Hallo,
ich bitte vielmals um Entschuldigung. Ich habe das nicht gewußt...
Habe einen neuen FRST Scan gemacht, weil ich mittlerweile noch weitere Virenscans gemacht und Schädlinge entfernt habe. Hier ist das aktuelle Resultat:
FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:21-02-2016 01
Ran by ES (administrator) on ES-PC (24-02-2016 10:27:57)
Running from C:\Users\ES\Downloads
Loaded Profiles: ES (Available Profiles: ES & UpdatusUser)
Platform: Microsoft Windows 10 Pro Version 1511 (X86) Language: Spanisch (Spanien, internationale Sortierung)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
(DEVGURU Co., LTD.) C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP ENVY 4500 series\Bin\ScanToPCActivationApp.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [14688512 2015-12-19] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] => C:\WINDOWS\Skytel.exe [1826816 2007-11-20] (Realtek Semiconductor Corp.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3531952 2015-08-21] (Synaptics Incorporated)
HKLM\...\Run: [Dropbox] => C:\Program Files\Dropbox\Client\Dropbox.exe [25122080 2016-02-16] (Dropbox, Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [594992 2016-01-29] (Oracle Corporation)
HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKLM\...\Policies\Explorer: [NoDriveTypeAutoRun] 0x91000000
HKU\S-1-5-21-1867245428-2212190316-3825727470-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-1867245428-2212190316-3825727470-1001\...\Run: [HP ENVY 4500 series (NET) #2] => C:\Program Files\HP\HP ENVY 4500 series\Bin\ScanToPCActivationApp.exe [2427400 2014-07-21] (Hewlett-Packard Development Company, LP)
HKU\S-1-5-21-1867245428-2212190316-3825727470-1001\...\Policies\Explorer: [NoDriveTypeAutoRun] 0x91000000
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
Startup: C:\Users\ES\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk [2016-02-23]
ShortcutTarget: An OneNote senden.lnk -> C:\Program Files\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation)
BootExecute: autocheck autochk * sdnclean.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 80.58.61.250 80.58.61.254
Tcpip\..\Interfaces\{1dc105ae-8e87-4360-af98-5bbd70b5caf2}: [DhcpNameServer] 82.163.143.171
Tcpip\..\Interfaces\{463066ba-d45a-4f4c-8d6d-426a499e0e30}: [DhcpNameServer] 82.163.143.171
Tcpip\..\Interfaces\{4c6fab08-4c81-474e-9dea-1e2ec6279925}: [DhcpNameServer] 80.58.61.250 80.58.61.254
Tcpip\..\Interfaces\{66490054-2ee0-424b-b4eb-f1c0a080123b}: [DhcpNameServer] 82.163.143.171
Internet Explorer:
==================
HKU\S-1-5-21-1867245428-2212190316-3825727470-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://es.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_beri_16_02¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Des%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutDtD0F0FyBtA0ByDtB0E0CyEyE0BtDtDtN0D0Tzu0StCyEyByDtN1L2XzutAtFtCyBtFtBtFtDtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2StB0E0DtDtCzzyD0DtGtDyBtByBtGtD0F0AtCtGyCyD0DyDtG0AyC0D0DyE0EtByC0B0AyDyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szzzy0Fzz0CtD0FtCtGtDyByDtBtGyEyDtAtAtGzy0AtAyCtGyE0EyEzz0CtA0CtAtDtDtCyB2QtN0A0LzutB%26cr%3D482734453%26a%3Dwbf_beri_16_02%26os_ver%3D10.0%26os%3DWindows%2B10%2BPro
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1867245428-2212190316-3825727470-1001 -> DefaultScope {6586d803-df30-46d3-a89a-4136c8571d45} URL =
BHO: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-09-20] (Hewlett-Packard Co.)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_73\bin\ssv.dll [2016-02-12] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_73\bin\jp2ssv.dll [2016-02-12] (Oracle Corporation)
BHO: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-09-20] (Hewlett-Packard Co.)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-02-04] (Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-02-04] (Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-02-04] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-02-04] (Microsoft Corporation)
FireFox:
========
FF ProfilePath: C:\Users\ES\AppData\Roaming\Mozilla\Firefox\Profiles\yokyqeli.default-1455898717427
FF DefaultSearchEngine: Bing®
FF SelectedSearchEngine: Bing®
FF Homepage: hxxps://www.google.de/
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_20_0_0_306.dll [2016-02-12] ()
FF Plugin: @java.com/DTPlugin,version=11.73.2 -> C:\Program Files\Java\jre1.8.0_73\bin\dtplugin\npDeployJava1.dll [2016-02-12] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.73.2 -> C:\Program Files\Java\jre1.8.0_73\bin\plugin2\npjp2.dll [2016-02-12] (Oracle Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-02-04] (Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll [2013-11-11] (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2013-11-11] (NVIDIA Corporation)
FF Extension: Default - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi [2016-01-29] [not signed]
FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2015-09-22] [not signed]
FF HKU\S-1-5-21-1867245428-2212190316-3825727470-1001\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [1926896 2016-02-04] (Microsoft Corporation)
S2 dbupdate; C:\Program Files\Dropbox\Update\DropboxUpdate.exe [143144 2016-01-16] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files\Dropbox\Update\DropboxUpdate.exe [143144 2016-01-16] (Dropbox, Inc.)
