trojaner (Gesäubert durch Löschen)" ac=C fn="D:\Notebook Treiber\U9200 treiber\Treiber\Patch Driver Reviver\SAZLINA COMP.URL"

cosinus 25.12.2016 13:42
FRST-Fix

Virenscanner jetzt bitte komplett deaktivieren, damit sichergestellt ist, dass der Fix sauber durchläuft!

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
C:\Users\db\AppData\Local\Video4you
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE
D:\heruntergeladene Programme\FreeAVIVideoConverter_5.0.20.1031.exe
D:\heruntergeladene Programme\Unlocker1.9.1-x64.exe
D:\Notebook Treiber\U9200 treiber\Treiber\Driver Reviver 3.1.648\DriverReviverSetup.exe
D:\Notebook Treiber\U9200 treiber\Treiber\Patch Driver Reviver\SAZLINA COMP.URL
emptytemp:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.



Alle Zeitangaben in WEZ +1. Es ist jetzt 08:41 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131