R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [25800 2015-09-28] (Hewlett-Packard Company)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S4 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [14652704 2013-11-14] (NVIDIA Corporation)
S3 OpenVPNService; C:\Program Files\HMA! Pro VPN\bin\openvpnserv.exe [32568 2015-03-17] (The OpenVPN Project)
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 ss_conn_service; C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-12-03] (DEVGURU Co., LTD.)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [218784 2015-08-21] (Synaptics Incorporated)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [280376 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23256 2015-10-30] (Microsoft Corporation)
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R0 hotcore3; C:\WINDOWS\System32\DRIVERS\hotcore3.sys [27464 2013-12-05] (Paragon Software Group)
R1 HWiNFO32; C:\WINDOWS\system32\drivers\HWiNFO32.SYS [23840 2015-12-12] (REALiX(tm))
S3 LTXMD_VAC; C:\WINDOWS\system32\drivers\lmvac.sys [24848 2011-05-06] (Windows (R) Win 7 DDK provider)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [51928 2015-10-05] (Malwarebytes Corporation)
R3 NETwNs32; C:\WINDOWS\System32\drivers\NETwNs32.sys [7518208 2015-10-30] (Intel Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad32v.sys [33568 2013-11-14] (NVIDIA Corporation)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [26792 2015-12-19] (Synaptics Incorporated)
R3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [35288 2014-07-30] (The OpenVPN Project)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [37400 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [246104 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [98648 2015-10-30] (Microsoft Corporation)
S3 WUDFWpdMtp; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [163328 2015-10-30] (Microsoft Corporation)
U3 idsvc; no ImagePath
S0 tclondrv; system32\DRIVERS\tclondrv.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-02-24 10:27 - 2016-02-24 10:28 - 00013947 _____ C:\Users\ES\Downloads\FRST.txt
2016-02-24 10:25 - 2016-02-24 10:27 - 01722368 _____ (Farbar) C:\Users\ES\Downloads\FRST.exe
2016-02-24 10:20 - 2016-02-24 10:20 - 00000000 _____ C:\Users\ES\Downloads\avast_free_antivirus_setup.exe
2016-02-24 10:19 - 2016-02-24 10:20 - 144039550 _____ C:\Users\ES\Downloads\avast_free_antivirus_setup.exe.part
2016-02-23 22:00 - 2016-02-23 22:00 - 00000000 ____D C:\Program Files\ESET
2016-02-23 19:06 - 2016-02-23 19:07 - 01511936 _____ C:\Users\ES\Downloads\adwcleaner_5.036.exe
2016-02-23 18:18 - 2016-02-23 19:41 - 00002204 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2016-02-23 18:18 - 2016-02-23 18:23 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy 2
2016-02-23 18:18 - 2016-02-23 18:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2016-02-23 18:18 - 2013-09-20 10:49 - 00018968 _____ (Safer Networking Limited) C:\WINDOWS\system32\sdnclean.exe
2016-02-23 10:45 - 2016-02-23 10:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ExtremeCopy
2016-02-23 10:45 - 2016-02-23 10:45 - 00000000 ____D C:\Program Files\Easersoft
2016-02-23 01:24 - 2016-02-23 01:24 - 00000017 _____ C:\Users\ES\Desktop\Fehler 0x80070570.txt
2016-02-22 23:20 - 2016-02-23 19:09 - 00000000 ____D C:\Program Files\Mozilla Firefox
2016-02-22 11:48 - 2016-02-22 11:48 - 00000001 _____ C:\Users\ES\AppData\Local\llftool.4.40.agreement
2016-02-22 11:48 - 2016-02-22 11:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HDD Low Level Format Tool
2016-02-22 11:48 - 2016-02-22 11:48 - 00000000 ____D C:\Program Files\HDDGURU LLF Tool
2016-02-22 11:11 - 2016-02-22 11:11 - 00042764 ____H C:\WINDOWS\TempFDB.fdb
2016-02-22 11:06 - 2016-02-22 11:07 - 00000000 ____D C:\Program Files\PowerArchiver
2016-02-22 11:06 - 2016-02-22 11:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerArchiver
2016-02-22 11:06 - 2016-02-22 11:06 - 00000000 ____D C:\ProgramData\ConeXware
2016-02-22 00:26 - 2016-02-22 00:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paragon Partition Manager™ 2014 Free
2016-02-21 23:52 - 2016-02-21 23:54 - 00000000 ____D C:\Users\ES\Desktop\USB
2016-02-20 10:00 - 2016-02-24 10:27 - 00000000 ____D C:\FRST
2016-02-19 23:15 - 2016-02-19 23:15 - 00000000 ____D C:\Users\ES\AppData\Roaming\dlg
2016-02-19 23:13 - 2016-02-23 19:14 - 00000000 ____D C:\Program Files\Lavasoft
2016-02-19 23:13 - 2016-02-20 00:32 - 00000000 ____D C:\Users\ES\AppData\Roaming\Lavasoft
2016-02-19 23:13 - 2016-02-19 23:13 - 00000000 ____D C:\Users\ES\AppData\Local\Lavasoft
2016-02-19 23:13 - 2016-02-19 23:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2016-02-19 23:12 - 2016-02-20 00:32 - 00000000 ____D C:\ProgramData\Lavasoft
2016-02-19 18:23 - 2016-02-19 18:23 - 00000000 ____D C:\ProgramData\launcher
2016-02-19 18:23 - 2016-02-19 18:23 - 00000000 ____D C:\ProgramData\formatpart
2016-02-19 18:23 - 2016-02-19 18:23 - 00000000 ____D C:\ProgramData\explauncher
2016-02-19 18:18 - 2016-02-19 18:18 - 00000000 ____D C:\Program Files\Paragon Software
2016-02-19 18:11 - 2016-02-23 19:06 - 00000000 ____D C:\Users\ES\Viren
2016-02-19 16:22 - 2016-02-24 01:03 - 00000000 ____D C:\ProgramData\f568f502
2016-02-19 16:21 - 2013-12-05 13:34 - 00027464 _____ (Paragon Software Group) C:\WINDOWS\system32\Drivers\hotcore3.sys
2016-02-17 07:20 - 2016-02-17 07:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-02-14 01:40 - 2016-02-14 01:40 - 00000228 _____ C:\Users\ES\Desktop\neu mix.txt
2016-02-13 12:48 - 2016-02-13 12:48 - 00002373 _____ C:\Users\ES\Desktop\kü.txt
2016-02-12 19:34 - 2016-02-12 19:34 - 00000000 ____D C:\Users\ES\AppData\Roaming\NVIDIA
2016-02-12 19:32 - 2016-02-24 09:14 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-02-12 18:57 - 2016-02-12 18:57 - 00000000 ____D C:\Program Files\Common Files\Java
2016-02-12 18:56 - 2016-02-12 18:56 - 00095840 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2016-02-12 18:56 - 2016-02-12 18:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-02-10 18:13 - 2016-01-29 07:33 - 04064320 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2016-02-10 18:13 - 2016-01-27 07:15 - 05798240 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-02-10 18:13 - 2016-01-27 07:15 - 01560848 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2016-02-10 18:13 - 2016-01-27 07:15 - 01541792 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-02-10 18:13 - 2016-01-27 07:12 - 00279376 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemreset.exe
2016-02-10 18:13 - 2016-01-27 06:57 - 02919320 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-02-10 18:13 - 2016-01-27 06:57 - 01824264 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2016-02-10 18:13 - 2016-01-27 06:57 - 00820704 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2016-02-10 18:13 - 2016-01-27 06:56 - 21124344 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-02-10 18:13 - 2016-01-27 06:55 - 05242496 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2016-02-10 18:13 - 2016-01-27 06:55 - 00081112 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpenWith.exe
2016-02-10 18:13 - 2016-01-27 06:54 - 00295264 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2016-02-10 18:13 - 2016-01-27 06:47 - 01714016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-02-10 18:13 - 2016-01-27 06:47 - 00483680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-02-10 18:13 - 2016-01-27 06:21 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\system32\msorcl32.dll
2016-02-10 18:13 - 2016-01-27 06:15 - 00299008 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll
2016-02-10 18:13 - 2016-01-27 06:15 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\ztrace_maps.dll
2016-02-10 18:13 - 2016-01-27 06:13 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininetlui.dll
2016-02-10 18:13 - 2016-01-27 06:12 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2016-02-10 18:13 - 2016-01-27 06:11 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\mtxoci.dll
2016-02-10 18:13 - 2016-01-27 06:11 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngckeyenum.dll
2016-02-10 18:13 - 2016-01-27 06:10 - 00099840 _____ (Microsoft Corporation) C:\WINDOWS\system32\hlink.dll
2016-02-10 18:13 - 2016-01-27 06:07 - 00203264 _____ (Microsoft Corporation) C:\WINDOWS\system32\iassam.dll
2016-02-10 18:13 - 2016-01-27 06:05 - 19339776 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-02-10 18:13 - 2016-01-27 06:05 - 18678272 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-02-10 18:13 - 2016-01-27 06:04 - 09918976 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-02-10 18:13 - 2016-01-27 06:01 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2016-02-10 18:13 - 2016-01-27 05:58 - 00125952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2016-02-10 18:13 - 2016-01-27 05:55 - 12125696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-02-10 18:13 - 2016-01-27 05:55 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-02-10 18:13 - 2016-01-27 05:52 - 02977280 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-02-10 18:13 - 2016-01-27 05:51 - 01903616 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-02-10 18:13 - 2016-01-27 05:50 - 02230784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-02-10 18:13 - 2016-01-27 05:50 - 01504768 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-02-10 18:13 - 2016-01-27 05:49 - 05662208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-02-10 18:13 - 2016-01-27 05:49 - 01087488 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-02-10 18:13 - 2016-01-27 05:44 - 00942592 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2016-02-10 18:13 - 2016-01-27 05:44 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\cfgbkend.dll
2016-02-05 13:24 - 2016-02-05 13:24 - 00051480 _____ C:\Users\ES\AppData\Local\GDIPFONTCACHEV1.DAT
2016-02-01 10:17 - 2016-02-01 10:57 - 00000000 ____D C:\Users\ES\Documents\My Music
2016-02-01 10:17 - 2016-02-01 10:17 - 00000000 ____D C:\Users\Public\Documents\TuneClone
2016-02-01 10:17 - 2016-02-01 10:17 - 00000000 ____D C:\Users\ES\Documents\TuneClone
2016-02-01 10:17 - 2016-02-01 10:17 - 00000000 ____D C:\ProgramData\TuneClone
2016-01-31 23:42 - 2016-01-31 23:42 - 00000000 ____D C:\Users\ES\AppData\Local\Apple Computer
2016-01-31 23:38 - 2016-02-01 13:00 - 00000000 ____D C:\Users\ES\AppData\Roaming\Anvsoft
2016-01-31 23:38 - 2016-01-31 23:38 - 00000000 ____D C:\Users\ES\Documents\Any Audio Converter
2016-01-31 23:05 - 2016-02-01 09:52 - 00000000 ____D C:\Users\ES\AppData\Roaming\Apple Computer
2016-01-31 23:02 - 2016-01-31 23:02 - 00000000 ____D C:\Users\ES\AppData\Local\Apple
2016-01-31 23:01 - 2016-01-31 23:01 - 00000000 ____D C:\Users\ES\AppData\LocalLow\Apple Computer
2016-01-31 23:01 - 2016-01-31 23:01 - 00000000 ____D C:\ProgramData\Apple
2016-01-31 22:31 - 2016-02-01 10:17 - 00000000 ____D C:\ProgramData\TEMP
2016-01-31 22:30 - 2011-05-06 23:29 - 00024848 _____ (Windows (R) Win 7 DDK provider) C:\WINDOWS\system32\Drivers\lmvac.sys
2016-01-31 20:09 - 2016-02-07 22:10 - 00004608 _____ C:\Users\ES\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-01-31 18:57 - 2016-01-31 18:59 - 00000000 ____D C:\Users\ES\Documents\PA
2016-01-31 16:50 - 2016-01-31 16:50 - 00000000 ____D C:\Users\ES\AppData\Local\ElevatedDiagnostics
2016-01-31 14:58 - 2016-01-31 14:58 - 00000000 ____D C:\Users\ES\AppData\Roaming\Flo & Seb Engineering
2016-01-31 14:57 - 2016-02-23 19:40 - 00001038 _____ C:\Users\ES\Desktop\Kochbuch.lnk
2016-01-31 14:57 - 2016-01-31 14:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kochbuch
2016-01-31 14:57 - 2016-01-31 14:57 - 00000000 ____D C:\Program Files\Kochbuch
2016-01-31 14:49 - 2016-02-20 00:02 - 00000000 ____D C:\searchplugins
2016-01-28 09:25 - 2016-01-16 07:35 - 00959840 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-01-28 09:25 - 2016-01-16 07:35 - 00599904 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-01-28 09:25 - 2016-01-16 07:35 - 00168360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscapi.dll
2016-01-28 09:25 - 2016-01-16 07:33 - 00433504 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-01-28 09:25 - 2016-01-16 07:20 - 06971752 _____ (Microsoft Corp.) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2016-01-28 09:25 - 2016-01-16 07:20 - 00652312 _____ (Microsoft Corporation) C:\WINDOWS\system32\evr.dll
2016-01-28 09:25 - 2016-01-16 07:20 - 00431240 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWanAPI.dll
2016-01-28 09:25 - 2016-01-16 07:20 - 00366224 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2016-01-28 09:25 - 2016-01-16 07:20 - 00297072 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2016-01-28 09:25 - 2016-01-16 07:19 - 00709688 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2016-01-28 09:25 - 2016-01-16 07:19 - 00405568 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2016-01-28 09:25 - 2016-01-16 07:17 - 01300016 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcMon.exe
2016-01-28 09:25 - 2016-01-16 07:08 - 01174008 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2016-01-28 09:25 - 2016-01-16 07:04 - 00771424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2016-01-28 09:25 - 2016-01-16 07:03 - 00364168 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2016-01-28 09:25 - 2016-01-16 06:37 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbser.sys
2016-01-28 09:25 - 2016-01-16 06:35 - 13018624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-01-28 09:25 - 2016-01-16 06:35 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2016-01-28 09:25 - 2016-01-16 06:33 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2016-01-28 09:25 - 2016-01-16 06:32 - 00093184 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasauto.dll
2016-01-28 09:25 - 2016-01-16 06:32 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2016-01-28 09:25 - 2016-01-16 06:32 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcaui.exe
2016-01-28 09:25 - 2016-01-16 06:31 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasautou.exe
2016-01-28 09:25 - 2016-01-16 06:30 - 00325120 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2016-01-28 09:25 - 2016-01-16 06:30 - 00157696 _____ (Microsoft Corporation) C:\WINDOWS\system32\SimCfg.dll
2016-01-28 09:25 - 2016-01-16 06:29 - 00497664 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2016-01-28 09:25 - 2016-01-16 06:29 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\system32\DisplayManager.dll
2016-01-28 09:25 - 2016-01-16 06:29 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll
2016-01-28 09:25 - 2016-01-16 06:29 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\SMSRouter.dll
2016-01-28 09:25 - 2016-01-16 06:28 - 00463360 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2016-01-28 09:25 - 2016-01-16 06:28 - 00186368 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2016-01-28 09:25 - 2016-01-16 06:28 - 00129024 _____ (Microsoft Corporation) C:\WINDOWS\system32\SimAuth.dll
2016-01-28 09:25 - 2016-01-16 06:27 - 00411136 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmsRouterSvc.dll
2016-01-28 09:25 - 2016-01-16 06:27 - 00398848 _____ (Microsoft Corporation) C:\WINDOWS\system32\srcore.dll
2016-01-28 09:25 - 2016-01-16 06:27 - 00335872 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2016-01-28 09:25 - 2016-01-16 06:27 - 00238080 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2016-01-28 09:25 - 2016-01-16 06:26 - 00535040 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2016-01-28 09:25 - 2016-01-16 06:25 - 00510976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidcli.dll
2016-01-28 09:25 - 2016-01-16 06:25 - 00438784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.UX.EapRequestHandler.dll
2016-01-28 09:25 - 2016-01-16 06:24 - 00613888 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2016-01-28 09:25 - 2016-01-16 06:24 - 00382976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2016-01-28 09:25 - 2016-01-16 06:24 - 00350720 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
2016-01-28 09:25 - 2016-01-16 06:24 - 00273408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll
2016-01-28 09:25 - 2016-01-16 06:23 - 02050048 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2016-01-28 09:25 - 2016-01-16 06:23 - 00687616 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-01-28 09:25 - 2016-01-16 06:23 - 00608256 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2016-01-28 09:25 - 2016-01-16 06:22 - 01223168 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2016-01-28 09:25 - 2016-01-16 06:22 - 00826880 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2016-01-28 09:25 - 2016-01-16 06:21 - 06297088 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2016-01-28 09:25 - 2016-01-16 06:20 - 01944576 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2016-01-28 09:25 - 2016-01-16 06:20 - 01028608 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2016-01-28 09:25 - 2016-01-16 06:20 - 00799744 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasdlg.dll
2016-01-28 09:25 - 2016-01-16 06:20 - 00396800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll
2016-01-28 09:25 - 2016-01-16 06:19 - 01552896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2016-01-28 09:25 - 2016-01-16 06:19 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2016-01-28 09:25 - 2016-01-16 06:19 - 00176128 _____ C:\WINDOWS\system32\MTFServer.dll
2016-01-28 09:25 - 2016-01-16 06:19 - 00162816 _____ C:\WINDOWS\system32\MTF.dll
2016-01-28 09:25 - 2016-01-16 06:19 - 00133632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2016-01-28 09:25 - 2016-01-16 06:17 - 01793024 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2016-01-28 09:25 - 2016-01-16 06:16 - 05202944 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2016-01-28 09:25 - 2016-01-16 06:16 - 01542656 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll
2016-01-28 09:25 - 2016-01-16 06:15 - 04759040 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2016-01-28 09:25 - 2016-01-16 06:14 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2016-01-28 09:25 - 2016-01-16 06:11 - 00653312 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2016-01-28 09:24 - 2016-01-16 06:36 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastlsext.dll
2016-01-28 09:24 - 2016-01-16 06:35 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasadhlp.dll
2016-01-28 09:24 - 2016-01-16 06:34 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttpcom.dll
2016-01-28 09:24 - 2016-01-16 06:34 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\system32\sscoreext.dll
2016-01-28 09:24 - 2016-01-16 06:31 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\FilterDS.dll
2016-01-28 09:24 - 2016-01-16 06:30 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbio.dll
2016-01-28 09:24 - 2016-01-16 06:28 - 00335360 _____ (Microsoft Corporation) C:\WINDOWS\system32\DDDS.dll
2016-01-25 03:21 - 2016-01-25 03:21 - 00984682 _____ C:\Users\ES\AppData\Local\M4P-to-MP3-Converter_653.rar
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-02-24 10:13 - 2015-09-06 21:17 - 00001190 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2016-02-24 10:12 - 2015-12-10 14:34 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-02-24 10:12 - 2015-10-30 06:13 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2016-02-24 10:10 - 2015-10-30 06:48 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-02-24 09:55 - 2015-12-01 11:12 - 00170200 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-02-24 09:36 - 2015-09-06 21:17 - 00001194 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2016-02-23 20:15 - 2015-10-30 06:48 - 00000000 ____D C:\WINDOWS\rescache
2016-02-23 19:41 - 2016-01-22 18:06 - 00002455 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2016-02-23 19:41 - 2016-01-17 22:10 - 00001304 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
2016-02-23 19:41 - 2015-12-10 14:26 - 00001487 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-02-23 19:41 - 2015-09-26 08:22 - 00001114 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\paint.net.lnk
2016-02-23 19:41 - 2015-09-06 21:14 - 00001121 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-02-23 19:40 - 2016-01-24 00:30 - 00001187 _____ C:\Users\ES\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wunderlist.lnk
2016-02-23 19:40 - 2016-01-22 20:04 - 00002413 _____ C:\Users\ES\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-02-23 19:40 - 2015-11-30 00:00 - 00001640 _____ C:\Users\ES\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ultimate Windows Tweaker 4.0.1.0.lnk
2016-02-23 19:40 - 2015-11-29 18:08 - 00001272 _____ C:\Users\ES\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CCleaner.lnk
2016-02-23 19:40 - 2015-11-29 14:07 - 00001051 _____ C:\Users\ES\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Optionale Features.lnk
2016-02-23 19:40 - 2015-09-22 13:07 - 00001315 _____ C:\ProgramData\Microsoft\Windows\Start Menu\HP Solution Center.lnk
2016-02-23 19:09 - 2015-09-06 21:14 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2016-02-23 18:26 - 2015-12-03 23:50 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2016-02-23 09:48 - 2015-10-30 06:48 - 00000000 ___HD C:\Program Files\WindowsApps
2016-02-22 22:22 - 2015-11-23 10:20 - 00000000 ____D C:\Users\ES\Desktop\Aktuell
2016-02-22 21:43 - 2015-10-30 06:48 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-02-22 21:41 - 2015-10-30 06:48 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-02-22 21:41 - 2015-10-04 09:11 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2016-02-22 21:39 - 2015-09-06 20:34 - 00000000 ____D C:\Program Files\Microsoft Office
2016-02-22 11:19 - 2015-10-30 06:47 - 00000000 ____D C:\WINDOWS\INF
2016-02-22 11:13 - 2015-12-10 14:19 - 03095098 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-02-22 11:13 - 2015-12-10 13:56 - 00833460 _____ C:\WINDOWS\system32\perfh007.dat
2016-02-22 11:13 - 2015-12-10 13:56 - 00173692 _____ C:\WINDOWS\system32\perfc007.dat
2016-02-22 11:13 - 2015-10-30 16:07 - 00905156 _____ C:\WINDOWS\system32\perfh00A.dat
2016-02-22 11:13 - 2015-10-30 16:07 - 00199808 _____ C:\WINDOWS\system32\perfc00A.dat
2016-02-22 00:45 - 2015-09-06 21:30 - 00000000 ___RD C:\Users\ES\Dropbox
2016-02-22 00:44 - 2015-09-06 21:17 - 00000000 ____D C:\Users\ES\AppData\Local\Dropbox
2016-02-21 23:55 - 2015-12-01 18:24 - 00000000 ____D C:\Users\ES\AppData\Local\CrashDumps
2016-02-19 18:12 - 2015-12-10 14:20 - 00000000 ____D C:\Users\ES
2016-02-19 17:59 - 2015-12-12 22:32 - 00000000 ____D C:\ProgramData\IObit
2016-02-19 17:59 - 2015-12-12 22:31 - 00000000 ____D C:\Users\ES\AppData\Roaming\IObit
2016-02-19 17:59 - 2015-12-12 22:31 - 00000000 ____D C:\Program Files\IObit
2016-02-18 10:05 - 2015-12-12 22:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster 3
2016-02-17 13:11 - 2015-09-22 09:56 - 00000000 ____D C:\Users\ES\AppData\Roaming\MyPhoneExplorer
2016-02-17 07:20 - 2015-09-06 21:17 - 00000000 ____D C:\Program Files\Dropbox
2016-02-12 19:32 - 2016-01-14 14:34 - 00000000 ____D C:\Users\ES\AppData\Local\Adobe
2016-02-12 19:24 - 2015-09-19 20:38 - 00000000 ____D C:\WINDOWS\system32\appmgmt
2016-02-12 18:57 - 2016-01-14 01:29 - 00000000 ____D C:\ProgramData\Oracle
2016-02-12 18:56 - 2016-01-14 01:30 - 00000000 ____D C:\Users\ES\.oracle_jre_usage
2016-02-12 18:55 - 2016-01-14 15:28 - 00000000 ____D C:\Program Files\Java
2016-02-11 21:47 - 2015-11-29 14:03 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-02-11 21:43 - 2015-10-30 16:10 - 00000000 ____D C:\Program Files\Windows Journal
2016-02-10 18:32 - 2015-10-30 06:39 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-02-10 18:32 - 2015-09-06 19:39 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-02-10 18:27 - 2015-09-06 19:39 - 144254680 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-02-07 22:23 - 2015-12-05 21:36 - 00000000 ____D C:\Users\ES\Documents\Camtasia Studio
2016-02-04 13:24 - 2015-09-12 17:37 - 00000000 ____D C:\ProgramData\Hewlett-Packard
2016-02-03 20:01 - 2015-10-30 06:49 - 00828920 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2016-02-03 20:01 - 2015-10-30 06:49 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2016-02-01 13:06 - 2015-11-29 14:03 - 00000000 ____D C:\Users\ES\AppData\Local\Packages
2016-02-01 13:02 - 2015-11-09 16:13 - 00000000 ____D C:\Program Files\QuickTime
2016-02-01 12:58 - 2015-10-30 06:48 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2016-02-01 12:31 - 2016-01-14 14:06 - 00000000 ____D C:\AdwCleaner
2016-01-31 18:54 - 2016-01-23 23:28 - 00000000 ____D C:\Users\ES\AppData\Local\RezeptSuite
2016-01-31 09:52 - 2016-01-22 19:46 - 00000490 __RSH C:\ProgramData\ntuser.pol
2016-01-30 10:11 - 2016-01-18 17:09 - 00000000 ____D C:\Users\ES\Documents\OneNote-Notizbücher
2016-01-29 23:48 - 2015-10-30 06:48 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2016-01-29 23:48 - 2015-10-30 06:48 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-01-29 23:47 - 2015-10-30 06:48 - 00000000 ___SD C:\WINDOWS\system32\F12
2016-01-29 23:47 - 2015-10-30 06:48 - 00000000 ___RD C:\WINDOWS\PurchaseDialog
2016-01-29 23:47 - 2015-10-30 06:48 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-01-29 23:47 - 2015-10-30 06:48 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-01-29 23:47 - 2015-10-30 06:48 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-01-29 11:53 - 2015-11-29 14:12 - 00000000 ___RD C:\Users\ES\OneDrive
==================== Files in the root of some directories =======
2016-01-31 20:09 - 2016-02-07 22:10 - 0004608 _____ () C:\Users\ES\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-02-22 11:48 - 2016-02-22 11:48 - 0000001 _____ () C:\Users\ES\AppData\Local\llftool.4.40.agreement
2016-01-25 03:21 - 2016-01-25 03:21 - 0984682 _____ () C:\Users\ES\AppData\Local\M4P-to-MP3-Converter_653.rar
2015-10-11 15:18 - 2015-10-11 15:18 - 0000057 _____ () C:\ProgramData\Ament.ini
2015-12-12 22:54 - 2015-12-12 22:54 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2015-11-29 23:59 - 2015-12-21 10:30 - 0019535 _____ () C:\ProgramData\empty.ico
2015-09-22 13:00 - 2015-09-23 23:10 - 0003945 _____ () C:\ProgramData\hpzinstall.log
Some files in TEMP:
====================
C:\Users\ES\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2016-02-22 11:30
==================== End of FRST.txt ===========================
--- --- ---
Und die andere Datei:
[CODE]Additional
FRST Logfile: Code:
scan result of Farbar Recovery Scan Tool (x86) Version:21-02-2016 01
Ran by ES (2016-02-24 10:29:02)
Running from C:\Users\ES\Downloads
Microsoft Windows 10 Pro Version 1511 (X86) (2015-12-10 13:41:17)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrador (S-1-5-21-1867245428-2212190316-3825727470-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1867245428-2212190316-3825727470-503 - Limited - Disabled)
ES (S-1-5-21-1867245428-2212190316-3825727470-1001 - Administrator - Enabled) => C:\Users\ES
HomeGroupUser$ (S-1-5-21-1867245428-2212190316-3825727470-1002 - Limited - Enabled)
Invitado (S-1-5-21-1867245428-2212190316-3825727470-501 - Limited - Disabled)
UpdatusUser (S-1-5-21-1867245428-2212190316-3825727470-1003 - Limited - Enabled) => C:\Users\UpdatusUser
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Flash Player 10 ActiveX (HKLM\...\{B7B3E9B3-FB14-4927-894B-E9124509AF5A}) (Version: 10.0.32.18 - Adobe Systems, Inc.)
Adobe Flash Player 20 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 20.0.0.306 - Adobe Systems Incorporated)
BufferChm (Version: 130.0.331.000 - Hewlett-Packard) Hidden
Camtasia Studio 7 (HKLM\...\{C0E8FE43-C35B-451D-B35F-D4BD056D70E7}) (Version: 7.1.1 - TechSmith Corporation)
Compatibility Pack für 2007 Office System (HKLM\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
D1500 (Version: 130.0.365.000 - Hewlett-Packard) Hidden
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
DeviceDiscovery (Version: 130.0.465.000 - Hewlett-Packard) Hidden
DJ_SF_03_D1500_Software_Min (Version: 130.0.365.000 - Hewlett-Packard) Hidden
Dropbox (HKLM\...\Dropbox) (Version: 3.14.7 - Dropbox, Inc.)
Dropbox Folder Sync addon (HKLM\...\{E0B7CA7A-98B0-4EF1-87F5-FF6B02DC06A9}_is1) (Version: 2.7 - Sowrabh & Satyadeep)
Dropbox Update Helper (Version: 1.3.27.77 - Dropbox, Inc.) Hidden
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version: - )
ExtremeCopy (HKLM\...\{23D6630B-7538-483B-8B27-6452AE3BA628}) (Version: 1.00.0000 - Easersoft)
GPBaseService2 (Version: 130.0.371.000 - Hewlett-Packard) Hidden
Hard Disk Low Level Format Tool 4.40 (HKLM\...\Hard Disk Low Level Format Tool_is1) (Version: - HDDGURU)
HMA! Pro VPN 2.8.24.0 (HKLM\...\HMA! Pro VPN) (Version: 2.8.24.0 - Privax Ltd)
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Deskjet D1500 Printer Driver Software 13.0 Rel. 3 (HKLM\...\{DB8B599D-2BD5-493C-ABC1-FEE980129D19}) (Version: 13.0 - HP)
HP ENVY 4500 series - Grundlegende Software für das Gerät (HKLM\...\{65314850-703E-4544-91CF-CB62131E28D2}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)
HP FWUpdateEDO2 (HKLM\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Photo Creations (HKLM\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Smart Web Printing 4.51 (HKLM\...\HP Smart Web Printing) (Version: 4.51 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Support Solutions Framework (HKLM\...\{8F1A441E-AD6D-4732-BD6A-F38D5F1D1E47}) (Version: 12.0.30.219 - Hewlett-Packard Company)
HP Update (HKLM\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (Version: 1.00.0001 - Microsoft) Hidden
HPPhotoGadget (Version: 130.0.282.000 - Hewlett-Packard) Hidden
HPProductAssistant (Version: 130.0.371.000 - Hewlett-Packard) Hidden
Java 8 Update 73 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218073F0}) (Version: 8.0.730.2 - Oracle Corporation)
Junk Mail filter update (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Kochbuch 2.6.4 (HKLM\...\Kochbuch_is1) (Version: 2.6.4 - Flo & Seb Engineering)
Kylook Sync for Outlook Addin 2.4.4 (HKLM\...\{AD0574C4-BDA0-4AF8-BAC6-323BA548B2BB}) (Version: 2.40.4000 - Kylook GmbH)
Malwarebytes Anti-Malware Version 2.2.0.1024 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
MarketResearch (Version: 130.0.374.000 - Hewlett-Packard) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM\...\{95140000-0081-0407-0000-0000000FF1CE}) (Version: 14.0.6123.5001 - Microsoft Corporation)
Microsoft Office Standard 2007 (HKLM\...\STANDARDR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft OneNote Home and Student 2016 - de-de (HKLM\...\OneNoteFreeRetail - de-de) (Version: 16.0.6568.2025 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.60724 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x86) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Language Pack - DEU) (Version: 10.0.60724 - Microsoft Corporation)
Mozilla Firefox 45.0 (x86 de) (HKLM\...\Mozilla Firefox 45.0 (x86 de)) (Version: 45.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 45.0.0.5895 - Mozilla)
MyPhoneExplorer (HKLM\...\MPE) (Version: 1.8.6 - F.J. Wechselberger)
NVIDIA 3D Vision Treiber 331.82 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 331.82 - NVIDIA Corporation)
NVIDIA Grafiktreiber 331.82 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 331.82 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.26.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.26.4 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.13.0725 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0725 - NVIDIA Corporation)
NVIDIA Virtual Audio 1.2.9 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.9 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (Version: 16.0.6528.1011 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.6528.1011 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (Version: 16.0.6528.1011 - Microsoft Corporation) Hidden
paint.net (HKLM\...\{DADC2AF6-DC9F-4BCF-BFCE-DCEC16EF507B}) (Version: 4.0.9 - dotPDN LLC)
Panel de control de NVIDIA 341.92 (Version: 341.92 - NVIDIA Corporation) Hidden
Paragon Partition Manager™ 2014 Free (HKLM\...\{47E5588F-C3A0-11DE-9857-005056C00008}) (Version: 90.00.0003 - Paragon Software)
PowerArchiver 2010 (HKLM\...\{F3B19B7C-0125-4044-85D3-D72364295CCA}) (Version: 11.63.12 - ConeXware, Inc.)
Q-plus Bridge 10 (HKLM\...\Q-plus Bridge 10) (Version: - )
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7634 - Realtek Semiconductor Corp.)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.51.0 - SAMSUNG Electronics Co., Ltd.)
SHIELD Streaming (Version: 1.6.53 - NVIDIA Corporation) Hidden
SmartWebPrinting (Version: 130.0.457.000 - Hewlett-Packard) Hidden
SolutionCenter (Version: 130.0.373.000 - Hewlett-Packard) Hidden
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Status (Version: 130.0.469.000 - Hewlett-Packard) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.19.1 - Synaptics Incorporated)
Toolbox (Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (Version: 130.0.422.000 - Hewlett-Packard) Hidden
UnloadSupport (Version: 11.0.0 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_STANDARDR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM\...\{90120000-001A-0407-0000-0000000FF1CE}_STANDARDR_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_STANDARDR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_STANDARDR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
WebReg (Version: 130.0.132.017 - Hewlett-Packard) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-1867245428-2212190316-3825727470-1001_Classes\CLSID\{49BBAA3C-C574-419E-8378-783C362E9C15}\InprocServer32 -> C:\Program Files\HP\Common\FWUpdateEDO2.dll (Hewlett-Packard Co.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {02D3F7F0-6EDC-46F2-BF67-070AD6658F4A} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {030E8311-6141-4C18-B3FD-19AA96B3C2F6} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {04E321E3-0141-4CAE-8219-997C219B497E} - System32\Tasks\gte3014 => C:\PROGRA~1\FAST-S~1\gte3014.exe <==== ATTENTION
Task: {05ABFBE0-9AC1-4323-A66F-70EC31F6D35A} - \RCMCAIDBF1 -> No File <==== ATTENTION
Task: {09185214-E58F-49B3-9718-5F5134B978B7} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {18739273-EC5A-4463-A50E-00150ED9CBBD} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {1CEDCEC5-6356-406E-99CA-E43447122DF5} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {280C32B4-BC64-472E-AA00-8CF96DE49CC2} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {29E27BA6-040B-4D47-B63B-04A95A0C6774} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {2DE35621-6141-4B65-9362-A32D4A79D14A} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {32D1C905-E04C-410D-A5B2-6E0F3FA4AC8F} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {34EAE6F1-88B9-447B-B16C-FA4E63C1698E} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {3A4B04BA-8A3A-4E99-A340-D2DBE0B8554B} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {3C23AA26-3AD0-48E8-85A5-A8AB6FF22E15} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-02-10] (Microsoft Corporation)
Task: {425AF687-7A73-44DD-95C6-A637144EB522} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-02-04] (Microsoft Corporation)
Task: {453038AD-0B4A-4B86-B099-3C505CD5511E} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {4BBC85C1-A5C1-4027-8B19-1BD45D1371E6} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {509E797C-58E4-4E09-99CF-B2A6E8BBC481} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-01-12] (Hewlett-Packard Company)
Task: {581B2914-F4CA-4AC4-98FC-F7ED70A4670A} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2016-02-12] (Adobe Systems Incorporated)
Task: {5CF7FAC9-43FB-4FB9-92B9-9341FBEB9AC0} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {5D121365-AE81-448B-911D-B5D714D702E0} - \Super Optimizer Schedule -> No File <==== ATTENTION
Task: {67198D53-CB2C-4631-BFC9-699943CE101E} - System32\Tasks\Games\UpdateCheck_S-1-5-21-1867245428-2212190316-3825727470-1001
Task: {6EF945AC-3DEC-4A1E-8FED-D942312EDFB9} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {77B68C8E-3605-44F1-8372-90CD76D0F92D} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {798CFD23-77BC-4700-B066-490F17F815D2} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {8576A135-928A-46CA-9E0D-DDCA26E330FB} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {875B83AE-0693-41EB-8395-0A613C3CE67D} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {88C2375C-CB6B-4372-B744-70414C6CFCF0} - System32\Tasks\ByteFence Scan => C:\Program Files\ByteFence\ByteFence.exe
Task: {8D0DE38A-BED6-40F4-B286-4BDE2791DDB2} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {8E99770E-AE9E-4601-B306-CC78E1B06CBC} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {977FF5F9-441C-4E07-A9CA-8EC870EC09CD} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-02-04] (Microsoft Corporation)
Task: {9CB42367-75C8-424A-A3DA-1FF0DA77ECD0} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {9E2D6B22-692C-4E23-99E2-F7B3ABAF241C} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {9F37512F-D003-4B0D-9716-F4EFCE8DB13F} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {A5C523DF-266B-4C1E-8205-BDCD611FF094} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {B0537A83-1E7C-4EF0-B82F-5FE949141574} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {B7C9F769-594B-4FD9-B96C-AC8EA6E24473} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files\Dropbox\Update\DropboxUpdate.exe [2016-01-16] (Dropbox, Inc.)
Task: {B8F06183-DCBF-4467-B60E-AC1FFCF49EAA} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe
Task: {B9B26F89-8F85-4C5E-ADB8-A37DC33C59DE} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {C0FF4EC1-E798-4159-8C42-932A65791212} - System32\Tasks\{5A1CB7D9-D066-4A98-B74D-617497213FCE} => pcalua.exe -a "C:\Program Files\HMA! Pro VPN\Uninstall.exe"
Task: {C321E8A1-2648-4194-860B-9FB332FE9232} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {C7A4106A-E62F-4E87-A966-872B5EC9BD3B} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {C97824D2-046A-493F-B3B8-1756DC4271DE} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\WINDOWS\ehome\ehrec.exe
Task: {CBE0BED0-D424-4316-9DCC-C98D32BC2708} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files\Dropbox\Update\DropboxUpdate.exe [2016-01-16] (Dropbox, Inc.)
Task: {D8111B21-A0CB-46BE-8311-587D3FC7D117} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {D932F5E0-7387-4773-AC5C-A066572FE14B} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {DCDCAD91-FA26-4996-AD8F-89B90F08725B} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {E5367C37-8B51-48DC-AD07-1D62A0836264} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {E98CF94E-9AA0-400E-9694-303504958AA2} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {EF765DB1-B9D5-49A8-9348-5653DCC34A1A} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {F5C22478-EB3C-4C38-BBCA-FDFE7BA609B3} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-01-06] (Hewlett-Packard)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\CQJOMPWUJPWVKXUA.job => C:\ProgramData\Service0561\Service0561.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files\Dropbox\Update\DropboxUpdate.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2015-10-30 06:44 - 2015-10-30 06:44 - 00149504 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2015-12-10 14:14 - 2015-10-13 17:47 - 00113840 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
2016-01-22 17:52 - 2016-02-04 05:26 - 00144576 _____ () C:\Program Files\Common Files\Microsoft Shared\ClickToRun\ApiClient.dll
2016-02-23 18:18 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2016-02-23 18:18 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2016-02-23 18:18 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
2016-02-23 18:18 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll
2016-02-23 18:18 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2015-12-10 14:01 - 2015-12-10 14:01 - 01859448 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-12-10 14:01 - 2015-12-10 14:01 - 01859448 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-01-21 21:52 - 2016-01-21 21:53 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2016-01-21 21:52 - 2016-01-21 21:53 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-01-21 21:52 - 2016-01-21 21:53 - 22330368 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2015-12-17 21:07 - 2015-12-07 05:11 - 00070656 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2015-12-17 21:07 - 2015-12-07 04:57 - 00316416 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-01-13 00:31 - 2016-01-05 02:23 - 05340672 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-01-13 00:31 - 2016-01-05 02:19 - 00471552 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-01-28 09:25 - 2016-01-16 06:06 - 02366464 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-01-28 09:25 - 2016-01-16 06:09 - 02656768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\ProgramData\TEMP:0B174FAE
AlternateDataStreams: C:\ProgramData\TEMP:B66E5745
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\S-1-5-21-1867245428-2212190316-3825727470-1001\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-1867245428-2212190316-3825727470-1001\...\webcompanion.com -> hxxp://webcompanion.com
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:04 - 2016-01-15 14:29 - 00002024 ____A C:\WINDOWS\system32\Drivers\etc\hosts
0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
0.0.0.0 media.opencandy.com
0.0.0.0 cdn.opencandy.com
0.0.0.0 tracking.opencandy.com
0.0.0.0 api.opencandy.com
0.0.0.0 api.recommendedsw.com
0.0.0.0 installer.betterinstaller.com
0.0.0.0 installer.filebulldog.com
0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
0.0.0.0 inno.bisrv.com
0.0.0.0 nsis.bisrv.com
0.0.0.0 cdn.file2desktop.com
0.0.0.0 cdn.goateastcach.us
0.0.0.0 cdn.guttastatdk.us
0.0.0.0 cdn.inskinmedia.com
0.0.0.0 cdn.insta.oibundles2.com
0.0.0.0 cdn.insta.playbryte.com
0.0.0.0 cdn.llogetfastcach.us
0.0.0.0 cdn.montiera.com
0.0.0.0 cdn.msdwnld.com
0.0.0.0 cdn.mypcbackup.com
0.0.0.0 cdn.ppdownload.com
0.0.0.0 cdn.riceateastcach.us
0.0.0.0 cdn.shyapotato.us
0.0.0.0 cdn.solimba.com
0.0.0.0 cdn.tuto4pc.com
0.0.0.0 cdn.appround.biz
0.0.0.0 cdn.bigspeedpro.com
0.0.0.0 cdn.bispd.com
There are 4 more lines.
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1867245428-2212190316-3825727470-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\ES\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\bg1.png
DNS Servers: 80.58.61.250 - 80.58.61.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\Services: HPSupportSolutionsFrameworkService => 2
MSCONFIG\Services: NvStreamSvc => 2
MSCONFIG\Services: nvsvc => 2
MSCONFIG\Services: nvUpdatusService => 2
MSCONFIG\Services: OpenVPNService => 3
MSCONFIG\Services: Stereo Service => 2
MSCONFIG\Services: SynTPEnhService => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk => C:\Windows\pss\Microsoft Office.lnk.CommonStartup
MSCONFIG\startupreg: avgnt => "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
MSCONFIG\startupreg: Dropbox => "C:\Program Files\Dropbox\Client\Dropbox.exe" /systemstartup
MSCONFIG\startupreg: HP ENVY 4500 series (NET) => "C:\Program Files\HP\HP ENVY 4500 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN55Q342HP05X4:NW" -scfn "HP ENVY 4500 series (NET)" -AutoStart 1
MSCONFIG\startupreg: HP Software Update => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: hpqSRMon => C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
MSCONFIG\startupreg: Nvtmru => "C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
MSCONFIG\startupreg: RtHDVCpl => RtHDVCpl.exe
MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: Skytel => Skytel.exe
MSCONFIG\startupreg: SynTPStart => C:\Program Files\Synaptics\SynTP\SynTPStart.exe
HKLM\...\StartupApproved\Run: => "SynTPEnh"
HKLM\...\StartupApproved\Run: => "Dropbox"
HKLM\...\StartupApproved\Run: => "SDTray"
HKLM\...\StartupApproved\Run: => "SunJavaUpdateSched"
HKU\S-1-5-21-1867245428-2212190316-3825727470-1001\...\StartupApproved\StartupFolder: => "An OneNote senden.lnk"
HKU\S-1-5-21-1867245428-2212190316-3825727470-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-1867245428-2212190316-3825727470-1001\...\StartupApproved\Run: => "SpybotPostWindows10UpgradeReInstall"
HKU\S-1-5-21-1867245428-2212190316-3825727470-1001\...\StartupApproved\Run: => "SUPERAntiSpyware"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-32bit] => (Allow) LPort=808
FirewallRules: [{878D0376-AAFD-49C5-BCEC-59D536E5D065}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{3899561B-70E9-427D-A283-9834889E5260}] => (Allow) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{CED344FE-6CE7-47BD-84E9-325B2466D1BD}] => (Allow) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{048BDEA8-53E3-47EF-BC37-34EF6B80327F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{6A371D0C-A1DA-4157-81E6-8C85C726FD2E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{EDEB89AC-713F-4ED4-94E3-620D16461B09}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{DD8774A4-6BC9-4855-ACAE-65D0CD175F47}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{C3FBE786-F560-4551-AC41-ACF685C34254}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{ACEEC36D-96F6-479B-AC38-CE177D246F47}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{8FD39CC7-FD43-46AA-8922-DAA15AD9BE48}C:\program files\myphoneexplorer\myphoneexplorer.exe] => (Allow) C:\program files\myphoneexplorer\myphoneexplorer.exe
FirewallRules: [UDP Query User{1DDB82A7-F75B-4884-B2EA-2BF83A085464}C:\program files\myphoneexplorer\myphoneexplorer.exe] => (Allow) C:\program files\myphoneexplorer\myphoneexplorer.exe
FirewallRules: [{BD757584-5237-475B-9925-A93728B3FF1A}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{D2690F28-4F27-4642-94FB-56B3CFD24A24}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{7F92F5A9-CAAD-47B1-8249-0B018D24C173}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{6E8518D4-C330-4461-9861-6114EB2A8624}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{D1457DF7-2FD9-4F13-A5F3-85044186DC2C}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{F0C8EDB6-A643-4382-AD38-099E137AEE07}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{AA8E40E6-360F-4292-86A9-9B69C6D37540}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [{B19A5B0D-6F51-474C-B105-CC47D02A40C8}] => (Allow) C:\Program Files\HP\hp software update\hpwucli.exe
FirewallRules: [{EB13E10C-B2E3-49C7-B567-80B702C2C04B}] => (Allow) C:\Program Files\HP\digital imaging\smart web printing\smartwebprintexe.exe
FirewallRules: [{398F2915-A41E-4637-BC99-C11EB6FBD58B}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{FB117515-837D-4265-92B2-40A3B5F8BC8A}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{0300D242-1824-466E-A199-01C59BDC4843}] => (Allow) C:\Program Files\HP\HP ENVY 4500 series\Bin\DeviceSetup.exe
FirewallRules: [{772E0335-9C24-422D-83CD-EF90D00E2A30}] => (Allow) LPort=5357
FirewallRules: [{7AD450D7-7199-4217-A6A2-1E44F20316AE}] => (Allow) C:\Program Files\HP\HP ENVY 4500 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{598D8397-D04A-47FD-87C1-19E93532E54A}] => (Allow) C:\Program Files\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{EB8A5DA3-F58E-4E21-9E62-BA6ECD418BCF}] => (Allow) LPort=2869
FirewallRules: [{9B9BC86C-0630-4AF8-9945-8411419E2C2C}] => (Allow) LPort=1900
FirewallRules: [{DD806805-B6D5-4B74-92EC-1425AB8D03F2}] => (Allow) C:\Program Files\Dropbox\Client\Dropbox.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
==================== Restore Points =========================
22-02-2016 00:25:15 Installed Paragon Partition Manager™ 2014 Free.
23-02-2016 10:44:28 Installed ExtremeCopy.
23-02-2016 19:12:30 JRT Pre-Junkware Removal
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (02/23/2016 07:12:49 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
Details:
AddLegacyDriverFiles: Unable to back up image of binary Protocolo de detección de nivel de vínculo de Microsoft.
System Error:
Acceso denegado.
.
Error: (02/23/2016 05:38:10 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: ES-PC)
Description: Das Paket „Microsoft.Windows.Photos_16.201.11370.0_x86__8wekyb3d8bbwe+App“ wurde beendet, da das Anhalten zu lange dauerte.
Error: (02/23/2016 10:44:40 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
Details:
AddLegacyDriverFiles: Unable to back up image of binary Protocolo de detección de nivel de vínculo de Microsoft.
System Error:
Acceso denegado.
.
Error: (02/23/2016 09:47:00 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ES-PC)
Description: Bei der Aktivierung der App „Microsoft.Messaging_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1“ ist folgender Fehler aufgetreten: -2147009280. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
Error: (02/22/2016 09:01:13 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
Details:
AddLegacyDriverFiles: Unable to back up image of binary Protocolo de detección de nivel de vínculo de Microsoft.
System Error:
Acceso denegado.
.
Error: (02/22/2016 09:01:10 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
Details:
AddLegacyDriverFiles: Unable to back up image of binary Protocolo de detección de nivel de vínculo de Microsoft.
System Error:
Acceso denegado.
.
Error: (02/22/2016 09:00:35 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
Details:
AddLegacyDriverFiles: Unable to back up image of binary Protocolo de detección de nivel de vínculo de Microsoft.
System Error:
Acceso denegado.
.
Error: (02/22/2016 12:20:35 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
Details:
AddLegacyDriverFiles: Unable to back up image of binary Protocolo de detección de nivel de vínculo de Microsoft.
System Error:
Acceso denegado.
.
Error: (02/22/2016 12:20:32 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
Details:
AddLegacyDriverFiles: Unable to back up image of binary Protocolo de detección de nivel de vínculo de Microsoft.
System Error:
Acceso denegado.
.
Error: (02/22/2016 12:18:12 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
Details:
AddLegacyDriverFiles: Unable to back up image of binary Protocolo de detección de nivel de vínculo de Microsoft.
System Error:
Acceso denegado.
.
System errors:
=============
Error: (02/24/2016 10:13:07 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "NetTcpActivator" ist vom Dienst "NetTcpPortSharing" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1058
Error: (02/24/2016 10:12:57 AM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 413) (User: NT AUTHORITY)
Description: Beim Start des Aufgabenplanungsdiensts konnten Aufgaben nicht geladen werden. Zusätzliche Daten: Fehlerwert: 2147942402.
Error: (02/24/2016 10:11:48 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Acceso a datos de usuarios_3a828" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Reiniciar el servicio.
Error: (02/24/2016 10:11:48 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Almacenamiento de datos de usuarios_3a828" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Reiniciar el servicio.
Error: (02/24/2016 10:11:48 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Datos de contactos_3a828" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Reiniciar el servicio.
Error: (02/24/2016 10:11:48 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Sincronizar host_3a828" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Reiniciar el servicio.
Error: (02/23/2016 07:13:28 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "NVIDIA Display Driver Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (02/23/2016 07:10:50 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "NetMsmqActivator" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (02/23/2016 07:10:50 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst NetMsmqActivator erreicht.
Error: (02/23/2016 07:10:50 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "NetPipeActivator" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
CodeIntegrity:
===================================
Date: 2016-02-22 23:46:20.857
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-02-22 21:40:41.005
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-02-22 11:31:23.631
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-02-21 01:36:10.269
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-02-20 09:48:44.216
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-02-20 00:01:52.367
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\LavasoftTcpService.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-02-20 00:01:52.288
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\LavasoftTcpService.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-02-11 21:47:04.673
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-02-10 22:24:51.273
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-02-09 22:53:09.464
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
==================== Memory info ===========================
Processor: Intel(R) Core(TM)2 Duo CPU P8400 @ 2.26GHz
Percentage of memory in use: 39%
Total physical RAM: 3066.73 MB
Available physical RAM: 1845.13 MB
Total Virtual: 6138.73 MB
Available Virtual: 4806.17 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:296.16 GB) (Free:179.38 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:0.48 GB) (Free:0.44 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: F188FF0C)
Partition 1: (Not Active) - (Size=1.5 GB) - (Type=05)
Partition 2: (Active) - (Size=296.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)
==================== End of Addition.txt ============================
--- --- --- |
Lesestoff:
AdwCleaner auf deinen Desktop.
FRST 32-Bit | FRST 64-Bit
Malwarebytes Anti-Malware 
SecurityCheck und: